Skip to main content

April

· 4 min read

NG Production Release Update - APIsec_cloud_7.4.1.0 ( April 06, 2026 )

This release focuses on improving usability, reliability, and collaboration across the platform. Key enhancements help teams keep API inventories automatically up to date, simplify sharing vulnerabilities via direct links, and reduce operational overhead with performance and stability improvements.

Several fixes also address real customer workflow challenges, including improving scan reliability for large APIs, ensuring reports generate consistently, strengthening handling of sensitive authentication data, improving RBAC usability, and ensuring reporting metrics remain accurate.

Together, these updates aim to make security testing more predictable, improve collaboration between security and engineering teams, and reduce the manual effort required to maintain accurate testing coverage.

Automatic API Specification Reload for Auto-Onboarded Applications

Keeping API inventories up to date can be difficult when APIs evolve frequently in gateways. Security teams often discovered that new endpoints were not being tested until someone manually reloaded the specification.

APIsec now automatically schedules API specifications weekly for applications onboarded through supported gateways. This helps ensure newly added endpoints are discovered, deprecated ones are removed, and scan coverage stays aligned with the actual API surface without requiring manual intervention.

Why this matters

  • Reduces manual maintenance for large API portfolios
  • Helps ensure new endpoints are not missed in security testing
  • Keeps scan coverage aligned with the latest gateway definitions

Supported integrations include AWS API Gateway, Azure APIM, MuleSoft, SwaggerHub, and Postman.

Enhancement – Direct Links to Individual Vulnerabilities

Security and development teams frequently need to share specific findings during triage discussions, remediation reviews, or audits. Previously, sharing a vulnerability required sending the application link and asking the recipient to manually locate the finding, which slowed collaboration.

APIsec now lets users link directly to individual vulnerabilities, making it easier to share exact findings with team members and stakeholders.

Why this matters

  • Quickly share specific vulnerabilities without extra navigation
  • Improves collaboration between security and engineering teams
  • Reduces time spent searching for individual findings during reviews

Issue Fixes and Improvements

  1. Improved Reliability of Parameter Hydration from Traffic Captures
    • Some parameters captured in Bolt traffic files weren't applied consistently, which could reduce scan depth for certain endpoints.
    • APIsec now ensures captured headers and parameters are applied correctly across endpoints, improving test coverage and reducing manual parameter configuration.
  2. Sensitive Authentication Fields Now Masked in Custom Authentication
    • Sensitive fields used in custom authentication workflows could previously appear in plain text during test authentication.
    • Sensitive inputs are now masked in the interface to prevent accidental exposure during onboarding, reviews, or screen sharing.
  3. Security Hub Metrics Now Respect BU and Team Filters Consistently
    • The Unique Endpoints tile in Security Hub didn't fully reflect the applied filters, which could cause confusion in reporting.
    • Metrics now consistently update based on selected Business Unit and Team filters, improving reporting accuracy.
  4. Faster Scan Execution with Updated Private Hosted Agent Image
    • Customers running scans through private hosted agents experienced slower execution times in some environments.
    • An updated hosted agent image (apisec/hostedagent:2026-04-03-67) improves scan execution performance and stability.
  5. Developer Report Generation Reliability Improvements
    • SSO users were unable to generate Developer Reports due to a workflow issue where the report never completed processing.
    • Report generation now completes reliably, allowing teams to access technical remediation reports when needed.
  6. Integration Status Now Reflects Credential Health Accurately
    • Issue tracker integrations and Notifications could appear healthy even after credentials have expired.
    • Connection status now correctly reflects credential validity, so teams can quickly identify integration issues.
  7. Improved Stability for Large-Scale Scans
    • In some cases, with very large APIs, scans can get stuck in progress and cannot be stopped manually.
    • Improvements now ensure:
      • Stuck scans are automatically marked as failed when appropriate
      • Users can abort scans when needed
    • Large API scans complete more reliably
  8. RBAC Map Performance Improvements
    • Projects with many roles experienced slow RBAC map loading times, making it difficult to review authorization coverage.
    • Performance improvements now allow RBAC maps to load more reliably, even for larger role configurations.