30 Mar 2021
This update includes changes to Internal Agents. FEATURE Added extension for Azure DevOps Pipelines. IMPROVEMENT Improved the error messages returned from the notification API endpoint. FIXES Fixed missing nodes on the sitemap tree. Fixed an issue where links imported from a Burp file are incorrectly parsed as HTTP, not HTTPS. [INTERNAL AGENT] Fixed an issue …
This update includes changes to Internal Agents.
FEATURE
- Added extension for Azure DevOps Pipelines.
IMPROVEMENT
- Improved the error messages returned from the notification API endpoint.
FIXES
- Fixed missing nodes on the sitemap tree.
- Fixed an issue where links imported from a Burp file are incorrectly parsed as HTTP, not HTTPS.
- [INTERNAL AGENT] Fixed an issue where an HSTS issue keeps reviving when the website is scanned again.
- [INTERNAL AGENT] Fixed a scan failed issue that occurs during archiving scan files.
- [INTERNAL AGENT] Fixed an issue where WSDL importing fails while trying to locate the external schema.
- [INTERNAL AGENT] Fixed an InvalidOperationException.
24 Mar 2021
This update includes changes to Internal Agents. FEATURE Introduced tagging support for Issues. IMPROVEMENT Added options to specify Is Confirmed and Severity values while failing Jenkins builds. [INTERNAL AGENT] Added auto-update support for Linux agents. [INTERNAL AGENT] Added support for TLS 1.3 protocol. [INTERNAL AGENT] Updated Debian docker image to version 10.8. FIXES Fixed the …
This update includes changes to Internal Agents.
FEATURE
- Introduced tagging support for Issues.
IMPROVEMENT
- Added options to specify Is Confirmed and Severity values while failing Jenkins builds.
- [INTERNAL AGENT] Added auto-update support for Linux agents.
- [INTERNAL AGENT] Added support for TLS 1.3 protocol.
- [INTERNAL AGENT] Updated Debian docker image to version 10.8.
FIXES
- Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
- Fixed missing classification editors on report policy editor for recently added classification types.
- [INTERNAL AGENT] Fixed an issue that causes the scan to stuck while trying to capture the website thumbnail image.
17 Mar 2021
This update includes changes to Internal Agents. IMPROVEMENT Improved the load times of the global dashboard page. [INTERNAL AGENT] Added a port configuration option for the agent helper service. FIXES Fixed an issue on /teammembers/new API endpoint where minimum password length requirement is enforced incorrectly for admin users. Fixed a UI glitch where the Fixed …
This update includes changes to Internal Agents.
IMPROVEMENT
- Improved the load times of the global dashboard page.
- [INTERNAL AGENT] Added a port configuration option for the agent helper service.
FIXES
- Fixed an issue on /teammembers/new API endpoint where minimum password length requirement is enforced incorrectly for admin users.
- Fixed a UI glitch where the Fixed Issues widget on the global dashboard page is clipped.
- Fixed a user enumeration issue that exists for users where SSO is enforced.
- Fixed an issue where updates to Custom Cookies input on Scan Profiles do not persist.
- Fixed an issue where the Next button on Welcome Wizard is not enabled even if you select Website Groups as indicated.
- Fixed the incorrect input label names on the HashiCorp Vault settings dialog.
- [INTERNAL AGENT] Fixed an issue where stuck scans do not honor the Maximum Scan Duration setting.
- [INTERNAL AGENT] Fixed an issue where an agent was creating temp files on C: drive even though it is installed in D: drive.
12 Mar 2021
This update includes changes to Internal Agents. FEATURE Custom Security Checks via Scripting feature that allows extending vulnerability detection capabilities. (Needs to be enabled per account basis) IMPROVEMENT [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.
This update includes changes to Internal Agents.
FEATURE
- Custom Security Checks via Scripting feature that allows extending vulnerability detection capabilities. (Needs to be enabled per account basis)
IMPROVEMENT
- [INTERNAL AGENT] Improved agents to reduce the number of IOPS performed.
