Invicti Enterprise On-Premises 19 Aug 2021 v2.1

NEW FEATURES

  • Added support for creating Teams and Roles.
  • Added SCIM 2.0 API support for improved SSO integration which supports user and group synchronization with popular Identity Providers.
  • Added IBM ALM (Jazz Team Server).

IMPROVEMENTS

  • Improved access control by introducing new more granular permissions
  • Improved role assignment for website groups while inviting new members
  • Improved the performance of issues/allissues API endpoint.
  • Added alternate email address field (if available) to the account/me API endpoint.
  • Added the Account Owner role instead of the Application Administrator role.
  • Added email and SMS filter to the notification.
  • Added an option to fail GitLab CI/CD build for only confirmed vulnerabilities.
  • Added Organization field to GitHub issue tracking integration.
  • Added an option to fail Azure Pipelines build for only confirmed vulnerabilities.
  • Prettified the outputs printed by Azure Pipelines, GitLab, and UrbanCode deploy CI/CD integrations.
  • Added support for committing changes on the tag editors with the TAB key.
  • Updated YouTrack issue tracker integration to use the new API.
  • Improved Splunk integration by sending the issue updates without requiring a new scan.
  • Improved the performance of the Technology Dashboard.
  • Improved the performance of the scans/report endpoint.
  • Updated the look and feel of emails sent.
  • Added Known Issues information to issues while sending to Kenna.
  • Improved the performance of PCI scan reports.
  • Added links to CVE IDs on reports.
  • Issue notes are added to reports which are exported.
  • Added an option to trigger user-defined notifications even for cases in which a user who configured the notification did not launch the scan.
  • Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
  • Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
  • Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
  • Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
  • Extended the range of digits that can be entered for HOTP and TOTP configuration.
  • Improved data validation for email addresses.
  • Added the Web Storage Exclusion to Ignored Parameters in the Scan Policy.

Deprecated APIs

  • The following APIs have been deprecated:
Deprecated APIs What to use instead
/api/1.0/teammembers/new Renamed to /api/1.0/members/newinvitation
/api/1.0/teammembers/list Renamed to /api/1.0/members/listThe request model has not changed, but the UserListApiResult response model has been replaced with MemberApiModelListApiResult.
/api/1.0/teammembers/get Renamed to /api/1.0/members/getThe request model has not changed but UserApiModel response model has been replaced with MemberApiModel
/api/1.0/teammembers/getbyemail Renamed to /api/1.0/members/getbyemailThe request model has not changed but UserApiModel response model has been replaced with MemberApiModel
/api/1.0/teammembers/update Renamed to /api/1.0/members/updateThe request model has changed slightly; the response model is different.
/api/1.0/teammembers/delete Renamed to /api/1.0/members/delete Only the endpoint is changed; request and response are the same.
/api/1.0/teammembers/gettimezones Renamed to /api/1.0/members/gettimezones Only the endpoint is changed; request and response are the same
/api/1.0/teammembers/getapitoken Renamed to /api/1.0/members/getapitoken Only the endpoint is changed; request and response are the same

FIXES

  • Fixed an unhandled error that occurs while deleting scans.
  • Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
  • Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
  • Fixed the incorrect API documentation of roles/listpermissions endpoint.
  • Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
  • Fixed missing state field on the member API endpoint.
  • Fixed the incorrect email displayed on the audit log when a failed login attempt is logged.
  • Fixed a bug where a team with the same name tried to be provisioned when SCIM integration is used with SSO providers.
  • Fixed the team member APIs by adding the missing CreatedAt field.
  • Fixed an issue where some users with the default View Reports rule cannot see the global dashboard page.
  • Fixed a memory leak happens while generating PDF reports.
  • Fixed a bug preventing sending PDF and HTML reports via notifications.
  • Fixed a NullReferenceException thrown while calling the scans/new API endpoint.
  • Fixed an error occurs when a website that has tagged issue is deleted.
  • Fixed a page loading issue on the authentication verifier.
  • Fixed the clipped user interface elements on the New User Mapping page when the page widths get narrow.
  • Fixed an issue where the Exclude Authentication Page checkbox does not get updated.
  • Fixed the overlapping logo on reports.
  • Fixed an issue where incremental scans started from CI/CD integrations are using the default profile if there are no scans performed to that website previously.
  • Fixed the Not Found error displayed while testing notifications for Azure Boards integration.
  • Fixed the empty PCI report issue.
  • Fixed random HTTP 500 error thrown from scans/report API endpoint.
  • Fixed missing agent groups when queried using agentgroups/list API endpoint.
  • Fixed an issue where old VDB results are displayed on the known issues tab.
  • Fixed a NullReferenceException.
  • Fixed connection timeout issues.
  • Fixed an issue where an exception was thrown if the agent Helper Service is set to use a different port on Linux machines.
  • Fixed an issue where the issues of a custom security check are incorrectly listed under a different vulnerability on reports.
  • Fixed a scan stuck issue.
  • Fixed scans failing on some systems while scanning TLS 1.3 websites.
  • Fixed an issue where incorrect scan profiles and policies were used while performing group scans.
  • Fixed an issue where the State field of an issue is converted to a numeric value when the state of a revived issue is set to some other state through API.
  • Fixed an issue where an incorrect Affected Version value is reported for an out-of-date vulnerability.
  • Fixed an issue where editing a scheduled scan displays incorrect scan policy, report policy, and agent data.
  • Fixed an issue where a custom vulnerability profile data of a report policy is not retrieved correctly when called from vulnerability/template API endpoint.
  • Fixed the missing LastLoginDate field by adding it back to member API call responses.
  • Fixed pipeline script in Jenkins where two installed scripts do not work together.
  • Fixed notification grouping for persons that are outside of the organization.
  • Fixed integration links under the Continous Integration System in the New Integration page.
  • Fixed the Linux Auto Updater Version Checking.
  • Fixed SSO login conditions.
  • Fixed a bug that prevents editing report policies.
  • Fixed a bug that the SSO email field appears although the Alternate Email is not selected.
  • Fixed a bug that prevents some users from tagging issues.

Update to the new version

If you want to update the latest version of Netsparker Enterprise On-Premises, see Updating Netsparker Enterprise On-Premises.