Added a new attack pattern for missing Open Redirection
Improvements
Added a "Stop The Scan When Build is Aborted" option to the Jenkins integration
Added an option to trigger only specified lists of events
Added a 100MB limit to the maximum total file size for imported link files
Added an option to the GitHub Actions CI/CD integration to fail a build if a vulnerability with a specific severity is found during the scan
Added a Y-axis to the Severity Trend graph in the dashboard
Updated all the IAST Sensors: .NET Framework and .NET Core 6.2.0, Java 16.0.0, Node.js 2.1.3, PHP 8.0.1
Adjusted the behavior of the website matching option in the Discovery Settings to remove 2nd level domain matching in order to improve the relevance of discovery results
Added a new option to the Discovery Match Settings (enabled by default) to only show discovery results that have an IP address. This change is intended to prevent the consumption of licenses on targets that cannot be scanned due to the lack of an actual IP address.
Updated to the latest Chromium version to improve security and performance
Updated the summary information of the PCI compliance report
Added the OpenShift Docker Agent to the public repository
Fixes
Fixed a bug in the user timeout session setting
Resolved an issue with the frequency of out-of-date technology email notifications
Removed email notifications for out-of-date technologies in failed scans
Fixed an issue that was causing scans to be stuck in an async archiving state
Fixed a bug in the automatic sign-out functionality when the session timeout period has expired
Fixed an issue in the detection of the 'Improper XML parsing leads to Billion Laughs Attack' vulnerability
Fixed a bug in the Service Now Integration
Fixed the issue that was causing activity logs to display incorrect owners of failed scans
Fixed an issue with user-agent selection in scan policies that was causing disabled security check vulnerabilities to appear in the dashboards and scan reports
Fixed an issue that was causing the agent to not send a heartbeat and become unavailable while archiving and uploading scan results
Fixed the issue that was preventing updates made in Azure Boards from reflecting in Acunetix 360
Fixed vulnerabilities with the Invicti Scan Agent Docker image
Fixed the disk space utilization issue that was causing the InvictiCommon folder size to increase significantly during scans
Resolved an issue with the Business Logic Recorder
Improved the crawling capability to allow for automatic crawling of XHR requests
Fixed the missing technology details on the scan summary and scan report pages
Fixed an AWS4Signer authentication issue
Fixed the screenshot error on Linux Agents
Updated the advanced installer files to fix an issue with scanners and verifiers disappearing during the update process
Fixed a bug in the settings page that was preventing changes to any of the settings
Fixed an error that was preventing PDF reports from opening