New
- CrawlConfig Option: Remove CSP. You can use the new CrawlConfig option, RemoveContentSecurityPolicy, to remove any content security policy defined in the header or response body.
- CWE References. We added CWE references for several modules.
Improved
- We upgraded the installed Selenium ChromeDriver to version 90.0.4430.24.
- We improved the SQL Injection attack regex.
- We updated the JavaScript Memory Leaks module description.
- We reclassified the Reflection module severity to informational.
Fixed
- We fixed an issue where content-type was ignored when declared in a Swagger document.
- We fixed an issue in the parameters framework. Previously, when a character was incorrectly escaped, the unescape process doubled the character.