Changes
- Upgrade Browserker to version 0.0.33 (!465)
- Add the
PathToLoginForm
navigations to the authentication report browserker!236 - Redact the username and password from all logs browserker!239
- The
auth
command saves the cookie report when cookie report path is configured browserker!242 - User can configure browser viewport size browserker!241
- Selectors use a name selector by default when the selector type is not set browserker!252
- Update to Chromium browser 90.0.4430.212, fix for scans can sometimes fail to exit browserker!200
- User can export the Chromium browser log browserker!251
- Stability fixes for the browser resource pool browserker!251
- Add support for GitLab Secure Report format generation using
--secure-report
browserker!244
- Add the
- Upgrade ZAP add-on
Linux WebDrivers
to 28.0.0 (!465) - Remove ZAP add-on
MacOS WebDrivers
as it is not used (!465) - Remove ZAP add-on
Windows WebDrivers
as it is not used (!465) - Replace DAST selenium-based authentication with browser-based authentication (!465)
- Redact the logged password when using Browserker authentication (!465)
- Update ChromeDriver to version
90.0.4430.24
to support Chromium 90 (!465) - Remove
-n
,-s
,-p
,-D
, and--auth-display
config options (!460) - Remove
@generated
,@version
,site
andspider
fields from DAST report (!460) - Remove
DAST_AUTH_EXCLUDE_URLS
,AUTH_EXCLUDE_URLS
,AUTH_URL
,AUTH_USERNAME
,AUTH_PASSWORD
,AUTH_USERNAME_FIELD
,AUTH_PASSWORD_FIELD
,AUTH_SUBMIT_FIELD
,AUTH_FIRST_SUBMIT_FIELD
,AUTH_AUTO
, andDAST_REQUEST_HEADER
config options (!460) - Remove domain validation (!460)
- Replace
-T
argument with--zap-max-connection-attempts
and--passive-scan-max-wait-time
(!460) - Replace Firefox with Chrome for ZAP Crawljax (!460)
- Set
DAST_SPIDER_START_AT_HOST
default to false (!460) - Add environment variable alias
DAST_AUTH_REPORT
forDAST_BROWSER_AUTH_REPORT
(!468) - Add environment variable alias
DAST_AUTH_VERIFICATION_LOGIN_FORM
forDAST_BROWSER_AUTH_VERIFICATION_LOGIN_FORM
(!468) - Add environment variable alias
DAST_AUTH_VERIFICATION_SELECTOR
forDAST_BROWSER_AUTH_VERIFICATION_SELECTOR
(!468) - Aggregate noisy vulnerabilities findings and report as a single finding (!466)
- Show Browserker log output in real time (!465)
- Users can configure the browser-based chrome debug log directory using
DAST_CHROME_DEBUG_LOG_DIR
(!469) - Users can configure the browser-based maximum accepted response size using
DAST_MAX_RESPONSE_SIZE_MB
(!469) - Upgrade Browserker to version 0.0.34 (!469)
- Allow configuration of response body limit, defaulting to 10MB browserker!254
- Selectors use a name or ID selector by default when the selector type is not set browserker!255
- Allow user to set
--proxy
,--customheaders
, and--customcookies
via command line browserker!256