|
2 | 2 |
|
3 | 3 | All notable changes to [Noir](https://github.com/owasp-noir/noir) will be documented in this file. |
4 | 4 |
|
| 5 | +## v0.29.0 |
| 6 | + |
| 7 | +### Added |
| 8 | +- Salvo (Rust) framework support |
| 9 | +- Hono (Node.js) framework support |
| 10 | +- Nitro.js framework support |
| 11 | +- httprouter (Go) framework support |
| 12 | +- GoFrame (Go) framework support |
| 13 | +- gRPC specification analyzer and detector |
| 14 | +- Cross-file route analysis for Go analyzers |
| 15 | +- Kemal namespace and mount routing support |
| 16 | +- `NOIR_PARSER_MAX_DEPTH` environment variable to cap import-following depth |
| 17 | +- Framework auth taggers |
| 18 | +- Framework taggers |
| 19 | + |
| 20 | +### Changed |
| 21 | +- Improved scan performance with buffered channels, optimized file handling, and parallel taggers |
| 22 | +- Refactored Go framework analyzers for clarity, consistency, and reduced duplication |
| 23 | +- Improved detector coverage and reduced false positives |
| 24 | +- Tightened Symfony detector heuristics |
| 25 | +- Refined JSP XML detection |
| 26 | +- Used `sarif.cr` library for SARIF output |
| 27 | +- Upgraded snapcraft base to core24 |
| 28 | + |
| 29 | +### Fixed |
| 30 | +- Fixed `--only-techs` to accept canonical tech keys |
| 31 | +- Fixed floating point exception when `ai_max_token` is 0 |
| 32 | +- Fixed JS parser false-positive routes from HTTP client calls and nested expressions |
| 33 | +- Fixed Kotlin Spring flaky test caused by non-deterministic `Dir.glob` ordering |
| 34 | +- Fixed cross-file group resolution bugs in Go analyzers |
| 35 | +- Fixed Chi mounted router parameter extraction |
| 36 | + |
5 | 37 | ## v0.28.0 |
6 | 38 |
|
7 | 39 | ### Added |
|
0 commit comments