Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.
Release Notes

Acunetix 360 On-Demand

RSS Feed

v25.11.0 - 11 Nov 2025

Copy Link Copy Link
New features Added support for referencing secrets from SEM integrations when configuring Basic, Digest, NTLM/Kerberos, or Negotiate authentication Improvements Added “Fix versions” field to the JIRA integration Added “Queue reason” to the Scan summary page Improved IP Restriction Logic Improved the “SameSite Cookie Not Implemented”...

New features

  • Added support for referencing secrets from SEM integrations when configuring Basic, Digest, NTLM/Kerberos, or Negotiate authentication

Improvements

  • Added “Fix versions” field to the JIRA integration
  • Added “Queue reason” to the Scan summary page
  • Improved IP Restriction Logic
  • Improved the “SameSite Cookie Not Implemented” security check
  • Improved the “JWT Signature is not Verified” security check

Resolved issues

  • Fixed a layout problem when adding a new certificate
  • Fixed an issue showing wrong Vulnerability Database (VDB) version
  • Fixed a cache cleaning issue
  • Fixed an issue where users without an API Discovery license saw the error “ApiHub Service URL cannot be empty” when updating items on the Settings > General page
  • Fixed “The deletion of the website continues” issue when adding a target
  • Fixed an empty list issue in the Mend integration
  • Fixed an issue where Linux/cloud agents couldn’t parse secrets pre-request query parameters for a customer environment
  • Updated Java sensor
  • Fixed an issue with confirmation SMS messages

v25.10.1 - 27 Oct 2025

Copy Link Copy Link
Improvements Updated .NET 8 runtime to fix a security issue (CVE-2025-55315)

Improvements

v25.10.0 - 15 Oct 2025

Copy Link Copy Link
New update: WebLogic support, SEM secret integration, API improvements, and fixes for scan errors, auto-updates, and security reports

New feature

  • Added WebLogic support for JAVA Shark sensor
  • The Secrets screen now supports selecting and referencing secrets from SEM integrations in addition to manually entered name–value pairs. This allows more secure and centralized secret management

Improvements

  • Replaced old POST deletion methods with standard DELETE endpoints for a more consistent API. The POST endpoints are now deprecated – please update your integrations.

Resolved issues

  • Corrected a typo in the Ivanti RCE CVE-2024-21887 report template
  • Improved detection of CSP directives
  • Resolved containerized Agents being stuck during auto-updates
  • Fixed “Unable to Load Scan Session” and “Unable to Find Scan Files” errors
  • Corrected discrepancies in Roles permission counts
  • Enabled Agent auto-updater to use encrypted proxy credentials from appsettings.json
  • Added RegEx validation to prevent invalid patterns causing scan failures
  • Fixed Intel instance assignment issue for On-Prem Cloud Provider

v25.9.1 - 23 Sep 2025

Copy Link Copy Link
New feature Improvements Resolved issues

New feature

  • Introduced Global Client Certificates: Admins can now add client certificates to the Global Certificate section and apply them directly to Scan Profiles

Improvements

  • Added “Export to CSV” functionality to several pages, including Scan Policies, Report Policies, Scan Profiles, Scheduled Scans, and Website Groups
  • Updated GitHub Actions to their latest stable versions to take advantage of new features and performance improvements

Resolved issues

  • Resolved an issue where clicking “Toggle Content” did not display the list of Imported Links on scan profiles
  • Resolved an issue with parsing JIRA Custom Complex Fields in JSON
  • Addressed SSL errors in certificate-based environments by adding support for the IgnoreSslCertificateErrors parameter
  • Corrected an issue where NTLM “Test Credentials” incorrectly passed using default credentials; invalid credentials now fail as expected
  • Resolved issues with previously problematic Report Policies

v25.9.0 - 10 Sep 2025

Copy Link Copy Link
New feature Improvements Resolved issues

New feature

  • Added a new setting, Page Top Warning Banner, under Settings > General > Warning Text Settings. This feature allows administrators to display a persistent, plain-text banner at the top of every page for compliance and informational purposes

