v24.11.0 - 12 November 2024

This update includes changes to the internal agents. The internal scan agent’s current version is 24.11.0. The internal authentication verifier agent’s current version is 24.11.0

New Features

• API Discovery now supports working with RAML specs from Mulesoft Anypoint Exchange

New Security Checks

• Added a check for applications performing certificate name validation to prevent reading invalid memory addresses (CVE-2024-6119)

Improvements

• Updated the AuthVerificationService from .NET 6.0 to .NET 8.0

Fixes

• Fixed an issue with missing links in imported files that were sent from the API Inventory to the agent
• Fixed an issue where target names longer than 40 characters were not being truncated as expected on the Create New Target page
• Fixed an issue where the "Download HTTP Request Logs" button triggered an error while a scan was in progress
• Fixed an issue where user names containing the character "ä" could not be added
• Fixed an issue with the scan data retention period for raw scan files that was not working as expected
• Fixed missing scan completed notifications with report attachments
• Fixed an issue where adding more than one name to a Notification's Excluded Recipients would remove the other users from all other notifications
• Fixed an issue where the verifier agent could not read or apply custom proxy settings from the appsettings.json file
• Fixed an issue where uploading a .proto file caused a "No links found in the file" error
• Fixed missing request/response details for some out-of-band vulnerabilities