August 2025 Release Notes
The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.
Last updated: August 25, 2025
What’s New
Learn about new features across the Command Platform. These features were released over the past month and are available now:
- Attack surface: Surface Command, Exposure Command
- Risk: Cloud Security (InsightCloudSec), Exposure Command, Vulnerability Management (InsightVM)
- Improve Network Path Transparency with Enhanced Network Path Processor for AWS
- Detect Container Public Exposure with Full Orchestration Context
- Validate Exposures in Real Time with External Scanner Integration
- Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management
- Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings
- Threat: SIEM (InsightIDR), Managed Detection and Response, Managed Threat Complete
- Administration: All offerings
Attack surface
Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company’s security posture.
- Integrate with Surface Command Using the New Attack Surface API
- Filter Assets Using Source-Specific Properties for Targeted Coverage Analysis
Integrate with Surface Command Using the New Attack Surface API
In Surface Command and Exposure Command, the new Attack Surface Management (ASM) API supports customer and partner integrations, allowing you to programmatically access your attack surface data. With this API, developers can make Cypher-based queries across assets, identities, and related ASM data types directly from their own tools and platforms.
With this capability from Attack Surface Management (Surface Command), you can:
- Query attack surface data using arbitrary Cypher queries.
- Integrate Surface Command insights into your existing analytics, dashboards, or reporting systems.
Filter Assets Using Source-Specific Properties for Targeted Coverage Analysis
In Surface Command and Exposure Command, you can now build Asset and Identity filters using source-specific properties, like Microsoft Active Directory or Crowdstrike, without writing custom Cypher queries. This update simplifies how you scope asset views for reporting on control coverage gaps and environment-specific needs.
With this capability from Attack Surface Management (Surface Command) > Assets, Identities, you can:
- Create and save filters using third-party properties.
- Combine unified asset data with source-specific fields for precision filtering.
Risk
Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.
- Improve Network Path Transparency with Enhanced Network Path Processor for AWS
- Detect Container Public Exposure with Full Orchestration Context
- Validate Exposures in Real Time with External Scanner Integration
- Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management
- Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings
Improve Network Path Transparency with Enhanced Network Path Processor for AWS
In Cloud Security (InsightCloudSec) and Exposure Command, the enhanced network path processor for public exposure introduces comprehensive visibility into your AWS network topology. This capability extends analysis beyond surface-level exposure to include critical infrastructure components such as WAFs, firewalls, load balancers, and security groups.
With this capability from Cloud Security (InsightCloudSec) > Attack Paths, you can:
- Gain full-context analysis of exposure pathways from the internet to your cloud assets.
- Identify how layered controls (like WAFs or security groups) mitigate public exposure risks.
- Set a new standard for CNAPP visibility with actionable insights into the true security posture of public-facing services.
Detect Container Public Exposure with Full Orchestration Context
In Cloud Security (InsightCloudSec) and Exposure Command, the new container public exposure support enhances your ability to detect and assess intentionally exposed container services within cloud-based Kubernetes environments. This feature delivers native classification of exposed containers and maps potential attack paths with full orchestration context, including service meshes, ingress controllers, and node roles.
With this capability from Cloud Security (InsightCloudSec) > Attack Paths, you can:
- Identify public-facing container services and their role within the broader Kubernetes architecture.
- Trace exploitable paths that combine misconfigurations and vulnerabilities across infrastructure layers.
- Prioritize risk reduction in environments where traditional tools generate noise without clarity.
Validate Exposures in Real Time with External Scanner Integration
In Cloud Security (InsightCloudSec) and Exposure Command, the external scanner functionality delivers comprehensive security risk assessment by actively validating exposures and translating technical findings into business impact scenarios. When it detects issues like open database ports or misconfigured services, it automatically assesses potential consequences such as data exfiltration risk, mapping attack vectors, and determining what sensitive data could be compromised. This scanner-backed evidence with detailed risk context enables security teams to prioritize remediation based on genuine exploitability and real business impact rather than theoretical vulnerability scores.
With this capability from Cloud Security (InsightCloudSec) > Public Accessibility, you can:
- Enrich static detection data with dynamic scanner validation to confirm true exposures.
- View concrete evidence tied to exploitable conditions, reducing uncertainty and false positives.
- Accelerate prioritization and remediation by linking validated risks to specific assets and controls.
