Acunetix v25.5.1 發布消息-版本更新公告 | 新永資訊有限公司

  1. 首頁
  2. 軟體更新資訊
  3. Acunetix v25.5.1 發布消息-版本更新公告

軟體更新資訊

Acunetix v25.5.1 發布消息-版本更新公告

更新消息
 
  • Acunetix v25.5.1 - 27 June 2025

    New Security Checks

    • Added a new check to detect Grafana Open Redirect (CVE-2025-4123)

    Improvements

    • Updated Secret Token detection to increase coverage
    • Updated detection of DB connection in JSON fields
    • Updated DeepScan for more prop extraction
    • Added a new check to detect Prototype Pollution (Server-Side)
    • Updated dompurify to detect more vulnerabilities
    • Updated iframe injection detection on dom-based vulnerabilities
    • Updated XPath injection for better coverage
  • Acunetix v25.5.0 - 17 June 2025

    New Features

    • Added support for JAVA IAST Sensor running on WebLogic (Read more)

    New security checks

    • Added JWT auth bypass for API
    • Added SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
    • Added detection for Craft CMS Remote Code Execution (CVE-2025-32432)
    • Added check for missing X-Content-Type-Options header
    • Detection for Craft CMS Remote Code Execution vulnerability (CVE-2025-32432)

    Improvements

    • Added regex to enhance detection of Stack Trace Disclosure in Django apps
    • Improved detection of JWTs signed with weak secrets
    • Added new security check for exposed nginx.conf and .htaccess files to enhance vulnerability detection
    • LDAP Injection detection added
    • Added detection for PII (Personally Identifiable Information) disclosure vulnerabilities
    • New detection for database connection strings in JSON responses to improve sensitive data exposure coverage
    • Scanner updated to support scanning targets with NTLM Authentication from Linux

    Resolved issues

    • Fixed false positive for Cleo Harmony/VLTrader/LexiCom RCE detection
    • Corrected version comparison logic in “Scripts\WebApps\drupal_3.script”
  • Acunetix v25.1.1 - 07 Feb 2025

    Resolved issues

    • Fixed a false positive causing EspoCRM tech to be reported unexpectedly
    • Acunetix v24.12.0 - 16 Dec 2024

      New Security Checks

      • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
      • Added Sitecore AFR (CVE-2024-46938)
      • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
      • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

      Improvements

      • The engine now uses Chromium 131 for scanning
      • The engine now leverages headers from all import files, incl. Postman collections
      • The engine now supports using host and path from Postman collections
      • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

      Fixes

      • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
      • Fixed an issue where GraphQL imports could fail in certain edge cases
    • Acunetix v25.1.0 - 04 Feb 2025

      New Security Checks

      • Added a check for Craft CMS Development Mode enabled.
      • Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145).
      • Added a check for Apple’s App-Site Association (AASA) file.
      • Added new checks for API9:2023 Improper Inventory Management.
      • Added new checks for API10:2023 Unsafe Consumption of APIs.
      • Added new checks for API2:2023 Broken Authentication.

      New Features

      • Added support for scanning web applications using Smart Card Authentication. Learn more.

      Improvements

      • Improved detection of Microsoft SQL Server as a technology.
      • Improved detection of XSS.
      • Updated the severity of some vulnerabilities to better reflect their impact.
      • Improved detection of weak passwords.
      • Improved detection of SQL Injection.
      • Updated scanner to never downgrade from HTTPs to HTTP.

      Resolved issues

      • Improvement to launching Chromium on Windows 10 build 14393.
    • Acunetix v24.12.0 - 16 Dec 2024

      New Security Checks

      • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
      • Added Sitecore AFR (CVE-2024-46938)
      • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
      • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

      Improvements

      • The engine now uses Chromium 131 for scanning
      • The engine now leverages headers from all import files, incl. Postman collections
      • The engine now supports using host and path from Postman collections
      • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

      Fixes

      • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
      • Fixed an issue where GraphQL imports could fail in certain edge cases
    • Acunetix v24.10.241106172 - 07 Nov 2024

      Improvements

      • Improved detection of Microsoft SQL Server as a technology
      • Improved detection of XSS
      • Updated the severity of some vulnerabilities to better reflect their impact
      • Improved detection of weak passwords
      • Improved detection of Blind XSS
    • Acunetix v24.9.241015145 - 17 Oct 2024

