Highlights
Release Notes
25.10.3
New Features
- LLM Router
Introduced automatic routing across configured LLM providers, including Google Gemini, Anthropic, and OpenAI, allowing seamless orchestration of large language model integrations. - HTTPSBypass Analyzer
Added a new analyzer to detect targets that accept insecure HTTP connections, helping enforce proper HTTPS configurations.
Enhancements
- Refreshed API Settings Tab
Improved navigation and usability within the API Settings section of the UI. - Role-Based Access for Patterns
Group Maintainers can now create and edit patterns at the group level.
Bug Fixes
- Group / Project Selector UI Fix
The updated UI now includes a new and more consistent Group / Project selector.
Sift 25.10.3 (October 17, 2025)
New Features
- HTTPSBypass Analyzer
Added a new analyzer to detect targets that accept insecure HTTP connections, helping enforce proper HTTPS configurations.
Enhancements
- DataExposure Analyzer
Now inspects both response headers and response body for user-specified pattern matches. - SstInjection Analyzer
Improved logic to further reduce false positives during template injection testing. - OpenAPI Header Name Preservation
- Header parameter names in OpenAPI operations now retain original capitalization from the definition file.
- Header field names from dynamic authorization commands also retain original capitalization from the command output.
- ServerError Analyzer
This analyzer is now passive and evaluates requests from both the baseline engine and other analyzers for broader coverage.
Bug Fixes
- Invalid Regex Pattern Handling
Fixed an exception caused by non-compilable regular expressions in OpenAPI definitions, ensuring robust parsing during scan initialization.
.svg){kind=small}
.svg){kind=small}
