Improved
- We updated our session loss detection capabilities to execute SessionLossHeaderRegex on all response codes, not just 302 redirects.
- We improved our false positive detection and removal algorithm to reduce injection-based false positives, including those affecting the SQL injection attack modules.
- We updated our login macro playback algorithm to fix a playback failure that could occur with some sites.
Fixed
- We fixed a false positive affecting the File Inclusion Injection attack module.
- We fixed a false positive affecting the NoSQL Injection attack module.