New security checks
- Updated the WordPress plugin vulnerabilities.
- Added the AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758).
- Improved the out-of-band detection.
Improvements
- Added ability to send HTTP requests to pre-request scripts.
- Various DeepScan improvements, generally improving the processing of JavaScript-rich web applications.
- Updated the embedded Chromium browser to v108.0.5359.71.
- Implemented the scan id to limit the caching, such as file list and libraries, to a scan.
- Improved the performance of alert transmission for AcuSensor.
Fixes
- Fixed the MongoDB injection and removed JSON parsing from the feature extraction library to avoid scan crashes.
- Fixed the issue that sent bogus report because of inconsistent last scan id.
- Improved the Pre-request script to send an HTTP job.
- Fixed the formatting issue for vulnerabilities exported to GitHub Issues.
- Fixed the unhandled exception that the IAST Bridge throws.
- Fixed the business logic recorder issue that failed to replay the logic sequence recorder.
- Fixed the issue that the custom scripts folder was not created during the installation.
- Fixed the issue that failed to show the Chinese on some headings when switched to Chinese.
- Fixed the manual intervention required information box that began to appear in the notification bar instead of being displayed as a dialog box.
- Added cURL as a backup if NSLookup is not present.
- Fixed the Jira integration that failed to create the epic issues.
- Fixed the issue that long scan names overlap with the AcuSensor icon.
- Fixed the issue that the authorization bearer was not used throughout the scan.