gitlab gitlab-org/security-products/dast v2.0.0
on GitLab

latest releases: v4.0.31, v4.0.30, v4.0.29...
2 years ago
Changes
  • Upgrade Browserker to version 0.0.33 (!465)
    • Add the PathToLoginForm navigations to the authentication report browserker!236
    • Redact the username and password from all logs browserker!239
    • The auth command saves the cookie report when cookie report path is configured browserker!242
    • User can configure browser viewport size browserker!241
    • Selectors use a name selector by default when the selector type is not set browserker!252
    • Update to Chromium browser 90.0.4430.212, fix for scans can sometimes fail to exit browserker!200
    • User can export the Chromium browser log browserker!251
    • Stability fixes for the browser resource pool browserker!251
    • Add support for GitLab Secure Report format generation using --secure-report browserker!244
  • Upgrade ZAP add-on Linux WebDrivers to 28.0.0 (!465)
  • Remove ZAP add-on MacOS WebDrivers as it is not used (!465)
  • Remove ZAP add-on Windows WebDrivers as it is not used (!465)
  • Replace DAST selenium-based authentication with browser-based authentication (!465)
  • Redact the logged password when using Browserker authentication (!465)
  • Update ChromeDriver to version 90.0.4430.24 to support Chromium 90 (!465)
  • Remove -n, -s, -p, -D, and --auth-display config options (!460)
  • Remove @generated, @version, site and spider fields from DAST report (!460)
  • Remove DAST_AUTH_EXCLUDE_URLS, AUTH_EXCLUDE_URLS, AUTH_URL, AUTH_USERNAME, AUTH_PASSWORD, AUTH_USERNAME_FIELD, AUTH_PASSWORD_FIELD, AUTH_SUBMIT_FIELD, AUTH_FIRST_SUBMIT_FIELD, AUTH_AUTO, and DAST_REQUEST_HEADER config options (!460)
  • Remove domain validation (!460)
  • Replace -T argument with --zap-max-connection-attempts and --passive-scan-max-wait-time (!460)
  • Replace Firefox with Chrome for ZAP Crawljax (!460)
  • Set DAST_SPIDER_START_AT_HOST default to false (!460)
  • Add environment variable alias DAST_AUTH_REPORT for DAST_BROWSER_AUTH_REPORT (!468)
  • Add environment variable alias DAST_AUTH_VERIFICATION_LOGIN_FORM for DAST_BROWSER_AUTH_VERIFICATION_LOGIN_FORM (!468)
  • Add environment variable alias DAST_AUTH_VERIFICATION_SELECTOR for DAST_BROWSER_AUTH_VERIFICATION_SELECTOR (!468)
  • Aggregate noisy vulnerabilities findings and report as a single finding (!466)
  • Show Browserker log output in real time (!465)
  • Users can configure the browser-based chrome debug log directory using DAST_CHROME_DEBUG_LOG_DIR (!469)
  • Users can configure the browser-based maximum accepted response size using DAST_MAX_RESPONSE_SIZE_MB (!469)
  • Upgrade Browserker to version 0.0.34 (!469)
    • Allow configuration of response body limit, defaulting to 10MB browserker!254
    • Selectors use a name or ID selector by default when the selector type is not set browserker!255
    • Allow user to set --proxy, --customheaders, and --customcookies via command line browserker!256
Check out latest releases or
releases around gitlab-org/security-products/dast v2.0.0

Don't miss a new dast release

NewReleases is sending notifications on new releases.

Get notifications