NEW FEATURES
- Added support for creating Teams and Roles.
- Added SCIM 2.0 API support for improved SSO integration which supports user and group synchronization with popular Identity Providers.
- Added IBM ALM (Jazz Team Server).
IMPROVEMENTS
- Improved access control by introducing new more granular permissions
- Improved role assignment for website groups while inviting new members
- Improved the performance of issues/allissues API endpoint.
- Added alternate email address field (if available) to the account/me API endpoint.
- Added email and SMS filter to the notification.
- Added an option to fail GitLab CI/CD build for only confirmed vulnerabilities.
- Added Organization field to GitHub issue tracking integration.
- Added an option to fail Azure Pipelines build for only confirmed vulnerabilities.
- Prettified the outputs printed by Azure Pipelines, GitLab, and UrbanCode deploy CI/CD integrations.
- Added support for committing changes on the tag editors with the TAB key.
- Updated YouTrack issue tracker integration to use the new API.
- Improved Splunk integration by sending the issue updates without requiring a new scan.
- Improved the performance of the Technology Dashboard.
- Improved the performance of the scans/report endpoint.
- Updated the look and feel of emails sent.
- Added Known Issues information to issues while sending to Kenna.
- Improved the performance of PCI scan reports.
- Added links to CVE IDs on reports.
- Issue notes are added to reports which are exported.
- Added an option to trigger user-defined notifications even for cases in which a user who configured the notification did not launch the scan.
- Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
- Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
- Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
- Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
- Extended the range of digits that can be entered for HOTP and TOTP configuration.
- Improved data validation for email addresses.
- Added the Web Storage Exclusion to Ignored Parameters in the Scan Policy.
Deprecated APIs
- The following APIs have been deprecated:
Deprecated APIs |
What to use instead |
/api/1.0/teammembers/new |
Renamed to /api/1.0/members/newinvitation |
/api/1.0/teammembers/list |
Renamed to /api/1.0/members/list
The request model has not changed, but the UserListApiResult response model has been replaced with MemberApiModelListApiResult. |
/api/1.0/teammembers/get |
Renamed to /api/1.0/members/get
The request model has not changed but UserApiModel response model has been replaced with MemberApiModel |
/api/1.0/teammembers/getbyemail |
Renamed to /api/1.0/members/getbyemail
The request model has not changed but UserApiModel response model has been replaced with MemberApiModel |
/api/1.0/teammembers/update |
Renamed to /api/1.0/members/update
The request model has changed slightly; the response model is different. |
/api/1.0/teammembers/delete |
Renamed to /api/1.0/members/delete
Only the endpoint is changed; request and response are the same. |
/api/1.0/teammembers/gettimezones |
Renamed to /api/1.0/members/gettimezones
Only the endpoint is changed; request and response are the same |
/api/1.0/teammembers/getapitoken |
Renamed to /api/1.0/members/getapitoken
Only the endpoint is changed; request and response are the same |
FIXES
- Fixed an unhandled error that occurs while deleting scans.
- Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
- Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
- Fixed the incorrect API documentation of roles/listpermissions endpoint.
- Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
- Fixed missing state field on the member API endpoint.
- Fixed the incorrect email displayed on the audit log when a failed login attempt is logged.
- Fixed a bug where a team with the same name tried to be provisioned when SCIM integration is used with SSO providers.
- Fixed the team member APIs by adding the missing CreatedAt field.
- Fixed an issue where some users with the default View Reports rule cannot see the global dashboard page.
- Fixed a memory leak happens while generating PDF reports.
- Fixed a bug preventing sending PDF and HTML reports via notifications.
- Fixed a NullReferenceException thrown while calling the scans/new API endpoint.
- Fixed an error occurs when a website that has tagged issue is deleted.
- Fixed a page loading issue on the authentication verifier.
- Fixed the clipped user interface elements on the New User Mapping page when the page widths get narrow.
- Fixed an issue where the Exclude Authentication Page checkbox does not get updated.
- Fixed the overlapping logo on reports.
- Fixed an issue where incremental scans started from CI/CD integrations are using the default profile if there are no scans performed to that website previously.
- Fixed the Not Found error displayed while testing notifications for Azure Boards integration.
- Fixed the empty PCI report issue.
- Fixed random HTTP 500 error thrown from scans/report API endpoint.
- Fixed missing agent groups when queried using agentgroups/list API endpoint.
- Fixed an issue where old VDB results are displayed on the known issues tab.
- Fixed a NullReferenceException.
- Fixed connection timeout issues.
- Fixed an issue where an exception was thrown if the agent Helper Service is set to use a different port on Linux machines.
- Fixed an issue where the issues of a custom security check are incorrectly listed under a different vulnerability on reports.
- Fixed a scan stuck issue.
- Fixed scans failing on some systems while scanning TLS 1.3 websites.
- Fixed an issue where incorrect scan profiles and policies were used while performing group scans.
- Fixed an issue where the State field of an issue is converted to a numeric value when the state of a revived issue is set to some other state through API.
- Fixed an issue where an incorrect Affected Version value is reported for an out-of-date vulnerability.
- Fixed an issue where editing a scheduled scan displays incorrect scan policy, report policy, and agent data.
- Fixed an issue where a custom vulnerability profile data of a report policy is not retrieved correctly when called from vulnerability/template API endpoint.
- Fixed the missing LastLoginDate field by adding it back to member API call responses.
- Fixed pipeline script in Jenkins where two installed scripts do not work together.
- Fixed notification grouping for persons that are outside of the organization.
- Fixed integration links under the Continous Integration System in the New Integration page.
- Fixed the Linux Auto Updater Version Checking.
- Fixed SSO login conditions.
- Fixed a bug that prevents editing report policies.
- Fixed a bug that the SSO email field appears although the Alternate Email is not selected.
- Fixed a bug that prevents some users from tagging issues.
Update to the new version
If you want to update the latest version of Acunetix 360 On-Premises, see
Updating Acunetix 360 On-Premises.