🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management
100% Signal 0% Noise
Platform
Platform Overview
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Features
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v23.2.0
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
28 Feb 2023

v23.2.0

Improvements

  • Improved the Technologies page for detailed version information of technologies identified.
  • Improved the target website deletion process to prevent any errors because of instantaneous action.
  • Improved the scan compression algorithm.
  • Add a new API endpoint (api/1.0/issues/summary) for better issue reporting.
  • Added /api/1.0/scans/validate-imported-links-file to retrieve errors in the imported links.
  • Added the last revived date parameter to the All Issues API endpoint.
  • Improved the API endpoint to create team members and update their information.
  • Improved the maximum scan duration to stop only those scans with the Scanning status.
  • Added a token matching rule when it is required to get the token from a website other than the target URL.
  • Added secure attribution for cookies.
  • Added interval for Update Agents' list on the installation wizard.
  • Added the GUID control before getting the integration id to prevent any issue in the flow.
  • Updated the scan control center to drop the difference between the unsuccessful resuming and pausing status.
  • Improved the detection of whether the Jira instance is on the cloud or on-premises.
  • Improved the ServiceNow Incident Management integration.
  • Added active scan check when deleting an authentication profile.
  • Improved the Invicti web application performance.
  • Improved the website deletion process to block access to the associated file of the deleted website.
  • Improved the Jira integration to add the Affected Versions as an option.
  • Updated the TeamCity plugin that requires the Server URL and Domain URL to be the same.
  • Improved the vulnerability report in which any credit card information is masked.
  • Added the Authentication Verifier Service’s IP address to the setting to prevent it from being affected by the IP Restrictions.
  • Improved the agent’s configuration file to specify a folder where the agent’s scan data is to be saved.
  • Fixed case sensitivity when checking HTTP headers for JSON Web Tokens.
  • Fixed missing CSP 3 Directive.
  • Changed the Second Level Domain option on the Discovery Service to disabled by default.
  • Improved the scanning of Burp files that are without XML extensions.

Fixes

  • Fixed the scanner agent issue where the Linux agents failed because of TLS as a result of breaking changes in .NET 5.
  • Fixed the configuration issue in a Docker scanner agent.
  • Fixed the Hawk validation issue.
  • Fixed the issue in the IAST installer that threw an error message despite successful installation.
  • Fixed the basic authentication issue that threw an error although the credentials are correct in the scan profile.
  • Fixed the business logic recorder issue that prevented the recorder to play recorded steps during a scan.
  • Fixed the inconsistent number of vulnerability counts by severity information on the scan report page.
  • Fixed the vulnerability serialization issue that caused the out-of-memory error.
  • Fixed the scan scope issue that does not load the scan scope correctly on the first try.
  • Fixed the scan profile issue that failed to register the database selected on the scan optimization page.
  • Fixed the corrupted scan data ZIP file downloaded via an API endpoint.
  • Fixed the silent installation issue in which the installation path cannot be located.
  • Fixed the business logic recorder issue where the session is dropped because of a cookie.
  • Fixed the sitemap issue that fails to show the site map after the scan.
  • Fixed the null reference exception thrown in the new installation.
  • Fixed the issue that fails to render the API document’s index page.
  • Fixed the bug that threw an error when exporting a report.
  • Fixed a bug that prevents the scanner from attacking to login and logout pages.
  • Fixed the synchronization issue for the Discovery Service.
  • Fixed an issue about header encoding that cause false positive CSP reporting.
  • Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
  • Fixed null reference error during the SCIM User creation.
  • Fixed the user interface issue to reflect the agent information on the Installed Framework accurately.
  • Fixed the Hawk URL issue that is changed after the scan policy update via an API endpoint.
  • Fixed the bug that throws a null reference exception at the authentication.
  • Fixed the inconsistent risk level on the generated reports.
  • Fixed the bug that throws a null reference exception at the authentication.
  • Fixed the IPv6 registered website resolution issue thrown before scanning.
  • Improved the maximum scan duration detection.
  • Fixed the scheduled scans not being exported issue from Invicti Standard to Invicti Enterprise.
  • Fixed the bug in which OAuth2 settings were not transferred properly from the web application to the agent.
  • Fixed the bug that throws a null reference exception at the authentication.
  • Increased the time out for the cloud PDF converter to prevent timeout-related errors.

Removed

  • Removed the PCI DSS scan option on the New Scan page.
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy