What's Changed

✨ New Features

• Enabled TLS session caching in the client pool to improve connection reuse and reduce handshake overhead (internal) by @dwisiswant0 in #6713
• Added support for providing a custom Jira server URL (site-url) when using OAuth authentication by @Ice3man543 in #6716

🐞 Bug Fixes

• Improved duplicate issue detection by properly paginating Gitea issue searches by @leonjza in #6707
• Restored JavaScript template execution when the Port argument is not provided by @dwisiswant0 in #6709
• Added pagination support when searching for duplicate issues in GitLab by @dwisiswant0 in #6712
• Corrected an incorrect PostgreSQL execution call signature in the JavaScript engine by @Mzack9999 in #6731
• Fixed a MySQL panic caused by a missing executionId in the execution context by @dwisiswant0 in #6735
• Fixed a segmentation fault in flow execution related to hasMatchers by @dwisiswant0 in #6739

⚡ Performance Improvements

• Optimized the MergeMaps generator to reduce memory allocations by @dwisiswant0 in #6718

🔧 Maintenance

• Updated projectdiscovery/utils to v0.8.0 to fix a deadlock in httputil.ResponseChain by @dwisiswant0 in #6723
• Introduced a PowerShell integration test to improve cross-platform test coverage by @Mzack9999 in #6724
• Updated multiple Go module dependencies across two dependency refreshes by @dependabot[bot] in #6729 & #6741

Other Changes

• Updated issue and pull request templates by @dwisiswant0 in #6673
• Refactored CI workflows by @dwisiswant0 in #6728, this includes:
  • Shipping binaries with Green Tea GC enabled via GOEXPERIMENT
  • Shipping binaries built with profile-guided optimization (PGO)
  • Fixing an auto-merge workflow that never triggered
• Switched release tests to use a stable Go version by @dwisiswant0 in #6737
• Upgraded actions/download-artifact from v6 to v7 in GitHub workflows by @dependabot[bot] in #6742
• Updated compatibility checks to use a stable Go version by @dwisiswant0 in #6743

Full Changelog: v3.6.1...v3.6.2

What’s Changed

🐞 Bug Fixes

• fix(config): template exclusion logic for paths with reserved names by @dwisiswant0 in #6663
• fix(http): lost request body on retries & redirects by @dwisiswant0 in #6666
• fix(http): pass dynamicValues to EvaluateWithInteractsh by @dwisiswant0 in #6685
• fix(lib): segfault when initializing the engine with EnableHeadlessWithOpts by @dwisiswant0 in #6602
• build: fix compilation on loong64 architecture by @dwisiswant0 in #6667
• fix: enable all template types for template list and display by @dwisiswant0 in #6668
• fix(http): cache response strings to reduce memory allocations by @dwisiswant0 in #6679
• fix: body loss on retries/redirects in remaining paths by @dwisiswant0 in #6693
• fix(headless): data race when reading page history by @dwisiswant0 in #6687
• fix(update): handle empty folder edge case during template updates by @Mzack9999 in #6573

🔨 Maintenance

• chore: run goimports to format the codebase by @stringscut in #6691
• chore(deps): bump fastdialer to v0.4.20 to fix >10s delays by @dwisiswant0 in #6688
• chore(deps): bump Go modules (10 updates) by @dependabot[bot] in #6675
• chore(deps): bump Go modules (7 updates) by @dependabot[bot] in #6698
• chore(deps): bump GitHub workflows (2 updates) by @dependabot[bot] in #6699

📚 Documentation

• docs: fix typos in multiple files by @didier-durand in #6653
• docs: fix additional typos across various files by @didier-durand in #6661
• docs: typos and minor improvements by @AaryanBansal-dev in #6669

New Contributors

• @didier-durand made their first contribution in #6653
• @AaryanBansal-dev made their first contribution in #6669
• @stringscut made their first contribution in #6691

Full Changelog: v3.6.0...v3.6.1

What's Changed

✨ New Features

• Write resume file specified by flag by @circleous (#6616)
• Javascript Multi-Port Support by @pussycat0x (#6501)
• Direct fuzzing using target URL for OpenAPI/Swagger by @roiswd (#6542)
• Bump DSL with .NET deserialization helpers by @Ice3man543 (#6625)
• Implement persistent metadata cache in loader by @dwisiswant0 (#6630)
• Check for undefined params for lazy evaluation in variables by @dwisiswant0 (#6618)

🐛 Fixed

• Configure tmpDir for SDK by @AuditeMarlow (#6596)
• Skip DNS lookups on Interactsh domains by @dwisiswant0 (#6614)
• Restore parallel processing in file protocol by @dwisiswant0 (#6493)

