Invicti Enterprise On-Premises

NEW FEATURES

• Added support for creating Teams and Roles.
• Added SCIM 2.0 API support for improved SSO integration which supports user and group synchronization with popular Identity Providers.
• Added IBM ALM (Jazz Team Server).

IMPROVEMENTS

• Improved access control by introducing new more granular permissions
• Improved role assignment for website groups while inviting new members
• Improved the performance of issues/allissues API endpoint.
• Added alternate email address field (if available) to the account/me API endpoint.
• Added the Account Owner role instead of the Application Administrator role. 
• Added email and SMS filter to the notification.
• Added an option to fail GitLab CI/CD build for only confirmed vulnerabilities.
• Added Organization field to GitHub issue tracking integration.
• Added an option to fail Azure Pipelines build for only confirmed vulnerabilities.
• Prettified the outputs printed by Azure Pipelines, GitLab, and UrbanCode deploy CI/CD integrations.
• Added support for committing changes on the tag editors with the TAB key.
• Updated YouTrack issue tracker integration to use the new API.
• Improved Splunk integration by sending the issue updates without requiring a new scan.
• Improved the performance of the Technology Dashboard.
• Improved the performance of the scans/report endpoint.
• Updated the look and feel of emails sent.
• Added Known Issues information to issues while sending to Kenna.
• Improved the performance of PCI scan reports.
• Added links to CVE IDs on reports.
• Issue notes are added to reports which are exported.
• Added an option to trigger user-defined notifications even for cases in which a user who configured the notification did not launch the scan.
• Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
• Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
• Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
• Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
• Extended the range of digits that can be entered for HOTP and TOTP configuration.
• Improved data validation for email addresses. 
• Added the Web Storage Exclusion to Ignored Parameters in the Scan Policy. 

Deprecated APIs

• The following APIs have been deprecated:

FIXES

• Fixed an unhandled error that occurs while deleting scans.
• Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
• Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
• Fixed the incorrect API documentation of roles/listpermissions endpoint.
• Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
• Fixed missing state field on the member API endpoint.
• Fixed the incorrect email displayed on the audit log when a failed login attempt is logged.
• Fixed a bug where a team with the same name tried to be provisioned when SCIM integration is used with SSO providers.
• Fixed the team member APIs by adding the missing CreatedAt field.
• Fixed an issue where some users with the default View Reports rule cannot see the global dashboard page.
• Fixed a memory leak happens while generating PDF reports.
• Fixed a bug preventing sending PDF and HTML reports via notifications.
• Fixed a NullReferenceException thrown while calling the scans/new API endpoint.
• Fixed an error occurs when a website that has tagged issue is deleted.
• Fixed a page loading issue on the authentication verifier.
• Fixed the clipped user interface elements on the New User Mapping page when the page widths get narrow.
• Fixed an issue where the Exclude Authentication Page checkbox does not get updated.
• Fixed the overlapping logo on reports.
• Fixed an issue where incremental scans started from CI/CD integrations are using the default profile if there are no scans performed to that website previously.
• Fixed the Not Found error displayed while testing notifications for Azure Boards integration.
• Fixed the empty PCI report issue.
• Fixed random HTTP 500 error thrown from scans/report API endpoint.
• Fixed missing agent groups when queried using agentgroups/list API endpoint.
• Fixed an issue where old VDB results are displayed on the known issues tab.
• Fixed a NullReferenceException.
• Fixed connection timeout issues.
• Fixed an issue where an exception was thrown if the agent Helper Service is set to use a different port on Linux machines.
• Fixed an issue where the issues of a custom security check are incorrectly listed under a different vulnerability on reports.
• Fixed a scan stuck issue.
• Fixed scans failing on some systems while scanning TLS 1.3 websites.
• Fixed an issue where incorrect scan profiles and policies were used while performing group scans.
• Fixed an issue where the State field of an issue is converted to a numeric value when the state of a revived issue is set to some other state through API.
• Fixed an issue where an incorrect Affected Version value is reported for an out-of-date vulnerability.
• Fixed an issue where editing a scheduled scan displays incorrect scan policy, report policy, and agent data.
• Fixed an issue where a custom vulnerability profile data of a report policy is not retrieved correctly when called from vulnerability/template API endpoint.
• Fixed the missing LastLoginDate field by adding it back to member API call responses.
• Fixed pipeline script in Jenkins where two installed scripts do not work together.
• Fixed notification grouping for persons that are outside of the organization.
• Fixed integration links under the Continous Integration System in the New Integration page.
• Fixed the Linux Auto Updater Version Checking.
• Fixed SSO login conditions. 
• Fixed a bug that prevents editing report policies.
• Fixed a bug that the SSO email field appears although the Alternate Email is not selected.
• Fixed a bug that prevents some users from tagging issues. 