Streamline Reporting with Enhanced Bulk Export API for Vulnerability Management
In Vulnerability Management (InsightVM) and Exposure Command, the enhanced Bulk Export API enables Vulnerability Management (InsightVM) customers to programmatically retrieve complete asset and vulnerability data, including asset tags and groups, using a single, high-performance GraphQL API call. Designed for scale and automation, this update supports seamless integration with third-party BI tools.
With this capability from Vulnerability Management (InsightVM), you can:
- Export comprehensive asset and vulnerability data, enriched with asset tags and group context.
- Retrieve daily-refreshed data in Parquet format for fast processing in PowerBI, Snowflake, and other tools.
- Eliminate the need for manual export operations and reduce load on on-prem Vulnerability Management (InsightVM) consoles.
Accelerate Fixes with In-Product Remediation Steps for Vulnerability Findings
In Cloud Security (InsightCloudSec) and Exposure Command, prescriptive remediation steps are included directly within vulnerability findings, helping you fix issues faster without context switching. This update turns detection into direction by guiding remediation teams with clear, actionable steps for resolving each finding.
With this capability from Cloud Security (InsightCloudSec) > Vulnerabilities, you can:
- View step-by-step remediation guidance embedded in each vulnerability finding.
- Streamline collaboration between detection and remediation teams by reducing guesswork.
- Accelerate issue resolution with concise, prioritized instructions built into the remediation workflow.
Threat
A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.
- Clarify Alert Response with Dynamic Third-Party Alert Prioritization
- Expanded SOC-Monitored Coverage for Okta Identity and Palo Alto Cortex XDR
- Enhance Threat Coverage with Migrated Detection Rules
Clarify Alert Response with Dynamic Third-party Alert Prioritization
In Managed Detection and Response (MDR) and Managed Threat Complete, InsightIDR can now reflect the most current severity level of third-party alerts, eliminating ambiguity around alert response.
With this update from alerts, you can:
- Clearly identify alert ownership based on dynamic priority mapping.
- Eliminate confusion around response to an alert.
- Improve response times by reducing ambiguity and ensuring the right team is engaged.
Expanded SOC-Monitored Coverage for Okta Identity and Palo Alto Cortex XDR
In Managed Detection and Response (MDR) and Managed Threat Complete, Rapid7’s SOC can now monitor third-party telemetry from Okta Identity and Palo Alto Cortex XDR, delivering enhanced visibility and faster response across cloud and endpoint data sources. This update strengthens managed threat detection and response capabilities across our Managed Detection and Response and Managed Threat Complete services.
Each new event sources from Data Connectors > Data Collectors provides unique coverage capabilities:
- Okta Identity: Native ingestion of identity events with support for both first- and third-party detections. Gain high-confidence alerts and ensure consistent SOC-led response to identity-based threats.
- PAN Cortex XDR: Integrated telemetry and SOC-managed response accelerate mean time to respond (MTTR) and reduce attacker dwell time on the endpoint.
Enhance Threat Coverage with Migrated Detection Rules
In SIEM (InsightIDR), the SIEM (InsightIDR) Detection Library continues to expand, delivering faster and broader threat detection capabilities. This month, we’ve migrated 8 legacy rules and 5 third-party source rules as part of our ongoing effort to unify and strengthen your detection experience.
Migrated Legacy Rules from Intelligence > Detection Rules The following legacy rules are now available in the Detection Rule Library:
- New Local User Account Created
- Detection Evasion - Event Log Deletion
- Detection Evasion - Local Event Log Deletion
- Honeypot Access
- Multiple Organization Authentications
- Wireless Multiple Country Authentications
- Wireless Multiple Organization Authentications
The Multi-Country Authentication legacy rule now has two equivalent ABA detections:
- Suspicious Authentication - Multiple Country Authentication (Non-Wireless)
- Suspicious Authentication - Multiple Country Authentication (ActiveSync)
Migrated Third-Party Source Rules Detection rules have also been migrated for the following third-party sources:
- Carbon Black Response
- Cisco AMP
- Cylance Protect Cloud
- Darktrace
- Cybereason
Upcoming Rule Retirements The following legacy rules will be retired in 30 days:
- LDAP Admin Added
- Blacklisted Authentication
Administration
Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.
Accelerate Your Workflow with Unified Navigation (Feature Preview)
Quickly access key capabilities and discover new tools with an improved Command Platform navigation. Now available in Feature Preview, opt in to this experience to explore the new navigation at your own pace. With a streamlined workflow and familiar terminology, the new navigation reduces the number of clicks required to reach essential features, improving your ability to protect your security program efficiently.
