Tenable Security Center 2025 Release Notes

• Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

• When you upgrade to Tenable Security Center 6.6.0, verify that your Nessus plugins have been updated within the last 30 days.

• If you upgrade Tenable Security Center Director, upgrade all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

• When you upgrade to Tenable Security Center 6.6.0 with a tiered setup using remote or offline universal repositories, use the following steps:

  1. Upgrade the child Tenable Security Center console that has the source repository to Tenable Security Center 6.6.0.

  2. Sync the remote repository.

  3. After the sync completes, upgrade the parent Tenable Security Center console to version 6.6.0.

  For more information, see the Knowledge Base article.

• If you are running Tenable Security Center 6.6.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

• If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 6.1.0 to 6.4.5 to 6.6.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Plugin Attachments for Tenable Nessus and Tenable Agent Scans

Plugin attachments for Tenable Nessus and Tenable Agent scans are now available under Analysis > Vulnerabilities > Vulnerability Detail List view, on the right side. Attachments are available for certain plugins, generally informational findings, to provide additional data that may not be easily displayed in the plugin output.

An Administrator can enable this setting, under Settings > Configuration > Miscellaneous > Import Additional Scan Data.

SC License by UUID

Intended for air-gapped or restricted environments, Tenable Security Center can now be licensed by a UUID, as opposed to the hostname of the OS where Tenable Security Center is installed.

For more information, see Licenses in the Tenable Security Center User Guide.

Dark Mode Enhancements

You can now toggle Dark Mode in the top navigation in Tenable Security Center. You can also enable Dark Mode to follow the OS settings.

For more information, see User Account Options in the Tenable Security Center User Guide.

Vulnerability Text and Plugin Output Fields

Under Analysis > Vulnerabilities, the Vulnerability Text filter has been renamed to Plugin Output. This also impacts this filter when editing Dashboards, Assurance Report Cards, Queries, Reports and any other filter that makes use of this field.

Under Assets > Assets, the Plugin Text filter in Dynamic Asset rules has been renamed to Plugin Output.

Under Analysis > Vulnerabilities > Vulnerability Detail List, the Output section has been renamed to Plugin Output.

This is a GUI-only change for consistency; there is no impact to the API or functionality.

CVE Links in Vulnerability Detail List

Under Analysis > Vulnerabilities > Vulnerability Detail List, the CVE links in the Reference Information section now point to the internal Tenable Security Center CVE Search, as opposed to the NIST National Vulnerability Database.

Vulnerability Intelligence and CVE Search Enhancements

VPR Key Drivers under specific CVE results have been moved from the Scores tab to the right menu.

The Plugins tab under specific CVE results is now available to Perpetual customers.

In the How does this affect me? section for specific CVE results, you can now navigate directly to the Analysis > Vulnerabilities view, focused on the IP Summary of the affected assets for that CVE.

Remediation Scan Workflow Enhancements

When you run a remediation scan from the Vulnerability Summary view, there is additional context around scan scope.

Scan Import and Job Queue Improvements

There have been changes to the Tenable Security Center job queue and how scans are imported to improve import times and reduce overall system load.

External PostgreSQL Enhancements

There is now TLS support for connecting to an external PostgreSQL databse for Tenable Security Center data.

Tenable Security Center supports PostgreSQL 13 through 16.

Tenable Security Center now supports customer-created databases. You no longer need the DBcreate permission.

Bug Fix	Defect ID
Fixed a minor issue by adding empty checks to not add extra empty rows in csv export file of report types.	02179284,02181096,02202385,02198673
Tenable Security Center Vulnerability Intelligence vulnerability results will now honor asset permissions of group which the user is assigned to.	02163477,02171177,02166294,02185544,02192858
Remove copy vulns job from dependency chain so import related jobs don't need to wait for it to finish.	02161769,02177717,02188018
Resolve the permission problem associated with custom roles.	02147029
The fixFileOwnerGroupPerms script has been revised to address file permissions for softwareUpdates.db.	02121278
The value of the agentGroups parameter in the agentScan API documentation has been revised.	02134358
Updated the Tenable Security Center API documentation with details for CyberArk credentials.	02124353
Fixes issues with Feed update.	02122846,02135032
An issue has been identified due to the absence of specific key values in the agentScan results, which is leading to the continuous growth of the sc-error.log file.	02067270
Fixed handling of use cases where tag is a number.	02059445,02069806,02074792,02109553,02194695

• Customers may encounter warnings in the logs when uploading custom plugins, indicating that certain files could not be loaded. These warnings are normal and can be ignored as Tenable Security Center only executes these plugins locally to extract metadata about the custom plugins.

• Tenable Enclave Security customers: During a Tenable Security Center migration or upgrade, some tasks, such as feed and plugin updates, may be removed from the job queue if they were running at the time. This is normal and nothing to be concerned about, as these tasks will run again eventually as they are scheduled jobs.

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.6.0.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Network Monitor	5.11.0 and later

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops.

6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh

• pg_ctl

• postgres

• psql

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops.

6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh

• libcrypto.a

• libcrypto.so

• libcrypto.so.3

• libcurl.a

• libcurl.la

• libcurl.so.4.8.0

• libssl.so

• libssl.so.3

• openssl

• php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply this patch if you previously applied Tenable Security Center Patch 202412.1-6.3.x (2024-12-20) and subsequently upgraded to a more recent version of Tenable Security Center.

If you previously applied the 202412.1-6.3.x patch and did not upgrade to a more recent version of Tenable Security Center, download and apply the 202412.1-6.3.x patch again.

If you did not apply patch 202412.1-6.3.x, then you do not need to apply patch 202503.1-6.4.x-6.5.x.

To enable updates through the Tenable Security Center feed:

1. Log in to Tenable Security Center as an Administrator.

2. In the left navigation, click System > Configuration.

   The Configuration page appears.

3. Click the Plugins/Feed tile.

   The Plugins/Feed Configuration page appears.

4. On the Plugins/Feed Configuration page, in the Tenable Security Center Software Updates section, enable the Enable Updates Through the Tenable Security Center Feed option.

   During the next scheduled feed update, Tenable Security Center applies the patch. In the Available Software Updates table, a timestamp appears in the row for the patch in the Last Updated column.

   -or-

   On the Plugins/Feed Configuration page, in the Available Software Updates section, select the patch in the table and click Install Now.

   Tenable Security Center applies the patch. In the Available Software Updates table, a timestamp appears in the row for the patch in the Last Updated column.

5. After the installation finishes, you must restart Tenable Security Center.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops.

6. After the installation finishes, you must restart Tenable Security Center.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh

• patch.manifest

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

   Note: If Tenable Security Center does not automatically restart, then you may need to restart Tenable Security Center manually.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• Base.php

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.