Changelogs

Acunetix 360 On-Demand

RSS Feed

v24.12.1 - 12 Dec 2024

Copy Link Copy Link
This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.1. The internal authentication verifier agent’s current version is 24.12.1. New feature A connector for Mend SCA now available Improvements Added new paths to forced browsing Updated the vulnerability template...

This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.1. The internal authentication verifier agent’s current version is 24.12.1.

New feature

  • A connector for Mend SCA now available

Improvements

  • Added new paths to forced browsing
  • Updated the vulnerability template for the Internal Server Error vulnerability
  • Improved Insecure HTTP Usage detection
  • Improved retry operations to prevent JSONSerializer errors following archiving failures
  • Removed support email addresses from the product
  • Removed cancelled and failed scans after 90 days

Fixes

  • Fixed an issue in Mulesoft integration where child organizations were not syncing properly
  • Fixed an issue with ServiceNow integrations causing authentication errors by suspending the affected integrations
  • Fixed an issue where JSON responses were incorrectly formatted
  • Fixed an issue where scans failed with a “Failed – Agent is unavailable” error at the end of the scan
  • Fixed an issue where Invicti detected vulnerabilities in multiple parameters of the same URL but didn’t report them due to the vulnerability family mechanism

v24.12.0 - 03 Dec 2024

Copy Link Copy Link
This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0. New Features API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more  New Security Checks Added...

This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0.

New Features

  • API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more 

New Security Checks

  • Added detection of Google Tag Manager as a technology in the Vulnerability Database (VDB)

Improvements

  • Enhanced security to prevent customer login information from being written in clear text
  • OpenSSL configuration (openssl.cnf) updated for Docker compatibility
  • Added new filter in Recent Scans page for Agent Mode in order to distinguish between Internal and Cloud agents
  • Revised field descriptions in the Swagger model documentation to accurately reflect the use of the RequiredIf attribute
  • Improved analysis and remediation capabilities for [Possible] Server-Side Template Injection vulnerabilities

Fixes

  • Resolved a breaking change in .NET 8’s System.Net.Security.UseManagedNtlm by upgrading from Ubuntu 22.04 to Ubuntu 24.04, where the issue was addressed. The Agent was updated to .NET 8.
  • Fixed an issue where Retest-type scans did not identify the same vulnerabilities detected during full scans
  • Fixed high CPU usage in some agents caused by Chromium
  • Scans attempting to run with Agent Group without any agents will result correctly in failure instead of queue
  • Fixed an issue that was preventing users from accessing a Scan Policy
  • Fixed an issue where the Misconfigured Access-Control-Allow-Origin Header vulnerability was not detected
  • Removed the [Possible] Password Transmitted over Query String vulnerability

 

v24.11.0 - 12 Nov 2024

Copy Link Copy Link
This release includes new features and security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.11.0. The internal authentication verifier agent’s current version is 24.11.0.

New Features

  • API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

New Security Checks

  • Added a check for applications performing certificate name validation to prevent reading invalid memory addresses (CVE-2024-6119)

Improvements

  • Updated the AuthVerificationService from .NET 6.0 to .NET 8.0

Fixes

  • Fixed an issue with missing links in imported files that were sent from the API Inventory to the agent
  • Fixed an issue where target names longer than 40 characters were not being truncated as expected on the Create New Target page
  • Fixed an issue where the “Download HTTP Request Logs” button triggered an error while a scan was in progress
  • Fixed an issue where user names containing the character “ä” could not be added
  • Fixed an issue with the scan data retention period for raw scan files that was not working as expected
  • Fixed missing scan completed notifications with report attachments
  • Fixed an issue where adding more than one name to a Notification’s Excluded Recipients would remove the other users from all other notifications
  • Fixed an issue where the verifier agent could not read or apply custom proxy settings from the appsettings.json file
  • Fixed an issue where uploading a .proto file caused a “No links found in the file” error
  • Fixed missing request/response details for some out-of-band vulnerabilities

v24.10.1 - 30 Oct 2024

Copy Link Copy Link
This release includes new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.10.1. The internal authentication verifier agent’s current version is 24.10.1.

New Security Checks

Improvements

  • Changed the Mend integration to utilize an activation key so that the setup process is simpler

Fixes

  • Vulnerability profiles that are set as hidden will now still be reported in the scan reports of scans completed prior to the vulnerability being hidden
  • Fixed a bug in the editing of scan profiles with custom report policies
  • Resolved an issue in the exporting of team member data with all attributes selected
  • Resolved an issue with missing vulnerability profiles in custom report policies

v24.10.0 - 08 Oct 2024

Copy Link Copy Link
This release includes a new feature, new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.10.0. The internal authentication verifier agent’s current version is 24.10.0.

