Acunetix 360 On-Demand Changelogs

v24.10.0 - 08 Oct 2024

Copy Link Copy Link

This release includes a new feature, new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.10.0. The internal authentication verifier agent’s current version is 24.10.0.

New Features

API Security: Added integration with Azure API Management to fetch Swagger2 and OpenAPI3 specification files → Learn more

New Security Checks

Updated detection for ActiveMQ – Remote Code Execution (CVE-2023-46604) and TorchServe Management API SSRF (CVE-2023-43654)

Improvements

Database optimizations
Changed scanning without a duration limit to a customer support request-only option
Reporting improvements for the “Unknown Option Used In Referrer-Policy” vulnerability
Improved the behavior of the ‘Recent Scans’ button group on the global dashboard when using the mobile view

Fixes

Fixed a timeout bug in zero-configuration API discovery
Fixed some wording inconsistencies and other minor improvements to the user interface
Removal of sitemap data when a scan is canceled, failed, or aborted
Resolved an issue in the General Settings page configuration
Resolved an issue with user sessions not timing out in compliance with the specified configuration
Fixed a false positive issue with Boolean Based MongoDB Injection detection
Out-of-date version for Boolean Based MongoDB Injection is now reported correctly
Fixed missing API validation for Scan Profile updates, which caused data conflicts during website deletion.

v24.9.1 - 24 Sep 2024

Copy Link Copy Link

This release includes a new feature, new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.9.1. The internal authentication verifier agent’s current version is 24.9.1.

New Feature

Administrators can now assign Agent Groups to Teams for greater control over agents and the teams that can use them. Contact our customer support team to activate this feature.

New Security Checks

Added XWiki version disclosure vulnerability and attack patterns.

Improvements

Added improvements to the Mend SAST integration.
Target to Project mapping is now available via API for the Mend SAST integration.

Fixes

Fixed the issue where tagging in the Discovery service would create a single-character tag when converted to a target.
Fixed an issue where the encryption process remained pending and incomplete after starting encryption key generation.
Fixed a bug in the API where ‘/api/1.0/issues/allissues’ always returned NULL in the History field.
The option to suspend all future scans is now available to all customers in Scans Control Settings.
Fixed the false negative issue related to Polyfill.io.
Fixed an issue related to creating a custom script for a web application using the OIDC method with a login pop-up.
Fixed the issue where the scan summary page did not time out according to the settings.

v24.9.0 - 10 Sep 2024

Copy Link Copy Link

This release includes new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.9.0. The internal authentication verifier agent’s current version is 24.9.0.

New Security Checks

Adjusted the severity of SSLv3 and TLS 1.0 vulnerabilities to reflect their security risks
Added support for CSP frame-ancestors
Added detection for CVE-2024-6297, affecting several WordPress plugins

Improvements

Pre-request script now works in DOM as well
The Azure Extension now retries connections, preventing pipeline failures

Fixes

Remediated a high vulnerability issue on the Agent Dotnet dependency package
Fixed an issue that was preventing the selection of configuration items during ServiceNow integration setup
Fixed an issue with updating targets using the target group ID
Fixed an issue where the Auth Verifier heartbeat was showing an hour behind due to daylight saving time adjustments
Fixed an error that was occurring when editing Report Policies
Fixed an issue with a REST API endpoint returning alternating severity data for TLS 1.0 vulnerabilities
Resolved an issue with a pre-request script that was affecting crawling functionality

v24.8.2 - 29 Aug 2024

Copy Link Copy Link

This release includes a new integration with Mend SAST.

New Feature

Integration with Mend SAST: display Mend SAST results alongside DAST results in Acunetix 360 so you can prioritize all your application security testing fixes in one list → Learn more

v24.8.1 - 27 Aug 2024

Copy Link Copy Link

This release includes new security checks and bug fixes.

This update includes changes to the internal and cloud agents. The internal scan agent’s current version is 24.8.1.

