Acunetix 360 On-Premises 2.0.2 – 28th June 2021
GitHub Actions CI/CD integration. Added
Authentication Profile feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure. Added
UrbanCode Deploy Added
Azure Pipeline Extensions Added the ability to
tag issues Added a new Scope option for
Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website. Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.
Added Choose Scan Profile while scheduling from API
Added TLS 1.3 Support
Removed the scan report selection from notification events that do not produce any reports.
Added account-based option to display authentication credentials on API responses.
Improved time zone calculations to handle new time zones.
Improved configuration validation error messages for Privileged Access Management integrations.
Added an option to specify a scan profile while scheduling scans through API.
Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
Added support for 11 digit phone numbers while inviting a new member.
Added an option to ServiceNow integration to specify if the incident should be set to Closed when the vulnerability is fixed.
The Category selection for ServiceNow integration is editable.
Added a field to specify the user’s Single Sign-On email address while creating a new team member using the API.
Improved configuration options for Jenkins.
Added the option to fail Jenkins build for only confirmed vulnerabilities
The login process redirects the
Single Sign-On users to their providers Added NIST, DISA STIG, and ASVS classifications to Report Policy
Added support for importing links from multiple RAML files from a ZIP file (include directive support).
Improved Azure AD Single Sign-On in-app help text.
Removed the Current Password field for admin users (logged in with Single Sign-On) while editing a member.
Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.
Improved access control by introducing new more granular permissions
Improved role assignment for website groups while inviting new members
Added IgnoreSslCertificateErrors option to Docker agent.
Improved GitLab CI/CD script failure conditions.
Adding a title to the API field in the edit team member page
Fixed an issue that occurs with updating scan profile
Fixed an issue with Imported Links getting updated to Null while using Update ScanProfiles API
Fixed the validation problem
Fixed some bugs for the Sitemap
Fixed an issue that getting an error which caused by connection problem with authentication verification hub on scheduled scan
Fixed the problem of not being able to delete the scan with a profile
Fixed the forgot password issue for
Single Sign-On Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
Fixed an issue where starting a PCI scan via using API could not start the scan.
Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.
Fixed validation error messages on the Email Settings page.
Fixed some of the swagger API validation errors reported for the REST API
Fixed an agent scan stuck issue while archiving
Fixed a retest problem where some issues could not be retested
Fixed an agent auto-update issue
Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail
Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification
Fixed a mismatching type issue on /scanprofiles/list API response model
Fixed an issue where a failed scan sends an excessive amount of email notifications
Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed
Fixed agent auto-update issues
Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail
Fixed an error that occurs while trying to mark an issue as false positive
Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles
Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced
Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running
Acunetix 360 On-Premises 2.0 – 1st April 2021
Improved the visual elements of the dashboard
Improved the performance of the Technology Dashboard
Added the ability to create new SSO users via API
Added the ability to get a team member’s last login timestamp via API
Added the Website URL filter to the Scheduled Scans page
Improved the performance of the Sitemap
Updated the Name Id Policy value for SAML as the email
Added the ability to delete the Website Groups with ID API Endpoint
Added the Next Execution Time tooltip to the scheduled scan
Added the Scan Profile Name information to the Scan Task Groups in the Website Dashboard
Added the ability to save the Privileged Access Management integrations without testing
Fixed the scan failed errors
Added the title fields for Vulnerability List items
The delete button is disabled for system notifications on the Notifications page
Added the ability to assign scans to internal agents via scheduling
Removed all (encrypted and cleartext) authentication credentials on the API responses
Minor revision changes will also trigger agent auto-updates
The downloaded agent log file is named agentlogs.zip
Improved the stabilization of the agent state transitions
Added Script Engine Type to the Authentication Verifier
Fixed the request agent logs bug
Fixed handling authentication tokens while executing the form authentication
Fixed the issue where the wrong vulnerability database version was displayed in the agent info
Fixed the scan session null error
Fixed the bug in the scan policy optimizer wizard tree
Fixed the issue where users cannot create a custom script in a three-legged OAuth2 Authentication
Notification events require appropriate permission
Added Scan Profiles, Scans, and Scheduled Scans’ links while deleting the scan policy
Fixed XSS for Jira and Pivotal Tracker integrations
Fixed the responsiveness of the ServiceNow category selection drop-down
Fixed an issue about a scan that is not matching with the agent which is in the selected agent group
Fixed the scan policy cloning bug
Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under the Scan Permission are not saved while creating new members
Fixed the text problem in the information of the Technologies Dashboard User Interface
Fixed an issue where users cannot save an empty Excluded URL field
Fixed an issue where scan policy and report policy drop-down appear blank while editing the scheduled group scan
Fixed a bug that occurs while deleting the scan profile
Fixed the form authentication fields encryption
Fixed the loading problem of default scan profile selection
Fixed the Pre-Request Script Error on Scheduling Scan
Fixed Exclude Addressed Issues on the Export Report
Fixed usage report page style problem
Acunetix 360 On-Premises 1.9.4 – 15th February 2021
Added the option to provision a new member with SSO in the New Team Member addition screen.
SSO Email requirement is not necessary for SSO-enabled accounts without enforcement
Renewed PCI Compliance Report template
Added scan profile and scan profile URL to scan report.
Added the option to add a customized header text on the Account Settings page
Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all screens.
Redesigned Scan Time Window
Improved design of important information, such as email and name, in dialogs
Updated descriptions on edit and signup web pages
Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit”
Redesigned Basic Authentication Form
Added advanced script feature for the Azure Pipelines integration
Updated related RegEx to let users using parentheses with the website name and profile name
Added silent mode installation for Web Application
Added phone number confirmation countdown timer.
