September 2025

Aptori Release 25.9.1

New Features

• Performance Metrics: HTTP Response Histogram
  A new histogram of HTTP response status code categories (2xx, 3xx, 4xx, 5xx) is now displayed in the Performance Metrics tab of a run result, providing visibility into API behavior and response trends.

Enhancements

• User Report
  A new column has been added to the User Report, displaying the list of Groups each user belongs to.
• Configuration Builder
  
  • Added an optional setting to enable the Proxy.
  • The BrokenObjectLevelAuthorization (BOLA) analyzer now supports an optional unauthorizedUsersproperty, which accepts one or more unauthorized users for configuration.

‍

Sift Release 25.9.1 (September 3, 2025)

Added

• HTTP Response Status Code Histogram
  Sift now reports a histogram of HTTP status code categories (2xx, 3xx, 4xx, 5xx) for each operation in a target API.

Changed

• SstInjection Analyzer
  Added detection support for additional template engines to expand coverage.
• BrokenObjectLevelAuth Analyzer Configuration Update
  
  • Deprecated the unauthorizedUser property.
  • Introduced the unauthorizedUsers property, which accepts a map of virtual user names to authorization methods, allowing configuration of multiple unauthorized users for testing unauthorized access attempts.
• DataExposure Analyzer
  
  • The severity property may be an empty string, in which case the default severity of "medium" is used.
  • This is the same behavior as when the severity property is not present.

Fixed

• BrokenObjectLevelAuth Analyzer: Error Handling Logic
  Improved decision logic when requests encounter network errors:
  
  • If any check fails → returns Fail
  • If any request encounters a network error → returns Skip‍
  • Otherwise → returns Pass