Release/

March 2025

Features
Highlights

New Issue Status: "Fix Not Available"

Aptori now supports a new issue status called "Fix Not Available". This status is designed for scenarios where a vulnerability or issue has been confirmed, but no viable fix currently exists—such as third-party dependency limitations or architectural constraints.

Release Notes

2025.3.5

New Features

  • "Fix Not Available" Status for Issues
    A new status, "Fix Not Available," is now available for issues.
    • Recommended when no resolution currently exists.
    • Marking an issue with this status keeps it open for continued visibility.

Enhancements

  • Updated Behavior for "False Positive" Issues
    Issues marked as False Positive and closed can now be reclassified.
    • Assigning the issue to a user will reopen it for further review.
  • Configurable Token for Interactsh Server
    Admins can now configure a Token for the Interactsh server via Tool Settings in the Admin panel.
  • Sift: CmdInjection Analyzer Enhancement
    The CmdInjection analyzer now supports an allStringFields parameter.
    • When set to true, attacks are injected in all string fields of the request body schema.
    • Default behavior (false) targets only string parameters like OpenAPI path and query parameters for performance.

Bug Fixes

  • Org Owner Group Management Fix
    Org Owners can now add or remove members from any group, even if they’re not a member of that group themselves.
  • Sift: Injection Analyzer Fixes
    SQL, NoSQL, Command, and Server-Side Template analyzers now attempt attacks even when the baseline request returns a 5xx service exception, ensuring consistent analysis across edge cases.

2025.3.3

New Features

  • Authentication Status Display
    The top-level UI now clearly indicates whether authentication is configured, improving visibility into system setup.
  • Configurable External Interactsh Server
    A global setting has been added to configure an external Interactsh server, which is required for utilizing the SSRF analyzer.
  • Run Errors
    If a scan encounters an error, the error message is now displayed on the dashboard, enhancing visibility and troubleshooting.
  • License Manager
    Introduced a new License Manager to manage feature access and provide better control over licensed functionalities.

Enhancements

  • Pending Invites List
    The full list of pending user invitations is now visible to administrators, ensuring a comprehensive view of all outstanding invites.

2025.3.1

Bug Fixes

  • Sift SSRF and DNS Reporting Fixes
    Fixed issues in Sift related to SSRF deadlocks and improved reporting of findings from DNS interactions, ensuring accurate and reliable results during scans.

Aptori
Aptori is the AI for the good guys—enabling security teams to reduce risk, accelerate secure releases, and ensure continuous compliance.

Aptori is the leader in autonomous application security, delivering the first deterministic AI to detect and remediate business logic vulnerabilities with precision.

The Aptori AI Security Engineer proactively identifies, prioritizes, and fixes vulnerabilities across code, APIs, applications, and cloud environments. By eliminating security backlogs and freeing engineering capacity, Aptori empowers teams to innovate faster and ship secure software at scale.
PLATFORM
Why AptoriProduct Updates
          
RESOURCES
InsightsGuidesGlossaryWhite PapersDocumentation
SOLUTIONS
AI-Driven AppSecAI Security EngineerAI Code FixApplication Security TestingAPI Security TestingAPI Risk AssessmentPrevent BOLA AttacksPCI DSS 4.0 Compliance
NEWSLETTER
Get monthly news and insights in your inbox