gitlab-org/security-products/dast v2.0.7

on GitLab

Changes

• Upgrade Browserker to version 0.0.38 (!499)
  • Escape backslash characters when setting local/session storage browserker!281
  • Allow user to configure logging for Chrome Dev Tool interactions browserker!282
  • Fix a bug where network messages were coming in out of order browserker!280
  • Add an HTTP response caching mechanism on by default browserker!278
  • Allow user to configure disabling cache mechanism with --disablecache browserker!278
  • Update GCD to version 2.2.1 for supporting ChromeResponseErrors as go errors browserker!289
• Upgrade Browserker to version 0.0.39 (!499)
  • Incorporate GitLab vulnerability checks into Browserker for future parsing and execution browserker!290
  • Log vulnerability definitions that are not supported browserker!298
  • Add vulnerabilities[].confidence hardcoded to Medium to the secure report browserker!300
  • Allow user to log the GoRoutineID with each log message browserker!305
  • Add vulnerabilities[].cve to the secure report browserker!302
  • Add vulnerabilities[].evidence.request.url to the secure report browserker!304
  • Add vulnerabilities[].evidence.request.method to the secure report browserker!304
  • Add vulnerabilities[].evidence.request.headers.name to the secure report browserker!304
  • Add vulnerabilities[].evidence.request.headers.value to the secure report browserker!304
  • Add vulnerabilities[].evidence.response.reason_phrase to the secure report browserker!304
  • Add vulnerabilities[].evidence.response.status_code to the secure report browserker!304
  • Add vulnerabilities[].evidence.response.headers.name to the secure report browserker!304
  • Add vulnerabilities[].evidence.response.headers.value to the secure report browserker!304
  • Fix a bug where elements were not properly found due to document updates browserker!307
  • Allow users to configure which vulnerability checks run with OnlyIncludeChecks browserker!312
  • Fix a bug where DisableCache was not being read browserker!319
• Upgrade Browserker to version 0.0.40 (!499)
  • Add support for request_path in vulnerability checks uniqueBy.template browserker!318
  • Add version to the secure report browserker!328
  • Add vulnerabilities[].scanner.id to the secure report browserker!328
  • Add vulnerabilities[].scanner.name to the secure report browserker!328
  • Process HTTP messages when they are confirmed loaded by Chromium browserker!325
  • Added ng-click to the list of attributes to hash on for determining uniqueness in crawling browserker!329
  • Allow users to configure which element attributes should be used for determining uniqueness in crawling with CustomHashAttributes or command line --customhashattributes browserker!329
  • Upgrade GCD to version 2.2.3 browserker!331
  • Allow user to log the STDOUT and STDERR of the chromium process with LogChromiumProcessOutput browserker!331
  • Add vulnerabilities[].identifiers[].type to the secure report browserker!333
  • Add vulnerabilities[].identifiers[].name to the secure report browserker!333
  • Add vulnerabilities[].identifiers[].url to the secure report browserker!333
  • Add vulnerabilities[].identifiers[].value to the secure report browserker!333
• Users can configure the browser-based cache with DAST_BROWSER_CACHE (!499)
• Users can configure logging browser-based Chromium output with DAST_BROWSER_LOG_CHROMIUM_OUTPUT (!499)

Docker Images

• registry.gitlab.com/security-products/dast:2.0.7