Changelogs

Acunetix Standard & Premium

RSS Feed

v24.3.240411164 - 15 Apr 2024

Copy Link Copy Link
Release build 24.3.240411161 brings a replacement for the expiring Invicti Code Signing Certificate tailored for Windows binaries.

Improvements

  • Replaced an expiring Invicti Signing Code Certificate for Windows binaries

v24.3.240322155 - 25 Mar 2024

Copy Link Copy Link
Release build 2.3.240322155 includes new Smart API Scanning capabilities for Swagger 2 and OpenAPI 3, improved Crawling of websites using IFrames, as well as many new security checks. We have also made some more improvements and bug fixes.

New features

  • Smart API Scanning capabilities for Swagger 2
  • Smart API Scanning capabilities for OpenAPI 3

New security checks

Improvements

  • Improved Crawling of websites using IFrames
  • .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
  • Improved detection of DOM XSS in Referrer Header
  • Improved detection of DOM XSS in document.cookie

Fixes

  • Fixed a situation when a new target couldn’t be created via API
  • Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
  • Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability

v24.2.240227118 - 28 Feb 2024

Copy Link Copy Link
Release build 24.2.240227118 includes bug fixes.

Fixes

  • Invitation emails are being sent correctly
  • Discovered assets can be correctly assigned to target groups

v24.2.240226074 - 26 Feb 2024

Copy Link Copy Link
Release build 24.2.240226074 includes a new PCI DSS 4.0 report, the ability to use Aria Roles to provide better coverage, as well as many new security checks. Along with a new navigational experience, we've also made some more improvements and bug fixes.

New features

  • Added the ability to use Aria Roles to provide better coverage
  • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
  • .NET IAST now supports .NET 8 (currently in Open Beta)

New security checks

Improvements

  • Updated Chromium to 121.0.6167.139/140
  • Improved detection of DOM-based Cross Site Scripting (XSS)
  • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
  • Improved detection of Client Side Prototype Pollution (CSPP)
  • IAST scans will start reporting the IAST sensor version used for the scan
  • New column “Result” is shown in the list of scans to provide more details about scan outcome
  • Enhanced support for OTP apps by displaying the activation code next to the QR code
  • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
  • Added the ability to scan web applications which require browsing in a single browser tab
  • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
  • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

Fixes

  • Fixed a bug caused by the engine not respecting Cache-Control directive
  • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
  • Fixed several minor user experience issues across the application
  • Removed deprecated X-Frame Options check

v24.1.240111130 - 11 Jan 2024

Copy Link Copy Link
Release build 24.1.240111130 includes a new Java 17 IAST sensor, an update for Docker and Linux, as well as many new security checks. Along with a new navigational experience, we've also made some more improvements and bug fixes.

New features

  • The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
  • Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

New security checks

Improvements

  • Updated .NET (core) IAST sensor to hook new functions
  • The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
  • Increased the size limit to 10kB for supported Client Certificates for authenticated scans
  • Updated to Chromium 119.0.6045.199/200
  • Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
  • Improved crawling of Single Page Applications (SPA) that are using React
  • Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
  • Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
  • New User Profile design
  • A refreshed UI with a new navigational experience

Fixes

  • Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
  • Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
  • Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
  • Fixed a number of scanner crashes

v23.11.231130164 - 04 Dec 2023

Copy Link Copy Link
Release build 23.11.231130164 contains a fix for the SSO workflow.

Fixes

  • Fixed a bug in the SSO workflow

v23.11.231129195 - 30 Nov 2023

Copy Link Copy Link
Release build 23.11.231129195 includes several improvements and bug fixes.

Improvements

  • Improvements to our Elmah security check
  • Improvements for Server Side Template Injection vulnerabilities (SSTI)
  • Additional logs for SSO

Fixes

  • Fixed a crash on Postman import
  • Client Certificate for target import fix

v23.11.231123131 - 23 Nov 2023

Copy Link Copy Link
Release build 23.11.231123131 includes a fresh color scheme, new features and enhancements to the UI, as well as new security checks, improvements, and bug fixes.

New features

  • Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
  • For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
  • You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
  • We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
  • For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

New security checks

Improvements

  • Email notifications now have the option to include a direct link for downloading PDF reports. Previously it was necessary to log in to Acunetix to download PDF reports.
  • Updated the Chromium Build to 119.0.6045.123/.124
  • Enhanced IAST .NET sensor detection capabilities
  • Improved location detection when using LSR
  • Improved scanner stability for select environments
  • Improvements to handling OpenAPI specifications
  • Multiple improvements to the SQL Injection vulnerability checks

Fixes

  • Fixed an issue that was causing Amazon WAF exports to fail
  • PDF reports now display information that was previously being cut off
1 2 3 4 26