v2.1 - 19 Aug 2021
NEW FEATURES
- Added support for creating Teams and Roles.
- Added SCIM 2.0 API support for improved SSO integration which supports user and group synchronization with popular Identity Providers.
- Added IBM ALM (Jazz Team Server).
IMPROVEMENTS
- Improved access control by introducing new more granular permissions
- Improved role assignment for website groups while inviting new members
- Improved the performance of issues/allissues API endpoint.
- Added alternate email address field (if available) to the account/me API endpoint.
- Added the Account Owner role instead of the Application Administrator role.
- Added email and SMS filter to the notification.
- Added an option to fail GitLab CI/CD build for only confirmed vulnerabilities.
- Added Organization field to GitHub issue tracking integration.
- Added an option to fail Azure Pipelines build for only confirmed vulnerabilities.
- Prettified the outputs printed by Azure Pipelines, GitLab, and UrbanCode deploy CI/CD integrations.
- Added support for committing changes on the tag editors with the TAB key.
- Updated YouTrack issue tracker integration to use the new API.
- Improved Splunk integration by sending the issue updates without requiring a new scan.
- Improved the performance of the Technology Dashboard.
- Improved the performance of the scans/report endpoint.
- Updated the look and feel of emails sent.
- Added Known Issues information to issues while sending to Kenna.
- Improved the performance of PCI scan reports.
- Added links to CVE IDs on reports.
- Issue notes are added to reports which are exported.
- Added an option to trigger user-defined notifications even for cases in which a user who configured the notification did not launch the scan.
- Improved the statusCode and errorMessage returned from members/deleteinvitation API endpoint on cases when the invitation is missing.
- Changed roles/update API endpoint response status code from 201 to 200 to better comply with REST best practices.
- Added “Override Version Vulnerability Severities” option to Scan Policy > Attacking settings.
- Improved the error message displayed when a Website Group cannot be deleted due to it being referenced by a notification.
- Extended the range of digits that can be entered for HOTP and TOTP configuration.
- Improved data validation for email addresses.
- Added the Web Storage Exclusion to Ignored Parameters in the Scan Policy.
Deprecated APIs
- The following APIs have been deprecated:
Deprecated APIs | What to use instead |
/api/1.0/teammembers/new | Renamed to /api/1.0/members/newinvitation |
/api/1.0/teammembers/list | Renamed to /api/1.0/members/list
The request model has not changed, but the UserListApiResult response model has been replaced with MemberApiModelListApiResult. |
/api/1.0/teammembers/get | Renamed to /api/1.0/members/get
The request model has not changed but UserApiModel response model has been replaced with MemberApiModel |
/api/1.0/teammembers/getbyemail | Renamed to /api/1.0/members/getbyemail
The request model has not changed but UserApiModel response model has been replaced with MemberApiModel |
/api/1.0/teammembers/update | Renamed to /api/1.0/members/update
The request model has changed slightly; the response model is different. |
/api/1.0/teammembers/delete | Renamed to /api/1.0/members/delete
Only the endpoint is changed; request and response are the same. |
/api/1.0/teammembers/gettimezones | Renamed to /api/1.0/members/gettimezones
Only the endpoint is changed; request and response are the same |
/api/1.0/teammembers/getapitoken | Renamed to /api/1.0/members/getapitoken
Only the endpoint is changed; request and response are the same |
FIXES
- Fixed an unhandled error that occurs while deleting scans.
- Fixed an issue where the check state is reset when the search keyword is modified on the Report Policy Editor security checklist.
- Fixed an issue where multiple Common Weakness Enumeration values were being sent to Kenna Integration.
- Fixed the incorrect API documentation of roles/listpermissions endpoint.
- Fixed an issue where form authentication may fail because of credentials being modified when the scan profile is updated.
- Fixed missing state field on the member API endpoint.
- Fixed the incorrect email displayed on the audit log when a failed login attempt is logged.
- Fixed a bug where a team with the same name tried to be provisioned when SCIM integration is used with SSO providers.
