Mar 18, 20223.8.231

New

  • New Discovered Issue values. The vulnerability types in the table on the Discovered Issues page are now displayed through the columns Module and Attack. Module replaces the old Type column and displays the name of the attack module used to discover the finding. Attack, a new column in the table, displays the specific attack used by the module to discover the finding. Since the Attack column is new, only new findings will be populated there.
  • UI update. A new button, Remove Admin Access, has been added to the System Admins page to allow administrative access to be removed from a System Admin account.
  • Added Log4Shell support. We added support for the attack module Log4Shell.

Improved

  • Improved mail configuration. Service no longer fails when encryption is used for connection and mail configuration if the pre-requisites are not fulfilled, and instead logs invalid configuration errors.
  • Updated UI attributes. The attack type attributes ‘HttpOnly’, ‘SameSite’, and ‘Secure’ now display under the new Attack column within the Finding table, and the ‘Cookie’ attribute is now displayed under the Module column.
  • Improved CSV findings. The names of exported findings in CSV files now display as a DELETED CONFIG if the configuration no longer exists.
  • Updated Scan Configuration. We updated the Scan Configuration to align with the recent 7.4x AppSpider engine releases.
  • Updated terminology. We updated the terminology of configuration parameters to be more inclusive.
  • Added checkbox. A checkbox has been added to the Upgrade page in the AppSpider Enterprise installer to allow users to enable a backup of the database. This eliminates the need to create a system environment variable in order to skip the backup.
  • Updated default browser. The default browser is now set to Chrome when Macro Authentication is selected in the scan configuration.

Fixed

  • Setting up a new client account no longer fails due to an issue with the password. Additionally, changing the password from the Profile section of AppSpider Enterprise no longer fails.
  • When a configuration is edited, the new ‘FrameworksCrawlConfig’ list now appears under CrawlConfig in the Advanced Options section.
  • Scans no longer overwrite previous changes made to the severity of a finding.
  • Timezones can no longer be changed if AppSpider Enterprise is going through AD/LDAP.
  • The AppSpider Enterprise installer no longer gets stuck when upgrading.
  • System events now appear on the System Events page. However, following an upgrade, a manual change is required in the NLog.config file. For more information on this, see our docs.
  • The Provisioner role no longer appears when configuring groups.
  • The sorting filter is now correctly working for the Module, Attack, and Severity columns on the View Vulnerabilities page.
  • Only vulnerabilities found by selected scans are able to be exported with the Export to CSV option on the View Vulnerabilities page.