Update to the new version

If you want to update the latest version of Netsparker Enterprise On-Premises, see Updating Netsparker Enterprise On-Premises.

NEW FEATURES

• Added GitHub Actions CI/CD integration.
• Added Authentication Profiles feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.
• Added UrbanCode Deploy
• Added Azure Pipeline Extensions
• Added the ability to tag issues
• Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.
• Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.
• Added Choose Scan Profile while scheduling from API
• Added support for TLS 1.3 protocol

IMPROVEMENTS

• Removed the scan report selection from notification events that do not produce any reports.
• Added account-based option to display authentication credentials on API responses.
• Improved time zone calculations to handle new time zones.
• Improved configuration validation error messages for Privileged Access Management integrations.
• Added an option to specify a scan profile while scheduling scans through API.
• Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
• Added support for 11 digit phone numbers while inviting a new member.
• Added a field to specify the user’s Single Sign-On email address while creating a new team member using the API.
• Improved configuration options for Jenkins.
• Added the option to fail Jenkins build for only confirmed vulnerabilities
• The login process redirects the Single Sign-On users to their providers
• Added NIST, DISA STIG, and ASVS classifications to Report Policy
• Added support for importing links from multiple RAML files from a ZIP file (include directive support).
• Improved Azure AD Single Sign-On in-app help text.
• Removed the Current Password field for admin users (logged in with Single Sign-On) while editing a member.
• Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.
• Improved role assignment for website groups while inviting new members
• Added IgnoreSslCertificateErrors option to Docker agent.
• Improved GitLab CI/CD script failure conditions.

FIXES

• Adding a title to the API field in the edit team member page
• Fixed an issue that occurs with updating scan profile
• Fixed an issue with Imported Links getting updated to Null while using Update ScanProfiles API
• Fixed the validation problem
• Fixed some bugs for the Sitemap
• Fixed an issue that getting an error which caused by connection problem with authentication verification hub on scheduled scan
• Fixed the problem of not being able to delete the scan with a profile
• Fixed the forgot password issue for Single Sign-On
• Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
• Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
• Fixed an issue where starting a PCI scan via using API could not start the scan.
• Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
• Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
• Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.
• Fixed validation error messages on the Email Settings page.
• Fixed some of the swagger API validation errors reported for the REST API
• Fixed an agent scan stuck issue while archiving
• Fixed a retest problem where some issues could not be retested
• Fixed an agent auto-update issue
• Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail
• Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification
• Fixed a mismatching type issue on /scanprofiles/list API response model
• Fixed an issue where a failed scan sends an excessive amount of email notifications
• Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed
• Fixed agent auto-update issues
• Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail
• Fixed an error that occurs while trying to mark an issue as false positive
• Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles
• Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced
• Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running

NEW FEATURES

• Added Invicti Shark that enables Interactive Application Security Testing (IAST)
• Added the ability to execute Custom Scripts for Security Checks
• Added the ability to edit wordlist entries in the Forced Browsing
• Added the integration with CyberArk Enterprise Password Vault
• Added the Scan Profile column to the Recent Scans window

