Acunetix 360 On-Demand Changelog

Acunetix 360 On-Demand Update – 4th March 2021

This update includes changes to Internal Agents.

Prevented deletion of system notifications.
Forced Browsing wordlist made editable.
Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length.

Fixed /notifications/ update API endpoint which was not updating recipient emails before.
Fixed a Scan Policy Optimizer issue where the Resource Finder settings are not captured when the selection tree is collapsed.
Fixed an issue where the Custom Script cannot be created when 3-Legged Authentication is selected while configuring OAuth2.
Fixed an issue where the ISO Compliance report cannot be exported for some of the scans.
[INTERNAL AGENT] Fixed runtime exceptions thrown on systems that are missing ClamAV.

This update includes changes to Internal Agents.

HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
Added search capability to the Website Group selection drop-down on the global dashboard page.
Added the API endpoint option to create users that can only log in using Single Sign-on.
Added the last login date information to the team member API endpoint.
[INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.

Fixed an issue where the category selection widget was clipped on the Service Now integration configuration page.
Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
Fixed an issue where the Single Sign-on only users were not able to access their API tokens.
[INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.

Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard.
Fixed an issue where pressing the TAB key was not committing the entered email address on email input fields.
Fixed an issue where some settings are not saved when you save a cloned Scan Policy for the first time.
Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under Scan Permission are not saved while creating new members.
Fixed an issue where the modified Scan Profile settings are not saved when another profile is selected from the dropdown.

Improved an agent auto-update procedure to support updates for minor version changes.
All credential information on API responses is encrypted.
Prevented agent log file names to be renamed by the browser according to the user’s regional settings.

Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
Fixed several issues on the sitemap tree and improved the performance.
Fixed a hanging scan issue that occurs while the scan state is changing.
Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
Fixed the incorrect VDB version displayed on the agent.
Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.

Added grouping support for agents.
Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
Added websitesgroups/delete/{id} API endpoint.
Improved the performance of the technology dashboard.
Fixed the absolute start date of scheduled scans as a tooltip to relative dates.

Fixed several scan stuck issues.
Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
Fixed an issue an incorrect email address could be entered as a notification recipient.
Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.

Added support for provisioning users without invitation requirement if the user is going to log in using SSO.
Added support for setting external email recipients for notifications for all the event types.
Added SANS Top 25 Report as export.
Updated PCI Compliance Report to match the new style of the reports.
Added Scan Profile name to Detailed Scan Report and several other compliance reports.

Fixed an issue where the scan files fail to archive to S3 storage and pile up on the agent machine.
Fixed an issue where an Internal Server Error occurs while trying to start or schedule a new scan.

Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface.
Improved the performance of Technologies pages

Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced
Fixed a typo on the Bugzilla integration configuration page
Fixed the misleading error messages received when /websitegroups/update API endpoint is called with a missing or invalid “Id” values
Fixed a UTF8 encoding issue

Fixed an issue where some paused scans stuck and were not be able to resume
Fixed an issue where the incremental scan fails for a scan with form authentication configuration
Fixed an internal agent issue where the agent was not able to start as a service
Removed the redundant Domain field requirement on Proxy settings of a Scan Policy

Fixed an issue where some Client Certificates might not work properly for authentication
Fixed an issue where scans might get stuck in the Pausing state