Release Notes

Acunetix Standard & Premium

RSS Feed

v15.5.230326230 - 28 Mar 2023

Copy Link Copy Link
Version 15 build 15.5.230326230 for Windows and Linux – 28 March 2023

New feature

Security checks

  • Improved the Server-side prototype pollution check.
  • Updated the WordPress plugin vulnerabilities.
  • Updated the software composition analysis database.

Improvements

  • Added sitemap parser to better handle the sitemap files.
  • Improved the user interface to remove the hyperlink for websites that users do not have permission to.
  • Improved scanner to identify XSS in forms where these forms are protected with a CSRF token that is changing each time the page is refreshed.
  • Increased limit for data exchanged between IAST AcuSensors and the Acunetix engine.
  • Improved the token validator for new Jira tokens.

Fixes

  • Fixed the OpenVAS service on Acunetix Premium Online to avoid the scan queue.
  • Fixed bug causing some vulnerability checks to not execute on scans which are paused and resumed.
  • Fixed issue with the request header limit for Github/Gitlab issue trackers.
  • Fixed the issue of sending issues to Bugzilla.
  • Fixed the bug that threw an internal server exception when a system admin tries to add a new user.
  • Fixed the UI bug that appeared when the target is network.
  • Fixed the issue that rejected locations and schemes are still being scanned.
  • Fixed the issue with the corrupted links that are sent via email after the scan.
  • Fixed the password reset issue.
  • Fixed possible false positive misconfiguration “ASP.NET expired session IDs are not regenerated”

v15.4.230301111 - 03 Mar 2023

Copy Link Copy Link
Version 15 build 15.4.230301111 for Windows and Linux – 3 March 2023

New security checks

v15.4.230222085 - 23 Feb 2023

Copy Link Copy Link
Version 15 build 15.4.230222085 for Windows and Linux – 23 February 2023

New features

New security checks

Improvements

  • Added the Heuristic server-side routing detection to optimize attacks.
  • Updated the embedded Chromium browser to v109.0.5414.119.
  • Added the company name field to the registration process to Acunetix.
  • Updated the issue tracker integrations to show the link to the relevant ticket created in those issue trackers.
  • Updated the DISA STIG report to version 5.2.
  • Improved the CSV importing link to limit the target limit to 500.
  • Improved the scanner engine to reduce the memory footprint.
  • Improved the .NET IAST sensor to mask any password.

Fixes

  • Fixed the pagination bug on the Targets page.
  • Fixed the crawler issue that the page becomes unresponsive when it contains many elements.
  • Fixed the single-page application crawler to be consistent in the form submission.
  • Fixed a notification bug that does not redirect users to the correct URL for the finished scan.
  • Fixed the bug that does not refresh the user interface after the update.

v15.3.230126173 - 30 Jan 2023

Copy Link Copy Link
Version 15 build 15.3.230126173 for Windows and Linux – 30 January 2023

Fixes

  • Fixed the Linux installations for updating issues.

v15.3.230123162 - 24 Jan 2023

Copy Link Copy Link
Version 15 build 15.3.230123162 for Windows and Linux – 23 January 2023

New security checks

  • Added SAML anonymous assertion consumer service audit for XML external entity injection, XSLT, Server-side request forgery, and Cross-site scripting.
  • Added a SAML signature audit to test attacks on signature verification.
  • Added various checks for Content Security Policy misconfiguration.
  • New security check for ASP.NET core development mode.
  • Updated the WordPress core vulnerabilities.
  • Updated the WordPress plugin vulnerabilities.

Improvements

  • Updated .NET IAST Sensor to detect a number of server-side configuration problems which may result in a security vulnerability.
  • Improved the JSON payload tests.
  • Updated JWT secrets dictionary.

Fixes

  • Fixed a bug in the PHP IAST sensor when reporting arrays to the scanner.
  • Fixed the scan summary page that failed to show some of the results.
  • Fixed issues in the UI Notifications causing them to be unactionable.
  • Fixed a problem that caused the LSR to show the mobile version for some sites incorrectly.
  • Fixed .NET sensor issue that returns the root applications (website’s root) files although the sensor is enabled for sub-application.
  • Fixed the version information shown on the user interface after the update.
  • Fixed the routing issue for .NET Framework ASP.NET Web API because of compatibility issues.
  • Improved the login sequence recorder notification that informs users when the response max size limit is exceeded.
  • Fixed issue with pagination on the vulnerabilities page.
  • Fixed the crawler issue that the page becomes unresponsive when it contains many elements.

v15.2.221208162 - 12 Dec 2022

Copy Link Copy Link
Version 15 build 15.2.221208162 for Windows and Linux – 12 December 2022

New security checks

  • Updated the WordPress plugin vulnerabilities.
  • Added the AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758).
  • Improved the out-of-band detection.

