• Authentication trigger via browser’s location change patterns: Now the authentication object detects logout trigger via URL location change in the browser. The users just need to type exactly the same URL or its segments that they see in the search bar and do not need to think about whether it was an HTTP request or just manipulation of entries in the history.
• Mismatch of results when running a scan with crawler versus HAR fixed.: There is no more mismatch of issue severities when running a scan with crawler versus HAR.
• Change severity of Project Issues: Bright now provides the possibility to manually change the severity of a particular project issue. Therefore, customers can use the app as a “source of truth” for their full collection of project scan findings.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
• Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.

• Authentication trigger via browser’s PAGE (DOM) change patterns: When the target application is opened with an unauthenticated browser, there may be some elements on the page, which are not visible when the browser is authenticated (for example, the login form). Now the user can pick the element’s selector using the browser’s Development Tools and create a trigger that starts the authentication process if an element is found using this selector. For details, see Creating Authentication.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
• Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.

• Copy scan configuration as REST API (curl) option: Bright now enables users to copy scan settings as REST API cURL command to run a scan. When there are several scans with different settings completed in Bright, the user can copy the scan configuration as REST API (curl) command to start a new scan. Therefore, it is possible to use the same scan settings to automate scan execution or to integrate into CI/CD.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.
• Recording created with Google Chrome recorder is not replayed because UID was changed. Some web applications specify a UID in the element name. Since web applications are frequently releasing new features, UID might change, which will cause the authentication object not working. For details, see Troubleshooting Authentication Issues.

Check out the new features and improvements from Bright:

• Filtering Document Object Model (DOM) Events for WebDriver by Exclusions: Bright now supports filtering DOM events for WebDriver by exclusions. When setting targets and exclusions for a new scan, the user can specify that DOM elements on the page are skipped by WebDriver. Therefore, it is possible to define buttons that need to be excluded from crawling to ensure that the scan runs without interruptions. For details, see Bright User Guide.
• The reason for an unsuccessful scan is now displayed in a more intuitive way: Bright now shows the reason for an unsuccessful scan as a notification at the top of the scan details page. The notification informs the user that the scan failed or has been disrupted, the reason, and a suggestion on how to fix the issue.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.
• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.

Check out the new features and improvements from Bright.

• Recorded browser-based form authentication: We've introduced a quick and visual way of creating authentication flows. The new feature allows uploading an authentication flow which was prerecorded with the Chrome recorder and using it as authentication with Bright. For details, see our [docs] (https://docs.brightsec.com/docs/configure-recorded-browser-based-form-authentication).

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Check out the new features and improvements from Bright.

• Optimized crawler settings: With this option enabled, the crawler skips the forms and URLs with the same set of parameters, which significantly reduces the crawling time. This setting also allows avoiding scan crashes when there is not enough memory for large sites. For details, see our [docs] (https://docs.brightsec.com/docs/advanced-mode).
• Font resizing support: Now Bright allows resizing fonts for all screen elements without any loss of content or functionality.
• Full keyboard navigation support: From now on, users can smoothly navigate through the UI using the keyboard.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Check out the new features and improvements from Bright.

• New scan templates: Two more preconfigured templates have been added to the templates list available in Bright. The new templates allow the users to quickly set up a security scan with the required tests and get full results when they need to scan their company’s product for certain vulnerabilities included into PCI DSS and OWASP top 10 for Web Apps (2021).
• Filtering scans by High/Low/Medium severity levels: This feature enables the users to filter scans by High/Low/Medium severity levels and therefore browse information in a quicker and more effective way.

Check out the new features and improvements from Bright.

• Improve crawler skipping behavior - The option allows you to exclude specific methods, URLs or path patterns when configuring crawler as the discovery method. For more information, see our docs.
• Performance Improvements - Various improvements for crawler performance and stability.

Check out the new features and improvements from Bright.

• New Standby option in Browser-Based Authentication object configuration - The option allows you to specify the time for Bright to wait until a login page loads, before to take the next step. For more information, see our docs.
• Performance Improvements - Various improvements for crawler performance and stability.