Changelogs

Acunetix Standard & Premium

RSS Feed

v14.3.210615184 - 17 Jun 2021

Version 14 build 14.3.210615184 for Windows, Linux and macOS – 17th June 2021

New Features

  • New SCA (Software Composition Analysis) for PHP, JAVA, Node.js and .NET web applications. Acunetix will report vulnerable libraries used by the web application when AcuSensor is used

New Vulnerability Checks

Updates

  • Updated .NET AcuSensor
  • .NET AcuSensor can be now deployed from CLI
  • User is notified when imported URLs are out of scope
  • Scan events are not shown in json any more
  • New column for Continuous Scanning in the Targets page
  • New filter in Targets page to easily identify Targets with debug enabled
  • Vulnerabilities page shows if the vulnerability was detected by a web or network scan
  • Merged Add Target and Add Targets options in UI
  • Custom Field, labels and tags can be configured for Issue Trackers
  • Platform Admin can now unlock locked accounts
  • New column in CSV export showing details in text only
  • Updated the way that AcuSensor token can be updated in the Target Settings
  • PCI DSS compliance report updated to PCI DSS 3.2.1
  • Compliance Reports updated to make use of the Comprehensive report template
  • Browser Dev tools can be used when LSR is started from CLI
  • Updated XFO check
  • Multiple UI updates
  • Improved false positive detection of out of band RCE and argument injection vulnerabilities
  • Multiple updates to the Postman import implementation
  • Updated JavaScript Library Audit to support merged JavaScript files

Fixes

  • HSTS has been enabled for the AcuSensor bridge
  • Latest Alerts section of Scan results was not updated with AcuMonitor (OOB) vulnerabilities)
  • The Fragments was not clickable in the site structure
  • HSTS Best Practices was sometimes being reported multiple times
  • Fixed HSTS false negative
  • Fixed issue in the detection of Django 3 weak secret
  • Fixed issue causing GitHub labels not to be updated when changing Github issue Tracker Project
  • Fixed encoding issue in Node.js AcuSensor
  • Fixed issue causing corruption of Target knowledgebase
  • Fixed DeepScan timeout when processing Prototype JavaScript library
  • Fixed issue causing outdated JavaScript libraries check not to report external libraries
  • Fixed issue in Oauth password credentials grant

v14.2.210505179 - 06 May 2021

Version 14 build 14.2.210505179 for Windows, Linux and macOS – 6th May 2021

Fixes

  • Fixed validation errors when sorting vulnerabilities by Issue ID
  • Fixed issue causing Node.js sensor to fail to start on Node v6
  • Fixed issue causing some operations to be listed multiple times in Scan Statistics

v14.2.210503151 - 04 May 2021

Version 14 build 14.2.210503151 for Windows, Linux and macOS – 4th May 2021

New Features

  • Acunetix is now available on Docker
  • New Scan Statistics page for each Scan
  • Vulnerability information can now be sent to AWS WAF

New Vulnerability Checks

Updates

  • Full rows and column selection is now possible in the Excluded Hours page
  • Updated UI with new Acunetix branding
  • Issue Tracker ID will be shown for vulnerabilities sent to any Issue Tracker
  • Issue Trackers can now be restricted to a specific Target Group
  • Target Description will be sent to the Issue Trackers
  • Updated Jira integration to support Jira version 9
  • Multiple updates to the JAVA AcuSensor
  • Scanning engine will now test cookies on pages which do not have any inputs
  • The scanner will stop testing cookies which have been found to be vulnerable
  • Where possible, DOM XSS vulnerabilities will show the code snippet of the vulnerable JavaScript call
  • CSV Export will now show the Target Address
  • Maximum size for a custom cookie configured in a Target increased to 4096 characters
  • New date filter in the Vulnerabilities page
  • Vulnerability severity now shows text in addition to color coded icon
  • Multiple updates to the LSR
  • Added support for BaseUrl / Global Variables in Postman import files

