Changelogs

Acunetix Standard & Premium

RSS Feed

v24.5.240604185 - 05 Jun 2024

Release build 24.5.240604185 (Windows + Linux) enables Predictive Risk Scoring for Acunetix On-Premises.

New features

v24.5.240529155 - 30 May 2024

Release build 24.5.240529155 includes added hooking for some functions in the .NET Core IAST sensor, new security checks, improvements, and bug fixes.

New Features

  • Adding hooking for the following functions in the .NET Core IAST sensor:
    • System.Net.WebRequest
    • System.AppDomain
    • System.Type
    • System.DirectoryServices
    • MySql.Data.MySqlClient.MySqlDataAdapter
    • SqlDataAdapter

New Security Checks

Improvements

  • Further improvements in scanning of APIs
  • Improved support for sites making use of HSTS
  • Improved coverage of Single Page Applications (SPAs) using Next.js
  • Improvement in SQL Injection checks
  • Updated the list of known weak JWT secret keys
  • Updated Chromium to 125.0.6422.76

Fixes

  • Minor usability enhancements and fixes based on user feedback
  • Fixed an issue that was causing a temporary hang of the LSR on certain sites
  • Fixed an issue when OpenVAS network scan didn’t get executed properly

v24.4.240514098 - 16 May 2024

Release build 24.4.240514098 includes multiple engine improvements, new security checks, and updates to several existing security checks.

New security checks

Improvements

  • Multiple engine improvements on long scans
  • Updates to WordPress checks
  • Improved XSS detection
  • Improved SQL injection detection

v24.4.240427095 - 30 Apr 2024

Release build 24.4.240427095 includes a new feature, numerous security checks, enhancements, and multiple bug fixes.

New features

New security checks

Improvements

  • Fixed the password reset tool for Windows for Acunetix On-Premises
  • .NET Core IAST Sensor: Removed dependency on NLog
  • Various improvements in Deepscan, lessening the time to process pages / SPAs
  • Deepscan updated to not interact with Google Maps
  • Updated detection for monitoring systems
  • Updated detection of web installers

Fixes

  • Correct warning is now displayed when attempting to add more than permitted target variations
  • Addressed several usability and design issues across application settings
  • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
  • Design updates for User settings in Acunetix Online
  • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
  • For users in a User Group, target group assignment is properly applied under all scenarios
  • Fixed a user permission issue when using custom roles
  • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
  • Fixed the OOM (out of memory) problem when processing large PDF files

v24.3.240411164 - 15 Apr 2024

Release build 24.3.240411161 brings a replacement for the expiring Invicti Code Signing Certificate tailored for Windows binaries.

Improvements

  • Replaced an expiring Invicti Signing Code Certificate for Windows binaries

v24.3.240322155 - 25 Mar 2024

Release build 2.3.240322155 includes new Smart API Scanning capabilities for Swagger 2 and OpenAPI 3, improved Crawling of websites using IFrames, as well as many new security checks. We have also made some more improvements and bug fixes.

New features

  • Smart API Scanning capabilities for Swagger 2
  • Smart API Scanning capabilities for OpenAPI 3

New security checks

Improvements

  • Improved Crawling of websites using IFrames
  • .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
  • Improved detection of DOM XSS in Referrer Header
  • Improved detection of DOM XSS in document.cookie

Fixes

  • Fixed a situation when a new target couldn’t be created via API
  • Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
  • Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability

v24.2.240227118 - 28 Feb 2024

Release build 24.2.240227118 includes bug fixes.

Fixes

  • Invitation emails are being sent correctly
  • Discovered assets can be correctly assigned to target groups

v24.2.240226074 - 26 Feb 2024

Release build 24.2.240226074 includes a new PCI DSS 4.0 report, the ability to use Aria Roles to provide better coverage, as well as many new security checks. Along with a new navigational experience, we've also made some more improvements and bug fixes.

New features

  • Added the ability to use Aria Roles to provide better coverage
  • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
  • .NET IAST now supports .NET 8 (currently in Open Beta)

New security checks

Improvements

  • Updated Chromium to 121.0.6167.139/140
  • Improved detection of DOM-based Cross Site Scripting (XSS)
  • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
  • Improved detection of Client Side Prototype Pollution (CSPP)
  • IAST scans will start reporting the IAST sensor version used for the scan
  • New column “Result” is shown in the list of scans to provide more details about scan outcome
  • Enhanced support for OTP apps by displaying the activation code next to the QR code
  • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
  • Added the ability to scan web applications which require browsing in a single browser tab
  • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
  • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

Fixes

  • Fixed a bug caused by the engine not respecting Cache-Control directive
  • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
  • Fixed several minor user experience issues across the application
  • Removed deprecated X-Frame Options check
1 2 25