v1.1
v1.1 — JSP false-positive fix
Fixed
- Normal Tomcat-compiled JSP classes (
org.apache.jsp.*_jsp, codeSource inwork/Catalina/) no longer surface ashigh/suspicious. They are now suppressed tolowwhen bytecode is clean. - JSP webshells containing malicious bytecode (
Runtime.exec,defineClass,Cipher.doFinaletc.) are unaffected — they remain visible at the correct level.
Full Changelog: v1.0...v1.1