New Features
- Added a test for Server-Side Template Injection vulnerability.
- Added tests for new WordPress (core and plugins) vulnerabilities.
- Added a test checking for Django Debug Mode
Improvements
- Improved CRLF injection/HTTP response splitting tests
- Improvements to the XSS testing script
- Updated Payment Card Industry (PCI) report to PCI 3.1
- Updated DISA Application Security and Development STIG report to V3R10
- LSR updated to support all SSL cipher suites
Bug Fixes
- Fixed a crash in WSDL scanner
- Various updates and fixes in the Login Sequence Recorder
- DeepScan blocks on a specific sites
- Fixed bug in Scan wizard
- Crash in Scan wizard when choosing a non-existent login sequence file name
- Crawler starturl was incorrectly set to http instead of https when importing from proxy log