Invicti Enterprise On-Premises 27 Jun 2024 v24.6.0

New Features

  • Added functionality for scanning gRPC API Web Services → Learn more

New Security Checks

Improvements

  • Added a “Stop The Scan When Build is Aborted” option to the Jenkins integration
  • Added an option to trigger only specified lists of events
  • Added a 100MB limit to the maximum total file size for imported link files
  • Added an option to the GitHub Actions CI/CD integration to fail a build if a vulnerability with a specific severity is found during the scan
  • Added a Y-axis to the Severity Trend graph in the dashboard
  • Updated all the IAST Sensors: .NET Framework and .NET Core 6.2.0, Java 16.0.0, Node.js 2.1.3, PHP 8.0.1
  • Adjusted the behavior of the website matching option in the Discovery Settings to remove 2nd level domain matching in order to improve the relevance of discovery results
  • Added a new option to the Discovery Match Settings (enabled by default) to only show discovery results that have an IP address. This change is intended to prevent the consumption of licenses on targets that cannot be scanned due to the lack of an actual IP address.
  • Updated to the latest Chromium version to improve security and performance → Learn more
  • Updated the summary information of the PCI compliance report
  • Added the OpenShift Docker Agent to the public repository

Fixes

  • Fixed a bug in the user timeout session setting
  • Resolved an issue with the frequency of out-of-date technology email notifications
  • Removed email notifications for out-of-date technologies in failed scans
  • Fixed an issue that was causing scans to be stuck in an async archiving state
  • Fixed a bug in the automatic sign-out functionality when the session timeout period has expired
  • Fixed an issue in the detection of the ‘Improper XML parsing leads to Billion Laughs Attack’ vulnerability
  • Fixed a bug in the Service Now Integration
  • Fixed the issue that was causing activity logs to display incorrect owners of failed scans
  • Fixed an issue with user-agent selection in scan policies that was causing disabled security check vulnerabilities to appear in the dashboards and scan reports
  • Fixed an issue that was causing the agent to not send a heartbeat and become unavailable while archiving and uploading scan results
  • Fixed the issue that was preventing updates made in Azure Boards from reflecting in Invicti Enterprise
  • Fixed vulnerabilities with the Invicti Scan Agent Docker image
  • Fixed the disk space utilization issue that was causing the InvictiCommon folder size to increase significantly during scans
  • Resolved an issue with the Business Logic Recorder
  • Improved the crawling capability to allow for automatic crawling of XHR requests
  • Fixed the missing technology details on the scan summary and scan report pages
  • Fixed an AWS4Signer authentication issue
  • Fixed the screenshot error on Linux Agents
  • Updated the advanced installer files to fix an issue with scanners and verifiers disappearing during the update process
  • Fixed an error that was preventing PDF reports from opening
  • Updated the installation wizard