New

• Active Risk scoring strategy. Our new vulnerability risk scoring strategy, Active Risk, is now available. This risk strategy provides a threat-aware vulnerability risk score by using the latest version of CVSS available for a vulnerability and enhancing it with multiple threat intelligence feeds, including proprietary Rapid7 research, to prioritize remediation for actively exploited vulnerabilities first. You can upgrade to Active Risk from Administration > Vulnerabilities > Risk Score Settings.
• Active Risk dashboard cards. We added two new dashboard cards that use Rapid7’s new vulnerability risk model, Active Risk:
  • The Vulnerability Findings by Active Risk Score Severity and Publish Age card creates a heat map of Active Risk severity scores and the publish age of each vulnerability finding.
  • The Vulnerability Findings by Active Risk Score Severity card displays the number of vulnerability findings in each Active risk score severity level (i.e., critical, high, moderate, and low).

Fixed

• POST /api/3/sites/{id}/assets now correctly updates the description when importing an asset.
• An issue that caused the CSV Exporter to fail when generating reports has been fixed.
• An issue that caused the unix-path-resolver-thread to display errors and use excessive memory during scans has been fixed.