Discovered assets can be correctly assigned to target groups
v24.2.240226074 - 26 Feb 2024
Copy LinkCopy Link
Release build 24.2.240226074 includes a new PCI DSS 4.0 report, the ability to use Aria Roles to provide better coverage, as well as many new security checks. Along with a new navigational experience, we've also made some more improvements and bug fixes.
New features
Added the ability to use Aria Roles to provide better coverage
Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
.NET IAST now supports .NET 8 (currently in Open Beta)
Improved detection of DOM-based Cross Site Scripting (XSS)
Improved the way that “Content Security Policy Misconfiguration” alerts are reported
Improved detection of Client Side Prototype Pollution (CSPP)
IAST scans will start reporting the IAST sensor version used for the scan
New column “Result” is shown in the list of scans to provide more details about scan outcome
Enhanced support for OTP apps by displaying the activation code next to the QR code
Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
Added the ability to scan web applications which require browsing in a single browser tab
Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations
Fixes
Fixed a bug caused by the engine not respecting Cache-Control directive
In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
Fixed several minor user experience issues across the application
Removed deprecated X-Frame Options check
v24.1.240131143 - 01 Feb 2024
Copy LinkCopy Link
Release build 24.1.240131143 includes support for Java 21 IAST sensor, new security checks, and bug fixes.
Release build 24.1.240111130 includes a new Java 17 IAST sensor, an update for Docker and Linux, as well as many new security checks. Along with a new navigational experience, we've also made some more improvements and bug fixes.
New features
The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)
New security checks
Improved Elmah security check to check for variants of Elmah
Added a check for file inclusion/path traversal when the response is shown inside a PDF
Improvements
Updated .NET (core) IAST sensor to hook new functions
The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
Increased the size limit to 10kB for supported Client Certificates for authenticated scans
Updated to Chromium 119.0.6045.199/200
Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
Improved crawling of Single Page Applications (SPA) that are using React
Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
New User Profile design
A refreshed UI with a new navigational experience
Fixes
Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
Fixed a number of scanner crashes
v23.11.231130164 - 04 Dec 2023
Copy LinkCopy Link
Release build 23.11.231130164 contains a fix for the SSO workflow.
Fixes
Fixed a bug in the SSO workflow
v23.11.231129195 - 30 Nov 2023
Copy LinkCopy Link
Release build 23.11.231129195 includes several improvements and bug fixes.
Improvements
Improvements to our Elmah security check
Improvements for Server Side Template Injection vulnerabilities (SSTI)
Additional logs for SSO
Fixes
Fixed a crash on Postman import
Client Certificate for target import fix
v23.11.231123131 - 23 Nov 2023
Copy LinkCopy Link
Release build 23.11.231123131 includes a fresh color scheme, new features and enhancements to the UI, as well as new security checks, improvements, and bug fixes.
New features
Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).
New security checks
Added default JWT keys for Apache Superset: CVE-2023-27524
Updated detection of exposed installers (Openfire and Chamilo)
Improvements
Email notifications now have the option to include a direct link for downloading PDF reports. Previously it was necessary to log in to Acunetix to download PDF reports.
Updated the Chromium Build to 119.0.6045.123/.124
Enhanced IAST .NET sensor detection capabilities
Improved location detection when using LSR
Improved scanner stability for select environments
Improvements to handling OpenAPI specifications
Multiple improvements to the SQL Injection vulnerability checks
Fixes
Fixed an issue that was causing Amazon WAF exports to fail
PDF reports now display information that was previously being cut off
v23.9.231020153 - 23 Oct 2023
Copy LinkCopy Link
Release build 23.9.231020153 includes new security checks and improvements to the SSL Engine.