New
- Predictable Resource Location. We updated the Description and Recommendations for Predictable Resource Location where
info.php
is found.
Improved
- Selenium ChromeDriver. We upgraded Selenium ChromeDriver to version 111.0.5563.64.
- HTTP Strict Transport Security. Updated HTTP Strict Transport Security description and recommendations.
- Macro iframes. We improved macro iframes support.
- Configuration options. We added an option to configure the MSAL authority URL.
- Browser Cache directive. Browser Cache directive (web application performance) now targets API endpoints.
- Blind NoSQL. We reduced false positives with Blind NoSQL attack module.
- HTTP Headers. We reduced the HTTP Headers attack redundancy by deprecating HTTPHeadersCharset001.
- Command Injection. We renamed OS Commanding to Command Injection. We also improved the attack module by removing duplicates.
- Parameter Fuzzing. Reduced false positives in the Parameter Fuzzing module.
- Server Configuration. We updated the list of servers in the Server Configuration attack module.
Fixed
- We fixed an issue with GraphQL parsing.
- Interactions with check boxes and radio buttons now work as expected.
- JSON body values are now correctly replaced with token replacement.
- We fixed an issue that caused a false positive for the XPath Injection attack module.
- The HTTP Headers vulnerability severity is set correctly to ‘Informational’.
- The report generation directory is now set correctly.