Release Notes 2024.4.0

New features and enhancements in Seeker 2024.4.0

General Improvements

It is now possible to change the project version comparison strategy from alphanumeric to creation date. This is useful when project versions consist of unique identifiers (such as commit hashes) instead of incremental version strings.

For example: Previously a project version string of 1.10 would be recognized as a later version than 1.9, based on the conventional use of version numbering.

With the new comparison strategy enabled, a project with a version string “15475af“ created after a project with a version string “25475af“ would still be recognized as more recent, despite having a lower number, because of its later creation date.

Related Information: See step 7 on Configure Project Version Management

The maximum permitted length for project keys has been increased from 32 to 256 characters. While it is still advisable to user shorter project keys where possible, this enables users with longer unique identifiers for their projects to use those identifiers as Seeker project keys.

Usability Improvements

It is now possible to define views for project templates. This allows you to create a custom view for your organization that is shared by all projects inheriting from the template. Any future updates to the template project view will be reflected in that template’s projects.

Related Information: Configure Project Templates

Agents

The Seeker Agents have been enhanced with the following features.

Technologies

Features

Java The Java agent now supports Java version 22.
Java, .NET Core The deployment of Agents with AWS Lambda-based applications has been optimized by using the standard AWS Layer mechanism. The Connect Agent Wizard has been updated by the new instructions.
Java Active Verification can now verify or invalidate vulnerabilities originating from untrusted user data in cookies.
Node.js Express and Fastify regexes in path parameters are now treated as sanitizers by default. The types treated as sanitizers can be controlled by the environment variable SEEKER_AGENT_PATH_SANITIZERS. See Advanced Agent Settings
Python As of this release, the support for Python 3.6 by the Agent is deprecated and will be removed in a future release.
Python Active Verification can now verify or invalidate vulnerabilities originating from untrusted user data in JSON request bodies.

Checkers

The following vulnerability checkers have been added, enhanced, or changed:

Technologies

Name

New/Enhanced/Changed

Java

NoSQL Connection Parameter Pollution

NoSQL Connection Parameter Pollution (Second-Order)

New