- Fixed the team member APIs by adding the missing CreatedAt field.
- Fixed an issue where some users with the default View Reports rule cannot see the global dashboard page.
- Fixed a memory leak happens while generating PDF reports.
- Fixed a bug preventing sending PDF and HTML reports via notifications.
- Fixed a NullReferenceException thrown while calling the scans/new API endpoint.
- Fixed an error occurs when a website that has tagged issue is deleted.
- Fixed a page loading issue on the authentication verifier.
- Fixed the clipped user interface elements on the New User Mapping page when the page widths get narrow.
- Fixed an issue where the Exclude Authentication Page checkbox does not get updated.
- Fixed the overlapping logo on reports.
- Fixed an issue where incremental scans started from CI/CD integrations are using the default profile if there are no scans performed to that website previously.
- Fixed the Not Found error displayed while testing notifications for Azure Boards integration.
- Fixed the empty PCI report issue.
- Fixed random HTTP 500 error thrown from scans/report API endpoint.
- Fixed missing agent groups when queried using agentgroups/list API endpoint.
- Fixed an issue where old VDB results are displayed on the known issues tab.
- Fixed a NullReferenceException.
- Fixed connection timeout issues.
- Fixed an issue where an exception was thrown if the agent Helper Service is set to use a different port on Linux machines.
- Fixed an issue where the issues of a custom security check are incorrectly listed under a different vulnerability on reports.
- Fixed a scan stuck issue.
- Fixed scans failing on some systems while scanning TLS 1.3 websites.
- Fixed an issue where incorrect scan profiles and policies were used while performing group scans.
- Fixed an issue where the State field of an issue is converted to a numeric value when the state of a revived issue is set to some other state through API.
- Fixed an issue where an incorrect Affected Version value is reported for an out-of-date vulnerability.
- Fixed an issue where editing a scheduled scan displays incorrect scan policy, report policy, and agent data.
- Fixed an issue where a custom vulnerability profile data of a report policy is not retrieved correctly when called from vulnerability/template API endpoint.
- Fixed the missing LastLoginDate field by adding it back to member API call responses.
- Fixed pipeline script in Jenkins where two installed scripts do not work together.
- Fixed notification grouping for persons that are outside of the organization.
- Fixed integration links under the Continous Integration System in the New Integration page.
- Fixed the Linux Auto Updater Version Checking.
- Fixed SSO login conditions.
- Fixed a bug that prevents editing report policies.
- Fixed a bug that the SSO email field appears although the Alternate Email is not selected.
- Fixed a bug that prevents some users from tagging issues.
Update to the new version
If you want to update the latest version of Netsparker Enterprise On-Premises, see Updating Netsparker Enterprise On-Premises.
v2.0.2 - 25 Jun 2021
NEW FEATURES
- Added GitHub Actions CI/CD integration.
- Added Authentication Profiles feature to be able to define shared authentication once and utilize them on many scans without explicitly configuring Form Authentication for websites utilizing the same authentication procedure.
- Added UrbanCode Deploy
- Added Azure Pipeline Extensions
- Added the ability to tag issues
- Added a new Scope option for Scan Groups of Websites while configuring notifications to be able to better scope notifications for web applications/APIs under a website.
- Added State filter to notifications which you can use issue states like Fixed, Revived, New, etc. as filtering options.
- Added Choose Scan Profile while scheduling from API
- Added support for TLS 1.3 protocol
IMPROVEMENTS
- Removed the scan report selection from notification events that do not produce any reports.
- Added account-based option to display authentication credentials on API responses.
- Improved time zone calculations to handle new time zones.
- Improved configuration validation error messages for Privileged Access Management integrations.
- Added an option to specify a scan profile while scheduling scans through API.
- Added support for Form Authentication Custom Scripts for cases when a Privileged Access Management integration is used.
- Added support for 11 digit phone numbers while inviting a new member.
- Added a field to specify the user’s Single Sign-On email address while creating a new team member using the API.
