v24.1.1 - 30 January 2024

This update includes changes to the internal agents. The internal scan agent’s current version is 24.1.1. The internal authentication verifier agent’s current version is 24.1.1.

New features

• Added the option to remove Request/Response details from the detailed template to avoid the character limit error when sending vulnerabilities
• Added the option for customers to display their company name on the PCI report (new scan settings field under General settings)
• Enabled the ability to re-scan a previously scanned target which allows the application of previous exclusions on the scan and helps avoid false positives on the PCI ASV scan
• Added the option to enable enhanced logging of failed logins
• Added functionality to the UI for users to obtain logs from failed scans (previously only system administrators were able to do that)

New security checks

• Added a check for dotCMS
• Added a check for the Ultimate Member WordPress plugin
• Added a new mXSS pattern
• Added new signatures to detect JWKs

Improvements

• Improved the recommendations for the Weak Ciphers Enabled vulnerability
• Improved detection of swagger.json vulnerabilities

Fixes

• Fixed a bug in the cloning report policies functionality
• Fixed an error that was occurring with the API endpoint: list-scheduled
• Fixed a bug with the Jira integration
• Fixed a bug with custom scheduled scans that were not updating the Next Execution Time field correctly
• Fixed an issue with the HashiCorp Vault integration token validation path
• Fixed the missing 'Known Issues' tab from scan summary issue details
• Fixed an issue with the severity trend chart on the Dashboard
• Fixed a problem with importing WDSL files