v4.3.2

Latest

Latest

ajinabraham released this 29 Mar 17:57

4b8bab5

v4.3.2 Changelog

Features or Enhancements
- Added support for user defined SSO Maintainer or Viewer role mapping
- Dependency updates
Security
- Fixed Partial Denial of Service due to strict regex check in iOS report view URL
- Fixed Local Privilege escalation due to leaked REST API key in web UI
- Fixed Stored Cross-Site Scripting in iOS dynamic_analysis view via bundle id
- Improved anti-SSRF checks and added extra checks in firebase and asset link check
Bug Fixes
- Bug fix in docker build poetry cache clean
- Fix CI builds on mac
- Fix frida server download proxy SSL verify configuration

What's Changed

[SECURITY] Security update to fix vulnerabilities reported by Positive Technologies researchers by @ajinabraham in #2488
Saml group mapping by @Antiksec in #2487
March 25 QA by @ajinabraham in #2504
[SECURITY] Improve SSRF checks, strict path check for well_known_path by @ajinabraham in #2510

New Contributors

@Antiksec made their first contribution in #2487

Full Changelog: v4.3.0...v4.3.2

Contributors

ajinabraham and Antiksec

Assets 2