- Improved configuration options for Jenkins.
- Added the option to fail Jenkins build for only confirmed vulnerabilities
- The login process redirects the Single Sign-On users to their providers
- Added NIST, DISA STIG, and ASVS classifications to Report Policy
- Added support for importing links from multiple RAML files from a ZIP file (include directive support).
- Improved Azure AD Single Sign-On in-app help text.
- Removed the Current Password field for admin users (logged in with Single Sign-On) while editing a member.
- Added “Maximum URL Rewrite Signature” Scan Policy Crawling option.
- Improved role assignment for website groups while inviting new members
- Added IgnoreSslCertificateErrors option to Docker agent.
- Improved GitLab CI/CD script failure conditions.
FIXES
- Adding a title to the API field in the edit team member page
- Fixed an issue that occurs with updating scan profile
- Fixed an issue with Imported Links getting updated to Null while using Update ScanProfiles API
- Fixed the validation problem
- Fixed some bugs for the Sitemap
- Fixed an issue that getting an error which caused by connection problem with authentication verification hub on scheduled scan
- Fixed the problem of not being able to delete the scan with a profile
- Fixed the forgot password issue for Single Sign-On
- Fixed an issue where the Launch button does not get enabled on the New Scan page after you enable the IAST scanning and download the sensor files.
- Fixed an issue where a notification that is sent to an external email address was not displayed on the audit logs.
- Fixed an issue where starting a PCI scan via using API could not start the scan.
- Fixed an issue where a new notification created via API does not add the specified integration(s) to the new notification.
- Fixed an issue where a team member was not created in API if the auto-generated password is enabled.
- Fixed an issue where the custom value of FormAuthPageLoadTimeout was being overridden by its default value.
- Fixed validation error messages on the Email Settings page.
- Fixed some of the swagger API validation errors reported for the REST API
- Fixed an agent scan stuck issue while archiving
- Fixed a retest problem where some issues could not be retested
- Fixed an agent auto-update issue
- Fixed an issue with the GitLab integration script where builds were not failing when they were supposed to fail
- Fixed an issue where the “Add Attachment Report” section was missing while adding a new notification
- Fixed a mismatching type issue on /scanprofiles/list API response model
- Fixed an issue where a failed scan sends an excessive amount of email notifications
- Fixed an issue where Exclude Authentication Page configuration resets when another scan is performed
- Fixed agent auto-update issues
- Fixed an unhandled ArgumentNullException which causes some authenticated scans to fail
- Fixed an error that occurs while trying to mark an issue as false positive
- Fixed an internal server error that happens while using the /api/1.0/scanprofiles/update API endpoint for some profiles
- Fixed an issue where a deleted issue tracker integration was still keeping the old issues IDs referenced
- Fixed an issue where the helper NHS service is unexpectedly terminated on environments with multiple agents running
01 Apr 2021
NEW FEATURES
- Added Invicti Shark that enables Interactive Application Security Testing (IAST)
- Added the ability to execute Custom Scripts for Security Checks
- Added the ability to edit wordlist entries in the Forced Browsing
- Added the integration with CyberArk Enterprise Password Vault
- Added the Scan Profile column to the Recent Scans window
IMPROVEMENTS
- Improved the visual elements of the dashboard
- Improved the performance of the Technology Dashboard
- Added the ability to create new SSO users via API
- Added the ability to get a team member’s last login timestamp via API
- Added the Website URL filter to the Scheduled Scans page
- Improved the performance of the Sitemap
- Updated the Name Id Policy value for SAML as the email
- Added the ability to delete the Website Groups with ID API Endpoint
- Added the Next Execution Time tooltip to the scheduled scan
- Added the Scan Profile Name information to the Scan Task Groups in the Website Dashboard
- Added the ability to save the Privileged Access Management integrations without testing
- Fixed the scan failed errors
- Added the title fields for Vulnerability List items