Improvements

  • Added ability to send HTTP requests to pre-request scripts.
  • Various DeepScan improvements, generally improving the processing of JavaScript-rich web applications.
  • Updated the embedded Chromium browser to v108.0.5359.71.
  • Implemented the scan id to limit the caching, such as file list and libraries, to a scan.
  • Improved the performance of alert transmission for AcuSensor.

Fixes

  • Fixed the MongoDB injection and removed JSON parsing from the feature extraction library to avoid scan crashes.
  • Fixed the issue that sent bogus report because of inconsistent last scan id.
  • Improved the Pre-request script to send an HTTP job.
  • Fixed the formatting issue for vulnerabilities exported to GitHub Issues.
  • Fixed the unhandled exception that the IAST Bridge throws.
  • Fixed the business logic recorder issue that failed to replay the logic sequence recorder.
  • Fixed the issue that the custom scripts folder was not created during the installation.
  • Fixed the issue that failed to show the Chinese on some headings when switched to Chinese.
  • Fixed the manual intervention required information box that began to appear in the notification bar instead of being displayed as a dialog box.
  • Added cURL as a backup if NSLookup is not present.
  • Fixed the Jira integration that failed to create the epic issues.
  • Fixed the issue that long scan names overlap with the AcuSensor icon.
  • Fixed the issue that the authorization bearer was not used throughout the scan.

v15.1.221109177 - 10 Nov 2022

Copy Link Copy Link
Version 15 build 15.1.221109177 for Windows and Linux – 10 November 2022

New features

  • New navigation menu for a better user experience.
  • Notification updates are shown for the last 30 days

New vulnerability checks

    Updates

    • Updated the embedded Chromium browser to v107.0.5304.87/88.
    • Updated how scans reaching max scan time are displayed in UI.
    • Updated Issue Tracker UI to accept internal URLs.
    • Improved Log4J checks to reduce false positives.

    Fixes

    • Fixed the issue causing the IAST bridge to fail to send responses to the sensor when large packets are received from the sensor.
    • Added loopback routes that returned ‘undefined’ as an HTTP method.
    • Added the keep connection alive message between AcuSensor and the web application scanner to keep the connection alive.

    v15.0.221007170 - 13 Oct 2022

    Copy Link Copy Link
    Version 15 build 15.0.221007170 for Windows and Linux – 13th October 2022

    Note: There will be no new updates of the MacOS on premise installations. MacOS users can switch to Acunetix Premium Online, or use Acunetix On Premise in a virtual environment or on Docker.

    New Features

    New Vulnerability checks

    • Added check for Permissions-Policy header
    • Added check for unrestricted access to Karma monitoring interface
    • Added check for Go web application binary disclosure

    Updates

    • SCA: Improved the detection of components used by JAVA web application
    • Updated to Chromium v106.0.5249.61
    • Updated PHP AcuSensor to better support web applications using the Slim Framework
    • Improved support for HTTP calls from Axios
    • Updated CWE Top 25 Most Dangerous Software Weaknesses to 2022 list of weaknesses
    • Scan results and scan reports will include the Acunetix version used to conduct the scan
    • Updated PHP sensor to report MongoDB injection
    • Updated PHP sensor to report Server-side Template Injection (SSTI)
    • Increased the detection of default GraphQL Introspection URLs
    • Implemented heartbeat for connections between scanner and AcuSensor bridge
    • Multiple DeepScan updates
    • Improved the auditing of JavaScript Libraries

    Fixes

    • Fixed issue which might cause Blind SSRF in the Issue Tracker and Proxy configuration
    • Fixed 3 authorization problems
    • Fixed memory exhaustion bug in Heuristic Links Verifier
    • Fixed: Malware was being reported when invalid / unknown malware was reported by Windows Defender
    • Fixed some crashes in the scanner
    • Updated Network scans to not abort if initial ICMP ping fails
    • Fixed error when sending vulnerabilities to Jira Issue Tracker
    • Fixed UI error when filtering vulnerabilities by time

    v14.9.220913107 - 14 Sep 2022

    Copy Link Copy Link
    Version 14 build 14.9.220913107 for Windows, Linux and macOS – 14th September 2022

    Updates

    • Updated to Chromium 105.0.5195.102

    Fixes

    • Fixed DeepScan issue
    1 6 7 8 28