Skip to content

v0.24.0
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Feb 10:29
· 208 commits to main since this release
v0.24.0
493d922
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's Changed

  • docs: fix broken link in contribution guide by @elsapet in #188
  • test: improve helper.js for new invoker by @cfabianski in #189
  • feat: add script to write test files for V2 tests by @elsapet in #190
  • test: update snapshots for canary by @cfabianski in #191
  • feat(java): add bad hex conversion rule (CWE-704) by @elsapet in #192
  • feat(java): blowfish key size rule (CWE-326) by @elsapet in #193
  • feat(java): add dangerous permissions rule (CWE-269) by @elsapet in #198
  • feat(java): add ECB cipher mode rule (CWE-327) by @elsapet in #199
  • feat(java): custom MessageDigest class (CWE-327) by @elsapet in #196
  • feat(java): add EL injection rule (CWE-917) by @elsapet in #200
  • fix: improve test helper script by @elsapet in #201
  • feat(java): add SQL external config rule (CWE-15) by @elsapet in #202
  • feat(jave): add CRLF injection rule (CWE-93) by @elsapet in #195
  • feat(java): add file upload filename rule (CWE-73) by @elsapet in #203
  • fix(java): clean up EL injection rule by @elsapet in #204
  • feat(java): format string manipulation rule (CWE-134) by @elsapet in #205
  • fix(java): hardcoded database secret rule by @elsapet in #207
  • feat(java): empty database password rule (CWE-306) by @elsapet in #208
  • feat(java): HTTP Param Pollution (CWE-88) by @elsapet in #211
  • feat(java): extend HTTP response splitting rule by @elsapet in #209
  • chore: improve writing rules by @cfabianski in #212
  • feat(java): add hardcoded secret rule (CWE-798) by @elsapet in #206
  • feat(java): extend insecure cookie rules by @elsapet in #213
  • feat(java): add missing SMTP SSL host check rule (CWE-297) by @elsapet in #216
  • fix: inverted rule description by @gmontard in #214
  • fix: multiple CWEs for Java EL injection rule by @elsapet in #221
  • fix: incorrect CWE for Java file upload filename rule by @elsapet in #222
  • feat(java): code injection rule (CWE-94) by @elsapet in #224
  • feat(java): add insecure allow origin rule (CWE-942) by @elsapet in #220
  • feat: bulk update script by @gotbadger in #226
  • fix: remove rule from rule name by @elsapet in #225
  • feat(java/android): add screenshot prevention rule (CWE-200) by @elsapet in #228
  • feat(java/android): add world readable/writeable rule (CWE-276) by @elsapet in #229
  • feat(java): missing TLS validation by @elsapet in #230
  • chore: bulk update cwe and desc by @gotbadger in #227
  • fix: split cookie rules by @elsapet in #219
  • fix: tighten java format string rule by @elsapet in #232

New Contributors

Full Changelog: v0.23.6...v0.24.0

Contributors

cfabianski, gmontard, and 2 other contributors
Assets 8
Loading