Acunetix Build History

Version 11 (build 11.0.173271618) – 24th November 2017

New Features

  • Added new OWASP Top Ten 2017 report

Fixes

  • Fixed: DeepScan was processing ignored scripts

Version 11 (build 11.0.173131028) – 9th November 2017

New Features and Vulnerability Tests

  • Added support for Selenium scripts as Target Import files
  • Introduced various vulnerability checks for CMS Made Simple including:

Improvements

  • Various minor UI updates
  • Improved handling of aborted scans for Targets with Continuous scanning enabled
  • Increased Custom Cookie size limit from 512 bytes to 10Kb (2Kb for Acunetix Online)
  • Added new email templates
  • Email notification now indicates if a scan has failed
  • Multiple minor updates to the reports
  • Updated the Error Message script to show full JAVA error messages
  • Tech Admin role can now create and alter Scan types.

Fixes

  • Scan Comparison was incorrectly switching the order of the scans
  • Scan Comparison was incorrectly comparing with Allowed host
  • Fixed bug in the licensed user limit
  • Fixed bug causing scans to fail when the LSR contains Unicode characters
  • Multiple fixes in XML export
  • Multiple fixes in F5 WAF rules export
  • Fixed 2 minor security issues in web interface
  • 2 fixes affecting incorrect vulnerability count in Dashboard
  • Fixed the retesting of vulnerabilities for Targets requiring manual intervention
  • Fixed the Targets page incorrectly showing that the Target is being scanned, when an ongoing scan is deleted.

Version 11 (build 11.0.172901635) – 17th October 2017

New Features and Vulnerability Tests

Improvements

  • Updated the Joomla and WordPress vulnerability checks

Fixes

  • Fixed bug causing scans to fail because of certain characters in the LSR file

Version 11 (build 11.0.172641450) – 22nd September 2017

New Features and Vulnerability Tests

Improvements

  • Improved the detection of Blind SQL Injection
  • Better support for large JavaScript files
  • JAVA error detection now includes the full JAVA error returned by the server
  • Improved the Remote File Inclusion XSS checks
  • Updated the Joomla and WordPress vulnerability checks

Fixes

  • Fixed bug causing the downloading of a Target’s LSR file to fail
  • Fixed bug in HTTP Digest Authentication

Version 11 (build 11.0.172371608) – 25th August 2017

Fixes

  • Fixed issue causing automatic updates to fail. Updates need to be downloaded manually from https://www.acunetix.com/download/fullver11/

Version 11 (build 11.0.172351036) – 23rd August 2017

New Features and Vulnerability Tests

  • Detection of Apache Struts 2 Showcase RCE (CVE-2017-9791)
  • Check for .hgignore (Mercurial SCM configuration file)
  • Check for Atlassian Confluence Stored XSS (CVE-2016-6283)
  • Check for private key files with names based on ScanHost, e.g. “www.example.org.key”, “example.org.key”
  • Check for moment.js Denial of Service (CVE-2016-4055)
  • Various updates to the WordPress and Joomla checks
  • Introduction of Multi-Engine functionality for Enterprise customers

Improvements

  • Updated the Database backup file checks
  • Improved Jquery version fingerprinting
  • Updated detection of HttpOnly and Secure cookie flags
  • Updated default Target list sorting

Fixes

  • Fixed XSS detection issue
  • Minor fix to the allow_url_fopen enabled check
  • Fixed F5 BIP-AP ASM WAF XML export
  • Fixed issue causing Acunetix not to be able to install on Chinese OS

Version 11 (build 11.0.171721334) – 21st June 2017

New Vulnerability Tests

Improvements

  • Improved detection of WordPress version
  • Various updates to the WordPress and Joomla checks
  • Updated description for Broken links alert.

Fixes

  • Fixed issue causing a crash in the scanning engine
  • Fix affecting the processing of xml files, resulting in scan performance improvement
  • Fix in the High Risk Scan Type, resulting in scan performance improvement
  • Various updates and fixes in the Acunetix web UI.

Version 11 (build 11.0.171381251) – 18th May 2017

New Vulnerability Tests

Version 11 (build 11.0.171251523) – 5th May 2017

New Vulnerability Tests

Version 11 (build 11.0.171181742) – 27th April 2017

New Vulnerability Tests

Improvements

  • Various improvements to the WordPress checks

Bug Fixes

  • Fixed issue affecting checks on REST APIs
  • Fixed issue with Export to Imperva SecureSphere WAF

Version 11 (build 11.0.171101535) – 20th April 2017

New Vulnerability Tests

Improvements

  • Improved Backup file checks
  • Various improvements to the WordPress checks
  • Added support for various JavaScript libraries in the Login Sequence Recorder and DeepScan

Bug Fixes

  • Virtual Host Audit check was not taking into consideration the Target Port and Scheme
  • Fixed DeepScan issue which caused infinite loop during auto-authentication for some web applications
  • Fixed issue in Login Sequence Recorder causing it not to load settings from the correct location

