7.5.013 (released October 31, 2024)
New Attack features and enhancements
- HTTP Headers Module enhancement - A best practice check was added to verify that the
Referrer-Policyheader is correctly set. - X-Powered-By HTTP Header and Server Configuration Module enhancements - Resolved an issue that prevented the Severity from changing from Information to Low.
- Attacks Module enhancements - Added missing
CWE IDsto the following attack modules:[ Apache Struts 2, Apache Struts Detection, Autocomplete Check, Front Page Checks, HTTP User Agent Checks, JavaScript Checks, JSON Injection, JSON Web Token, Personal Sensitive Information, Privacy Check, Profanity, Reflection, Request Method Modification , Reverse Clickjacking, Subdomain, Web DAV, Web Service Parameter Tampering ]
New Crawling/Scanning features and enhancements
- Automated Login Finder (ALF) Enhancements
- Improved logged-in and login-fail detection.
- Improved the handling of 401 status codes.
- Improved dictionary handling in Chromium and aligned it with Chrome.
- General enhancements to outputs.
- Improved the
DOMContentLoadedchecks for Macro authentication playback. - Upgraded Selenium ChromeDriver to version 130.0.6723.69.