Changelogs

Acunetix Standard & Premium

RSS Feed

v13.0.201126145 - 27 Nov 2020

Version 13 build 13.0.201126145 for Windows / Linux and 13.0.201126157 for macOS - 27th November 2020

New Features

  • New user role: Platform Admin, provides full access to Acunetix

Updates

  • Network Settings can now be confirmed using the new Check Settings button
  • Management of Targets by Tech Admin role can now be selectively turned off

Fixes

  • Fixed issue causing inability to access last continuous failed scan
  • Fixed UI issues causing inability to add targets to target group when target list is filtered
  • Acunetix is now correctly reporting progress for Network Scans
  • UI updated to hide specific options for the different Acunetix user roles

v13.0.201112128 - 12 Nov 2020

Version 13 (build 13.0.201112128 for Windows / Linux / macOS) 12 November 2020

Updates

  • Updated Telerik vulnerability checks
  • The Tech Admin user role can now create new Targets
  • Renamed acu_phpaspect.php to acusensor.php
  • Updated Comprehensive report to indicate Verified vulnerabilities
  • Logon Banner now supports multi-line banners

Fixes

  • Fixed issue in SlowLoris vulnerability check
  • Fixed issue LSR hang caused when closing the LSR immediately after opening it
  • Fixed scan hanging issue
  • Fixed a couple of issues in the CSV export
  • Fixed issue causing incorrect threat level in Comprehensive report
  • Fixed false positives in Outdated JS libraries and Insecure Referrer Policy checks
  • Fixed UI issue with long target name causing buttons to be hidden
  • Fixed issue causing double input schemes
  • Fixed crash in scanner
  • Fixed issue causing vulnerability count in Dashboard to not always be updated

v13.0.201028153 - 29 Oct 2020

Version 13 (build 13.0.201028153 for Windows / Linux and build 13.0.201028161 for macOS) 29th October 2020

New Features

  • Logon Banner can be configured for Acunetix logon page (satisfies DOD Notice and Consent Banner requirement)
  • Added ability to export vulnerabilities to CSV (available as WAF Export option)
  • Added ability to export scan locations to CSV (available as WAF Export option)

New Vulnerability Checks

Updates

  • Improved handling of Swagger
  • The scanner will try to detect differences in the site using different user-agents
  • Various minor UI updates
  • Added Scan Profile used in Scan results
  • Business Logic Recorder cannot be used on Targets which require Manual Intervention
  • Updated Jira issue tracker
  • Improved error shown when checking for updates fails
  • Updated import file feature to support files using BOM
  • Comprehensive report tags vulnerabilities detected by AcuSensor and AcuMonitor

Fixes

  • Fixed issue causing multi-line session detection not to be used during scan
  • Updated Jira issue tracker to use proxy server if configured
  • Fixed issue causing gzip encoded body of HTTP responses to become invalidated
  • Fixed: Printing the Coverage report would not print the sitemap in the report
  • Fixed issue causing some login forms not to be detected during the scan
  • Fixed timing issue when scheduling a scan for a future date
  • Fixed scanner crashes caused by specific import files
  • Fixed issue causing DeepScan not to be used on Kali Linux
  • Fixed false positive in Zend Framework LFI via XXE
  • Fixed issue causing some scans to fail because of the client certificate
  • Fixed issue causing LSR playback to fail for some scans
  • Fixed issue in New Scan dialog for Tech Admin users

v13.0.200930102 - 30 Sep 2020

Version 13 (build 13.0.200930102 for Windows, Linux and macOS) 30th September 2020

New Features

  • Export Scans to JSON (available as WAF Export option)
  • Added context-sensitive help for all pages in the UI. Clicking on the ? icon will open documentation for the specific page

New Vulnerability Checks

Updates

  • Numerous updates to the UI
  • Malware scan profile updated to check for Trojans
  • Scanner updated to receive newly discovered hosts from vulnerability checks
  • Updated Swagger 2 implementation to better cater for nested schemes/objects
  • Updated deduplication to better cater for network scans / vulnerabilities
  • Adaptive ciphersuite testing, reduces the average SSL/TLS scan duration by 90%

