Home
/
Documentation
/
Invicti Standard Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Standard

RSS FEED
21-Nov-2017
COPY LINK

NEW SECURITY CHECK

  • Added more Command Injection and Blind Command Injection patterns for Windows systems.
21-Jun-2018
COPY LINK

FIXES

  • Fixed an ArgumentException caused by an incorrect URL entered on Start New Scan dialog.
  • Fixed an XmlException thrown while trying to restore UI layout.
  • Fixed missing cookies on form authentication when they are set from JavaScript context.
  • Fixed an ArgumentException thrown on Start New Scan dialog for Korean systems.
  • Fixed the ArgumentOutOfRangeException that occurs when creating reports through CLI.
  • Fixed CORS security check retest issue where old response data were being used.
  • Fixed a UriFormatException caused by an incorrect cloud integration server URL.
  • Fixes an ArgumentOutOfRangeException that occurs when a URL with backslash is entered on Start New Scan dialog.
20-Jan-2017
COPY LINK

IMPROVEMENTS

  • Added CVSS information to more vulnerabilities.
  • Updated vulnerability database.

FIXES

  • Fixed a crash which occurs when too many elements are nested in the HTTP response.
  • Fixed a text parsing issue where absolute URLs were converted to invalid relative URLs.
  • Fixed incorrect protocol detection for protocol-relative URLs.
20-Feb-2020
COPY LINK

IMPROVEMENT

  • Null values have been changed to an empty string on text-based reports to avoid integration problems

FIXES

  • Updated the Singular Scripting Check's script template
  • Fixed an issue where migrating old Scan Profiles files failed to produce authentication information
  • Fixed an issue where cookie domains were not set for cookies that were set in a JavaScript context and captured during DOM simulation
  • Fixed an Out of Memory exception that was caused when the target web application had HTML attributes with long string values
  • Fixed the issue where the text was trimmed when it contained null bytes when copied from the Raw Request/Response panels to the clipboard
  • Fixed an issue where the value of the cookie source custom field was incorrect
  • Cookies are no longer analyzed if the Cookie checks are disabled in the Scan Policy
  • Fixed an issue where an error message was not shown for empty fields while using the Create Samples Issue feature in the TFS Send To Actions panel
  • Fixed a NullReferenceException that was thrown during Manual Proxy scans when the 'Do not expect challenge' option was enabled in the Basic, NTLM/Kerberos Authentication tab
  • Fixed an incorrect 'Login confirmation has failed' log
  • Fixed a NullReferenceException that was thrown in the Keyword Based logout detection
2-Nov-2016
COPY LINK

FIXES

  • Fixed an issue that occurs during the attacking phase where all threads cannot be utilized.
  • Fixed handling of blob: protocol on DOM simulation.
2-Jul-2019
COPY LINK

IMPROVEMENT

  • Improved stability of scan by dynamically adjusting the thread count according to system resources

FIXES

  • Fixed high CPU usage caused by connectivity issues that were occurring during a scan
  • Fixed the issue where Referrer Policy Not Implemented was being reported for redirect responses
  • Fixed the issue where CSP Not Implemented was being reported for redirect responses
  • Fixed the issue where Missing X-XSS Protection was being reported for redirect responses
  • Fixed the issue where Missing X-Frame-Options Header was being reported for redirect responses
  • Fixed a bug where cookies were reported as not secure in authenticated scans
  • Fixed an automatic Logout Detection issue during form authentication verification, where the login required URL was requested with an HTTP POST method
  • Fixed clearing internal web browser's cache while executing authentication process
  • Fixed the broken Crawled and Scanned URLs List (JSON) Report Templates
  • Fixed the incorrect error message that was displayed while generating a Comparison Report with no selected scan files
  • Fixed the Browser View that stayed open when a non-HTML response was selected
  • Fixed the incorrect severity colors on Comparison Reports
  • Fixed an issue where some of the toolbar items were not displayed on the Sitemap and Issues panels
  • Fixed the broken ModSecurity WAF Rules Report Template
  • Fixed a time based security check issue occurs when the target web server is not accessible
  • Fixed the bug on issues panel where the number of vulnerabilities displayed next to severity group node was incorrect
  • Fixed the incorrect send to icon size on high DPI screens
  • Fixed an issue where browser viewer could not show content when content type of request was text/html
  • Fixed an issue where React controlled fields may not be updated during Form Authentication
  • Fixed an issue where Invicti Enterprise options are displayed while trying to import a scan file on back stage view
  • Fixed a bug on issue panel where group node was shown as ignored when child node is ignored
  • Fixed an issue on sitemap tree where number of nodes are reported incorrect when it is grouped
  • Fixed an InvalidCastException thrown while browsing a response
2-Jan-2020
COPY LINK

IMPROVEMENTS

  • Added sort functionality to the grid view of the OAuth2 settings tab in the Start a New Website or Website Service New Scan dialog
  • The default selected tab is now the first one in the Manual Authentication settings tab in the Start a New Website or Website Service New Scan dialog

FIXES

  • Fixed an issue where empty Comparison Reports were still created even when report generation was canceled
  • Fixed several visual defects in generated reports
  • Fixed a race condition issue with DOM Simulation
  • Fixed an issue where expired cookies were not being removed properly when they were set in a JavaScript context
  • Fixed some Azure DevOps error messages
  • Fixed an issue with GWT parsing where a request without a body was causing an exception
  • Fixed a concurrency issue that was causing several exceptions that slowed down the overall scan performance
  • Fixed an issue where the incorrect estimated finish time was shown in the progress panel
  • Fixed an issue where DOM XSS attacks were failing on pages that had a POST request on the same page
  • Fixed a NullReferenceException error that was thrown in the XSS analyzer
  • Fixed an issue with SSL checks by improving the ClientHello structure with additional extensions
2-Feb-2018
COPY LINK

IMPROVEMENTS

  • Added a new report template - Detailed Vulnerabilities List in XML.
  • Optimized ROBOT attack check performance.
  • Improved React Controlled Field coverage in form authentication custom scripts.

FIXES

  • Fixed the non-rendered web page on form authentication verification dialog, due to malformed Content-Type header.
  • Fixed the disabled Retest menu item for vulnerabilities on Issues tree.
19-Sep-2018
COPY LINK

FIXES

  • Fixed the issues on computers where FIPS compliancy is required
  • Fixed the incorrect button positions on Website Checker dialog displayed during license activation
19-Jul-2017
COPY LINK

IMPROVEMENTS

  • Enhanced and fixed several DOM simulations.
  • Removed redundant SSL logs caused by HSTS security checks.
  • Improved localization capabilities of Report Policy Editor.
19-Dec-2019
COPY LINK

IMPROVEMENTS

  • Added a QR Code feature to OTP settings that captures the settings from the QR code on the web page
  • The Known Vulnerabilities list for Out-of-date Version vulnerability reports can now be expanded
  • The Enabled Engines list on scan reports is now sorted alphabetically

FIXES

  • Fixed an issue where importing the I/O Docs specifications from a zip file was not working properly
  • Fixed a memory leak that was causing several issues with scans
  • Fixed an issue where Referer headers were not being sent to DOM simulations
18-Sep-2017
COPY LINK

FIX

  • Fixed an out of memory issue.