Invicti Enterprise On-Demand Change Log
Invicti Enterprise On-Demand Update - 24th March 2021

This update includes changes to Internal Agents.

FEATURE

  • Introduced tagging support for Issues.

IMPROVEMENT

  • Added options to specify Is Confirmed and Severity values while failing Jenkins builds.
  • [INTERNAL AGENT] Added auto-update support for Linux agents.
  • [INTERNAL AGENT] Added support for TLS 1.3 protocol.
  • [INTERNAL AGENT] Updated Debian docker image to version 10.8.

FIXES

  • Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
  • Fixed missing classification editors on report policy editor for recently added classification types.
  • [INTERNAL AGENT] Fixed an issue that causes the scan to stuck while trying to capture the website thumbnail image.

Netsparker Enterprise On-Demand Update - 17th March 2021

This update includes changes to Internal Agents.

IMPROVEMENT

  • Improved the load times of the global dashboard page.
  • [INTERNAL AGENT] Added a port configuration option for the agent helper service.

FIXES

  • Fixed an issue on /teammembers/new API endpoint where minimum password length requirement is enforced incorrectly for admin users.
  • Fixed a UI glitch where the Fixed Issues widget on the global dashboard page is clipped.
  • Fixed a user enumeration issue that exists for users where SSO is enforced.
  • Fixed an issue where updates to Custom Cookies input on Scan Profiles do not persist.
  • Fixed an issue where the Next button on Welcome Wizard is not enabled even if you select Website Groups as indicated.
  • Fixed the incorrect input label names on the HashiCorp Vault settings dialog.
  • [INTERNAL AGENT] Fixed an issue where stuck scans do not honor the Maximum Scan Duration setting.
  • [INTERNAL AGENT] Fixed an issue where an agent was creating temp files on C: drive even though it is installed in D: drive.

Invicti Enterprise On-Demand Update - 12th March 2021

This update includes changes to Internal Agents.

FEATURE

IMPROVEMENT

  • [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.

Invicti Enterprise On-Demand Update - 4th March 2021

This update includes changes to Internal Agents.

IMPROVEMENTS

  • Prevented deletion of system notifications.
  • Forced Browsing wordlist made editable.
  • Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length.

FIXES

  • Fixed /notifications/ update API endpoint which was not updating recipient emails before.
  • Fixed a Scan Policy Optimizer issue where the Resource Finder settings are not captured when the selection tree is collapsed.
  • Fixed an issue where the Custom Script cannot be created when 3-Legged Authentication is selected while configuring OAuth2.
  • Fixed an issue where the ISO Compliance report cannot be exported for some of the scans.
  • [INTERNAL AGENT] Fixed runtime exceptions thrown on systems that are missing ClamAV.

Invicti Enterprise On-Demand Update - 26th February 2021

This update includes changes to Internal Agents.

NEW FEATURES

  • Added IAST Scanning capabilities.
  • Added CyberArk Vault Privileged Access Management integration.

IMPROVEMENTS

  • HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
  • Added search capability to the Website Group selection drop-down on the global dashboard page.
  • Added the API endpoint option to create users that can only log in using Single Sign-on.
  • Added the last login date information to the team member API endpoint.
  • [INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.

FIXES

  • Fixed an issue where the category selection widget was clipped on the Service Now integration configuration page.
  • Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
  • Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
  • Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
  • Fixed an issue where the Single Sign-on only users were not able to access their API tokens.
  • [INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.
Netsparker Enterprise On-Demand Update - 9th February 2021

IMPROVEMENTS

  • Added Scan Profile Name column to Recent Scans page.
  • Added Website URL as a filter field to Scheduled Scans page.
  • Removed encrypted authentication credentials from API responses.

FIXES

  • Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard.
  • Fixed an issue where pressing the TAB key was not committing the entered email address on email input fields.
  • Fixed an issue where some settings are not saved when you save a cloned Scan Policy for the first time.
  • Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under Scan Permission are not saved while creating new members.
  • Fixed an issue where the modified Scan Profile settings are not saved when another profile is selected from the dropdown.

Netsparker Enterprise On-Demand Update - 27th January 2021

IMPROVEMENTS

  • Improved an agent auto-update procedure to support updates for minor version changes.
  • All credential information on API responses is encrypted.
  • Prevented agent log file names to be renamed by the browser according to the user’s regional settings.

FIXES

  • Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
  • Fixed several issues on the sitemap tree and improved the performance.
  • Fixed a hanging scan issue that occurs while the scan state is changing.
  • Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
  • Fixed the incorrect VDB version displayed on the agent.
  • Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
  • Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.

Netsparker Enterprise On-Demand Update - 19th January 2021

IMPROVEMENTS

  • Added grouping support for agents.
  • Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
  • Added websitesgroups/delete/{id} API endpoint.
  • Improved the performance of the technology dashboard.
  • Fixed the absolute start date of scheduled scans as a tooltip to relative dates.

FIXES

  • Fixed several scan stuck issues.
  • Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
  • Fixed an issue an incorrect email address could be entered as a notification recipient.
  • Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
  • Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.

Netsparker Enterprise On-Demand Update - 13th January 2021

IMPROVEMENTS

  • Added support for provisioning users without invitation requirement if the user is going to log in using SSO.
  • Added support for setting external email recipients for notifications for all the event types.
  • Added SANS Top 25 Report as export.
  • Updated PCI Compliance Report to match the new style of the reports.
  • Added Scan Profile name to Detailed Scan Report and several other compliance reports.

FIXES

  • Fixed an issue where the scan files fail to archive to S3 storage and pile up on the agent machine.
  • Fixed an issue where an Internal Server Error occurs while trying to start or schedule a new scan.

Netsparker Enterprise On-Demand Update - 22nd December 2020

IMPROVEMENTS

  • Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface. 
  • Improved the performance of Technologies pages

FIXES

  • Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced
  • Fixed a typo on the Bugzilla integration configuration page
  • Fixed the misleading error messages received when /websitegroups/update API endpoint is called with a missing or invalid “Id” values
  • Fixed a UTF8 encoding issue

Netsparker Enterprise On-Demand Update - 12th December 2020

IMPROVEMENTS

  • Added an option to fail the build for Azure Pipelines Integration
  • Added the Description field for Websites and Website Groups

FIXES

  • Fixed an issue where some paused scans stuck and were not be able to resume
  • Fixed an issue where the incremental scan fails for a scan with form authentication configuration
  • Fixed an internal agent issue where the agent was not able to start as a service 
  • Removed the redundant Domain field requirement on Proxy settings of a Scan Policy

Netsparker Enterprise On-Demand Update - 8th December 2020

FIXES

  • Fixed an issue where some Client Certificates might not work properly for authentication 
  • Fixed an issue where scans might get stuck in the Pausing state