Skip to content

ezXSS v4.2

Latest
Compare
Choose a tag to compare
@ssl ssl released this 04 Feb 20:02
· 27 commits to master since this release

I am happy to announce the release of ezXSS v4.2!
Building on the foundation laid by v4.0's complete recoded codebase and v4.1's introduction of persistent XSS sessions with reverse proxy, v4.2 brings improvements in performance, compatibility, and usability.

A lot of changes and a lot of big improvements. Updating to this version is highly recommended as you might not receive all reports you should receive with your current version. All information about installing, updating and using ezXSS can be found on the GitHub wiki: https://github.com/ssl/ezXSS/wiki

What's New in v4.2?

  • Enhanced Performance: Up to 80% improvement in speed across the dashboard and reports, thanks to optimized data handling, compressing data and query improvements.
  • More Compatibility: Payloads now trigger across a wider range of browsers, including older versions (IE8+, Chrome 3+, Firefox 4+, Safari 4+).
  • Simplified Docker Installation: Updated Docker support with automatic certificate installation simplifies setup.
  • One-Click Update: Seamlessly upgrade to v4.2 from as far back as v2.0
  • New Features: Introducing the ezXSS Payload Tester, customizing storing methods, a "shortboost!" button and much more.

Changelog Highlights:

  • Major speed optimizations for dashboard and report interactions.
  • Extended payload compatibility with older browsers and protocols.
  • Docker enhancements for effortless installation and certification.
  • New option to store screenshot either in the database or as file on the server
  • New option to store big reports/session data as plaintext or compressed
  • Comprehensive updates to user agent lists, data fetching via API, logging, and more data table integration.
  • New payload features, including a copy-to-clipboard button and more example payloads.
  • New theme, alongside other design and usability improvements across the platform.
  • Significant bug fixes in report generation, cookie copying, persistent pages, queries and much more.

Given the substantial feature expansion from ezXSS v3.x, the transition might be quite extensive. All these functionalities are elaborated in our wiki. With over 3000 lines of code enhancements since v4.1, v4.2 is the definitive, production-ready package designed to test your web applications against XSS vulnerabilities.

Your feedback and contributions have been important in shaping ezXSS into the robust tool it is today. Thanks everyone for using ezXSS and please consider supporting the project by submitting new code, feature requests, issue reporting or by donating through Github Sponsors <3.