gitlab-org/security-products/dast v2.17.0

on GitLab

Changes

• Sort browser-based detected vulnerabilities and ZAP detected vulnerabilities together (!572)
• Upgrade ZAP add-on Active scanner rules to 44.0.0 (!571)
• Upgrade ZAP add-on Automation Framework to 0.12.0 (!571)
• Upgrade ZAP add-on Call Home to 0.3.0 (!571)
• Upgrade ZAP add-on Common Library to 1.7.0 (!571)
• Upgrade ZAP add-on Fuzzer to 13.6.0 (!571)
• Upgrade ZAP add-on GraphQL Support to 0.8.0 (!571)
• Upgrade ZAP add-on Import files containing URLs to 9.0.0 (!571)
• Upgrade ZAP add-on Network to 0.1.0 (!571)
• Upgrade ZAP add-on OAST Support to 0.10.0 (!571)
• Upgrade ZAP add-on OpenAPI Support to 26.0.0 (!571)
• Upgrade ZAP add-on Passive scanner rules to 38.0.0 (!571)
• Upgrade ZAP add-on Report Generation to 0.12.0 (!571)
• Upgrade ZAP add-on Retire.js to 0.10.0 (!571)
• Upgrade ZAP add-on Save Raw Message to 7.0.0 (!571)
• Upgrade ZAP add-on Save XML Message to 0.3.0 (!571)
• Upgrade ZAP add-on Selenium to 15.7.0 (!571)
• Upgrade ZAP add-on SOAP Support to 13.0.0 (!571)
• Upgrade ZAP add-on Linux WebDrivers to 35.0.0 (!571)
• Upgrade Browserker to version 0.0.68 (!574)
  • Upgrade vulnerability checks to version 1.0.7 browserker!520
    • Update capitalization based matchers to use (?i) dast-cwe-checks!74
    • Add request_body_parameters to match_locations dast-cwe-checks!72
    • Add request_body_parameter_name to match_locations dast-cwe-checks!72
    • Add request_body_parameter_value to match_locations dast-cwe-checks!72
    • Field report_uniqueness.template is required in the CWE checks schema dast-cwe-checks!75
    • Add uniqueness template of request path to check 16.7 dast-cwe-checks!75
    • Add uniqueness template of request path to check 601.1 dast-cwe-checks!75
    • Add uniqueness template of request path to check 829.1 dast-cwe-checks!75
    • Add uniqueness template of request path to check 829.2 dast-cwe-checks!75
  • Restrict response_body matcher by disallowing more binary content types browserker!474
  • Allow user to configure the name of authentication cookies using Cookies in AuthDetails TOML browserker!509
  • Run passive checks for HTTP messages where there is no response browserker!517
• Upgrade Browserker to version 0.0.67 (!570)
  • Fetch cookies from all domains browserker!500
  • Add support for passive check 16.7 browserker!506
• Upgrade Browserker to version 0.0.66 (!568)
  • Upgrade vulnerability checks to version 1.0.6 browserker!501
    • Define the matcher logic for the 200.1 check dast-cwe-checks!73
  • Change Debian repository to snapshot.debian.org to pin libraries and versions for ubuntu images browserker!508
• Upgrade Browserker to version 0.0.65 (!568)
  • Add support for basic and digest authentication, configurable via AuthType: \"basic-digest\" in AuthDetails TOML browserker!481
  • Update Chromium to 98.0.4758.80-1 browserker!496
  • Parse matcher name when reading check definitions browserker!491
  • Use matcher name to generate uniqueness templates browserker!495
  • Upgrade vulnerability checks to version 1.0.5 browserker!467
    • Add uniqueness template using request path and private IP address to check 200.1 dast-cwe-checks!70
    • Add uniqueness template of request path to check 352.1 dast-cwe-checks!70
    • Remove requirements from check 1004.1 dast-cwe-checks!71
    • Update check 1004.1 to use has_authentication_cookie instead of requirements dast-cwe-checks!71
    • Update check 1004.1 to use authentication_cookie_attribute dast-cwe-checks!71

Docker Images

• registry.gitlab.com/security-products/dast:2.17.0