Release Notes

Acunetix Standard & Premium

RSS Feed

v12.0.180521161 - 22 May 2018

Copy Link Copy Link
Version 12 (build 12.0.180521161) – 22nd May 2018

Updates

  • DeepScan has been updated to ignore images resulting in faster scans

Fixes

  • Excluded paths not taken into consideration
  • Parts of the scan were not using the Custom 404
  • Some paths where not identified correctly

v12.0.180517125 - 17 May 2018

Copy Link Copy Link
Version 12 (build 12.0.180517125) – 17th May 2018

New Features and Vulnerability tests

Updates

  • Updated detection of Drupal installations
  • Changed to a more moderate definition of a Target for licensing purposes
  • Number of Targets and Users configured are now shown in the UI > Licensing section
  • UI now shows if the latest build is being used, and allows the user to check for updates manually

Fixes

  • Multiple updates and fixes to the HTML parser
  • Multiple updates and fixes to the Acunetix UI
  • Auto-login was making unnecessary requests
  • Some vulnerabilities were showing ‘null’ URL
  • Data from AcuSensor was not being interpreted correctly
  • Account lockout settings were not being saved
  • Fix in the scanner which was making some vulnerability checks not to work
  • Some vulnerability checks making unnecessary requests
  • Some vulnerability details where not being encoded correctly
  • Custom 404 detection was not working
  • Fix in AcuMonitor affecting some tests
  • DeepScan was not interpreting correctly paths containing a dot

v12.0.180509176 - 10 May 2018

Copy Link Copy Link
Version 12 (build 12.0.180509176) – 10th May 2018

New Features

  • New faster Engine
  • Scans can now be Paused and Resumed
  • Targets can be imported from CSV
  • New JAVA AcuSensor
  • Support for latest JavaScript (ES6 and ES7) in DeepScan and Login Sequence Recorder
  • Configurable Password Policies including Password History, Auto Password Expiry and Account Lockout
  • 2 Factor Authentication in the Acunetix UI
  • Exclude what to scan directly from Crawl results or previous scans

Updates and Fixes

  • Too many to enumerate
  • Multiple updates to the vulnerability checks

v11.0.173271618 - 24 Nov 2017

Copy Link Copy Link
Version 11 (build 11.0.173271618) – 24th November 2017

New Features

  • Added new OWASP Top Ten 2017 report

Fixes

  • Fixed: DeepScan was processing ignored scripts

v11.0.173131028 - 09 Nov 2017

Copy Link Copy Link
Version 11 (build 11.0.173131028) – 9th November 2017

New Features and Vulnerability Tests

  • Added support for Selenium scripts as Target Import files
  • Introduced various vulnerability checks for CMS Made Simple including:

Improvements

  • Various minor UI updates
  • Improved handling of aborted scans for Targets with Continuous scanning enabled
  • Increased Custom Cookie size limit from 512 bytes to 10Kb (2Kb for Acunetix Online)
  • Added new email templates
  • Email notification now indicates if a scan has failed
  • Multiple minor updates to the reports
  • Updated the Error Message script to show full JAVA error messages
  • Tech Admin role can now create and alter Scan types.

Fixes

  • Scan Comparison was incorrectly switching the order of the scans
  • Scan Comparison was incorrectly comparing with Allowed host
  • Fixed bug in the licensed user limit
  • Fixed bug causing scans to fail when the LSR contains Unicode characters
  • Multiple fixes in XML export
  • Multiple fixes in F5 WAF rules export
  • Fixed 2 minor security issues in web interface
  • 2 fixes affecting incorrect vulnerability count in Dashboard
  • Fixed the retesting of vulnerabilities for Targets requiring manual intervention
  • Fixed the Targets page incorrectly showing that the Target is being scanned, when an ongoing scan is deleted.

v11.0.172901635 - 17 Oct 2017

Copy Link Copy Link
Version 11 (build 11.0.172901635) – 17th October 2017

New Features and Vulnerability Tests

Improvements

  • Updated the Joomla and WordPress vulnerability checks

Fixes

  • Fixed bug causing scans to fail because of certain characters in the LSR file

v11.0.172641450 - 22 Sep 2017

Copy Link Copy Link
Version 11 (build 11.0.172641450) – 22nd September 2017

New Features and Vulnerability Tests

Improvements

  • Improved the detection of Blind SQL Injection
  • Better support for large JavaScript files
  • JAVA error detection now includes the full JAVA error returned by the server
  • Improved the Remote File Inclusion XSS checks
  • Updated the Joomla and WordPress vulnerability checks

Fixes

  • Fixed bug causing the downloading of a Target’s LSR file to fail
  • Fixed bug in HTTP Digest Authentication

v11.0.172371608 - 25 Aug 2017

Copy Link Copy Link
Version 11 (build 11.0.172371608) – 25th August 2017

Fixes

  • Fixed issue causing automatic updates to fail. Updates need to be downloaded manually from https://www.acunetix.com/download/fullver11/

v11.0.172351036 - 23 Aug 2017

Copy Link Copy Link
Version 11 (build 11.0.172351036) – 23rd August 2017

New Features and Vulnerability Tests

  • Detection of Apache Struts 2 Showcase RCE (CVE-2017-9791)
  • Check for .hgignore (Mercurial SCM configuration file)
  • Check for Atlassian Confluence Stored XSS (CVE-2016-6283)
  • Check for private key files with names based on ScanHost, e.g. “www.example.org.key”, “example.org.key”
  • Check for moment.js Denial of Service (CVE-2016-4055)
  • Various updates to the WordPress and Joomla checks
  • Introduction of Multi-Engine functionality for Enterprise customers

Improvements

  • Updated the Database backup file checks
  • Improved Jquery version fingerprinting
  • Updated detection of HttpOnly and Secure cookie flags
  • Updated default Target list sorting

Fixes

  • Fixed XSS detection issue
  • Minor fix to the allow_url_fopen enabled check
  • Fixed F5 BIP-AP ASM WAF XML export
  • Fixed issue causing Acunetix not to be able to install on Chinese OS
1 15 16 17 28