New Features

  • API Security: Added integration with Azure API Management to fetch Swagger2 and OpenAPI3 specification files → Learn more

New Security Checks

Improvements

  • Database optimizations
  • Changed scanning without a duration limit to a customer support request-only option
  • Reporting improvements for the “Unknown Option Used In Referrer-Policy” vulnerability
  • Improved the behavior of the ‘Recent Scans’ button group on the global dashboard when using the mobile view

Fixes

  • Fixed a timeout bug in zero-configuration API discovery
  • Fixed some wording inconsistencies and other minor improvements to the user interface
  • Removal of sitemap data when a scan is canceled, failed, or aborted
  • Resolved an issue in the General Settings page configuration
  • Resolved an issue with user sessions not timing out in compliance with the specified configuration
  • Fixed a false positive issue with Boolean Based MongoDB Injection detection
  • Out-of-date version for Boolean Based MongoDB Injection is now reported correctly
  • Fixed missing API validation for Scan Profile updates, which caused data conflicts during website deletion.

v24.9.1 - 24 Sep 2024

Copy Link Copy Link
This release includes a new feature, new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.9.1. The internal authentication verifier agent’s current version is 24.9.1.

New Feature

  • Administrators can now assign Agent Groups to Teams for greater control over agents and the teams that can use them. Contact our customer support team to activate this feature.

New Security Checks

  • Added XWiki version disclosure vulnerability and attack patterns.

Improvements

  • Added improvements to the Mend SAST integration.

  • Target to Project mapping is now available via API for the Mend SAST integration.

Fixes

  • Fixed the issue where tagging in the Discovery service would create a single-character tag when converted to a target.

  • Fixed an issue where the encryption process remained pending and incomplete after starting encryption key generation.

  • Fixed a bug in the API where ‘/api/1.0/issues/allissues’ always returned NULL in the History field.

  • The option to suspend all future scans is now available to all customers in Scans Control Settings.

  • Fixed the false negative issue related to Polyfill.io.

  • Fixed an issue related to creating a custom script for a web application using the OIDC method with a login pop-up.

  • Fixed the issue where the scan summary page did not time out according to the settings.

v24.9.0 - 10 Sep 2024

Copy Link Copy Link
This release includes new security checks, improvements, and bug fixes.

This update includes changes to the internal agents. The internal scan agent’s current version is 24.9.0. The internal authentication verifier agent’s current version is 24.9.0.

New Security Checks

  • Adjusted the severity of SSLv3 and TLS 1.0 vulnerabilities to reflect their security risks
  • Added support for CSP frame-ancestors
  • Added detection for CVE-2024-6297, affecting several WordPress plugins

Improvements

  • Pre-request script now works in DOM as well
  • The Azure Extension now retries connections, preventing pipeline failures

Fixes

  • Remediated a high vulnerability issue on the Agent Dotnet dependency package
  • Fixed an issue that was preventing the selection of configuration items during ServiceNow integration setup
  • Fixed an issue with updating targets using the target group ID
  • Fixed an issue where the Auth Verifier heartbeat was showing an hour behind due to daylight saving time adjustments
  • Fixed an error that was occurring when editing Report Policies
  • Fixed an issue with a REST API endpoint returning alternating severity data for TLS 1.0 vulnerabilities
  • Resolved an issue with a pre-request script that was affecting crawling functionality

v24.8.2 - 29 Aug 2024

Copy Link Copy Link
This release includes a new integration with Mend SAST.

New Feature

  • Integration with Mend SAST: display Mend SAST results alongside DAST results in Acunetix 360 so you can prioritize all your application security testing fixes in one list Learn more

v24.8.1 - 27 Aug 2024

Copy Link Copy Link
This release includes new security checks and bug fixes.

This update includes changes to the internal and cloud agents. The internal scan agent’s current version is 24.8.1.

New Security Checks

  • Added detection for Jenkins Secret as a Sensitive Data Exposure

Fixes

  • Fixed the issue where the ServiceNow Integration fields were not loading while editing the integration
  • Fixed the issue where clicking the clone button in the Jira integration incorrectly redirected to the create new integration page
  • Fixed Chromium-related issues in the agent
  • Corrected the description of the “api/1.0/scans/test-scan-profile-credentials” endpoint
  • Fixed the error when selecting a custom time period in the Dashboard Date Range
  • Fixed the issue where temp folders could not be deleted and Chromium instances remained open when Puppeteer encountered an error
  • Fixed the display issue on the Scan Summary page
  • Fixed the false positive on detection of “Stack Trace Disclosure (Java)”
  • Fixed a scan authentication issue and reduced latency
  • Fixed the issue that was preventing the download of detailed PCI reports
  • Fixed an issue related to the Moment.js regex
  • Updated the OpenSSL configuration on the Cloud AMI
  • Fixed the disk space issue in the Invicti Common folder
  • Fixed the automatic syncing of issues with Jira integrations
  • Fixed the issue where scans were failing due to a TLS connection not being established
  • Fixed the OIDC authentication issue
  • Fixed the issue where the REST API endpoint returned HTTP 400 instead of HTTP 200 when sending custom values
  • Fixed the issue preventing proper login to the target URL

1 2 13