22 Feb 2023
This update includes changes to the internal agents. The internal scan agent’s current version is 23.2.0. The internal authentication verifier agent’s current version is 23.2.0
New features
- Added the Maximum 404 Signatures field to scan policies.
- Added an option to exclude issues’ history from reports.
New security checks
- Added the JSON Web Tokens detected check.
- Added JWT Token Forgery through Kid by using static files.
Improvements
- Improved the JSON Web Tokens’ vulnerability logic.
- Updated JWT Token Forgery check condition.
- Updated embedded Chromium browser.
- Extended excluded header names with new headers.
- Improved the JWT Token Finder Regex in the JWT engine.
- Added the permission check to download reports.
- Added a parameter (ImportedLinks) for imported links to the /scanprofiles/new API endpoint.
- Improved the global dashboard performance.
- Added records limit to avoid Out-of-Memory exceptions on reports.
- Added the link scope check for the user-controllable cookie vulnerability.
- Improved the default browser settings to be reflected in the business logic recorder (BLR).
Fixes
- Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
- Fixed accessibility issue in the scan optimizer pop-up.
- Fixed special character problems in Crawled and Scanned URLs reports.
- Fixed “file in use error” while archiving scan logs.
- Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links.
- Fixed missing cookies for the JSON Web Tokens attack requests.
- Fixed the text parser extension issue that caused agents stuck.
- Fixed the vulnerability family issue that caused the Hawk not to detect issues.