Tenable Security Center 2024 Release Notes
Tip: You can subscribe to receive alerts for Tenable documentation updates.
These release notes are listed in reverse chronological order. To jump to a place in the release notes, use the list to the right.
Tenable Security Center 6.5.1 Release Notes (2024-12-11)
You can download the update files from the Tenable Security Center Downloads page.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Note: Migrating from a Tenable Security Center on-prem deployment to Tenable Enclave Security is supported only on Red Hat Enterprise Linux 9.
Note: When you upgrade to Tenable Security Center 6.5.1, verify that your Tenable Nessus plugins have been updated within the last 30 days.
Note: When you upgrade to Tenable Security Center 6.5.1 with a tiered setup using remote or offline universal repositories, use the following steps:
-
Upgrade the child Tenable Security Center console that has the source repository to Tenable Security Center 6.5.1.
-
Sync the remote repository.
-
After the sync completes, upgrade the parent Tenable Security Center console to version 6.5.1.
For more information, see the Knowledge Base article.
If you are running Tenable Security Center 6.3.0 or later, you can upgrade directly to Tenable Security Center 6.5.1. If you are running a version earlier than Tenable Security Center 6.3.0, upgrade to Tenable Security Center 6.4.5 before upgrading to Tenable Security Center 6.5.1.
If you are running Tenable Security Center 6.5.1 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.
If you upgrade Tenable Security Center Director, upgrade all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.
Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.
Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.23.0 to 6.0.0 to 6.5.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.
Improved Tenable Core Compatibility
Minor changes were made to improve the user experience when running Tenable Security Center 6.5.1 or later on Tenable Core systems.
-
Updated PHP to version 8.2.26.
For more information about the API changes for this release, see the Tenable Security Center API Changelog.
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page page.
The following table lists the Tenable product versions tested with Tenable Security Center 6.5.1.
For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.
| Product | Tested Version |
|---|---|
| Tenable Nessus |
8.9.0 and later |
| OT Security | 3.9.25 and later |
| Tenable Log Correlation Engine | 6.0.0 and later |
| Tenable Network Monitor | 5.11.0 and later |
Tenable Security Center 6.5.0 Release Notes (2024-12-05)
You can download the update files from the Tenable Security Center Downloads page.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Note: If you have more than 10,000 active IPs and you upgrade to Tenable Security Center 6.5.0 from version 6.2.1 or earlier, you must update some values in the Apache configuration file as part of the upgrade process. For more information, see Update the Apache Configuration File in the Tenable Security Center User Guide.
Note: If you have more than 100,000 assets and you upgrade to Tenable Security Center 6.5.0, you must configure an external PostgreSQL database. For more information, see Connect an External PostgreSQL Server in the Tenable Security Center User Guide.
Note: When you upgrade to Tenable Security Center 6.5.0, verify that your Nessus plugins have been updated within the last 30 days.
Note: When you upgrade to Tenable Security Center 6.5.0 with a tiered setup using remote or offline universal repositories, use the following steps:
-
Upgrade the child Tenable Security Center console that has the source repository to Tenable Security Center 6.5.0.
-
Sync the remote repository.
-
After the sync completes, upgrade the parent Tenable Security Center console to version 6.5.0.
For more information, see the Knowledge Base article.
If you are running Tenable Security Center 6.3.0 or later, you can upgrade directly to Tenable Security Center 6.5.0. If you are running a version earlier than Tenable Security Center 6.3.0, upgrade to Tenable Security Center 6.4.5 before upgrading to Tenable Security Center 6.5.0.
If you are running Tenable Security Center 6.5.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.
If you upgrade Tenable Security Center Director, upgrade all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.
Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.
Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.21.0 to 6.1.0 to 6.5.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.
Vulnerability Intelligence
Tenable is pleased to announce Vulnerability Intelligence in Tenable Security Center; functionality designed to help customers to make data-driven decisions to better prioritize and operationalize their security programs. Vulnerability Intelligence provides immediate access to Tenable Research data for every CVE, updated daily, to provide context and insight to risk in your own environment. This includes VPR and EPSS risk trends over time per CVE, notable events in the lifetime of the CVE, direct insight to relevant risk categories, such as Ransomware, CISA Known Exploitable, Emerging Threats, and more.
After upgrading to Tenable Security Center 6.5.0, Vulnerability Intelligence may take a few minutes to populate your existing data.
Note: Vulnerability Intelligence is only currently available to subscription customers of Tenable Security Center and Tenable Security Center+.
For more information, see Vulnerability Intelligence in the Tenable Security Center User Guide.
Web Application Scanning Scaling
Support has been added for Tenable Core + Tenable Web App Scanning and Web App Scanning as a Docker Image as sensors for Web Application Scanning in Tenable Security Center. Using these sensors allows Tenable Security Center to assess more web applications at one time and improves scan performance.
Note: The historical method of deploying Tenable Nessus + Docker + Tenable Web App Scanning for Tenable Security Center scanning support will be deprecated in a future release. It is no longer recommended.
For more information, see Web Application Scanners in the Tenable Security Center User Guide.