⚙️ Changed / Improvements

• Enable BenchmarkRunEnumeration/Default benchmark by @dwisiswant0 (#6603)
• Cache Go-rod browser in CI by @dwisiswant0 (#6640)
• Apply free-disk-space check on tests by @dwisiswant0 (#6642)
• Disable stale workflow for enhancements by @dogancanbakir (#6637)
• Omit unnecessary reassignment by @ledigang (#6622)

🧹 Maintenance / Dependencies

• Bump the modules group with 6 updates by @dependabot[bot] (#6615)
• Bump actions/checkout from 5 to 6 in workflows by @dependabot[bot] (#6628)
• Bump PD modules & update httputil calls by @dependabot[bot] (#6629)
• Bump the modules group with 11 updates by @dependabot[bot] (#6646)
• Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] (#6621)
• Bump github.com/projectdiscovery/[email protected] by @dwisiswant0 (#6624)

🌱 New Contributors

• @AuditeMarlow (#6596)
• @roiswd (#6542)
• @ledigang (#6622)

Full Changelog: v3.5.1 → v3.6.0

What's Changed

• Remove genproto replace directives from go.mod by @ehsandeep in #6608

Full Changelog: v3.5.0...v3.5.1

What's Changed

🎉 New Features

• Adding json + xpath headless extractors by @Mzack9999 in #6559
• Adding VNC auth by @Mzack9999 in #6413
• Feat(templating): add vars templating into yaml inputs (ytt) by @alban-stourbe-wmx in #6261
• Feat: added new text/template syntax to jira custom fields by @Ice3man543 in #6464
• Feat(fuzz): enhance MultiPartForm with metadata APIs by @dwisiswant0 in #6486
• Feat: http(s) probing optimization by @matejsmycka in #6511
• Add option to control number of concurrent templates loaded on startup by @mielverkerken in #6373
• CheckRDPEncryption function by @pussycat0x in #6204
• SSH keyboard-interactive by @chovanecadam in #6508
• Feat(templates): add file metadata fields to parsedTemplate by @dwisiswant0 in #6534
• Add env variable for nuclei templates dir by @dogancanbakir in #6588
• Adding support for execution in docker by @Mzack9999 in #6549

🐞 Bug Fixes

• Clean up pools after 24hours inactivity by @Mzack9999 in #6545
• Using clone options for auth store by @Mzack9999 in #6572
• Path-based fuzzing SQL fix by @tarunKoyalwar in #6400
• Fix(fuzz): handles duplicate multipart form field names by @dwisiswant0 in #6404
• Don't load templates with the same ID by @dogancanbakir in #6465
• Remove the stack trace when the nuclei-ignore file does not exist by @nu11zy in #6455
• Fix: update go jira deps by @knakul853 in #6475
• Jira: hotfix for Cloud to use /rest/api/3/search/jql by @knakul853 in #6489
• Fix: improve cleanup in parallel execution by @knakul853 in #6490
• Fix headless template loading logic when -dast option is enabled by @dogancanbakir in #6495
• Fix: suppress warn code flag not found & excludes known misc dir by @dwisiswant0 in #6500
• Fix(variable): global variable not same between two request in flow mode by @iuliu8899 in #6395
• Log failed expr compilations by @dogancanbakir in #6528
• Fixing failing integration tests by @Mzack9999 in #6544
• Fix: populate req_url_pattern before event creation by @Ice3man543 in #6547
• Fix(headless): fixed memory leak issue during page initialization by @Deamhan in #6569
• Fix(templates): mem leaks in parser cache by @dwisiswant0 in #6584
• Fix(http): resolve timeout config issues by @dwisiswant0 in #6562
• Fix(charts): fixed out of bounds read by @Deamhan in #6607
• Feat 6231 deadlock by @Mzack9999 in #6469

⚡ Performance Improvements

• Perf(loader): reuse cached parsed templates by @dwisiswant0 in #6504
• Http probing optimizations high ports by @matejsmycka in #6538
• Cache, goroutine and unbounded workers management by @knakul853 in #6420
• Centralizing ratelimiter logic by @Mzack9999 in #6472

🔧 Refactoring

• Refactor to use reflect.TypeFor by @cuiweixie in #6428
• Refactored header-based auth scans not to normalize the header names by @halcyondream in #6479
• Refactor(disk): templates catalog by @dwisiswant0 in #5914

📦 Other Changes

• Test(reporting/exporters/mongo): add mongo integration test with test… by @loresuso in #6237
• Bump httpx version by @dogancanbakir in #6425
• Reporting validation by @mkrs2404 in #6456
• Code from #6427 by @Mzack9999 in #6471
• No changes message for github custom template update to INF from ERR for better logging by @zy9ard3 in #6422
• Update Go version requirement in README by @DFwJZ in #6529
• Chore(typos): fix typos by @pstoeckle in #6521
• Chore: add typos check into tests CI by @dwisiswant0 in #6533
• Revert "chore: add typos check into tests CI" by @dwisiswant0 in #6535
• Chore: preserve issue report w/ issue form by @dwisiswant0 in #6531
• Update go version in logo by @DFwJZ in #6530
• Update -tl flag by @matejsmycka in #6536

