Improved
- Updated Defense Information Systems Agency (DISA) policies: We updated the following DISA benchmarks:
- Microsoft .Net Framework 4 STIG Benchmark - Ver 2, Rel 1
- Red Hat Enterprise Linux 7 STIG Benchmark - Ver 3, Rel 2
- Oracle Linux 7 STIG Benchmark - Ver 2, Rel 2
- Mozilla Firefox for RHEL STIG Benchmark - Ver 5, Rel 1
- Solaris 11 SPARC STIG Benchmark - Ver 2, Rel 2
- Canonical Ubuntu 16.04 STIG Benchmark - Ver 2, Rel 2
- Solaris 11 X86 STIG Benchmark - Ver 2, Rel 2
- Red Hat Enterprise Linux 6 STIG Benchmark - Ver 2, Rel 2
- Google Chrome for Windows STIG Benchmark - Ver 2, Rel 2
- Canonical Ubuntu 18.04 STIG Benchmark - Ver 2, Rel 1
Fixed
- CSV exports of Security Console tables will no longer fail if the time-zone-offset cookie is not present or is not parsed correctly. In the event that either of these cases apply during a CSV export action, the default time zone of the console's host machine will be used instead.
- We fixed an issue where an asset's installed software details could be dropped from the latest scan results due to a rare fingerprint timing condition.
- We updated the check logic for our Spectre/Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) AIX vulnerability content to include rollup patches to prevent false positives.
- We fixed an issue that prevented the Affects table in vulnerability detail views from retrieving data in some cases.
- We fixed an issue where the Security Console or Scan Engine could crash due to a defect in the Java Development Kit (JDK) installed with both components.
Other Changes
- Scan Engine and Security Console communications no longer support the use of the
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256cipher suite.