IMPROVEMENTS

• Improved the visual elements of the dashboard
• Improved the performance of the Technology Dashboard
• Added the ability to create new SSO users via API
• Added the ability to get a team member’s last login timestamp via API
• Added the Website URL filter to the Scheduled Scans page
• Improved the performance of the Sitemap
• Updated the Name Id Policy value for SAML as the email
• Added the ability to delete the Website Groups with ID API Endpoint
• Added the Next Execution Time tooltip to the scheduled scan
• Added the Scan Profile Name information to the Scan Task Groups in the Website Dashboard
• Added the ability to save the Privileged Access Management integrations without testing
• Fixed the scan failed errors
• Added the title fields for Vulnerability List items
• The delete button is disabled for system notifications on the Notifications page
• Added the ability to assign scans to internal agents via scheduling
• Removed all (encrypted and cleartext) authentication credentials on the API responses
• Minor revision changes will also trigger agent auto-updates
• The downloaded agent log file is named agentlogs.zip
• Improved the stabilization of the agent state transitions

FIXES

• Added Script Engine Type to the Authentication Verifier
• Fixed the request agent logs bug
• Fixed handling authentication tokens while executing the form authentication
• Fixed the issue where the wrong vulnerability database version was displayed in the agent info
• Fixed the scan session null error
• Fixed the bug in the scan policy optimizer wizard tree
• Fixed the issue where users cannot create a custom script in a three-legged OAuth2 Authentication
• Notification events require appropriate permission
• Added Scan Profiles, Scans, and Scheduled Scans’ links while deleting the scan policy
• Fixed XSS for Jira and Pivotal Tracker integrations
• Fixed NullReferenceException while exporting scans from Invicti Standard to Invicti Enterprise
• Fixed an issue about a scan that is not matching with the agent which is in the selected agent group
• Fixed the scan policy cloning bug
• Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under the Scan Permission are not saved while creating new members
• Fixed the text problem in the information of the Technologies Dashboard User Interface
• Fixed an issue where users cannot save an empty Excluded URL field
• Fixed an issue where scan policy and report policy drop-down appear blank while editing the scheduled group scan
• Fixed a bug that occurs while deleting the scan profile
• Fixed the form authentication fields encryption
• Fixed the loading problem of default scan profile selection
• Fixed the Pre-Request Script Error on Scheduling Scan
• Fixed Exclude Addressed Issues on the Export Report
• Fixed usage report page style problem

IMPROVEMENTS

• Added the option to provision a new member with SSO in the New Team Member addition screen.
• SSO Email requirement is not necessary for SSO-enabled accounts without enforcement
• Renewed PCI Compliance Report template 
• Added scan profile and scan profile URL to scan report.
• Added the option to add a customized header text on the Account Settings page
• Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all pages.
• Redesigned Scan Time Window
• Improved design of important information, such as email and name, in dialogs
• Updated descriptions on edit and signup web pages
• Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit”
• Redesigned Basic Authentication Form
• Added advanced script feature for the Azure Pipelines integration
• Updated related RegEx to let users using parentheses with the website name and profile name
• Added silent mode installation for Web Application
• Added phone number confirmation countdown timer
• Added the document link for Linux Agent installation on the New Agent page.
• Improved the speed of page loading on the Custom Script screen
• Improved the agent stability to prevent scans from being stuck
• Added the possibility to add non-registered emails in notifications
• Added SANS Top 25 report
• The Target URL will be displayed instead of the website URL in the scan reports

FIXES

• Fixed JSON Serialization problem in the scan profile
• Fixed typos in Invicti Rest API Endpoint explanation
• Fixed the validation message on the password change page
• Fixed the validation message for admin password on the password change page
• Fixed the Bugzilla operating system field’s name 
• Fixed warning message for the Website Groups Update API
• Fixed undeleted scan files (which belong to completed scans) issue
• Disable status error fixed for Linux Agent 
• Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved.
• Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report
• Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.

