- Added auto-GraphQL attack after endpoint is detected.
- Added request wait filter for request wait handler.
NEW SECURITY CHECKS
- Added MongoDB Time-based (Blind) Injection.
- Added SQLite Boolean SQL Injection.
- Added MongoDB Error-based Injection.
- Updated the embedded browser.
- Updated the hardcoded scan policy for http://rest.testinvicti.com.
- Added the out-of-scope check for the target website content links.
- Updated the Check for VDB Update status and tooltip when users start the check for update.
- Updated Vulnerability Detection Logic in JWT engine.
- Updated Liferay portal signature and added a mapping for version conversion.
- Fixed the web security issue for the origin header problem.
- Fixed the sitemap bug that caused missing information when imported.
- Fixed the bug that threw an error when exporting as SQL script.
- Fixed the bug that threw an error, as HTTP Requester deletes the whole body part of the request which contains the login credentials.
- Fixed multiple headers highlighting for the same value.
- Fixed highlighting CSP Directives in different header issues.
- Fixed duplicate bearer tokens for some requests.
- Fixed the out-of-memory bug at the browser manager.
- Fixed the null reference exception on the custom script screen.
- Fixed the connection time-out issue caused by the RegEx engine.
- Fixed an issue that resulted in false positive Cross-site Scripting (DOM-based).
- Fixed the retest issue that displays zero requests in the repetitive retests.
- Fixed the bug that shows the previous version of VDB.
- Fixed parsable false attack patterns place.