Historie doplňku YetAnotherBrowserExtension - 5 verzí
YetAnotherBrowserExtension od ONSEC
Historie doplňku YetAnotherBrowserExtension - 5 verzí
Se starými verzemi opatrně! Tyto verze jsou zde dostupné jen pro testovací a referenční účely.Používat byste vždy měli nejnovější verzi doplňku.
Nejnovější verze
Verze 1.4
Vydáno 20. dub 2026 – 97,87 KBFunguje s: firefox 126.0 a novějšíRelease Notes - v1.4
Highlights
Major release expanding the extension from a basic secret scanner into
a full-featured security toolkit with severity classification, smart
validation, live key verification, and persistent false-positive
management.
New Features
Severity & Classification
- Severity levels for every finding: critical, high, medium, low, info.
- Color-coded severity badges with filtering in the Findings UI.
Active API Key Verification
- Live verification of detected keys via real HTTP requests.
- Supports 10 providers: Google, GitHub, GitLab, Slack, Stripe,
SendGrid, Telegram, npm, Cloudflare, and more.
- Automatic severity upgrade to "high" on confirmed-valid keys.
- Rate-limited to avoid provider throttling.
- Per-finding Verify button and status badges.
LLM-Based Validation
- OpenAI-compatible API integration for intelligent false-positive
detection.
- Configurable endpoint, model, and API key (stored securely).
- Auto-validate new findings or validate on demand (single / bulk).
- Connection test button in Settings.
Heuristic Pre-Filter
- Catches placeholder values, low-entropy strings, and documentation
examples before storing findings. Toggleable in Settings.
False-Positive Allowlist
- Persistent suppression of known false positives across re-scans.
- Per-origin or global scope.
- Manual mark as false-positive / confirmed from the Findings UI.
- Bulk delete, export, and import of the allowlist.
In-Tab Alerts
- Replaced OS notifications with in-tab JavaScript alerts.
- Configurable minimum severity threshold.
- 1-hour deduplication per origin.
AI / LLM Context File Scanning
- Active probes for AGENTS.md, CLAUDE.md, llms.txt, .cursor/, .claude/,
and other AI-related exposure points.
Detection Expansion- Pattern count: 35 -> 99 (95 secrets + 4 vulnerabilities).
- New providers: ElevenLabs, DeBounce, Square (prod and sandbox),
Discord (Bot token and Webhook), Cloudinary, Databricks, Instagram,
Contentful, Postman, Figma, Airtable, Flutterwave, Razorpay, HubSpot,
Pulumi, Age encryption keys, Artifactory, Branch.io, Sentry DSN, New
Relic, Algolia, Supabase (multiple key types), GitHub Fine-Grained
PAT, Google Service Account JSON, AWS Session Tokens, and DB
connection strings (MongoDB, PostgreSQL, Redis, MySQL). - Vulnerability detection skipped for JS files to reduce noise.
Improvements- Wildcard support in origin deny list at any position
(e.g. .domain.com, .gov., app.example.com). - .gov. added to the default deny list.
- Rescan disabled on extension and denied pages.
- Lazy pattern compilation for improved performance.
- Debug Mode page showing cached origins and live settings.
Fixes- Fixed browser notifications handling.
- Multiple stability and correctness improvements.
Zdrojový kód zveřejněn pod licencí Všechna práva vyhrazena
Starší verze
Verze 1.1.3
Vydáno 4. úno 2026 – 73,52 KBFunguje s: firefox 126.0 a novějšív1.1.3 - add Supabase Key detection and optional JWT detect toggleZdrojový kód zveřejněn pod licencí Všechna práva vyhrazena
Verze 1.1.2
Vydáno 26. pro 2025 – 73,34 KBFunguje s: firefox 126.0 a novější- Improve JS file detection
- Fix popup showing "Scanning" when findings already exist
- Change default origin cache expiration: 1h → 24h
- Deduplication: Now uses type+match only
- Skip content script on about: and chrome: pages
- Fix popup for about: pages (origin returns "null" string)
- Add isSpecialPage() and isOriginInDenyList() helpers
Zdrojový kód zveřejněn pod licencí Všechna práva vyhrazena
Verze 1.1.0
Vydáno 25. pro 2025 – 70,55 KBFunguje s: firefox 126.0 a novější• Added Debug Console for troubleshooting
• Reduced false positives on JavaScript files
• Improved scanning status feedback
• Fixed various UI bugsZdrojový kód zveřejněn pod licencí Všechna práva vyhrazena
Verze 1.0.0
Vydáno 2. lis 2025 – 68,07 KBFunguje s: firefox 126.0 a novějšíZdrojový kód zveřejněn pod licencí Všechna práva vyhrazena