gitlab-org/security-products/dast v4.0.18

on GitLab

Changes

• Enable browser-based active check 98.1 PHP Remote File Inclusion as an alpha attack (!835)
• Enable browser-based active check 917.1 and disable ZAP check 90025 (!832)
• Upgrade browserker to 1.0.19 (!834)
  • Implement active check 98.1 Improper control of filename browserker!1231
  • Upgrade vulnerability checks to version 1.0.61 browserker!1238
    • Update 552 checks to use modify_http_request and only attack GET requests dast-cwe-checks!228
    • Add http_request_method attack requirement dast-cwe-checks!228
    • Add requirements to the schema that determines when attacks should run dast-cwe-checks!228
    • Add update_path_filename request modification to the schema dast-cwe-checks!228
    • Add modify_http_request to the schema dast-cwe-checks!227
    • Add update_method and add_header request modifications to the schema dast-cwe-checks!227
    • Remove requirement for payloads and injections to be present in match_response_attack dast-cwe-checks!227
    • Remove requirement for injection_locations_policy to be present in attack dast-cwe-checks!227
    • Update 16.11 to use modify_http_request dast-cwe-checks!227
    • Update 1336.1 to use injection template without affixes for polyglot attack dast-cwe-checks!230
    • Remove redundant affixes property for attack definitions in the schema dast-cwe-checks!232
    • Update 89.1 and 1336.1 to align with new schema dast-cwe-checks!232
    • Update schema to require affixes if prefix or suffix is used in an injection template dast-cwe-checks!226

Docker Images

• registry.gitlab.com/security-products/dast:4.0.18