Jun 16, 20216.6.89

Improved

  • Updated Defense Information Systems Agency (DISA) policies: We updated the following DISA benchmarks:
    • MS IIS 8-5 Site STIG - version 2, release 2
    • Apache Server 2-4 UNIX Server STIG - version 2, release 2
    • Apache Server 2-4 UNIX Site STIG - version 2, release 1
    • MS Excel 2010 STIG - version 1, release 11
    • Oracle Linux 7 STIG - version 2, release 3
  • Updated Center for Internet Security (CIS) policies: We updated the following CIS benchmarks:
    • CentOS Linux 7, version 3.1.0
    • Oracle Linux 7, version 3.1.0
  • More SSH Private Key support: We added support for SSH Private Keys in the openssh-key-v1 format. Our documentation has been updated to reflect this change.
  • More Dynamic Asset Group calculation improvements: Following up with the improvement shipped in product version 6.6.86, we made further improvements to the Security Console's Dynamic Asset Group recalculation process.

Fixed

  • We fixed an issue that caused Google Chrome plugins to be misidentified as installations of the Google Chrome browser.
  • We updated our Windows Firefox fingerprinting process to take additional steps in order to distinguish between the ESR and standard browser versions.

Other Changes

  • The restriction feature for scan credentials will now automatically resolve mismatches between the restricted credential and the specified restriction criterion, which ensures that the credential is restricted to the correct asset as intended. This change may increase scan initialization times. If you need to disable this functionality, you can do so by executing com.rapid7.nexpose.nsc.check.restricted.credentials=0 in the command console.