Changelogs

Invicti Enterprise On-Premises

RSS Feed

17 Feb 2021

IMPROVEMENTS Added the option to provision a new member with SSO in the New Team Member addition screen. SSO Email requirement is not necessary for SSO-enabled accounts without enforcement Renewed PCI Compliance Report template  Added scan profile and scan profile URL to scan report. Added the option to add a customized header text on the …

IMPROVEMENTS

  • Added the option to provision a new member with SSO in the New Team Member addition screen.
  • SSO Email requirement is not necessary for SSO-enabled accounts without enforcement
  • Renewed PCI Compliance Report template 
  • Added scan profile and scan profile URL to scan report.
  • Added the option to add a customized header text on the Account Settings page
  • Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all pages.
  • Redesigned Scan Time Window
  • Improved design of important information, such as email and name, in dialogs
  • Updated descriptions on edit and signup web pages
  • Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit”
  • Redesigned Basic Authentication Form
  • Added advanced script feature for the Azure Pipelines integration
  • Updated related RegEx to let users using parentheses with the website name and profile name
  • Added silent mode installation for Web Application
  • Added phone number confirmation countdown timer
  • Added the document link for Linux Agent installation on the New Agent page.
  • Improved the speed of page loading on the Custom Script screen
  • Improved the agent stability to prevent scans from being stuck
  • Added the possibility to add non-registered emails in notifications
  • Added SANS Top 25 report
  • The Target URL will be displayed instead of the website URL in the scan reports

FIXES

  • Fixed JSON Serialization problem in the scan profile
  • Fixed typos in Invicti Rest API Endpoint explanation
  • Fixed the validation message on the password change page
  • Fixed the validation message for admin password on the password change page
  • Fixed the Bugzilla operating system field’s name 
  • Fixed warning message for the Website Groups Update API
  • Fixed undeleted scan files (which belong to completed scans) issue
  • Disable status error fixed for Linux Agent 
  • Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved.
  • Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report
  • Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.

 

06 Jan 2021

NEW FEATURES Added the Stop the Scan if the Build fails option in GitLab CI/CD Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD Upgraded the Invicti scanning engine to version 5.9.1.27722. NEW SECURITY CHECKS Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882) Added Oracle WebLogic …

NEW FEATURES

  • Added the Stop the Scan if the Build fails option in GitLab CI/CD
  • Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD
  • Upgraded the Invicti scanning engine to version 5.9.1.27722.

NEW SECURITY CHECKS

  • Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882)
  • Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883)

IMPROVEMENTS

  • Added the Scan Group selection combo box to Trend Matrix Report
  • Added WASC Threat Classification Report
  • Added the Export Unconfirmed option in the report generation screen
  • Added the info box to Custom Scripts window for the Form Authentication 
  • Added URL Rewrite Rules while a file is being imported
  • Added Uniqueness Controls on the new integration wizard
  • Added validations of new integration wizard
  • Added Swagger JSON link API document’s index
  • Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled
  • Improved the Discovery Page’s performance
  • Improved the performance of generating reports that contain a large number of vulnerabilities
  • Improved the custom script’s performance 
  • Improved the website preview image resolution on the Verify Login & Logout screen
  • Refactored the Report Policy Migrator 
  • Disabled auto-complete in the login page inputs.
  • Changed the data protection policy link 
  • Changed the issue email template’s website URL 
  • Admin users can now set the maximum number of websites a member can add
  • Excluded usage tracker list can now be added from the new scan page

FIXES

  • Fixed a bug when scheduled scan with an imported file is edited by a different user
  • Fixed a bug in the Custom Cookie process
  • Fixed imported file bug on scan profile saving
  • Added minimum agent selection control for Agent Group
  • Fixed Agents Scanning tooltip 
  • Fixed the auto-scaling problem that occurred while using Cloud Provider in Invicti Enterprise On-Premises
  • Fixed the First Seen Date parameter in the Kenna integration
  • Fixed Burp XML file import problem. Users can import Burp XML file
  • Fixed report validation export problem. Users will not get an empty file
  • Fixed the error related to exporting for customers who have many websites.
  • The websites belonging to the filtered website group have been provided to be exported.
  • Users can now add a new URL Rewrite Rule without losing the existing ones

 

28 Oct 2020

IMPROVEMENTS Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier Improved the Minimum Security Level area on the Reporting page HIPAA will be displayed instead of OWASP in the scan summary Added scan folder path change option for internal agents FIXES Fixed the issue where the IP addresses of websites listed on …

