Skip to Content
Release NotesInsightappsecIndex

Jan 30, 2025

This engine release includes enhancements to the BSQL Injection, File Inclusion and SSL Strength Modules. It also includes various R7Crawler and ChromeHost improvements.

7.5.015 (released January 30, 2025)

New Attack features and enhancements

  • BSQL Injection Module improvements through enhancements to the Time-Based BSQL attacks that help reduce false positives and provide clearer proof descriptions of returned findings
  • File Inclusion Module improvements for Java FileSystemException checks.
  • SSL Strength Module certification checks that reduce false positives by adding SNI(Server Name Indication).
  • Improved performance logging around disk space usage.
  • Improvements to Token Replacement logging when token replacement fails.
  • Updated the C++ Redistributable provided by the engine installer to address CVE-2024-43590.
  • Improvements to the scan engine log writers and regex handling to prevent badly formatted messages that could lead to crashes and longer-running scans.

New Crawling/Scanning features and enhancements

  • Improved r7Crawler service recovery:
    • Reduced the likelihood of race conditions when scans enter a stopping / stopped state.
    • Improved the handling and triggering of consecutive error limits when paused scans resume.
  • Improved ChromeHost DOM Loaded checks and event executions.
  • Upgraded Selenium ChromeDriver to version 132.0.6834.57.