Changelogs

Acunetix Standard & Premium

RSS Feed

v14.1.210316110 - 17 Mar 2021

Copy Link Copy Link
Version 14 build 14.1.210316110 for Windows, Linux and macOS – 17th March 2021

New Features

  • Web Asset Discovery, allowing users to discover domains related to their organisation or web assets already configured in Acunetix
  • New page showing all the Target FQDNs consuming a target license

New Vulnerability Checks

Updates

  • Acunetix updated to fully support NTLM Authentication for proxy authentication
  • Multiple LSR/BLR and DeepScan updates and fixes
  • Updated Chromium to v88.0.4298.0
  • Updated Postgres database to v13.2
  • Engines page has been updated to show the following:
    • Status (online or otherwise) for each Engine
    • The build number for each Engine
    • Any license issues are reported as part of the status for each Engine
  • Multi-Engine setups will start to automatically update the Engine only installations when the Main installation is updated
  • The UI will reload after Acunetix is upgraded
  • ‘WAF Export’ button renamed to ‘Export to’, and feature added to the Scans Page
  • Multiple updates to the Comprehensive report
  • Proxy Settings can now be specified for each Issue Tracker
  • Updated JavaScript Library Audit check to cover libraries not hosted on the scanned target
  • Users can now be created from the API
  • Updated CORS check

Fixes

  • Fixed bug in “Vulnerabilities in SharePoint could allow elevation of privilege” check
  • Fixed issue causing check for updates to occasionally fail on MacOS
  • Fixed issue causing DOM XSS sink to not always be show the in the code extract displayed in the alert
  • Fixed issue caused when a custom collection is used in a TFS issue tracker configuration
  • Fixed issue in WordPress XML-RPC pingback abuse check
  • Fixed Deepscan crash
  • Fixed False Positive in Broken Link Hijacking check
  • Vulnerability CSV export now includes URL where vulnerability was detected

v13.0.210226118 - 26 Feb 2021

Copy Link Copy Link
Version 13 build 13.0.210226118 for Windows, Linux and macOS – 26th February 2021

Fixes

  • Fix Backend issue related to AcuSensor

v13.0.210129162 - 02 Feb 2021

Copy Link Copy Link
Version 13 build 13.0.210129162 for Windows, Linux and macOS – 2nd February 2021

New Features

  • New AcuSensor for Node.js
  • New Target Knowledgebase records scan data which is used to improve future scans
  • New FQDN and Target filter in Grouped Vulnerabilities page
  • New FQDN column in Targets page

New Vulnerability Checks

Updates

  • Simplified User Profile page
  • Improved handing of HTML comments
  • Improved processing of sites using dynamic links
  • Improved parsing of JavaScript for new paths
  • Form input type is taken into consideration when processing forms
  • Scanner now supports NTLM Authentication for proxy authentication
  • multiple DeepScan updates
  • Comprehensive report updated to use time zone configured for Acunetix user
  • Added setting in settings.xml to choose which SSL cipher to be used by the scanner
  • Integrated LSR logs are now stored for troubleshooting purposes
  • Notify user when client certificate is required but not configured for Target
  • Improvements in MAC installation
  • PHP AcuSensor will start including Stack Trace
  • Multiple LSR / BLR updates

Fixes

  • Filter items sorted alphabetically
  • Fixed minor UI glitch in multi-engine registration page
  • Multiple fixes in SlowLoris detection
  • Fixed scanner crashes
  • Fixed CSV injection in Target Export
  • Fixed UI issues in Target Groups page
  • Fixed formatting for issues pushed to Jira
  • Fixed issue when installing on Centos8

v13.0.201217092 - 17 Dec 2020

Copy Link Copy Link
Version 13 build 13.0.201217092 for Windows, Linux and macOS - 17th December 2020

New Features

  • Big improvement in handling of CSRF tokens
  • Added support for ShadowRoot
  • Added support for MacOS Big Sur

New Vulnerability Checks

Updates

  • Updated the UI for the multi-engine system
  • Multiple updates to the PHP AcuSensor
  • Multiple updates to the Login Sequence Recorder
  • Scanning engine updated to support using proxy server with NTLM Authentication

Fixes

  • Fixed issue causing the browser to fail to launch on Kali
  • Fixed issue causing AcuSensor not found message to not be displayed
  • Fixed false positive in Zend Framework LFI via XXE
  • Fixed false positive in Directory Traversal
  • Fixed false positive in Cookie(s) with missing, inconsistent, or contradictory properties
  • Fixed false positive in Apache Struts2 Remote Command Execution (S2-052)
  • Fixed issue in highlighting of vulnerability in response
  • Fixed issue with Slow Loris
  • Fixed issue in WADL importer
  • Fixed crash in scanner
  • Fixed minor issues in Comprehensive Report
  • Fixed issue causing Acunetix to lose license information

v13.0.201126145 - 27 Nov 2020

Copy Link Copy Link
Version 13 build 13.0.201126145 for Windows / Linux and 13.0.201126157 for macOS - 27th November 2020