Added the document link for Linux Agent installation on the New Agent page.
Improved the speed of page loading on the Custom Script screen
Improved the agent stability to prevent scans from being stuck
Added the possibility to add non-registered emails in notifications
Added SANS Top 25 report
The Target URL will be displayed instead of the website URL in the scan reports
Fixed JSON Serialization problem in the scan profile
Fixed typos in Acunetix 360 Rest API Endpoint explanation
Fixed the validation message on the password change page
Fixed the validation message for admin password on the password change page
Fixed the Bugzilla operating system field’s name
Fixed warning message for the Website Groups Update API
Fixed undeleted scan files (which belong to completed scans) issue
Disable status error fixed for Linux Agent
Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved.
Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report Fixed the HashiCorp Vault More Information link
Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.
Acunetix 360 On-Premises 1.9.3 – 7th January 2021
Added the Stop the Scan if the Build fails option in GitLab CI/CD
Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD
Upgraded the scanning engine to version 220.127.116.11722. NEW SECURITY CHECKS
Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882)
Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883) IMPROVEMENTS
Added the Scan Group selection combo box to Trend Matrix Report
Added WASC Threat Classification Report
Added the Export Unconfirmed option in the report generation screen
Added the info box to Custom Scripts window for the Form Authentication
Added URL Rewrite Rules while a file is being imported
Added Uniqueness Controls on the new integration wizard
Added validations of new integration wizard
Added Swagger JSON link to API document’s index
Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled
Improved the performance of the Discovery Page
Improved the performance of generating reports that contain a large number of vulnerabilities
Improved the custom script’s performance
Improved the website preview image resolution on the Verify Login & Logout screen
Refactored the Report Policy Migrator
Disabled auto-complete in the login page inputs.
Changed the data protection policy link
Changed the issue email template’s website URL
Admin users can now set the maximum number of websites a member can add
Excluded usage tracker list can now be added from the new scan page FIXES
Fixed a bug when scheduled scan with an imported file is edited by a different user
Fixed a bug in the Custom Cookie process
Fixed imported file bug on scan profile saving
Added minimum agent selection control for Agent Group
Fixed Agents Scanning tooltip
Fixed the auto-scaling problem that occurred while using a cloud provider in Acunetix 360 On-Premises
Fixed the First Seen Date parameter in the Kenna integration
Fixed Burp XML file import problem. Users can import Burp XML file
Fixed report validation export problem. Users will not get an empty file
Fixed the error related to exporting for customers who have many websites.
The websites belonging to the filtered website group can be exported.
Users can now add a new URL Rewrite Rule without losing the existing ones
Acunetix 360 On-Premises 1.9.2 – 28th October 2020
Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier
Improved the Minimum Security Level area on the Reporting page
Added a detailed issue template option to the template field in the ServiceNow integration
HIPAA will be displayed instead of OWASP in the scan summary
Added the scan folder path change option for internal agents FIXES
Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored
Fixed the issue where SAML files failed to download on MAC devices
Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request
Fixed the problem that occurred while configuring email notifications
Fixed the problem that occurred while canceling stalled scans
Fixed the connection problem that occurred while using a proxy in internal agents
Fixed the autoscale problem in internal agents
Acunetix 360 On-Premises 1.9.1 – 1st October 2020
Added support for alternate email for SSO login
Added Form authentication Hashicorp Vault integration
Added technologies chart to the global dashboard and website dashboard pages
Added test credential API endpoint for scan profiles
Added Form Auth Custom Scripting feature to the New Scan page
Redesigned the login page
Redesigned the SSO help text area in the SSO settings page
Added an API endpoint for the Updating Issue States
Added Travis CI integration
Jira integration now supports custom Resolved statuses
Kenna integration now supports Asset Application Identifier
Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page
Upgraded the scanning engine to version 5.9.027701.
NEW SECURITY CHECKS
Added Out-of-date security checks for the Liferay portal
Added Version Disclosure and Out-of-date security checks for Jolokia
Added Nested XSS security checks
Added an ASP.NET Razor SSTI security check
Added a Java Pebble SSTI security check
Added a Thymeleaf SSTI security check
Added Version Disclosure and Out-of-date security checks for Grafana
Added an Issue Update API swagger model improvement
New password criterion of a minimum of 15 characters has been imposed on admin and top-level users
Improvements have been made to the Form Authentication Test Script screen
Fixed the problem of slow Vulnerable Websites per period report on the reporting
Fixed the file uploading problem on Imported Links
Fixed the Knowledge Base Report’s exporting problem
Fixed the Yukon time zone problem.
Fixed the Imported Links problem.
Fixed the problem where the wrong time zone was displaying in Report Templates
Moved the Scan Profile Test Credentials API post method fields to the body element
Fixed a database file error in the Report Policy Editor
Fixed the issue where report policy user changes were not applied when reset.
Fixed the Vulnerability Detail page responsiveness problem
Fixed the Sitemap Tree View responsiveness problem
Fixed the highlighted code focus problem
Added help text to the HashiCorp Vault integration page
Fixed the bug that occurred when another team member updated the shared profile
Fixed a bug that occurred when non-admin users updated profiles
The Report policy Editor CVSS scores fields now accept empty values
Fixed a server error that occurred while saving a cloned Scan Policy
Fixed the problem that occurred when reconfirming the Verify Login and Logout settings