      New Security Checks

      • Added check for CVE-2024-6842

      Improvements

      • Upgraded to OpenSSL
      • Updates to technologies and fingerprints
    • Acunetix v24.9.240918130 - 19  Sep 2024

      This release build is currently only available for Acunetix On-Premises

       

      New Security Check

      Improvements

      • Updated Chromium to v128.0.3316.119/.120
      • The scanner now supports GraphQL when described in introspection JSON
      • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

      • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer con

      Fixes

      • Fixed a false positive in the Solr Injection check
      • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page
      • Runtime SCA PDF reports are now being generated correctly
      • The scan end timestamp is now loading properly on the new Scan Details page
    • Acunetix v24.8.240903137 - 04  Sep  2024

      Fixes

      • Fixes on the HTTP/2 Handler
    • Acunetix v24.7.1 - 24  Jul  2024

      NEW SECURITY CHECKS

      • Added detection for Mura Masa SQLi (CVE-2024-32640)

      Fixes

      • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)
    • Acunetix v24.7.0 - 16  Jul 2024

      New Features

      • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

      New Security Checks

      Improvements

      • Scanner: Improved processing of large files
      • Added support for HTTP/2 requests in Burp state import files
      • .NET IAST Sensor: Added support for Engine.Razor functions
      • Improved XFS checks
      • Improvements to the new Scan Detail page (Early Access)

      Fixes

      • Minor UI/UX fixes across the application
    • Acunetix v24.6.1 - 02  Jul  2024

      SECURITY CHECKS

      Fixes

      • Fixed an issue with the Discovery service in On-Premises environments
    • Acunetix v24.5.240529155 - 30  May 2024

      New Features

      • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

      New Security Checks

      Improvements

      • Fixed the password reset tool for Windows for Acunetix On-Premises
      • .NET Core IAST Sensor: Removed dependency on NLog
      • Various improvements in Deepscan, lessening the time to process pages / SPAs
      • Deepscan updated to not interact with Google Maps
      • Updated detection for monitoring systems
      • Updated detection of web installers

      Fixes

      • Correct warning is now displayed when attempting to add more than permitted target variations

        Addressed several usability and design issues across application settings
      • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
      • Design updates for User settings in Acunetix Online
      • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
      • For users in a User Group, target group assignment is properly applied under all scenarios
      • Fixed a user permission issue when using custom roles
      • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
      • Fixed the OOM (out of memory) problem when processing large PDF files
    • Acunetix v24.3.2 - 15  April 2024
      Improvements
      • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
    • Acunetix v24.4.240427095 - 30  April 2024

      New Features

      • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

      New Security Checks

      Improvements

      • Fixed the password reset tool for Windows for Acunetix On-Premises
      • .NET Core IAST Sensor: Removed dependency on NLog
      • Various improvements in Deepscan, lessening the time to process pages / SPAs
      • Deepscan updated to not interact with Google Maps
      • Updated detection for monitoring systems
      • Updated detection of web installers

      Fixes

      • Correct warning is now displayed when attempting to add more than permitted target variations

        Addressed several usability and design issues across application settings
      • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
      • Design updates for User settings in Acunetix Online
      • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
      • For users in a User Group, target group assignment is properly applied under all scenarios
      • Fixed a user permission issue when using custom roles
      • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
      • Fixed the OOM (out of memory) problem when processing large PDF files
    • Acunetix v24.3.2 - 15  April 2024
      Improvements
      • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
    • Acunetix v24.3.0 - 25  March 2024

      New Features

      • Smart API Scanning capabilities for Swagger 2
      • Smart API Scanning capabilities for OpenAPI 3

      New Security Checks

      Improvements

      • Improved Crawling of websites using IFrames
      • .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
      • Improved detection of DOM XSS in Referrer Header
      • Improved detection of DOM XSS in document.cookie

      Fixes

      • Fixed a situation when a new target couldn’t be created via API

        Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
      • Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability
    • Acunetix v24.2.240227118 - 28  Feb 2024

      Fixes

      • Invitation emails are being sent correctly
      • Discovered assets can be correctly assigned to target groups
    • Acunetix v24.2.240226074 - 26  Feb 2024

