Added a new signature limit for URL Rewrite matched links
Added a crawling limit for Not found (404) links
Added a WASC Classification Report template
Added an option to exclude authentication pages and removed authentication related regexes from the default settings
NEW SECURITY CHECKS
Added Out-of-date security checks for the Liferay portal
Added Version Disclosure and Out-of-date security checks for Jolokia
Added Nested XSS security checks
Added an ASP.NET Razor SSTI security check
Added a Java Pebble SSTI security check
Added a Theymeleaf SSTI security check
Added Version Disclosure and Out-of-date security checks for Grafana
IMPROVEMENTS
Improved custom scripting to send raw requests
Improved the authenticator to hide passwords in request data in order to prevent exposing them in reports
Added an Auto Follow Redirect setting to the Advanced settings
Added request and response details to Out of Band vulnerabilities
Improved logging for timed out regexes in the Javascript Library Checker
Updated signature of Stack Trace/Custom Stack Trace (Python)
Improved the memory consumption on long running scans
FIXES
Fixed an error that was caused when parsing duplicate response content-type headers
Updated Invicti logos, splash screen and icons
Fixed reporting of Crawl Performance for crawl-only scans
Fixed an issue where Form Value Errors were occurring after simulation was finished
Fixed the Maximum Body Length exceeded log message
Fixed the log level of the Dom Parser’s ignored link message
Fixed the Jira Send To application description
Fixed an issue that occured when the content-type and accept header was used in a parameter in the Open API (Swagger) file
Fixed an issue where the custom Comparison Report was not generated
Fixed an ArgumentNullException that was occuring in the TestSiteConfiguration dialog
Disabled the LFI button for possible xxe
Fixed a certificate error problem on the new ssl checker
Fixed the timezone problem on reports
Fixed the Executive Summary Report title
Fixed an ArgumentException that was thrown when the URI was empty
Fixed HIPAA classification links
Fixed the issue where the Invicti session importer did not import all links from the session
Fixed the bug where the URL was split incorrectly when a segment contained the file extension
Fixed the issue responses that were not being analyzed in the Signatures engine during the re-crawl phase
Fixed the HIPAA classification link when there are multiple classifications
Removed plugin functions that are used to detect bootstrap to prevent false positive versions from being reported
Fixed NRE in the static detection engine
Fixed the Swagger parser that caused an object to be imported with a parent node while the object was inside an array
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.