Aug 04, 20216.6.96


  • New goal criteria: We added advanced query syntax so that you can set success criteria when making queries through Goals and SLAs.
  • New sorting view: In Goals and SLAs you can now sort all columns in the asset and vulnerability tables.


  • Updated Google Chrome fingerprinting: We updated our Google Chrome fingerprinting to reduce false positives on Unix-like systems.
  • New port: InsightVM and Nexpose consoles will now retrieve product and content updates by connecting to on port 443. In order to receive future product and content updates, you must allow the server hosting InsightVM or Nexpose to make outbound connections to on port 443.


  • We fixed an issue where querying policy reports via API v3 when one or more of the policies did not have a surrogate ID caused an error message.
  • We fixed an issue that caused long vulnerability scan times when scanning Windows Domain Controllers.
  • We fixed an issue that caused false positives when fingerprinting PostgreSQL via unauthenticated means.
  • We fixed an issue where customer asset and vulnerability selections were not being passed through and populated in the scope when creating remediation projects.

Security Updates

  • We fixed CVE-2021-31868, which was an information disclosure vulnerability affecting the old ticketing feature which was previously available on the Security Console. This issue allowed users to view and edit any tickets even if they were not assigned to that user. This issue affects all Security consoles up to and including 6.6.95. If your Security console falls within this version range please ensure that you update your Security Console to the latest version as these resources have now been removed. Special thanks to Reda El Hachloufi for reporting this issue to Rapid7.