Changelogs

Acunetix Standard & Premium

RSS Feed

v23.9.231005181 - 09 Oct 2023

Release build 23.9.231005181 includes several new security checks and improvements.

New security checks

Improvements

  • PHPSensor: Yii Framework logging improvements
  • .NET Sensor: Improvement to file list
  • Multiple improvements to SSL Checks

v23.9.230927167 - 28 Sep 2023

Release build 23.9.230927167 includes a significant update with the addition of critical severity as a new vulnerability classification, internal scanning agent support for proxy settings, and added detection of multiple SSL vulnerabilities.

New features

  • Added critical severity as a new vulnerability classification and reclassified select high vulnerabilities to critical severity – more information on the Acunetix blog
  • Added the ability to specify proxy settings for the Internal Scanning Agent

New security checks

  • Acunetix now detects the following SSL vulnerabilities:
  • Certificate signed using a weak signature algorithm
  • Revoked SSL certificate
  • Anonymous ciphers supported
  • SSL untrusted root certificate
  • Confirm validity of Certificate Authority (CA) signature

Improvements

  • Updated the user agent string to Chromium 117
  • Updated Chromium to 117.0.5938.63
  • Fixed misbehaving scrolling behavior in the LSR recorder screen
  • Improved detection of DOM-based XSS vulnerabilities
  • Moved license subscription details from the Profile section to Settings > Subscription
  • Improvements to DeepScan coverage
  • Improvements to the UI during scan configuration
  • Set client certificate import default format to PFX

Fixes

  • Engine/Open SSL: Fixed scanning sites that require connection with enabled legacy unsafe renegotiation
  • Minor UI navigation fixes
  • Fixed occasional crash on importing Postman files
  • Fixed false positive “ASP.NET expired session IDs are not regenerated“ when <sessionState> section of web.config is encrypted

v23.8.230918154 - 19 Sep 2023

Release build 23.8.230918154 includes an improvement for Acunetix On-Premises

Improvement

  • Increased logging for services (Acunetix On-Premises only)

v23.8.230905089 - 05 Sep 2023

Release build 23.8.230905089 includes the addition of critical severity as a new vulnerability level. We've also added many new security checks as well as improvements and bug fixes.

New features

  • Added critical severity as a new vulnerability level (for more information, check out our blog)

New security checks

  • Added security check for appwrite SSRF: CVE-2023-27159
  • Added security check for Metabase RCE: CVE-2023-38646
  • Updated WAF detection
  • Added security check for Ivanti EPMM Unauthenticated API Access: CVE-2023-35078
  • Added security check for MinIO Information Disclosure: CVE-2023-28432
  • Added security check for KeyCloak XSS: CVE-2021-20323
  • Added security check for Strapi Cognito provider Auth Bypass: CVE-2023-22893
  • Added security check for ServiceNow XSS: CVE-2022-38463
  • Added security check for SAP NetWeaver KW XSS: CVE-2021-42063
  • Added security check for XProber Information Disclosure
  • Added security check for SAP NetWeaver DI SSRF: CVE-2021-33690
  • Added security check for open Consul API detection
  • Updates to vulnerable WordPress plugins

Improvements

  • Upgraded to OpenSSL 3.1.2 (On-Premises only)
  • Improved LSR restrictions
  • Improved scanning so that repeated links with the same content are not detected
  • Improved scanning of recursive relative links
  • Crawling improvements by excluding repeated inexistent paths
  • When an issue is pushed to the issue tracker, the vulnerability detail shows the issue’s  URL for easier navigation
  • Updated the Software Composition Analysis (SCA) database
  • IAST – moved the .NET folder from ProgramData\Acunetix to ProgramData\Invicti folder. The Injector.exe (IAST .NET framework automatic installation tool) will force upgrade if an older version of IAST .NET Sensor is installed.

Fixes

  • Fixed a bug that was preventing starting a scan from Target Groups
  • Fixed a bug that was preventing System Admins from adding targets to Target Groups

v23.7.230728157 - 31 Jul 2023

Version 23 build 23.7.230728157 for Windows and Linux – 27 July 2023

Important note

Starting from version 23.6.230626159, we have deprecated support for Windows 8, Server 2012 and Server 2012 R2. Please update your Windows Operating System to Windows 10 (or later) or Windows Server 2016 (or later) to use this and upcoming releases.

