7.5.012 (released September 26, 2024)
New Attack features and enhancements
- Information Disclosure Module enhancements - Improved a regex issue which was resulting in false negatives and added a PIN code check attack to the ScriptCheck module.
- Enhanced the XSS_DOM attacks - Resolved an issue with how the value is read from the scan config in the scan engine.
- Passive Attacks - Improved support for Passive Attacks during validation scanning.
- PCI - Improved PCI 4.0 report references
New Crawling/Scanning features and enhancements
- The maximum size for binary responses imposed by the network layer has been made configurable via
NetworkSettingsConfig. - Extended
NODE_OPTIONSpassed to the R7Crawler to allow support for legacy certificate encryption methods. - Prevent
onmouseoverevents being added to the R7Crawler event list as these are blocked by the Engine. - Improved the R7Crawler logging to ensure that captured errors are always returned, even if macro playback is not successful.
- Improved cookie handling to handle some scenarios which previously caused an error.
- Improved the remote bootstrap authentication flow which was failing when JavaScriptEngine was set to Chromium due to overly strict validation of configured logged in regex and header regex.
- Upgraded Selenium ChromeDriver to version 129.0.6668.58.
- Updated the version of CEFSharp used by the UI integrated browser to v96 or higher.