v24.2.0 - 20 February 2024

This update includes changes to the internal agents. The internal scan agent’s current version is 24.2.0. The internal authentication verifier agent’s current version is 24.2.0.

New security checks

• Implemented a detection and reporting mechanism for the Backup Migration WordPress plugin (CVE-2023-6553)
• Added detection for TinyMCE

Improvements

• Updated the "Insecure Transportation Security Protocol Supported (TLS 1.0)" vulnerability to High Severity
• Implemented support for scanning sites with location permission pop-ups
• Implemented support for FreshService API V2
• Revised the labeling of the active vulnerabilities information on the Scan Summary page to provide greater clarity
• Removed obsolete X-Frame-Options Header security checks

Fixes

• Fixed a bug in the Request/Response tab of Version Disclosure vulnerabilities
• Corrected an issue in the technical reports where vulnerabilities identified in Korean are now reported in English
• Changed the ID parameter from 'optional' to 'required' within the Scan Policy Update API
• Removed the target URL from the scope control list
• Resolved a bug in the filtering of vulnerabilities on the Issues page
• Fixed a bug in the marking of issues as a false positive
• Resolved an issue where the agent would become unavailable after receiving a 401 error
• Fixed the issue with uploading a Swagger file into a scan profile