Home
/
Documentation
/
v25.3.0 - 25 March 2025
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
26 Mar 2025

v25.3.0 - 25 March 2025

New features

  • Added support for encrypting proxy credentials settings in the agent appsettings.json file

Improvements

  • Improved technology version detection from URI
  • Scheduled group scans will be initiated in chunks when exceeding 500 websites
  • The SelfDisable command is no longer sent to the Agent when its state is updated to Disabled.
  • Fixed the issue to enable compatibility with the latest version of GitHub Actions
  • Scheduled scans now remove the URL path after ‘#’ when using the default Scan Profile
  • Added a loading state for the Export CSV button to prevent multiple clicks
  • Improved multiple technology reporting on the same location.
  • Improved signatures for Axios and PrototypeJs detection.
  • Upgraded 3rd party script libraries
  • Updated OpenSSL from version 3.3.1 to 3.3.2
  • Added AttackUsage to DOM XSS Patterns
  • Updated the Splunk Python SDK for the Splunk Plugin to ensure compliance with the latest Splunk Vetting Policy
  • Improved value filling in GraphQL queries

Resolved issues

  • Fixed an issue where the agent was duplicated on premises when using a cloud provider
  • Fixed an issue where "Test Scripts" under Form Authentication in a scan profile failed to load responses
  • The Validate Imported Links API endpoint no longer requires a Target URL when a file is uploaded
  • Fixed an issue where changing the website associated with a profile disrupted the settings, configurations, and scan tasks
  • Fixed an issue where past scans would not load in Invicti Standard 25.1
  • Fixed sorting issues in the dashboard to use numerical order instead of alphabetical
  • Fixed an issue where an insecure deserialization vulnerability in Invicti scan files could allow the execution of arbitrary code upon scan import
  • Fixed an issue where 'LaunchInstance' errors caused GUIDs to be stored instead of AWS-generated instance IDs in the database
  • Fixed an issue that caused the Mend vulnerabilities to be reported with incorrect severity
  • Fixed the issue which was causing exports from Invicti Standard to Invicti Enterprise On-Premises to fail
  • Resolved an issue where LDAP synchronization would fail if a group member was missing an email address; the member is now skipped in such cases
  • The issue preventing the use of the Chromium Extension in Scanner and Verifier Agent has been resolved

Notes for Verifying the Hash Value for Package Integrity in Invicti Enterprise On-Premises

The hash value for the "25.3.0.zip" file is provided below. You can verify the integrity of the file by checking its hash value using one of the methods outlined above:
Release Package Hash Value: E51A9053B751AA6247D684AC89F2F382E0029D506ECC2C0C71BB0C6BC3F81DD2

Methods to Verify the Hash Value:

PowerShell (Windows):

Get-FileHash -Path "25.3.0.zip" -Algorithm SHA256Command Prompt (Windows):

certutil -hashfile "25.3.0.zip" SHA256Linux or macOS:

sha256sum "25.3.0.zip"