Version 11 (build 11.0.170941159) – 4th April 2017

Improvements

  • The IP address or hostname of the Acunetix machine can be specified during the installation. This information is used to generate the SSL certificates used for the UI. This is required to avoid SSL errors
  • Update to Login Sequence Recorder and DeepScan improving compatibility with modern web applications
  • Target information is shown in “Scan Done” UI notifications
  • Various minor updates to the UI
  • Scan email notifications now include links to the scan results. Report email notifications include links to the report
  • Multiple updates to the WordPress and Joomla vulnerability checks

Bug Fixes

  • Fixed false positives caused by the PHP AcuSensor
  • Fixed 2 privilege escalation issues reported privately to Acunetix
  • Fixed false positive in WAF detection
  • Fixed UI issue caused by certain characters in the Target Description field

Version 11 (build 11.0.170751531) – 16th March 2017

Updates

  • Check for Remote Code Execution (RCE) vulnerability in Apache Struts 2 (CVE-2017-5638)

Version 11 (build 11.0.170611402) – 3rd March 2017

Updates

  • Multiple updates to the WordPress and Joomla vulnerability checks

Fixes

  • Fixed issue caused by UTF-8 characters in the login sequence filename
  • Fixed issue with Target address validation

Version 11 (build 11.0. 170540920) – 23rd February 2017

Updates

  • AcuMonitor registration setting is now remembered between license activations
  • Various updates to the WordPress and Joomla vulnerability checks
  • Acunetix now accepts .der, .p12 and .pfx file extensions for client certificates
  • Login Sequence Recorder (LSR) now better supports sites using ES6 features

Fixes

  • In certain situations, the auto-login details for a Target were not correctly stored, resulting the login credentials not being used during a scan
  • Fixed issue with parsing of addresses
  • Fixed issue causing auto-updating of the product to not be done for some licenses. Affected customers will be notified by email.

Version 11 (build 11.0.170461052) – 15th February 2017

Updates

  • Creation of custom scanning profiles is possible from the Acunetix web UI.
  • Manual Intervention events can be configured as part of a Login Sequence for Captchas and two factor authentication
  • Retesting of vulnerabilities discovered by Acunetix
  • The ability to disable AcuMonitor at license activation
  • Comparison report for two scans of the same Target
  • Reports are now available in both PDF and HTML
  • The site structure is now shown in a hierarchical tree view
  • Excluded hours can be configured per Target, in which no scans will be performed by Acunetix
  • Added information on weak SSL key ciphers
  • The Acunetix license activation allows the user to opt out of AcuMonitor registration
  • Various updates to the WordPress and Joomla vulnerability checks

Fixes

  • Notifications for vulnerabilities discovered by AcuMonitor now include a link taking the user to the vulnerability identified
  • Various bug fixes in the UI
  • Changed scan status message when scanned target is not responsive
  • Fix in Relative Path Overwrite vulnerability check
  • Various updates and fixes related to AcuMonitor
  • Improved URL validation

Version 11 (build 11.0.170341008) – 3rd February 2017

New Vulnerability Test

Version 11 (build 11.0.163541031) – 19th December 2016

New Features

  • Acunetix Enterprise users can now generate their API key to be used for the Acunetix API (contact sales@acunetix.com for more information on the API)
  • Selenium IDE files are now supported as Import files in Acunetix v11
  • The Acunetix Login Sequence Recorder can now edit login sequence files.

New Vulnerability Tests

Improvements

  • The Acunetix UI will show a message when the license is not activated.
  • The Login Sequence Recorder will make use of the proxy settings configured for the Target.
  • Better handling of cookies.

Bug Fixes

  • Fixed reports generated for targets that have not been scanned
  • Fixed allowance of empty Import Files to be uploaded for a Target
  • Some information returned by AcuSensor was not reflected in the vulnerability details
  • Fixed false positive in the ASP.NET debug mode check
  • Various minor updates and fixes

Version 11 (build 11.0.163221044) – 17th November 2016

New Features

  • New web-based user interface
  • Targets are now stored in Acunetix with their individual settings, and can be easily re-scanned.
  • Targets can be classified by their Business Criticality
  • Reports are stored in the central interface
  • Users can choose between “Target reports”, “Scan reports” or “All vulnerabilities reports”
  • Role-based multi-user system, allowing users to be assigned the security scanning of specific targets.
  • All vulnerabilities for all the targets are now shown in one list which can be easily filtered.
  • Export vulnerabilities to F5 BIG-IP ASM and Fortinet FortiWeb Web Application Firewalls directly from within Acunetix
  • Acunetix now supports sending vulnerabilities to these Issue trackers: Github, JIRA and Microsoft Team Foundation Service (TFS)
  • Documentation is now inbuilt into the new interface
  • New Dashboard, providing an instant overview of the security status of your assets.

Improvements