What happened

• Due to a session management change (https://gitlab.com/fluidattacks/product/-/commit/1f67cd266283a8846ab8fc84ed761a3b89d2ff33) user cookies were deleted for current session.

• If a user sign-in with an existent session all cookies are deleted and an unauthorized error is propagated through all user sessions. The bug was injected on 2021/01/27 14:31 (EST).

What we’ve done

• Now the cookies are not deleted, only a notification about concurrent sessions. (https://gitlab.com/fluidattacks/product/-/commit/b8600cc80d0b4fd5142a02c7f0d71b564f68bb25)

What the impact was

• Users who tried to log in with existent sessions get unauthorized error.

What we are doing to help

• Check all user sessions to confirm if any user is affected. 

Data is the essence of any organization, and more if that data could help you prevent a security incident.

With more data more effective are the efforts to solve a vulnerability. This is why we add new vulnerability info modal to give all data about reported vulnerabilities.

You can click on the vulnerability that you want more information about in the locations table.

If you think that you need more information, let us know, and we will give you.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Know when a finding was reported is essential as to know if a new vulnerability reopened that finding.

You can find three dates to know all about your finding report dates:

• Age(days): Days since the first vulnerability was reported to your group.
• Open Age(days): Days since the first open vulnerability was reported to your group.
• Last report (days): Days since the last vulnerability was reported to your group.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Have the information to make decisions is essential to us, and we know that for you are important too.

We add new graphs to help to understand your vulnerabilities and all your group data. Now you will find these graphics:

• Vulnerabilities over time in portfolios view
• How many vulnerabilities by tag
• How many vulnerabilities by tag
• Vulnerabilities by treatments
• Vulnerabilities by reattacks
• Vulnerabilities by type
• Total vulnerabilities in portfolios view
• Accepted vulnerabilities by severity
• Top 10 Oldest vulnerabilities
• Top findings (by # vulnerabilities)
•  Accepted vulnerabilities by user
• Meantime to remediate for non-treated vulnerabilities

If you have any doubts with these or other metrics do not hesitate to contact us.

Even though we believe all code versioned in repository must be analyzed, some times and for any reasons a piece of source code is not needed to be analyzed.

This is why we enable gitignore option to exclude any piece of source code from analyzed repositories.

You will find this option in new/edit roots modal.

Remember follow gitignore pattern to document the exclusions.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

Now the vulnerabilities table is more descriptive.

You can filter, add, or remove columns and get all information about vulnerabilities in your group.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.

We give more relevance to the most important thing in any app, the source code. Now environments are included in Git Roots.

All source code needs to be deployed in an environment; this is why you need to select a Git Root as the origin of the code deployed in a specific environment.

If you want to add or edit an environment, you need to select the git root associated with the URL.

Add the desired URL, and that's it.

What happened

• Due to a large recent cache migration, we didn't figure out how many new Redis connections would appear, so our connection limit parameter was not updated.
• That caused some Redis connections not to reach the endpoint between 2020/12/17 13:30 (EST) and 2020/12/17 15:20 (EST).

What we’ve done

• We found the right value for this parameter and committed the fix (https://gitlab.com/fluidattacks/product/-/commit/03730d0c95ddd84cde5771ed91560504518866fa).

What the impact was

• Vulnerability loading for some big projects was not working.

What we are doing to help

• We currently ensure that we properly adjust each existing parameter of our Redis instance for every incoming cache change.

With the change of how we add repos to Integrates (https://news.fluidattacks.com/changing-the-way-of-add-and-edit-repositories-2BmptS) comes a new functionality to manage code exclusions or inclusions.

When you add a repo or edit one, and you want to exclude or include something from our analysis, add the full path to the file or folder you wish to exclude or include. Simple as that.

Do you think that requesting a Zero Risk was awful? Now it is simple and easy.

ONE button, all options:

When you edit a vulnerability, you can choose all known options and the new Zero Risk treatment. That's it.

If you have any doubts about Zero Risk treatments, please visit https://news.fluidattacks.com/zero-risk-vulnerabilities-10A0dq.

All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.