Tenable Nessus 2024 Release Notes
Tip: You can subscribe to receive alerts for Tenable documentation updates.
Plugin Releases
For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.
Tenable Nessus 10.8.3 (2024-09-11)
Security Updates
The following are security updates included in Tenable Nessus 10.8.3:
-
Updated OpenSSL to 3.0.15.
-
Updated libexpat to 2.6.3.
For more information, see the Tenable Product Security Advisory.
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.2 (2024-08-15)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed a defect that caused Tenable Nessus to inappropriately apply severity mappings to compliance results. | 02081143, 02082283, 02082725, 02082277, 02081289, 02084350, 02086320, 02085981, 02086737, 02082923, 02086827, 02085220, 02084549, 02087878 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.1 (2024-08-03)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue where specifying a list of ports including "default" would cause a parsing failure and prevent the scan from launching. | 02080643, 02081116, 02081643 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.0 (2024-07-30)
New Features
The following are the new features included in Tenable Nessus 10.8.0:
-
Tenable Nessus now supports CVSSv4 and EPSS scoring for vulnerability findings. You can view CVSSv4 and EPSS scores in the plugin output details and use both scores to filter scan results.
-
You can now use Tenable Nessus Manager to create and manage agent profiles in the new Sensors > Agent Profiles menu. You can use agent profiles to apply specific product versions to groups of linked agents.
-
A new offline mode is now available to Tenable Nessus Professional and Tenable Nessus Expert users with limited internet connectivity.
-
Tenable Nessus now decorates scan results with a scan type to allow you to differentiate scans.
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.8.0:
-
hostname is now a dependency for Tenable Nessus rpm installations. Therefore, when installing any Tenable Nessus 10.8.x rpm package, you must also install a hostname package if one has not already been installed. You can do so by running the install hostname command that is specific to your Linux operating system. For example:
zypper install -y hostname
Some Linux CLI tools automatically include dependencies when you install the Tenable Nessus package (yum install, for example). In these cases, you do not have to separately install hostname.
-
The import-certs CLI command now supports importing server chains.
-
Compliance plugin names are no longer truncated in the Tenable Nessus user interface.
-
Added support for importing unencrypted scan databases.
-
Added support for IMDSv2 for BYOL scanners in AWS.
-
Tenable Nessus now streams plugin and product updates to disk when downloading instead of buffering in memory.
-
Tenable Nessus now uses only the hostname and port to track against WAS licenses instead of the full URL. For example, all of the following now count for a single license FQDN rather than three:
-
https://example.com/welcome
-
https://example.com/welcome/get-started
-
https://example.com/welcome/get-started/create-new-use
-
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue that caused the user icon in the Tenable Nessus user interface to disappear when you reduce the screen width. | 01798648 | All Tenable Nessus versions |
| Improved performance when launching an Advanced Dynamic Scan. | 01717333 | All Tenable Nessus versions |
| Fixed a scan permission issue related to scan attachments. | 01587237 | All Tenable Nessus versions |
|
Updated Tenable Nessus scanners connected to Tenable Security Center so that the policy file is deleted once a new scan is created. This ensures that policy files do not accumulate on the scanner. |
02010600 | Tenable Nessus scanners manged by Tenable Security Center |
| Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused an entire plugin family to be enabled when only a few of the family's plugins were enabled in the scan policy. | 01754873 | Tenable Nessus scanners manged by Tenable Security Center |
| Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused repeated plugin compilations. | 01791821 | Tenable Nessus scanners managed by Tenable Security Center |
| Fixed an issue where node restarts make the Last Connect value unreliable for both online and offline agents, which could potentially cause issues with automatic unlinking. | 01682807 | Tenable Nessus Manager |
| Fixed an issue where compliance findings were being included in vulnerability sections of reports. | 01751322 | All Tenable Nessus versions |
| Nessus will no longer drop the trailing / from URLs being targeted in WAS scans. | 02036369 | All Tenable Nessus versions |
| Fixed an issue where Web App Scanning (WAS) authentication credentials were not passed correctly to the WAS Docker container. | 01966393 | All Tenable Nessus versions |
| Fixed an issue where compliance reports were showing the wrong vulnerability level. | 01751322 | All Tenable Nessus versions |
Supported Platforms
The following are supported platform updates made in Tenable Nessus 10.8.0:
-
Removed support for the following operating systems:
-
Red Hat Enterprise Linux 6
-
Debian 10
-
Ubuntu 14.04
-
FreeBSD
-
Upgrade Notes
- Important: Downgrading to Tenable Nessus 10.7.x from Tenable Nessus 10.8.0 will result in WAS licenses being tracked against the full URL again. This may lead to unexpected license usage upon upgrading to Tenable Nessus 10.8.0 again.
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.