Changelogs

Acunetix 360 On-Demand

RSS Feed

v25.2.0 - 13 Feb 2025

This release includes new features, improvements, and resolved issues.

New features

  • Added single-tab crawling for websites that do not allow multiple-tab browsing
  • Upgraded the Shortcut integration API endpoint to v3

    Improvements

    • Added Customizations folder to the Agent Output folder
    • Removed Feature flag and implementation for ‘INV-5855-HashiCorp-Vault-TLS-certificate-authentication-support-enabled’ flag
    • Improved the performance of searching by profileName on the Scan-Index page

    Resolved issues

    • Updated APIHub npm package to the latest version
    • Resolved scan authentication issues for multiple pages
    • Resolved issues related to screenshots and login processes
    • Fixed Dashboard Widget Active Issue is empty when selecting a specific target
    • Fixed the problem of reverting vulnerability in issue update endpoint to default
    • Fixed removes preferred agent group in update-scheduled API endpoint
    • Fixed an auto-update issue for Verifier Agent
    • Added control for URLs that should not be included in the scope
    • Upgraded the Shortcut (Clubhouse) integration
    • Resolved an issue caused by the Chromium version update by updating Chromium dependencies for the Linux operating system. Refer to the updated scripts to install the required dependencies for Headless Chrome. (Read more)

    v25.1.2-HF - 30 Jan 2025

    Improvements API specifications from sub-organizations in Mulesoft are now synchronized into API Inventory Resolved issues Improved performance of the All Issues page

    Improvements

    • API specifications from sub-organizations in Mulesoft are now synchronized into API Inventory

    Resolved issues

    • Improved performance of the All Issues page

    v25.1.1 - 28 Jan 2025

    New features Improved support for handling gRPC multiple proto imports in the Agent and in the engine New security checks Added detection of cookieconsent2 as a technology in the Vulnerability Database (VDB) Improvements Added pull commands for Docker and OpenShift to the New Agent page...

    New features

    • Improved support for handling gRPC multiple proto imports in the Agent and in the engine

    New security checks

    • Added detection of cookieconsent2 as a technology in the Vulnerability Database (VDB)

    Improvements

    • Added pull commands for Docker and OpenShift to the New Agent page

    • Added the SourceType field to the New Issues API endpoint

    • Enhanced agent mode to better distinguish between verifier and scanner agents
    • Added the ability to replace placeholders in the browser for Authorization Headers
    • Improved report template of JWT Signature is not verified vulnerability

    Resolved issues

    • Resolved an issue where file upload events using LSR/BLR in React forms failed to propagate to body-level listeners

    v25.1.0 - 14 Jan 2025

    New Features Clicking on the scheduled scan icon in the scan summary screen now redirects you to the Recent Scans page with a filtered view, improving navigation and access to relevant scan details Implemented an integration that automatically retrieves the latest Container security results from...

    New Features

    • Clicking on the scheduled scan icon in the scan summary screen now redirects you to the Recent Scans page with a filtered view, improving navigation and access to relevant scan details

    • Implemented an integration that automatically retrieves the latest Container security results from Mend when a DAST scan is initiated

    Improvements

    • Fixed an issue on the 2FA page where the code text field was not automatically focused upon page load
    • Introduces a configurable retention period for HTTP log files, allowing Root users to specify the number of days before log
    • Implemented a restriction to prevent the modification of the Vulnerability Signature Type
    • Enhanced the UI to highlight the menu when API Hub specifications are linked to a scan profile, making it easier for users to identify associated profiles
    • Updated Chromium from version 121 to version 131 for enhanced performance and compatibility
    • Enhanced detection accuracy for Weak Ciphers Enabled by analyzing false positives
    • Administrators can now assign Agent Groups to Teams for greater control over agents and the teams that can use them. Learn more.

    Resolved issues

    • Corrected OTP configuration attachment to personas, ensuring separate secrets and preventing shared changes
    • Resolved issue where the internal agent service stopped after being disabled in the UI. The service now remains active even when the agent is disabled from the web application
    • Updated the SharedAssemblyInfo file to reflect the correct copyright details
    • Fixed an issue where a disabled scan was inadvertently running, leading to an outage
    • Fixed a bug where users were unable to update the website name longer than 40 characters
    • Fixed an issue where the Invicti REST API did not return errors when importing an invalid definition file
    • Resolved the “Internal Server Error” encountered on the Invicti scans/report API endpoint after enabling the “Prevent any sensitive information showing within the product” setting
    • Fixed an issue where the issue state was inadvertently removed when a user, without permission to update the state, added a note to the issue
    • Fixed an issue where the “Notification Settings” hyperlink in notification emails was redirecting incorrectly
    • Resolved the issue where the Agent Verifier was encountering errors when using certificates in a Linux environment
    • Fixed an issue where duplicate tickets were being created in ServiceNow due to integration error
    • Fixed an issue where the severity trend chart was not rendering correctly on the individual website dashboard
    • Node.js v6 has reached its End of Life (EOL), and support for this version has been removed from Azure Pipelines
    • Resolved a coverage issue where the login page reappeared during scans

    v24.12.1 HF (MEND) - 07 Jan 2025

    This update did not include changes to the internal agents. Improvements Added new ‘/issues’ endpoint to return all issues with sorting and filtering options Fixes Fixed an issue that prevents Scheduled Scans to be updated and Scan results to be imported

    This update did not include changes to the internal agents.

