CHANGELOG

v1.3.0 (2026-06-26)

Enable / Disable Vue DevTools (ENABLE_DEVTOOLS=true/false),
Update Secret Scanner: SECRET_KEY / SECRET_PRIVATE_KEY / SECRET_XSUAA / SECRET_HDI_USER / SECRET_HDI_PASSWORD,
Update UI5 Scanner:
- Update UI5_SECURITY_PATTERNS,
- Add REDIRECT_PATTERNS / SENSITIVE_DATA_PATTERNS / OWASP_PATTERNS / SAP_SPECIFIC_PATTERNS,
Add file .jsx and .tsx' to scan,
Add Scanner for AppRouter,
Update BTP Scanner,
Update CAP Scanner,
Update NPM Scanner,
Update Secret Scanner,
Update Documentation,
Update UI5 supported version.

Security and Quality - Uncontrolled data used in path expression - utils/fileParser.js:104,
Security and Quality - Uncontrolled data used in path expression - routes/scan.js:131,
Security and Quality - Uncontrolled data used in path expression - utils/fileParser.js:89.

Update README,
backend: update size limit 10mb to 250mb (Max file Upload),
Security and Quality - Code scanning - Missing rate limiting #8
Security and Quality - Uncontrolled data used in path expression - routes/scan.js #9
Security and Quality - Uncontrolled data used in path expression - utils/fileParser.js #10 / #11 / #12
Correction - Load vue History not refresh,
Correction - Report UI5 - Display End of Maintenance,
Report UI5 - Highlighting "Your version",
Frontend - Add Footer on APP.vue / Add humans informations (authors and maintainers) to AboutView.vue,
Backend - CAP Scanner:
- Bug 1 - @requires in the CDS_AUTH_PATTERNS regex: without @, because it is already included in the enclosing @(...) annotation,
- Bug 2 - parseCDSServices searches for @requires and @restrict in the raw context,
- Correction in CDS_AUTH_PATTERNS to account for cases with and without @,
- Correction to exclude annotate in searches for @requires and @restrict.
Backend - BTP Scanner:
- Bug 1 - Destination: ui5.sap.com: Ignored,
- Bug 2 - Destination: srv-api/srv-url & HTML5.ForwardAuthToken = true: Add LOW BTP_MTA_NO_AUTH_FORWARD,
- Bug 3 - Other Destination: HIGH BTP_MTA_NO_AUTH.