Release Notes 2024.9.0.
New features and enhancements in Seeker 2024.9.0
Usability Improvements
As of 2024.9.0, the Sanitizers configuration UI has been updated for Java users to make it easier to find and define methods from the application-under-test as customer sanitizers. In the previous version, it was necessary to specify the method manually as a JVM method descriptor. For example:
com/atlassian/html/encode/HtmlEncoder.encode(Ljava/lang/String;)Ljava/lang/String;
In this version, the user can search for a method called “encode” in the com.atlassian.html.encode package, and it will be presented with a list of matching methods to choose from. The conversion from the standard Java method signature to the underlying JVM method descriptor will be taken care of automatically.
Related information: Configure Sanitizers and Validators.
General Improvements
Seeker’s Role Based Access Control (RBAC) group names has been expanded to 256 characters, up from 64 characters in previous versions. In addition, it is now possible to use the period character “.” in group names.
Project statistics now include the number of triaged vulnerabilities. This statistic is included when exporting the list of projects as CSV, JSON, or XML from the Projects page and via the API (see the next section).API
The API endpoint /api/{ver}/projects/{key}/status now includes the number of triaged vulnerabilities in the specified project.
Agents
Technologies | Features |
Node.js | Optimized agent instrumentation mechanism to reduce overhead on application under test, enhancing performance and stability. |
Checkers
The following vulnerability checkers have been added, enhanced, or changed:
Technologies | Name | New/Enhanced/Changed |
Node.js | NoSQL Connection Parameter Pollution, NoSQL Connection Parameter Pollution Second-Order | New checker |