Implemented an option to set the maximum LEN value in discovery settings using an account-based feature flag
Updated scan profile tag handling to apply only delta changes via UI & API
Invicti HTTP Requester can be turned on or off from Scan Policy now
Issue API responses now clearly indicate which request parameter is vulnerable
Updated headings and labels to meet WCAG 2.4.6 (Level AA) standards
Improved link descriptions to meet WCAG 2.4.4 (Level A) accessibility standards
Updated page titles to meet WCAG 2.4.2 (Level A)
Improved info and relationships formatting for WCAG 1.3.1 (Level A)
Added text alternatives for non-text content per WCAG 1.1.1 (Level A)
Corrected name, role, and value attributes for WCAG 4.1.2 (Level A)
Optimized the UI focus order for WCAG 2.4.3 (Level A)
Added detection for Advanced Custom Fields Extended (WordPress plugin)
Improved detection logic of "Possible Password Transmitted over Query String" to better handle SPA applications using hash-based routing, reducing false positives in modern JavaScript authentication flows
Aligned CVSS scores with the National Vulnerability Database
Resolved issues
Fixed an issue preventing scans with OAuth2 settings from starting
Resolved a Chromium issue on Auth Verifier Agents
Fixed malformed masked URL usage in the scan
Improved the authentication logic for Form and Basic/NTLM methods