New features
Added the option to remove Request/Response details from the detailed template to avoid the character limit error when sending vulnerabilities
Added the option for customers to display their company name on the PCI report (new scan settings field under General settings)
Enabled the ability to re-scan a previously scanned target, which allows the application of previous exclusions on the scan and helps avoid false positives on the PCI ASV scan
Added the option to enable enhanced logging of failed logins
Added functionality to the UI for users to obtain logs from failed scans (previously, only system administrators were able to do that)
ServiceNow Application Vulnerability Response integration is now available in the ServiceNow store
New security checks
Added a check for dotCMS CVE-2022-26352
Added a check for the Ultimate Member WordPress plugin CVE-2023-3460
Added a new mXSS pattern
Added new signatures to detect JWKs
Implemented a detection and reporting mechanism for the Backup Migration WordPress plugin CVE-2023-6553
Added detection for TinyMCE
Implemented a detection and reporting mechanism for the Backup Migration WordPress plugin CVE-2023-46604
Improvements
Improved the recommendations for the Weak Ciphers Enabled vulnerability
Improved detection of swagger.json vulnerabilities
Updated the "Insecure Transportation Security Protocol Supported (TLS 1.0)" vulnerability to High Severity
Implemented support for scanning sites with location permission pop-ups
Implemented support for FreshService API V2
Revised the labeling of the active vulnerabilities information on the Scan Summary page to provide greater clarity
Removed obsolete X-Frame-Options Header security checks
Improved ServiceNow Vulnerability Response integration
Fixes
Fixed a bug in the cloning report policies functionality
Fixed an error that was occurring with the API endpoint: list-scheduled
Fixed a bug with the Jira integration
Fixed a bug with custom scheduled scans that were not updating the Next Execution Time field correctly
Fixed an issue with the HashiCorp Vault integration token validation path
Fixed the missing 'Known Issues' tab from scan summary issue details
Fixed an issue with the severity trend chart on the Dashboard
Fixed a problem with importing WDSL files
Fixed a bug in the Request/Response tab of Version Disclosure vulnerabilities
Corrected an issue in the technical reports where vulnerabilities identified in Korean are now reported in English
Changed the ID parameter from 'optional' to 'required' within the Scan Policy Update API
Removed the target URL from the scope control list
Resolved a bug in the filtering of vulnerabilities on the Issues page
Fixed a bug in the marking of issues as a false positive
Resolved an issue where the agent would become unavailable after receiving a 401 error
Fixed the issue with uploading a Swagger file into a scan profile
Removed the "Export all attributes" option from Scan Profiles, Report Policies, Manage Members, and Scan Policies
Fixed the system to halt subsequent tests if a scan is aborted from Jenkins
Upgraded Microsoft.Owin package to version number 4.2.2