v24.8.0 - 13 August 2024

This update includes changes to the internal agents. The internal scan agent's current version is 24.8.0. The internal authentication verifier agent's current version is 24.8.0.

New Security Checks

• Added a check for Authentication bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
• Added a check for Open SSH server RCE (CVE-2024-6387)
• Added a check for cached pages that contain sensitive data (CWE-525)
• Incorporated the reporting of sensitive information disclosures from Okta

Improvements

• Added more links from the global dashboard widgets to the corresponding sections in the UI
• Scheduled scans that repeatedly fail with the same result can now be automatically disabled
• Unlinked API specs from the scan profile automatically unlink on the API Inventory page as well
• Added the ability to navigate from the API operation vulnerability count in the API Inventory to a filtered list of vulnerabilities on the Issues page
• Reverted the fix for a problem in the JWT Engine that was intended to resolve a false positive issue

Fixes

• Fixed an issue that was causing intermittent errors in PCI reports
• Fixed the ‘Bad Request’ error that was occurring in the vulnerability details of scan reports
• Fixed an issue where the character 'ñ' was causing errors when updating or adding new users
• Fixed the issue that was preventing deletion of unused scan policies
• Fixed the issue where additional website vulnerabilities were being stored as target vulnerabilities
• Fixed the missing tooltips for source errors on the API Sources page
• Fixed the issue where the linked target URL was clickable even when the API specification was hidden