Improvements

  • Improved Pega version detection
  • Improved page performance
  • Updated the GitHub Actions plugin to address multiple security vulnerabilities by sanitizing user inputs, validating URLs, and remediating outdated dependencies to ensure compliance with secure coding standards
  • Encrypted OAuth2 section in Scan Profile to maintain information security
  • Updated GetTags endpoint for Asana integration

Resolved issues

  • Resolved the inconsistency between the UI and reports in displaying known issue severity
  • Resolved pagination issue on the Agent Group Index page
  • Mend-related profiles have been hidden from the UI
  • Updated the signature for Mend vulnerabilities to improve management of Mend-related issues. As a result, previously reported vulnerabilities will appear as resolved and then re-detected
  • Fixed a UI filter bug where created websites could be incorrectly ignored on the Discovered Websites page
  • Fixed authentication and simulation stucks due to script syntax
  • Resolved zombie “Pick an app”(OpenWith.exe) processes that runs out resources on Windows servers

v25.8.1 - 26 Aug 2025

Copy Link Copy Link
Explore the latest release updates, including vulnerability data retention policy changes, new improvements, and resolved issues.

Improvements

  • The character limit for the New Target/Target Group > Description field has been increased from 255 to 1000 characters. This change has also been implemented on the API side
  • The character limit for the Scan Profile > Comments field has been increased from 500 to 1000 characters. This change has also been implemented on the API side
  • Starting September 1, 2025, HTTP Request/Response data for vulnerabilities older than 180 days will be removed (except for the most recent occurrence). Read more

Resolved issues

  • Other users are prevented from editing the Primary User’s account
  • Fixed filtering Mend SAST results for Critical and High priority vulnerabilities
  • Added file size control message for imported link or API definitions files
  • Fixed Tag IDs field in Asana integration

v25.8.0 - 12 Aug 2025

Copy Link Copy Link
Acunetix 360 25.8.0 adds Pega Infinity detection, LDAP integration enhancements, a Maximum Cookie Count setting, UI component updates, and new fields for on-prem JIRA. Includes multiple fixes for icons, scripts, SCIM logs, and API imports, plus improved scanning policy controls.

Security checks

  • Added detection of Pega Infinity as a technology in the Vulnerability Database (VDB)

Improvements

  • Defined the Hawk check delay in the scanning policy
  • Added configurable User and Group ObjectClass settings to LDAP integration, enabling custom values (e.g., userProxy for AD LDS), updating synchronization logic, ensuring compatibility with diverse LDAP servers, maintaining backward compatibility
  • Added a Maximum Cookie Count setting to manage cookie numbers when necessary
  • Updated Bootstrap component
  • Updated Highlight component
  • Added Affected Versions field for on-prem JIRA to custom fields

Resolved issues

  • Added missing Technology icons
  • Fixed logging in Post-Request scripts
  • Implemented fix to ensure Post-Request script is triggered for all requests in the browser context
  • Fixed SCIM activity logs duplicate issue
  • Fixed an issue where importing link via API to Scan Profile did not generate URL Rewrite Rule

v25.7.1 - 29 Jul 2025

Copy Link Copy Link
Explore what's new in Acunetix 360, including new improvements and resolved issues.

Improvements

  • Improved visibility and transparency of customer impersonation scenarios initiated by the Support Team
  • Extended the Notifications (New & Update) REST API endpoints to include report configuration options, allowing finer control over alerting workflows
  • Improved stability by identifying and notifying users about misconfigured Jira webhooks causing excessive and unrelated requests to the scanner
  • Added tag-based filtering support to the Scheduled Scans page. Users can now filter scheduled scans by tags
  • Adding Imported Links via API now generates URL Rewrite Rules automatically

Resolved issues

  • Fixed false-positive reporting for Web Cache Deception vulnerability
  • Implemented immutable logs for deleted users to ensure audit integrity and traceability even after user removal
  • Fixed an issue where scripts defined on the Custom Script page could not be executed for testing purposes
  • Resolved an issue where SSL certificate chain errors blocked UI or auto-update of Internal Verifier Agents on Linux

v25.7.0-HF - 21 Jul 2025

Copy Link Copy Link
Improvements Minor security patch for Authentication Verifier Service

Improvements

  • Minor security patch for Authentication Verifier Service
1 2 3 4 17