New
- Added CIS benchmark coverage. We added built-in support for the following policies:
- Apple macOS 10.15, version 3.0.0
- Apple macOS 11.0, version 3.0.0
- Apple macOS 12.0, version 2.0.0
- Apple macOS 13.0, version 1.0.0
- Oracle MySQL Enterprise Edition 8.0, version 1.2.0
Improved
- IBM HTTPServer check. In addition to its original patch PH44289, the IBM HTTPServer check for CVE-2021-44224 now accepts superseding IBM patches PH44271, PH44829, PH46897, and PH50316 as valid remediations.
- JRE fingerprinting. We improved JRE fingerprinting to detect installs managed through Java plugin.
- AWS UUID collection. We improved AWS UUID collection on Unix-based EC2 instances.
- Enhanced SIP fingerprinting. We expanded the number of SIP services the Scan Engine is able to identify by adding support for the sip_user_agents database in the Recog framework.
- Enhanced HTTP/S fingerprinting. We expanded the number of HTTP/S services the Scan Engine is able to identify by adding support for the favicons database in the Recog framework.
Fixed
- CSV reports no longer contain duplicated data in the Asset Location and Custom Tag fields.
- When viewing past scans, policy results on an asset’s node page now display correctly.
- We fixed an issue where some assets were prevented from integrating correctly when using API imports.
- We updated Google Chrome vulnerability content to support the fix versions offered for different operating systems, reducing false positives and false negatives.
- We resolved an issue involving Windows 11 vulnerability content, specifically for Microsoft Patch Tuesday content released in October 2022 to December 2022. There should be no noticeable risk score change for Windows 11 assets that receive timely automatic updates from Microsoft. Windows 11 assets that have yet to receive the January 2023 Patch Tuesday updates may see an increase in risk score.