Invicti Product Release Notes
24 Apr 2023
v23.4.0
Version information: 23.4.0.40376
New security checks
- Added new patterns for GrapQL attack usage.
- Added new attack pattern to CommandInjection.xml.
- Implemented Bootstrap Libraries Detection.
- Added Out-of-Date vulnerability for mod_ssl.
- Added a report template and vulnerability type for Spring Framework Identified.
- Added JavaMelody Interface Detected Signature.
- Changed WAF Identification Signature for F5 Big IP.
- Added the support for Nested objects for GraphQL attacks.
Improvements
- Updated Invicti Standard with new brand logo.
- Added external schema import to solve a WSDL file importing another WSDL file.
- Removed the interactive login button from the verifier dialog.
- Added the Retest All Subitems in the Sitemap to prevent non-retestable issues from being retested.
- Added a null check for HAR files imported.
- Improved the cookie importing process in order for cookies to be compatible with RFC.
- Updated IAST NuGet PHP package.
- Updated StaticDetection.xml & StaticResourceFinder.xml.
- Added service worker request support for authentication, login simulation, and crawling.
Fixes
- Fixed an issue that caused high memory usage while collecting form values.
- Fixed the untrusted certificate error for internal proxies.
- Fixed the issue that caused the change in the date and time format during the Postman file importing.
- Fixed the Linux agents problem that failed to work in the FIPS-enabled environment.
- Fixed the untrusted certificate error for internal proxies.
- Fixed the "Catastrophic Backtracking" in Whoops Debugging detection.