Oct 31, 20227.4.047

New

  • OpenAPI/Swagger. Added support for OpenAPI/Swagger multipart/form-data content type.
  • Content Security Policy Header. Added none as a valid value for Content Security Policy Header frame-ancestors.

Improved

  • Attack error description. We updated Credentials stored in clear text in a cookie attack error description.
  • Attack description. We updated the X-XSS-Protection attack description.
  • Search fields. We improved the way the engine interacts with search fields to reduce false positives. We reduced OS Commanding and SQL Injection search field false positives.
  • Blind SQL Injection. We reduced Blind SQL injection false positives.
  • Cross-Site Request Forgery (CSRF). We reduced Cross-Site Request Forgery (CSRF) false positives.
  • Parameter Fuzzing severity. Changed Parameter Fuzzing severity from Medium to Informational.

Fixed

  • We fixed an issue that was causing a Server Configuration false negative.