New
- OpenAPI/Swagger. Added support for OpenAPI/Swagger multipart/form-data content type.
- Content Security Policy Header. Added
none
as a valid value for Content Security Policy Header frame-ancestors.
Improved
- Attack error description. We updated Credentials stored in clear text in a cookie attack error description.
- Attack description. We updated the X-XSS-Protection attack description.
- Search fields. We improved the way the engine interacts with search fields to reduce false positives. We reduced OS Commanding and SQL Injection search field false positives.
- Blind SQL Injection. We reduced Blind SQL injection false positives.
- Cross-Site Request Forgery (CSRF). We reduced Cross-Site Request Forgery (CSRF) false positives.
- Parameter Fuzzing severity. Changed Parameter Fuzzing severity from Medium to Informational.
Fixed
- We fixed an issue that was causing a Server Configuration false negative.