gitlab-org/security-products/dast v4.0.17

on GitLab

Changes

• Enable browser-based active check 918.1 Server-Side Request Forgery as an alpha attack (!831)
• Upgrade browserker to 1.0.18 (!831)
  • Implement active check 918.1 Server-Side Request Forgery browserker!1230
  • Don't clean URL paths when finding request path injection locations browserker!1230
• Add Via: GitLab DAST header to target availability probe (!825)
• Upgrade browserker to 1.0.17 (!823)
  • Enable active check 89.1 SQL Injection browserker!1226
• Enable browser-based active check 89.1 SQL Injection as an alpha attack (!823)
• Upgrade browserker to 1.0.16 (!824)
  • Enable active check 917.1 Expression Language Injection browserker!1218
  • Upgrade vulnerability checks to version 1.0.60 browserker!1223
    • Update 89.1 and 917.1 check descriptions and remediations dast-cwe-checks!224
    • Add more payloads to 917.1 to cover more situations dast-cwe-checks!225

Docker Images

• registry.gitlab.com/security-products/dast:4.0.17