EPSS and CVSSv4
EPSS and CVSSv4 are now supported in Tenable Security Center for filtering and reporting on relevant findings.
For more information, see Plugin Filter Components, Query Builder Filters, and Vulnerability Analysis Filter Components, in the Tenable Security Center User Guide.
Benchmark Reporting for Remote Repositories
For large scale or federated environments, compliance benchmark data is now supported in Remote Repositories in the upstream Tenable Security Center or Tenable Security Center Director console, enabling consolidated reporting of this data.
For more information, see Repositories in the Tenable Security Center User Guide.
Workspace ONE MDM Integration
Tenable Security Center now supports the Workspace ONE Mobile Device Management (MDM) Integration, allowing them to seamlessly collect mobile device information into the Tenable platform. Workspace ONE replaces the functionality of the AirWatch MDM integration and offers enhanced performance capabilities.
For more information, see Mobile Repositories in the Tenable Security Center User Guide.
Remote Repository SSH Key Exchange
Security Center now supports ECDSA SSH keys for remote repository synchronization, enabling out of the box functionality with newer operating systems and hardened configurations.
For more information, see Keys Settings in the Tenable Security Center User Guide.
CVE Global Search
The CVE-based Global Search is now updated to use the same UI as Vulnerability Intelligence.
Plugin Mitigation Logic Enhancements
Some scan policy configurations, such as Thorough Tests, Scan Accuracy and Tenable Nessus Web Tests can change how plugins behave during a scan. In some situations, these configurations may result in misleading cumulative scan results if multiple scans are run on the same targets with different scan configurations. In Tenable Security Center 6.5.0, these settings are tracked at the finding level and mitigation logic takes the configuration value into account when determining if the findings should be mitigated or not. New filters and insight to these resultant Finding values are also available in the Analysis view.
These scan policy configurations are only available for universal repositories.
Note: On upgrade to 6.5.0, the values for the new data fields tracking the state of the scan configurations per finding is effectively set to false. The first scan triggering the findings after upgrading to 6.5.0 will populate the fields with the proper values, and the enhanced mitigation workflow will occur on the 2nd scan that triggers the findings.
For more information, see Vulnerability Analysis Filter Components in the Tenable Security Center User Guide.
Replace Security Managers with UID 1
Previously, Security Center did not allow the first user created within an organization to be deleted. Functionality now exists to allow the replacement of that user with another existing user, effectively allowing a new identity to assume that role and ownership of the existing objects.
For more information, see Replace First User in the Tenable Security Center User Guide.
-
Updated Apache FOP to version 2.10.
-
Updated Apache HTTP Server to version 2.4.61.
-
Updated Apache Portable Runtime to version 1.7.5.
-
Updated OpenSSL to version 3.0.15.
-
Updated PHP to version 8.2.2.4.
| Bug Fix | Defect ID |
|---|---|
| Updated the Tenable Security Center API document with details for CyberArk credentials | 02124353 |
| Updated Tenable Security Center so the tpcGetLatestLicense job will not run outside of Tenable Enclave Security. | 02122638, 02125987, 02130664, 02132034, 02139140, 02103089 |
| Updated the API documentation with correct typeFields | 02091893 |
| Changed the .io tag generation logic in SC so that if not a true FQDN, SC will fall back to using the IP address | 02078580 |
| Fixed an issue where partial scan results for Web App scans were throwing errors. | 02078979, 02129081 |
| Fixed DNS comparison function. | 02083628 |
| Fixed an issue where customers could not open plugin debugging logs. | 02082824 |
| Include combination assets when determining if consumers of the asset need to be updated. | 02075751 |
| Improve handling of DHCP move in IP repos. | 02015174 |
| Fixed exception thrown in Load Query dropdown in Analysis view. | 02071476, 02080578, 02091505, 02095811, 02130531 |
| Addressed a GUI bug so that all pages in SC that have columns do not throw unnecessary notifications which confused users | 02069047 |
| Fixed an issue where the vulnerabilities of too many IP addresses were included in reports. | 01956788 |
| Improve handling of failure to send the policy during scan setup. | 02012329, 02094183 |
| Fixed evaluateHealthOverview job name where previously the job was not being triggered for upgraded instances | 02007709, 02110504 |
| Fixed issues with line breaks in the Solutions view. | 02011599 |
| Fixed issue by adding pagination to Repository Expiration Data in Configuration where it previously showed expiration data for only 50 repositories | 01834047 |
| Fixed an issue where custom plugins are no longer visible in the policy after the customer migrates to SC 6.3 | 01801685 |
| A fix is added to fail gracefully instead of crashing SC when the .nessus files contain an invalid hostname | 01794827 |
| Fixed an issue where SAML was requiring a GroupID for admin users during the user provisioning. | 01770273, 02087043 |
-
Tenable Security Center consoles managed by Tenable Security Center Director cannot use the new Web Application Scanning and Sensor Proxy functionality.
For more information about the API changes for this release, see the Tenable Security Center API Changelog.
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page page.
The following table lists the Tenable product versions tested with Tenable Security Center 6.5.0.