04 Mar 2021
This update includes changes to Internal Agents. IMPROVEMENTS Prevented deletion of system notifications. Forced Browsing wordlist made editable. Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length. FIXES Fixed /notifications/ update API endpoint which was not updating recipient emails before. Fixed a Scan Policy Optimizer …
This update includes changes to Internal Agents.
IMPROVEMENTS
- Prevented deletion of system notifications.
- Forced Browsing wordlist made editable.
- Added tooltips displaying the full issue title on the Issues tree when the titles are clipped due to length.
FIXES
- Fixed /notifications/ update API endpoint which was not updating recipient emails before.
- Fixed a Scan Policy Optimizer issue where the Resource Finder settings are not captured when the selection tree is collapsed.
- Fixed an issue where the Custom Script cannot be created when 3-Legged Authentication is selected while configuring OAuth2.
- Fixed an issue where the ISO Compliance report cannot be exported for some of the scans.
- [INTERNAL AGENT] Fixed runtime exceptions thrown on systems that are missing ClamAV.
26 Feb 2021
This update includes changes to Internal Agents. NEW FEATURES Added IAST Scanning capabilities. Added CyberArk Vault Privileged Access Management integration. IMPROVEMENTS HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration. Added search capability to the Website Group selection drop-down on the global dashboard page. Added the API endpoint option to create users that can only …
This update includes changes to Internal Agents.
NEW FEATURES
- Added IAST Scanning capabilities.
- Added CyberArk Vault Privileged Access Management integration.
IMPROVEMENTS
- HashiCorp Vault settings no more require Testing Settings as mandatory before saving the integration.
- Added search capability to the Website Group selection drop-down on the global dashboard page.
- Added the API endpoint option to create users that can only log in using Single Sign-on.
- Added the last login date information to the team member API endpoint.
- [INTERNAL AGENT] Added “Detect authentication tokens” capability for authenticated scans.
FIXES
- Fixed a reporting issue where addressed issues were included on reports generated with the Exclude Addressed Issues option.
- Fixed the “Internal Server Error While Exporting Scan” error while exporting scans from Invicti Standard.
- Fixed an issue where a Scan Policy used on a Scheduled Scan cannot be deleted.
- Fixed an issue where the Single Sign-on only users were not able to access their API tokens.
- [INTERNAL AGENT] Fixed an issue that occurs while creating the custom report policy on Linux environments.
09 Feb 2021
IMPROVEMENTS Added Scan Profile Name column to Recent Scans page. Added Website URL as a filter field to Scheduled Scans page. Removed encrypted authentication credentials from API responses. FIXES Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard. Fixed an issue where …
IMPROVEMENTS
- Added Scan Profile Name column to Recent Scans page.
- Added Website URL as a filter field to Scheduled Scans page.
- Removed encrypted authentication credentials from API responses.
FIXES
- Fixed an issue where the scans launched from CI/CD without a Scan Profile were creating redundant Scan Groups on the Website dashboard.
- Fixed an issue where pressing the TAB key was not committing the entered email address on email input fields.
- Fixed an issue where some settings are not saved when you save a cloned Scan Policy for the first time.
- Fixed an issue where the View Scan Reports and Manage Issues (Restricted) options under Scan Permission are not saved while creating new members.
- Fixed an issue where the modified Scan Profile settings are not saved when another profile is selected from the dropdown.
27 Jan 2021
IMPROVEMENTS Improved an agent auto-update procedure to support updates for minor version changes. All credential information on API responses is encrypted. Prevented agent log file names to be renamed by the browser according to the user’s regional settings. FIXES Fixed an issue where the scan and report policies are not preserved while scheduling group scans. …
IMPROVEMENTS
- Improved an agent auto-update procedure to support updates for minor version changes.
- All credential information on API responses is encrypted.