- The delete button is disabled for system notifications on the Notifications page
- Added the ability to assign scans to internal agents via scheduling
- Removed all (encrypted and cleartext) authentication credentials on the API responses
- Minor revision changes will also trigger agent auto-updates
- The downloaded agent log file is named agentlogs.zip
- Improved the stabilization of the agent state transitions
FIXES
- Added Script Engine Type to the Authentication Verifier
- Fixed the request agent logs bug
- Fixed handling authentication tokens while executing the form authentication
- Fixed the issue where the wrong vulnerability database version was displayed in the agent info
- Fixed the scan session null error
- Fixed the bug in the scan policy optimizer wizard tree
- Fixed the issue where users cannot create a custom script in a three-legged OAuth2 Authentication
- Notification events require appropriate permission
- Added Scan Profiles, Scans, and Scheduled Scans’ links while deleting the scan policy
- Fixed XSS for Jira and Pivotal Tracker integrations
- Fixed NullReferenceException while exporting scans from Invicti Standard to Invicti Enterprise
- Fixed an issue about a scan that is not matching with the agent which is in the selected agent group
- Fixed the scan policy cloning bug
- Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under the Scan Permission are not saved while creating new members
- Fixed the text problem in the information of the Technologies Dashboard User Interface
- Fixed an issue where users cannot save an empty Excluded URL field
- Fixed an issue where scan policy and report policy drop-down appear blank while editing the scheduled group scan
- Fixed a bug that occurs while deleting the scan profile
- Fixed the form authentication fields encryption
- Fixed the loading problem of default scan profile selection
- Fixed the Pre-Request Script Error on Scheduling Scan
- Fixed Exclude Addressed Issues on the Export Report
- Fixed usage report page style problem
17 Feb 2021
IMPROVEMENTS
- Added the option to provision a new member with SSO in the New Team Member addition screen.
- SSO Email requirement is not necessary for SSO-enabled accounts without enforcement
- Renewed PCI Compliance Report template
- Added scan profile and scan profile URL to scan report.
- Added the option to add a customized header text on the Account Settings page
- Improved issue severity sorting. Issues will be sorted as Critical, High, Medium, Low, Best Practice, Information Alerts on all pages.
- Redesigned Scan Time Window
- Improved design of important information, such as email and name, in dialogs
- Updated descriptions on edit and signup web pages
- Changed “Enable Limitless Scan” option under the General Settings to “Allow scanning without a duration limit”
- Redesigned Basic Authentication Form
- Added advanced script feature for the Azure Pipelines integration
- Updated related RegEx to let users using parentheses with the website name and profile name
- Added silent mode installation for Web Application
- Added phone number confirmation countdown timer
- Added the document link for Linux Agent installation on the New Agent page.
- Improved the speed of page loading on the Custom Script screen
- Improved the agent stability to prevent scans from being stuck
- Added the possibility to add non-registered emails in notifications
- Added SANS Top 25 report
- The Target URL will be displayed instead of the website URL in the scan reports
FIXES
- Fixed JSON Serialization problem in the scan profile
- Fixed typos in Invicti Rest API Endpoint explanation
- Fixed the validation message on the password change page
- Fixed the validation message for admin password on the password change page
- Fixed the Bugzilla operating system field’s name
- Fixed warning message for the Website Groups Update API
- Fixed undeleted scan files (which belong to completed scans) issue
- Disable status error fixed for Linux Agent
- Resolved Chromium’s auto select certificate problem. So, the problem of not being authenticated with the client certificate was solved.
- Fixed empty exported XML issue in F5 BIG-IP ASM Rules Report
- Fixed an issue where “Password Transmitted over HTTP” issues were reported for HTTPS requests.
06 Jan 2021
NEW FEATURES
- Added the Stop the Scan if the Build fails option in GitLab CI/CD
- Added the Fail the Build if one of the selected scan severity is detected option in GitLab CI/CD
- Upgraded the Invicti scanning engine to version 5.9.1.27722.