For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.
| Product | Tested Version |
|---|---|
| Tenable Nessus |
8.9.0 and later |
| OT Security | 3.9.25 and later |
| Tenable Log Correlation Engine | 6.0.0 and later |
| Tenable Network Monitor | 5.11.0 and later |
Tenable Security Center Patch 202408.1-6.2.1 (2024-08-13)
Apply this patch to Tenable Security Center installations running version 6.2.1. This patch updates Apache HTTP Server to version 2.4.62 and curl to version 8.8.0.
Note: When installing both patches 202408.1 and 202407.1, you must install the July patch (202407.1) first. This ensures all vulnerabilities are properly remediated and will prevent compatibility issues which may cause instability in Tenable Security Center.
Note: This release includes a fix for multiple vulnerabilities. For more information, see the Tenable Product Security Advisory.
Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:
- Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).
-
Access the command line as a user with root-level permissions.
-
Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:
tar zxf [patch file name]
-
Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:
cd [directory]
-
Run the following command to begin the installation:
sh ./install.sh
The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.
Note: If Tenable Security Center does not automatically restart, then you may need to restart Tenable Security Center manually.
What to do next:
-
(Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.
-
httpd
-
install.sh
-
multiple Apache and curl files
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.
Tenable Security Center Patch 202407.1-6.2.1 (2024-07-09)
Apply this patch to Tenable Security Center installations running version 6.2.1. This patch updates Apache to version 2.4.59 and PHP to version 8.2.20 to address CVE-2024-5458 and CVE-2024-5585. This is a Critical Severity patch for Tenable Security Center 6.2.1.
Note: When installing both patches 202408.1 and 202407.1, you must install the July patch (202407.1) first. This ensures all vulnerabilities are properly remediated and will prevent compatibility issues which may cause instability in Tenable Security Center.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory for patch 202407.1.
Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:
- Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).
-
Access the command line as a user with root-level permissions.
-
Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:
tar zxf [patch file name]
-
Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:
cd [directory]
-
Run the following command to begin the installation:
sh ./install.sh
The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.
Note: If Tenable Security Center does not automatically restart, then you may need to restart Tenable Security Center manually.
What to do next:
-
(Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.
-
httpd
-
install.sh
-
php
-
patch.manifest
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.
Tenable Security Center Patch 202403.1-6.2.1 (2024-03-25)
Apply this patch to Tenable Security Center installations running versions 6.2.1. This patch updates SQLite to 3.44.0 to address CVE-2023-7104 and CVE-2024-1367.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:
- Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).
-
Access the command line as a user with root-level permissions.
-
Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:
tar zxf [patch file name]
-
Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:
cd [directory]
-
Run the following command to begin the installation:
sh ./install.sh
The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.
Note: If Tenable Security Center does not automatically restart, then you may need to restart Tenable Security Center manually.
What to do next:
-
(Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.
-
fileIntegrityHashGenerator.php
-
install.sh
-
/opt/sc/bin/agent_prepareassets
-
/opt/sc/bin/ipv4_prepareassets
-
/opt/sc/bin/ipv6_prepareassets
-
/opt/sc/bin/universal_prepareassets
-
/opt/sc/bin/showvulns
-
/opt/sc/bin/showvulns-archive
-
/opt/sc/bin/showvulns-individual
-
/opt/sc/bin/showvulns-mobile
-
/opt/sc/support/bin/sqlite3
-
/opt/sc/support/lib/libsqlite3.la
-
/opt/sc/support/lib/libsqlite3.a
-
/opt/sc/support/lib/libsqlite3.so.0.8.6
-
/opt/sc/src/lib/AssetLib.php
-
/opt/sc/src/DebugLogs.php
-
/opt/sc/src/lib/ResponseHandlerLib.php
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.
Tenable Security Center Patch 202403.1-6.2.0 (2024-03-25)
Apply this patch to Tenable Security Center installations running versions 6.2.0. This patch updates SQLite to 3.44.0 to address CVE-2023-7104 and CVE-2024-1367.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:
- Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).
-
Access the command line as a user with root-level permissions.
-
Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:
tar zxf [patch file name]
-
Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:
cd [directory]
-
Run the following command to begin the installation:
sh ./install.sh
The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.
Note: If Tenable Security Center does not automatically restart, then you may need to restart Tenable Security Center manually.
What to do next:
-
(Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.
-
fileIntegrityHashGenerator.php
-
install.sh
-
/opt/sc/bin/agent_prepareassets
-
/opt/sc/bin/ipv4_prepareassets
-
/opt/sc/bin/ipv6_prepareassets
-
/opt/sc/bin/universal_prepareassets
-
/opt/sc/bin/showvulns
-
/opt/sc/bin/showvulns-archive
-
/opt/sc/bin/showvulns-individual
-
/opt/sc/bin/showvulns-mobile
-
/opt/sc/support/bin/sqlite3
-
/opt/sc/support/lib/libsqlite3.la
-
/opt/sc/support/lib/libsqlite3.a
-
/opt/sc/support/lib/libsqlite3.so.0.8.6
-
/opt/sc/src/lib/AssetLib.php
-
/opt/sc/src/DebugLogs.php
-
/opt/sc/src/lib/ResponseHandlerLib.php
Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.