- Prevented agent log file names to be renamed by the browser according to the user’s regional settings.
FIXES
- Fixed an issue where the scan and report policies are not preserved while scheduling group scans.
- Fixed several issues on the sitemap tree and improved the performance.
- Fixed a hanging scan issue that occurs while the scan state is changing.
- Fixed an issue where setting an already deleted scan profile name to a new scan profile gives an error.
- Fixed the incorrect VDB version displayed on the agent.
- Fixed an issue where Download Scan Data and Download HttpRequest Logs were not working previously.
- Fixed an issue where an agent was not using the correct proxy settings while communicating with the web app.
19 Jan 2021
IMPROVEMENTS Added grouping support for agents. Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page. Added websitesgroups/delete/{id} API endpoint. Improved the performance of the technology dashboard. Fixed the absolute start date of scheduled scans as a tooltip to relative dates. FIXES Fixed several scan stuck issues. Fixed an issue where the …
IMPROVEMENTS
- Added grouping support for agents.
- Added Scan Profile Name to Scan Group dropdown on the Website Dashboard page.
- Added websitesgroups/delete/{id} API endpoint.
- Improved the performance of the technology dashboard.
- Fixed the absolute start date of scheduled scans as a tooltip to relative dates.
FIXES
- Fixed several scan stuck issues.
- Fixed an issue where the scan is stuck when it is paused and tried to be deleted.
- Fixed an issue an incorrect email address could be entered as a notification recipient.
- Fixed an issue where the New Scan page stuck at loading when you switch back and forth between scan profiles.
- Fixed the unspecified format of the NameID SAML2 attribute by setting it to emailAddress.
13 Jan 2021
IMPROVEMENTS Added support for provisioning users without invitation requirement if the user is going to log in using SSO. Added support for setting external email recipients for notifications for all the event types. Added SANS Top 25 Report as export. Updated PCI Compliance Report to match the new style of the reports. Added Scan Profile …
IMPROVEMENTS
- Added support for provisioning users without invitation requirement if the user is going to log in using SSO.
- Added support for setting external email recipients for notifications for all the event types.
- Added SANS Top 25 Report as export.
- Updated PCI Compliance Report to match the new style of the reports.
- Added Scan Profile name to Detailed Scan Report and several other compliance reports.
FIXES
- Fixed an issue where the scan files fail to archive to S3 storage and pile up on the agent machine.
- Fixed an issue where an Internal Server Error occurs while trying to start or schedule a new scan.
22 Dec 2020
IMPROVEMENTS Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface. Improved the performance of Technologies pages FIXES Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced Fixed a typo on the Bugzilla integration configuration page Fixed the misleading error messages received when /websitegroups/update API endpoint is …
IMPROVEMENTS
- Improved the Basic, Digest, NTLM/Kerberos, Negotiate Authentication entry user interface.
- Improved the performance of Technologies pages
FIXES
- Removed the “SSO Email” field requirement for new member invitations on accounts where SSO is not enforced
- Fixed a typo on the Bugzilla integration configuration page
- Fixed the misleading error messages received when /websitegroups/update API endpoint is called with a missing or invalid “Id” values
- Fixed a UTF8 encoding issue
12 Dec 2020
IMPROVEMENTS Added an option to fail the build for Azure Pipelines Integration Added the Description field for Websites and Website Groups FIXES Fixed an issue where some paused scans stuck and were not be able to resume Fixed an issue where the incremental scan fails for a scan with form authentication configuration Fixed an internal …
IMPROVEMENTS
- Added an option to fail the build for Azure Pipelines Integration
- Added the Description field for Websites and Website Groups
FIXES
- Fixed an issue where some paused scans stuck and were not be able to resume
- Fixed an issue where the incremental scan fails for a scan with form authentication configuration
- Fixed an internal agent issue where the agent was not able to start as a service
- Removed the redundant Domain field requirement on Proxy settings of a Scan Policy