New Security Checks

Added detection for Jenkins Secret as a Sensitive Data Exposure

Fixes

Fixed the issue where the ServiceNow Integration fields were not loading while editing the integration
Fixed the issue where clicking the clone button in the Jira integration incorrectly redirected to the create new integration page
Fixed Chromium-related issues in the agent
Corrected the description of the “api/1.0/scans/test-scan-profile-credentials” endpoint
Fixed the error when selecting a custom time period in the Dashboard Date Range
Fixed the issue where temp folders could not be deleted and Chromium instances remained open when Puppeteer encountered an error
Fixed the display issue on the Scan Summary page
Fixed the false positive on detection of “Stack Trace Disclosure (Java)”
Fixed a scan authentication issue and reduced latency
Fixed the issue that was preventing the download of detailed PCI reports
Fixed an issue related to the Moment.js regex
Updated the OpenSSL configuration on the Cloud AMI
Fixed the disk space issue in the Invicti Common folder
Fixed the automatic syncing of issues with Jira integrations
Fixed the issue where scans were failing due to a TLS connection not being established
Fixed the OIDC authentication issue
Fixed the issue where the REST API endpoint returned HTTP 400 instead of HTTP 200 when sending custom values
Fixed the issue preventing proper login to the target URL

v24.8.0 - 13 Aug 2024

Copy Link Copy Link

This release includes new security checks, improvements, and bug fixes.

This update includes changes to the internal and cloud agents. The internal scan agent’s current version is 24.8.0.

New Security Checks

Added a check for Authentication bypass in Fortra’s GoAnywhere MFT (CVE-2024-0204)
Added a check for Open SSH server RCE (CVE-2024-6387)
Added a check for cached pages that contain sensitive data (CWE-525)
Incorporated the reporting of sensitive information disclosures from Okta

Improvements

Added more links from the global dashboard widgets to the corresponding sections in the UI
Scheduled scans that repeatedly fail with the same result can now be automatically disabled
Unlinked API specs from the scan profile automatically unlink on the API Inventory page as well
Added the ability to navigate from the API operation vulnerability count in the API Inventory to a filtered list of vulnerabilities on the Issues page
Reverted the fix for a problem in the JWT Engine that was intended to resolve a false positive issue

Fixes

Fixed an issue that was causing intermittent errors in PCI reports
Fixed the ‘Bad Request’ error that was occurring in the vulnerability details of scan reports
Fixed an issue where the character ‘ñ’ was causing errors when updating or adding new users
Fixed the issue that was preventing deletion of unused scan policies
Fixed the issue where additional website vulnerabilities were being stored as target vulnerabilities
Fixed the missing tooltips for source errors on the API Sources page
Fixed the issue where the linked target URL was clickable even when the API specification was hidden
Resolved an issue that was causing an error when modifying the Settings in Acunetix 360

v24.7.4 HF - 05 Aug 2024

Copy Link Copy Link

This release contains an update to the internal agents.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.7.4. The internal authentication verifier agent’s current version is 24.7.4.

Fixes

Fixed the disk space issue in the Common folder

v24.7.2 - 25 Jul 2024

Copy Link Copy Link

This release includes improvements and bug fixes.

Improvements

Added custom header support for SSRF registration
Added a toggle to the Recent Scans widget on the Targets Dashboard to switch between displaying the target name and target URL
Added the option to select the Agent mode when importing targets
Added an option to filter by Agent Name on the Recent Scans screen

Fixes

Fixed an issue related to Agent Selection and Preferred Agent Group settings
Fixed an error occurring with valid requests to schedule a scan via the profile endpoint
Fixed an issue where scan reports attached to emails could not be opened
Fixed an issue where changing vulnerability details in the Report Policy deleted some information from the vulnerability
Fixed an issue where scan summary reports were not accessible in the UI
Fixed an issue where users were unable to remove URLs from Website Groups
Fixed an issue where users were unable to create both HTTP and HTTPS for the same endpoint
Fixed an issue where clients with limited access and custom roles were seeing all notifications for all users and websites in a target website’s dashboard
Fixed an issue related to BLR links
Fixed an issue where the scan was not displaying all the URLs in the sitemap
Fixed an SSL Untrusted Root Certificate issue for scans conducted with the OpenShift agent

v24.7.1 - 17 Jul 2024

Copy Link Copy Link

This release includes a new feature - Invicti API Security and a menu naming change.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.7.1. The internal authentication verifier agent’s current version is 24.7.1.

New Features

Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

Improvements

Renamed the ‘Websites and APIs’ menu to ‘Targets’