7.5.010 (released June 10, 2024)
New
- R7Crawler logic. We added a retry logic for the R7Crawler if a health check failure is detected.
- Information Disclosure module payload. We added a new payload to the Information Disclosure module searching for the default naming of a CSRF token in ASP.NET.
Improved
- Selenium ChromeDriver. We upgraded our Selenium ChromeDriver to version 124.0.6367.91.
- Automated Login credentials. We improved the redaction of Automated Login credentials where the credentials contain double quotes.
- Sever type regex. We improved the regex for server type disclosures to reduce false positives.
- Time-Based BSQL attacks. We improved Time-Based BSQL attacks to help reduce false positives.
- Attack module severity. We reduced the severity of some of the Forced Browsing attack module findings.
Fixed
- We fixed an issue that led to an excessive amount of "client ID not found" logs. This issue was caused by the Scan Engine cutting off requests before all messages could be sent successfully.
- We fixed an issue in the OpenAPI Parser that caused scans to fail due to the Scan Engine's inability to parse
multipleStatementsExample
. - We fixed an issue that prevented some scans from loading in a timely manner.