New features
- Added CVSS 4.0 categorization of vulnerabilities
- Added support for PCI DSS 4.0
New security checks
Improvements
- Added descriptions to the agent warning messages on the Scan Summary page
- Updated messaging around the functionality of the Team Administrator role
- Improved the request body rating algorithm
- Improved the Postman collection parsing algorithm
- Improved the vulnerability calculator for Boolean MongoDB
- Resolved an issue with adding a client certificate to set up a scan
Fixes
- Fixed a bug that was preventing customers from adding back previously deleted targets
- Increased character length for the Jira and Snow integration URL validation regex to ensure it accommodates Top-Level Domains (TLDs)
- Paused scheduled scans that were resuming automatically will now remain paused until manually resumed
- Removed the previous limit on the number of supported second-level domains in the Discovery feature
- Fixed an error that was occurring when updating an issue from Fixed (confirmed) to Accepted Risk status
- Fixed discrepancies in the numbers displayed on the Dashboard
- Fixed an issue with the agent auto-updater
- Fixed a behavioral issue with the SSO login process
- Added a missing control for SSO users while editing members
- Fixed a bug in the communication between Acunetix 360 and ServiceNow
- Fixed a bug that was preventing administrators from creating new notifications or editing built-in notifications
- Fixed an issue that was causing verifiers to not use scan policy proxy settings
- Fixed an auth verifier client certificate authentication path error
- Fixed the Invicti crawler that wasn't getting JS endpoints correctly
- Resolved issues with importing API documentation from a link
- Fixed a bug in the Jenkins plugin that was causing the 'Stop The Scan When Build Fails' option to not work correctly
- Fixed insecure Windows service permissions that were vulnerable to privilege escalation attacks