Changelogs

Invicti Enterprise On-Demand

RSS Feed

12 Mar 2021

This update includes changes to Internal Agents. FEATURE Custom Security Checks via Scripting feature that allows extending vulnerability detection capabilities. (Needs to be enabled per account basis) IMPROVEMENT [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.

This update includes changes to Internal Agents.

FEATURE

IMPROVEMENT

  • [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.

04 Mar 2021

This update includes changes to Internal Agents. IMPROVEMENTS Prevented deletion of system notifications. Forced Browsing wordlist made editable. Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length. FIXES Fixed /notifications/ update API endpoint which was not updating recipient emails before. Fixed a Scan Policy Optimizer …

This update includes changes to Internal Agents.

IMPROVEMENTS

  • Prevented deletion of system notifications.
  • Forced Browsing wordlist made editable.
  • Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length.

FIXES

  • Fixed /notifications/ update API endpoint which was not updating recipient emails before.
  • Fixed a Scan Policy Optimizer issue where the Resource Finder settings are not captured when the selection tree is collapsed.
  • Fixed an issue where the Custom Script cannot be created when 3-Legged Authentication is selected while configuring OAuth2.
  • Fixed an issue where the ISO Compliance report cannot be exported for some of the scans.
  • [INTERNAL AGENT] Fixed runtime exceptions thrown on systems that are missing ClamAV.

26 Feb 2021

This update includes changes to Internal Agents. NEW FEATURES Added IAST Scanning capabilities. Added CyberArk Vault Privileged Access Management integration. IMPROVEMENTS HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration. Added search capability to the Website Group selection drop-down on the global dashboard page. Added the API endpoint option to create users that can only …

This update includes changes to Internal Agents.

NEW FEATURES

  • Added IAST Scanning capabilities.
  • Added CyberArk Vault Privileged Access Management integration.

IMPROVEMENTS

  • HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
  • Added search capability to the Website Group selection drop-down on the global dashboard page.
  • Added the API endpoint option to create users that can only log in using Single Sign-on.
  • Added the last login date information to the team member API endpoint.
  • [INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.

FIXES

  • Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
  • Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
  • Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
  • Fixed an issue where the Single Sign-on only users were not able to access their API tokens.
  • [INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.

09 Feb 2021

IMPROVEMENTS Added Scan Profile Name column to Recent Scans page. Added Website URL as a filter field to Scheduled Scans page. Removed encrypted authentication credentials from API responses. FIXES Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard. Fixed an issue where …

IMPROVEMENTS

  • Added Scan Profile Name column to Recent Scans page.
  • Added Website URL as a filter field to Scheduled Scans page.
  • Removed encrypted authentication credentials from API responses.

FIXES

  • Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard.
  • Fixed an issue where pressing the TAB key was not committing the entered email address on email input fields.
  • Fixed an issue where some settings are not saved when you save a cloned Scan Policy for the first time.
  • Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under Scan Permission are not saved while creating new members.
  • Fixed an issue where the modified Scan Profile settings are not saved when another profile is selected from the dropdown.

27 Jan 2021

IMPROVEMENTS Improved an agent auto-update procedure to support updates for minor version changes. All credential information on API responses is encrypted. Prevented agent log file names to be renamed by the browser according to the user’s regional settings. FIXES Fixed an issue where the scan and report policies are not preserved while scheduling group scans. …

IMPROVEMENTS

  • Improved an agent auto-update procedure to support updates for minor version changes.
  • All credential information on API responses is encrypted.
  • Prevented agent log file names to be renamed by the browser according to the user’s regional settings.

FIXES

  • Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
  • Fixed several issues on the sitemap tree and improved the performance.
  • Fixed a hanging scan issue that occurs while the scan state is changing.
  • Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
  • Fixed the incorrect VDB version displayed on the agent.
  • Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
  • Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.

19 Jan 2021

IMPROVEMENTS Added grouping support for agents. Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page. Added websitesgroups/delete/{id} API endpoint. Improved the performance of the technology dashboard. Fixed the absolute start date of scheduled scans as a tooltip to relative dates. FIXES Fixed several scan stuck issues. Fixed an issue where the …

IMPROVEMENTS

  • Added grouping support for agents.
  • Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
  • Added websitesgroups/delete/{id} API endpoint.
  • Improved the performance of the technology dashboard.
  • Fixed the absolute start date of scheduled scans as a tooltip to relative dates.

FIXES

  • Fixed several scan stuck issues.
  • Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
  • Fixed an issue an incorrect email address could be entered as a notification recipient.
  • Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
  • Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.

13 Jan 2021

IMPROVEMENTS Added support for provisioning users without invitation requirement if the user is going to log in using SSO. Added support for setting external email recipients for notifications for all the event types. Added SANS Top 25 Report as export. Updated PCI Compliance Report to match the new style of the reports. Added Scan Profile …

IMPROVEMENTS

  • Added support for provisioning users without invitation requirement if the user is going to log in using SSO.
  • Added support for setting external email recipients for notifications for all the event types.
  • Added SANS Top 25 Report as export.
  • Updated PCI Compliance Report to match the new style of the reports.
  • Added Scan Profile name to Detailed Scan Report and several other compliance reports.

FIXES

  • Fixed an issue where the scan files fail to archive to S3 storage and pile up on the agent machine.
  • Fixed an issue where an Internal Server Error occurs while trying to start or schedule a new scan.

22 Dec 2020

IMPROVEMENTS Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface.  Improved the performance of Technologies pages FIXES Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced Fixed a typo on the Bugzilla integration configuration page Fixed the misleading error messages received when /websitegroups/update API endpoint is …

IMPROVEMENTS

  • Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface. 
  • Improved the performance of Technologies pages

FIXES

  • Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced
  • Fixed a typo on the Bugzilla integration configuration page
  • Fixed the misleading error messages received when /websitegroups/update API endpoint is called with a missing or invalid “Id” values
  • Fixed a UTF8 encoding issue

12 Dec 2020

IMPROVEMENTS Added an option to fail the build for Azure Pipelines Integration Added the Description field for Websites and Website Groups FIXES Fixed an issue where some paused scans stuck and were not be able to resume Fixed an issue where the incremental scan fails for a scan with form authentication configuration Fixed an internal …

IMPROVEMENTS

  • Added an option to fail the build for Azure Pipelines Integration
  • Added the Description field for Websites and Website Groups

FIXES

  • Fixed an issue where some paused scans stuck and were not be able to resume
  • Fixed an issue where the incremental scan fails for a scan with form authentication configuration
  • Fixed an internal agent issue where the agent was not able to start as a service 
  • Removed the redundant Domain field requirement on Proxy settings of a Scan Policy

08 Dec 2020

FIXES Fixed an issue where some Client Certificates might not work properly for authentication  Fixed an issue where scans might get stuck in the Pausing state 

FIXES

  • Fixed an issue where some Client Certificates might not work properly for authentication 
  • Fixed an issue where scans might get stuck in the Pausing state