MobSF/Mobile-Security-Framework-MobSF v4.3.2

on GitHub

v4.3.2 Changelog

• Features or Enhancements

  • Added support for user defined SSO Maintainer or Viewer role mapping
  • Dependency updates

• Security

  • Fixed Partial Denial of Service due to strict regex check in iOS report view URL
  • Fixed Local Privilege escalation due to leaked REST API key in web UI
  • Fixed Stored Cross-Site Scripting in iOS dynamic_analysis view via bundle id
  • Improved anti-SSRF checks and added extra checks in firebase and asset link check

• Bug Fixes

  • Bug fix in docker build poetry cache clean
  • Fix CI builds on mac
  • Fix frida server download proxy SSL verify configuration

What's Changed

• [SECURITY] Security update to fix vulnerabilities reported by Positive Technologies researchers by @ajinabraham in #2488
• Saml group mapping by @Antiksec in #2487
• March 25 QA by @ajinabraham in #2504
• [SECURITY] Improve SSRF checks, strict path check for well_known_path by @ajinabraham in #2510

New Contributors

• @Antiksec made their first contribution in #2487

Full Changelog: v4.3.0...v4.3.2