Home
/
Documentation
/
Invicti Enterprise On-Demand Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Enterprise On-Demand

RSS FEED
21-December-2022
COPY LINK

This update includes changes to the internal agents. The internal scan agent's current version is 2.0.2.158. The internal authentication verifier agent's current version is 2.0.2.158.

Improvements

  • Added auto responder for images to escape the onerror issue.

Fixes

  • Fixed the agent stuck issue when the scan timeout is detected.
  • Fixed an issue that overrode TLS settings available in the scan policy when the Ignore SSL Certificate Errors is set to True in the Appsetting.json file.
21 June 2023
COPY LINK

Improvements

  • Improved the scan deletion process.
  • Improved the authentication agent to carry out any stepped authentication, such as first Form Authentication then OAuth2.
  • Added filter for discovered websites via AWS connection.
  • Enabled regex case sensitivity for attack payloads.
  • Updated Boolean NoSQL / SQL Injection attack payloads.

Fixes

  • Fixed PCI Report generation error when selecting a specific group.
  • Fixed the issue that prevents users from saving the scan profile when the Is Regex checkbox next to the Excluded Path field is selected on the URL Rewrite page.
  • Fixed the timezone problem on the Knowledge Base Reports.
20-May-2021
COPY LINK

This update includes changes to Internal Agents.

FEATURE

  • Added Authentication Profiles feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.

IMPROVEMENT

  • Added support for importing links from multiple RAML files from a ZIP file (include directive support).
  • Improved Azure AD Single Sign-On in-app help text.
  • Removed the Current Password field for admin users (logged in with SSO) while editing a member.
  • Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.

FIXES

  • Fixed an error that occurs while trying to mark an issue as false positive.
  • Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles.
  • Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced.
  • [INTERNAL AGENT] Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running.
20-Jun-2022
COPY LINK

This update includes changes to the internal agents. The internal scan agent's current version is 2.0.2.144.The internal authentication verifier agent's current version is 2.0.2.144.

FIXES

  • Fixed the bug that prevents the Netsparker Helper Service from working properly on cloud agents.
20-Jul-2022
COPY LINK

FIXES

  • Fixed internal exception that affects the usage of SCIM API endpoints
  • Fixed a bug that causes the All Issues API endpoint not to work when Splunk is selected as an integration.
20-Jan-2022
COPY LINK

This update includes changes to internal scan agents. The internal scan agent's current version is 2.0.2.135.

IMPROVEMENTS

  • Added a condition for team members when sending an email notification.
  • Added a condition when sending an email notification for Out-of-Date Technologies to customers.
  • Improved the importing of RAML files includes other files.
  • Updated the Freshservice integration not to send a user agent header.
  • Improved the API responses by adding model mapping for AuthenticationProfileOption and AuthenticationProfileId.
  • Added a message to the Jira integration to show that the integration is created successfully.
  • Added an error message for invalid component value of newly created Jira integration.
  • Improved the pop-up message that warns users that they share the report with a person from the outside of the organization.

FIXES

  • Fixed an issue that prevented keywords from being refreshed when the login required URL is changed on the Login Verification window.
  • Fixed a misspelled word on the GraphQL Introspection window.
  • Fixed a bug that prevented each website using its own default scan policy when a scheduled group scan is launched.
  • Fixed the issue where the client-side cookies were not excluded correctly.
  • Fixed an issue with latestVulnerabilityStatePointId values that return errors on the Issues/To Do and Issues/All issues.
  • Fixed an issue that shows a two-factor authentication warning message for provisioned team members with Okta.
  • Fixed an information message that uses the word "notification" although the message is about the integration.
  • Fixed an issue in DefectDojo, YouTrack, and TFS integration that refreshes the New Integration page when a custom field is added and the user selects the Create Sample Issue button.
  • Fixed an issue that shows extra leading white space in the console of the Website page.
  • Fixed the issue with the Missing XSS protection Header in the Out-of-Scope link.
  • Fix the issue that prevents the built-in scan policies from being updated when there is a new update for the On-Demand version.
  • [INTERNAL AGENTS] Fixed a request payload when the Agent sends big scan data.
  • [INTERNAL AGENTS] Fixed OAuth2 verification that fails due to the OTP settings model being null.
  • [INTERNAL AGENTS] Fixed the scan error on completion issue because of crossthread error by moving to ConcurrentDictionary.
19-Oct-2021
COPY LINK

FEATURES

  • Introduced the default scan and report policy, so you can set default policies for your team.

IMPROVEMENTS

  • Added the tagging filtering to the Scan Profiles.
  • Added the license error to the scans that were scheduled by users whose licenses are expired.
  • Added the fixed confirmation date to the issues API endpoint so that you can better track your team's remediation efforts.
  • Added null check for application names during comparison with the vulnerability database.

FIXES

  • Fixed the first seen date issue that appeared differently on the user interface and the scan report.
  • Fixed the Url Rewrite Excluded Links API call by adding null response back to that call's responses.
  • Fixed a bug that prevents serialized integration information from being decrypted in some issues.
  • Fixed an issue that displays the mistaken path in the trend matrix reports when different paths are scanned.
  • Fixed a bug returning the 500 Error when an issue is updated.
19-Jul-2022
COPY LINK

This update includes changes to the internal agents. The internal scan agent's current version is 2.0.2.147. The internal authentication verifier agent's current version is 2.0.2.147.