NEW SECURITY CHECKS
- Added Oracle WebLogic Server Remote Code Execution (CVE-2020-14882)
- Added Oracle WebLogic Server Authentication Bypass (CVE-2020-14883)
IMPROVEMENTS
- Added the Scan Group selection combo box to Trend Matrix Report
- Added WASC Threat Classification Report
- Added the Export Unconfirmed option in the report generation screen
- Added the info box to Custom Scripts window for the Form Authentication
- Added URL Rewrite Rules while a file is being imported
- Added Uniqueness Controls on the new integration wizard
- Added validations of new integration wizard
- Added Swagger JSON link API document’s index
- Added the Exclude Authentication Pages checkbox when the Form Authentication option is enabled
- Improved the Discovery Page’s performance
- Improved the performance of generating reports that contain a large number of vulnerabilities
- Improved the custom script’s performance
- Improved the website preview image resolution on the Verify Login & Logout screen
- Refactored the Report Policy Migrator
- Disabled auto-complete in the login page inputs.
- Changed the data protection policy link
- Changed the issue email template’s website URL
- Admin users can now set the maximum number of websites a member can add
- Excluded usage tracker list can now be added from the new scan page
FIXES
- Fixed a bug when scheduled scan with an imported file is edited by a different user
- Fixed a bug in the Custom Cookie process
- Fixed imported file bug on scan profile saving
- Added minimum agent selection control for Agent Group
- Fixed Agents Scanning tooltip
- Fixed the auto-scaling problem that occurred while using Cloud Provider in Invicti Enterprise On-Premises
- Fixed the First Seen Date parameter in the Kenna integration
- Fixed Burp XML file import problem. Users can import Burp XML file
- Fixed report validation export problem. Users will not get an empty file
- Fixed the error related to exporting for customers who have many websites.
- The websites belonging to the filtered website group have been provided to be exported.
- Users can now add a new URL Rewrite Rule without losing the existing ones
28 Oct 2020
IMPROVEMENTS
- Added a ‘Generate optimized CSS code path’ feature to the Authentication Verifier
- Improved the Minimum Security Level area on the Reporting page
- HIPAA will be displayed instead of OWASP in the scan summary
- Added scan folder path change option for internal agents
FIXES
- Fixed the issue where the IP addresses of websites listed on the Discovered Website page were ignored
- Fixed the issue where SAML files failed to download on MAC devices
- Fixed the problem that occurred during verification of the form authentication API endpoint where it returned the same result after the first request
- Fixed the problem that occurred while configuring email notifications
- Fixed the problem that occurred while canceling stalled scans
- Fixed the connection problem that occurred while using a proxy in internal agents
- Fixed the autoscale problem in internal agents
02 Oct 2020
NEW FEATURES
- Added support for alternate email for SSO login
- Added form authentication Hashicorp Vault integration (https://www.invicti.com/support/integrating-invicti-enterprise-hashicorp-vault/)
- Added technologies chart to the global dashboard and website dashboard pages
- Added test credential API endpoint for scan profiles
- Added Form Auth Custom Scripting feature to the New Scan page
- Redesigned the login page
- Redesigned the SSO help text area in the SSO settings page
- Added an API endpoint for the Updating Issue States
- Added Travis CI integration
- Jira integration now supports custom Resolved statuses
- Kenna integration now supports Asset Application Identifier
- Agents can now be installed using Linux and a Linux Agent button has been added to the Configure New Agent page (On-Demand Only)
- Upgraded the Invicti scanning engine to version 5.9.027701.
NEW SECURITY CHECKS
- Added Out-of-date security checks for the Liferay portal
- Added Version Disclosure and Out-of-date security checks for Jolokia
- Added Nested XSS security checks
- Added an ASP.NET Razor SSTI security check
- Added a Java Pebble SSTI security check
- Added a Thymeleaf SSTI security check
- Added Version Disclosure and Out-of-date security checks for Grafana
IMPROVEMENTS
- Added an Issue Update API swagger model improvement
- Docker installation link has been added to the Configure New Agent page (On-Demand Only)
- New password criterion of a minimum of 15 characters has been imposed on admin and top-level users.
