Improved MySQL Database Error Message attack pattern.
Improved XML External Entity Injection vulnerability test pattern.
Improved Forced Browsing List.
Added CWE classification for Insecure HTTP Usage.
Added GraphQL Attack Usage to existing test patterns by default.
Added an option to ignore events that can break the JavaScript simulation script.
Added version number information to internal agents on the Configure New Agent page.
Added an option to set a timeout value for agents to be set as Unavailable if they are stuck.
Improved Invicti Enterprise to clear all login files upon signing out of the application.
Improved the Authentication Verifier settings in the silent installation document to skip or not the verifier.
Created a queue to store scan results and register results asynchronously.
Added the vulnerability database to the installation package.
FIXES
Fixed Out-of-memory reason at CDPSession.
Fixed the issue with the DefectDojo report submission.
Fixed the Client Secret in raw text appearing in the scan report for OAuth2.
Fixed the time zone issue for the authentication verifier agent.
Fixed the IAST Bridge installation issue that ended prematurely.
Fixed the issue that displayed “vulnerability not found” on the user interface although the vulnerability is identified.
Fixed the scan duration limit issue that crashed the application.
Fixed the issue with a folder name with blanks to prevent the Unquoted Service Path vulnerability.
Fixed the control issue that threw an “internal server error” when exporting a scan from Invicti Standard to the Enterprise.
Fixed the update issue in the Proof node in the Knowledge Base panel.
Fixed the scan profile issue when exported from Invicti Standard to Invicti Enterprise.
Fixed the API token reset issue for team members.
Fixed the API documentation’s website that failed to show descriptions.
Fixed the business logic recorder issue where the session is dropped because of a cookie.
Fixed the default email address that appeared on the login page during the custom script window.
Fixed the Out-of-Memory issue caused by the Text Parser when adding any extension to the parser.
Fixed the Client Secret in raw text appearing in the scan report for OAuth2.
Fixed the Hawk validation issue.
Fixed the scan flow with different logic for incremental scans that are launched via CI/CD integrations and the user interface.
Fixed the custom vulnerability deletion problem on the custom report policy.
Fixed the vulnerability database issue that occurred because of a URL redirect problem.
Fixed the internal server error on the Audit logs’ list endpoint.
Fixed the issue of email notifications when a new scan is launched.
Fixed the typo on the OAuth2 settings page.
Fixed the issue updating timeout issue.
Fixed the issues API endpoint on the updating and sorting.
Fixed the tagging issue with the Azure Boards integration that the tag appeared on the Azure board although there is no tag entered on the Invicti side.
Improved the web app and agent communication.
Updated the docker agent package for the 64-bit process.
Fixed the bug that threw an object reference error while trying to end the scans that exceeded the max scan duration.
Fixed the Classless Inter-Domain Routing (CIDR) transformation issue for the discovery service.