Common Vulnerability Exposed (CVEs) - The new test added, which tests targets for known third-party common vulnerability exposures.
Project issues labels - Bright now allows users to create up to 15 labels per project issue and filter them.
Project labels - We've introduced the ability to label the entire project, which is helpful to arrange the organization's structure.
Expiration API-key date - The ability to set the particular expiration date for API keys has been added. Personal, project, and organization levels are covered.
Entry-points table improvements - Now it is possible to adjust the settings of an entry-points table and customize it. A new quick action menu has been added to the table, providing the ability to copy entry-points requests as a cURL, and entry-points URL either.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
New Project issue counters design - the Project Issues counters design has been changed for a better understanding of how many issues are opened at the moment. Also, now users can see updated information without refreshing the page
Project Issue export CSV - Bright now allows users to export all the issues in the CSV file
Project Issues table configuration - All the issues can be filtered by severity, hosts, methods, and last reported date. Also, this table is now adjustable via the table configuration menu and simply by drag-and-drop columns in the way you need
Issues table loading improvements - Server-side pagination has been implemented to better the page performance
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
AWS S3 Bucket Takeover - The new test added, which searches for S3 buckets that no longer exist to prevent data breaches and malware distribution.
Template settings lock - Scan template settings now can be protected from editing to make sure that scans are performed with the same configuration as provided in the template.
Role scope changes - Users with projects:manage role scope are no longer allowed to edit project issues, only to read. Scope project-issues:write is required to edit issues.
Server-side pagination - now it is possible to filter and sort projects by the new parameters, such as severity, last time scan, unique hosts, etc.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
New role scopes: Scope project-issues:write allows to grant access to project issue management separately from access to project settings. Scope scan-labels:manage provides granular access to editing labels in scans that are already running or have been finished.
Improved SSTI test: The SSTI test improved by adding the new GO template payloads
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Custom headers support - The Bright app now allows users to manually add a custom header to browser-based form authentication and -recorded one. The auth_object prefix has also been added to the app for all authentication commands. All existing user commands will be updated automatically.
Excessive data exposure - The new test added, which tests the application for not screening sensitive information on the server side, depending on the client side to filter the sensitive data out.
Allow signups with business emails only - Registration with company email only is now available.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Project-level file storage - Now uploaded files must be associated with a project so they can be shared between project team members.
GraphQL introspection test - Tests for externally exposed API documentation by querying /graphql endpoint. The target is the information about the schema and the data flow.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.
New onboarding wizard - new onboarding wizard is an essential part of the Bright app, which provides clarity to the installation process, and will help users to better understand all the app functionalities.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.
OTP (one-time password): Bright now provides the possibility to use a Time-Based One-Time Password (TOTP) and Hash-Based One-Time Password (HOTP). OTP is used during the creation of an authentication object for a target that uses a TOTP input field.
Editable labels for scans: it is now possible to filter scans by one or multiple labels, which simplifies the interactions with a large number of scans. Also, all the existing labels can be autocompleted in new scan settings, if needed.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.
Editable labels for scans: Now all the scans can be marked by attaching fully editable labels, which are displayed in the scan details tab. It is available both in UI and API interfaces and helps users to attach any valuable information to the scan.
Prevent duplicate tickets: There are no more duplicating tickets while scanning using any type of available integrations. Also, as a part of this update, ticketing integration settings were moved from the Organization level to the Project level. As a result, adjusting the ticketing setting is now way faster and easier.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.
Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.
Known Issues
Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
Authentication-Related Issues
Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.