Bugs Fixed
- We have fixed CWE-611, an XML External Entity Injection vulnerability in the InsightAppSec product. Special thanks to Dario Martins Silva for reporting this.
- We have fixed a bug which was causing a 500 error to be returned when attempting to generate a compliance report.
- We have fixed a bug that displayed vulnerability severity and status fields as editable for read only users.
- We have fixed a minor styling bug with attack variances in the vulnerability drawer.
- We have fixed a minor styling bug with HTML and PDF reports.
- We have fixed a bug that prevented scan logs from updating if a running scan failed.
- We have fixed a bug that disabled the authenticate button when attempting to rescan after a bootstrap failure.
- We have fixed a caching bug causing incorrect scan information to be displayed.
New Features and Enhancements
- Support for proxy connections has been added to the Jenkins plugin.
- We have upgraded the cloud engines to Version 7.2.118. See the engine release notes for more.
- We have added the ability to delete failed scans via the Failed filter on the Scans tab of an app.