New Features

  • New user role: Platform Admin, provides full access to Acunetix

Updates

  • Network Settings can now be confirmed using the new Check Settings button
  • Management of Targets by Tech Admin role can now be selectively turned off

Fixes

  • Fixed issue causing inability to access last continuous failed scan
  • Fixed UI issues causing inability to add targets to target group when target list is filtered
  • Acunetix is now correctly reporting progress for Network Scans
  • UI updated to hide specific options for the different Acunetix user roles

v13.0.201112128 - 12 Nov 2020

Copy Link Copy Link
Version 13 (build 13.0.201112128 for Windows / Linux / macOS) 12 November 2020

Updates

  • Updated Telerik vulnerability checks
  • The Tech Admin user role can now create new Targets
  • Renamed acu_phpaspect.php to acusensor.php
  • Updated Comprehensive report to indicate Verified vulnerabilities
  • Logon Banner now supports multi-line banners

Fixes

  • Fixed issue in SlowLoris vulnerability check
  • Fixed issue LSR hang caused when closing the LSR immediately after opening it
  • Fixed scan hanging issue
  • Fixed a couple of issues in the CSV export
  • Fixed issue causing incorrect threat level in Comprehensive report
  • Fixed false positives in Outdated JS libraries and Insecure Referrer Policy checks
  • Fixed UI issue with long target name causing buttons to be hidden
  • Fixed issue causing double input schemes
  • Fixed crash in scanner
  • Fixed issue causing vulnerability count in Dashboard to not always be updated

v13.0.201028153 - 29 Oct 2020

Copy Link Copy Link
Version 13 (build 13.0.201028153 for Windows / Linux and build 13.0.201028161 for macOS) 29th October 2020

New Features

  • Logon Banner can be configured for Acunetix logon page (satisfies DOD Notice and Consent Banner requirement)
  • Added ability to export vulnerabilities to CSV (available as WAF Export option)
  • Added ability to export scan locations to CSV (available as WAF Export option)

New Vulnerability Checks

Updates

  • Improved handling of Swagger
  • The scanner will try to detect differences in the site using different user-agents
  • Various minor UI updates
  • Added Scan Profile used in Scan results
  • Business Logic Recorder cannot be used on Targets which require Manual Intervention
  • Updated Jira issue tracker
  • Improved error shown when checking for updates fails
  • Updated import file feature to support files using BOM
  • Comprehensive report tags vulnerabilities detected by AcuSensor and AcuMonitor

Fixes

  • Fixed issue causing multi-line session detection not to be used during scan
  • Updated Jira issue tracker to use proxy server if configured
  • Fixed issue causing gzip encoded body of HTTP responses to become invalidated
  • Fixed: Printing the Coverage report would not print the sitemap in the report
  • Fixed issue causing some login forms not to be detected during the scan
  • Fixed timing issue when scheduling a scan for a future date
  • Fixed scanner crashes caused by specific import files
  • Fixed issue causing DeepScan not to be used on Kali Linux
  • Fixed false positive in Zend Framework LFI via XXE
  • Fixed issue causing some scans to fail because of the client certificate
  • Fixed issue causing LSR playback to fail for some scans
  • Fixed issue in New Scan dialog for Tech Admin users

v13.0.200930102 - 30 Sep 2020

Copy Link Copy Link
Version 13 (build 13.0.200930102 for Windows, Linux and macOS) 30th September 2020

New Features

  • Export Scans to JSON (available as WAF Export option)
  • Added context-sensitive help for all pages in the UI. Clicking on the ? icon will open documentation for the specific page

New Vulnerability Checks

Updates

  • Numerous updates to the UI
  • Malware scan profile updated to check for Trojans
  • Scanner updated to receive newly discovered hosts from vulnerability checks
  • Updated Swagger 2 implementation to better cater for nested schemes/objects
  • Updated deduplication to better cater for network scans / vulnerabilities
  • Adaptive ciphersuite testing, reduces the average SSL/TLS scan duration by 90%

Fixes

  • Fixed issue where no data was shown for archived scans
  • Fixed some minor issues with default filters
  • Fixed issue showing wrong Target count in license page
  • Fixed UI issue affecting Custom Scan Profiles
  • Fixed Possible Sensitive Files / Folders to use the Case Sensitive Paths setting for the Target
  • Fixed issue in Reverse Proxy Detection check
1 9 10 11 26