IMPROVEMENTS

  • Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier
  • Improved the Minimum Security Level area on the Reporting page
  • HIPAA will be displayed instead of OWASP in the scan summary
  • Added scan folder path change option for internal agents

FIXES

  • Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored
  • Fixed the issue where SAML files failed to download on MAC devices
  • Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request
  • Fixed the problem that occurred while configuring email notifications
  • Fixed the problem that occurred while canceling stalled scans
  • Fixed the connection problem that occurred while using a proxy in internal agents
  • Fixed the autoscale problem in internal agents

02 Oct 2020

NEW FEATURES Added support for alternate email for SSO login Added form authentication Hashicorp Vault integration (https://www.invicti.com/support/integrating-invicti-enterprise-hashicorp-vault/) Added technologies chart to the global dashboard and website dashboard pages Added test credential API endpoint for scan profiles Added Form Auth Custom Scripting feature to the New Scan page Redesigned the login page  Redesigned the SSO help …

NEW FEATURES

  • Added support for alternate email for SSO login
  • Added form authentication Hashicorp Vault integration (https://www.invicti.com/support/integrating-invicti-enterprise-hashicorp-vault/)
  • Added technologies chart to the global dashboard and website dashboard pages
  • Added test credential API endpoint for scan profiles
  • Added Form Auth Custom Scripting feature to the New Scan page
  • Redesigned the login page 
  • Redesigned the SSO help text area in the SSO settings page 
  • Added an API endpoint for the Updating Issue States
  • Added Travis CI integration 
  • Jira integration now supports custom Resolved statuses
  • Kenna integration now supports Asset Application Identifier
  • Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page (On-Demand Only)
  • Upgraded the Invicti scanning engine to version 5.9.027701. 

NEW SECURITY CHECKS

  • Added Out-of-date security checks for the Liferay portal
  • Added Version Disclosure and Out-of-date security checks for Jolokia
  • Added Nested XSS security checks
  • Added an ASP.NET Razor SSTI security check
  • Added a Java Pebble SSTI security check
  • Added a Thymeleaf SSTI security check
  • Added Version Disclosure and Out-of-date security checks for Grafana

IMPROVEMENTS

  • Added an Issue Update API swagger model improvement
  • Docker installation link has been added to the Configure New Agent page (On-Demand Only)
  • New password criterion of a minimum of 15 characters has been imposed on admin and top-level users.
  • Improvements have been made to the Form Authentication Test Script screen

FIXES

  • Fixed the problem of a slowVulnerable Websites per Period report on the Reporting
  • Fixed the file uploading problem on Imported Links
  • Fixed the Knowledge Base Report’s exporting problem
  • Fixed the Yukon time zone problem.
  • Fixed the Imported Links problem.
  • Fixed the problem where the wrong time zone was displaying in Report Templates
  • Moved the Scan Profile Test Credentials API post method fields to the body element
  • Fixed a db file error in the Report Policy Editor
  • Fixed the issue where report policy user changes were not applied when reset.
  • Fixed the Vulnerability Detail page responsiveness problem
  • Fixed the Sitemap treeview responsiveness problem
  • Fixed the highlighted code focus problem
  • Added help text to the HashiCorp vault integration page
  • Fixed the bug that occurred when another team member updated the shared profile
  • Fixed a bug that occured when non-admin users updated profiles
  • The Report policy Editor CVSS scores fields now accept empty values
  • Fixed a server error that occured while saving a cloned Scan Policy
  • Fixed the problem that occurred when reconfirming the Verify Login and Logout settings

12 Aug 2020

NEW FEATURES Added IdP initiated SAML Upgraded the Invicti scanning engine to version 5.8.2.27669 Added Pivotal Tracker integration Added support for SAML Assertion Encryption while configuring SSO NEW SECURITY CHECKS Added an F5 Big IP LFI (CVE-2020-5902) attack pattern Added out of date checks for Apache Traffic Server Added version disclosure for Undertow Server Added …

NEW FEATURES

  • Added IdP initiated SAML
  • Upgraded the Invicti scanning engine to version 5.8.2.27669
  • Added Pivotal Tracker integration
  • Added support for SAML Assertion Encryption while configuring SSO

NEW SECURITY CHECKS

  • Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
  • Added out of date checks for Apache Traffic Server
  • Added version disclosure for Undertow Server
  • Added out of date checks for Undertow Server
  • Added version disclosure for Jenkins
  • Added out of date checks for Jenkins
  • Added signature detection for Kestrel
  • Added detection for Tableau Server
  • Added detection for Bomgar Remote Support Software
  • Added version disclosure for Apache Traffic Server

