Acunetix 360 On-Premises Changelog

Acunetix 360 On-Premises 2.0 – 1st April 2021

NEW FEATURES

IMPROVEMENTS

  • Improved the visual elements of the dashboard
  • Improved the performance of the Technology Dashboard
  • Added the ability to create new SSO users via API
  • Added the ability to get a team member’s last login timestamp via API
  • Added the Website URL filter to the Scheduled Scans page
  • Improved the performance of the Sitemap
  • Updated the Name Id Policy value for SAML as the email
  • Added the ability to delete the Website Groups with ID API Endpoint
  • Added the Next Execution Time tooltip to the scheduled scan
  • Added the Scan Profile Name information to the Scan Task Groups in the Website Dashboard
  • Added the ability to save the Privileged Access Management integrations without testing
  • Fixed the scan failed errors
  • Added the title fields for Vulnerability List items
  • The delete button is disabled for system notifications on the Notifications page
  • Added the ability to assign scans to internal agents via scheduling
  • Removed all (encrypted and cleartext) authentication credentials on the API responses
  • Minor revision changes will also trigger agent auto-updates
  • The downloaded agent log file is named agentlogs.zip
  • Improved the stabilization of the agent state transitions

FIXES

  • Added Script Engine Type to the Authentication Verifier
  • Fixed the request agent logs bug
  • Fixed handling authentication tokens while executing the form authentication
  • Fixed the issue where the wrong vulnerability database version was displayed in the agent info
  • Fixed the scan session null error
  • Fixed the bug in the scan policy optimizer wizard tree
  • Fixed the issue where users cannot create a custom script in a three-legged OAuth2 Authentication
  • Notification events require appropriate permission
  • Added Scan Profiles, Scans, and Scheduled Scans’ links while deleting the scan policy
  • Fixed XSS for Jira and Pivotal Tracker integrations
  • Fixed the responsiveness of the ServiceNow category selection drop-down
  • Fixed an issue about a scan that is not matching with the agent which is in the selected agent group
  • Fixed the scan policy cloning bug
  • Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under the Scan Permission are not saved while creating new members
  • Fixed the text problem in the information of the Technologies Dashboard User Interface
  • Fixed an issue where users cannot save an empty Excluded URL field
  • Fixed an issue where scan policy and report policy drop-down appear blank while editing the scheduled group scan
  • Fixed a bug that occurs while deleting the scan profile
  • Fixed the form authentication fields encryption
  • Fixed the loading problem of default scan profile selection
  • Fixed the Pre-Request Script Error on Scheduling Scan
  • Fixed Exclude Addressed Issues on the Export Report
  • Fixed usage report page style problem

Acunetix 360 On-Premises 1.9.4 – 15th February 2021

IMPROVEMENTS

  • Added the option to provision a new member with SSO in the New Team Member addition screen.
  • SSO Email requirement is not necessary for SSO-enabled accounts without enforcement
  • Renewed PCI Compliance Report template 
  • Added scan profile and scan profile URL to scan report.
  • Added the option to add a customized header text on the Account Settings page
  • Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all screens.
  • Redesigned Scan Time Window
  • Improved design of important information, such as email and name, in dialogs
  • Updated descriptions on edit and signup web pages
  • Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit”
  • Redesigned Basic Authentication Form
  • Added advanced script feature for the Azure Pipelines integration
  • Updated related RegEx to let users using parentheses with the website name and profile name
  • Added silent mode installation for Web Application
  • Added phone number confirmation countdown timer. 
  • Added the document link for Linux Agent installation on the New Agent page.
  • Improved the speed of page loading on the Custom Script screen
  • Improved the agent stability to prevent scans from being stuck
  • Added the possibility to add non-registered emails in notifications
  • Added SANS Top 25 report
  • The Target URL will be displayed instead of the website URL in the scan reports

FIXES

  • Fixed JSON Serialization problem in the scan profile
  • Fixed typos in Acunetix 360 Rest API Endpoint explanation
  • Fixed the validation message on the password change page
  • Fixed the validation message for admin password on the password change page
  • Fixed the Bugzilla operating system field’s name 
  • Fixed warning message for the Website Groups Update API
  • Fixed undeleted scan files (which belong to completed scans) issue
  • Disable status error fixed for Linux Agent 
  • Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved.
  • Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report
  • Fixed the HashiCorp Vault More Information link
  • Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.

Acunetix 360 On-Premises 1.9.3 – 7th January 2021

NEW FEATURES

  • Added the Stop the Scan if the Build fails option in GitLab CI/CD
  • Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD
  • Upgraded the scanning engine to version 5.9.1.27722.

