Changelogs

Acunetix Standard & Premium

RSS Feed

v24.10.241106172 - 07 Nov 2024

Release build 24.10.241106172 includes new features, improvements, fixes, and a change to the API documentation.

New Features

  • API Discovery now supports retrieving OpenAPI/Swagger specs from Azure API Management Learn more
  • Added support for automated use of OTP in scans, enabling seamless scanning of 2FA-enabled web applications Learn more
  • API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

Improvements

  • Added the latest checks for outdated technology versions
  • Optimized scan speed with smarter selection of paths
  • Improved consistency of scanning SPA applications leveraging several possible entry points
  • Minor UI improvements across the app
  • Removed redundant configuration option in API Discovery integration with Amazon API Gateway

Fixes

  • Fixed a single occurrence edge case when a scan was crashing
  • Fixed incorrectly reporting Application Build in RuntimeSCA reports

API Changes

  • Corrected the baseURL for EU customers in our API documentation

v24.9.241025109 - 29 Oct 2024

Release build 24.9.241025109 includes a fix for the scanner.

Fixes

  • Fixed a problem with the scanner that was causing it to crash in some instances

v24.9.241015145 - 17 Oct 2024

Release build 24.9.241015145 includes a new security check and product improvements.

New Security Checks

  • Added check for CVE-2024-6842

Improvements

  • Upgraded to OpenSSL
  • Updates to technologies and fingerprints

v24.9.240924080 - 24 Sep 2024

Release build 24.9.240924080 enables Runtime SCA for On-Premises customers.
  • Enabled RuntimeSCA for On-Premises customers

v24.9.240918130 - 19 Sep 2024

Release build 24.9.240918130 includes new security checks, improvements, and bug fixes.

New Security Check

Improvements

  • Updated Chromium to v128.0.3316.119/.120

  • Improved support for GraphQL when described in introspection JSON

  • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

  • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer connection

Fixes

  • Fixed a false positive in the Solr Injection check

  • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page

  • Runtime SCA PDF reports are now being generated correctly

  • The scan end timestamp is now loading properly on the new Scan Details page

v24.8.240903137 - 04 Sep 2024

Release build 24.8.240903137 includes fixes on the HTTP/2 Handler

Fixes

  • Fixes on the HTTP/2 Handler

v24.8.240828144 - 29 Aug 2024

Release build 24.8.240828144 includes new features and security checks, improvements, and bug fixed.

New Features

  • Added support for Apache Tomcat 11 in JAVA IAST sensor
  • RAML API specs can now be uploaded to extend the coverage of API scanning Learn more
  • Implemented support for scanning HTTP/2 websites
  • Runtime SCA findings are now available on the Scan Details page (Acunetix Online only, On-Premises coming soon)
  • A new scan report for SCA is now available Learn more

New Security Checks

Improvements

  • Minor cosmetic UI/UX issues have been addressed across the app
  • Updated list of exposed web installers reported
  • The Scan Details screen for reviewing scan results has been modernized and upgraded
  • Improved testing of path fragments
  • The agent status now shows ‘Unknown’ instead of ‘Error’ when the agent hasn’t shared its status for some time
  • API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
  • API Discovery: Added functionality to change the base URL of an already linked API
  • Updated scanner to handle security definitions within Swagger

Fixes

  • Updated the scanner to use default scan speed settings when scan speed settings are missing
  • Fixed a false positive in the detection of Possible Virtual Host Found
  • Fixed a false positive in the detection of CVE-2024-6387

v24.7.1 - 24 Jul 2024

This release includes a new security check and a fix for a false positive detection.

New Security Checks

  • Added detection for Mura Masa SQLi (CVE-2024-32640)

Fixes

  • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)

v24.7.240716084 - 16 Jul 2024

Release build 24.7.240716084 includes a new feature, new security checks, improvements, and bug fixes.

New Features

  • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

New security checks

Improvements

  • Scanner: Improved processing of large files
  • Added support for HTTP/2 requests in Burp state import files
  • .NET IAST Sensor: Added support for Engine.Razor functions
  • Improved XFS checks
  • Improvements to the new Scan Detail page (Early Access)

Fixes

  • Minor UI/UX fixes across the application
1 2 26