v24.1.0 - 9 January 2024

New features

• Added CVSS 4.0 categorization of vulnerabilities
• Added support for PCI DSS 4.0

New security checks

• Google ProtocolBuffers: CVE-2022-1941

Improvements

• Added descriptions to the agent warning messages on the Scan Summary page
• Updated messaging around the functionality of the Team Administrator role
• Improved the request body rating algorithm
• Improved the Postman collection parsing algorithm
• Improved the vulnerability calculator for Boolean MongoDB
• Resolved an issue with adding a client certificate to set up a scan

Fixes

• Fixed a bug that was preventing customers from adding back previously deleted targets
• Increased character length for the Jira and Snow integration URL validation regex to ensure it accommodates Top-Level Domains (TLDs)
• Paused scheduled scans that were resuming automatically will now remain paused until manually resumed
• Removed the previous limit on the number of supported second-level domains in the Discovery feature
• Fixed an error that was occurring when updating an issue from Fixed (confirmed) to Accepted Risk status
• Fixed discrepancies in the numbers displayed on the Dashboard
• Fixed an issue with the agent auto-updater
• Added a missing control for SSO users while editing members
• Fixed a bug in the communication between Invicti and ServiceNow
• Fixed a bug that was preventing administrators from creating new notifications or editing built-in notifications
• Fixed an issue that was causing verifiers to not use scan policy proxy settings
• Fixed an auth verifier client certificate authentication path error
• Fixed the Invicti crawler that wasn't getting JS endpoints correctly
• Resolved issues with importing API documentation from a link
• Fixed a bug in the Jenkins plugin that was causing the 'Stop The Scan When Build Fails' option to not work correctly
• Fixed insecure Windows service permissions that were vulnerable to privilege escalation attacks