2010-03-30 21:23:09 +00:00
|
|
|
Version 1.27b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Tweak to CFLAGS ordering to always enforce FORTIFY_SOURCE.
|
|
|
|
|
|
|
|
- Man page added.
|
|
|
|
|
2010-03-26 13:39:20 +00:00
|
|
|
Version 1.26b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- phtml added to the dictionary.
|
|
|
|
|
|
|
|
- Yet another workaround for MALLOC_CHECK_. Grr.
|
|
|
|
|
2010-03-25 04:34:36 +00:00
|
|
|
Version 1.25b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-26 13:39:20 +00:00
|
|
|
- A limit on the number of identically named path elements added. This
|
|
|
|
is a last-resort check against endless recursion (e.g., for 'subdir'
|
|
|
|
-> '.' symlinks).
|
2010-03-25 04:34:36 +00:00
|
|
|
|
2010-03-25 04:33:41 +00:00
|
|
|
Version 1.24b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- XSS detection now accounts for commented out text.
|
|
|
|
|
2010-03-25 04:32:32 +00:00
|
|
|
Version 1.23b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- A minor improvement to XHTML detection.
|
|
|
|
|
|
|
|
- HTML vs XHTML mismatches no longer trigger a warning.
|
|
|
|
|
2010-03-25 04:31:24 +00:00
|
|
|
Version 1.22b:
|
2010-03-25 04:27:38 +00:00
|
|
|
--------------
|
|
|
|
|
|
|
|
- URL parser now accounts for its own \.\ injection pattern.
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
Version 1.19b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- New ODBC POI added.
|
|
|
|
|
|
|
|
- Apache config file detection tightened up.
|
|
|
|
|
2010-03-24 12:35:25 +00:00
|
|
|
Version 1.18b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Fix a potential NULL ptr deref with malformed Set-Cookie.
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Another last-resort HTML detection pattern added.
|
|
|
|
|
2010-03-24 02:31:19 +00:00
|
|
|
Version 1.17b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- JS detector refined not to trigger on certain text/plain inputs.
|
|
|
|
|
2010-03-23 23:54:33 +00:00
|
|
|
Version 1.16b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Fixed a typo introduced in 1.16 to index.html (d'oh).
|
|
|
|
|
2010-03-26 13:39:20 +00:00
|
|
|
- Further refinements to Makefile CFLAGS / LIBS / LDFLAGS to keep package
|
|
|
|
maintainers happy.
|
2010-03-23 23:54:33 +00:00
|
|
|
|
2010-03-23 23:53:18 +00:00
|
|
|
Version 1.15b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Better documentation on why certain issues are not reported by skipfish.
|
2010-03-23 23:53:18 +00:00
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Another minor tweak to improve path mapping detection logic.
|
2010-03-23 23:53:18 +00:00
|
|
|
|
2010-03-23 19:04:21 +00:00
|
|
|
Version 1.14b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Several new wordlist entries, courtesy of Glastopf Honeypot:
|
|
|
|
http://glastopf.org/index.php
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- A tweak to path mapping detection logic to detect certain path mappings
|
|
|
|
that may result in crawl loops.
|
2010-03-23 19:04:21 +00:00
|
|
|
|
|
|
|
- Makefile now honors external LDFLAGS, CFLAGS.
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Some more documentation tweaks and rewrites.
|
2010-03-23 19:04:21 +00:00
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- PUT detection logic added.
|
2010-03-23 19:04:21 +00:00
|
|
|
|
2010-03-23 13:58:39 +00:00
|
|
|
Version 1.13b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Improved password, file form detection slightly.
|
2010-03-23 13:58:39 +00:00
|
|
|
|
2010-03-23 13:56:13 +00:00
|
|
|
Version 1.12b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Improved visibility of the KnownIssues page (reports, Makefile).
|
|
|
|
|
|
|
|
- The location of assets/ directory is now configurable.
|
|
|
|
|
2010-03-23 00:52:55 +00:00
|
|
|
Version 1.11b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- SIGWINCH support: you can now cleanly resize your window while scanning.
|
2010-03-23 00:52:55 +00:00
|
|
|
|
|
|
|
- Typo in report category name fixed.
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Terminal color fix (for users with non-standard color themes).
|
2010-03-23 00:52:55 +00:00
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Corrected icons license (GPL -> LGPL).
|
2010-03-23 00:52:55 +00:00
|
|
|
|
|
|
|
- Fixed a typo in -b ffox headers.
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Fixed a potential NULL ptr deref when doing form parsing.
|
2010-03-23 00:52:55 +00:00
|
|
|
|
2010-03-22 14:05:10 +00:00
|
|
|
Version 1.10b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Fix to extensions-only.wl (some bad keywords removed).
|
2010-03-22 14:05:10 +00:00
|
|
|
|
2010-03-22 00:11:57 +00:00
|
|
|
Version 1.09b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Fix for a potential NULL ptr deref in probabilistic scan mode (<100%).
|
2010-03-22 00:11:57 +00:00
|
|
|
|
2010-03-22 00:09:10 +00:00
|
|
|
Version 1.08b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- A minor improvement to XHTML / XML detection.
|
|
|
|
|
2010-03-22 00:07:06 +00:00
|
|
|
Version 1.07b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Several build fixes for FreeBSD, MacOS X (-I, -L paths).
|
2010-03-22 00:07:06 +00:00
|
|
|
|
2010-03-21 23:59:55 +00:00
|
|
|
Version 1.06b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Minor documentation updates, typos fixed, etc.
|
2010-03-21 23:59:55 +00:00
|
|
|
|
2010-03-20 15:57:35 +00:00
|
|
|
Version 1.05b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- A more robust workaround for FORTIFY_SOURCE (MacOS X).
|
2010-03-20 15:57:35 +00:00
|
|
|
|
2010-03-20 15:54:06 +00:00
|
|
|
Version 1.04b:
|
2010-03-20 15:49:23 +00:00
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Workaround for *BSD systems with malloc J or Z options set by default
|
|
|
|
(0x5a5a5a5a deref after realloc()).
|
2010-03-20 15:49:23 +00:00
|
|
|
|
2010-03-20 15:54:06 +00:00
|
|
|
- A minor tweak to reject certain not-quite-URLs extracted from JS.
|
|
|
|
|
2010-03-20 15:49:23 +00:00
|
|
|
Version 1.01b:
|
|
|
|
--------------
|
|
|
|
|
2010-03-24 12:37:50 +00:00
|
|
|
- Workaround for a glitch in FORTIFY_SOURCE on Linux (causing crash
|
|
|
|
on startup).
|
2010-03-20 15:49:23 +00:00
|
|
|
|
|
|
|
Version 1.00b:
|
|
|
|
--------------
|
|
|
|
|
|
|
|
- Initial public release.
|