v4.0.1
# BRS-KB v4.0.1
**Release Date:** 2026-01-10
## Critical Fixes
### JavaScript String Breakout Detection
- Added 14 new reverse map patterns to accurately identify JavaScript string breakout payloads (e.g., `');alert('`)
- These payloads now correctly return `severity: critical` instead of `low`
### DOM XSS Eval Sink Classification
- New `dom_xss_eval` context for JavaScript execution sinks (`eval()`, `setTimeout()`, `setInterval()`, `new Function()`)
- CVSS 9.0 (CRITICAL) - equivalent to direct JavaScript context injection
- Fixes incorrect severity for vulnerabilities
## Database Expansion
- **Payloads:** 4,215 → 4,931 (+716, +17%)
- **Contexts:** 151 → 169 (+18, +12%)
- **WAF Bypasses:** 1,934 → 1,999 (+65, +3.4%)
- **Reverse Map Patterns:** 28 → 62 (+34, +121%)
## New Content
### Contexts (+18)
- **Web3:** Wallet XSS, IPFS Gateway
- **Cloud:** Kubernetes Dashboard, Cloud Admin Panels
- **AI/ML:** LLM Indirect Injection, TensorBoard
- **Industrial:** SCADA HMI, ERP Business Logic
- **Modern Web:** SSR Hydration Mismatch, Micro-Frontend Module Federation
- **Desktop/Mobile:** WebView2, Browser Extensions
- **Media:** EPUB Readers, HbbTV (Smart TV)
- **Other:** CSV Injection, Supply Chain Registry, Voice (SSML)
### Payloads (+716)
- **Web3:** NFT metadata XSS, wallet injection vectors
- **SCADA/ICS:** HMI-specific payloads (200+ variants)
- **ERP:** SAP UI5, Salesforce Lightning, Oracle APEX
- **AI/ML:** TensorBoard, Jupyter, MLflow visualizers
- **Supply Chain:** NPM, PyPI, RubyGems metadata injection
- **Research:** Lodash/jQuery gadget chains, Mutation XSS (mXSS)
- **Techniques:** Length-restricted payloads (20-50 chars), advanced polyglots
## Metadata Completeness: 100%
All payloads now have:
- Description
- Tags (2+ per payload)
- Browser Support
- CVSS Score
- Reliability Rating
- Context Mapping
Auto-generation implemented for missing metadata fields.
## Legal and Ethics
- Added `LEGAL.md` - Terms of use and legal notice
- Added `ETHICS.md` - Ethical guidelines for responsible use
## Infrastructure
- Removed hardcoded version strings across codebase
- Dynamic version from `brs_kb/version.py`
- Updated CI/CD templates
## Installation
```bash
pip install --upgrade brs-kbLinks
- API: https://brs-kb.easypro.tech/api/v1
- Docs: https://brs-kb.easypro.tech/docs.html
- PyPI: https://pypi.org/project/brs-kb/
- Telegram: https://t.me/EasyProTech
Full Changelog: v4.0.0...v4.0.1