gitlab-org/security-products/dast v3.0.31

on GitLab

Changes

• Upgrade browserker to version 0.0.112 (!660)
  • Suppress errors when retrieving attributes from nodes that no longer exist on the DOM browserker!910
  • Improve accuracy when finding form elements on new DOMs browserker!907
  • Enable active check 611.1 External XML Entity Injection (XXE) browserker!879
  • Upgrade vulnerability checks to version 1.0.53 browserker!879
    • Update regular expression escaping in 611.1 dast-cwe-checks!198
  • Update dast-chromium to 22.04-105.0.5195.102-1 browserker!909
    • Update Ubuntu version to long-term release 22.04 dast-chromium!9
  • Standardize the way forms and other elements are matched when searching new DOMs browserker!901
  • Enable active check 113.1 Improper Neutralization of CRLF Sequences in HTTP Headers browserker!902
  • Enable active check 94.1 Server-side code injection (PHP) browserker!895
  • Check active scan timeout not reached before running next active check browserker!899
  • Check active scan timeout not reached within an active check browserker!905
  • Check active scan timeout not reached in web server gateway browserker!908
• Enable browser-based active check 611.1 External XML Entity Injection (XXE) (!660)
• Enable browser-based active check 94.1 Server-side code injection (PHP) (!660)
• Enable browser-based active check 113.1 Improper Neutralization of CRLF Sequences in HTTP Headers (!660)

Docker Images

• registry.gitlab.com/security-products/dast:3.0.31