Fixes

  • Fixed extra CR in Target CSV export
  • Fixed DeepScan crash
  • Fixed: Discovery options are only shown to users with “Access All Targets” permission
  • Fixed: Existing user’s details shown when adding a new user
  • Fixed a scanner crash
  • Fixed: Blind XSS check is now part of the XSS scanning profile
  • Fixed: AcuMonitor checks where not done when scan done by an engineonly installation
  • Fixed issue causing AcuMonitor not to be registered when using authenticated proxy
  • Fixed issue when loading vulnerabilities for a Target Group
  • Fixed issue with Postman importer
  • Fixed sporadic issue when checking for new Acunetix updates on Mac
  • Fixed issue in WP XMLRPC pingback check

v14.1.210329187 - 30 Mar 2021

Version 14 build 14.1.210329187 for Windows, Linux and macOS – 30th March 2021

Fixes

  • Fixed issue causing proxy authentication failures
  • Fixed scanner crash
  • Fixed indentation in Comprehensive report

v14.1.210324124 - 25 Mar 2021

Version 14 build 14.1.210324124 for Windows, Linux and macOS – 25th March 2021

Updates

  • Updated scanner so that “Restrict scans to import files” is taken into consideration for paths coming from Target knoweldgebase

Fixes

  • Fixed a scanner crash
  • Fixed issue in Swagger 3 import feature

v14.1.210316110 - 17 Mar 2021

Version 14 build 14.1.210316110 for Windows, Linux and macOS – 17th March 2021

New Features

  • Web Asset Discovery, allowing users to discover domains related to their organisation or web assets already configured in Acunetix
  • New page showing all the Target FQDNs consuming a target license

New Vulnerability Checks

Updates

  • Acunetix updated to fully support NTLM Authentication for proxy authentication
  • Multiple LSR/BLR and DeepScan updates and fixes
  • Updated Chromium to v88.0.4298.0
  • Updated Postgres database to v13.2
  • Engines page has been updated to show the following:
    • Status (online or otherwise) for each Engine
    • The build number for each Engine
    • Any license issues are reported as part of the status for each Engine
  • Multi-Engine setups will start to automatically update the Engine only installations when the Main installation is updated
  • The UI will reload after Acunetix is upgraded
  • ‘WAF Export’ button renamed to ‘Export to’, and feature added to the Scans Page
  • Multiple updates to the Comprehensive report
  • Proxy Settings can now be specified for each Issue Tracker
  • Updated JavaScript Library Audit check to cover libraries not hosted on the scanned target
  • Users can now be created from the API
  • Updated CORS check

Fixes

  • Fixed bug in “Vulnerabilities in SharePoint could allow elevation of privilege” check
  • Fixed issue causing check for updates to occasionally fail on MacOS
  • Fixed issue causing DOM XSS sink to not always be show the in the code extract displayed in the alert
  • Fixed issue caused when a custom collection is used in a TFS issue tracker configuration
  • Fixed issue in WordPress XML-RPC pingback abuse check
  • Fixed Deepscan crash
  • Fixed False Positive in Broken Link Hijacking check
  • Vulnerability CSV export now includes URL where vulnerability was detected

v13.0.210226118 - 26 Feb 2021

Version 13 build 13.0.210226118 for Windows, Linux and macOS – 26th February 2021

Fixes

  • Fix Backend issue related to AcuSensor

v13.0.210129162 - 02 Feb 2021

Version 13 build 13.0.210129162 for Windows, Linux and macOS – 2nd February 2021

New Features

  • New AcuSensor for Node.js
  • New Target Knowledgebase records scan data which is used to improve future scans
  • New FQDN and Target filter in Grouped Vulnerabilities page
  • New FQDN column in Targets page

New Vulnerability Checks

Updates

  • Simplified User Profile page
  • Improved handing of HTML comments
  • Improved processing of sites using dynamic links
  • Improved parsing of JavaScript for new paths
  • Form input type is taken into consideration when processing forms
  • Scanner now supports NTLM Authentication for proxy authentication
  • multiple DeepScan updates
  • Comprehensive report updated to use time zone configured for Acunetix user
  • Added setting in settings.xml to choose which SSL cipher to be used by the scanner
  • Integrated LSR logs are now stored for troubleshooting purposes
  • Notify user when client certificate is required but not configured for Target
  • Improvements in MAC installation
  • PHP AcuSensor will start including Stack Trace
  • Multiple LSR / BLR updates

Fixes

  • Filter items sorted alphabetically
  • Fixed minor UI glitch in multi-engine registration page
  • Multiple fixes in SlowLoris detection
  • Fixed scanner crashes
  • Fixed CSV injection in Target Export
  • Fixed UI issues in Target Groups page
  • Fixed formatting for issues pushed to Jira
  • Fixed issue when installing on Centos8

1 6 7 8 24