New Features

  • [Closed beta feature] Acunetix now includes Runtime SCA, which identifies the technologies used on the scanned endpoints, and highlights the technologies with known vulnerabilities.
  • [Closed beta feature] The internal scanning agent in Acunetix Online, available in closed BETA, can now start multiple concurrent scans.

New Security Checks

Improvements

  • Updated The CWE Top 25 Report to the latest 2023 version
  • Improvements to the .NET IAST AcuSensor allowing more information gathering
  • Improved support for Shadow DOM in LSR
  • Improvements to NGINX Alias traversal security check
  • Improvements to WordPress vulnerability detection
  • Improvements to the Code Execution security checks

v23.6.230628115 - 28 Jun 2023

Version 23 build 23.6.230628115 for Windows and Linux – 29 June 2023

Important note

Acunetix Premium now uses the Calver versioning convention. Please note that starting from version 23.6.230628115, we have deprecated support for Windows 8, Server 2012 and Server 2012 R2. Please update your Windows Operating System to Windows 10 (or later) or Windows Server 2016 (or later) to use this and upcoming releases.

New Features

  • [Closed beta feature] Internal site scanning for on-demand users for Windows machines

New Security Checks

Improvements

  • Acunetix Premium now ships with Chromium 114.0.5735.133/134 on Linux and Windows
  • Updated UI design in select parts of the product
  • Added support for OpenAI manifest files

v15.7.230616162 - 19 Jun 2023

Version 15 build 15.7.230616162 for Windows and Linux – 20 June 2023

Important note

Acunetix Premium 15.7.230616162 is the latest version available for installation on Windows 8, Server 2012, and Server 2012 R2. If you wish to receive new updates, we recommend updating your operating system to either Windows 10, Windows Server 2016, 2019, or 2022.

New security checks

  • Added new security check for MOVEIt Transfer SQL Injection. (CVE-2023-34362)

Improvements

  • Updated the Software Composition Analysis (SCA) database.
  • Updated the embedded Chromium browser to v109.0.5414.149 for Windows and 114.0.5735.110 for Linux.

v15.7.230603143 - 05 Jun 2023

Version 15 build 15.7.230603143 for Windows and Linux – 9 May 2023

New features

New security checks

  • Added the support for automated detection of WSDL during crawling.
  • A new security check for SOAP WS addressing Server-side request forgery.

Improvements

  • .NET sensor supports .NET 6.0 for Windows and Linux.
  • Updated the WordPress plugin vulnerabilities.
  • Updated the WordPress core vulnerabilities.
  • Updated the Software Composition Analysis (SCA) database.

Fixes

  • Fixed the time validation issue on the Scheduling Scan dialog.
  • Added time validation for scheduling scans.

v15.6.230505122 - 09 May 2023

Version 15 build 15.6.230505122 for Windows and Linux – 9 May 2023

New Security Checks

  • Added SAML-related security checks.
  • New security checks for Adobe ColdFusion affected by Deserialization RCE vulnerability. CVE-2023-26359/CVE-2023-26360
  • New security checks for GraphQL.
  • New checks for Joomla vulnerabilities.

Improvements

  • Updated the embedded Chromium browser to v109.0.5414.141 for Windows and 112.0.5615.165 for Linux.
  • Improved the Business Logic Recorder to work with autocomplete fields.
  • Updated .NET IAST AcuSensor to avoid reporting false positives for default server misconfiguration.
  • Improved .NET IAST AcuSensor for reporting vulnerable packages.
  • Added support for file upload to the Login Sequence Recorder and Business Logic Recorder.
  • Improved response handling.
  • Various DeepScan Improvements.
  • Improved the coverage of development file exposure check.
  • Updated the Software Composition Analysis (SCA) database.
  • Updated the WordPress plugin vulnerabilities.

Fixes

  • Various fixes in the scanner to lower memory usage.
1 2 3 24