Home
/
Documentation
/
Invicti Enterprise On-Demand Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Enterprise On-Demand

RSS FEED
30-Nov-2021
COPY LINK

This update includes changes to Internal Agents. The internal agent’s current version is 2.0.2.129.

NEW FEATURES

IMPROVEMENTS

  • Improved the paragraph style of the login warning banner.
  • Changed the brand name of Clubhouse to Shortcut.
  • [INTERNAL AGENT] Added the error messages to the Login Simulation Pages.

FIXES

  • Fixed the Jolokia version disclosure report to properly highlight the related lines.
  • Fixed a bug that threw an error when users update a vulnerability's status as False Positive on the Technical Report page.
  • [INTERNAL AGENT] Fixed a bug that prevented subprocesses of agent from being shutdown during the update process.
30-Mar-2021
COPY LINK

This update includes changes to Internal Agents.

FEATURE

IMPROVEMENT

  • Improved the error messages returned from the notification API endpoint.

FIXES

  • Fixed missing nodes on the sitemap tree.
  • Fixed an issue where links imported from a Burp file are incorrectly parsed as HTTP, not HTTPS.
  • [INTERNAL AGENT] Fixed an issue where an HSTS issue keeps reviving when the website is scanned again.
  • [INTERNAL AGENT] Fixed a scan failed issue that occurs during archiving scan files.
  • [INTERNAL AGENT] Fixed an issue where WSDL importing fails while trying to locate the external schema.
  • [INTERNAL AGENT] Fixed an InvalidOperationException.
29-Jun-2021
COPY LINK

FEATURE

IMPROVEMENTS

  • Prettified the outputs printed by Azure Pipelines, GitLab and UrbanCode deploy CI/CD integrations.
  • Added support for committing changes on the tag editors with the TAB key.
  • Added Organization field to GitHub issue tracking integration.
  • Updated YouTrack issue tracker integration to use the new API.
  • Improved the performance of issues/allissues API endpoint.
  • Added alternate mail address field (if available) to the account/me API endpoint.
  • Improved Splunk integration by sending the issue updates without requiring a new scan.
  • Improved the performance of the Technology Dashboard.
  • Improved the performance of the scans/report endpoint.
  • Updated the look and feel of emails sent.
  • Added Known Issues information to issues while sending to Kenna.
  • Improved the performance of PCI scan reports.
  • Added links to CVE IDs on reports.

FIXES

  • Fixed the incorrect email displayed on the audit log when a failed login attempt is logged.
  • Fixed a bug where a team with the same name tried to be provisioned when SCIM integration is used with SSO providers.
  • Fixed the team member APIs by adding the missing CreatedAt field.
  • Fixed an issue where some users with the default View Reports rule cannot see the global dashboard page.
  • Fixed a memory leak happens while generating PDF reports.
  • Fixed a NullReferenceException thrown while calling the scans/new API endpoint.
  • Fixed an error occurs when a website which has tagged issue is deleted.
  • Fixed a page loading issue on authentication verifier.
  • Fixed the clipped user interface elements on the New User Mapping page when the page widths get narrow.
  • Fixed an issue where the Exclude Authentication Page checkbox does not get updated.
  • Fixed the overlapping logo on reports.
  • Fixed an issue where incremental scans started from CI/CD integrations are using the default profile if there are no scans performed to that website previously.
  • Fixed the Not Found error displayed while testing notifications for Azure Boards integration.
  • Fixed the empty PCI report issue.
  • Fixed random HTTP 500 error thrown from scans/report API endpoint.
  • Fixed missing agent groups when queried using agentgroups/list API endpoint.
  • Fixed an issue where old VDB results are displayed on the known issues tab.
  • Fixed a NullReferenceException.
  • Fixed connection timeout issues.
  • Fixed an issue where an exception was thrown if the agent Helper Service is set to use a different port on Linux machines.
  • Fixed an issue where the issues of a custom security check are incorrectly listed under a different vulnerability on reports.
  • Fixed a scan stuck issue.
  • Fixed scans failing on some systems while scanning TLS 1.3 websites.
28-Jun-2022
COPY LINK

FIXES

  • Fixed the parsing problem encountered when Burp and Postman files are imported via the Links/API Definition page.
  • Fixed imported links DLL mismatch problem for GraphQL.
28-Apr-2022
COPY LINK

This update includes changes to the internal scan agent. The internal scan agent's current version is 2.0.2.141.

NEW FEATURES

IMPROVEMENTS

  • Updated embedded chromium browser
  • Added integration failed status for the Secrets and Encryption Management services.
  • [Internal scan agent] Updated the scan agent update workflow. When there is a new update and users have more than one scan agent, the new version will be downloaded only once. Other scan agents will rely on this new package to update themselves.
  • Added a drop-down to determine how many results are to be displayed on a page. The options are 20/50/100/200.
  • Added a new explanation for the api/1.0/scans/unschedule endpoint to clear any ambiguity
  • Added a filter that checks the number of issues being displayed on the global dashboard.
  • Updated the scan profile to include the verified form authentication.
  • Improved the IP filtering on the discovered websites' page.

FIXES

  • Fixed a bug that caused a broken website-scan relationship as a result of the inconsistent update.
  • Fixed the inconsistent vulnerabilities listed in XML and CVS reports.
  • Added the OnlySsoLogin parameter for SCIM so that users can determine if they want members to log in with SSO or not.
  • Fixed the bug that caused the issues' status to stay the same in the case of bulk editing.
  • Fixed the SCIM API schema that showed incorrect responses for the group.
  • Fixed a bug on the user interface that showed incorrect scan status.
  • Fixed an issue with global servers in imported Swagger files.
  • Fixed a bug that add duplicated users to a team when added using SCIM.
  • Fixed the Azure board integration webhook issue caused by the status codes.

