This release adds advanced scope control, and automatic updates for your API sites.
Use advanced scope control to precisely target your scans
You can now define scan scope rules using regex patterns on URL components. This gives you more precise control over which URLs Burp Suite DAST scans and audits.
For more information, see Detailed scope configuration.
Automatically update your sites when API updates are discovered
When you create sites from API finder, you can now choose how Burp Suite DAST handles future changes to the API definition:
- Always review changes before updating: You are notified when changes are detected in API finder, so you can review and update manually.
- Automatically keep APIs up to date: New versions of the API definition are applied automatically.
For more information, see Update behavior.
Bug fixes
We fixed the following bugs:
- We stopped unexpected errors appearing in your web server logs after the 2026.3 update.
- Submitting unusually long passwords during login could cause a significant increase in memory consumption, potentially crashing your instance. We'd like to thank bug bounty hunter Armen Akopyan (bereza4321) for reporting this.