Version 3.49 | November 30, 2025
New Features and Enhancements
CxLink Migration to Zrok v1
Upgrading to Zrok v1 provides the latest security updates, vulnerability fixes and improvements.
User-Controlled Incremental Scan for Branches
Incremental scan support for branch configurations is now fully exposed to users in the UI. Previously, this capability was controlled only through a feature flag, limiting visibility and user control. With this release, the feature flag has been removed, and users can now directly manage their incremental scan settings.
For more information, see documentation
Results Metadata Grouping Available in UI
The Results Metadata Grouping setting, previously controlled by a feature flag, is now available in the UI, giving customers direct control over how results are grouped for triaging.
For more information, see Result scope level in the configuration options.
Manual Bearer Token Entry for API Scans
In some cases, bearer tokens in the API specification may not grant access to API docs, causing scans to fail. To ensure scans succeed, now you can manually add bearer tokens using + Add custom headers and confirm your headers and target URL are correct.
Predefined Scan Configurations in DAST
Added predefined scan configurations to the Environment Setup Wizard and Environment settings, so you no longer need to manage configuration files or ZAP.
IaC
Updated to version 2.1.16
Fixes and Improvements
Corrected false positives for SNS topic public accessibility in Terraform/AWS, Ansible/AWS, and CloudFormation/AWS.
Added support for database resources in two Azure queries.
Included cases for Azure App Service resources (azurerm_linux_web_app and azurerm_windows_web_app).
Prevented panic when parsing recursive YAML anchors or aliases.
Added support for arrays and minor fixes in queries.
Resolved Issues
Item | Description |
|---|---|
AST-120770 | Establishing a connection failed after multiple attempts. |
AST-120359 | Authentication to certain web applications in DAST failed. |
AST-119984 | Establishing a connection did not work as expected. |
AST-119074 | Generic API Key (ClientSecret) produced false negatives. |
AST-118991 | Generic API Key (SecretKey) produced false negatives. |
AST-118979 | Authentication to public web applications in DAST failed. |
AST-117177 | SAST results were missing descriptions. |
AST-116382 | Predefined Azure role identifiers (RBAC) were incorrectly flagged as secrets. |
AST-115570 | Generic API Key produced false positives. |
AST-120044 | The “Download Logs” option did not appear for specific tenants. |
AST-119647 | Authentication to additional public web applications in DAST failed. |
AST-118856 | DAST vulnerability reports contained duplicate compliance data. |
AST-118034 | Constant error messages appeared in the UI even though scans completed successfully. |
AST-117997 | Certain users were unable to tag scans. |
AST-117993 | Projects could not be deleted. |
AST-116320 | Generating DAST scan reports failed when scans contained a large number of vulnerabilities. |
AST-116212 | SAST worker failed to read results due to an XML parsing error. |
AST-108655 | The UI displayed an unclear message when the primary branch was not set. |
AST-98430 | SAST worker failed to read scan status due to a deserialization error (EOF). |
AST-114083 | Changing the preset setting at the project level was not possible. |
AST-114444 | GitLab projects did not convert via API, though creation and updates worked through the UI with the same credentials. |