Fixes

  • Fixed issue where no data was shown for archived scans
  • Fixed some minor issues with default filters
  • Fixed issue showing wrong Target count in license page
  • Fixed UI issue affecting Custom Scan Profiles
  • Fixed Possible Sensitive Files / Folders to use the Case Sensitive Paths setting for the Target
  • Fixed issue in Reverse Proxy Detection check

v13.0.200911154 - 14 Sep 2020

Version 13 (build 13.0.200911154 for Windows and Linux and build 13.0.200911171 for macOS) 14th September 2020

New Features

  • New Data Retention settings, providing the ability to:
    • Keep the last 3 scans for each target and archive previous scans
    • Delete archived scans which are older than 2 years
    • The above data retention settings are configurable
    • The above settings affect vulnerabilities detected, which are archived / deleted accordingly
  • A default scan profile can be configured for each target
  • Forgot Password option for Acunetix On premise, allowing users to reset their password – Email settings need to be configured
  • Detect paths in JavaScript code via static method analysis
  • Ability to retrieve links from several HTTP headers
  • Scanner will try to auto-discover API definitions

New Vulnerability Checks

Updates

  • Vulnerabilities are now shown as grouped by Vulnerability Type and FQDNs
  • Numerous improvements affecting vulnerability deduplication
  • Deleted Targets will not be showing in the UI by default
  • Malicious links detected will be highlighted in the vulnerability report
  • Ability to scan all Targets in a Target Group
  • Improved Swagger support implementation
  • Updated backup files/folders and possible sensitive files checks to report alerts on parent of file detected
  • Time zone can now be configured by each user account
  • User accounts can now change UI to Chinese
  • .NET Sensor updated to support .NET Core
  • Updated Session Fixation vulnerability check to avoid possible False Positives
  • Updated to Chromium v83

Fixes

  • Fixed issue with offline activation
  • Fixed a few crashes occurring on specific sites
  • Fixed issue affecting AcuMonitor when scanning certain sites
  • Various small UI fixes
  • Fixed Target Deletion issue for Consult licenses
  • Fixed: PDF report generation was failing in specific situations
  • Fixed issue causing HTTP requests passing through a proxy to fail
  • Fixed issue affecting relative HTTP redirects
  • Fixed issue causing Manual Intervention not to work on Linux
  • Fixed issue causing DeepScan to miss some DOMXSS vulnerabilities
  • Fixed text overlapping issue in reports
  • Fixed issue causing Telerik Web UI RadAsyncUpload Deserialization (CVE-2019-18935) to not always be detected
  • Fixed: ‘HTTP Strict Transport Security (HSTS) not implemented’ and ‘HTTP Strict Transport Security (HSTS) Best Practices’ where using the same name
  • Fixed: Sensitive files / directories checks were missing Attack details
  • Fixed issue caused when sorting scans by target description
  • fixed a few issues in the Login Sequence Recorder and Business Logic Recorder

v13.0.200807155 - 07 Aug 2020

Version 13 (Windows / Linux: 13.0.200807155, macOS: 13.0.200807156) 7th August 2020

New Features

New Vulnerability Checks

Updates

  • Created and Last Updated dates are available for vulnerabilities
  • Order of section in Comparison report updated to be more intuitive
  • Target Address is shown in full in the UI
  • /users/ endpoint is now available in the API

Fixes

  • Fixed issue when exporting vulnerabilities to WAF which contained CVSS3.1
  • Fixed issue causing custom user-agent to not be used in all requests during a scan
  • Fixed issues causing some vulnerabilities not to be well formatted when sent to JIRA issue tracker
  • Fixed issue when adding JIRA Issue Tracker in Acunetix Online
  • Fixed issue caused when adding Targets to an existing Target Group
  • Minor fix in Comprehensive report text
  • Fixed UI issue showing blank list (Scans, Targets etc) when using the browser’s back button
  • Fixed issue caused by scanning Targets with complex GraphQL schemas

v13.0.200715111 - 15 Jul 2020

Version 13 (build 13.0.200715111 for Windows, Linux and build 13.0.200715153 for macOS) 15th July 2020

