Here are descriptions of some of the more interesting or
significant changes made to Eclipse Memory Analyzer for the 1.11 release.
Enhancements and fixes
- The snapshot comparison queries have been enhanced to properly
compare trees as well as tables.
Also, a leak suspect report can be run on two snapshots to show possible memory leaks
using the difference between the two snapshots of the memory usage of objects and components.
- Memory Analyzer now has a configuration option to allow an attempt to analyse
huge heap dumps, bigger than Memory Analyzer could handle in previous version. It does this
by optionally discarding some objects from the heap dump while building the snapshot, with
the hope that the important objects have not been discarded.
- Stand-alone Eclipse Memory Analyzer is now based on Eclipse 2020-03 which
may give a slightly improved user interface compared to previous versions.
As a consequence, stand-alone Eclipse Memory Analyzer is only available for
the following platforms.
- Windows (x86_64)
- Mac OS X (Mac/Cocoa x86_64)
- Linux (x86_64/GTK+)
- Linux (PPC64LE/GTK+)
The macOS build is now signed and notarized.
Fix details
- Fix for 305154
Extend the programming model for MAT Queries - enable programming
of queries doing comparison
- Fix for 324970
Provide a mechanism to continue manual analysis from MAT's
automatic reports
- Fix for 330074
null returns from SnapshotImpl methods
- Fix for 347648
Retained size column is not compared
- Fix for 558593
Failing to write a report ZIP causes the report query to fail
- Fix for 561460
More comparison queries
- Fix for 561776
Improve handling of FINALIZABLE and UNFINALIZED
- Fix for 561976
Improve duplicate classes query
- Fix for 562926
Use simultaneous release repo for Hamcrest
- Fix for 562972
Tests more queries and improve collection queries
- Fix for 563960
Requested length of new long exceeds limit of 2,147,483,639
- Fix for 565502
Poor performance with bad hashing on HashMapIntObject
- Fix for 566282
Cannot install on latest MacOS version Catalina 10.15
- Fix for 566673
java.lang.ArrayIndexOutOfBoundsException in
GarbageCleaner.java
- Fix for 566917
Occasional poor performance with GZip HPROF
- Fix for 567048
Add detailed progress to group by value query
- Fix for 567070
Optimize progress monitor calculation
- Fix for 567256
Improve help and minor updates
- Fix for 567433
Update MAT version to 1.11.0
- Fix for 567564
Single query report
- Fix for 567917
Add some more network object name resolvers
- Fix for 568217
Better links for stack frame for thread overview
- Fix for 305152
Improvements to the displayed comparison results
- Fix for 346513
TextResult link with target=_blank doesn't work
- Fix for 537252
Cheatsheet fixes
- Fix for 560704
Class cast exception opening Path To GC Roots query
- Fix for 563793
Feature request: Add lock information to Thread Overview and Stacks
query
- Fix for 565962
Show the thread and stack frame holding the leaked objects
- Fix for 567414
Build standalone MAT packages with a newer Eclipse release
- Fix for 567533
Reports have a white background with dark theme
- Fix for 567758
Add Close to the left and right option to tabs
- Fix for 568352
Better JDT integration
Security fixes
Memory Analyzer 1.11 includes the security fixes first included in Memory Analyzer 1.9.2.
We highly recommend users of Eclipse Memory Analyzer version 1.9.1 or earlier to update to version 1.11.0 (or 1.10.0 or 1.9.2) or subsequent versions.
- CVE-2019-17634
- PROBLEMTYPE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- DESCRIPTION
- Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose to download, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present when a report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system when the report is opened in Memory Analyzer.
- CVE-2019-17635
- PROBLEMTYPE
- CWE-502: Deserialization of Untrusted Data
- DESCRIPTION
- Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.
New and Noteworthy for Memory Analyzer 1.10
The New and Noteworthy document for version 1.10 is available
here.