With Unified Navigation, you can:
- Navigate effortlessly across your Rapid7 solutions using a consistent menu.
- Quickly surface critical data, tools, and insights to accelerate your daily tasks.
- Explore additional Command Platform capabilities as they become available, all from one place.
Meet Internal Standards with Automatic Allowlisting Settings
In Threat Intelligence (Intelligence Hub), you can now directly manage all indicator of compromise (IOC) decisions by optionally disabling the Threat Intelligence (Intelligence Hub) automated allowlisting process. This ensures analysts retain full authority over allowlist and blocklist actions, aligning disposition with organizational policy and reducing the risk of unintended traffic.
With this capability from Data Connectors > Threat Intelligence > Sources, you can:
- Disable automatic allowlisting of IOCs that match known domain names, root servers, and customer assets.
Improvements and Fixes
Keep track of improvements and fixes to core technology.
Application Security (InsightAppSec) and AppSpider
No updates released at this time.
Cloud Security (InsightCloudSec)
Release availability for self-hosted users
Self-hosted users are able to download the latest version usually 6 business days after SaaS users are upgraded from the following locations:
- Terraform deployments: Public S3 bucket . Modules can be updated with the
terraform get -update
command. - Amazon Elastic Container Repository (ECR) deployments - You can obtain the ECR build images for this version from the Cloud Security (InsightCloudSec) ECR Gallery
Version 25.8.12
Software release date: August 12, 2025 | Release notes published: August 11, 2025
Improved:
- Enabled capture of bot execution metrics.
- Expanded harvesting of Azure API Management services to include their subscriptions as a new child resource (
restapisubscription
), viewable in the Related Resources tab of the parent. This requires theMicrosoft.ApiManagement/service/subscriptions/read
permission. - Expanded the Azure database instance resource to show the virtual cluster ID for managed SQL clusters and
evergreen
as the engine version. This requires theMicrosoft.Sql/virtualClusters/read
permission. - Expanded the ELT Connection resource to include a
contains_secret
flag. - Extended support for Public Accessibility and Attack Path Analysis to AWS Gov and Azure Gov clouds.
- Added harvesting support for the Azure Managed Grafana resource.” This requires the
Microsoft.Dashboard/grafana/read
permission. - Platform information (for example, Windows, Linux) is now harvested for OCI instances.
- To enable more responsive resource counts, contact Sales or Support about enabling the
POST_HARVEST_COUNT_UPDATE
feature flag. - Public Accessibility assessments now support Load Balancer resources for:
- AWS & AWS Gov: Network-based assessment with Network Path Evidence.
- GCE & Azure: Harvester-based assessments using the load balancer scheme.
- Added support for the AWS Volume resource to the Resource Encrypted With Cloud Managed Key query filter.
- Tag management is now supported for AWS Network Firewall resources.
- Added support for an AWS Elasticache Replication Group Terraform IaC converter.
- Added support for an AWS Internet Gateway Terraform IaC converter.
- New Query Filters:
- Network With Default ACL Unrestricted (CIS AWS 5.0 Recommendation 3.1)
- Default Security List With Unrestricted Traffic (CIS AWS 5.0 Recommendation 3.1)
- Cloud Policy Allows Tenancy Administrators Group Access
- Rest API With Specified Subscription Scopes
- Azure Databricks Workspace Not Associated with NSG
- Storage Account With Shared Key Access Disabled
- Storage Account Using Insecure Kerberos Ticket Encryption
- Instance/Private Image Platform
- Storage Account Using Insecure SMB Protocol Versions
- Storage Account Using Insecure Channel Encryption
- Storage Account Using Insecure Authentication Methods
- Load Balancer Open to the Public (identifies publicly accessible AWS load balancers)
- Allow-Listed Load Balancer Open to the Public (identifies allow-listed publicly accessible AWS load balancers)
- Updated: The
Resource Is Exposed To Public
filter now includes internet-facing or external load balancers.
