Acunetix 360 On-Premises 2.0.2 – 28th June 2021
NEW FEATURES
Added GitHub Actions CI/CD integration .
Added Authentication Profile feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.
Added UrbanCode Deploy
Added Azure Pipeline Extensions
Added the ability to tag issues
Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.
Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.
Added Choose Scan Profile while scheduling from API
Added TLS 1.3 Support
IMPROVEMENTS
Removed the scan report selection from notification events that do not produce any reports.
Added account-based option to display authentication credentials on API responses.
Improved time zone calculations to handle new time zones.
Improved configuration validation error messages for Privileged Access Management integrations.
Added an option to specify a scan profile while scheduling scans through API.
Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
Added support for 11 digit phone numbers while inviting a new member.
Added an option to ServiceNow integration to specify if the incident should be set to Closed when the vulnerability is fixed.
The Category selection for ServiceNow integration is editable.
Added a field to specify the user’s Single Sign-On email address while creating a new team member using the API.
Improved configuration options for Jenkins.
Added the option to fail Jenkins build for only confirmed vulnerabilities
The login process redirects the Single Sign-On users to their providers
Added NIST, DISA STIG, and ASVS classifications to Report Policy
Added support for importing links from multiple RAML files from a ZIP file (include directive support).
Improved Azure AD Single Sign-On in-app help text.
Removed the Current Password field for admin users (logged in with Single Sign-On) while editing a member.
Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.
Improved access control by introducing new more granular permissions
Improved role assignment for website groups while inviting new members
Added IgnoreSslCertificateErrors option to Docker agent.
Improved GitLab CI/CD script failure conditions.
FIXES
Adding a title to the API field in the edit team member page
Fixed an issue that occurs with updating scan profile
Fixed an issue with Imported Links getting updated to Null while using Update ScanProfiles API
Fixed the validation problem
Fixed some bugs for the Sitemap
Fixed an issue that getting an error which caused by connection problem with authentication verification hub on scheduled scan
Fixed the problem of not being able to delete the scan with a profile
Fixed the forgot password issue for Single Sign-On
Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
Fixed an issue where starting a PCI scan via using API could not start the scan.
Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.
Fixed validation error messages on the Email Settings page.
Fixed some of the swagger API validation errors reported for the REST API
Fixed an agent scan stuck issue while archiving
Fixed a retest problem where some issues could not be retested
Fixed an agent auto-update issue
Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail
Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification
Fixed a mismatching type issue on /scanprofiles/list API response model
Fixed an issue where a failed scan sends an excessive amount of email notifications
Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed
Fixed agent auto-update issues
Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail
Fixed an error that occurs while trying to mark an issue as false positive
Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles
Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced
Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running
Acunetix 360 On-Premises 2.0 – 1st April 2021
NEW FEATURES
IMPROVEMENTS
Improved the visual elements of the dashboard
Improved the performance of the Technology Dashboard
Added the ability to create new SSO users via API
Added the ability to get a team member’s last login timestamp via API
Added the Website URL filter to the Scheduled Scans page
Improved the performance of the Sitemap
Updated the Name Id Policy value for SAML as the email
Added the ability to delete the Website Groups with ID API Endpoint
Added the Next Execution Time tooltip to the scheduled scan
Added the Scan Profile Name information to the Scan Task Groups in the Website Dashboard
Added the ability to save the Privileged Access Management integrations without testing
Fixed the scan failed errors
Added the title fields for Vulnerability List items
The delete button is disabled for system notifications on the Notifications page
Added the ability to assign scans to internal agents via scheduling
Removed all (encrypted and cleartext) authentication credentials on the API responses
Minor revision changes will also trigger agent auto-updates
The downloaded agent log file is named agentlogs.zip
Improved the stabilization of the agent state transitions
FIXES
Added Script Engine Type to the Authentication Verifier
Fixed the request agent logs bug
Fixed handling authentication tokens while executing the form authentication
Fixed the issue where the wrong vulnerability database version was displayed in the agent info
Fixed the scan session null error
Fixed the bug in the scan policy optimizer wizard tree
Fixed the issue where users cannot create a custom script in a three-legged OAuth2 Authentication
Notification events require appropriate permission
Added Scan Profiles, Scans, and Scheduled Scans’ links while deleting the scan policy
Fixed XSS for Jira and Pivotal Tracker integrations
Fixed the responsiveness of the ServiceNow category selection drop-down
Fixed an issue about a scan that is not matching with the agent which is in the selected agent group
Fixed the scan policy cloning bug
Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under the Scan Permission are not saved while creating new members
Fixed the text problem in the information of the Technologies Dashboard User Interface
Fixed an issue where users cannot save an empty Excluded URL field
Fixed an issue where scan policy and report policy drop-down appear blank while editing the scheduled group scan
Fixed a bug that occurs while deleting the scan profile
Fixed the form authentication fields encryption
Fixed the loading problem of default scan profile selection
Fixed the Pre-Request Script Error on Scheduling Scan
Fixed Exclude Addressed Issues on the Export Report
Fixed usage report page style problem
Acunetix 360 On-Premises 1.9.4 – 15th February 2021
IMPROVEMENTS
Added the option to provision a new member with SSO in the New Team Member addition screen. SSO Email requirement is not necessary for SSO-enabled accounts without enforcement Renewed PCI Compliance Report template Added scan profile and scan profile URL to scan report. Added the option to add a customized header text on the Account Settings page Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all screens. Redesigned Scan Time Window Improved design of important information, such as email and name, in dialogs Updated descriptions on edit and signup web pages Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit” Redesigned Basic Authentication Form Added advanced script feature for the Azure Pipelines integration Updated related RegEx to let users using parentheses with the website name and profile name Added silent mode installation for Web Application Added phone number confirmation countdown timer. Added the document link for Linux Agent installation on the New Agent page. Improved the speed of page loading on the Custom Script screen Improved the agent stability to prevent scans from being stuck Added the possibility to add non-registered emails in notifications Added SANS Top 25 report The Target URL will be displayed instead of the website URL in the scan reports
FIXES
Fixed JSON Serialization problem in the scan profile Fixed typos in Acunetix 360 Rest API Endpoint explanation Fixed the validation message on the password change page Fixed the validation message for admin password on the password change page Fixed the Bugzilla operating system field’s name Fixed warning message for the Website Groups Update API Fixed undeleted scan files (which belong to completed scans) issue Disable status error fixed for Linux Agent Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved. Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report Fixed the HashiCorp Vault More Information link
Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.
