13-Oct-2021

This update includes changes to Internal Agents. The internal agent’s current version is 2.0.2.125.

IMPROVEMENTS

• Added a new security check to identify version disclosure and out-of-date version for Atlassian Confluence CVE-2021-26084.

FIXES

• Fixed a bug that results in missing HTTP headers of target URL when added with imported links.
• Fixed an issue that causes proof creation for SQL injection and Cross-site Scripting even if the proof generation is disabled.
• Fixed an issue that prevents cookie's same site attribute from being updated which causes "same-site cookie is not implemented" vulnerability to be reported.
• Fixed a JSON Web Token (JWT) validation check that causes too many invalid token errors when using Bearer Authentication Tokens in the form authentication.
• Fixed an issue where host and path parameters in Postman collection were not imported when they are string instead of an array.
• Fixed a bug that returns 401 when the scanner sends HTTP headers in lowercase.
• Fixed a bug about cookie handling in the logout detection page during the form authentication verification.
• [INTERNAL AGENTS] Fixed a bug that results in slow response time from the web application to the agent that causes inconsistent vulnerability reports in the Blind SQL Injection.