Tenable Security Center 2023 Release Notes

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 6.2.1. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 6.2.1.

If you are running Tenable Security Center 6.2.1 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable Security Center Director, upgrade Tenable Security Center for all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

Note: Tenable Security Center 6.2.1 includes an update for SimpleSAML. You will need to update your SAML audience URI from tenable.sc to https://tenable.sc. For SAML Authentication examples, see SAML Authentication XML Configuration Examples.

Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.20.0 to 5.23.1 to 6.2.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.

• Updated Apache HTTP Server to version 2.4.58.

• Updated SimpleSAML to version 2.0.7.

• Updated curl to version 8.4.0.

Bug Fix	Defect ID
Fixed an issue where members of the Full Access group are not able to view the scan results of a user that is a member of a different group.	01712526, 01709676, 01716718, 01717398, 01716624, 01715627, 01720276, 01715492, 01713546, 01702215, 01721871
Fixed an issue where upgrading to 6.2.0 is slow when there are many matrix components on dashboards.	01712249, 01716663, 01703320
Fixed an issue with API errors due to scanID in the payload.	01703783, 01706036, 01707209, 01707766, 01704514, 01706540, 01707963, 01707964, 01704996

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.2.1.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Log Correlation Engine	6.0.0 and later
Tenable Nessus Network Monitor	5.11.0 and later

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

   Note: If Tenable Security Center does not automatically restart, then you must restart Tenable Security Center manually.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh
• Utility.php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 6.2.0. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 6.2.0.

If you are running Tenable Security Center 6.2.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable Security Center Director, upgrade Tenable Security Center for all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

Note: Tenable Security Center 6.2.0 includes an update for SimpleSAML. You will need to update your SAML audience URI from tenable.sc to https://tenable.sc. For SAML Authentication examples, see SAML Authentication XML Configuration Examples.

Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.20.0 to 5.23.1 to 6.2.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.

Tenable Web App Scanning Support

Tenable Security Center users can now use Web App Scanning capabilities, leveraging the Tenable Nessus integration with Tenable Web App Scanning. Users can configure scans, analyze vulnerabilities, search dashboards, and create reports with Web App Scanning data in Tenable Security Center. To enable Web App Scanning with Tenable Security Center, contact your Tenable account representative.

For more information, see Web App Scans in the Tenable Security Center User Guide.

Domain Inventory Asset Lists

Tenable Security Center users can now create asset lists from findings in the Domain Inventory.

For more information, see Create a Domain Inventory Asset List in the Tenable Security Center User Guide.

Asset Criticality Rating and Asset Exposure Score Scoring Algorithm Update

The scoring algorithms for ACR and AES have been updated to match the current algorithms used by Tenable One. As a result of these algorithm updates, Tenable Security Center users may see changes of up to 400 points in ACR and AES values.

For more information about the algorithm, see Tenable One Scoring Explained.

Improvements to Tenable Security Center Software Updates

Tenable Security Center admin users can now view and execute all patch updates from the Tenable Security Center UI.

For more information, see Plugins/Feed Settings in the Tenable Security Center User Guide.

Custom Classification Banner

Tenable Security Center users can now create custom classification banners with user-defined text and color for use in Tenable Security Center and reports.

For more information, see Security Settings in the Tenable Security Center User Guide.

Credential Updates

There are new available credentials and fields for existing credentials:

• Support for auto discovery of managed VMware ESXi hosts and virtual machines in authenticated scans.

• Support for Senhasegura PAM in authenticated scans.

• Support for Kerberos target authentication with CyberArk and Hashicorp in authenticated scans.

• Support for Checkpoint Gaia 'Expert' privilege escalation in authenticated scans.

For more information, see Miscellaneous Credentials, SSH Credentials, Windows Credentials, and Privilege Escalation in the Tenable Security Center User Guide.

Updated Tenable Security Center to remove support for weaker, legacy cipher suites.

