This release enables you to route traffic through your corporate proxy while keeping internal integrations reachable, and fixes issues affecting self-hosted Windows scanning machines and scope rule configuration.
Keep internal integrations reachable while using a corporate proxy
You can now configure a list of hosts that connect directly, bypassing the system-level external proxy. This means you can route outbound traffic through your corporate proxy for licensing and updates, while still reaching internal integrations such as GitLab or Jira Data Center that aren't accessible via the proxy.
Previously, you had to choose between routing all traffic through the proxy (which broke internal integrations) or disabling the proxy entirely (which broke external access). The new exclusion list removes this trade-off and follows the same convention as NO_PROXY in curl, Java, and most HTTP clients.
For more information, see Configuring an HTTP proxy server.
Bug fixes
We fixed the following bugs:
- Self-Hosted Windows scanning machines no longer leave orphaned processes behind when a scan terminates abnormally. Scanning hosts no longer require manual cleanup or reboots to recover.
- Uploading an invalid
.p12TLS certificate no longer makes your instance unreachable. DAST validates the certificate at upload and keeps the existing certificate in effect until validation succeeds. - The scope rule modal now accepts valid Java regex constructs, including inline flag groups (
(?i),(?s)),\Q...\Eliteral blocks, and atomic groups.