v24.4.240427095 - 30 Apr 2024
Release build 24.4.240427095 includes a new feature, numerous security checks, enhancements, and multiple bug fixes.
New features
- Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.
New security checks
- XWiki Platform RCE (CVE-2023-37462)
- Dolibarr DB Theft (CVE-2023-33568)
- ChatGPT-Next-Web SSRF (CVE-2023-49785)
- OpenMetadata Auth Bypass (CVE-2024-28255)
- Progress Kemp LoadMaster RCE (CVE-2024-1212)
- Coldfusion Arbitrary File Read (CVE-2024-20767)
Improvements
- Fixed the password reset tool for Windows for Acunetix On-Premises
- .NET Core IAST Sensor: Removed dependency on NLog
- Various improvements in Deepscan, lessening the time to process pages / SPAs
- Deepscan updated to not interact with Google Maps
- Updated detection for monitoring systems
- Updated detection of web installers
Fixes
- Correct warning is now displayed when attempting to add more than permitted target variations
- Addressed several usability and design issues across application settings
- Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
- Design updates for User settings in Acunetix Online
- Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
- For users in a User Group, target group assignment is properly applied under all scenarios
- Fixed a user permission issue when using custom roles
- Invite emails from Acunetix On-Premises for Linux are properly displaying content now
- Fixed the OOM (out of memory) problem when processing large PDF files