June 2025 Release Notes

This article was last updated on June 13, 2025.

Infrastructure Updates

Infrastructure Updates are posted each Monday, and include a roundup of infrastructure improvements and fixes across the Rapid7 products and offerings:

InsightAppSec and AppSpider
InsightCloudSec
InsightIDR
InsightVM and Nexpose
Surface Command
Threat Command

InsightAppSec and AppSpider

No updates released at this time.

InsightCloudSec

Version 25.6.10

Software release date: June 10, 2025 | Release notes published: June 10, 2025

Details for self-hosted customers

Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually six business days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is June 16, 2025.
- The latest Terraform template (static files and modules) can be downloaded from our public S3 bucket: https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-prodserv-tf/example-usage/aws/release/divvycloud-tf-release.zip
- Modules can be updated with the terraform get -update command.
Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1

Improved

Improved logging granularity for Azure Storage Accounts by capturing new diagnostic category groups (audit, allLogs). Updates improve accuracy for the following Insights:
- Storage Account Blob Service Logging Disabled
- Storage Account Queue Service Logging Disabled
- Storage Account Table Service Logging Disabled
Added a harvester for Azure Storage Account lifecycle policies and rules. Also added new Query Filters:
- Storage Account Without Lifecycle Policy
- Storage Account With Disabled Lifecycle Policy Rules
- Storage Account Without Lifecycle Policy Sub-Type
- Storage Account Without Specified Rule For Policy Sub-Type This change requires a new permission: Microsoft.Storage/storageAccounts/managementPolicies/read
Azure LPA and EDH auto-deployment and subscribe endpoints now support tagging deployed resources.
We made several improvements to our user interface to ensure a cleaner and more consistent experience for the following pages:
- User Management > Users
- Cloud Accounts > Summary
- User Management > User Roles
- User Management > API Keys
Additionally, the option to Switch to Legacy UI has been removed

Fixed

Removed EmailServiceRuleHarvester and GlobalLoadBalancerHarvester from AWS GovCloud due to incompatibility with GovCloud environments. Updated ServiceCheckHarvest and ServiceLimitHarvest to restrict operations to the us-gov-east-1 region for proper functionality. Note the ServiceLimitHarvest may require the support:RefreshTrustedAdvisorCheck permission.
guardrails inventory-scanner now falls back to namespace-level checks when cluster-wide permissions are unavailable.
Fixed a conversion bug in the AWS storage container converter for Terraform.
Fixed Entra ID authentication detection for PostgreSQL and MySQL instances.
Corrected zone redundancy and multi-AZ reporting for Azure instances.
Standardized Azure storage size units to GB.
Fixed inaccurate encryption detection for data at rest and in transit.
Corrected public network accessibility reporting for managed instances.
Improved overall stability of the DatabaseInstanceHarvester.

Top of page

InsightIDR

Release notes published: June 9, 2025

Improved

Updated the default date range of the Investigation Details > Inspect Actor Activity feature from 30 days to the last 24 hours, providing faster and more relevant insights.
Enhanced the Add Event Source form to include updated help content and clearer collection method descriptions, featuring a cleaner design and more descriptive language for improved usability.

Top of page

Version 8.10.0

Software release date: June 11, 2025 | Release notes published: June 12, 2025

This release does not contain any product changes or fixes. This release is only meant to ensure that offline deployments of InsightVM, such as those running in air-gapped networks, are provided with the latest installers containing up-to-date security content (up to and including June 10, 2025).

Version 8.9.1

Software release date: June 10, 2025 | Release notes published: June 12, 2025

Improved

Updated Scan Assistant to improve reliability, including default recovery settings on Windows and resolving incorrect “obsolete” status in certain package managers.
Upgraded the Java Runtime to version 17.0.15 to include the latest security and stability improvements.
Added support for the CIS Ubuntu 24.04 Benchmark v1.0.0 in our policy content to ensure continued compliance with the latest Ubuntu release.

A bug was introduced in version 8.9.0 to a small cohort of customers on June 4, 2025. The code was reverted and version 8.9.1 was released to that cohort on June 9, 2025.

Fixed

Fixed an issue that prevented passwordless restores from working correctly.
Improved messaging in the “Vulnerability Exceptions Review” and “Delete” dialogs for better clarity.
Resolved a sorting issue in the Risk Score Table on the Asset Detail Page that affected some users.
Corrected date display issues for vulnerabilities caused by time zone differences.
Fixed a problem where UI error pages were not displaying properly.

Top of page

Surface Command

No updates released at this time.

Threat Command

No updates released at this time.

Top of page

Did this page help you?