Home
/
Documentation
/
v24.8.0 - 26 August 2024
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
26 Aug 2024

v24.8.0 - 26 August 2024

This release is currently only available on request.

New Features

  • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

New Security Checks

  • Added a check for Authentication bypass in Fortra’s GoAnywhere MFT (CVE-2024-0204) 
  • Added a check for Open SSH server RCE (CVE-2024-6387) 
  • Added a check for cached pages that contain sensitive data (CWE-525) 
  • Incorporated the reporting of sensitive information disclosures from Okta

Improvements

  • Added custom header support for SSRF registration
  • Added a toggle to the Recent Scans widget on the Targets Dashboard to switch between displaying the target name and target URL
  • Added the option to select the Agent mode when importing targets
  • Added an option to filter by Agent Name on the Recent Scans screen
  • Added more links from the global dashboard widgets to the corresponding sections in the UI 
  • Scheduled scans that repeatedly fail with the same result can now be automatically disabled 
  • Unlinked API specs from the scan profile automatically unlink on the API Inventory page as well 
  • Added the ability to navigate from the API operation vulnerability count in the API Inventory to a filtered list of vulnerabilities on the Issues page 
  • Reverted the fix for a problem in the JWT Engine that was intended to resolve a false positive issue

Fixes

  • Fixed an issue related to Agent Selection and Preferred Agent Group settings
  • Fixed an error occurring with valid requests to schedule a scan via the profile endpoint
  • Fixed an issue where scan reports attached to emails could not be opened
  • Fixed an issue where changing vulnerability details in the Report Policy deleted some information from the vulnerability
  • Fixed an issue where scan summary reports were not accessible in the UI
  • Fixed an issue where users were unable to remove URLs from Website Groups
  • Fixed an issue where users were unable to create both HTTP and HTTPS for the same endpoint
  • Fixed an issue where clients with limited access and custom roles were seeing all notifications for all users and websites in a target website’s dashboard
  • Fixed an issue related to BLR links
  • Fixed an issue where the scan was not displaying all the URLs in the sitemap
  • Fixed an SSL Untrusted Root Certificate issue for scans conducted with the OpenShift agent
  • Fixed an issue that was causing intermittent errors in PCI reports 
  • Fixed the ‘Bad Request’ error that was occurring in the vulnerability details of scan reports
  • Fixed an issue where the character ‘ñ’ was causing errors when updating or adding new users
  • Fixed the issue that was preventing the deletion of unused scan policies
  • Fixed the issue where additional website vulnerabilities were being stored as target vulnerabilities
  • Fixed the missing tooltips for source errors on the API Discovery Sources page
  • Fixed the issue where the linked target URL was clickable even when the API specification was hidden