IMPROVEMENTS

  • A new Reset Agent Token button has been added to the Configure New Agent window
  • The Status field has been removed from the “api/1.0/discovery/ignorebyfilter” endpoint
  • Special characters (()[]#&%! ” ‘) are now allowed in the Scan Policy name field
  • Windows and Linux Agent download buttons have been added to the Configure New Agent window
  • A Null check has been added for the ImporterType in the Update Scan Profile endpoint

FIXES

  • Fixed the Server Error that occured during the deletion of multiple websites
  • Fixed a bug where an optimized Scan Policy did not clone properly

26 Jun 2020

NEW FEATURES Added resetting token support for agents FIXES Fixed an issue where Authentication Verification was failing to verify in the Scan Profile

NEW FEATURES

  • Added resetting token support for agents

FIXES

  • Fixed an issue where Authentication Verification was failing to verify in the Scan Profile

22 Jun 2020

NEW FEATURES Added Mattermost integration Upgraded the Invicti scanning engine to version 5.8.1.27665 Added API support for the Discovery service NEW SECURITY CHECKS Added a new vulnerability for Same Site Cookies that are set to None and not marked as secure IMPROVEMENTS Added support for Admin users to log in with Invicti Enterprise credentials when …

NEW FEATURES

  • Added Mattermost integration
  • Upgraded the Invicti scanning engine to version 5.8.1.27665
  • Added API support for the Discovery service

NEW SECURITY CHECKS

  • Added a new vulnerability for Same Site Cookies that are set to None and not marked as secure

IMPROVEMENTS

  • Added support for Admin users to log in with Invicti Enterprise credentials when SSO is enforced
  • Added extra information about issues to the Jira Integration
  • Added control for Target Url field to disable Scan Settings if it’s empty
  • Added Timezone information to Scan Time Window section in the New Scan window
  • The Invicti API icon has been changed on the Integrations window
  • Added Manage Issues (Restricted) to the Permission Matrix
  • Added a Website Groups filter to the New Team Member window
  • Added a notification for Login Failed situation during scans
  • Added a Website Group filter to the Recent Technologies window

FIXES

  • Fixed the More information link in the New Website window
  • Fixed a bug where email notifications about Technologies were not being sent as expected
  • Fixed an issue where date filters were not working as expected
  • Fixed a bug in the website authentication process in the GitLab integration
  • Fixed an issue where the Internal Agent automatic update process was hanging
  • Fixed an issue in scans that are exported from Invicti Standard into Invicti Enterprise
  • Fixed an issue where Mark as Read was not working in Application Notifications
  • Fixed a bug where Imported Links and files were not returned for ongoing scans on the ‘/scans/list-scheduled’ API endpoint
  • Fixed a bug that occurred when adding an internal website in the ‘/websites/new’ API endpoint
  • Fixed an issue where Excluded Path was not saved in the Scan Profile save action
  • Fixed an issue where Preferred Agent was not saved in the Scan Profile save action
  • Fixed an issue where issue counts were duplicated in the Annual issue chart

28 Apr 2020

NEW FEATURES Added support for U2F (Universal 2nd Factor Authentication) Added support for disabling API Access for a Team Member Added issue synchronization support for Azure DevOps Added a new Form Validation Errors node to the Knowledge Base panel, and to scan reports Added CVSS 3.1 support, to help with vulnerability scores Added a new …

NEW FEATURES

  • Added support for U2F (Universal 2nd Factor Authentication)
  • Added support for disabling API Access for a Team Member
  • Added issue synchronization support for Azure DevOps
  • Added a new Form Validation Errors node to the Knowledge Base panel, and to scan reports
  • Added CVSS 3.1 support, to help with vulnerability scores
  • Added a new Query Parameters checkbox to the Parameter-Based Navigation section of the Crawling tab in the Scan Policy Editor
  • Added support for sending scan reports as email attachments on scan completed notification
  • Upgraded the Invicti scanning engine to version 5.7.2.27798

IMPROVEMENTS

  • Improved Integration categories and New Integration pages to provide a better user experience
  • Added support for Windows Authentication (Integrated Security) for database connections (On-Premises only)
  • Updated the Terms of Service page
  • Added Technical Contact information to the ‘websites/list’ API endpoint
  • Added start-end date filters to the ‘/scans/listbystate’ and ‘/auditlogs/export’ API endpoints
  • Added an ‘excludeAddressedIssues’ filter to the ‘/scans/report/’ API endpoint
  • Added a Failure Reason option to the Reason filter for failed scans
  • Added additional help text to the Issues’ Detail window for groupable issues
  • Added support for Admin users to manage their Team Member’s Report Policies
  • Added Profile ID information to the response of the ‘/scans/detail’ API endpoint