- New Insights:
- Private Network Default ACL Does Not Restrict All Traffic Except ICMP (CIS AWS 5.0 Recommendation 3.1)
- Service Policy Gives IAM-Administrators or Any Other Group Full Access to the Tenancy ‘Administrators’ Group
- Cache Instance Not Using Minimum TLS Version 1.2 or Higher
- Azure Databricks Workspace Not Associated with NSG
- Storage Account With Shared Key Access Disabled
- Storage Account Using Insecure Kerberos Ticket Encryption
- Load Balancer Open to the Public
- Allow-Listed Load Balancer Open to the Public
- Internet-Facing Load Balancer (GCE and Azure)
- Storage Account Without Highest Channel Encryption
- Storage Account Without Latest SMB Protocol Versions
- Updated Query Filters:
Instance/Private Image Platform
now supports OCI instances- Added support for Oracle to:
- Cloud Account Fails CIS Password Policy
- Cloud Account Without a Password Policy
- Updated Insights:
- Added Oracle support for the following:
- Cloud Account Password Policy Does Not Require Letters and Numbers
- Cloud Account Password Policy Does Not Require Lowercase
- Cloud Account Password Policy Does Not Require Numbers
- Cloud Account Password Policy Does Not Require Symbols
- Cloud Account Password Policy Does Not Require Uppercase
- Cloud Account Password Policy Length Too Short (PCI)
- Cloud Account Password Policy Missing
- New Compliance Packs:
- CIS GCP 4.0
- CIS AWS 5.0
- FedRAMP Low Baseline (improved mapping accuracy between insights and controls)
- Deprecated Compliance Packs:
- CIS AWS 3.0
- CIS Azure 2.0
- CIS GCP 2.0
- FedRAMP Low Controls
- Renamed the following Compliance Packs:
- CIS - Alibaba Cloud 1.0.0 > CIS Alibaba Cloud Foundation Benchmark 1.0.0
- CIS - AWS 5.0.0 > CIS Amazon Web Services Foundations Benchmark 5.0.0
- CIS - Azure 3.0 > CIS Microsoft Azure Foundations Benchmark 3.0
- CIS - Azure 4.0 > CIS Microsoft Azure Foundations Benchmark 4.0
- CIS - GCP 3.0 > CIS Google Cloud Platform Foundation Benchmark 3.0
- CIS - GCP 4.0 > CIS Google Cloud Platform Foundation Benchmark 4.0
- CIS - OCI 1.1.0 > CIS Oracle Cloud Infrastructure Foundations Benchmark 1.1.0
- CIS - OCI 1.2.0 CIS Oracle Cloud Infrastructure Foundations Benchmark 1.2.0
Fixed:
- Remediation steps for Windows packages are now correctly displayed in vulnerability details.
- Resolved an issue that occasionally prevented the Attack Paths page from loading properly.
- Fixed a discrepancy between the Risk and Public Access pages for certain resource types.
- Cloud storage export configurations now correctly create reports for all insights.
- Fixed a bug where the
TimeseriesDatabaseHarvester
would fail due to the deprecation of the Timeseries Database resource on AWS for new accounts. - The Slack Webhook lazy select for the “Send Slack Message” action in the modern Bot Factory UI now works as expected.
- The
Instance with Public IP Attached
query filter no longer produces false negatives. - The
Storage Container Bucket Key Enabled/Disabled
query filter now functions correctly. - The
Backup Vault Allows Access From World
query filter now accurately evaluates policies for Backup Vaults. - Removed generic exception handling to ensure Redis connectivity issues are accurately detected.
- Fixed an issue where using the Legacy pricing tier for GCP’s Security Command Center service would result in the ThreatFindingHarvester becoming non-operational for that account. The harvester now supports use by accounts on all pricing tiers for Security Command Center.
Version 25.8.19
Software release date: August 19, 2025 | Release notes published: August 18, 2025
Improved:
- Added support for FIPS endpoints with selective fallback to standard endpoints for enhanced compliance and reliability.
- The Host Assessment Processor’s next scan is now preserved across ICS restarts, ensuring uninterrupted scanning schedules.
- Users can now provide a custom Resource Group Name when configuring Automation Azure LPA Deployments, offering greater flexibility in resource management.
- Added Actions to Managed Grafana Harvester for improved automation and management capabilities.
- Added proof data support for additional package types, expanding coverage for vulnerability validation.
- Enhanced Azure Network Address Group resource management—users can now add and delete tags directly through ICS for streamlined tag operations.
- Added support for the Azure Network Address Group resource in ICS.
- Added Query Filter: Cloud User with Database Credentials Not Rotated in 90 Days (CIS OCI 2.0 Recommendation 1.11) — identifies OCI users whose database credentials have not been rotated within the last 90 days, supporting compliance with CIS OCI 2.0 Benchmark Recommendation 1.11.
