Invicti Enterprise On-Demand 12 Aug 2021

This update includes changes to Internal Agents.

FEATURE

IMPROVEMENT

  • Added an option to fail Azure build for only confirmed vulnerabilities.
  • Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
  • Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
  • Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
  • Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
  • Extended the range of digits that can be entered for HOTP and TOTP configuration.
  • Improved global dashboard performance.
  • Changed the error message for members/update API endpoint for password POST requests.
  • Added a control in the UserRoleWebsiteGroupMapping API endpoint to prevent null object reference exceptions.

REMOVAL

  • Removed X-Scanner request header from the default scan policies to prevent web application firewalls from blocking scans.

FIXES

  • Fixed an error preventing NIST, DISA STIG, and ASVS classifications from appearing in the Issue details.
  • Fixed an unhandled error that occurs while deleting scans.
  • Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
  • Fixed scheduled website group scans that do not use primary scan policies.
  • Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
  • Fixed the incorrect API documentation of roles/listpermissions endpoint.
  • Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
  • Fixed missing state field on the member API endpoint.
  • Fixed the 500 Internal Server Error message for a query string to a non-existent page.
  • [INTERNAL AGENT] Fixed an issue where a scan policy name containing invalid filename characters was causing scans to fail.
  • [INTERNAL AGENT] Fixed several scan failure issues caused by an error that occurred while trying to open the vulnerability database.
  • [INTERNAL AGENT] Fixed agent attempting to use proxy even after settings are changed.
  • [INTERNAL AGENT] Fixed an unhandled error thrown while archiving the scan data.
  • [INTERNAL AGENT] Added NoProxy option to internal agents.