Acunetix 360 On-Premises 1.9.3 – 7th January 2021
NEW FEATURES
Added the Stop the Scan if the Build fails option in GitLab CI/CD Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD Upgraded the scanning engine to version 5.9.1.27722.
NEW SECURITY CHECKS
Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882) Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883)
IMPROVEMENTS
Added the Scan Group selection combo box to Trend Matrix Report Added WASC Threat Classification Report Added the Export Unconfirmed option in the report generation screen Added the info box to Custom Scripts window for the Form Authentication Added URL Rewrite Rules while a file is being imported Added Uniqueness Controls on the new integration wizard Added validations of new integration wizard Added Swagger JSON link to API document’s index Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled Improved the performance of the Discovery Page Improved the performance of generating reports that contain a large number of vulnerabilities Improved the custom script’s performance Improved the website preview image resolution on the Verify Login & Logout screen Refactored the Report Policy Migrator Disabled auto-complete in the login page inputs. Changed the data protection policy link Changed the issue email template’s website URL Admin users can now set the maximum number of websites a member can add Excluded usage tracker list can now be added from the new scan page
FIXES
Fixed a bug when scheduled scan with an imported file is edited by a different user Fixed a bug in the Custom Cookie process Fixed imported file bug on scan profile saving Added minimum agent selection control for Agent Group Fixed Agents Scanning tooltip Fixed the auto-scaling problem that occurred while using a cloud provider in Acunetix 360 On-Premises Fixed the First Seen Date parameter in the Kenna integration Fixed Burp XML file import problem. Users can import Burp XML file Fixed report validation export problem. Users will not get an empty file Fixed the error related to exporting for customers who have many websites. The websites belonging to the filtered website group can be exported. Users can now add a new URL Rewrite Rule without losing the existing ones
Acunetix 360 On-Premises 1.9.2 – 28th October 2020
IMPROVEMENTS
Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier Improved the Minimum Security Level area on the Reporting page Added a detailed issue template option to the template field in the ServiceNow integration HIPAA will be displayed instead of OWASP in the scan summary Added the scan folder path change option for internal agents
FIXES
Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored Fixed the issue where SAML files failed to download on MAC devices Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request Fixed the problem that occurred while configuring email notifications Fixed the problem that occurred while canceling stalled scans Fixed the connection problem that occurred while using a proxy in internal agents Fixed the autoscale problem in internal agents
Acunetix 360 On-Premises 1.9.1 – 1st October 2020
NEW FEATURES
Added support for alternate email for SSO login
Added Form authentication Hashicorp Vault integration
Added technologies chart to the global dashboard and website dashboard pages
Added test credential API endpoint for scan profiles
Added Form Auth Custom Scripting feature to the New Scan page
Redesigned the login page
Redesigned the SSO help text area in the SSO settings page
Added an API endpoint for the Updating Issue States
Added Travis CI integration
Jira integration now supports custom Resolved statuses
Kenna integration now supports Asset Application Identifier
Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page
Upgraded the scanning engine to version 5.9.027701.
NEW SECURITY CHECKS
Added Out-of-date security checks for the Liferay portal
Added Version Disclosure and Out-of-date security checks for Jolokia
Added Nested XSS security checks
Added an ASP.NET Razor SSTI security check
Added a Java Pebble SSTI security check
Added a Thymeleaf SSTI security check
Added Version Disclosure and Out-of-date security checks for Grafana
IMPROVEMENTS
Added an Issue Update API swagger model improvement
New password criterion of a minimum of 15 characters has been imposed on admin and top-level users
Improvements have been made to the Form Authentication Test Script screen
FIXES
Fixed the problem of slow Vulnerable Websites per period report on the reporting
Fixed the file uploading problem on Imported Links
Fixed the Knowledge Base Report’s exporting problem
Fixed the Yukon time zone problem.
Fixed the Imported Links problem.
Fixed the problem where the wrong time zone was displaying in Report Templates
Moved the Scan Profile Test Credentials API post method fields to the body element
Fixed a database file error in the Report Policy Editor
Fixed the issue where report policy user changes were not applied when reset.
Fixed the Vulnerability Detail page responsiveness problem
Fixed the Sitemap Tree View responsiveness problem
Fixed the highlighted code focus problem
Added help text to the HashiCorp Vault integration page
Fixed the bug that occurred when another team member updated the shared profile
Fixed a bug that occurred when non-admin users updated profiles
The Report policy Editor CVSS scores fields now accept empty values
Fixed a server error that occurred while saving a cloned Scan Policy
Fixed the problem that occurred when reconfirming the Verify Login and Logout settings