- Added Insight: Cloud User with Database Credentials Not Rotated in 90 Days (CIS OCI 2.0 Recommendation 1.11) — identifies OCI users at risk due to outdated database credentials.
Fixed:
- Resolved an issue where calls to retrieve information for GCP Threat Findings were timing out, improving reliability for GCP users.
- Fixed a failure in DomainUserHarvester for cloud accounts that own the harvesting service account, ensuring consistent harvesting operations.
- Addressed an issue where the SecurityPostureHarvester could fail for Azure Gov accounts, improving support for government cloud environments.
- Fixed an issue where remote plugins would unnecessarily reload due to ignored timestamp metadata in checksum calculations. Plugins now reload only when updated, reducing unnecessary operations.
Version 25.8.26
Software release date: August 26, 2025 | Release notes published: August 25, 2025
Improved:
- Updated Query Filters:
- Instance With Monitoring Agent to include Azure Monitor Agents.
- Instance Or Autoscaling Group Without Monitoring Agent to take Azure Monitor Agents into consideration.
- Instance Does Not Have Endpoint Protection Installed to recognize instances with Azure Monitor Agents installed.
- Resource Not Exporting To Log Analytics Workspace to recognize instances reporting via Data Collection Rules.
- Resource Encrypted With Cloud Managed Key to recognize Snapshot resources in OCI.
- Added support for a list of tracking_methods to Instance With Qualys Agent Configured and Instance Without Qualys Agent Configured.
- Added tag support for AWS Outposts including: harvesting tags, adding/deleting tags through ICS UI, support for existing tag bot actions, and support for existing tagging QFs.
- Added support for Azure Data Collection Rules resources.
- Azure Event Driven Harvesting (EDH) and Azure Least-Privileged Access (LPA) are now supported via automatic deployment in: Azure China and Azure Government clouds.
- New Insights:
- Cloud Account Missing Event Rule And Notification For Cloud Guard Changes (Oracle)
- Cloud Account Missing Event Rule And Notification For Identity Sign-On Changes (Oracle)
- Workspace Without Volume Encryption (AWS) – identifies AWS Workspaces lacking volume encryption for root and user volumes.
- Compliance Packs:
- Added new CIS Controls v8.1.2 Compliance Pack.
- Added new CIS Oracle Cloud Infrastructure Foundations Benchmark 3.0.0 Compliance Pack.
- Added deprecation notices in Misconfigurations, Insight, and Compliance Pack dropdowns.
- UI and UX Enhancements:
- Bot Factory new UI is now the default experience (toggle available to revert to old UI).
- Access Explorer new UI introduced in Phase 1 (new UI visible, default remains old experience).
- User Management Auth Server now in Phase 2 (new UI is default, revert option available).
- Added Source Document support for
listCloudAgents
in Qualys integration. - Implemented support for CIS OCI Recommendation 4.15 & 4.18.
- Added support for OCI Event Rule resource with
OciEventRuleHarvester
. - Removed
alerting_policies
from Cloud Properties for OCI (logic moved to a new resource). - For
Cloud Account Oracle CIS Alerting Policy Missing
, added support for new checks:- Cloud Guard Changes (CIS 3.15)
- Identity Sign-On Changes
- Added support for OCI Event Rule resource with
Fixed:
- Resolved a validation issue in Bot Factory affecting bots created from an Insight using a numerical query filter.
- Fixed an issue that caused failures when editing an EDH producer.
- Corrected a problem where omitting
destination_resource_id
in a compliance scorecard cloud export update request would unintentionally disable the export. - Fixed an issue where Bot Action reason wasn’t being used in endpoint.
Attention: We will not have release for 2 weeks. Next release will be on September 9, 2025.
SIEM (InsightIDR)
No updates released at this time.
Vulnerability Management (InsightVM)
Version 8.19.0
Software release period: Aug 20, 2025 - Sep 01, 2025 | Release notes published: Aug 22, 2025
Improved:
- Spring Boot Framework Upgrade: This release includes a major upgrade to the Security Console’s underlying Spring Boot Framework and will be rolled out to all customers by the end of the designated period.
- With this upgrade you will benefit from:
- Improved security posture with updated framework components
- Better overall performance and stability
- With this upgrade you will benefit from:
During this release window, no other product feature updates will be released.