- Improvements have been made to the Form Authentication Test Script screen
FIXES
- Fixed the problem of a slowVulnerable Websites per Period report on the Reporting
- Fixed the file uploading problem on Imported Links
- Fixed the Knowledge Base Report’s exporting problem
- Fixed the Yukon time zone problem.
- Fixed the Imported Links problem.
- Fixed the problem where the wrong time zone was displaying in Report Templates
- Moved the Scan Profile Test Credentials API post method fields to the body element
- Fixed a db file error in the Report Policy Editor
- Fixed the issue where report policy user changes were not applied when reset.
- Fixed the Vulnerability Detail page responsiveness problem
- Fixed the Sitemap treeview responsiveness problem
- Fixed the highlighted code focus problem
- Added help text to the HashiCorp vault integration page
- Fixed the bug that occurred when another team member updated the shared profile
- Fixed a bug that occured when non-admin users updated profiles
- The Report policy Editor CVSS scores fields now accept empty values
- Fixed a server error that occured while saving a cloned Scan Policy
- Fixed the problem that occurred when reconfirming the Verify Login and Logout settings
12 Aug 2020
NEW FEATURES
- Added IdP initiated SAML
- Upgraded the Invicti scanning engine to version 5.8.2.27669
- Added Pivotal Tracker integration
- Added support for SAML Assertion Encryption while configuring SSO
NEW SECURITY CHECKS
- Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
- Added out of date checks for Apache Traffic Server
- Added version disclosure for Undertow Server
- Added out of date checks for Undertow Server
- Added version disclosure for Jenkins
- Added out of date checks for Jenkins
- Added signature detection for Kestrel
- Added detection for Tableau Server
- Added detection for Bomgar Remote Support Software
- Added version disclosure for Apache Traffic Server
IMPROVEMENTS
- A new Reset Agent Token button has been added to the Configure New Agent window
- The Status field has been removed from the “api/1.0/discovery/ignorebyfilter” endpoint
- Special characters (()[]#&%! ” ‘) are now allowed in the Scan Policy name field
- Windows and Linux Agent download buttons have been added to the Configure New Agent window
- A Null check has been added for the ImporterType in the Update Scan Profile endpoint
FIXES
- Fixed the Server Error that occured during the deletion of multiple websites
- Fixed a bug where an optimized Scan Policy did not clone properly
26 Jun 2020
NEW FEATURES
- Added resetting token support for agents
FIXES
- Fixed an issue where Authentication Verification was failing to verify in the Scan Profile
22 Jun 2020
NEW FEATURES
- Added Mattermost integration
- Upgraded the Invicti scanning engine to version 5.8.1.27665
- Added API support for the Discovery service
NEW SECURITY CHECKS
- Added a new vulnerability for Same Site Cookies that are set to None and not marked as secure
IMPROVEMENTS
- Added support for Admin users to log in with Invicti Enterprise credentials when SSO is enforced
- Added extra information about issues to the Jira Integration
- Added control for Target Url field to disable Scan Settings if it’s empty
- Added Timezone information to Scan Time Window section in the New Scan window
- The Invicti API icon has been changed on the Integrations window
- Added Manage Issues (Restricted) to the Permission Matrix
- Added a Website Groups filter to the New Team Member window
- Added a notification for Login Failed situation during scans
- Added a Website Group filter to the Recent Technologies window
FIXES
- Fixed the More information link in the New Website window
- Fixed a bug where email notifications about Technologies were not being sent as expected
- Fixed an issue where date filters were not working as expected
- Fixed a bug in the website authentication process in the GitLab integration
- Fixed an issue where the Internal Agent automatic update process was hanging
- Fixed an issue in scans that are exported from Invicti Standard into Invicti Enterprise
- Fixed an issue where Mark as Read was not working in Application Notifications
- Fixed a bug where Imported Links and files were not returned for ongoing scans on the ‘/scans/list-scheduled’ API endpoint
