Release Notes

Acunetix 360 On-Demand

RSS Feed

v25.8.0 - 12 Aug 2025

Copy Link Copy Link
Acunetix 360 25.8.0 adds Pega Infinity detection, LDAP integration enhancements, a Maximum Cookie Count setting, UI component updates, and new fields for on-prem JIRA. Includes multiple fixes for icons, scripts, SCIM logs, and API imports, plus improved scanning policy controls.

Security checks

  • Added detection of Pega Infinity as a technology in the Vulnerability Database (VDB)

Improvements

  • Defined the Hawk check delay in the scanning policy
  • Added configurable User and Group ObjectClass settings to LDAP integration, enabling custom values (e.g., userProxy for AD LDS), updating synchronization logic, ensuring compatibility with diverse LDAP servers, maintaining backward compatibility
  • Added a Maximum Cookie Count setting to manage cookie numbers when necessary
  • Updated Bootstrap component
  • Updated Highlight component
  • Added Affected Versions field for on-prem JIRA to custom fields

Resolved issues

  • Added missing Technology icons
  • Fixed logging in Post-Request scripts
  • Implemented fix to ensure Post-Request script is triggered for all requests in the browser context
  • Fixed SCIM activity logs duplicate issue
  • Fixed an issue where importing link via API to Scan Profile did not generate URL Rewrite Rule

v25.7.1 - 29 Jul 2025

Copy Link Copy Link
Explore what's new in Acunetix 360, including new improvements and resolved issues.

Improvements

  • Improved visibility and transparency of customer impersonation scenarios initiated by the Support Team
  • Extended the Notifications (New & Update) REST API endpoints to include report configuration options, allowing finer control over alerting workflows
  • Improved stability by identifying and notifying users about misconfigured Jira webhooks causing excessive and unrelated requests to the scanner
  • Added tag-based filtering support to the Scheduled Scans page. Users can now filter scheduled scans by tags
  • Adding Imported Links via API now generates URL Rewrite Rules automatically

Resolved issues

  • Fixed false-positive reporting for Web Cache Deception vulnerability
  • Implemented immutable logs for deleted users to ensure audit integrity and traceability even after user removal
  • Fixed an issue where scripts defined on the Custom Script page could not be executed for testing purposes
  • Resolved an issue where SSL certificate chain errors blocked UI or auto-update of Internal Verifier Agents on Linux

v25.7.0-HF - 21 Jul 2025

Copy Link Copy Link
Improvements Minor security patch for Authentication Verifier Service

Improvements

  • Minor security patch for Authentication Verifier Service

v25.7.0 - 08 Jul 2025

Copy Link Copy Link
Explore what's new in Acunetix 360, including new CVE checks, improved XSS and prototype-pollution detection, OAuth2 and HTTP/2 enhancements, LDAP integration updates, API changes, and key bug fixes.

Security checks

Improvements

  • Improved prototype-pollution detection to reduce noise
  • Improved XSS detection to reduce noise
  • Increased the timeout duration for IAST responses to prevent premature failures
  • Updated dependencies with known vulnerabilities
  • Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
  • Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
  • Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.474
  • When user roles changes details are now available on Activity Logs
  • Jenkins Plugin: Corrected misleading UI validation for the “Report Type” parameter within the “Netsparker Enterprise Scan” build step. The field no longer incorrectly appears as required, clarifying its optional nature
  • LDAP Integration: Permanently enabled LDAP integration for on-premise WebApp installations by removing its associated feature flag. LDAP functionality is now available by default
  • Shark (IAST) versions upgraded
  • Agent and Verifier download names now come in a specific format
  • Added new columns while exporting with All Attributes CSV

API changes

  • Addresses discrepancies in global vulnerability counts between scan tasks and website issues

Resolved issues

  • Corrected the MOVEit SQLi check to avoid reporting an incorrect version
  • Enhanced support for using multiple secrets simultaneously within a single custom header
  • Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
  • Addressed an issue encountered during report policy migration
  • File Uploads: Added support for additional ZIP MIME types to resolve upload issues from some operating systems
  • Fixed broken link issue
  • Fixed integration duplication issue on Notification UI
  • Fixed an issue where starting a new scan after a failed PCI scan could cause the PCI scan status to remain stuck in the “Stopping” state

v25.6.0 - 18 Jun 2025

Copy Link Copy Link
Improvements Improved Stack Trace Disclosure (Java) detection pattern Added support for configuring the temp file via appsettings.json or an environment variable () Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.462 Updated the Jenkins plugin...