NEW SECURITY CHECKS

  • Added a Login Page Identifier security check
  • Added a Content Delivery Networks (CDN) security check
  • Added a Reverse Proxies security check

BUG FIXES

  • Fixed a bug where issue counts were not returned for ongoing scans on the ‘/scans/detail’ API endpoint
  • Fixed an issue where validation errors were shown for custom cookies
  • Fixed an issue where Technologies were not reported if a scan was completed in a short time
  • Fixed a browser compatibility issue that occurred while testing OAuth2 credentials
  • Fixed a bug where the Scan Time Window settings were not applied in Scheduled Incremental scans
  • Fixed an issue where pre-request scripts were not being sent to the scanner as expected
  • Fixed an issue where preferred Agent Group was not populated in the New Scan window
  • Fixed a bug where JavaScript settings were not set as expected for optimized Scan Policies

25 Feb 2020

NEW FEATURES Added a new Sitemap section to scan reports which shows crawled URLs and identified issues Added a new in-app notification section called What’s New which informs for important announcements Added out of the box issue tracking integration for Freshservice, YouTrack, and Splunk Added facility to send New Scan notifications using the Microsoft Teams …

NEW FEATURES

  • Added a new Sitemap section to scan reports which shows crawled URLs and identified issues
  • Added a new in-app notification section called What’s New which informs for important announcements
  • Added out of the box issue tracking integration for Freshservice, YouTrack, and Splunk
  • Added facility to send New Scan notifications using the Microsoft Teams integration
  • Added Pre-Request Script feature which helps to configure HMAC Authentication on New Scan page (On-Premises only)
  • Added new API endpoints for managing technologies
  • Upgraded the Invicti scanning engine to version 5.6.3.27318

IMPROVEMENTS

  • Redesigned Scan Summary section on Scan Report page
  • Improved scan queue scheduling process which prevents multiple scans with same settings to be queued
  • Improved Out-of-Date technologies email template for mobile clients
  • Improved rendering for large fields on the scan report template
  • Improved help text for Enable/Disable Agent actions on Manage Agents page
  • Security Check Groups are now arranged into sub-groups in the New Scan Policy
  • Set current user as the default technical contact on New Website page

NEW SECURITY CHECKS

  • Added version disclosure and out-of-date checks for Telerik Web UI
  • Added detection and out-of-date checks for Java and GlassFish

BUG FIXES

  • Fixed a bug where filtering is not working as expected on the Report Policies page
  • Fixed an error that was thrown during generating the Mod Security WAF Rules Report
  • Fixed an issue where testing basic authentication credentials were not working as expected

17 Jan 2020

NEW FEATURES Added out of the box issue tracking integration for Kenna Added OTP support to the Form Authentication tab in the New Scan window Added filtering support to the New Notification window, which means you can filter the issues that will be sent for a Scan Completed event Upgraded the Invicti scanning engine to version …

NEW FEATURES

  • Added out of the box issue tracking integration for Kenna
  • Added OTP support to the Form Authentication tab in the New Scan window
  • Added filtering support to the New Notification window, which means you can filter the issues that will be sent for a Scan Completed event
  • Upgraded the Invicti scanning engine to version 5.5.4.26863

IMPROVEMENTS

  • Added a new setting, Max Uploaded File Size, to the General Settings window (On-Premises only)
  • Improved the UI design of the Scan Summary section on the Report window
  • A Time Zone option has been added to the Scan Time Window tab
  • Improved the Azure DevOps integration to support email addresses for the Assigned To setting
  • Improved the Scan Completed event template’s SMS notification text
  • Added an About page to display VDB and app versions, available by clicking your name (On-Premises only)
  • Added the ability to filter using Website Group names for various API endpoints
  • A detailed error message is now displayed if an imported file is invalid
  • Improved GitHub integration to support the GitHub Enterprise edition

BUG FIXES

  • Fixed an issue where Imported Links were not being saved when the Target URL was empty
  • Fixed an issue where all proofs were not displayed for Stored Cross-Site Scripting vulnerabilities
  • Fixed a bug where the ‘Do not stop scan when maximum logout is exceeded’ setting was not working as expected

