Tenable Nessus 2024 Release Notes
Plugin Releases
For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.
Tenable Nessus 10.7.6 (2024-09-11)
Security Updates
The following are security updates included in Tenable Nessus 10.7.6:
-
Updated OpenSSL to 3.0.15.
-
Updated libexpat to 2.6.3.
For more information, see the Tenable Product Security Advisory.
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.3 (2024-09-11)
Security Updates
The following are security updates included in Tenable Nessus 10.8.3:
-
Updated OpenSSL to 3.0.15.
-
Updated libexpat to 2.6.3.
For more information, see the Tenable Product Security Advisory.
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.2 (2024-08-15)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed a defect that caused Tenable Nessus to inappropriately apply severity mappings to compliance results. | 02081143, 02082283, 02082725, 02082277, 02081289, 02084350, 02086320, 02085981, 02086737, 02082923, 02086827, 02085220, 02084549, 02087878 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.1 (2024-08-03)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue where specifying a list of ports including "default" would cause a parsing failure and prevent the scan from launching. | 02080643, 02081116, 02081643 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.0 (2024-07-30)
New Features
The following are the new features included in Tenable Nessus 10.8.0:
-
Tenable Nessus now supports CVSSv4 and EPSS scoring for vulnerability findings. You can view CVSSv4 and EPSS scores in the plugin output details and use both scores to filter scan results.
-
You can now use Tenable Nessus Manager to create and manage agent profiles in the new Sensors > Agent Profiles menu. You can use agent profiles to apply specific product versions to groups of linked agents.
-
A new offline mode is now available to Tenable Nessus Professional and Tenable Nessus Expert users with limited internet connectivity.
-
Tenable Nessus now decorates scan results with a scan type to allow you to differentiate scans.
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.8.0:
-
hostname is now a dependency for Tenable Nessus rpm installations. Therefore, when installing any Tenable Nessus 10.8.x rpm package, you must also install a hostname package if one has not already been installed. You can do so by running the install hostname command that is specific to your Linux operating system. For example:
zypper install -y hostname
Some Linux CLI tools automatically include dependencies when you install the Tenable Nessus package (yum install, for example). In these cases, you do not have to separately install hostname.
-
The import-certs CLI command now supports importing server chains.
-
Compliance plugin names are no longer truncated in the Tenable Nessus user interface.
-
Added support for importing unencrypted scan databases.
-
Added support for IMDSv2 for BYOL scanners in AWS.
-
Tenable Nessus now streams plugin and product updates to disk when downloading instead of buffering in memory.
-
Tenable Nessus now uses only the hostname and port to track against WAS licenses instead of the full URL. For example, all of the following now count for a single license FQDN rather than three:
-
https://example.com/welcome
-
https://example.com/welcome/get-started
-
https://example.com/welcome/get-started/create-new-use
-
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue that caused the user icon in the Tenable Nessus user interface to disappear when you reduce the screen width. | 01798648 | All Tenable Nessus versions |
| Improved performance when launching an Advanced Dynamic Scan. | 01717333 | All Tenable Nessus versions |
| Fixed a scan permission issue related to scan attachments. | 01587237 | All Tenable Nessus versions |
|
Updated Tenable Nessus scanners connected to Tenable Security Center so that the policy file is deleted once a new scan is created. This ensures that policy files do not accumulate on the scanner. |
02010600 | Tenable Nessus scanners manged by Tenable Security Center |
| Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused an entire plugin family to be enabled when only a few of the family's plugins were enabled in the scan policy. | 01754873 | Tenable Nessus scanners manged by Tenable Security Center |
| Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused repeated plugin compilations. | 01791821 | Tenable Nessus scanners managed by Tenable Security Center |
| Fixed an issue where node restarts make the Last Connect value unreliable for both online and offline agents, which could potentially cause issues with automatic unlinking. | 01682807 | Tenable Nessus Manager |
| Fixed an issue where compliance findings were being included in vulnerability sections of reports. | 01751322 | All Tenable Nessus versions |
| Nessus will no longer drop the trailing / from URLs being targeted in WAS scans. | 02036369 | All Tenable Nessus versions |
| Fixed an issue where Web App Scanning (WAS) authentication credentials were not passed correctly to the WAS Docker container. | 01966393 | All Tenable Nessus versions |
| Fixed an issue where compliance reports were showing the wrong vulnerability level. | 01751322 | All Tenable Nessus versions |
Supported Platforms
The following are supported platform updates made in Tenable Nessus 10.8.0:
-
Removed support for the following operating systems:
-
Red Hat Enterprise Linux 6
-
Debian 10
-
Ubuntu 14.04
-
FreeBSD
-
Upgrade Notes
- Important: Downgrading to Tenable Nessus 10.7.x from Tenable Nessus 10.8.0 will result in WAS licenses being tracked against the full URL again. This may lead to unexpected license usage upon upgrading to Tenable Nessus 10.8.0 again.
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.5 (2024-07-16)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue that caused the Nessus policy file to be deleted before starting a new scan and caused a scan interruption for cloud scanners. | 02004361 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.4 (2024-06-10)
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.7.4:
-
Enhanced nessus-service logging on Windows in cases where nessus-service terminates unexpectedly.
