Invicti Enterprise On-Demand 08 Apr 2025 v25.4.0

This update includes changes to the internal agents. The internal scan agent’s current version is 25.4.0. The internal authentication verifier agent’s current version is 25.4.0.

New feature

• Added an option to prevent reopening Issue Tracker issues when a vulnerability is marked as False Positive and later revived (Read more).

Improvements

• Requests with empty or default values are not sent to DeepInfo
• Introduced a new setting under the Account General settings, within the Data Privacy and Security section, to modify the X-AMZ-Expires parameter while downloading the scan data
• Enhanced the “Configure New Agent” page to include additional details for auth verifier agents (Read more)
• Updated remediation details for outdated AngularJS versions
• [BREAKING CHANGE]: Updated the Docker agent’s compression method and file extension; ensure any automation or scripts referencing the old format are updated accordingly.

Resolved issues

• Fixed an issue where the Issue note field could not be updated
• Fixed inefficient algorithmic complexity in DotNet IAST Sensor
• Resolved the issue where an invalid character response occurred when attempting to add a user
• Resolved the “Invalid Target URI” error that occurred when editing the Target URI to end with multiple slashes (///) on the new scan page
• Resolved the issue where the scan profile was not updating with the support account
• Fixed restrictions for JIRA integration
• Fixed an issue where pressing “Enter” instead of clicking the “Check” button during password verification triggered a full scan instead of the intended login verification
• Updated Chromium and Node.js versions, resolving Chromium-related issues, including the unexpected increase in Chromium count.
• Exclude URL rules now function correctly even when the excluded URL is the target
• Fixed an issue with retrieving OAuth2 token data from JSON responses