gitlab-org/security-products/dast v2.26.0

on GitLab

Changes

• Upgrade Browserker to version 0.0.75 (!594)
  • Upgrade vulnerability checks to version 1.0.16 browserker!596
    • Update 1004.1 uniqueness template to fix incorrect variable from request_url to request_path dast-cwe-checks!103
  • Upgrade vulnerability checks to version 1.0.15 browserker!596
    • Add 16.8 Content-Security-Policy analysis dast-cwe-checks!101
    • Add 16.9 Content-Security-Policy-Report-Only analysis dast-cwe-checks!101
    • Add 16.10 Content-Security-Policy violations dast-cwe-checks!101
    • Update 1004.1 uniqueness template so that findings will be created for each request_url and request_method dast-cwe-checks!102
  • Upgrade vulnerability checks to version 1.0.14 browserker!581
    • Add 319.1 Mixed Content dast-cwe-checks!97
    • Update 829.1 uniqueness template so that findings will be created for each matching tag dast-cwe-checks!99
  • Matchers can return a non-applicable state to reduce false positives browserker!587
  • Add request_method placeholder to allow Findings to be created per request method browserker!594
  • Fix error where building HTTP messages from cached resources prints a warning to the log browserker!600
  • Fix error that caused a panic when persisting navigations captured during authentication browserker!601
  • User can configure LogRequestErrorReport to output a report containing missing DevTool events browserker!598
• Add DAST_BROWSER_LOG_REQUEST_ERROR_REPORT to allows users to output report containing requests that did not load correctly (!594)
• Reinstate check 614.1 as the false positive issue has been resolved (!595)

Docker Images

• registry.gitlab.com/security-products/dast:2.26.0