A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.6.211207099.

This Acunetix release introduces support for the detection of HTTP/2 vulnerabilities. HTTP/2 is an upgrade to the HTTP protocol and is used more and more frequently. It does however introduce a new class of vulnerabilities, which can only be detected by a scanner that can understand HTTP/2.

The latest Acunetix update also improves handling of Laravel CSRF tokens, enables you to configure blocking of requests to ad services for each target, and includes updates to DeepScan and the PHP IAST AcuSensor. It also introduces 4 new HTTP/2 vulnerability checks, new checks for Ghost CMS, GitLab ExifTool, Jira Software, and Sitecore, as well as numerous improvements, updates, and product fixes.

New features

  • The scanner supports detecting HTTP/2 vulnerabilities

New vulnerability checks

Updates

  • Improved handling of Laravel CSRF tokens
  • Added possibility to restrict scanning a target using the main installation’s scanning engine
  • Added ability to configure blocking of requests to ad services
  • Multiple UI updates
  • Multiple DeepScan updates
  • Multiple updates to the PHP AcuSensor

Fixes

  • Fixed: SQLi false negative caused when AcuSensor is installed
  • Fixed: Incremental scans not starting when scheduled via Jenkins plugin
  • Fixed: 2 issues in .NET sensor injector CLI
  • Fixed: Node.js sensor not working on HTTPS sites
  • Fixed: Not all paths are imported from specific Burp state files
  • Fixed: Scanner crashes when parsing specific GraphQL and Swagger 2 files
  • Fixed: Some excluded paths can cause the scanner to hang
  • Fixed: Multiple scanner hangs
  • Fixed: Race condition between LSR and BLR
  • Fixed: Imported URLs ignored when a site redirects from HTTP to HTTPS
  • Fixed: Incorrect permissions for some Acunetix files/folders on Linux/Mac

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

SHARE THIS POST
THE AUTHOR
Nicholas Sciberras
Chief Technical Officer
As the Head of Acunetix Engineering, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.