Releases: projectdiscovery/nuclei
Releases · projectdiscovery/nuclei
v3.5.1
What's Changed
- Remove genproto replace directives from go.mod by @ehsandeep in #6608
Full Changelog: v3.5.0...v3.5.1
Contributors
ehsandeep
Assets 11
v3.5.0
What's Changed
🎉 New Features
- Adding json + xpath headless extractors by @Mzack9999 in #6559
- Adding VNC auth by @Mzack9999 in #6413
- Feat(templating): add vars templating into yaml inputs (ytt) by @alban-stourbe-wmx in #6261
- Feat: added new text/template syntax to jira custom fields by @Ice3man543 in #6464
- Feat(fuzz): enhance
MultiPartFormwith metadata APIs by @dwisiswant0 in #6486 - Feat: http(s) probing optimization by @matejsmycka in #6511
- Add option to control number of concurrent templates loaded on startup by @mielverkerken in #6373
- CheckRDPEncryption function by @pussycat0x in #6204
- SSH keyboard-interactive by @chovanecadam in #6508
- Feat(templates): add file metadata fields to
parsedTemplateby @dwisiswant0 in #6534 - Add env variable for nuclei templates dir by @dogancanbakir in #6588
- Adding support for execution in docker by @Mzack9999 in #6549
🐞 Bug Fixes
- Clean up pools after 24hours inactivity by @Mzack9999 in #6545
- Using clone options for auth store by @Mzack9999 in #6572
- Path-based fuzzing SQL fix by @tarunKoyalwar in #6400
- Fix(fuzz): handles duplicate multipart form field names by @dwisiswant0 in #6404
- Don't load templates with the same ID by @dogancanbakir in #6465
- Remove the stack trace when the nuclei-ignore file does not exist by @nu11zy in #6455
- Fix: update go jira deps by @knakul853 in #6475
- Jira: hotfix for Cloud to use /rest/api/3/search/jql by @knakul853 in #6489
- Fix: improve cleanup in parallel execution by @knakul853 in #6490
- Fix headless template loading logic when
-dastoption is enabled by @dogancanbakir in #6495 - Fix: suppress warn code flag not found & excludes known misc dir by @dwisiswant0 in #6500
- Fix(variable): global variable not same between two request in flow mode by @iuliu8899 in #6395
- Log failed expr compilations by @dogancanbakir in #6528
- Fixing failing integration tests by @Mzack9999 in #6544
- Fix: populate req_url_pattern before event creation by @Ice3man543 in #6547
- Fix(headless): fixed memory leak issue during page initialization by @Deamhan in #6569
- Fix(templates): mem leaks in parser cache by @dwisiswant0 in #6584
- Fix(http): resolve timeout config issues by @dwisiswant0 in #6562
- Fix(charts): fixed out of bounds read by @Deamhan in #6607
- Feat 6231 deadlock by @Mzack9999 in #6469
⚡ Performance Improvements
- Perf(loader): reuse cached parsed templates by @dwisiswant0 in #6504
- Http probing optimizations high ports by @matejsmycka in #6538
- Cache, goroutine and unbounded workers management by @knakul853 in #6420
- Centralizing ratelimiter logic by @Mzack9999 in #6472
🔧 Refactoring
- Refactor to use reflect.TypeFor by @cuiweixie in #6428
- Refactored header-based auth scans not to normalize the header names by @halcyondream in #6479
- Refactor(disk): templates catalog by @dwisiswant0 in #5914
📦 Other Changes
- Test(reporting/exporters/mongo): add mongo integration test with test… by @loresuso in #6237
- Bump httpx version by @dogancanbakir in #6425
- Reporting validation by @mkrs2404 in #6456
- Code from #6427 by @Mzack9999 in #6471
- No changes message for github custom template update to INF from ERR for better logging by @zy9ard3 in #6422
- Update Go version requirement in README by @DFwJZ in #6529
- Chore(typos): fix typos by @pstoeckle in #6521
- Chore: add typos check into tests CI by @dwisiswant0 in #6533
- Revert "chore: add typos check into tests CI" by @dwisiswant0 in #6535