New Contributors

• @loresuso made their first contribution in #6237
• @cuiweixie made their first contribution in #6428
• @mkrs2404 made their first contribution in #6456
• @nu11zy made their first contribution in #6455
• @zy9ard3 made their first contribution in #6422
• @halcyondream made their first contribution in #6479
• @matejsmycka made their first contribution in #6511
• @mielverkerken made their first contribution in #6373
• @DFwJZ made their first contribution in #6529
• @pstoeckle made their first contribution in #6521
• @Deamhan made their first contribution in #6569
• @chovanecadam made their first contribution in #6508

Full Changelog: v3.4.10...v3.5.0

What's Changed

Other Changes

• fix: segfault in template caching logic by @dwisiswant0 in #6421

Full Changelog: v3.4.9...v3.4.10

What's Changed

Other Changes

• feat: fixed output event for skipped hosts by @Ice3man543 in #6415

Full Changelog: v3.4.8...v3.4.9

What's Changed

Features & Improvements

• Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
• Address race conditions in http.Request and MemGuardian (#6321) by @hdm
• Support concurrent Nuclei engines in the same process (#6322) by @hdm
• feat: log event for template host skipped during scanning (#6324) by @Ice3man543
• feat(code): log unavailable engines as error while validating (#6326) by @dwisiswant0
• Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility (#6348) by @stefanb
• feat: loading templates performance improvements (#6364) by @Ice3man543
• feat(fuzz): evaluate variables (#6358) by @dwisiswant0
• Enable templates for template listing and displaying (#6343) by @dogancanbakir
• Refactor: use maps.Copy for cleaner map handling (#6283) by @gopherorg

🐞 Bug Fixes

• Fix headless: variables now available in headless templates (#6301) by @alban-stourbe-wmx
• Fix lib: scans not stopping on context cancellation (#6310) by @dwisiswant0
• Fix panic from uninitialized colorizer (#6315) by @josedh
• Fix to preserve original transport for linear HTTP client (#6357) by @Ice3man543
• Fix offlinehttp: replace "-" with "_" in headers for DSL variables (#6363) by @Isaac0616
• Fix(events): correct JSON encoder type in ScanStatsWorker (#6366) by @dwisiswant0
• Fix: prevent nil pointer panic in WAF detector (#6368) by @knakul853
• Fix headless: merge extra headers (#6376) by @ysokolovsky
• Fix: prevent unnecessary template updates (#6379) by @dwisiswant0

🔨 Maintenance

• chore(deps): bump the modules group with 3 updates (#6305) by @dependabot[bot]
• chore(config): remove deprecated code and calls (#6311) by @dwisiswant0
• build(docker): bump builder image golang:1.23-alpine → golang:1.24-alpine (#6316) by @dwisiswant0
• chore: fix inconsistent function name in comment (#6338) by @jishudashen
• build(make): update template-validate commands (#6385) by @dwisiswant0
• chore(deps): bump go_modules group with 2 updates (#6388) by @dependabot[bot]
• ci(tests): migrate to golangci-lint v2 (#6380) by @dwisiswant0

New Contributors

• @josedh made their first contribution in #6315
• @hdm made their first contribution in #6296
• @gopherorg made their first contribution in #6283
• @jishudashen made their first contribution in #6338
• @stefanb made their first contribution in #6348
• @Isaac0616 made their first contribution in #6363
• @ysokolovsky made their first contribution in #6376

Full Changelog: v3.4.7...v3.4.8

What's Changed

Other Changes

• Fixed issue with go install (github.com/zmap/zgrab2 v0.2.0 => v0.1.8) by @dwisiswant0 in #6295

Full Changelog: v3.4.6...v3.4.7

What's Changed

• Fixed context leak in flow by @tarunKoyalwar in #6282

Other Changes

• fixed log level mismatch by @knakul853 in #6271
• fixed hex dump issue by @knakul853 in #6273
• fix(headless): incorrect last navigated URL by @dwisiswant0 in #6278
• refactor: use the built-in max/min to simplify the code by @xiaoxiangirl in #6272
• test(nuclei): adds multiproto benchmark test by @dwisiswant0 in #6270
• chore: update goreleaser configurations by @emmanuel-ferdman in #6280
• fix(documentation): remove extra HTML table wrappers and periods in Korean README by @1223v in #6287
• build: bump all direct modules by @dwisiswant0 in #6290

New Contributors

• @xiaoxiangirl made their first contribution in #6272
• @emmanuel-ferdman made their first contribution in #6280
• @1223v made their first contribution in #6287

Full Changelog: v3.4.5...v3.4.6