- Fixed a bug that occurred when adding an internal website in the ‘/websites/new’ API endpoint
- Fixed an issue where Excluded Path was not saved in the Scan Profile save action
- Fixed an issue where Preferred Agent was not saved in the Scan Profile save action
- Fixed an issue where issue counts were duplicated in the Annual issue chart
28 Apr 2020
NEW FEATURES
- Added support for U2F (Universal 2nd Factor Authentication)
- Added support for disabling API Access for a Team Member
- Added issue synchronization support for Azure DevOps
- Added a new Form Validation Errors node to the Knowledge Base panel, and to scan reports
- Added CVSS 3.1 support, to help with vulnerability scores
- Added a new Query Parameters checkbox to the Parameter-Based Navigation section of the Crawling tab in the Scan Policy Editor
- Added support for sending scan reports as email attachments on scan completed notification
- Upgraded the Invicti scanning engine to version 5.7.2.27798
IMPROVEMENTS
- Improved Integration categories and New Integration pages to provide a better user experience
- Added support for Windows Authentication (Integrated Security) for database connections (On-Premises only)
- Updated the Terms of Service page
- Added Technical Contact information to the ‘websites/list’ API endpoint
- Added start-end date filters to the ‘/scans/listbystate’ and ‘/auditlogs/export’ API endpoints
- Added an ‘excludeAddressedIssues’ filter to the ‘/scans/report/’ API endpoint
- Added a Failure Reason option to the Reason filter for failed scans
- Added additional help text to the Issues’ Detail window for groupable issues
- Added support for Admin users to manage their Team Member’s Report Policies
- Added Profile ID information to the response of the ‘/scans/detail’ API endpoint
NEW SECURITY CHECKS
- Added a Login Page Identifier security check
- Added a Content Delivery Networks (CDN) security check
- Added a Reverse Proxies security check
BUG FIXES
- Fixed a bug where issue counts were not returned for ongoing scans on the ‘/scans/detail’ API endpoint
- Fixed an issue where validation errors were shown for custom cookies
- Fixed an issue where Technologies were not reported if a scan was completed in a short time
- Fixed a browser compatibility issue that occurred while testing OAuth2 credentials
- Fixed a bug where the Scan Time Window settings were not applied in Scheduled Incremental scans
- Fixed an issue where pre-request scripts were not being sent to the scanner as expected
- Fixed an issue where preferred Agent Group was not populated in the New Scan window
- Fixed a bug where JavaScript settings were not set as expected for optimized Scan Policies
25 Feb 2020
NEW FEATURES
- Added a new Sitemap section to scan reports which shows crawled URLs and identified issues
- Added a new in-app notification section called What’s New which informs for important announcements
- Added out of the box issue tracking integration for Freshservice, YouTrack, and Splunk
- Added facility to send New Scan notifications using the Microsoft Teams integration
- Added Pre-Request Script feature which helps to configure HMAC Authentication on New Scan page (On-Premises only)
- Added new API endpoints for managing technologies
- Upgraded the Invicti scanning engine to version 5.6.3.27318
IMPROVEMENTS
- Redesigned Scan Summary section on Scan Report page
- Improved scan queue scheduling process which prevents multiple scans with same settings to be queued
- Improved Out-of-Date technologies email template for mobile clients
- Improved rendering for large fields on the scan report template
- Improved help text for Enable/Disable Agent actions on Manage Agents page
- Security Check Groups are now arranged into sub-groups in the New Scan Policy
- Set current user as the default technical contact on New Website page
NEW SECURITY CHECKS
- Added version disclosure and out-of-date checks for Telerik Web UI
- Added detection and out-of-date checks for Java and GlassFish
BUG FIXES
- Fixed a bug where filtering is not working as expected on the Report Policies page
- Fixed an error that was thrown during generating the Mod Security WAF Rules Report
- Fixed an issue where testing basic authentication credentials were not working as expected