🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
26-Apr-2019
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
26 Apr 2019

26-Apr-2019

NEW FEATURES

  • Added "Do not differentiate HTTP and HTTPS protocols" option to scope settings
  • Added 3-Legged Token flow for OAuth2 authentication
  • Added an option to be able to use a fixed OAuth2 token type

NEW SECURITY CHECK

  • Added new XSS pattern that injects attack payload to HREF attribute

IMPROVEMENTS

  • Added reporter account id to JIRA Send To
  • Updated SSRF ipv6 pattern names
  • Improved the visibility of Resume button while performing a Manual Crawling
  • Improved the error message displayed while importing Swagger links

FIXES

  • Fixed retrying getting OAuth2 token
  • Fixed a NullReferenceException thrown when OAuth2 enabled scan is loaded
  • Fixed an UnhandledException thrown during DOM Simulation in some rare cases
  • Fixed pausing scan when OAuth2 authentication failed
  • Fixed logging OAuth2 error messages
  • Fixed showing context menu for activity viewer's group rows
  • Fixed a NullReferenceException thrown when mouse is moved over sitemap
  • Fixed the missing space character on Best Practice severity text on issues panel
  • Fixed the incorrect position of Force Pause button on high DPI screens
  • Fixed the white screen flashed on dark theme while navigating between KB screens
  • Fixed the tiny progress animation on license popup dialog
  • Fixed the dark theme issues on Advanced Settings screen
  • Fixed a KeyNotFoundException thrown when the scan has finished
  • Fixed the issue where ignoring first vulnerability variation ignores all variations
  • Fixed a NullReferenceException thrown while Security Checklist panel is being activated if Scan Policy Editor dialog is opened by Assistant
  • Fixed an issue where DOM simulation might conflict with some JS frameworks
  • Fixed the broken Ignore From this Scan context menu action on Sitemap panel
  • Fixed a NullReferenceException thrown from Invicti Assistant
  • Fixed the NullReferenceException thrown when a Manual Crawling scan is imported and then resumed
  • Fixed the issue where recently optimized scan policy is not selected when the Start a New Scan window is opened again
  • Fixed an issue where multiple persona could be selected on Form Authentication settings
  • Fixed the garbled configuration sample in Remedy section of HSTS Policy Not Enabled vulnerability
  • Fixed the incorrect behavior on Notifications panel when it is scrolled to the end
  • Fixed a NullReferenceException thrown while generating a report from a scan that contains a File Upload Vulnerability
  • Fixed an issue where an extra ampersand is appended to query string while generating URL of a Swagger imported link
  • Fixed an XmlException while trying to parse a sitemap.xml response that is not found
  • Fixed a GZip decoding issue while trying to decode a compressed sitmeap.xml
  • Fixed an unhandled NullReferenceException thrown from Sitemap
  • Fixed parsing OAuth2 response regardless of the response content type
  • Fix parsing JSON content type in Swagger parser to handle unexpected content types instead of creating a request for them
  • Fixed performance issues caused by excessive logging when Activity Tracking is enabled
  • Fixed a stuck scan issue on web sites using React JavaScript framework
  • Fixed a Postman file importing issue where the response is not base64 encoded
  • Fixed a NullReferenceException thrown while checking mutations on DOM
  • Fixed an unhandled "InvalidOperationException: Object is currently in use elsewhere" error
  • Fixed an error where XML and JSON responses could not be rendered on response viewers
  • Fixed an unhandled NullReferenceException thrown from Assistant
  • Fixed several NullReferenceException errors thrown while viewing knowledgebase items
  • Fixed an issue where the current ongoing scan could be deleted from Local Scans section
  • Fixed an InvalidOperationException "Database is not open" error
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy