Home
/
Documentation
/
v23.10.0 - 26 October 2023
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
26 Oct 2023

v23.10.0 - 26 October 2023

New features

  • Added a new Team Administrator role that gives you the flexibility to designate an administrator for oversight across specific web applications, and assign certain roles and website groups to specific Teams or Team Members
  • Added an option under General > Settings to set a session timeout limit for all users
  • Added new options to the dashboard for selecting date ranges, including creating custom time periods
  • Added a notification to the scan results page to show the VDB update version and Invicti Hawk connectivity status for the agent used in the scan
  • Added a sensitive data (password, session cookie, token, etc.) encoder

New security checks

  • Added JQuery placeholder detection methods
  • Added a new security check for the Missing X-Content-Type-Options vulnerability

Improvements

  • Improved the JS Delivery CDN disclosure check to increase stability
  • Improved the remediation part for the Weak Ciphers Enabled vulnerability
  • Reduced the certainty value to 90 for the Robot Attack Detected vulnerability
  • Improved the detection method for CSP
  • Improved the detection method for the Dockerignore File Detected vulnerability
  • Improved the detection method for the Docker Cloud Stack File Detected vulnerability

Fixes

  • Fixed an issue with imported links in the API
  • Fixed a bug in the scan URL rewrite rules
  • Fixed a bug that was preventing retest scans from starting correctly when the vulnerability states were changed from 'Reviewed' to 'Fixed (Unconfirmed)'
  • Fixed a bug with disabling the scheduled scans list
  • Fixed an issue with viewing the Account Edit page
  • Added the missing CVE to the issue details for the "Out-of-date Version (jQuery Validation)" vulnerability
  • Fixed some bugs that were affecting BLR
  • Encrypted proxy password details when used in the Agent
  • Fixed a custom proxy bypass list issue
  • Fixed a unique analyzer bug for the WSDL importer
  • Improved our XSS capabilities
  • Fixed an NTLM login issue
  • Fixed an issue that was causing the license file to become empty after upgrading the product
  • Fixed several bugs that were impacting some agent proxy settings, synchronization of the vulnerabilities database, and saving scan policies when the proxy bypass feature is used
  • Other miscellaneous bug fixes