🚀 Invicti Acquires Kondukto to Deliver Proof-Based Application Security Posture Management

100% Signal 0% Noise
Platform
Platform Overview
Features
CAPABILITIES
Web Application Security
ASPM
API Security
DAST
SAST
SCA
Container Security
AI-Powered AppSec
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Case Studies
Invicti Learn
Live Training
Partners
Support
Get a demo
Home
/
Documentation
/
v25.7.0 - 8 July 2025
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
08 Jul 2025

v25.7.0 - 8 July 2025

This update includes changes to the internal agents. The internal scan agent’s current version is 25.7.0. The internal authentication verifier agent’s current version is 25.7.0.

Security checks

  • Added a new CVE check for CVE-2019-19326
  • Added a new XSS attack for CVE-2024-11831

Improvements

  • Improved prototype-pollution detection to reduce noise
  • Improved XSS detection to reduce noise
  • Increased the timeout duration for IAST responses to prevent premature failures
  • Updated dependencies with known vulnerabilities
  • Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
  • Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
  • Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.474
  • When user roles changes details are now available on Activity Logs
  • Jenkins Plugin: Corrected misleading UI validation for the "Report Type" parameter within the "Netsparker Enterprise Scan" build step. The field no longer incorrectly appears as required, clarifying its optional nature
  • LDAP Integration: Permanently enabled LDAP integration for on-premise WebApp installations by removing its associated feature flag. LDAP functionality is now available by default
  • Shark (IAST) versions upgraded
  • Agent and Verifier download names now come in a specific format
  • Added new columns while exporting with All Attributes CSV

API changes

  • Addresses discrepancies in global vulnerability counts between scan tasks and website issues

Resolved issues

  • Corrected the MOVEit SQLi check to avoid reporting an incorrect version
  • Enhanced support for using multiple secrets simultaneously within a single custom header
  • Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
  • Addressed an issue encountered during report policy migration
  • File Uploads: Added support for additional ZIP MIME types to resolve upload issues from some operating systems
  • Fixed broken link issue
  • Fixed integration duplication issue on Notification UI
  • Fixed an issue where starting a new scan after a failed PCI scan could cause the PCI scan status to remain stuck in the "Stopping" state
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti {year}
Resources
FeaturesIntegrationsPlansCase StudiesRelease NotesInvicti Learn
Use Cases
Penetration Testing SoftwareWebsite Security ScannerEthical Hacking SoftwareWeb Vulnerability ScannerComparisonsOnline Application Scanner
Web Security
The Problem with False PositivesWhy Pay for Web ScannersSQL Injection Cheat SheetGetting Started with Web SecurityVulnerability IndexUsing Content Security Policy to Secure Web Applications
Comparison
Acunetix vs. InvictiBurp Suite vs. InvictiCheckmarx vs. InvictiProbely vs. InvictiQualys vs. InvictiTenable Nessus vs. Invicti
Company
About UsContact UsSupportCareersResourcesPartners

Invicti Security is changing the way web applications are secured. Invicti’s dynamic and interactive application security products help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers in helping to improve their overall security posture.

LegalPrivacy PolicyCalifornia Privacy RightsTerms of UseAccessibilitySitemap
Privacy Policy