Bug Fix	Defect ID
For the Delinea Secret Server credential, users can now enter a URL in the Delinea Host field. Before you could only enter an IP or hostname.	01654432
Generic SSH Escalation field removed required and filed setup as per policy if required or not.	01646876
In some cases duplicate hosts in Universal repositories were counted toward the license for each repo they were in.	01640824, 01664333, 01666525, 01667889
Fixed a bug in file upload requests to scanners when Tenable Security Center and the scanner utilize certificate-based authentication. During the request generation, Tenable Security Centerwas inadvertently omitting the certificate, resulting in an erroneous outcome.	01631946
Update CSS only for specific drop-down element style to unset few global style, fixes the issue.	01627284
Update logic front-end won't display the error status until the dashboard has been fully evaluated.	01612838
The User::GET API response will now follow the objective of permissions as intended and matches with the GUI.	01623694
Improved the user deletion functionality to resolve the issue and implemented a restriction allowing users to only bulk delete up to 10 users at a time.	01624468
The "User Text" field in the Authentication Settings form was mislabelled as "Header Text", which could lead to confusion about where the value would be displayed. This field label has been corrected.	01617548
Updated the PHP file integrity check to exclude SAML configuration files.	01620889
For customer clarity, update caption for “Report” Alert action to now read: "Launch an existing On Demand Report"	01609808
When users are marked as deleted during migration because no message.db was found, updated the code so that you can no longer login as the deleted user.	01591639
Addressed an issue within the agent scan feature where the Agent scan PATCH REST API call was unintentionally removing agentGroups.	01606876
Resolved a bug within the policy feature, which was causing incomplete returns of audits when utilizing the auditFiles field with the /rest/policy endpoint.	01617747
While exporting the Host Discovery Policy, if the field max_simult_tcp_sessions is empty in Policy settings, then it will retain empty value in the exported file [instead of previously defaulted to unlimited].	01615970
"CVE ID" option in "Filter By" filter in Plugins module now allows selection of four different operators: Equal To (=), Not Equal To (≠), Contains, and Does Not Contain.	01614878
A bug introduced in Tenable Security Center 6.0 caused scans to only send IP addresses as targets rather than IP and FQDN when scanning with DNS asset lists as targets.	01602558, 01647697, 01610272
Update logic, now on page load, set the default timeframe chosen by the consumer, then the static one.	01611113
Users cannot use IPs as the Target type to identify the hosts that a risk rule should apply to if the host is in an agent repository.	01599040
In the scanner status log, fixed passwords that were being shown in plain text.	01610301
This is as designed. The missing information has been incorporated into the User Guide.	01596286
The f/e for System Logs was upgraded to a new model. The b/e code has been upgraded to support this new model. Now users can display results, use filters, and utilize the paging operations, and the item ranges and totals and page ranges and totals are correct.	01605309
Fixed a bug within the job daemon process responsible for managing the cleanup of terminated processes, which was leading to application crashes.	01604331
Added a fix about calculating scrollLeft position of the grid container before refresh and set the left position after the grid is refreshed.	01589237
In some cases Tenable Security Center was not removing namedb entries for hosts that were removed from the repository. This could cause namedb to grow very large if customers have a lot of short lived assets. Orphaned namedb entries will now be cleaned up.	01605832
Tenable Vulnerability Management changed the behavior of what happens when invalid API keys are provided to the server status api. Now Tenable Vulnerability Management returns a 401 which is an authorization failure. Updated the code so that If an authorization failure is detected, it returns gracefully that the connection failed.	01602907
Updated the nightly cleanup function that cleans up stale Scan Reports to properly handle the case where the scanner does not exist.	01600461
This resolves an issue in which the scan process would continue to run if the scan was deleted while the scan status was Preparing, Resolving, Verifying, or Initializing.	01599473
Fixed an issue with the installSSLCertificate.php script that previously prevented users from utilizing multiple options simultaneously.	01600901
Fixed a bug with querying Mobile data using the Identifier filter with an Identifier that has a comma in it. There was no way to tell if the comma was part of the value or a separator. The solution is to support one value in the Identifier filter. This resolves the problem of no data showing up when drilling down from the Device Summary tool to the Vuln List tool.	01597703
Redesigned this component as an enhancement to Tenable Security Center 6.2.0.	01588770
Fixed an issue where feed update or Tenable Security Center install would fail if TSC_ENTROPY_CHECK environment variable was set to true to force Tenable Security Center to use /dev/random as a random number generator.	01585877
Bugfix added to auto-refresh third-party charting library components in the rare event they do not render correctly on the first attempt.	01575902, 01595662
Fixed an issue where plugin names were being displayed as blank when plugin locale was changed before running the first plugin update job.	01577810
Fixed some cases where database locks were occuring during the import of scan results.	01570024
In some cases high quality OS detections were being overwritten by lower quality OS detections.	01573983
The prepareassets will be launched for all orgs [with access to agent repo] as below: the original initiator id will be retained for initiator org. for the other orgs the initiatorID will be the ORGHEAD id.	01557616
Customer is now able to properly filter by SCAP Audit Files in cases where this was not working.	--
Fixed the logic to show only the login panel/startup banner at once. The login Panel will be hidden by the startup banner if available in all cases.	01571286, 01524466
Fixed an issue where STIG audit was failing because RPM verification was flagging tvdb.db as being modified.	01550156
New field "Inactivity Timeout" provided in Active Scan Settings during creation/update to customize the timeout limit for receiving the Scan Progress before jumping Scanners.	01561848
Fixed how IP list is retrieved when an asset is not shared with a certain group.	01567384
Fixed an issue where PIV certificate authentication would fail after upgrading to Tenable Security Center 6.0.0 if the certificate contained multi-rdn values for CN	01564014
Added scroll to the slideout section so as to allow interaction with the entire content.	01563543
CSS updated to prevent textbooks from overriding dropdown elements.	01562172, 01648424, 01646722
Fixed a validation message that erroneously suggested users could apply multiple CVE filters when creating policies in the plugins section.	01552320, 01573872
Update logic by removing remote and offline repositories from the selected repository list.	01528355, 01625287
Fixed an issue in the feed update procedure that impacted customers with sizable organizations, numerous assets, dashboards, and reports. This was resolved by isolating the lengthy operation into its dedicated job.	01532323, 01643639
Customers were seeing system slowness due to a large number of queries defined. The customer in question was using the Tenable Security Center ticketing system and associating queries with tickets. So a large number of the queries were associated with tickets. Tickets are never deleted in Tenable Security Center and so neither are the associated queries. The solution is to delete any queries associated with a ticket when the status of the ticket is changed to "closed". In addition, to cleanup existing data, a migration script was created to delete all queries associated with tickets where the ticket status is "closed".	01446976, 01473727
Fixed a bug in the Picture in Picture feature, where users on slower connections would occasionally encounter an error message regarding invalid credentials.	01369184

