v5.2.7

Release notes:

• Headers Fuzzers are not considering auth headers anymore
• Fix issue in report when clicking outside the test status filter levels causing the list of tests to display empty
• Change the order of displaying the Fuzzer name in individual Test Cases in order to accommodate global Fuzzers cases

v5.2.6

Release notes:

• Fix issue with auth headers not being recognised when not matching full name from pre-defined list
• Fix issue with Fuzzer names not being properly displayed in report after latest logback pattern change

v5.2.5

Release Notes:

• Fix issue with additionalProperties having nested additionalProperties of type object
• Fix issue with auth headers not always being parsed correctly

v5.2.4

Release Notes:

• make CATS proxy aware by using --proxyHost and --proxyPort
• change logging to use https://github.com/ludovicianul/pl4j
• make Fuzzer names shorter when prefixing log line by only using the first character of every work from their class name

v5.2.3

Release notes:

• Fix #3
• Fix #4
• When non-fuzzing commands like ./cats.jar list fuzzers CATS will not display fuzzing related data anymore

v5.2.2

Release notes:

• Fix an issue when a response was an array and CATS didn't properly check if the elements match the declared schema
• Whitelist the body_ JSON objects names generated by OpenAPI in order to not be labeled incorrectly by the Contract fuzzers
• Allow JSON object names to also match snake_case and hyphen-case
• Allow refData to contain fields which can be marked for removal using cats_remove_field

v5.2.1

Release notes:

• custom files now use JsonPath syntax, so you have more control on the properties being replaced/used
• fix for SpacesOnlyInFieldsTrimValidateFuzzer being ignored when the fuzzers where running
• introduce arguments like --checkHeaders, --checkFields or --checkContract to be able to run only categories of fuzzers

v5.2.0

Release Notes:

• fix various issues when dealing with oneOf or allOf elements
• add new Fuzzers for checking OpenAPI contract good practices in terms of presence of specific elements, naming conventions, content types, recommended headers
• fix issue when CATS was considering a 404 a valid response for validation error; it now expects 400 or 422
• CATS now also checks if the fuzzedField is present in a validation error response
• allow org.apache.commons.lang3 classes to be used via SPeL in configuration files such as refData, customFuzzer, etc
• fix issue with --printExecutionStatistics was only considering SKIPPED tests
• fix for elements sometimes not being displayed in the proper order in the final report

v5.1.1

Release notes:

• Add the possibility to add additionalProperties inside refData and customFuzzerFile
• Add possibility to supply dynamic values to refData, customFuzzerFile and securityFuzzerFile. Currently it supports only the java.time package
• Update Report summary to also includes the path

v5.1.0

Release Notes:

• fix for HttpMethodsFuzzer not conditioning HEAD by GET requests
• Add 2 new Fuzzers for exact value matching: MinimumExactValuesInNumericFieldsFuzzer and MaximumExactValuesInNumericFieldsFuzzer
• Add new security Fuzzers for checking security headers and mime types according to OWASP REST API recommendations
• list fuzzers will now list fuzzers based on categories: Field, Header and Http