v24.7.0 - 9 July 2024

New Security Checks

• Added a new security check to identify supply chain attacks through Polyfill JS
• Added a detection for GeoServer SQLi vulnerability (CVE-2023-25157)
• Added checks for various WordPress plugins

Improvements

• Improved Credit Card Disclosure Security Check
• Added custom headers for communication between Agents and Invicti Hawk
• Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
• Improved various Sensitive Data Exposure security checks
• Improved the detection of the Short SSL Key Length vulnerability
• Added the capability to check for Sensitive Data in XML responses

Fixes

• Fixed missing Request Body content in vulnerability details
• Fixed an issue with the 'IgnoreCertificateErrors' Agent setting for SSL Validation
• Fixed a problem in the JWT Engine to resolve a false positive issue
• Fixed an issue related to the OTA app scan
• Fixed HTTP 413 responses resulting from nonce cookies stacking