Nexpose Release Notes / Feb 05, 2025

Feb 05, 20257.5.0

New

  • Cloud assets that use the Insight Agent for vulnerability assessment will now have additional data about their cloud provider displayed in the Remediation Hub. The Remediation Hub will also suggest solutions for these assets when you search for cloud solutions.
  • We added Recurring Vulnerability coverage for ArubaOS 8 and ArubaOS 10 through both SSH and SNMP.
  • AlmaLinux policy content. We added built-in policy content for CIS AlmaLinux 9 Benchmark v2.0.0 and CIS AlmaLinux 8 Benchmark v3.0.0.
  • Debian Linux policy content. We added built-in policy content to support CIS Debian Linux 11 v2.0.0 and CIS Debian Linux 12 v1.1.0.
  • Apple macOS policy content. We added built-in policy content for CIS Apple macOS 15.0 Sequoia Benchmark v1.0.0.

Improved

  • The Site Configuration feature now accepts .p12 and .pfx file types to support Scan Assistant credentials.
  • We improved the performance and efficiency of report generation with Asset Reporting Format (ARF) and Extensible Configuration Checklist Description Format (XCCDF), ensuring faster processing times for large datasets.
  • We enhanced the error messaging in the site creation experience to provide clearer explanations of what caused the error.
  • Redhat enterprise Linux policy content. We updated built-in policy content to support the latest CIS Benchmark for Redhat enterprise Linux 7 v4, Redhat enterprise linux 8 v3.0.0, and Redhat enterprise Linux 9 v2.0.0.
  • Oracle Linux policy content. We updated built-in policy content to support CIS Oracle Linux 8 version 3.0.0 and CIS Oracle Linux 9 version 2.0.0.

Fixed

  • We fixed an issue with Junos OS fingerprinting, improving check accuracy.
  • We fixed an issue that caused a scan to hang indefinitely when paused or stopped during specific scenarios of SSL connection establishment.
  • We resolved an issue with scan engines failing to start scans after a recent update.
  • We resolved an issue with the validation of the Scan Credential password for SNMPv3, which was incorrectly allowing shorter passwords (fewer than 8 characters) to be used.
  • We resolved an issue that caused Containerized Scan Engines to not be displayed in the list of available Engine Pools.
  • We resolved an issue to ensure that shared CyberArk credentials can no longer be created without an App ID.
  • We resolved an issue that caused scan schedules that were associated with certain asset groups to not be enabled.
  • We resolved an issue that caused a message about leaving the site to appear when a user created a new site and clicked Save and Scan.
  • We resolved an issue that prevented users with special characters in their username to be unable to select scans when creating reports.
  • We resolved an issue that prevented Global Blackout schedules from being visible in the calendar for non-admin users.
  • We resolved an issue that caused users with similar names to be erroneously selected when configuring user access for a site.
  • We resolved an issue that prevented error messages from being displayed during site creation when the same file was being re-uploaded.
  • We resolved an issue that caused a message about unsaved changes to appear in the scan schedule feature, when no changes had been made.