New
- New automated vulnerability content: We now support recurring vulnerability coverage for Amazon Linux 2.
Improvements
- Defense Information Systems Agency (DISA) Policy content: We updated the following existing DISA benchmarks:
- Red Hat Enterprise Linux 7 STIG Benchmark - Ver 2, Rel 7
- Red Hat Enterprise Linux 6 STIG Benchmark - Ver 1, Rel 27
- Mozilla Firefox for RHEL STIG Benchmark - Ver 1, Rel 6
- Windows Defender Antivirus STIG Benchmark - Ver 1, Rel 6
- Microsoft .NET Framework 4 STIG Benchmark - Ver 1, Rel 7
- Updated obsolete version content: We updated our f5-big-ip-obsolete-version check to include more unsupported versions.
- Improved credential source labeling: The "Administrative Credential" and "Service Credential" labels in scan logs and Source columns of node fingerprint tables have been renamed as "Configured Credential" and "Discovered Credential" respectively. These new labels will help you easily determine if the source credential that produced the fingerprint was configured by a user on the Security Console or discovered automatically during a scan.
- Improved Apache Tomcat fingerprinting: Our new fingerprinting technique can now identify Apache Tomcat on Windows assets using uninstaller registry keys.
- Improved Linux vulnerability assessment capability: The product will no longer report Linux kernel vulnerabilities that have been live-patched by KernelCare.
Fixes
- We fixed an issue with our msft-cve-2020-0688-unsupported-version vulnerability check to resolve potential false positives.
- We fixed several end-of-life checks for various Linux distributions that were missing the
Obsolete Softwarecategory.