What's Changed
🎉 New Features
- Added per-host HTTP client pooling by @Mzack9999 in #7301
🐞 Bug Fixes
- Fixed handling in hosterrorscache to automatically skip hosts that consistently time out by @knakul853 in #7455
- Fixed preservation of explicit target port in network templates (fixes #7323) by @XananasX7 in #7465
- Fixed connection reuse and improved port pre-flight handling by @Mzack9999 in #6715
- Fixed code template signature validation before DAST loading by @dogancanbakir in #7472
- Fixed gating of MySQL allowAllFiles option to require
-lfaflag by @dogancanbakir in #7473 - Fixed ASCII-section regex to properly escape literal
.by @snicket2100 in #7476 - Fixed recording of decoded bytes for debug dumps by @snicket2100 in #7478
- Fixed proper escaping of dbname in lib/pq URLs by @dwisiswant0 in #7479
- Fixed network policy enforcement prior to LDAP dialing by @dwisiswant0 in #7494
- Fixed normalization and rejection of trace file DSN options in Oracle by @dwisiswant0 in #7480
- Fixed proper escaping of MSSQL database names in connection URLs by @dwisiswant0 in #7481
- Fixed krbforge to reject unsandboxed ccache writes by @dwisiswant0 in #7482
- Fixed rejection of request-condition(s) during fuzzing by @dwisiswant0 in #7466
- Fixed: YAML now correctly rejects recursive include chains by @dwisiswant0 in #7492
- Fixed resource leaks by @Mzack9999 in #7502
Other Changes
- Updated govaluate dependency to prevent slice-bounds panic on invalid UTF-8 input by @XananasX7 in #7464
- Updated goja dependency by @Mzack9999 in #7467
- Updated dependencies to remove unused packages by @dwisiswant0 in #7457
- Refactored templates to centralize opt-in capability gating by @dwisiswant0 in #7489
- Added fuzzing parser harnesses for raw requests and templates by @dwisiswant0 in #7459
- Refactored template rendering boundary by @dwisiswant0 in #7499
New Contributors
- @XananasX7 made their first contribution in #7465
- @snicket2100 made their first contribution in #7476
Full Changelog: v3.9.0...v3.10.0