13 Oct 2022
This update includes changes to the internal agents. The internal scan agent’s current version is 2.0.2.154. The internal authentication verifier agent’s current version is 2.0.2.154.
NEW FEATURES
- Added auto-GraphQL attack after endpoint is detected.
NEW SECURITY CHECKS
- Added MongoDB Time-based (Blind) Injection.
- Added SQLite Boolean SQL Injection.
- Added MongoDB Error-based Injection.
IMPROVEMENTS
- Improved the Trend Matrix Report exporting to include the severity information as well.
- Improved the HashiCorp integration to authenticate with user tokens, too.
- Updated Vulnerability Detection Logic in the JWT engine.
- Improved the GraphQL scanning to include the separated comment lines in GraphQL files.
- Improved the Authentication Verifier Agent to work with self-signed SSL.
- Improved the Azure Pipeline Extension to generate a scan report on the release pipeline.
- Updated Liferay Portal signature & added a mapping for version conversion.
FIXES
- Fixed a bug that corrupts the header authentication credentials after updating the scheduled scan.
- Fixed the status information showing different data on the Discovered Webpages page.
- Fixed the Docker Agent build fail because of the compiler package.
- Fixed the Total Elapsed and Average Time values displaying 00:00:00 on the Scan Performance tab of the Technical Report.
- Fixed the time values displaying 00:00:00 on the Crawling Performance node of the Technical Report.
- Fixed the Authentication Verifier Agent’s time zone bug.
- Fixed the bug that duplicates the login page when users try to revalidate the login form.
- Fixed the bug on the user interface of ServiceNow Incident Management integration that caused issues with the On Hold status.
- Fixed the bug on the user interface of ServiceNow Incident Management integration that caused issues with the Closed status.
- Fixed the Single Sign-on – encryption certification issue.
- Fixed the web security issue for the origin header problem.
- Fixed the sitemap bug that caused missing information when imported.
- Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
- Fixed highlighting CSP Directives in different header issues.
- Fixed duplicate bearer tokens for some requests.
- Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
- Fixed the bug that shows the previous version of VDB.
- Fixed parseable false attack patterns place.