02 Dec 2019

NEW FEATURES Introduced Technologies feature which finds and lists the technologies used in web applications and reports on problems Added out of the box issue tracking integration for PagerDuty, Clubhouse, Trello, Asana, Webhook, Microsoft Teams, and CircleCI Added new API endpoints for managing Team Members and listing Activity Logs Added a new Scan Profiles page …

NEW FEATURES

  • Introduced Technologies feature which finds and lists the technologies used in web applications and reports on problems
  • Added out of the box issue tracking integration for PagerDuty, Clubhouse, Trello, Asana, Webhook, Microsoft Teams, and CircleCI
  • Added new API endpoints for managing Team Members and listing Activity Logs
  • Added a new Scan Profiles page in the Scans menu
  • Added a new Comments box to the New Scan window, accessible while launching scans
  • Added facility to send New Scan notifications using the Slack integration
  • Upgraded the Invicti scanning engine to version 5.5.1.26518

NEW SECURITY CHECKS

  • Added a new Security Check – HTTP Parameter Pollution (HPP)
  • Added a new Security Check – BREACH Attack Detection
  • Added Out-of-Date checks for Ext JS
  • Added Oracle Cloud and Packet Cloud SSRF attack patterns
  • Added a Web Cache Deception engine to the list of Security Checks
  • Added a new XXE pattern for detecting the Axway SecureTransport 5.x XXE vulnerability
  • Added new attack patterns for DOM based XSS
  • Added new attack patterns for Remote Code Execution in Ruby
  • Added new attack patterns for Out-of-Band Remote Code Execution in Ruby
  • Added new attack patterns for Remote Code Execution in Python
  • Added new attack patterns for an Open Redirect security check
  • Added an email validation bypass payload for XSS
  • Added a header injection XSS pattern
  • Added a security check to determine whether an HTTP website has been implemented with SSL/TLS
  • Added a security check for File Content Disclosure in Ruby on Rails by exploiting an Accept header
  • Added mutation XSS patterns
  • Fixed the SSRF confirmation problem
  • Added Apple’s App-Site Association file detection
  • Added exploitation support for File Content Disclosure in Ruby On Rails, CVE-2019-5418
  • Added new LFI attack patterns for the access.log file
  • Added support for exploiting JSONP endpoints with the format parameter in Ruby On Rails
  • Added support for detecting Python Remote Code Execution
  • Added RFC compatible SSRF IPv6 patterns
  • Improved the Apache Struts (CVE-2013-2251) attack pattern
  • Added PHP Injection Fixed One Time Referrer attack
  • Updated the attack value of the PHP Injection Fixed One Time Attack pattern to use short notation instead of the print function
  • Improved the Regex pattern of the WebLogic Version Disclosure pattern
  • Added a PoC pattern for Apache Struts (CVE-2013-2251)
  • Added Out-of-Date checks for the Slick JavaScript library
  • Added Out-of-Date checks for the ScrollReveal JavaScript library
  • Added Out-of-Date checks for the MathJax JavaScript library
  • Added Out-of-Date checks for the Rickshaw JavaScript library
  • Added Out-of-Date checks for the Highcharts JavaScript library
  • Added Out-of-Date checks for the Snap.svg JavaScript library
  • Added Out-of-Date checks for the Flickity JavaScript library
  • Added Out-of-Date checks for the D3.js JavaScript library
  • Added Out-of-Date checks for the Google Charts JavaScript library
  • Added Out-of-Date checks for the Hiawatha and Cherokee server
  • Added Out-of-Date checks for the Oracle WebLogic server
  • Added Out-of-Date check for IIS
  • Added Version Disclosure detection for the Hiawatha Server
  • Added Version Disclosure detection for the Cherokee Server
  • Added Source Code Disclosure checks for Java Servlets
  • Added Source Code Disclosure checks for Java Server Pages
  • Added New Source Code Disclosure patterns for Java
  • Added detection for .htaccess file Identified
  • Added detection for Opensearch.xml files
  • Added detection for SQLite error messages
  • Added detection for security.txt files
  • Added detection for swagger.json files
  • Added detection for Open Search files

