Home
/
Documentation
/
v25.7.0 - 8 July 2025
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
08 Jul 2025

v25.7.0 - 8 July 2025

This update includes changes to the internal agents. The internal scan agent’s current version is 25.7.0. The internal authentication verifier agent’s current version is 25.7.0.

Security checks

Improvements

  • Improved prototype-pollution detection to reduce noise
  • Improved XSS detection to reduce noise
  • Increased the timeout duration for IAST responses to prevent premature failures
  • Updated dependencies with known vulnerabilities
  • Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
  • Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
  • Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.474
  • When user roles changes details are now available on Activity Logs
  • Jenkins Plugin: Corrected misleading UI validation for the "Report Type" parameter within the "Netsparker Enterprise Scan" build step. The field no longer incorrectly appears as required, clarifying its optional nature
  • LDAP Integration: Permanently enabled LDAP integration for on-premise WebApp installations by removing its associated feature flag. LDAP functionality is now available by default
  • Shark (IAST) versions upgraded
  • Agent and Verifier download names now come in a specific format
  • Added new columns while exporting with All Attributes CSV

API changes

  • Addresses discrepancies in global vulnerability counts between scan tasks and website issues

Resolved issues

  • Corrected the MOVEit SQLi check to avoid reporting an incorrect version
  • Enhanced support for using multiple secrets simultaneously within a single custom header
  • Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
  • Addressed an issue encountered during report policy migration
  • File Uploads: Added support for additional ZIP MIME types to resolve upload issues from some operating systems
  • Fixed broken link issue
  • Fixed integration duplication issue on Notification UI
  • Fixed an issue where starting a new scan after a failed PCI scan could cause the PCI scan status to remain stuck in the "Stopping" state