Home
/
Documentation
/
v25.4.0 - 22 April 2025
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
22 Apr 2025

v25.4.0 - 22 April 2025

New features

  • Added an option to prevent reopening Issue Tracker issues when a vulnerability is marked as False Positive and later revived (Read more).
  • Added the ability to reset the issue state to its default

Improvements

  • Requests with empty or default values are not sent to DeepInfo
  • Introduced a new setting under the Account General settings, within the Data Privacy and Security section, to modify the X-AMZ-Expires parameter while downloading the scan data
  • Enhanced the "Configure New Agent" page to include additional details for auth verifier agents (Read more)
  • Updated remediation details for outdated AngularJS versions
  • [BREAKING CHANGE]: Updated the Docker agent's compression method and file extension; ensure any automation or scripts referencing the old format are updated accordingly.
  • Enhanced the locally hosted web app in isolated networks to prevent unnecessary rerouting through Google reCAPTCHA

Resolved issues

  • Fixed an issue where the Issue note field could not be updated
  • Fixed inefficient algorithmic complexity in DotNet IAST Sensor
  • Resolved the issue where an invalid character response occurred when attempting to add a user
  • Resolved the "Invalid Target URI" error that occurred when editing the Target URI to end with multiple slashes (///) on the new scan page
  • Resolved the issue where the scan profile was not updating with the support account
  • Fixed restrictions for JIRA integration
  • Fixed an issue where pressing "Enter" instead of clicking the "Check" button during password verification triggered a full scan instead of the intended login verification
  • Updated Chromium and Node.js versions, resolving Chromium-related issues, including the unexpected increase in Chromium count
  • Exclude URL rules now function correctly even when the excluded URL is the target
  • Fixed an issue with retrieving OAuth2 token data from JSON responses
  • Fixed an exception caused by an invalid Target URI in scheduled scans
  • Fixed an issue where proxy credentials were not encrypted when launching InvictiProxy
  • Fixed inconsistent styling in the report policy, ensuring uniform formatting in the vulnerability profile sections

Notes for Verifying the Hash Value for Package Integrity in Invicti Enterprise On-Premises

The hash value for the "25.4.0.zip" file is provided below. You can verify the integrity of the file by checking its hash value using one of the methods outlined above:
Release Package Hash Value: 0DA0E72DE19A6ABE85BCF9B5E659C5776F8FE11700F06D3214B1993C6334A0E5

Methods to Verify the Hash Value:

PowerShell (Windows):

Get-FileHash -Path "25.4.0.zip" -Algorithm SHA256Command Prompt (Windows):

certutil -hashfile "25.4.0.zip" SHA256Linux or macOS:

sha256sum "25.4.0.zip"