Changes in 3.1.1
==============

Improvement:
- Add URL encoder/decoder in "Tools|Hash/Encoding..." to ease testing.
  Also changed the Encode dialog to non-modal.
- performance in reading HTTP header.
- Add a 'Comment' panel in Log Analyzer to show comments (with patterns "<!--...-->", "/*...*/" and "//..." )
- Add a 'Script' panel in Log Analyzer to show scripts (with pattern <script..>..</script>)
- Add two filters 'ReplaceRequestHeader' and 'ReplaceRequestBody' to replace text in HTTP requests.
- renamed cookietampering to CRLFInjection to better describe the test case.

Fix:
- solved a bug when SQL check will use tampered query string for body paramters.
- solved a bug where the report may be generated before the last scan thread ends.
- modified 'CookieDetectFilter' filter to handle mutiple Set-Cookie lines in header.

Changes in 3.1
==============

New:
- Revamp correlated request and response log viewing using a list.
  By clicking the 'URL' list the corresponding request and response will be displayed.
- Add Advance log viewer which allow easy browsing and filtering of log.  Offline scan supported.
- Log all request and response into flat file (project/session_request.log and project/session_response.log)
- Generate scanning report generated in HTML with risk ranking, description and solutions.  Reliability is indicated as warning or suspicious check.
- Support scanning stop.
- Add SSL Cipher suite check.
- Add Cookie tampering check (CRLF injection).
- Add buffer overflow check.
- Add Session ID potential exposure in referer.
- Add Session ID locate (informational only)
- Add set-cookie check (informational only)
- Add server header capture (informational only)
- Add platform disclosure in comment check (informational only)
- Add WebDAV check in HttpMethods.
- Support modify number of scanner threads in Options.


Fix:
- solved occasional infinite loop problem when HTTP 1.1 chunked encode is in use.
- solved analyser consume lots of CPU time.
- solved spider bugs which may not be scanned in the tree.
