This release includes security checks, improvements, and fixes. We added a security check for SAML, ASP.NET, and WordPress. We improved .NET IAST sensor and JWT secrets dictionary. We also fixed some bugs.
New security checks
- Added SAML anonymous assertion consumer service audit for XML external entity injection, XSLT, Server-side request forgery, and Cross-site scripting.
- Added a SAML signature audit to test attacks on signature verification.
- Added various checks for Content Security Policy misconfiguration.
- New security check for ASP.NET core development mode.
- Updated the WordPress core vulnerabilities.
- Updated the WordPress plugin vulnerabilities.
- Updated .NET IAST Sensor to detect a number of server-side configuration problems which may result in a security vulnerability.
- Improved the JSON payload tests.
- Updated JWT secrets dictionary.
- Fixed a bug in the PHP IAST sensor when reporting arrays to the scanner.
- Fixed the scan summary page that failed to show some of the results.
- Fixed issues in the UI Notifications causing them to be unactionable.
- Fixed a problem that caused the LSR to show the mobile version for some sites incorrectly.
- Fixed .NET sensor issue that returns the root applications (website’s root) files although the sensor is enabled for sub-application.
- Fixed the version information shown on the user interface after the update.
- Fixed the routing issue for .NET Framework ASP.NET Web API because of compatibility issues.
- Improved the login sequence recorder notification that informs users when the response max size limit is exceeded.
- Fixed issue with pagination on the vulnerabilities page.
- Fixed the crawler issue that the page becomes unresponsive when it contains many elements.