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Improved the user input for some text boxes in the web application scanning configuration, allowing comma separation, new lines, and spaces. | 01723550 | Tenable Nessus Expert |
| Fixed an issue where improper JSON input was being sent to the web application scanning container. | 01966393 | Tenable Nessus Expert |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.3 (2024-05-16)
Security Updates
The following are security updates included in Tenable Nessus 10.7.3:
-
Addressed a vulnerability that allowed low-privileged users to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability during the Windows Tenable Nessus installation process.
-
Addressed a vulnerability in which the Windows Tenable Nessus setup process could have failed to set proper access rights for the installation folder if you chose a custom installation path during installation.
For more information, see the Tenable Product Security Advisory.
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.2 (2024-04-02)
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.7.2:
-
Optimized the evaluation of Tenable Nessus scanning rules to improve scan times for scans in which a rule specifies a hostname.
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Improved error handling under low memory conditions to increase scanner stability. | 01788324, 01782329, 01790186, 01778293 | All Tenable Nessus versions |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.1 (2024-02-27)
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Fixed an issue that caused a DataTable error message to appear when adding child nodes to a cluster group in Tenable Nessus Manager. | 01757838 | Tenable Nessus Manager |
| Fixed an issue that caused the report button not to appear for Tenable Security Center-managed scanners. | 01776000, 01774869, 01776531, 01777615, 01777054, 01777357, 01778216, 01778224, 01778729, 01778385, 01778998, 01779637, 01779828, 01779823, 01779819, 01780722, 01779445, 01781217, 01780015, 01782102, 01780435, 01780036, 01775400, 01782805, 01783201, 01783872, 01773762, 01784052 | Tenable Nessus Scanners managed by Tenable Security Center |
| Fixed an issue that caused scans to time out unnecessarily when reporting scan progress to Tenable Security Center. | 01712166 | Tenable Nessus Scanners managed by Tenable Security Center |
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.7.0 (2024-02-06)
New Features
The following are the new features included in Tenable Nessus 10.7.0:
-
Plugin details are now available to view in Japanese, Simplified Chinese, and Traditional Chinese.
For information on how to configure your plugin detail language, see Configure the Plugin Detail Locale in the Tenable Nessus User Guide.
-
Updated the advanced scan settings user interface with dynamic tooltips.
Changed Functionality and Performance Enhancements
The following enhancements are included in Tenable Nessus 10.7.0:
-
Tenable Nessus Manager now automatically removes non-agent plugins from Tenable Nessus Agent plugin databases.
-
Improved the certificate checking logic in linked Tenable Nessus scanners.
-
Updated Tenable Nessus so that the user interface no longer accepts "localhost" as a proxy value. You can still set this value using nessuscli.
-
Updated the default list of ports scanned by Tenable Nessus port scanners. For details on the ports list, see List of ports in Nessus defined by Port Scan Range: default.
-
OpenSSL was updated to 3.0.13.
-
zlib was updated to 1.3.1.
-
Tenable Nessus RPM packages are now provided using the Enterprise Linux packaging and naming convention.
Security Updates
The following are security updates included in Tenable Nessus 10.7.0:
-
Resolved a stored XSS vulnerability in which an authenticated remote attacker with administrator privileges in Tenable Nessus could alter proxy settings, which could lead to the execution of remote arbitrary scripts.
-
Resolved a SQL injection vulnerability in which an authenticated, low-privileged remote attacker could potentially alter scan DB content.
For more information, see the Tenable Product Security Advisory.
Bug Fixes
| Bug Fix | Defect ID | Applies to |
|---|---|---|
| Removed dependency on the Windows package installer to update the Tenable Nessus version in the registry. | 01568976 | All Tenable Nessus versions |
| Removed plugin_info.inc from the saved files that are retained when you reset Tenable Nessus from the command line. | 01645709 | All Tenable Nessus versions |
| Fixed an issue related to agent group filtering in Tenable Nessus Manager. | 01649587 | Tenable Nessus Manager |
| Fixed a rare crash (SIGSEGV) in Tenable Nessus Manager. | 01618452, 01690745 | Tenable Nessus Manager |
| Fixed a crash that occurred when scan variable memory was freed multiple times in certain contexts. | 01653504 | All Tenable Nessus versions |
| Removed some ports from the nessus-services file. | 01681534 | All Tenable Nessus versions |
| Fixed an issue that occurred when downloading scanner logs with both Extended Logs and Sanitize IPs options set. | 01734291 | All Tenable Nessus versions |
| Fixed an issue in Tenable Nessus Managers linked to Tenable Security Center where if plugins fail to download, Tenable Security Center produces a protocol error and prevents scanning. | 01612390, 01647256, 01666618, 01692366 | Tenable Nessus Manager |
Supported Platforms
The following are supported platform updates made in Tenable Nessus 10.7.0:
-
Added support for the following operating systems:
-
Ubuntu 22.04 LTS
-
Fedora 38 and 39
-
Debian 12
-
macOS 14
-
Amazon Linux 2023
-
-
Removed support for the following operating systems:
-
Fedora 35 and 36
-
Amazon Linux 1
-
macOS 11
-
Upgrade Notes
-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.