Release Notes 2022.12.0

New features and enhancements in Seeker 2022.12.0

Usability improvements

The Projects page has been redesigned to improve user experience by the following:

  • An ability to choose favorite projects by clicking the star icon next to a project name.
  • Additional project sorting options: activity, vulnerable component count, and endpoint coverage.
  • A custom option to choose favorite projects in the project filter.
  • The donut charts are now clickable and enable direct access to the corresponding details.
  • Additional Components and Endpoint Coverage donut charts.

The home page has been streamlined and enhanced by various usability improvements.

Related Information: Seeker Web UI, Working with Projects

General improvements

  • In the User Management page, administrators can now define first and last names for users. If LDAP/Active Directory integration is enabled, these properties will be automatically copied from LDAP user accounts.

    The first and last user names will now appear instead of the username in various UI locations.

    Related Information: Manage Users

  • It is now possible to connect to the Seeker server over the IPv6 protocol.
    Note:

    This works automatically for new installations starting from 2022.12.0. For existing installations, an explicit change in the nginx configuration is required.

    Related Information: IPv6 bindings

  • By default, the source code root directory for rapid static analysis scans is automatically determined by Seeker. If you want to run scans from a different root directory, you can specify it in the SEEKER_SOURCE_CODE_ROOT_DIR environment variable. This is currently supported by the Node.js Agent.

    Related Information: Advanced Location Settings

Agents

The Seeker Agents have been enhanced with the following features:

Technologies Features
All Sensitive data tracking has been extended to all supported HTTP source types, such as path and query parameters, or JSON payloads.
Java The Agent can now run active inspection of untested endpoints on ARM-based Macs.
.NET Core

The Agent now supports:

  • .NET 7.
  • gRPC, which enables cross-project data tracking for microservices applications.
Node.js The Agent now supports ECMAScript modules (ESM). The relevant instructions are available in the Connect New Agent wizard.
PHP The Agent now supports PHP 8.2.

Checkers

The following vulnerability checkers have been added, enhanced, or changed:

Technologies Name New/Enhanced/Changed
Java, .NET Core, .NET Framework, Node.js

Sensitive Data Exposed to Spellchecking Services (Based on Input Type)

Sensitive Data Exposed to Spellchecking Services (Based on Matchers)

 New
Java, .NET Core, .NET Framework, Node.js

Sensitive Data Stored in Browser Cache (Based on Matchers)

 Enhanced: The checker's accuracy has been improved by checking input tag values.
Java, .NET Core, .NET Framework, Node.js JSON Web Token (JWT) Claims Not Verified Enhanced: The checker's accuracy has been improved by checking runtime payload values.
Python

Remote File Inclusion

Remote File Inclusion (Second-Order)

 New
The following checkers have been renamed:
Previous name New name
JSON Web Token (JWT) Payload Contains Sensitive Information Sensitive Data in JSON Web Token (JWT) Payload
JSON Web Token (JWT) Payload Contains Sensitive Information (Second-Order) Sensitive Data in JSON Web Token (JWT) Payload (Second-Order)
Sensitive Information in Browser Cache Sensitive Data Stored in Browser Cache (Based on Input Type)
Sensitive Information Saved Unencrypted Sensitive Data Stored Unencrypted
Sensitive Information Saved Unencrypted (Second-Order) Sensitive Data Stored Unencrypted (Second-Order)
Sensitive Information Sent in URL Sensitive Data Sent in URL
User-Defined Sensitive Information Stored in Browser Cache Sensitive Data Stored in Browser Cache (Based on Matchers)
Weak Hash Algorithm Used with Sensitive Data Sensitive Data Used with Weak Hash Algorithm
Weak Hash Algorithm Used with Sensitive Data (Second-Order) Sensitive Data Used with Weak Hash Algorithm (Second-Order)
Note:
  • The new checker names will automatically appear in the existing vulnerabilities.
  • No need to upgrade the Agents. The older versions will now report detected vulnerabilities under their new names.