Invicti Product Release Notes
31 Aug 2022
6.7.0.37625
SECURITY CHECKS
- Added pattern for XSS via file upload SVG.
IMPROVEMENTS
- Added the Cache By CSS Selector and Max Cache Elements to the scan policies.
- Added the GraphQL endpoints and libraries to the Knowledge Base.
- Updated the Jira tooltip for the access token or password field.
- Removed the target URL health check that lets the scan continue despite getting error messages such as 403.
- Improved the raw scan file expired information message.
- Improved the scan profile test coverage.
- Updated regex for Stack Trace Disclosure (Java) - Java.Lang Exceptions.
- Improved the JSON Web Tokens secret list.
- Improved the re-login process when the logout is detected.
FIXES
- Fixed the retest issue.
- Fixed the null reference error thrown during the late confirmation.
- Fixed an issue of using the disposed objects.
- Fixed the exception error when cloning the report policy.
- Fixed the broken links on the report policy.
- Fixed mistaken NIST and DISA classifications.
- Fixed a bug that threw the database locked error when Invicti is restarted after a scan.
- Fixed an issue where a JavaScript Setting option blocks inputs for the single-page applications to be reported in the Web Pages with Inputs node.
- Fixed a bug that caused the scan session failure when the scan is paused and resumed.
- Fixed failed scans where the Target URL is IPv6 and starting with ::1
- Fixed the Postman collection parsing by removing / in front of the query in the URL.
- Fixed the Shark validation issue that threw exceptions while validating.
- Fixed the issue with proxy settings, so Invicti prioritizes the settings in the scan policy.
- Fixed NodeJS RCE-OOB security check.