- Chore: preserve issue report w/ issue form by @dwisiswant0 in #6531
- Update go version in logo by @DFwJZ in #6530
- Update
-tlflag by @matejsmycka in #6536
New Contributors
- @loresuso made their first contribution in #6237
- @cuiweixie made their first contribution in #6428
- @mkrs2404 made their first contribution in #6456
- @nu11zy made their first contribution in #6455
- @zy9ard3 made their first contribution in #6422
- @halcyondream made their first contribution in #6479
- @matejsmycka made their first contribution in #6511
- @mielverkerken made their first contribution in #6373
- @DFwJZ made their first contribution in #6529
- @pstoeckle made their first contribution in #6521
- @Deamhan made their first contribution in #6569
- @chovanecadam made their first contribution in #6508
Full Changelog: v3.4.10...v3.5.0
Contributors
cuiweixie, pstoeckle, and 19 other contributors
Assets 11
v3.4.10
What's Changed
Other Changes
- fix: segfault in template caching logic by @dwisiswant0 in #6421
Full Changelog: v3.4.9...v3.4.10
Contributors
dwisiswant0
Assets 11
v3.4.9
What's Changed
Other Changes
- feat: fixed output event for skipped hosts by @Ice3man543 in #6415
Full Changelog: v3.4.8...v3.4.9
Contributors
Ice3man543
Assets 11
v3.4.8
What's Changed
Features & Improvements
- Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
- Address race conditions in
http.RequestandMemGuardian(#6321) by @hdm - Support concurrent Nuclei engines in the same process (#6322) by @hdm
- feat: log event for template host skipped during scanning (#6324) by @Ice3man543
- feat(code): log unavailable engines as error while validating (#6326) by @dwisiswant0
- Bump
github.com/bytedance/sonicto v1.14.0 for Go 1.25 compatibility (#6348) by @stefanb - feat: loading templates performance improvements (#6364) by @Ice3man543
- feat(fuzz): evaluate variables (#6358) by @dwisiswant0
- Enable templates for template listing and displaying (#6343) by @dogancanbakir
- Refactor: use
maps.Copyfor cleaner map handling (#6283) by @gopherorg
🐞 Bug Fixes
- Fix headless: variables now available in headless templates (#6301) by @alban-stourbe-wmx
- Fix lib: scans not stopping on context cancellation (#6310) by @dwisiswant0
- Fix panic from uninitialized colorizer (#6315) by @josedh
- Fix to preserve original transport for linear HTTP client (#6357) by @Ice3man543
- Fix offlinehttp: replace "-" with "_" in headers for DSL variables (#6363) by @Isaac0616
- Fix(events): correct JSON encoder type in
ScanStatsWorker(#6366) by @dwisiswant0 - Fix: prevent nil pointer panic in WAF detector (#6368) by @knakul853
- Fix headless: merge extra headers (#6376) by @ysokolovsky
- Fix: prevent unnecessary template updates (#6379) by @dwisiswant0
🔨 Maintenance
- chore(deps): bump the modules group with 3 updates (#6305) by @dependabot[bot]
- chore(config): remove deprecated code and calls (#6311) by @dwisiswant0
- build(docker): bump builder image
golang:1.23-alpine→golang:1.24-alpine(#6316) by @dwisiswant0 - chore: fix inconsistent function name in comment (#6338) by @jishudashen
- build(make): update
template-validatecommands (#6385) by @dwisiswant0 - chore(deps): bump go_modules group with 2 updates (#6388) by @dependabot[bot]
- ci(tests): migrate to golangci-lint v2 (#6380) by @dwisiswant0
New Contributors
- @josedh made their first contribution in #6315
- @hdm made their first contribution in #6296
- @gopherorg made their first contribution in #6283
- @jishudashen made their first contribution in #6338
- @stefanb made their first contribution in #6348
- @Isaac0616 made their first contribution in #6363
- @ysokolovsky made their first contribution in #6376