    Improvements

    • Added new ‘/issues’ endpoint to return all issues with sorting and filtering options

    Fixes

    • Fixed an issue that prevents Scheduled Scans to be updated and Scan results to be imported

    v24.12.1 - 12 Dec 2024

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.1. The internal authentication verifier agent’s current version is 24.12.1. New feature A connector for Mend SCA now available Improvements Added new paths to forced browsing Updated the vulnerability template...

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.1. The internal authentication verifier agent’s current version is 24.12.1.

    New feature

    • A connector for Mend SCA now available

    Improvements

    • Added new paths to forced browsing
    • Updated the vulnerability template for the Internal Server Error vulnerability
    • Improved Insecure HTTP Usage detection
    • Improved retry operations to prevent JSONSerializer errors following archiving failures
    • Removed support email addresses from the product
    • Removed cancelled and failed scans after 90 days

    Fixes

    • Fixed an issue in Mulesoft integration where child organizations were not syncing properly
    • Fixed an issue with ServiceNow integrations causing authentication errors by suspending the affected integrations
    • Fixed an issue where JSON responses were incorrectly formatted
    • Fixed an issue where scans failed with a “Failed – Agent is unavailable” error at the end of the scan
    • Fixed an issue where Invicti detected vulnerabilities in multiple parameters of the same URL but didn’t report them due to the vulnerability family mechanism

    v24.12.0 - 03 Dec 2024

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0. New Features API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more  New Security Checks Added...

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0.

    New Features

    • API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more 

    New Security Checks

    • Added detection of Google Tag Manager as a technology in the Vulnerability Database (VDB)

    Improvements

    • Enhanced security to prevent customer login information from being written in clear text
    • OpenSSL configuration (openssl.cnf) updated for Docker compatibility
    • Added new filter in Recent Scans page for Agent Mode in order to distinguish between Internal and Cloud agents
    • Revised field descriptions in the Swagger model documentation to accurately reflect the use of the RequiredIf attribute
    • Improved analysis and remediation capabilities for [Possible] Server-Side Template Injection vulnerabilities

    Fixes

    • Resolved a breaking change in .NET 8’s System.Net.Security.UseManagedNtlm by upgrading from Ubuntu 22.04 to Ubuntu 24.04, where the issue was addressed. The Agent was updated to .NET 8.
    • Fixed an issue where Retest-type scans did not identify the same vulnerabilities detected during full scans
    • Fixed high CPU usage in some agents caused by Chromium
    • Scans attempting to run with Agent Group without any agents will result correctly in failure instead of queue
    • Fixed an issue that was preventing users from accessing a Scan Policy
    • Fixed an issue where the Misconfigured Access-Control-Allow-Origin Header vulnerability was not detected
    • Improved detection of the [Possible] Password Transmitted over Query String vulnerability

     

    v24.11.0 - 12 Nov 2024

    This release includes new features and security checks, improvements, and bug fixes.

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.11.0. The internal authentication verifier agent’s current version is 24.11.0.

    New Features

    • API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

    New Security Checks

    • Added a check for applications performing certificate name validation to prevent reading invalid memory addresses (CVE-2024-6119)

    Improvements

    • Updated the AuthVerificationService from .NET 6.0 to .NET 8.0

    Fixes

    • Fixed an issue with missing links in imported files that were sent from the API Inventory to the agent
    • Fixed an issue where target names longer than 40 characters were not being truncated as expected on the Create New Target page
    • Fixed an issue where the “Download HTTP Request Logs” button triggered an error while a scan was in progress
    • Fixed an issue where user names containing the character “ä” could not be added
    • Fixed an issue with the scan data retention period for raw scan files that was not working as expected
    • Fixed missing scan completed notifications with report attachments
    • Fixed an issue where adding more than one name to a Notification’s Excluded Recipients would remove the other users from all other notifications
    • Fixed an issue where the verifier agent could not read or apply custom proxy settings from the appsettings.json file
    • Fixed an issue where uploading a .proto file caused a “No links found in the file” error
    • Fixed missing request/response details for some out-of-band vulnerabilities

    v24.10.1 - 30 Oct 2024

    This release includes new security checks, improvements, and bug fixes.

    This update includes changes to the internal agents. The internal scan agent’s current version is 24.10.1. The internal authentication verifier agent’s current version is 24.10.1.

    New Security Checks

    Improvements

    • Changed the Mend integration to utilize an activation key so that the setup process is simpler

    Fixes

    • Vulnerability profiles that are set as hidden will now still be reported in the scan reports of scans completed prior to the vulnerability being hidden
    • Fixed a bug in the editing of scan profiles with custom report policies
    • Resolved an issue in the exporting of team member data with all attributes selected
    • Resolved an issue with missing vulnerability profiles in custom report policies
    1 2 13