• Self-serve Connectivity tool - The Response tab within the Entrypoint Summary page now features a connectivity issue indicator, along with details regarding potential causes and solutions.
• Enhanced Notification for Entrypoint Editor - A new notification has been integrated into the Entrypoint Editor, appearing whenever there's invalid syntax detected in the Request Body field.
• New Tests Available - iFrame injection, Prompt injection
• Rerun Discovery from the History tab - The option to quick Discovery rerun without adjusting the settings is now available.
• Updated PDF reports - The Discovered Entrypoints section has been added to the PDF reports for enhanced content.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• Test buckets - Now all tests are organized into groups that describe general attack direction. There is still a possibility to select tests manually if needed.
• New section in PDF reports - The PDF reports are now enhanced with new data about Vulnerable entrypoints, containing a number of issues related to a particular entrypoint.
• Activity Log filters - New filters by date, object, action, and actor have been added.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• OTP support for recorded Browser-Based Form Authentication – manually added one-time password (OTP) generation feature is available now, as well as for Browser-Based Authentication and Custom API Authentication. Learn more about how to add an OTP in the authentication flow.
• Scan PDF report customization – Compliance results section in Scan PDF reports has been reworked and upgraded by creating a new "Not checked" status. Learn about exporting scan reports in the article.
• New vectors – 3 new vectors have been added to the XML External Entity Injection
• New payloads – 2 new payloads have been added to the Reflective Cross-Site Scripting (rXSS)
• Issues tab improvements – the new Unconfirmed issues tab & details showing SQL Injection findings

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

This Bright's release is significant: it highly improves scanning speed and quality, due to the new architecture of internal processes. To learn more about the updated user flow, see the documentation.

• Splitting a scanning into two parts: Discovery and Testing – it allows getting faster testing with more consistent results and more accurate results by validating all Entrypoints live before testing. Legacy scans are still available. To learn more about it, see the article.
• Adding In-app Entrypoint and Baseline Editor – now it's possible to quickly fix the Entrypoints with connectivity problems. To learn about how to use it, see the article.

Known Issues

• To fix the issue, when a scan is getting into disrupted state for no obvious reason, restart the scan and change the scan setting:
  1. Open Optimizations tab → Scan performance & speed
  2. Uncheck the option Stop scan if target doesn’t respond for ... min
  3. Click Retest scan
  While we’re working on optimization of the setting, use this note to prevent the issue.
• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• Improved activity log - The capabilities of the activity log have been improved: users now have the ability to view the activity of all users in the organization, and can easily filter the data based on the actor. For more information, see Managing Activity Log.
• Improved Broken Object Level Authorization (BOLA) test - test logic has been changed to improve the scan resiliency.
• Comment access with personal API-keys - Bright now provides the ability to manage comments using personal API-keys.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• Engine progress calculation improvements - Total scan progress now is based on actual tests that need to be done on each entry-point. As a result two new parameters can be displayed: tests progress per entry-point and time saved by parallel testing (performed with high-concurrency tests).

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• New engine recoverability capabilities - The new engine mechanism has been implemented, that improves scan resilience with continuous progress saving, significantly reducing chances of failure.
• New Activity log events - The new activity log events have been added for changes to project issue status, severity, and assignee.
• Improved Projects filtering and presentation - Now it is possible to filter projects by their labels. Also, the Labels column is now presented in the Projects table.
• Group role scopes inheritance - Role group permissions are now inherited on a user level.
• Export all Projects data as a CSV file - The ability to export data of all projects in CSV format has been added.
• Improved UI - The files attached to the project are now located in the Files tab, instead of a separate module.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• Common Vulnerability Exposed (CVEs) - The new test added, which tests targets for known third-party common vulnerability exposures.
• Project issues labels - Bright now allows users to create up to 15 labels per project issue and filter them.
• Project labels - We've introduced the ability to label the entire project, which is helpful to arrange the organization's structure.
• Expiration API-key date - The ability to set the particular expiration date for API keys has been added. Personal, project, and organization levels are covered.
• Entry-points table improvements - Now it is possible to adjust the settings of an entry-points table and customize it. A new quick action menu has been added to the table, providing the ability to copy entry-points requests as a cURL, and entry-points URL either.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• New Project issue counters design - the Project Issues counters design has been changed for a better understanding of how many issues are opened at the moment. Also, now users can see updated information without refreshing the page
• Project Issue export CSV - Bright now allows users to export all the issues in the CSV file
• Project Issues table configuration - All the issues can be filtered by severity, hosts, methods, and last reported date. Also, this table is now adjustable via the table configuration menu and simply by drag-and-drop columns in the way you need
• Issues table loading improvements - Server-side pagination has been implemented to better the page performance

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.

• AWS S3 Bucket Takeover - The new test added, which searches for S3 buckets that no longer exist to prevent data breaches and malware distribution.
• Template settings lock - Scan template settings now can be protected from editing to make sure that scans are performed with the same configuration as provided in the template.
• Role scope changes - Users with projects:manage role scope are no longer allowed to edit project issues, only to read. Scope project-issues:write is required to edit issues.
• Server-side pagination - now it is possible to filter and sort projects by the new parameters, such as severity, last time scan, unique hosts, etc.

Known Issues

• Windows narrator repeats the title of items from dropdown lists 3 times. - Bug on Google Material side (to be fixed in the next updates): In a number of dropdown lists, the Windows narrator repeats list items 3 times instead of voicing them only once.

Authentication-Related Issues

• Error when creating recorded browser-based authentication with Chrome record made starting from an empty tab: When creating a record in Chrome starting from an empty tab and then creating recorded browser-based authentication using the created record, the user gets the following error: The actual URL (chrome-error://chromewebdata/) doesn't match up to the specified validation URL (chrome://YOUR_PAGE), please make sure the URL is correct or record again with the correct configuration.
• Recording created with Google Chrome recorder is not replayed with the Evaluation failed error. When replaying the recording, an error appears: Evaluation failed. TypeError: Failed to execute ‘observe’ on ‘IntersectionObserver’: parameter 1 is not type ‘Element’… For details, see Troubleshooting Authentication Issues.