Projects/OWASP Watcher Project/Releases/Watcher v1.5.0/Notes

+++ major new feature, + minor new feature, (*) changed feature, % improved performance or quality, ! fixed minor bug, !!! fixed major bug,
 * CHANGELOG


 * RELEASES

v1.5.0 - 2010-11-17 +++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher. % Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09 (*) Exporting results now includes all results rather than just those selected. (*) XML report now includes metadata about Watcher version and configuration. % Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24 Attempts have been made at noise-reduction, see below. Wiki has been updated with more check descriptions, all linked to from inside Watcher. +++ Check descriptions all improved and updated with recommendations and external references. + New check for javascript document.domain lowering. (*) IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change. (*) New installations now come with a few noisy checks disabled by default. (*) New installations now come with some check configs enabled by default to reduce noise. ! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified. ! Fixed bug where check configurations weren't saving. ! Assorted bug fixes.

v1.3.0 - 2010-02-25 +++ .NET Framework 3.5 is now required. +++ Optional plugin (separate download) to export results to Team Foundation Server (TFS). + New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions) + New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas) + New check for Silverlight EnableHtmlAccess. + Export results to HTML report. + If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis. + Added compliance mappings for Microsoft SDL. ! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24 + User-Agent now sends version information during update check for tracking purposes. + Added Windows 7 support to installer. ! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request. ! Checks that maintain URL caches weren't clearing when the results list was cleared. (*) Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting). (*) Moved the check configuration to a tab of its own. % Updates to the UI look and feel. % Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12 !!! Fixed issue where response payloads greater than 200K caused the entire session to be ignored.