Tenable Nessus 2024 Release Notes
Plugin Releases
For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.
Tenable Nessus 10.7.2 (2024-04-02)
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.7.2:
-
Optimized the evaluation of Tenable Nessus scanning rules to improve scan times for scans in which a rule specifies a hostname.
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Improved error handling under low memory conditions to increase scanner stability. | 01788324, 01782329, 01790186, 01778293 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners version 8.x and 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.1 (2024-02-27)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue that caused a DataTable error message to appear when adding child nodes to a cluster group in Tenable Nessus Manager. | 01757838 | Tenable Nessus Manager |
| Fixed an issue that caused the report button to not appear for Tenable Security Center-managed scanners. | 01776000, 01774869, 01776531, 01777615, 01777054, 01777357, 01778216, 01778224, 01778729, 01778385, 01778998, 01779637, 01779828, 01779823, 01779819, 01780722, 01779445, 01781217, 01780015, 01782102, 01780435, 01780036, 01775400, 01782805, 01783201, 01783872, 01773762, 01784052 | Tenable Nessus Scanners managed by Tenable Security Center |
| Fixed an issue that caused scans to time out unnecessarily when reporting scan progress to Tenable Security Center. | 01712166 | Tenable Nessus Scanners managed by Tenable Security Center |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners version 8.x and 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.0 (2024-02-06)
New Features
The following are the new features included in Tenable Nessus 10.7.0:
-
Plugin details are now available to view in Japanese, Simplified Chinese, and Traditional Chinese.
For information on how to configure your plugin detail language, see Configure the Plugin Detail Locale in the Tenable Nessus User Guide.
-
Updated the advanced scan settings user interface with dynamic tooltips.
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.7.0:
-
Tenable Nessus Manager now automatically removes non-agent plugins from Tenable Nessus Agent plugin databases.
-
Improved the certificate checking logic in linked Tenable Nessus scanners.
-
Updated Tenable Nessus so that the user interface no longer accepts "localhost" as a proxy value. You can still set this value using nessuscli.
-
Updated the default list of ports scanned by Tenable Nessus port scanners. For details on the ports list, see List of ports in Nessus defined by Port Scan Range: default.
-
OpenSSL was updated 3.0.13.
-
zlib was updated to 1.3.1.
-
Tenable Nessus RPM packages are now provided using the Enterprise Linux packaging and naming convention.
Security Updates
The following are security updates included in Tenable Nessus 10.7.0:
-
Resolved a stored XSS vulnerability in which an authenticated remote attacker with administrator privileges in Tenable Nessus could alter proxy settings, which could lead to the execution of remote arbitrary scripts.
-
Resolved a SQL injection vulnerability in which an authenticated, low-privileged remote attacker could potentially alter scan DB content.
For more information, see the Tenable Product Security Advisory.
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Removed dependency on the Windows package installer to update the Tenable Nessus version in the registry. | 01568976 | All Tenable Nessus versions |
| Removed plugin_info.inc from the saved files that are retained when you reset Tenable Nessus from the command line. | 01645709 | All Tenable Nessus versions |
| Fixed an issue related to agent group filtering in Tenable Nessus Manager. | 01649587 | Tenable Nessus Manager |
| Fixed a rare crash (SIGSEGV) in Tenable Nessus Manager. | 01618452, 01690745 | Tenable Nessus Manager |
| Fixed a crash that occurred when scan variable memory was freed multiple times in certain contexts. | 01653504 | All Tenable Nessus versions |
| Removed some ports from the nessus-services file. | 01681534 | All Tenable Nessus versions |
| Fixed an issue that occurred when downloading scanner logs with both Extended Logs and Sanitize IPs options set. | 01734291 | All Tenable Nessus versions |
| Fixed an issue in Tenable Nessus Managers linked to Tenable Security Center where if plugins fail to download, Tenable Security Center produces a protocol error and prevents scanning. | 01612390, 01647256, 01666618, 01692366 | Tenable Nessus Manager |
Supported Platforms
The following are supported platform updates made in Tenable Nessus 10.7.0:
-
Added support for the following operating systems:
-
Ubuntu 22.04 LTS
-
Fedora 38 and 39
-
Debian 12
-
macOS 14
-
Amazon Linux 2023
-
-
Removed support for the following operating systems:
-
Fedora 35 and 36
-
Amazon Linux 1
-
macOS 11
-
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners version 8.x and 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.