New Features

  • Acunetix on premise is now available for macOS

New Vulnerability Checks

Updates

  • Improved UI messages when scans cannot start due to Manual Intervention
  • Updated interpretation and generation of XML requests / responses
  • New Scanning profile for High and Medium Vulnerabilities
  • Target Description is now available on the Scans page
  • Incremental Scans initiated by Jenkins plugin are correctly labelled as incremental
  • A number of improvements in JavaScript Libraries Audit

Fixes

  • Fixed issue caused when configuring Gitlab issue tracker with Impersonation Token
  • Fixed issue causing filter not to be available for Standard licenses
  • Fixed Malware Scan profile to include checks for malware links
  • Fixed resource allocation issue, causing scans to end unexpectedly
  • Comprehensive Report was incorrectly showing High Severity Threat level
  • Fixed issue affecting the CVSS score calculation of some vulnerabilities

v13.0.200624118 - 24 Jun 2020

Version 13 (build 13.0.200624118 – Windows and Linux) 24th June 2020

New Features

  • Introduced support for GraphQL
  • Introduced support for OAuth2.0
  • GraphQL files can be used as Import Files
  • New Comprehensive Report, which includes the HTTP Response in the HTML version of the report
  • HTTP Response uses syntax highlighting for improved readability
  • Scans can now be restricted to paths/locations in import files
  • User can choose which columns to show in all the Acunetix lists
  • UI saves columns selected for each page / user (applies to Targets, Vulnerabilities, Scans and Reports)
  • UI saves number of items to show on each page / user (applies to Targets, Vulnerabilities, Scans and Reports)
  • UI saves sorting order for each page / user (applies to Targets, Vulnerabilities, Scans and Reports)

New Vulnerability Checks

Updates

  • Targets with Manual Intervention cannot have a Business Logic Recording
  • Changed vulnerability name filter to use search as you type
  • Scans will start reporting pages that require HTTP Authentication
  • Acunetix UI notifications have been changed as follows:
    • Moved to bottom right of Acunetix UI
    • Stay longer on the page
    • Can be closed by the user
  • Increased name length limit of import files to 128 characters
  • User can optionally specify the address to be used for Auto-login. This is useful for SSO login pages
  • The scanner will try to connect to the address of the target before aborting the scan after 25 consecutive network errors
  • Targets can be deleted and replaced on the license anniversary

Fixes

  • Fixed: The vulnerability name filter did not always show all vulnerabilities
  • Fixed incorrect error handling message when disabling the proxy settings
  • Hide Business Logic Recorder for Network Only targets
  • Fixed: Acunetix Online was showing an ID as the name of some network vulnerabilities
  • Fixed: Acunetix Online was not always showing the HTTP Response for some vulnerabilities
  • Fixed: Acunetix Online was not showing the number of licensed Targets
  • Fixed issue causing paths of ignored files to be ignored too
  • Fixed LSR issue on Safari browser
  • Fixed issue caused when the LSR and BLR are used on certain sites
  • Various minor fixes to the UI
  • Fixed false positives in over 25 vulnerability checks

v13.0.200519155 - 20 May 2020

Version 13 (build 13.0.200519155 – Windows and Linux) 20th May 2020

Updates

  • Vulnerabilities filter shows correct sorting
  • User can now test notification settings
  • List of Licensed Targets can now be accessed from user profile page

Fixes

  • Fixed issue when using the Login Sequence Recorder remotely
  • ConsultLite licenses were being shown as Standard
  • Some vulnerabilities were not displayed correctly in Azure Devops Services

1 7 8 9 24