Changelogs

Acunetix Standard & Premium

RSS Feed

v24.9.240924080 - 24 Sep 2024

Release build 24.9.240924080 enables Runtime SCA for On-Premises customers.
  • Enabled RuntimeSCA for On-Premises customers

v24.9.240918130 - 19 Sep 2024

Release build 24.9.240918130 includes new security checks, improvements, and bug fixes.

New Security Check

Improvements

  • Updated Chromium to v128.0.3316.119/.120

  • Improved support for GraphQL when described in introspection JSON

  • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

  • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer connection

Fixes

  • Fixed a false positive in the Solr Injection check

  • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page

  • Runtime SCA PDF reports are now being generated correctly

  • The scan end timestamp is now loading properly on the new Scan Details page

v24.8.240903137 - 04 Sep 2024

Release build 24.8.240903137 includes fixes on the HTTP/2 Handler

Fixes

  • Fixes on the HTTP/2 Handler

v24.8.240828144 - 29 Aug 2024

Release build 24.8.240828144 includes new features and security checks, improvements, and bug fixed.

New Features

  • Added support for Apache Tomcat 11 in JAVA IAST sensor
  • RAML API specs can now be uploaded to extend the coverage of API scanning Learn more
  • Implemented support for scanning HTTP/2 websites
  • Runtime SCA findings are now available on the Scan Details page (Acunetix Online only, On-Premises coming soon)
  • A new scan report for SCA is now available Learn more

New Security Checks

Improvements

  • Minor cosmetic UI/UX issues have been addressed across the app
  • Updated list of exposed web installers reported
  • The Scan Details screen for reviewing scan results has been modernized and upgraded
  • Improved testing of path fragments
  • The agent status now shows ‘Unknown’ instead of ‘Error’ when the agent hasn’t shared its status for some time
  • API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
  • API Discovery: Added functionality to change the base URL of an already linked API
  • Updated scanner to handle security definitions within Swagger

Fixes

  • Updated the scanner to use default scan speed settings when scan speed settings are missing
  • Fixed a false positive in the detection of Possible Virtual Host Found
  • Fixed a false positive in the detection of CVE-2024-6387

v24.7.1 - 24 Jul 2024

This release includes a new security check and a fix for a false positive detection.

New Security Checks

  • Added detection for Mura Masa SQLi (CVE-2024-32640)

Fixes

  • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)

v24.7.240716084 - 16 Jul 2024

Release build 24.7.240716084 includes a new feature, new security checks, improvements, and bug fixes.

New Features

  • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

New security checks

Improvements

  • Scanner: Improved processing of large files
  • Added support for HTTP/2 requests in Burp state import files
  • .NET IAST Sensor: Added support for Engine.Razor functions
  • Improved XFS checks
  • Improvements to the new Scan Detail page (Early Access)

Fixes

  • Minor UI/UX fixes across the application

v24.6.240701143 - 02 Jul 2024

Release build 24.6.240701143 is for a Discovery service bug fix and new security checks.

Security Checks

Fixes

  • Fixed an issue with the Discovery service in On-Premises environments

v24.6.240626115 - 27 Jun 2024

Release build 24.6.240626115 includes improved detection of DOM XSS vulnerabilities, , security features, improvements, and bug fixes.

New Features

  • Security checks can now be auto-updated without requiring a full product update

New Security Checks

  • SolarWinds Serv-U directory transversal (CVE-2024-28995)
  • Ivanti EPM SQL Injection / RCE (CVE-2024-29824)
  • Rejetto HTTP File Server SSTI / RCE (CVE-2024-23692)
  • PHP CGI Argument Injection (CVE-2024-4577)
  • Telerik Report Server – Authentication Bypass (CVE-2024-4358)
  • Added a new security check to identify supply chain attacks through Polyfill JS.

Improvements

  • Added a notification in the UI to inform users when their account does not have any permissions set up yet (Acunetix Premium+)
  • Updated the Scan Details page user experience with RuntimeSCA reporting (available to Early Access customers)
  • Improved detection of DOM XSS vulnerabilities
  • .NET Core IAST sensor – added hooking for System.Xml functions
  • Improved detection of Open Redirect vulnerabilities
  • Improved descriptions for verified vulnerabilities
  • Added a notification to the activity log when the engine is unable to communicate with the SCA service

Fixes

  • Fixed the issue that was causing the BLR to fail on Sequential/Slow scans
  • Fixed the issue that was causing duplicates in the sitemap
  • Logon banner messages (when configured) now display properly on the login page (Acunetix On-Premises)

v24.5.240604185 - 05 Jun 2024

Release build 24.5.240604185 (Windows + Linux) enables Predictive Risk Scoring for Acunetix On-Premises.

New features

1 2 25