What's New with Mobb

Discover recently released features, news and product announcements!

June 4, 2024

  • UI Update - Project Settings: This capability provides additional granularity for setting user permissions on a per-project basis. To see more details, click here.

  • New documentation page: Mobb GitHub Fixer for CxOne

  • New stable fixes released:

    • Arbitrary File Write via Archive Extraction (Zip Slip) for Java (Snyk)

    • Arbitrary File Write via Archive Extraction (Zip Slip) for C# (Snyk)

    • Arbitrary file access during archive extraction (Zip Slip) for Java (CodeQL)

    • Arbitrary file access during archive extraction (Zip Slip) for C# (CodeQL)

    • Path Manipulation: Zip Entry Overwrite (Zip Slip) for Java (Fortify)

    • Path Manipulation: Zip Entry Overwrite (Zip Slip) for C# (Fortify)

    • Hard-coded credentials (Hardcoded Secrets) for JavaScript (CodeQL)

    • Value_Shadowing (Value Shadowing) for C# (Checkmarx)

    • Use_of_Insufficiently_Random_Values (Insecure Randomness) for C# (Checkmarx)

    • Use of Insufficiently Random Values (Insecure Randomness) for C# (Snyk)

    • Insecure Randomness for C# (CodeQL)

    • Insecure Randomness for C# (Fortify)

May 20, 2024

  • Mobb Fixer for Checkmarx One GitHub Integration is now available. This integration monitors for `Checkmarx comments in a PR and generates a Mobb Fixer comment in the same PR. Click here for more details.

  • UI Update: Hovering over an issue name will display the original issue name from the SAST provider. Click here for more details.

  • New stable fixes released:

    • HttpOnlyCookies for C# (Checkmarx)

    • Trust Boundary Violation for C# (Fortify)

    • Privacy Violation for Java (Fortify)

May 7, 2024

  • UI Update: Hovering over the (!) tooltip next to the text "Available Fixes" on the Fix Report page will display the number of issues fixed compared to the total issues found in the vulnerability report. Click here for more details.

  • New stable fixes released:

    • Just One of Equals() and GetHashCode() Defined for C# (Fortify)

    • Missing equals or hashcode method for C# (Checkmarx)

    • WCF Misconfiguration: Throttling Not Enabled for C# (Fortify)

    • WCF Misconfiguration: Insufficient Logging for C# (Fortify)

    • Incomplete regular expression for hostnames for JavaScript (CodeQL)

    • Overly permissive regular expression range for JavaScript (CodeQL)

April 29, 2024

  • Mobb Broker is now released. Mobb Broker allows users to connect their Mobb organization to self-hosted source code repositories that are not publicly accessible from the internet. Please contact us to learn more.

  • New feature: Project pages now include a "Language" column that contains information about the languages present in the project.

  • New feature: All previously committed fixes now include a "Link to commit".

  • New feature: All fixes now contain a "Fix Info" tab, which contains additional info about the issue as well as fix instructions for the issue type.

  • A new integration guide has been added for Atlassian Bamboo along with a sample integration YAML

  • New stable fixes released:

    • Header Manipulation for C# (Fortify)

    • Password in Comment for XML (Fortify)

    • Server-Side Request Forgery for JavaScript (Checkmarx)

    Click here to see all currently supported fixes

April 18, 2024

  • New stable fixes released:

    • Prototype Pollution for JavaScript

    • Insecure Cookie for C#

    • Cookie is not HttpOnly for C#

    • Locale Dependent Comparison for Java

    • Race Condition Format Flaw for Java

    • Server-Side Request Forgery for C#

    • Regular Expression Injection for Java

    • XSS for Java

    • Poor Error Handling: Overly Broad Catch for Java

    • Non-final Public Static Field for Java

    • Missing HSTS Header for JavaScript

    • Dead Code: Unused Field for Java

March 19, 2024

  • New stable fixes released:

    • Insecure Randomness for Javascript

    • SQL Injection for Javascript

    • Command Injection for Javascript

    • Hardcoded Secrets in Javascript

    • Deprecated Function in Javascript

    • Null Dereference for C#

    • Trust Boundary Violations for C#

March 4, 2024

  • Dashboard with ROI Calculator and Fix Management capabilities released. To see more details, click here.

    • The ROI Calculator identifies the total savings in cost and time from all automatic fixes

    • Fix Management dashboard identifies the most effective fixes available across all your projects

Feb 26, 2024

  • New stable fixes released:

    • Path Traversal for JavaScript

    • Error Condition Without Action for Java

    • HTML Comment in JSP for Java

    • Default Definer Rights in Package or Object Definition for SQL

    • Improper Exception Handling for C#

    • Improper Resource Shutdown or Release for C#

Feb 7, 2024

  • New stable fixes released:

    • jQuery Deprecated Symbols for JavaScript

    • Missing iframe Sandbox for JavaScript

    • Unsafe Target Blank for JavaScript

    • Missing Anti-forgery Validation for C#

    • Insecure Binder Configuration for C#

    • Overly Broad Catch for C#

January 29, 2024

  • New stable fix released:

    • Missing Check Against Null for Java

  • Added support for Azure Repo - Mobb can now automatically retrieve source code from Azure Repo and commit directly back to an Azure Repo once a fix is ready.

January 26, 2024

  • New stable fix released:

    • Regex Injection for Java added

January 22, 2024

Jan 15, 2024

  • New stable fix released:

    • Trust Boundary Violations added

    • Log Forging for Snyk and Fortify added

January 9, 2024

December, 2023

May, 2022

  • Bugsy launched. Bugsy is a command-line interface (CLI) tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Click here to learn more.

Last updated