Full Changelog: v3.4.7...v3.4.8
Contributors
stefanb, hdm, and 11 other contributors
Assets 11
v3.4.7
What's Changed
Other Changes
- Fixed issue with go install (
github.com/zmap/zgrab2v0.2.0 => v0.1.8) by @dwisiswant0 in #6295
Full Changelog: v3.4.6...v3.4.7
Contributors
dwisiswant0
Assets 11
v3.4.6
What's Changed
- Fixed context leak in flow by @tarunKoyalwar in #6282
Other Changes
- fixed log level mismatch by @knakul853 in #6271
- fixed hex dump issue by @knakul853 in #6273
- fix(headless): incorrect last navigated URL by @dwisiswant0 in #6278
- refactor: use the built-in max/min to simplify the code by @xiaoxiangirl in #6272
- test(nuclei): adds multiproto benchmark test by @dwisiswant0 in #6270
- chore: update goreleaser configurations by @emmanuel-ferdman in #6280
- fix(documentation): remove extra HTML table wrappers and periods in Korean README by @1223v in #6287
- build: bump all direct modules by @dwisiswant0 in #6290
New Contributors
- @xiaoxiangirl made their first contribution in #6272
- @emmanuel-ferdman made their first contribution in #6280
- @1223v made their first contribution in #6287
Full Changelog: v3.4.5...v3.4.6
Contributors
dwisiswant0, knakul853, and 4 other contributors
Assets 11
v3.4.5
What’s Changed
Bug Fixes
- Fix memory blowup in multi-protocol templates by @dwisiswant0 #6258
- Fix JSON unmarshalling for dynamic auth type in
authxby @dwisiswant0 #6268 - Use proxy settings in DNS and SSL templates by @ShubhamRasal #6255
- Fix ingress template in Helm chart by @23kbps #6206
- Improve headless engine startup and shutdown stability by @fourcube #6222
- Fix missing symbol in README documentation by @Jarro01X #6242
Enhancements
- Headless: Store responses for better debugging and analysis by @dwisiswant0 #6247
- Feature: Add
EnableMatcherStatusto configure matcher behavior (SDK) by @egru #6191
Refactoring & Maintenance
- Increase file descriptor limits for better performance under load by @knakul853 #6230
- Refactor: simplify code using
slices.Containsby @tongjicoder #6243 - Bump DSL package version by @dogancanbakir #6245
- CI: Add stale issue workflow to improve repo hygiene by @dwisiswant0 #6233
New Contributors
- @fourcube made their first contribution in #6222
- @23kbps made their first contribution in #6206
- @tongjicoder made their first contribution in #6243
- @egru made their first contribution in #6191
Full Changelog: v3.4.4...v3.4.5
Contributors
egru, fourcube, and 7 other contributors
Assets 11
v3.4.4
What's Changed
- Fixed issue with tls connection when socks proxied connection by @circleous in #6218
- Fixed nil schema panic & schema values by @dwisiswant0 in #6228
New Contributors
- @proabiral made their first contribution in #6223
- @circleous made their first contribution in #6218
Full Changelog: v3.4.3...v3.4.4
Contributors
circleous, proabiral, and dwisiswant0
Assets 11
v3.4.3
What's Changed
- Fixed issue with max-host-error tracking logic by @Ice3man543 in #6193
- Fixed issue with stats counter tracking by @Ice3man543 in #6193
- Fixed issue to respect proxy for auto http probe by @dwisiswant0 in #6138
- Fixed issue in offlinehttp extractor without part to body like requests by @Marmelatze in #6167
- Fixed issue with unresolved
interactsh-urlfor JS templates by @dogancanbakir in #6088 - Addded support for
SupportedLDAPVersionin JS template by @pussycat0x in #6202 - Added support to mssql for execute query in JS template by @Ice3man543 in #6200
- Added verbose output in case of
-ducby @dogancanbakir in #6195
New Contributors
- @pussycat0x made their first contribution in #6202
Full Changelog: v3.4.2...v3.4.3
Contributors
Marmelatze, Ice3man543, and 3 other contributors