Release Notes 2022.11.0

New features and enhancements in Seeker 2022.11.0

Usability improvements

  • The new Namespace filter enables you to filter vulnerabilities by namespaces that appear anywhere in a stack trace. This can come in handy when you want to bulk-triage vulnerabilities, export and share results from a certain vendor, or automate workflows by defining notification rules using that filter.

    Related Information: Working with Vulnerabilities

  • You can now configure code exclusion and custom code not only for individual projects, but also for project templates.

    Related Information: Configure Project Templates

  • You can now search for projects in the project filter by either project name or project key.

PostgreSQL database upgrade

The PostgreSQL Seeker-managed database, which is shipped with Seeker, has been upgraded to PostgreSQL ver.14.5.

Seeker now supports user-managed PostgreSQL databases ver. 10 to 14.5.

Related Information: PostgreSQL Database Requirements, Upgrade server and PostgreSQL database on Kubernetes

Agents

The Seeker Agents have been enhanced with the following features:

Technologies Features
.NET Core, .NET Framework

New .NET Agent configuration settings for IIS on Windows systems.

You can now use the new serverUrl, homeDir, and tempDir configuration settings instead of the respective SEEKER_SERVER_URL, SEEKER_HOME_DIR, and SEEKER_TEMP_DIR environment variables in the dotnet-agent.config file.

You can configure these settings directly in the .NET Agent installer for IIS on Windows, or by passing them as arguments to the installer in the quiet mode.

We recommend using these settings to optimize and simplify the configuration and maintenance of Agents. The environment variables are still supported, should you wish to continue using them.

Related Information: Basic Agent Settings, Basic Location Settings
.NET Core, .NET Framework You can configure the Agents to start monitoring applications after a delay so as not to impact performance during application startup.

Should you need further guidance about configuring this option, please contact support.
Node.js The Node.js Agent now supports Node.js 19.
PHP The Data Flow Map now displays database information reported by the PHP Agent.
Python The Python Agent now supports Python 3.11.

Checkers

The following vulnerability checkers have been added, enhanced, or changed:

Technologies Name New/Enhanced/Changed
PHP Cross-Site Request Forgery (CSRF) New
Python

Local File Inclusion

Local File Inclusion (Second-Order)

 New
.NET Core, .NET Framework

Sensitive Information Saved Unencrypted

Sensitive Information Saved Unencrypted (Second-Order)

 Enhanced: the checkers now detect sensitive information that is saved to logs.
Node.js

JSON Web Token (JWT) Payload Contains Sensitive Information

JSON Web Token (JWT) Payload Contains Sensitive Information (Second-Order)

 Enhanced: the checkers now detect sensitive information in complex JSON structures.

Documentation

To improve the usability, the popular Agent Management Guide guide has been moved outside the Administration Guide to the top level, and is now accessible directly from the documentation home page.