NEW FEATURES

• Added the Stop the Scan if the Build fails option in GitLab CI/CD
• Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD
• Upgraded the Invicti scanning engine to version 5.9.1.27722.

NEW SECURITY CHECKS

• Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882)
• Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883)

IMPROVEMENTS

• Added the Scan Group selection combo box to Trend Matrix Report
• Added WASC Threat Classification Report
• Added the Export Unconfirmed option in the report generation screen
• Added the info box to Custom Scripts window for the Form Authentication 
• Added URL Rewrite Rules while a file is being imported
• Added Uniqueness Controls on the new integration wizard
• Added validations of new integration wizard
• Added Swagger JSON link API document’s index
• Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled
• Improved the Discovery Page’s performance
• Improved the performance of generating reports that contain a large number of vulnerabilities
• Improved the custom script’s performance 
• Improved the website preview image resolution on the Verify Login & Logout screen
• Refactored the Report Policy Migrator 
• Disabled auto-complete in the login page inputs.
• Changed the data protection policy link 
• Changed the issue email template’s website URL 
• Admin users can now set the maximum number of websites a member can add
• Excluded usage tracker list can now be added from the new scan page

FIXES

• Fixed a bug when scheduled scan with an imported file is edited by a different user
• Fixed a bug in the Custom Cookie process
• Fixed imported file bug on scan profile saving
• Added minimum agent selection control for Agent Group
• Fixed Agents Scanning tooltip 
• Fixed the auto-scaling problem that occurred while using Cloud Provider in Invicti Enterprise On-Premises
• Fixed the First Seen Date parameter in the Kenna integration
• Fixed Burp XML file import problem. Users can import Burp XML file
• Fixed report validation export problem. Users will not get an empty file
• Fixed the error related to exporting for customers who have many websites.
• The websites belonging to the filtered website group have been provided to be exported.
• Users can now add a new URL Rewrite Rule without losing the existing ones

IMPROVEMENTS

• Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier
• Improved the Minimum Security Level area on the Reporting page
• HIPAA will be displayed instead of OWASP in the scan summary
• Added scan folder path change option for internal agents

FIXES

• Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored
• Fixed the issue where SAML files failed to download on MAC devices
• Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request
• Fixed the problem that occurred while configuring email notifications
• Fixed the problem that occurred while canceling stalled scans
• Fixed the connection problem that occurred while using a proxy in internal agents
• Fixed the autoscale problem in internal agents

NEW FEATURES

• Added support for alternate email for SSO login
• Added form authentication Hashicorp Vault integration (https://www.invicti.com/support/integrating-invicti-enterprise-hashicorp-vault/)
• Added technologies chart to the global dashboard and website dashboard pages
• Added test credential API endpoint for scan profiles
• Added Form Auth Custom Scripting feature to the New Scan page
• Redesigned the login page 
• Redesigned the SSO help text area in the SSO settings page 
• Added an API endpoint for the Updating Issue States
• Added Travis CI integration 
• Jira integration now supports custom Resolved statuses
• Kenna integration now supports Asset Application Identifier
• Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page (On-Demand Only)
• Upgraded the Invicti scanning engine to version 5.9.027701. 

