Changelogs

Acunetix Standard & Premium

RSS Feed

v24.12.0 - 16 Dec 2024

Copy Link Copy Link
New Security Checks Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474) Added Sitecore AFR (CVE-2024-46938) Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378 Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly Improvements...

New Security Checks

Improvements

  • The engine now uses Chromium 131 for scanning
  • The engine now leverages headers from all import files, incl. Postman collections
  • The engine now supports using host and path from Postman collections
  • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

Fixes

  • Fixed an issue where, in rare cases, the LSR failed to correctly add session data

  • Fixed an issue where GraphQL imports could fail in certain edge cases

v24.11.0 - 28 Nov 2024

Copy Link Copy Link
Release 24.11.0 is for Acunetix Online only and contains a new feature for API Discovery.

This release is for Acunetix Online only.

New Features

  • API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more

v24.10.241106172 - 07 Nov 2024

Copy Link Copy Link
Release build 24.10.241106172 includes new features, improvements, fixes, and a change to the API documentation.

New Features

  • API Discovery now supports retrieving OpenAPI/Swagger specs from Azure API Management Learn more
  • Added support for automated use of OTP in scans, enabling seamless scanning of 2FA-enabled web applications Learn more
  • API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

Improvements

  • Added the latest checks for outdated technology versions
  • Optimised various Directory tests to make less HTTP requests
  • DeepScan update which improves scan coverage and consistency
  • Minor UI improvements across the app
  • Removed redundant configuration option in API Discovery integration with Amazon API Gateway

Fixes

  • Fixed a single occurrence edge case when a scan was crashing
  • Fixed incorrectly reporting Application Build in RuntimeSCA reports

API Changes

  • Corrected the baseURL for EU customers in our API documentation

v24.9.241025109 - 29 Oct 2024

Copy Link Copy Link
Release build 24.9.241025109 includes a fix for the scanner.

Fixes

  • Fixed a problem with the scanner that was causing it to crash in some instances

v24.9.241015145 - 17 Oct 2024

Copy Link Copy Link
Release build 24.9.241015145 includes a new security check and product improvements.

New Security Checks

  • Added check for CVE-2024-6842

Improvements

  • Upgraded to OpenSSL
  • Updates to technologies and fingerprints

v24.9.240924080 - 24 Sep 2024

Copy Link Copy Link
Release build 24.9.240924080 enables Runtime SCA for On-Premises customers.
  • Enabled RuntimeSCA for On-Premises customers

v24.9.240918130 - 19 Sep 2024

Copy Link Copy Link
Release build 24.9.240918130 includes new security checks, improvements, and bug fixes.

New Security Check

Improvements

  • Updated Chromium to v128.0.3316.119/.120

  • Improved support for GraphQL when described in introspection JSON

  • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

  • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer connection

Fixes

  • Fixed a false positive in the Solr Injection check

  • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page

  • Runtime SCA PDF reports are now being generated correctly

  • The scan end timestamp is now loading properly on the new Scan Details page

v24.8.240903137 - 04 Sep 2024

Copy Link Copy Link
Release build 24.8.240903137 includes fixes on the HTTP/2 Handler

Fixes

  • Fixes on the HTTP/2 Handler

v24.8.240828144 - 29 Aug 2024

Copy Link Copy Link
Release build 24.8.240828144 includes new features and security checks, improvements, and bug fixed.

New Features

  • Added support for Apache Tomcat 11 in JAVA IAST sensor
  • RAML API specs can now be uploaded to extend the coverage of API scanning Learn more
  • Implemented support for scanning HTTP/2 websites
  • Runtime SCA findings are now available on the Scan Details page (Acunetix Online only, On-Premises coming soon)
  • A new scan report for SCA is now available Learn more

New Security Checks

Improvements

  • Minor cosmetic UI/UX issues have been addressed across the app
  • Updated list of exposed web installers reported
  • The Scan Details screen for reviewing scan results has been modernized and upgraded
  • Improved testing of path fragments
  • The agent status now shows ‘Unknown’ instead of ‘Error’ when the agent hasn’t shared its status for some time
  • API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
  • API Discovery: Added functionality to change the base URL of an already linked API
  • Updated scanner to handle security definitions within Swagger

Fixes

  • Updated the scanner to use default scan speed settings when scan speed settings are missing
  • Fixed a false positive in the detection of Possible Virtual Host Found
  • Fixed a false positive in the detection of CVE-2024-6387
1 2 26