Home
/
Documentation
/
v25.7.0 - 29 July 2025
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
29 Jul 2025

v25.7.0 - 29 July 2025

New features

  • LDAP Integration: Permanently enabled LDAP integration for on-premise WebApp installations by removing its associated feature flag. LDAP functionality is now available by default
  • Added Post-Request Script feature (Read more)
  • Added API GET method to retrieve scheduled scans by ID

Improvements

  • Updated plugin dependencies to address known security vulnerabilities and improve overall stability; upgraded Jenkins compatibility to version 2.474
  • Increased the timeout duration for IAST responses to prevent premature failures
  • When user roles changes details are now available on Activity Logs
  • Jenkins Plugin: Corrected misleading UI validation for the “Report Type” parameter within the “Netsparker Enterprise Scan” build step. The field no longer incorrectly appears as required, clarifying its optional nature
  • Added validation to ensure base scan file existence before initiating Incremental or Retest scans, preventing potential scan failures due to missing dependencies
  • Improved design of Authentication Verifier Service page
  • Added support for configuring the temp file via appsettings.json or an environment variable
  • Updated workflows to improve reliability and security while maintaining alignment with GitHub’s best practices
  • Updated the Jenkins plugin script generation to use the latest GitHub Actions versions and ubuntu-latest runner for improved compatibility and security
  • Addressed multiple versions of GitHub Actions available in the marketplace
  • Improved incremental scanning
  • Implemented an enhancement to capture the token information present in the response during the OAuth2 Implicit Flow
  • Added new REST API endpoint (agents/listverifiers) to retrieve AV agents data
  • Implemented an enhancement to enable more effective cookie management when HTTP/2 is enabled
  • Updated Microsoft.OpenApi to version 2.0 preview to support OpenAPI 3.1.0 for improved API scanning
  • Agent and Verifier download names now come in certain format
  • Minor security patch for the Authentication Verifier service
  • Improved suspend mechanism in JIRA integration

Resolved issues

  • An improvement has been made to allow multiple secrets to be used simultaneously within a single custom header
  • File Uploads: Expanded the allowed MIME types for ZIP file uploads to include application/zip and application/x-zip. This resolves issues where ZIP files uploaded from certain operating systems (e.g., Mac/Linux) were not recognized due to variations in reported MIME types
  • Resolved an issue where duplicate X-Content-Type-Options headers triggered false missing header reports
  • Resolved discrepancy between API (listByWebsite) and UI (Recent Scans) results
  • Fixed an issue with verifying the existence of links in the link pool
  • Resolved an issue where SSL certificate chain errors blocked UI or auto-update of Internal Verifier Agents on Linux
  • Implemented logic to create the UserDocumentsDirectoryPath when it doesn't already exist
  • Added support for defining headers and HTTP method during CSV import
  • Resolved an issue where multiple versions of Next.js were not properly displayed in the Technologies dashboard and Scan Reports
  • Added a note for values requiring wrap-around quotes in API

Notes for Verifying the Hash Value for Package Integrity in Invicti Enterprise On-Premises

The hash value for the "25.7.0.zip" file is provided below. You can verify the integrity of the file by checking its hash value using one of the outlined methods:
Release Package Hash Value: 2329F1F9F3E23D25AB8CAD4194F4CFBE0C98EBF411D9658A773D285A1931EAE4

Methods to Verify the Hash Value:

PowerShell (Windows):

Get-FileHash -Path "25.7.0.zip" -Algorithm SHA256Command Prompt (Windows):

certutil -hashfile "25.7.0.zip" SHA256Linux or macOS:

sha256sum "25.7.0.zip"