v23.11.0.42665
-
16 Nov 2023
Release build 23.11.0.42665 includes several new features and security checks providing more functionality for our customers. As usual, there are also many other improvements, fixes, and under-the-hood enhancements.
This update includes changes to the internal agents. The internal scan agent’s current version is 23.11.0. The internal authentication verifier agent’s current version is 23.11.0.
New features
- Added the ability to pull a PCI Report from the CloneSystem itself by using API endpoints
- Added the option for customers to define a namespace for their HashiCorp integration
- Enhanced reporting capabilities with more attributes available in .csv exports and the option to do a .csv export in more places in the UI
- Added an option under New Scan Policy > Ignored Parameters to allow customers to set ‘Cookie’ as a type of ignored parameter
New security checks
- Added new checks for the WordPress Login with Phone Number Plugin: CVE-2023-23492
- Added new checks for the WordPress JupiterX Core Plugin: CVE-2023-38389, CVE-2023-38388
Improvements
- Added support for custom authentication tokens without token type
- Improved LFI attack patterns for better accuracy
- Fixed some vulnerabilities in the Docker image
- Stricter sensitive data rules
- Improved bot detection bypass scenarios
Fixes
- Fixed a sensitive data issue when uploading a pre-request script
- Fixed a bug that was preventing scheduling group scans using API
- Fixed custom header values in scan profiles so that they are masked
- Docker Cloud Stack check has been updated to reduce noise
- SSL/TLS classification updated from CWE-311 to CWE-319