Skip to content

Update nuclei to 3.4.8#2623

Closed
blsaccess wants to merge 1 commit intodevfrom
update-nuclei
Closed

Update nuclei to 3.4.8#2623
blsaccess wants to merge 1 commit intodevfrom
update-nuclei

Conversation

@blsaccess
Copy link
Contributor

@blsaccess blsaccess commented Aug 22, 2025

This PR uses https://api.github.com/repos/projectdiscovery/nuclei/releases/latest to obtain the latest version of nuclei and update the version in bbot/modules/nuclei.py."

Release notes:

What's Changed

Features & Improvements

  • Remove singletons from Nuclei engine (continuation of #6210) (#6296) by @hdm
  • Address race conditions in http.Request and MemGuardian (#6321) by @hdm
  • Support concurrent Nuclei engines in the same process (#6322) by @hdm
  • feat: log event for template host skipped during scanning (#6324) by @Ice3man543
  • feat(code): log unavailable engines as error while validating (#6326) by @dwisiswant0
  • Bump github.com/bytedance/sonic to v1.14.0 for Go 1.25 compatibility (#6348) by @stefanb
  • feat: loading templates performance improvements (#6364) by @Ice3man543
  • feat(fuzz): evaluate variables (#6358) by @dwisiswant0
  • Enable templates for template listing and displaying (#6343) by @dogancanbakir
  • Refactor: use maps.Copy for cleaner map handling (#6283) by @gopherorg

🐞 Bug Fixes

🔨 Maintenance

New Contributors

Full Changelog: projectdiscovery/nuclei@v3.4.7...v3.4.8

@liquidsec
Copy link
Collaborator

liquidsec commented Aug 22, 2025 

[INFO] nuclei: [WRN] Found 1 templates with syntax error (use -validate flag for further examination)
[INFO] nuclei: [WRN] Found 1 templates with runtime error (use -validate flag for further examination)
[DBUG] nuclei: Failed to decode line: [WRN] Loading 203 unsigned templates for scan. Use with caution.
[INFO] nuclei: [INF] Current nuclei version: v3.4.8 (unknown) - remove '-duc' flag to enable update checks
[INFO] nuclei: [INF] Current nuclei-templates version: v10.2.7 (unknown) - remove '-duc' flag to enable update checks
[INFO] nuclei: [INF] New templates added in latest release: 55
[INFO] nuclei: [INF] Templates loaded for current scan: 8263
[INFO] nuclei: [INF] Executing 8060 signed templates from projectdiscovery/nuclei-templates
[INFO] nuclei: [INF] Targets loaded for current scan: 1
[INFO] nuclei: [INF] Automatic scan tech-detect: Templates clustered: 470 (Reduced 444 Requests)
[INFO] nuclei: [INF] Executing Automatic scan on 1 target[s]
[INFO] nuclei: panic: runtime error: invalid memory address or nil pointer dereference
[INFO] nuclei: [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x20c0cc6]
[INFO] nuclei: 
[INFO] nuclei: goroutine 28209 [running]:
[INFO] nuclei: github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).ExecuteWithResults(0xc00008ceb0?, 0xc0218f4960)
[INFO] nuclei: 	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:287 +0x126
[INFO] nuclei: github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates.func1(0xc0168acb08)
[INFO] nuclei: 	github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:304 +0x1aa
[INFO] nuclei: created by github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan.(*Service).getTagsUsingDetectionTemplates in goroutine 22012
[INFO] nuclei: 	github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/automaticscan/automaticscan.go:260 +0x106

we will definitely hold off on this version....

@liquidsec
Copy link
Collaborator

liquidsec commented Aug 22, 2025

version is broken

@liquidsec liquidsec closed this Aug 22, 2025
@hdm
Copy link

hdm commented Aug 22, 2025
edited
Loading

Hi folks! I'm one of the people who worked on the Executer option changes in this release and we've been running this in production for a few weeks. I'll flag this to the PD team and see if we can figure out why your test fails when the rest of us haven't reprod.

@liquidsec
Copy link
Collaborator

liquidsec commented Aug 22, 2025
edited
Loading

@hdm

Hi folks! I'm one of the people who worked on the Executer option changes in this release and we've been running this in production for a few weeks. I'll flag this to the PD team and see if we can figure out why your test fails when the rest of us haven't reprod.

Hi, I haven't tried 3.4.9 yet(3.4.9 also affected), but for 3.4.8 was able to easily cause the error just by just using the --automatic-scan option

image

@liquidsec
Copy link
Collaborator

liquidsec commented Aug 22, 2025
edited
Loading

@hdm I was actually about to open an issue over there - then i noticed there was a new version out, so i started our pipeline with it to see if the issue had already been resolved in that version. Looks like its still present.

projectdiscovery/nuclei#6417

@hdm
Copy link

hdm commented Aug 22, 2025

@liquidsec thanks and yes please!

@aconite33
Copy link
Contributor

aconite33 commented Aug 22, 2025

@liquidsec thanks and yes please!

projectdiscovery/nuclei#6417 Issue created.

also, hi HDM.

@hdm
Copy link

hdm commented Aug 24, 2025

thank you @dwisiswant0 for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TheTechromancer TheTechromancer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@blsaccess @liquidsec @hdm @aconite33 @TheTechromancer