Highlights
Release Notes
25.12.3
Bug Fixes
- Asset Issues Page
Resolved an error that prevented the Asset Issues page from rendering correctly. - Show Issue History
Corrected the Issue History table to ensure it accurately displays the history of runs in which the issue appeared.
Sift 25.12.3 (December 10, 2025)
- Enhancements to the SQLInjection analyzer to validate SQL Injection vulnerabilities using timing attack vectors
- ErrorMessageExposure analyzer now reports findings when sensitive information is found in responses that are client errors (e.g., HTTP 4xx status code). Previously, the analyzer only reported findings for responses that were service exceptions (e.g., HTTP 5xx status code).
- Reduce false positives in Server-Side Template Injection (SstInjection) analyzer to improve accuracy.
25.12.2
Aptori 25.12.2
Enhancements
- React Upgrade
Applied a security update to upgrade the platform to the current React version, ensuring improved stability and security.
Bug Fixes
- Asset Selector
Fixed an issue with the asset selector on the Projects page, improving reliability during navigation.
Sift 25.12.2
- CSRF Token Handling via OpenAPI Extension
Sift now supports the OpenAPI vendor extension x-sift-csrf-refresh, allowing declarative configuration of how CSRF tokens are extracted from responses and injected into subsequent requests for operations that require CSRF protection. - BrokenObjectLevelAuth Analyzer Tuning
Reduced false positives in the BrokenObjectLevelAuth analyzer when multiple user identities are configured, resulting in more accurate results.
.svg){kind=small}
.svg){kind=small}
