New security checks
- Added new patterns for GrapQL attack usage.
- Added new attack pattern to CommandInjection.xml.
- Implemented Bootstrap Libraries Detection.
- Added Out-of-Date vulnerability for mod_ssl.
- Added a report template and vulnerability type for Spring Framework Identified.
- Added JavaMelody Interface Detected Signature.
- Added the support for Nested objects for GraphQL attacks.
- Added the discovery source option to filters on the discovered websites page.
- Added the AWS badge to the Discovery Service to identify the assets identified via the AWS connection.
- Improved the Linux agents to work in the FIPS-enabled environment.
- Updated the IAST Bridge to improve the communication between the bridge and the scanner agent.
- Added a null check for HAR files imported.
- Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
- Improved the agent and web application communication to end it after three attempts if the internal agent has wrong information.
- Updated IAST NuGet PHP package.
- Updated StaticDetection.xml & StaticResourceFinder.xml.
- Changed WAF Identification Signature for F5 Big IP.
- Added service worker request support for authentication, login simulation, and crawling.
- Fixed the AWS connection issue to let customers add internal EC2 instances.
- Fixed an issue that caused high memory usage while collecting form values.
- Fixed the issue that caused the change in the date and time format during the Postman file importing.
- Fixed the next scheduled scan execution time information on the user interface.
- Fixed the issue that displayed "vulnerability not found" on the user interface although the vulnerability is identified.
- Fixed the control issue that threw an “internal server error” when exporting a scan from Invicti Standard to the Enterprise.
- Fixed the issue that allowed a user with permission to add/edit a website group the ability to view all account websites.
- Fixed the logo issue that the Knowledge Base report was showing the old Invicti logo.
- Fixed the untrusted certificate error for internal proxies.