NEW SECURITY CHECKS

  • Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882)
  • Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883)

IMPROVEMENTS

  • Added the Scan Group selection combo box to Trend Matrix Report
  • Added WASC Threat Classification Report
  • Added the Export Unconfirmed option in the report generation screen
  • Added the info box to Custom Scripts window for the Form Authentication 
  • Added URL Rewrite Rules while a file is being imported
  • Added Uniqueness Controls on the new integration wizard
  • Added validations of new integration wizard
  • Added Swagger JSON link to API document’s index
  • Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled
  • Improved the performance of the Discovery Page
  • Improved the performance of generating reports that contain a large number of vulnerabilities
  • Improved the custom script’s performance 
  • Improved the website preview image resolution on the Verify Login & Logout screen
  • Refactored the Report Policy Migrator 
  • Disabled auto-complete in the login page inputs.
  • Changed the data protection policy link 
  • Changed the issue email template’s website URL 
  • Admin users can now set the maximum number of websites a member can add
  • Excluded usage tracker list can now be added from the new scan page

FIXES

  • Fixed a bug when scheduled scan with an imported file is edited by a different user
  • Fixed a bug in the Custom Cookie process
  • Fixed imported file bug on scan profile saving
  • Added minimum agent selection control for Agent Group
  • Fixed Agents Scanning tooltip 
  • Fixed the auto-scaling problem that occurred while using a cloud provider in Acunetix 360 On-Premises
  • Fixed the First Seen Date parameter in the Kenna integration
  • Fixed Burp XML file import problem. Users can import Burp XML file
  • Fixed report validation export problem. Users will not get an empty file
  • Fixed the error related to exporting for customers who have many websites.
  • The websites belonging to the filtered website group can be exported.
  • Users can now add a new URL Rewrite Rule without losing the existing ones

Acunetix 360 On-Premises 1.9.2 – 28th October 2020

IMPROVEMENTS

  • Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier
  • Improved the Minimum Security Level area on the Reporting page
  • Added a detailed issue template option to the template field in the ServiceNow integration
  • HIPAA will be displayed instead of OWASP in the scan summary
  • Added the scan folder path change option for internal agents

FIXES

  • Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored
  • Fixed the issue where SAML files failed to download on MAC devices
  • Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request
  • Fixed the problem that occurred while configuring email notifications
  • Fixed the problem that occurred while canceling stalled scans
  • Fixed the connection problem that occurred while using a proxy in internal agents
  • Fixed the autoscale problem in internal agents

Acunetix 360 On-Premises 1.9.1 – 1st October 2020

NEW FEATURES

  • Added support for alternate email for SSO login
  • Added Form authentication Hashicorp Vault integration
  • Added technologies chart to the global dashboard and website dashboard pages
  • Added test credential API endpoint for scan profiles
  • Added Form Auth Custom Scripting feature to the New Scan page
  • Redesigned the login page
  • Redesigned the SSO help text area in the SSO settings page
  • Added an API endpoint for the Updating Issue States
  • Added Travis CI integration
  • Jira integration now supports custom Resolved statuses
  • Kenna integration now supports Asset Application Identifier
  • Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page
  • Upgraded the scanning engine to version 5.9.027701.

NEW SECURITY CHECKS

  • Added Out-of-date security checks for the Liferay portal
  • Added Version Disclosure and Out-of-date security checks for Jolokia
  • Added Nested XSS security checks
  • Added an ASP.NET Razor SSTI security check
  • Added a Java Pebble SSTI security check
  • Added a Thymeleaf SSTI security check
  • Added Version Disclosure and Out-of-date security checks for Grafana

IMPROVEMENTS

  • Added an Issue Update API swagger model improvement
  • New password criterion of a minimum of 15 characters has been imposed on admin and top-level users
  • Improvements have been made to the Form Authentication Test Script screen

FIXES

  • Fixed the problem of slow Vulnerable Websites per period report on the reporting
  • Fixed the file uploading problem on Imported Links
  • Fixed the Knowledge Base Report’s exporting problem
  • Fixed the Yukon time zone problem.
  • Fixed the Imported Links problem.
  • Fixed the problem where the wrong time zone was displaying in Report Templates
  • Moved the Scan Profile Test Credentials API post method fields to the body element
  • Fixed a database file error in the Report Policy Editor
  • Fixed the issue where report policy user changes were not applied when reset.
  • Fixed the Vulnerability Detail page responsiveness problem
  • Fixed the Sitemap Tree View responsiveness problem
  • Fixed the highlighted code focus problem
  • Added help text to the HashiCorp Vault integration page
  • Fixed the bug that occurred when another team member updated the shared profile
  • Fixed a bug that occurred when non-admin users updated profiles
  • The Report policy Editor CVSS scores fields now accept empty values
  • Fixed a server error that occurred while saving a cloned Scan Policy
  • Fixed the problem that occurred when reconfirming the Verify Login and Logout settings