Skip to content

v1.1

Choose a tag to compare

@m0b1u3 m0b1u3 released this 11 Jun 07:38

v1.1 — JSP false-positive fix

Fixed

  • Normal Tomcat-compiled JSP classes (org.apache.jsp.*_jsp, codeSource in work/Catalina/) no longer surface as high/suspicious. They are now suppressed to low when bytecode is clean.
  • JSP webshells containing malicious bytecode (Runtime.exec, defineClass, Cipher.doFinal etc.) are unaffected — they remain visible at the correct level.

Full Changelog: v1.0...v1.1