      New Features

      • Added the ability to use Aria Roles to provide better coverage
      • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
      • .NET IAST now supports .NET 8 (currently in Open Beta)

      New Security Checks

      Improvements

      • Updated Chromium to 121.0.6167.139/140
      • Improved detection of DOM-based Cross Site Scripting (XSS)
      • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
      • Improved detection of Client Side Prototype Pollution (CSPP)
      • IAST scans will start reporting the IAST sensor version used for the scan
      • New column “Result” is shown in the list of scans to provide more details about scan outcome
      • Enhanced support for OTP apps by displaying the activation code next to the QR code
      • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
      • Added the ability to scan web applications which require browsing in a single browser tab
      • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
      • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

      Fixes

      • Fixed a bug caused by the engine not respecting Cache-Control directive
      • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
      • Fixed several minor user experience issues across the application
    • Acunetix v24.1.240131143 - 01  Feb 2024

      New Features

      • The Java IAST sensor now supports Java 21

      New Security Checks

      Fixes

      • Fixed a bug in the processing of technologies
    • Acunetix v24.1.240111130 - 11  Jan 2024

      New Features

      • The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
      • Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

      New Security Checks

      • Improved Elmah security check to check for variants of Elmah
      • OpenCms Chemistry Solr XML External Entity (XXE) (CVE-2023-42346)
      • OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
      • TorchServe Management API SSRF (CVE-2023-43654)
      • Updated vulnerabilities for WordPress Core and WordPress plugins
      • Ofbiz PreAuth RCE (CVE-2023-49070)
      • F5 BIG-IP Request Smuggling (CVE-2023-46747)
      • Sitecore XP TemplateParser RCE (CVE-2023-35813)
      • Added a check for SSRF/LFI via PDF generation
      • Added a check for file inclusion/path traversal when the response is shown inside a PDF

      Improvements

      • Updated .NET (core) IAST sensor to hook new functions
      • The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
      • Increased the size limit to 10kB for supported Client Certificates for authenticated scans
      • Updated to Chromium 119.0.6045.199/200
      • Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
      • Improved crawling of Single Page Applications (SPA) that are using React
      • Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
      • Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
      • New User Profile design
      • A refreshed UI with a new navigational experience

      Fixes

      • Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
      • Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
      • Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
      • Fixed a number of scanner crashes
    • Acunetix v23.11.231130164 - 4  Dec 2023
             Fixes
      • Fixed a bug in SSO workflow.
    • Acunetix v23.11.0 - 23 Nov 2023

      New Features

      • Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
      • For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
      • You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
      • We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
      • For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

      New Security Checks

      Improvements

      • Email notifications now have the option to include a direct link for downloading PDF report. Previously it was necessary to log in to Acunetix to download PDF report.
      • Updated the Chromium Build to 119.0.6045.123/.124
      • Enhanced IAST .NET sensor detection capabilities
      • IImproved location detection when using LSR
      • Improved scanner stability for select environments
      • Improvements to handling OpenAPI specifications
      • Multiple improvements to the SQL Injection vulnerability checks

      Fixes

      • Fixed an issue that was causing Amazon WAF exports to fail

        PDF reports now display information that was previously being cut off
    • Acunetix v15.6.230505122 - 09 May 2023

      New Security Checks

      • Added SAML-related security checks.
      • New security checks for Adobe ColdFusion affected by Deserialization RCE vulnerability. CVE-2023-26359/CVE-2023-26360
      • New security checks for GraphQL.
      • New checks for Joomla vulnerabilities.

      Improvements

      • Updated the embedded Chromium browser to v109.0.5414.141 for Windows and 112.0.5615.165 for Linux.
      • Improved the Business Logic Recorder to work with autocomplete fields.
      • Updated .NET IAST AcuSensor to avoid reporting false positives for default server misconfiguration.
      • Improved .NET IAST AcuSensor for reporting vulnerable packages.
      • Added support for file upload to the Login Sequence Recorder and Business Logic Recorder.
      • Improved response handling.
      • Various DeepScan Improvements.
      • Improved the coverage of development file exposure check.
      • Updated the Software Composition Analysis (SCA) database.
      • Updated the WordPress plugin vulnerabilities.

      Fixes

      • Various fixes in the scanner to lower memory usage.