October 2025

New Features

• LLM Router
  Introduced automatic routing across configured LLM providers, including Google Gemini, Anthropic, and OpenAI, allowing seamless orchestration of large language model integrations.
• HTTPSBypass Analyzer
  Added a new analyzer to detect targets that accept insecure HTTP connections, helping enforce proper HTTPS configurations.

Enhancements

• Refreshed API Settings Tab
  Improved navigation and usability within the API Settings section of the UI.
• Role-Based Access for Patterns
  Group Maintainers can now create and edit patterns at the group level.

Bug Fixes

• Group / Project Selector UI Fix
  The updated UI now includes a new and more consistent Group / Project selector.

‍

Sift 25.10.3 (October 17, 2025)

New Features

• HTTPSBypass Analyzer
  Added a new analyzer to detect targets that accept insecure HTTP connections, helping enforce proper HTTPS configurations.

Enhancements

• DataExposure Analyzer
  Now inspects both response headers and response body for user-specified pattern matches.
• SstInjection Analyzer
  Improved logic to further reduce false positives during template injection testing.
• OpenAPI Header Name Preservation
  
  • Header parameter names in OpenAPI operations now retain original capitalization from the definition file.
  • Header field names from dynamic authorization commands also retain original capitalization from the command output.
• ServerError Analyzer
  This analyzer is now passive and evaluates requests from both the baseline engine and other analyzers for broader coverage.

Bug Fixes

• Invalid Regex Pattern Handling
  Fixed an exception caused by non-compilable regular expressions in OpenAPI definitions, ensuring robust parsing during scan initialization.