v24.12.0 - 3 December 2024

This update includes changes to the internal agents. The internal scan agent’s current version is 24.12.0. The internal authentication verifier agent’s current version is 24.12.0

New Features

• API Discovery now supports retrieving Open API/Swagger specs from Kong Konnect → Learn more

New Security Checks

• Added detection of Google Tag Manager as a technology in the Vulnerability Database (VDB)

Improvements

• Enhanced security to prevent customer login information from being written in clear text
• OpenSSL configuration (openssl.cnf) updated for Docker compatibility
• Added new filter in Recent Scans page for Agent Mode in order to distinguish between Internal and Cloud agents
• Revised field descriptions in the Swagger model documentation to accurately reflect the use of the RequiredIf attribute
• Improved analysis and remediation capabilities for [Possible] Server-Side Template Injection vulnerabilities

Fixes

• Resolved a breaking change in .NET 8's System.Net.Security.UseManagedNtlm by upgrading from Ubuntu 22.04 to Ubuntu 24.04, where the issue was addressed. The Agent was updated to .NET 8.
• Fixed an issue where Retest-type scans did not identify the same vulnerabilities detected during full scans
• Fixed high CPU usage in some agents caused by Chromium
• Scans attempting to run with Agent Group without any agents will result correctly in failure instead of queue
• Fixed an issue that was preventing users from accessing a Scan Policy
• Fixed an issue where the Misconfigured Access-Control-Allow-Origin Header vulnerability was not detected
• Improved detection of the [Possible] Password Transmitted over Query String vulnerability