Version 8.18.0
Software release date: Aug 18, 2025 | Release notes published: Aug 14, 2025
Improved:
- Upgraded Nmap to Version 7.95: We’ve upgraded the bundled version of Nmap from 7.92 to 7.95. This update incorporates the latest performance and stability enhancements from the Nmap project, providing a more resilient scanning foundation. See recommended actions and further information for the nmap upgrade . You can also read our article on the Rapid7 Blog .
- Enhanced SNMP Fingerprinting Reliability: Improvements to SNMPv1 and SNMPv2 fingerprinting have been made to increase accuracy and consistency during unauthenticated scans, complementing Nmap’s improved UDP scanning.
Fixed:
- Fixed an issue where scans could intermittently hang while analyzing the contents of WAR files improving scan stability during these assessments.
- Resolved an issue that prevented user roles from being updated via the public API.
- Corrected an issue with the v3 API Asset Services endpoint, where requests for assets with network interface cards (NICs) returned a 404 error. The endpoint now responds successfully with the appropriate content.
- Addressed inconsistencies in the “first found” dates for some vulnerabilities in SQL Query Export reports to ensure accurate historical reporting.
- Fixed a session handling issue that disrupted redirection to the login screen upon session expiry, restoring expected user experience.
Version 8.17.0
Software release date: Aug 7, 2025 | Release notes published: Aug 4, 2025
Improved:
- Credential restrictions have been enhanced to support multiple entries. You can now define a list of IP addresses, or IP ranges for site and shared credentials, allowing more flexibility and control over where credentials are applied during authenticated scans.
- Enabled support for Vulnerability Management (InsightVM) customers to enable the re-designed navigation experience in the Rapid7 Command Platform, designed to help security teams move faster, stay focused, and work with less friction.
- Added new policy content for Postgres 15 and Postgres 16 CIS benchmarks, expanding secure configuration coverage for PostgreSQL environments.
Fixed:
- Addressed an issue affecting scheduled Product and Content Auto-Updates to improve reliability and efficiency of the automated update process.
Nexpose
Version 8.19.0
Software release period: Aug 20, 2025 - Sep 01, 2025 | Release notes published: Aug 22, 2025
Improved:
- Spring Boot Framework Upgrade: This release includes a major upgrade to the Security Console’s underlying Spring Boot Framework and will be rolled out to all customers by the end of the designated period.
- With this upgrade you will benefit from:
- Improved security posture with updated framework components
- Better overall performance and stability
- With this upgrade you will benefit from:
During this release window, no other product feature updates will be released.
Version 8.18.0
Software release date: Aug 18, 2025 | Release notes published: Aug 14, 2025
Improved:
- Upgraded Nmap to Version 7.95: We’ve upgraded the bundled version of Nmap from 7.92 to 7.95. This update incorporates the latest performance and stability enhancements from the Nmap project, providing a more resilient scanning foundation. See recommended actions and further information for the nmap upgrade . You can also read our article on the Rapid7 Blog .
- Enhanced SNMP Fingerprinting Reliability: Improvements to SNMPv1 and SNMPv2 fingerprinting have been made to increase accuracy and consistency during unauthenticated scans, complementing Nmap’s improved UDP scanning.
Fixed:
- Fixed an issue where scans could intermittently hang while analyzing the contents of WAR files improving scan stability during these assessments.
- Resolved an issue that prevented user roles from being updated via the public API.
- Corrected an issue with the v3 API Asset Services endpoint, where requests for assets with network interface cards (NICs) returned a 404 error. The endpoint now responds successfully with the appropriate content.
- Addressed inconsistencies in the “first found” dates for some vulnerabilities in SQL Query Export reports to ensure accurate historical reporting.
- Fixed a session handling issue that disrupted redirection to the login screen upon session expiry, restoring expected user experience.
Version 8.17.0
Software release date: Aug 7, 2025 | Release notes published: Aug 4, 2025
Improved:
- Credential restrictions have been enhanced to support multiple entries. You can now define a list of IP addresses, or IP ranges for site and shared credentials, allowing more flexibility and control over where credentials are applied during authenticated scans.
- Added new policy content for Postgres 15 and Postgres 16 CIS benchmarks, expanding secure configuration coverage for PostgreSQL environments.
Fixed:
- Addressed an issue affecting scheduled Product and Content Auto-Updates to improve reliability and efficiency of the automated update process.
Digital Risk Protection (Threat Command)
No updates released at this time.