Improvements

  • Improved Stack Trace Disclosure (Java) detection pattern
  • Added support for configuring the temp file via appsettings.json or an environment variable (Read more)
  • Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.462
  • Updated the Jenkins plugin script generation to use the latest GitHub Actions versions and ubuntu-latest runner for improved compatibility and security
  • Updated Microsoft.OpenApi to version 2.0 preview to support OpenAPI 3.1.0 for improved API scanning
  • Added API GET method to retrieve scheduled scans by ID

Resolved issues

  • Added an event notification name to the logs for email notifications
  • Resolved an issue where multiple versions of Next.js were not properly displayed in the Technologies dashboard and Scan Reports

v25.5.1 - 28 May 2025

Copy Link Copy Link
New feature Added Post-Request script feature () Integrated AI Assist Bot into Acunetix 360 On-Demand New security checks Added a new XSS Security check Improvements Updated workflows to improve reliability and security while maintaining alignment with GitHub’s best practices Addressed multiple versions of GitHub...

New feature

  • Added Post-Request script feature (Read more)
  • Integrated AI Assist Bot into Acunetix 360 On-Demand

New security checks

  • Added a new XSS Security check

Improvements

  • Updated workflows to improve reliability and security while maintaining alignment with GitHub’s best practices
  • Addressed multiple versions of GitHub Actions available in the marketplace
  • Added new REST API endpoint (agents/listverifiers) to retrieve AV agents data
  • Restricted the Vulnerability Note field to 1000 characters

Resolved issues

  • Resolved an issue causing scans to get stuck during archiving
  • Resolved discrepancy between API (listByWebsite) and UI (Recent Scans) results
  • Fixed an issue with verifying the existence of links in the link pool
  • Improved incremental scanning
  • Implemented logic to create the UserDocumentsDirectoryPath when it doesn’t already exist
  • Added support for defining headers and HTTP method during CSV import

v25.5.0 - 06 May 2025

Copy Link Copy Link
This 25.5.0 Acunetix 360 On-Demand release contains new features and a number of improvements and resolved issues.

New feature

  • Implemented webapp for secure storage and retrieval of passwords for Pre-Request scripts
  • Added an integration for NTA with NGINX (Read more)

Improvements

  • Implemented default limit setting to 1000 without flag for all fields except Second Level Domains
  • Implemented custom field Parent option in integration with Azure Boards
  • Implemented agent for secure storage and retrieval of passwords for Pre-Request scripts

Resolved issues

  • Fixed an issue with Bad Request Response on Scan Summary
  • Fixed naming issues of WordPress plugin Contact Form 7
  • Implemented possibility to keep the report history of PCI scans with exceptions defined
  • Fixed the issue of LoginRequiredUrl and Pre-Request script requests causing bottlenecks in HTTP requests
  • Fixed an issue that unnecessarily included the code parameter in OAuth2 authorization requests
  • The scanning engine now correctly processes merged request headers received from browser

v25.4.1 - 24 Apr 2025

Copy Link Copy Link
Resolved issues Resolved an issue on Technologies Dashboard The ‘Tags’ filter in All Issues now works correctly when using the ‘Not Contains’ condition Resolved issue where no results appeared when filtering the target list on the Target Group page. This was linked to the ‘View...

Resolved issues

  • Resolved an issue on Technologies Dashboard
  • The ‘Tags’ filter in All Issues now works correctly when using the ‘Not Contains’ condition
  • Resolved issue where no results appeared when filtering the target list on the Target Group page. This was linked to the ‘View Target List’ permission
  • Resolved communication issues in the TestBasicAuthCredentials process and improved HTTP connection handling
  • Resolved an issue where not all attributes were exported correctly from the Issues page

v25.4.0 - 08 Apr 2025

Copy Link Copy Link
New feature Added an option to prevent reopening Issue Tracker issues when a vulnerability is marked as False Positive and later revived (). Improvements Requests with empty or default values are not sent to DeepInfo Introduced a new setting under the Account General settings,...

New feature

  • Added an option to prevent reopening Issue Tracker issues when a vulnerability is marked as False Positive and later revived (Read more).

Improvements

  • Requests with empty or default values are not sent to DeepInfo
  • Introduced a new setting under the Account General settings, within the Data Privacy and Security section, to modify the X-AMZ-Expires parameter while downloading the scan data
  • Enhanced the “Configure New Agent” page to include additional details for auth verifier agents (Read more)
  • Updated remediation details for outdated AngularJS versions
  • [BREAKING CHANGE]: Updated the Docker agent’s compression method and file extension; ensure any automation or scripts referencing the old format are updated accordingly

Resolved issues

  • Fixed an issue where the Issue note field could not be updated
  • Fixed inefficient algorithmic complexity in DotNet IAST Sensor
  • Resolved the issue where an invalid character response occurred when attempting to add a user
  • Resolved the “Invalid Target URI” error that occurred when editing the Target URI to end with multiple slashes (///) on the new scan page
  • Resolved the issue where the scan profile was not updating with the support account
  • Fixed restrictions for JIRA integration
  • Fixed an issue where pressing “Enter” instead of clicking the “Check” button during password verification triggered a full scan instead of the intended login verification
  • Updated Chromium and Node.js versions, resolving Chromium-related issues, including the unexpected increase in Chromium count
  • Exclude URL rules now function correctly even when the excluded URL is the target
  • Fixed an issue with retrieving OAuth2 token data from JSON responses
1 2 15