Release/

March 2025

Features
Highlights

New Issue Status: "Fix Not Available"

Aptori now supports a new issue status called "Fix Not Available". This status is designed for scenarios where a vulnerability or issue has been confirmed, but no viable fix currently exists—such as third-party dependency limitations or architectural constraints.

Release Notes

2025.3.5

New Features

  • "Fix Not Available" Status for Issues
    A new status, "Fix Not Available," is now available for issues.
    • Recommended when no resolution currently exists.
    • Marking an issue with this status keeps it open for continued visibility.

Enhancements

  • Updated Behavior for "False Positive" Issues
    Issues marked as False Positive and closed can now be reclassified.
    • Assigning the issue to a user will reopen it for further review.
  • Configurable Token for Interactsh Server
    Admins can now configure a Token for the Interactsh server via Tool Settings in the Admin panel.
  • Sift: CmdInjection Analyzer Enhancement
    The CmdInjection analyzer now supports an allStringFields parameter.
    • When set to true, attacks are injected in all string fields of the request body schema.
    • Default behavior (false) targets only string parameters like OpenAPI path and query parameters for performance.

Bug Fixes

  • Org Owner Group Management Fix
    Org Owners can now add or remove members from any group, even if they’re not a member of that group themselves.
  • Sift: Injection Analyzer Fixes
    SQL, NoSQL, Command, and Server-Side Template analyzers now attempt attacks even when the baseline request returns a 5xx service exception, ensuring consistent analysis across edge cases.

2025.3.3

New Features

  • Authentication Status Display
    The top-level UI now clearly indicates whether authentication is configured, improving visibility into system setup.
  • Configurable External Interactsh Server
    A global setting has been added to configure an external Interactsh server, which is required for utilizing the SSRF analyzer.
  • Run Errors
    If a scan encounters an error, the error message is now displayed on the dashboard, enhancing visibility and troubleshooting.
  • License Manager
    Introduced a new License Manager to manage feature access and provide better control over licensed functionalities.

Enhancements

  • Pending Invites List
    The full list of pending user invitations is now visible to administrators, ensuring a comprehensive view of all outstanding invites.

2025.3.1

Bug Fixes

  • Sift SSRF and DNS Reporting Fixes
    Fixed issues in Sift related to SSRF deadlocks and improved reporting of findings from DNS interactions, ensuring accurate and reliable results during scans.