Added the ability to pull a PCI Report from the CloneSystem itself by using API endpoints
Added the option for customers to define a namespace for their HashiCorp integration
Enhanced reporting capabilities with more attributes available in .csv exports and the option to do a .csv export in more places in the UI
Added an option under New Scan Policy > Ignored Parameters to allow customers to set 'Cookie' as a type of ignored parameter
Added a setting for administrators to enable internal agents to get VDB updates from the WebApp to avoid routing and proxy issues
Added the option for administrators to hide sensitive data (passwords, tokens, session IDs, etc.) from the UI
Added functionality to the Dashboard so that you can drill down to view more information when clicking on the Severities and Securities Overview section
Added an option under General > Settings to require a password for edit access to custom scripts
Added an option under General > Settings to set a session timeout limit for all users
We now support AWS IAM Roles as an authentication method
NEW SECURITY CHECKS
Added new checks for the WordPress Login with Phone Number Plugin: CVE-2023-23492
Added new checks for the WordPress JupiterX Core Plugin: CVE-2023-38389, CVE-2023-38388
IMPROVEMENTS
Added support for custom authentication tokens without token type
Improved LFI attack patterns for better accuracy
Fixed some vulnerabilities in the Docker image
Stricter sensitive data rules
Improved bot detection bypass scenarios
Added a warning message when selecting or assigning the Team Administrator role
FIXES
Fixed a sensitive data issue when uploading a pre-request script
Fixed a bug that was preventing scheduling group scans using API
Fixed custom header values in scan profiles so that they are masked
Docker Cloud Stack check has been updated to reduce noise
SSL/TLS classification updated from CWE-311 to CWE-319
Fixed a bug in scheduling group scans with API
Removed 401 to 500 status code conversion for internal agent requests
Changed the IP range limitation for excluded IPs in Discovery Settings to fix the Invalid IP address error
Fixed an issue with scheduled scans not following the scan time window
Fixed the problem with scan failed logs not appearing in activity logs
Fixed the broken verify login and logout function in scan profiles
Updated the vulnerability severity ranking so that issues are correctly sent to integrated issue tracking systems
Changed the Active Issue count on the dashboard so that it is consistent with the number when you click on it
Fixed an issue with accessing a scan profile
Fixed an issue related to having multiple integrations with the same project but with different issue types
Fixed an issue in the 'Basic, Digest, NTLM/Kerberos, Negotiate Authentication' settings for scans
Fixed the Jira Server integration issue that was causing only some Jira users to display when configuring Jira Field Mappings
Fixed an incorrect timezone setting
Fixed a bug that was causing URL rewrite rules to not be included in the Export Knowledge Base report
Fixed a problem with the internal agent not sending a heartbeat to the web app when in archiving state
Fixed an issue with Jira-related integration information being removed from the issue history when a previous scan is deleted
Fixed an internal agent issue that was causing an exception when registering a vulnerability
Fixed an issue that was causing the Knowledgebase, Crawled URLs, and Scanned URLs to fail when there is no content
Fixed the missing mapping for Proxy Bypass On Local that was not saving when a scan policy was saved
Fixed a bug that was duplicating roles when a Team Administrator modified another Team Administrator direct role assignment
Fixed version information reported in Web App Fingerprint Vulnerabilities