New Build of CAT.NET (Version - 1.1.1.9) – Please Upgrade

 Syed Aslam Basha here from the Information Security Tools team.

There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN (32 bit here and 64 bit here). We recommend *ALL* users upgrade to this latest release, a bug fix and minor improvements build. As well as some functional bugs we have updated the Encodings.xml file so that AntiXSS, Httputility, Httpserverutility and IOsec methods (now superseded but still in use) libraries will no longer produce false positives.

In Summary

Library	Method	Is it part of encodings.xml?
Anti-XSS	GetNormalizedHtml	Yes
Anti-XSS	GetSafeHtml	Yes
Anti-XSS	GetSafeHtmlFragment	Yes
Anti-XSS	HtmlAttributeEncode	Yes
Anti-XSS	HtmlEncode	Yes
Anti-XSS	JavaScriptEncode	No
Anti-XSS	UrlEncode	Yes
Anti-XSS	VisualBasicScriptEncode	No
Anti-XSS	XmlAttributeEncode	NO
Anti-XSS	XmlEncode	NO
IOSec	AsNumeric	No
IOSec	AsUrl	Yes
IOSec	EncodeHtml	Yes
IOSec	EncodeHtmlAttribute	NO
IOSec	EncodeXml	Yes
IOSec	EncodeXmlAttribute	Yes
IOSec	EncodeJs	No
IOSec	EncodeVbs	No
HttpUtility	HtmlAttributeEncode	Yes
HttpUtility	HtmlDecode	Yes
HttpUtility	HtmlEncode	Yes
HttpUtility	UrlDecode	Yes
HttpUtility	UrlDecodeToBytes	No
HttpUtility	UrlEncode	Yes
HttpUtility	UrlEncodeToBytes	No
HttpUtility	UrlEncodeUnicode	No
HttpUtility	UrlEncodeUnicodeToBytes	No
HttpUtility	UrlPathEncode	Yes
HttpServerUtility	HtmlDecode	Yes
HttpServerUtility	HtmlEncode	Yes
HttpServerUtility	UrlDecode	Yes
HttpServerUtility	UrlEncode	Yes
HttpServerUtility	UrlPathEncode	Yes
HttpServerUtility	UrlTokenDecode	No
HttpServerUtility	UrlTokenEncode	No

 A full list of changes can be found in the changelog in the new build.

-Syed Aslam Basha ( syedab@microsoft.com )

Microsoft Information Security Tools (IST) Team

Test Lead