Changelogs

Acunetix Standard & Premium

RSS Feed

v24.7.1 - 24 Jul 2024

Copy Link Copy Link
This release includes a new security check and a fix for a false positive detection.

New Security Checks

  • Added detection for Mura Masa SQLi (CVE-2024-32640)

Fixes

  • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)

v24.7.0 - 16 Jul 2024

Copy Link Copy Link
Release build 24.7.240716084 includes a new feature, new security checks, improvements, and bug fixes.

New Features

  • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

New security checks

Improvements

  • Scanner: Improved processing of large files
  • Added support for HTTP/2 requests in Burp state import files
  • .NET IAST Sensor: Added support for Engine.Razor functions
  • Improved XFS checks
  • Improvements to the new Scan Detail page (Early Access)

Fixes

  • Minor UI/UX fixes across the application

v24.6.1 - 02 Jul 2024

Copy Link Copy Link
Release build 24.6.240701143 is for a Discovery service bug fix and new security checks.

Security Checks

Fixes

  • Fixed an issue with the Discovery service in On-Premises environments

v24.6.0 - 27 Jun 2024

Copy Link Copy Link
Release build 24.6.240626115 includes improved detection of DOM XSS vulnerabilities, , security features, improvements, and bug fixes.

New Features

  • Security checks can now be auto-updated without requiring a full product update

New Security Checks

  • SolarWinds Serv-U directory transversal (CVE-2024-28995)
  • Ivanti EPM SQL Injection / RCE (CVE-2024-29824)
  • Rejetto HTTP File Server SSTI / RCE (CVE-2024-23692)
  • PHP CGI Argument Injection (CVE-2024-4577)
  • Telerik Report Server – Authentication Bypass (CVE-2024-4358)
  • Added a new security check to identify supply chain attacks through Polyfill JS.

Improvements

  • Added a notification in the UI to inform users when their account does not have any permissions set up yet (Acunetix Premium+)
  • Updated the Scan Details page user experience with RuntimeSCA reporting (available to Early Access customers)
  • Improved detection of DOM XSS vulnerabilities
  • .NET Core IAST sensor – added hooking for System.Xml functions
  • Improved detection of Open Redirect vulnerabilities
  • Improved descriptions for verified vulnerabilities
  • Added a notification to the activity log when the engine is unable to communicate with the SCA service

Fixes

  • Fixed the issue that was causing the BLR to fail on Sequential/Slow scans
  • Fixed the issue that was causing duplicates in the sitemap
  • Logon banner messages (when configured) now display properly on the login page (Acunetix On-Premises)

v24.5.240604185 - 05 Jun 2024

Copy Link Copy Link
Release build 24.5.240604185 (Windows + Linux) enables Predictive Risk Scoring for Acunetix On-Premises.

New features

v24.5.240529155 - 30 May 2024

Copy Link Copy Link
Release build 24.5.240529155 includes added hooking for some functions in the .NET Core IAST sensor, new security checks, improvements, and bug fixes.

New Features

  • Adding hooking for the following functions in the .NET Core IAST sensor:
    • System.Net.WebRequest
    • System.AppDomain
    • System.Type
    • System.DirectoryServices
    • MySql.Data.MySqlClient.MySqlDataAdapter
    • SqlDataAdapter

New Security Checks

Improvements

  • Further improvements in scanning of APIs
  • Improved support for sites making use of HSTS
  • Improved coverage of Single Page Applications (SPAs) using Next.js
  • Improvement in SQL Injection checks
  • Updated the list of known weak JWT secret keys
  • Updated Chromium to 125.0.6422.76

Fixes

  • Minor usability enhancements and fixes based on user feedback
  • Fixed an issue that was causing a temporary hang of the LSR on certain sites
  • Fixed an issue when OpenVAS network scan didn’t get executed properly

v24.4.240514098 - 16 May 2024

Copy Link Copy Link
Release build 24.4.240514098 includes multiple engine improvements, new security checks, and updates to several existing security checks.

New security checks

Improvements

  • Multiple engine improvements on long scans
  • Updates to WordPress checks
  • Improved XSS detection
  • Improved SQL injection detection

v24.4.240427095 - 30 Apr 2024

Copy Link Copy Link
Release build 24.4.240427095 includes a new feature, numerous security checks, enhancements, and multiple bug fixes.

New features

New security checks

Improvements

  • Fixed the password reset tool for Windows for Acunetix On-Premises
  • .NET Core IAST Sensor: Removed dependency on NLog
  • Various improvements in Deepscan, lessening the time to process pages / SPAs
  • Deepscan updated to not interact with Google Maps
  • Updated detection for monitoring systems
  • Updated detection of web installers

Fixes

  • Correct warning is now displayed when attempting to add more than permitted target variations
  • Addressed several usability and design issues across application settings
  • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
  • Design updates for User settings in Acunetix Online
  • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
  • For users in a User Group, target group assignment is properly applied under all scenarios
  • Fixed a user permission issue when using custom roles
  • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
  • Fixed the OOM (out of memory) problem when processing large PDF files

v24.3.240411164 - 15 Apr 2024

Copy Link Copy Link
Release build 24.3.240411161 brings a replacement for the expiring Invicti Code Signing Certificate tailored for Windows binaries.

Improvements

  • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
1 2 25