Invicti Standard 26 Apr 2019

NEW FEATURES

  • Added “Do not differentiate HTTP and HTTPS protocols” option to scope settings
  • Added 3-Legged Token flow for OAuth2 authentication
  • Added an option to be able to use a fixed OAuth2 token type

NEW SECURITY CHECK

  • Added new XSS pattern that injects attack payload to HREF attribute

IMPROVEMENTS

  • Added reporter account id to JIRA Send To
  • Updated SSRF ipv6 pattern names
  • Improved the visibility of Resume button while performing a Manual Crawling
  • Improved the error message displayed while importing Swagger links

FIXES

  • Fixed retrying getting OAuth2 token
  • Fixed a NullReferenceException thrown when OAuth2 enabled scan is loaded
  • Fixed an UnhandledException thrown during DOM Simulation in some rare cases
  • Fixed pausing scan when OAuth2 authentication failed
  • Fixed logging OAuth2 error messages
  • Fixed showing context menu for activity viewer’s group rows
  • Fixed a NullReferenceException thrown when mouse is moved over sitemap
  • Fixed the missing space character on Best Practice severity text on issues panel
  • Fixed the incorrect position of Force Pause button on high DPI screens
  • Fixed the white screen flashed on dark theme while navigating between KB screens
  • Fixed the tiny progress animation on license popup dialog
  • Fixed the dark theme issues on Advanced Settings screen
  • Fixed a KeyNotFoundException thrown when the scan has finished
  • Fixed the issue where ignoring first vulnerability variation ignores all variations
  • Fixed a NullReferenceException thrown while Security Checklist panel is being activated if Scan Policy Editor dialog is opened by Assistant
  • Fixed an issue where DOM simulation might conflict with some JS frameworks
  • Fixed the broken Ignore From this Scan context menu action on Sitemap panel
  • Fixed a NullReferenceException thrown from Invicti Assistant
  • Fixed the NullReferenceException thrown when a Manual Crawling scan is imported and then resumed
  • Fixed the issue where recently optimized scan policy is not selected when the Start a New Scan window is opened again
  • Fixed an issue where multiple persona could be selected on Form Authentication settings
  • Fixed the garbled configuration sample in Remedy section of HSTS Policy Not Enabled vulnerability
  • Fixed the incorrect behavior on Notifications panel when it is scrolled to the end
  • Fixed a NullReferenceException thrown while generating a report from a scan that contains a File Upload Vulnerability
  • Fixed an issue where an extra ampersand is appended to query string while generating URL of a Swagger imported link
  • Fixed an XmlException while trying to parse a sitemap.xml response that is not found
  • Fixed a GZip decoding issue while trying to decode a compressed sitmeap.xml
  • Fixed an unhandled NullReferenceException thrown from Sitemap
  • Fixed parsing OAuth2 response regardless of the response content type
  • Fix parsing JSON content type in Swagger parser to handle unexpected content types instead of creating a request for them
  • Fixed performance issues caused by excessive logging when Activity Tracking is enabled
  • Fixed a stuck scan issue on web sites using React JavaScript framework
  • Fixed a Postman file importing issue where the response is not base64 encoded
  • Fixed a NullReferenceException thrown while checking mutations on DOM
  • Fixed an unhandled “InvalidOperationException: Object is currently in use elsewhere” error
  • Fixed an error where XML and JSON responses could not be rendered on response viewers
  • Fixed an unhandled NullReferenceException thrown from Assistant
  • Fixed several NullReferenceException errors thrown while viewing knowledgebase items
  • Fixed an issue where the current ongoing scan could be deleted from Local Scans section
  • Fixed an InvalidOperationException “Database is not open” error