Home
/
Documentation
/
v24.7.0 - 9 July 2024
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
09 Jul 2024

v24.7.0 - 9 July 2024

New Security Checks

  • Added a new security check to identify supply chain attacks through Polyfill JS
  • Added a detection for GeoServer SQLi vulnerability (CVE-2023-25157)
  • Added checks for various WordPress plugins

Improvements

  • Improved Credit Card Disclosure Security Check
  • Added custom headers for communication between Agents and Invicti Hawk
  • Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
  • Improved various Sensitive Data Exposure security checks
  • Improved the detection of the Short SSL Key Length vulnerability
  • Added the capability to check for Sensitive Data in XML responses

Fixes

  • Fixed missing Request Body content in vulnerability details
  • Fixed an issue with the 'IgnoreCertificateErrors' Agent setting for SSL Validation
  • Fixed a problem in the JWT Engine to resolve a false positive issue
  • Fixed an issue related to the OTA app scan
  • Fixed HTTP 413 responses resulting from nonce cookies stacking