- Improved test for WordPress OptimizePress Theme file upload vulnerability.
- The scanner will now indicate that a scan can take long time to complete, allowing the user to tweak the scan settings if needed.
- Various improvements to the Login Sequence Recorder
- Improved the test looking for possible form caching (look for missing “pragma: no-cache” header).
- It is now possible to use multiple input values for HTML inputs using the format: $(choice1,choice2). These can be configured from Configuration > Scan Settings > Input Fields.
- Speed improvements gained by streamlining the number of requests performed by some checks.
- Better handling of some uncommon HTTP status codes.
- The user-agent of the Login Sequence Recorder can now be configured to use the one configured in WVS (by default, it uses Internet Explorer)
- Directory Traversal script now provides better handling of Java Web Applications.
- Improved the calculation of the average response time during a scan
- Sites with a high response time were showing incorrect scan statistics.
- Fixed rewrite detection on nginx servers with phpfastcgi.
- Fixed some false positives in SQL Statement in comment.
- Better handling of very long VIEWSTATE strings.
- Improved handling of Windows based websites by providing better support for case insensitive filesystems
- Scan from HTTP Proxy log entry was not working correctly
- Fixed a crash caused by specific characters in the URL Encoded Post Data
- Fixed a false positive in Script_Source_Code_Disclosure.script
- Fixed some false positives in error messages.
- Web Services: fixed Out of Bounds error when importing invalid WSDLs.