NEW SECURITY CHECKS

• Added Out-of-date security checks for the Liferay portal
• Added Version Disclosure and Out-of-date security checks for Jolokia
• Added Nested XSS security checks
• Added an ASP.NET Razor SSTI security check
• Added a Java Pebble SSTI security check
• Added a Thymeleaf SSTI security check
• Added Version Disclosure and Out-of-date security checks for Grafana

IMPROVEMENTS

• Added an Issue Update API swagger model improvement
• Docker installation link has been added to the Configure New Agent page (On-Demand Only)
• New password criterion of a minimum of 15 characters has been imposed on admin and top-level users.
• Improvements have been made to the Form Authentication Test Script screen

FIXES

• Fixed the problem of a slowVulnerable Websites per Period report on the Reporting
• Fixed the file uploading problem on Imported Links
• Fixed the Knowledge Base Report’s exporting problem
• Fixed the Yukon time zone problem.
• Fixed the Imported Links problem.
• Fixed the problem where the wrong time zone was displaying in Report Templates
• Moved the Scan Profile Test Credentials API post method fields to the body element
• Fixed a db file error in the Report Policy Editor
• Fixed the issue where report policy user changes were not applied when reset.
• Fixed the Vulnerability Detail page responsiveness problem
• Fixed the Sitemap treeview responsiveness problem
• Fixed the highlighted code focus problem
• Added help text to the HashiCorp vault integration page
• Fixed the bug that occurred when another team member updated the shared profile
• Fixed a bug that occured when non-admin users updated profiles
• The Report policy Editor CVSS scores fields now accept empty values
• Fixed a server error that occured while saving a cloned Scan Policy
• Fixed the problem that occurred when reconfirming the Verify Login and Logout settings

NEW FEATURES

• Added IdP initiated SAML
• Upgraded the Invicti scanning engine to version 5.8.2.27669
• Added Pivotal Tracker integration
• Added support for SAML Assertion Encryption while configuring SSO

NEW SECURITY CHECKS

• Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
• Added out of date checks for Apache Traffic Server
• Added version disclosure for Undertow Server
• Added out of date checks for Undertow Server
• Added version disclosure for Jenkins
• Added out of date checks for Jenkins
• Added signature detection for Kestrel
• Added detection for Tableau Server
• Added detection for Bomgar Remote Support Software
• Added version disclosure for Apache Traffic Server

IMPROVEMENTS

• A new Reset Agent Token button has been added to the Configure New Agent window
• The Status field has been removed from the “api/1.0/discovery/ignorebyfilter” endpoint
• Special characters (()[]#&%! ” ‘) are now allowed in the Scan Policy name field
• Windows and Linux Agent download buttons have been added to the Configure New Agent window
• A Null check has been added for the ImporterType in the Update Scan Profile endpoint

FIXES

• Fixed the Server Error that occured during the deletion of multiple websites
• Fixed a bug where an optimized Scan Policy did not clone properly

NEW FEATURES

• Added resetting token support for agents

FIXES

• Fixed an issue where Authentication Verification was failing to verify in the Scan Profile

NEW FEATURES

• Added Mattermost integration
• Upgraded the Invicti scanning engine to version 5.8.1.27665
• Added API support for the Discovery service

NEW SECURITY CHECKS

• Added a new vulnerability for Same Site Cookies that are set to None and not marked as secure

IMPROVEMENTS

• Added support for Admin users to log in with Invicti Enterprise credentials when SSO is enforced
• Added extra information about issues to the Jira Integration
• Added control for Target Url field to disable Scan Settings if it’s empty
• Added Timezone information to Scan Time Window section in the New Scan window
• The Invicti API icon has been changed on the Integrations window
• Added Manage Issues (Restricted) to the Permission Matrix
• Added a Website Groups filter to the New Team Member window
• Added a notification for Login Failed situation during scans
• Added a Website Group filter to the Recent Technologies window

FIXES

• Fixed the More information link in the New Website window
• Fixed a bug where email notifications about Technologies were not being sent as expected
• Fixed an issue where date filters were not working as expected
• Fixed a bug in the website authentication process in the GitLab integration
• Fixed an issue where the Internal Agent automatic update process was hanging
• Fixed an issue in scans that are exported from Invicti Standard into Invicti Enterprise
• Fixed an issue where Mark as Read was not working in Application Notifications
• Fixed a bug where Imported Links and files were not returned for ongoing scans on the ‘/scans/list-scheduled’ API endpoint
• Fixed a bug that occurred when adding an internal website in the ‘/websites/new’ API endpoint
• Fixed an issue where Excluded Path was not saved in the Scan Profile save action
• Fixed an issue where Preferred Agent was not saved in the Scan Profile save action
• Fixed an issue where issue counts were duplicated in the Annual issue chart

