Acunetix v24.2.240227118 發佈消息 | 新永資訊有限公司

軟體更新資訊

Acunetix v24.2.240227118 發佈消息

更新消息
 
  • Acunetix v24.2.240227118 - 28  Feb 2024

    Fixes

    • Invitation emails are being sent correctly
    • Discovered assets can be correctly assigned to target groups
  • Acunetix v24.2.240226074 - 26  Feb 2024

    New Features

    • Added the ability to use Aria Roles to provide better coverage
    • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
    • .NET IAST now supports .NET 8 (currently in Open Beta)

    New Security Checks

    Improvements

    • Updated Chromium to 121.0.6167.139/140
    • Improved detection of DOM-based Cross Site Scripting (XSS)
    • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
    • Improved detection of Client Side Prototype Pollution (CSPP)
    • IAST scans will start reporting the IAST sensor version used for the scan
    • New column “Result” is shown in the list of scans to provide more details about scan outcome
    • Enhanced support for OTP apps by displaying the activation code next to the QR code
    • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
    • Added the ability to scan web applications which require browsing in a single browser tab
    • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
    • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

    Fixes

    • Fixed a bug caused by the engine not respecting Cache-Control directive
    • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
    • Fixed several minor user experience issues across the application
  • Acunetix v24.1.240131143 - 01  Feb 2024

    New Features

    • The Java IAST sensor now supports Java 21

    New Security Checks

    Fixes

    • Fixed a bug in the processing of technologies
  • Acunetix v24.1.240111130 - 11  Jan 2024

    New Features

    • The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
    • Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

    New Security Checks

    • Improved Elmah security check to check for variants of Elmah
    • OpenCms Chemistry Solr XML External Entity (XXE) (CVE-2023-42346)
    • OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
    • TorchServe Management API SSRF (CVE-2023-43654)
    • Updated vulnerabilities for WordPress Core and WordPress plugins
    • Ofbiz PreAuth RCE (CVE-2023-49070)
    • F5 BIG-IP Request Smuggling (CVE-2023-46747)
    • Sitecore XP TemplateParser RCE (CVE-2023-35813)
    • Added a check for SSRF/LFI via PDF generation
    • Added a check for file inclusion/path traversal when the response is shown inside a PDF

    Improvements

    • Updated .NET (core) IAST sensor to hook new functions
    • The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
    • Increased the size limit to 10kB for supported Client Certificates for authenticated scans
    • Updated to Chromium 119.0.6045.199/200
    • Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
    • Improved crawling of Single Page Applications (SPA) that are using React
    • Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
    • Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
    • New User Profile design
    • A refreshed UI with a new navigational experience

    Fixes

    • Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
    • Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
    • Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
    • Fixed a number of scanner crashes
  • Acunetix v23.11.231130164 - 4  Dec 2023
           Fixes
    • Fixed a bug in SSO workflow.
  • Acunetix v23.11.0 - 23 Nov 2023

    New Features

    • Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
    • For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
    • You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
    • We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
    • For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

    New Security Checks

    Improvements

    • Email notifications now have the option to include a direct link for downloading PDF report. Previously it was necessary to log in to Acunetix to download PDF report.
    • Updated the Chromium Build to 119.0.6045.123/.124
    • Enhanced IAST .NET sensor detection capabilities
    • IImproved location detection when using LSR
    • Improved scanner stability for select environments
    • Improvements to handling OpenAPI specifications
    • Multiple improvements to the SQL Injection vulnerability checks

    Fixes

    • Fixed an issue that was causing Amazon WAF exports to fail

      PDF reports now display information that was previously being cut off
  • Acunetix v15.6.230505122 - 09 May 2023

    New Security Checks

    • Added SAML-related security checks.
    • New security checks for Adobe ColdFusion affected by Deserialization RCE vulnerability. CVE-2023-26359/CVE-2023-26360
    • New security checks for GraphQL.
    • New checks for Joomla vulnerabilities.

    Improvements

    • Updated the embedded Chromium browser to v109.0.5414.141 for Windows and 112.0.5615.165 for Linux.
    • Improved the Business Logic Recorder to work with autocomplete fields.
    • Updated .NET IAST AcuSensor to avoid reporting false positives for default server misconfiguration.
    • Improved .NET IAST AcuSensor for reporting vulnerable packages.
    • Added support for file upload to the Login Sequence Recorder and Business Logic Recorder.
    • Improved response handling.
    • Various DeepScan Improvements.
    • Improved the coverage of development file exposure check.
    • Updated the Software Composition Analysis (SCA) database.
    • Updated the WordPress plugin vulnerabilities.

    Fixes

    • Various fixes in the scanner to lower memory usage.