Changelog

IRIS v2 (unreleased)

Features:

• Adds support for several new CWEs:
  • CWE-089 (SQL Injection)
  • CWE-295 (Improper Certificate Validation)
  • CWE-352 (Cross-Site Request Forgery)
  • CWE-502 (Deserialization of Untrusted Data)
  • CWE-611 (Improper Restriction of XML External Entity Reference)
  • CWE-807 (Reliance on Untrusted Inputs in a Security Decision)
  • CWE-918 (Server-Side Request Forgery)
• Reworks scripts to depend on OpenJDK instead of Oracle
• Adds support for Gemini

IRIS v1

Features:

• Introduces IRIS
• Added support for 4 CWEs:
  • CWE-022 (Path Traversal)
  • CWE-078 (OS Command Injection)
  • CWE-079 (Cross-Site Scripting)
  • CWE-094 (Code Injection)