REMOVED

  • Removed the agent platform selection option for the internal agents from the user interface.
28-Apr-2021
COPY LINK

This update includes changes to Internal Agents.

IMPROVEMENT

  • Added an option to specify a scan profile while scheduling scans through API.
  • Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
  • Added support for 11 digit phone numbers while inviting a new member.
  • Added a field to specify the user’s SSO email address while creating a new team member using the API.
  • [INTERNAL AGENT] Added IgnoreSslCertificateErrors option to Docker agent.

FIXES

  • Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail.
  • Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification.
  • Fixed a mismatching type issue on /scanprofiles/list API response model.
  • Fixed an issue where a failed scan sends an excessive amount of email notifications.
  • Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed.
  • [INTERNAL AGENT] Fixed agent auto-update issues.
28 September 2023
COPY LINK

New features

  • Added new options to the dashboard for selecting date ranges, including creating custom time periods
  • Added a notification to the scan results page to show the VDB update version and Invicti Hawk connectivity status for the agent used in the scan
  • Added a sensitive data (password, session cookie, token etc.) encoder

New security checks

  • Added JQuery placeholder detection methods
  • Added a new security check for the Missing X-Content-Type-Options vulnerability

Improvements

  • Improved the JS Delivery CDN disclosure check to increase stability
  • Improved the remediation part for the Weak Ciphers Enabled vulnerability
  • Reduced the certainty value to 90 for the Robot Attack Detected vulnerability
  • Improved the detection method for CSP
  • Improved the detection method for the Dockerignore File Detected vulnerability
  • Improved the detection method for the Docker Cloud Stack File Detected vulnerability

Fixes

  • Fixed an issue with imported links in the API
  • Fixed a bug in the scan URL rewrite rules
  • Fixed a bug that was preventing retest scans from starting correctly when the vulnerability states were changed from 'Reviewed' to 'Fixed (Unconfirmed)'
  • Fixed a bug with disabling the scheduled scans list
  • Fixed an issue with viewing the Account Edit page
  • Added the missing CVE to the issue details for the "Out-of-date Version (jQuery Validation)" vulnerability
  • Fixed some bugs that were affecting BLR
  • Encrypted proxy password details when used in the Agent
  • Fixed a custom proxy bypass list issue
  • Fixed a unique analyzer bug for the WSDL importer
  • Improved our XSS capabilities
  • Fixed an NTLM login issue
28 March 2023
COPY LINK

Improvements

  • Added an option to ignore events that can break the JavaScript simulation script.
  • Added version number information to internal agents on the Configure New Agent page.
  • Improved the agent and web application communication to end it after three attempts if the internal agent has wrong information.
  • Improved Invicti Enterprise to clear all login files upon signing out of the application.
  • [Early Access] Created a queue to store scan results and register results asynchronously.

Fixes

  • Fixed the issues API endpoint on the updating and sorting.
  • Fixed the tagging issue with the Azure Boards integration that the tag appeared on the Azure board although there is no tag entered on the Invicti side.
  • Improved the web app and agent communication.
  • Updated the docker agent package for the 64-bit process.
  • Fixed the bug that threw an object reference error while trying to end the scans that exceeded the max scan duration.
  • Fixed the Classless Inter-Domain Routing (CIDR) transformation issue for the discovery service.
  • Fixed the discovery service crawling issue.
  • Fixed issues that caused erroneous reports.
28 February 2023
COPY LINK

Fixes

  • Fixed the bug that caused scans to be canceled unexpectedly.
  • Fixed the bug that caused scans to terminate prematurely due to incorrect time settings.
27-Sep-2022
COPY LINK

This update includes changes to the internal agents. The internal scan agent's current version is 2.0.2.153. The internal authentication verifier agent's current version is 2.0.2.153.

IMPROVEMENTS

  • Added the .gql to the supported file types for the import link.
  • [Early Release] Deselected the Include Unreachable Discovered Website checkbox by default.
  • Improved the site map and vulnerability synchronization.

FIXES

  • Fixed the website's exporting to CSV issue when sorted by description.
  • Improved the scan status that running scans will be set as Failed if their Scanner Agent is Not Available or Terminated.
  • Fixed the deleted vulnerability issue while creating a scan report.
  • Fixed the Exclude Authentication Pages option on the scan scope when configuring an authentication profile.
27-Jan-2021
COPY LINK

IMPROVEMENTS

  • Improved an agent auto-update procedure to support updates for minor version changes.
  • All credential information on API responses is encrypted.
  • Prevented agent log file names to be renamed by the browser according to the user’s regional settings.

FIXES

  • Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
  • Fixed several issues on the sitemap tree and improved the performance.
  • Fixed a hanging scan issue that occurs while the scan state is changing.
  • Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
  • Fixed the incorrect VDB version displayed on the agent.
  • Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
  • Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.
26-Feb-2021
COPY LINK

This update includes changes to Internal Agents.

NEW FEATURES

  • Added IAST Scanning capabilities.
  • Added CyberArk Vault Privileged Access Management integration.

IMPROVEMENTS

  • HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
  • Added search capability to the Website Group selection drop-down on the global dashboard page.
  • Added the API endpoint option to create users that can only log in using Single Sign-on.
  • Added the last login date information to the team member API endpoint.
  • [INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.

FIXES

  • Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
  • Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
  • Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
  • Fixed an issue where the Single Sign-on only users were not able to access their API tokens.
  • [INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.