Merge pull request #638 from yogeshojha/release/1.2.0

Release/1.2.0

.github/SECURITY.md

@@ -7,7 +7,7 @@ Thank you for your interest in reporting vulnerabilities to reNgine! If you are
 
 **Please do not disclose any vulnerabilities via Github Issues/Blogs/Tweets after/before reporting on huntr.dev as it is explicitly against huntr.dev and reNgine disclosure policy and will not be eligible for monetary rewards.**
 
-Please note that the maintainer of reNgine does not determine the bounty amount. 
+Please note that the maintainer of reNgine does not determine the bounty amount.
 The bounty reward is determined by industry-first equation from huntr.dev to understand the popularity, impact and value of repositories to the open source community.
 
 **What do we expect from security researchers?**
@@ -26,11 +26,45 @@ Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure pol
 
 ## Past Security Vulnerabilities
 
-* [Stored XSS](https://github.com/yogeshojha/rengine/issues/178) on Detail Scan Page via Page Title Parameter, Reported by [omemishra](https://github.com/omemishra)
+Thanks to these individuals for reporting Security Issues in reNgine.
+
+### 2022
+
+* [HIGH] [Blind command injection](https://huntr.dev/bounties/b255cf59-9ecd-4255-b9a2-b40b5ec6c572/) in CMS Detector, Reported by [Abdulrahman Abdullah](https://github.com/ph33rr)
+
+* [HIGH] [Command Injection](https://huntr.dev/bounties/00e10ef7-ff5e-450f-84ae-88c793d1a607/) in via Proxy, Reported by [Koen Molenaar](https://github.com/k0enm)
+
+* [HIGH] [Command Injection](https://huntr.dev/bounties/7f1f9abb-a801-444d-bd58-97e1c0b2ddb9/) in via YAML Engine, Reported by [Koen Molenaar](https://github.com/k0enm) and [zongdeiqianxing](https://github.com/zongdeiqianxing)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/dfd440ba-4330-413c-8b21-a3d8bf02a67e/) on Import Targets via filename, Reported by [Veeshraj Ghimire](https://github.com/V35HR4J)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/8ea5d3a6-f857-45e4-9473-e4d9cb8f7c77/) on HackerOne Markdown template, Reported by [Smaran Chand](https://github.com/smaranchand) and [Ayoub Elaich](https://github.com/sicks3c)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/6e2b7f19-d457-4e05-b2d5-888110898147/) via Scan Engine Name, Reported by [nerrorsec](https://github.com/nerrorsec)
+
+* [LOW] [HTML Injection](https://huntr.dev/bounties/da2d32a1-8faf-453d-8fa8-c264fd8d7806/) in Subscan, Reported by [nerrorsec](https://github.com/nerrorsec)
+
+
+### 2021
+* [LOW] [Stored XSS](https://github.com/yogeshojha/rengine/issues/178) on Detail Scan Page via Page Title Parameter, Reported by [omemishra](https://github.com/omemishra)
+
+* [LOW] [Stored XSS](https://github.com/yogeshojha/rengine/issues/347) on Vulnerability Scan page via URL Parameter, Reported by [Arif Khan, payloadartist](https://twitter.com/payloadartist)
+
+* [LOW] Several Instances of XSS in reNgine 1.0 (#460, #459, #458, #457, #456, #455), Reported by [Binit Ghimire](https://github.com/TheBinitGhimire)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/ac07ae2a-1335-4dca-8d55-64adf720bafb/) on GF Pattern via filename, Reported by [nerrorsec](https://github.com/nerrorsec)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/0f8de2a4-7590-48f1-a5af-1e2cab9f6e85/) on Delete Scheduled Task via Scan Engine Name, Reported by [nerrorsec](https://github.com/nerrorsec)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/693a7d23-c5d4-448e-bbf6-50b3f0ad8544/) on Target Summary via Todo, Reported by [TheLabda](https://github.com/thelabda)
+
+* [LOW] [Stored XSS](https://huntr.dev/bounties/81c48a07-9cb8-4da8-babc-28a4076a5e92/) on Nuclei Template Summary via maliclous Nuclei Template, Reported by [Walleson Moura](https://github.com/phor3nsic)
+
+* [MEDIUM] [Path Traversal/LFI](https://huntr.dev/bounties/5df1a485-7a1e-411d-9664-0f4343e8512a/), reported by [Koen Molenaar](https://github.com/k0enm)
+
+
 
-* [Stored XSS](https://github.com/yogeshojha/rengine/issues/347) on Vulnerability Scan page via URL Parameter, Reported by [Arif Khan, payloadartist](https://twitter.com/payloadartist)
 
-* Several Instances of XSS in reNgine 1.0 (#460, #459, #458, #457, #456, #455), Reported by [Binit Ghimire](https://github.com/TheBinitGhimire)
 
 **reNgine thanks the following people for making a responsible disclosure and helping the community make reNgine safer!**
 

CHANGELOG.md

@@ -1,6 +1,25 @@
 # Changelog
 
-## 🏷️ 1.1 [Current Release]
+## 1.2.0
+**Release Date: May 27, 2022**
+
+### Added
+
+- Naabu Exclude CDN Port Scanning
+- Added WAF Detection
+
+### Fixes
+
+- Fix #630 Character Name too Long Issue
+- [Security] Fixed several instances of Command Injections, CVE-2022-28995, CVE-2022-1813
+- Hakrawler Fixed - #623
+- Fixed XSS on Hackerone report via Markdown
+- Fixed XSS on Import Target using malicious filename
+- Stop Scan Fixed #561
+- Fix installation issue due to missing curl
+- Updated docker-compose version
+
+## 🏷️ 1.1.0
 **Release Date: Apr 24, 2022**
 
 - Redeigned UI