v1.1.23

What's Changed

• Reports samples for attack wave
• Improves IMDS SSRF protection by also checking ipv4-mapped ipv6 addresses

v1.1.22

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 3

What's Changed

• send attack events even without a context for stored ssrf
• report query parameters in url during attack for Spring MVC & Javalin
• run attack wave detection after req, so user data can be reported.
• respect protection forced off when scanning for (stored) ssrf
• perf: re-use scanner instances to avoid unnecessary gc
• perf: caches hostname, host ip, os & platform

v1.1.22 beta 2

internal testing of a memory improvement

v1.1.22 beta

What's changed

internal testing of a memory improvement

v1.1.21

What's Changed

• Fixes path traversal vulnerability with leading slashes
• Reduces unnecessary reporting when an attack happens
• Improves trace logs slightly

v1.1.20

What's Changed

• Improves functionality when AIKIDO_TOKEN is not set

Full Changelog: v1.1.19...v1.1.20

v1.1.19

What's Changed

• Improve musl detection for linux

v1.1.18

What's Changed

• Bugfix: avoid recursion in rare cases for api spec generation

v1.1.17

What's Changed

• Add support for HyperSQL