Release Notes 2023.3.0

Data flow diagram visualization

The data flow diagram on the Vulnerability Details page has been enhanced by a visual representation of cross-project data flow steps. This high-level view also enables you to drill down into the code path, making it easier to capture and comprehend the sequence of data flow steps that results in a vulnerability.

Related Information: Explore a Vulnerability

Upload API specifications

Starting from ver. 2022.1.0, Seeker automatically collects OpenAPI specifications exposed by a tested application to perform Active Inspection of the endpoints, and displays the specifications on the Endpoint Risk dashboard.

As of this version, you can manually upload an API specification file for your application using the Seeker UI. This is helpful when no API specifications have been automatically collected or if you want Seeker to use another API specification.

Related Information: View and Explore Application APIs, Configure Endpoint Discovery

Usability improvements

The default aggregation rules have been revised to aggregate more vulnerabilities in cases where the same code is used by multiple endpoints.

Note: These defaults will automatically apply to new Seeker installations of this version, to newly created project templates, and to new projects that are not linked to project templates. Existing projects will not be affected in any way.
For existing project templates, you can reset the checkers for any template to the new defaults by clicking the new Reset to defaults button on the Analysis page.

You can fine-tune these rules as required for individual projects and checkers at any time.

Related Information: Configure Vulnerability Checkers
You can now access the existing vulnerabilities, matching the filters set for a notification rule, directly from the Notification Rules configuration page.
Related Information: Configure Notification Rules

Agents

The Seeker Agents have been enhanced with the following features:


Technologies	Features
Java	The Agent now supports applications that use Java Message Service (JMS) as their queuing service.
.NET Core	The Agent now supports tracking of unsafe data transmitted across projects over gRPC.
Java,.NET Core, .NET Framework	The Agents now support the following new sanitizer types: The HTTP_HEADER sanitizer type can be used for the HTTP Header Injection and HTTP Header Injection (Second-Order) checkers. The HTTP_COOKIE sanitizer type can be used for the Cookie Injection and HTTP Cookie (Second-Order) checkers.
Node.js	In the next release, the previously deprecated support for Node.js 10.x and 11.x by the Agent will be removed.
Go	Support for Go 1.20
Python	In addition to sanitizers, you can configure validators for the Agent.

Documentation

Seeker API reference is now available in the online version of the Administration Guide.
New articles have been added to the Troubleshooting Guide: