New
- Added TLS support. We added TLS 1.3 support.
Improved
- Added SNI support. OAuth now supports Subject Name/Issuer (SNI) based on authentication.
- Updated severity level. We changed the Content Security Policy header severity from informational to low.
- Updated findings limit. We increased the Out-of-Band Log4Shell JNDI injection module findings limit from 1 to 10.
- Improved Out-of-Band module. We improved the Out-of-Band Log4Shell JNDI injection module to reduce false positives.
Fixed
- Pop-ups are no longer causing an issue with HTTP authentication.
- Certificate importing by subject name, serial number, and issuer number now imports properly.
- The JavaScript Memory Leaks module no longer ignores single quotes.
- Certain local file vulnerabilities are now found.
- Token capture is now triggered on repeat logins.