Nexpose Release Notes / Dec 01, 2021

Dec 01, 20216.6.115

New

  • New Defense Information Systems Agency benchmarks. We now provide support for the following DISA policies:

    • Canonical Ubuntu 18.04 benchmark, version 2, release 4
    • MS Internet Explorer 11 STIG benchmark, version 2, release 1
    • Sunset-McAfee VirusScan 8.8 Local Client STIG benchmark, version 1, release 4
    • Sunset-McAfee VirusScan 8.8 Managed Client STIG benchmark, version 1, release 3
    • Microsoft Edge STIG benchmark, version 1, release 1
    • RHEL 8 STIG benchmark, version 1, release 3
    • SLES 12 STIG benchmark, version 2, release 5
    • MS IIS 8-5 STIG, version 2, release 4

  • New fingerprinting and vulnerability coverage. New fingerprinting and recurring vulnerability coverage for AdoptOpenJDK.

Improved

  • Updated Windows 10 checks. We updated how Windows 10 checks work to reduce complexity.
  • Improved communication. We improved the reliability of communication between the Console and the Scan Engine.
  • Updated Center for Internet Security content. We updated the CIS policy content that provides a benchmark for MS Windows Server 2012 (non-R2) to version 2.3.0.
  • Updated BigIP SNMP fingerprinting We updated BigIP SNMP fingerprinting to correctly identify the F5 device hotfix version.
  • Improved engine transmission logs. We improved engine transmission logs to help better diagnose connection issues.
  • Upgraded JRE This 6.6.115 product version upgrades the Java Runtime Environment (JRE) included with the Security Console to Zulu OpenJDK 1.8.0_312. This upgrade improves the security of the Nexpose application.

Fixed

  • Correct package values will now be reflected in our CentOS checks.
  • We improved F5 device fingerprinting where historically installed versions are present.
  • Exceptions encountered during SSH Elevation are now logged.
  • Installations of Microsoft exchange that were undetected due to lack of registry keys will now be detected.
  • Fields that failed to load in the UI when editing Shared Credentials will now load properly.
  • Agent-based assessments will now include all user and group information on Windows assets.
  • Sites configured to include only asset groups will no longer exclude all scan targets if one of those asset groups is specified as a subset in the scan schedule.
  • Excluded IP addresses and ranges are no longer being scanned during scheduled scan configuration.