NEW FEATURES

IMPROVEMENTS

  • Enhanced the Discovery Service to detect more relevant web applications.
  • Improved the Late-Confirmation Storage Mechanism to lower disc usage.
  • Improved the rate limit for the All Issues API endpoint.
  • Added an API endpoint to better understand how many websites each user scanned.
  • Added raw scan file expired status to the Scan Failure Reasons.
  • Added the IsEnabled API endpoint for the OAuth2 setting.
  • Updated the icons on the Trend Matrix page.
  • Added logs to scheduled scans to identify the license issue when the scan couldn't be launched.
  • Improved the internal agent to check whether OAuth2 is enabled or not.
  • Improved the Activity Log to include information on vulnerability profile changes.
  • Improved the Scan Profiles API endpoint to include information on the imported URLs.

FIXES

  • Fixed a bug caused by special characters that affected the Out of Scope node.
  • Fixed a bug that caused the OAuth2 settings to disappear after being saved in a scan profile following enabling and disabling operations.
  • Fixed a bug that throws errors on the summary page for technologies links.
  • Fixed the issue that IP Address Restriction is not working on API access.
  • Fixed an issue that shows the same vulnerabilities more than once in the scan summary reports.
  • Fixed a bug that shows the soft-deleted scan policies when their URL is entered.
  • Fixed a bug that prevents notifications from appearing on the user interface when data size is exceeded.
  • Fixed imported links DLL mismatch problem for Postman and GraphQL.
  • Fixed a bug that shows an empty list of possible GraphQL endpoints in the Security Checks list.
  • Fixed a bug that throws 500 Internal Server Error returns upon the "GET issues/addressedissues" API call.
  • Fixed a bug that throws 500 Internal Server Error returns upon the "GET /issues/todo" API call.

REMOVAL

  • Removed the Ignore these extensions field from the scan policies page.
19-Jan-2021
COPY LINK

IMPROVEMENTS

  • Added grouping support for agents.
  • Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
  • Added websitesgroups/delete/{id} API endpoint.
  • Improved the performance of the technology dashboard.
  • Fixed the absolute start date of scheduled scans as a tooltip to relative dates.

FIXES

  • Fixed several scan stuck issues.
  • Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
  • Fixed an issue an incorrect email address could be entered as a notification recipient.
  • Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
  • Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.
19-Aug-2021
COPY LINK

This update includes changes to Internal Agents.

IMPROVEMENTS

  • Added the missing information that was not exported to YouTrack, Asana, and Github in the case of Frame Injection vulnerability.
  • Added new property to /scans/list API endpoint to distinguish between scans.
  • Added paging to auditlogs/export API endpoint.
  • Added the group by parameter to the Technology dashboard.
  • [INTERNAL AGENT] Increased the agent's polling time to 30 seconds.

FIXES

  • Fixed a bug that prevents updated scan profiles of the Scheduled Scans from being synchronized with these scheduled scans.
  • Fixed a space issue in GitLab integration that prevents integration to be completed successfully.
  • Fixed the deserialization issue that threw bad requests in some scans.
  • Fixed the issue of returning null response by removing WebsiteGroupId requirement from UserRoleWebsiteGroupMapping API endpoint.
19-Apr-2021
COPY LINK

This update includes changes to Internal Agents.

FEATURE

  • Added GitHub Actions CI/CD integration.
  • Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.

IMPROVEMENT

  • Improved time zone calculations to handle new time zones.
  • Improved configuration validation error messages for Privileged Access Management integrations.

FIXES

  • Fixed validation error messages on the Email Settings page.
  • Fixed some of the swagger API validation errors reported for the REST API.
  • [INTERNAL AGENT] Fixed an agent scan stuck issue while archiving.
  • [INTERNAL AGENT] Fixed a retest problem where some issues could not be retested.
  • [INTERNAL AGENT] Fixed an agent auto-update issue.
19 July 2023
COPY LINK

New Features

  • [Closed beta] Added the Team Administrator default role
  • Changed compression tool from 7zip to Tar
  • Added Diana.jl support for GraphQL Library Detection
  • Added Hot Chocolate support for GraphQL Library Detection
  • Added Zero Day Vulnerability for MOVEit Software

Improvements

  • Expanded scenarios for Discovery Service with AWS Connections
  • Improved performance when updating vulnerability lookups
  • Improved performance of database indexes
  • Improved added API endpoints for Custom Scripts
  • Improved performance for Issues Report API endpoint
  • Improved detection of IT Hit WebDav Server .Net versions
  • Improved Internal Path Disclosure detection
  • Improved Remediation Advice for Autocomplete Enabled vulnerability
  • Improved detection logic for LFI vulnerability
  • Improved identification and version disclosure for PopperJS, CanvasJS, and Next.js
  • Improved WAF Detection for F5 BIG IP

Fixes

  • Fixed issue with scans stopping with the Find & Follow New Links option enabled
  • Fixed issue with agent compression of chromium and node files
  • Fixed null value exception with REST API
  • Fixed InvalidCastException with REST API
  • Fixed ArgumentNullException with Custom Security Checks
  • Fixed Access Denied error when attempting to delete scan files which were already previously deleted
  • Fixed cannot login to web app after changing database password
  • Fixed unclear results with PCI reports with edge date ranges
  • Fixed BLR cannot fill address fields
  • Fixed licensing issue when adding a previously-deleted website
  • Fixed adding some MongoDB vulnerabilities to Knowledge Base report
  • Fixed importing Swagger/OpenAPI links
  • Fixed Discovery Service issue with AWS Connection throttling
  • Fixed authentication failure with MFA recovery codes
  • Fixed license file corruption issue during version upgrade
  • Fixed scans unauthenticated after successful authentication verification
  • Fixed linux agent update issue