Tenable Nessus 2024 Release Notes

Bug Fix	Defect ID	Applies to
Improved the user input for some text boxes in the web application scanning configuration, allowing comma separation, new lines, and spaces.	01723550	Tenable Nessus Expert
Fixed an issue where improper JSON input was being sent to the web application scanning container.	01966393	Tenable Nessus Expert

Bug Fix	Defect ID	Applies to
Improved error handling under low memory conditions to increase scanner stability.	01788324, 01782329, 01790186, 01778293	All Tenable Nessus versions

Bug Fix	Defect ID	Applies to
Fixed an issue that caused a DataTable error message to appear when adding child nodes to a cluster group in Tenable Nessus Manager.	01757838	Tenable Nessus Manager
Fixed an issue that caused the report button not to appear for Tenable Security Center-managed scanners.	01776000, 01774869, 01776531, 01777615, 01777054, 01777357, 01778216, 01778224, 01778729, 01778385, 01778998, 01779637, 01779828, 01779823, 01779819, 01780722, 01779445, 01781217, 01780015, 01782102, 01780435, 01780036, 01775400, 01782805, 01783201, 01783872, 01773762, 01784052	Tenable Nessus Scanners managed by Tenable Security Center
Fixed an issue that caused scans to time out unnecessarily when reporting scan progress to Tenable Security Center.	01712166	Tenable Nessus Scanners managed by Tenable Security Center

New Features

The following are the new features included in Tenable Nessus 10.7.0:

Plugin details are now available to view in Japanese, Simplified Chinese, and Traditional Chinese.

For information on how to configure your plugin detail language, see Configure the Plugin Detail Locale in the Tenable Nessus User Guide.
Updated the advanced scan settings user interface with dynamic tooltips.

Changed Functionality and Performance Enhancements

The following enhancements are included in Tenable Nessus 10.7.0:

Tenable Nessus Manager now automatically removes non-agent plugins from Tenable Nessus Agent plugin databases.
Improved the certificate checking logic in linked Tenable Nessus scanners.
Updated Tenable Nessus so that the user interface no longer accepts "localhost" as a proxy value. You can still set this value using nessuscli.
Updated the default list of ports scanned by Tenable Nessus port scanners. For details on the ports list, see List of ports in Nessus defined by Port Scan Range: default.
OpenSSL was updated to 3.0.13.
zlib was updated to 1.3.1.
Tenable Nessus RPM packages are now provided using the Enterprise Linux packaging and naming convention.

Security Updates

The following are security updates included in Tenable Nessus 10.7.0:

Resolved a stored XSS vulnerability in which an authenticated remote attacker with administrator privileges in Tenable Nessus could alter proxy settings, which could lead to the execution of remote arbitrary scripts.
Resolved a SQL injection vulnerability in which an authenticated, low-privileged remote attacker could potentially alter scan DB content.

For more information, see the Tenable Product Security Advisory.

Bug Fixes

Bug Fix	Defect ID	Applies to
Removed dependency on the Windows package installer to update the Tenable Nessus version in the registry.	01568976	All Tenable Nessus versions
Removed plugin_info.inc from the saved files that are retained when you reset Tenable Nessus from the command line.	01645709	All Tenable Nessus versions
Fixed an issue related to agent group filtering in Tenable Nessus Manager.	01649587	Tenable Nessus Manager
Fixed a rare crash (SIGSEGV) in Tenable Nessus Manager.	01618452, 01690745	Tenable Nessus Manager
Fixed a crash that occurred when scan variable memory was freed multiple times in certain contexts.	01653504	All Tenable Nessus versions
Removed some ports from the nessus-services file.	01681534	All Tenable Nessus versions
Fixed an issue that occurred when downloading scanner logs with both Extended Logs and Sanitize IPs options set.	01734291	All Tenable Nessus versions
Fixed an issue in Tenable Nessus Managers linked to Tenable Security Center where if plugins fail to download, Tenable Security Center produces a protocol error and prevents scanning.	01612390, 01647256, 01666618, 01692366	Tenable Nessus Manager

Supported Platforms

The following are supported platform updates made in Tenable Nessus 10.7.0:

Added support for the following operating systems:
- Ubuntu 22.04 LTS
- Fedora 38 and 39
- Debian 12
- macOS 14
- Amazon Linux 2023
Removed support for the following operating systems:
- Fedora 35 and 36
- Amazon Linux 1
- macOS 11

Upgrade Notes

Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
You can upgrade to the latest version of Tenable Nessus from any previously supported version.
If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Plugin Releases