Feb 24, 20227.4.038

New

  • Added TLS support. We added TLS 1.3 support.

Improved

  • Added SNI support. OAuth now supports Subject Name/Issuer (SNI) based on authentication.
  • Updated severity level. We changed the Content Security Policy header severity from informational to low.
  • Updated findings limit. We increased the Out-of-Band Log4Shell JNDI injection module findings limit from 1 to 10.
  • Improved Out-of-Band module. We improved the Out-of-Band Log4Shell JNDI injection module to reduce false positives.

Fixed

  • Pop-ups are no longer causing an issue with HTTP authentication.
  • Certificate importing by subject name, serial number, and issuer number now imports properly.
  • The JavaScript Memory Leaks module no longer ignores single quotes.
  • Certain local file vulnerabilities are now found.
  • Token capture is now triggered on repeat logins.