Highlights
New Issue Status: "Fix Not Available"
Aptori now supports a new issue status called "Fix Not Available". This status is designed for scenarios where a vulnerability or issue has been confirmed, but no viable fix currently exists—such as third-party dependency limitations or architectural constraints.
Release Notes
2025.3.5
New Features
- "Fix Not Available" Status for Issues
A new status, "Fix Not Available," is now available for issues.- Recommended when no resolution currently exists.
- Marking an issue with this status keeps it open for continued visibility.
Enhancements
- Updated Behavior for "False Positive" Issues
Issues marked as False Positive and closed can now be reclassified.- Assigning the issue to a user will reopen it for further review.
- Configurable Token for Interactsh Server
Admins can now configure a Token for the Interactsh server via Tool Settings in the Admin panel. - Sift: CmdInjection Analyzer Enhancement
The CmdInjection analyzer now supports anallStringFields
parameter.- When set to
true
, attacks are injected in all string fields of the request body schema. - Default behavior (
false
) targets only string parameters like OpenAPI path and query parameters for performance.
- When set to
Bug Fixes
- Org Owner Group Management Fix
Org Owners can now add or remove members from any group, even if they’re not a member of that group themselves. - Sift: Injection Analyzer Fixes
SQL, NoSQL, Command, and Server-Side Template analyzers now attempt attacks even when the baseline request returns a 5xx service exception, ensuring consistent analysis across edge cases.
2025.3.3
New Features
- Authentication Status Display
The top-level UI now clearly indicates whether authentication is configured, improving visibility into system setup. - Configurable External Interactsh Server
A global setting has been added to configure an external Interactsh server, which is required for utilizing the SSRF analyzer. - Run Errors
If a scan encounters an error, the error message is now displayed on the dashboard, enhancing visibility and troubleshooting. - License Manager
Introduced a new License Manager to manage feature access and provide better control over licensed functionalities.
Enhancements
- Pending Invites List
The full list of pending user invitations is now visible to administrators, ensuring a comprehensive view of all outstanding invites.
2025.3.1
Bug Fixes
- Sift SSRF and DNS Reporting Fixes
Fixed issues in Sift related to SSRF deadlocks and improved reporting of findings from DNS interactions, ensuring accurate and reliable results during scans.