This issue will serve as the final tracker as we push towards a 3.0 release. ## Required PRs - [x] #3186 - Verify SSL for infrastructure by default (not target traffic) - [x] #3182 - aspnet_bin_exposure: concurrent probes + bump module threads - [x] #3180 - paramminer: dedup by endpoint + param keys, not full URL string - [x] #3179 - Add content-based dedup for modules - [x] #3166 - Webbrute rework: HttpCompare baseline + defensive layers - [x] #3164 - Add HTTP wildcard host detection - [x] #3128 - Add 2.x → 3.0 migration guide - [x] #3124 - crt/crt_db error handling - [x] #2993 - Rewrite vhost module as virtualhost with native blasthttp - [x] #3186 - [x] #3196 - [x] #3210 - [x] #3213 - [x] #3208 - [x] #3207 ## Required Issues - [x] #3146 - output_modules override behavior is confusing - [x] #2137 - [x] #3203 - [x] #3215 ## Other Required Items - [x] Publicly release blasthttp - [x] Add/audit documentation - [x] Prepare blog post - [x] Changelog / release notes / finalize Migration Guide - [x] Docker image testing - [x] Final Version E2E testing ## Nice to Have PRs - [x] #3145 - http: add 429 rate-limit handling with host-level cooldowns - [x] #3082 - shodan_idb: enrich CVE findings with severity and CVSS - [x] #2994 - Add waf_bypass module for WAF bypass detection
This issue will serve as the final tracker as we push towards a 3.0 release.
Required PRs
Required Issues
multiprocessing.Poolworker zombie processes #3203Other Required Items
Nice to Have PRs