- The
go/cookie-http-only-not-setquery has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa. - A new query
go/cookie-secure-not-sethas been added to detect cookies without theSecureflag set. - Added a new query,
go/weak-crypto-algorithm, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an experimental query by @dilanbhalla. - Added a new query,
go/weak-sensitive-data-hashing, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.