NEW FEATURES

• Added support for U2F (Universal 2nd Factor Authentication)
• Added support for disabling API Access for a Team Member
• Added issue synchronization support for Azure DevOps
• Added a new Form Validation Errors node to the Knowledge Base panel, and to scan reports
• Added CVSS 3.1 support, to help with vulnerability scores
• Added a new Query Parameters checkbox to the Parameter-Based Navigation section of the Crawling tab in the Scan Policy Editor
• Added support for sending scan reports as email attachments on scan completed notification
• Upgraded the Invicti scanning engine to version 5.7.2.27798

IMPROVEMENTS

• Improved Integration categories and New Integration pages to provide a better user experience
• Added support for Windows Authentication (Integrated Security) for database connections (On-Premises only)
• Updated the Terms of Service page
• Added Technical Contact information to the ‘websites/list’ API endpoint
• Added start-end date filters to the ‘/scans/listbystate’ and ‘/auditlogs/export’ API endpoints
• Added an ‘excludeAddressedIssues’ filter to the ‘/scans/report/’ API endpoint
• Added a Failure Reason option to the Reason filter for failed scans
• Added additional help text to the Issues’ Detail window for groupable issues
• Added support for Admin users to manage their Team Member’s Report Policies
• Added Profile ID information to the response of the ‘/scans/detail’ API endpoint

NEW SECURITY CHECKS

• Added a Login Page Identifier security check
• Added a Content Delivery Networks (CDN) security check
• Added a Reverse Proxies security check

BUG FIXES

• Fixed a bug where issue counts were not returned for ongoing scans on the ‘/scans/detail’ API endpoint
• Fixed an issue where validation errors were shown for custom cookies
• Fixed an issue where Technologies were not reported if a scan was completed in a short time
• Fixed a browser compatibility issue that occurred while testing OAuth2 credentials
• Fixed a bug where the Scan Time Window settings were not applied in Scheduled Incremental scans
• Fixed an issue where pre-request scripts were not being sent to the scanner as expected
• Fixed an issue where preferred Agent Group was not populated in the New Scan window
• Fixed a bug where JavaScript settings were not set as expected for optimized Scan Policies

NEW FEATURES

• Added a new Sitemap section to scan reports which shows crawled URLs and identified issues
• Added a new in-app notification section called What’s New which informs for important announcements
• Added out of the box issue tracking integration for Freshservice, YouTrack, and Splunk
• Added facility to send New Scan notifications using the Microsoft Teams integration
• Added Pre-Request Script feature which helps to configure HMAC Authentication on New Scan page (On-Premises only)
• Added new API endpoints for managing technologies
• Upgraded the Invicti scanning engine to version 5.6.3.27318

IMPROVEMENTS

• Redesigned Scan Summary section on Scan Report page
• Improved scan queue scheduling process which prevents multiple scans with same settings to be queued
• Improved Out-of-Date technologies email template for mobile clients
• Improved rendering for large fields on the scan report template
• Improved help text for Enable/Disable Agent actions on Manage Agents page
• Security Check Groups are now arranged into sub-groups in the New Scan Policy
• Set current user as the default technical contact on New Website page

NEW SECURITY CHECKS

• Added version disclosure and out-of-date checks for Telerik Web UI
• Added detection and out-of-date checks for Java and GlassFish

BUG FIXES

• Fixed a bug where filtering is not working as expected on the Report Policies page
• Fixed an error that was thrown during generating the Mod Security WAF Rules Report
• Fixed an issue where testing basic authentication credentials were not working as expected