IMPROVEMENTS

  • Added the ability to create custom fields for ServiceNow integration
  • Added auto-detection of the Time zone during the sign up process
  • Improved Jira integration to support raw values for complex custom field types
  • Added a new format option to the Date and Time Format dropdown in the Change Account Settings window
  • Improved the text in Email Notifications
  • Improved the Category field’s option names in the New ServiceNow Integration window
  • Improved the Issue template for Azure DevOps integrations
  • Added capability to add User Mapping for hosted Jira systems
  • Added more details to the CSV report which can be generated from the Activity Logs window
  • Added ongoing scan information for the target agent in the Manage Agents window
  • Added the capability to disable the Maximum Scan Duration field in the New Scan window (On-Premises only)

BUG FIXES

  • Fixed an inaccurate warning message that was displayed when canceling a scan
  • Fixed an issue where the Technical Contact was not set as expected in the Edit Website window
  • Fixed an issue where a website could not be added if the target URL contained a hyphen character
  • Fixed an issue where the configured Scan Profile was not used in Azure DevOps integrations
  • Fixed various browser compatibility issues with Safari
  • Fixed a bug where validation was not working as expected for the Hawk settings in the Scan Policy window

13 Sep 2019

NEW FEATURES Added support for using internal agents along with AWS cloud integration (On-Premises only) Added out of the box Issue tracking integration for Redmine, Bugzilla and Kafka Added support for bulk operations on the Recent Scans page. It’s now easier to cancel, pause, or delete multiple scans at the same time. Added new API …

NEW FEATURES

  • Added support for using internal agents along with AWS cloud integration (On-Premises only)
  • Added out of the box Issue tracking integration for Redmine, Bugzilla and Kafka
  • Added support for bulk operations on the Recent Scans page. It’s now easier to cancel, pause, or delete multiple scans at the same time.
  • Added new API endpoints for managing agents
  • Added an option to change the Technical Contact for each website in a group in the Edit Website Group page
  • Added support for exporting data on Activity Logs and Manage Team pages
  • Added the ability to convert a completed scan into a Scheduled Scan
  • Upgraded the Invicti scanning engine to v5.3-hf7(5.3.0.24998)

NEW SECURITY CHECKS

  • Added a new security engine named Malware Analyzer which detects any web malware injected into websites (Scanner Agent’s operation system should be Windows Server 2016 or above)

IMPROVEMENTS

  • Improved support for scenarios where OAuth2 is used in conjunction with Basic Authentication
  • Improved the status text displayed for delayed scans
  • Set the account owner’s Data and Time Format as the default for new team members
  • Added Scan Owner information to various scan reports and API endpoints
  • Improved the response message for the /scans/delete API endpoint
  • Added all issue content to the /issues/allissues API endpoint
  • Added a Mark all as Read option for notifications that are shown inside the application on the Application Notifications page
  • Added Technical Contact information to files exported from the Websites page
  • Added Vulnerability Severity Level for the selected issue in the Technical Report
  • Upgraded Bootstrap, jQuery and Knockout.js dependencies to the latest versions
  • Added Create Invitation (team member invitations) into the Activity Log
  • Improved the API docs by adding sample values for request and response messages
  • Added support for filtering by Target URL to the /scans/listbywebsite API endpoint
  • Added a Clone option to the Scheduled Scans page

BUG FIXES

  • Fixed a bug where agents were sometimes hanging after failed API requests
  • Fixed an issue where the Technical Contact was not displayed for non-Admin users on the New Website page
  • Fixed an issue where an incorrect error message was shown during the configuration of a Scheduled Scan
  • Fixed a problem on the JIRA webhook where the JSON could not be serialized as expected
  • Fixed an issue where a Scan Policy could not be used on a scanner agent if it had a long name
  • Fixed a bug where the Authentication Verifier was sometimes hanging if an internal exception was thrown (On-Premises only)
  • Fixed the default value for the Agent Data Path setting (On-Premises only)
  • Fixed a bug where two-way Jira integration was not working as expected in retest scenarios
  • Fixed an issue where a cancelled PCI scan could not be deleted
  • Fixed an issue where a web application could not connect to a newly-created SQL Server database immediately (On-Premises only)
  • Fixed a bug where scans launched via JIRA integration were sometimes not starting with the configured Scan Policy
  • Fixed an issue where the temporary Scan Policy file was not deleted on scan completion on the scanner Agent

Known Issues

  • Automatic updates may fail for the On-Premises scanner Agents with an error message in the Agent’s log: ‘Agent couldn’t find AgentAutoUpdater.exe’. To resolve this issue, first upgrade Invicti Enterprise Web Application and copy the ‘[Web App Installation Folder]App_DataAgentsAgentAutoUpdater.exe’ file to the folder where the target Agent is installed. If you need further help, please contact support@invicti.com.