What's New > Version 2021.12.02
Diffblue Unaffected by Log4j Vulnerability
Release date: Dec 17, 2021
Diffblue Unaffected by Log4j Vulnerability
Last week a new zero-day vulnerability in the widely-used Java component Log4j was reported which allows remote code execution. Diffblue Cover does not use the Log4j component and so is not affected by this vulnerability.
Diffblue Cover runs your Java code to write tests, but it does so within a security sandbox that blocks network traffic. For more information on this, please see our recent blog post.
Diffblue’s recommendations for Logback
A new Java logging library vulnerability was reported and fixed this week, in a component called Logback. This vulnerability is similar to the one in Log4j described above, but less severe because it is much harder to exploit.
Although Diffblue Cover is unaffected, we have upgraded to Logback 1.2.8 anyway. We recommend you also upgrade to Logback 1.2.8, and install the updated versions of both Cover and Cover Reports, shipped on Friday 17 December 2021. For more details, please see our blog post.
Last release for 2021
This is our last release for 2021, and we would like to wish you all a very happy and healthy New Year 2022. We will have our next release in January 2022.
New Developer Edition trial available
We are delighted to now offer a 14-day trial version of our Developer Edition, which includes the Diffblue Cover CLI, as part of our new licensing option. We’re really excited that you can now “try before you buy”! To download your trial of Diffblue Cover Developer Edition, please click here. Full information on all our options is also available here.
How do I automatically maintain all of these tests?
Use Diffblue Cover on any CI platform to automatically update your unit tests and catch regressions for every commit - watch this video to learn more.
Full Release Notes
Enhancements
-
Cover is now able to use specific factory methods via the custom inputs feature. Documentation for this feature can be found here. [Ref: TG-15437]
-
CLI: Cover’s release zip files now include both
dcover
(for macOS and Linux) anddcover.bat
(for Windows) launch scripts. Platform specific zip files are no longer distributed. [Ref: TG-16034] -
Cover now writes incomplete tests, which previously would have been discarded because of
R026
(Spring context failure), ifAllow writing tests that fail due to exceptions
is enabled in the plugin. [Ref: TG-15792] -
Cover now only shows the ‘Write Tests’ context menu option in the project explorer pane, when the selection contains methods to test. [Ref: TG-15393]
-
Cover’s Logback dependency has been updated to
1.2.8
. [Ref: TG-16165] -
Reports: Updated Logback dependency to
1.2.8
and Log4j transitive dependency to2.16.0
. [Ref: TG-16181]
Resolved Issues
-
CLI: Resolved an issue which caused Cover’s
--patch-only
mode to not detect changes in enums. [Ref: TG-16030] -
Resolved an issue which, in some circumstances, would cause
R024
(Out of resources) to be reported as the reason for not creating a test rather thanR005
(Unable to load class). [Ref: TG-15840] -
Reports: Resolved an issue which could cause errors seen during an upload to persist across subsequent upload attempts. [Ref: TG-16014]
Known Issues
-
The command
dcover clean --failing
does not work on Gradle projects. [Ref: TG-11707] -
IntelliJ Plugin:
Diffblue Cover was unable to create an index
error may appear if switching projects happens before Cover has finished indexing. [Ref: TG-13772]