November 18, 2024
v24.11.0 - 18 November 2024
New Features
- Integration with Mend SAST: display Mend SAST results alongside DAST results in Invicti Enterprise so you can prioritize all your application security testing fixes in one list → Learn more
- API Security: Added integration with Azure API Management to fetch Swagger2 and OpenAPI3 specification files → Learn more
- API Security now supports working with RAML specs from MuleSoft Anypoint Exchange
New Security Checks
- Updated detection for ActiveMQ - Remote Code Execution (CVE-2023-46604) and TorchServe Management API SSRF (CVE-2023-43654)
- Added detection for multiple JavaScript libraries
- Added detection for Masa CMS (CVE-2022-47002 and CVE-2021-42183)
Improvements
- Database optimizations
- Reporting improvements for the “Unknown Option Used In Referrer-Policy” vulnerability
- Improved the behavior of the 'Recent Scans' button group on the global dashboard when using the mobile view
Fixes
- Fixed a timeout bug in zero-configuration API discovery
- Fixed some wording inconsistencies and other minor improvements to the user interface
- Removal of sitemap data when a scan is canceled, failed, or aborted
- Resolved an issue in the General Settings page configuration
- Resolved an issue with user sessions not timing out in compliance with the specified configuration
- Fixed a false positive issue with Boolean Based MongoDB Injection detection
- Out-of-date version for Boolean Based MongoDB Injection is now reported correctly
- Vulnerability profiles that are set as hidden will now still be reported in the scan reports of scans completed prior to the vulnerability being hidden
- Fixed a bug in the editing of scan profiles with custom report policies
- Resolved an issue in the exporting of team member data with all attributes selected
- Resolved an issue with missing vulnerability profiles in custom report policies