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.2.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Log Correlation Engine	6.0.0 and later
Tenable Nessus Network Monitor	5.11.0 and later

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh

• libcrypto.a

• libcrypto.so

• libcrypto.so.1.1

• libssl.so

• libssl.so.1.1

• openssl

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• install.sh

• libcrypto.a

• libcrypto.so

• libcrypto.so.3

• libssl.so

• libssl.so.3

• openssl

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 6.1.1. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 6.1.1.

If you are running Tenable Security Center 6.1.1 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable Security Center Director, upgrade Tenable Security Center for all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.20.0 to 5.23.1 to 6.1.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.

MaaS360 MDM Integration

Tenable Security Center customers can now create MaaS360 MDM mobile repositories.

For more information, see Mobile Repositories in the Tenable Security Center User Guide.

Updated Tenable Security Center to remove support for weaker, legacy cipher suites.

Bug Fix	Defect ID
When syncing assets lists from Tenable Security Center to Tenable Vulnerability Management, updated the request payload so that filter values are chunked to contain no more than 1024 values per filter. Customers can now sync asset lists from Tenable Security Center to Tenable Vulnerability Management tags successfully when they contain more than 1024 filter values (IPs, FQDNs, and Tenable UUIDs).	01597028
Tenable Security Center was updated to maintain asset information in the case when all cumulative vulns have expired but there are some mitigated vulns remaining.	01570011, 01585371, 01604201
Updated diagnostics so that all system calls run successfully with the output results shown in sc-systeminfo.txt within the diagnostic file. A diagnostic can now be successfully run in EL7, 8, and 9 environments.	01584035
Fixed issue with asset calculation in Universal repository when a referenced asset no longer existed.	01548973, 01593435, 01612646
Fixed bug in asset list count for Universal repository that occurred when there was more than one asset with the same FQDN in the repository.	01557339, 01589415
Fixed an issue that caused an "API Keys not accepted" error for agent scans on agent manager.	01534931, 01540595, 01561334
When editing an asset on a large repository with many groups and a large user base, the internal error 500 occurs. Now this has been resolved.	01531118, 01555418

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.1.1.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Log Correlation Engine	6.0.0 and later
Tenable Nessus Network Monitor	5.11.0 and later

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• php

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

If you are running Tenable Security Center 6.1.0 and have enabled updates through the feed, this patch will be applied automatically.

To enable updates through the Tenable Security Center feed:

1. Log in to Tenable Security Center as an Administrator.

2. In the left navigation, click System > Configuration.

   The Configuration page appears.

3. Click the Plugins/Feed tile.

   The Plugins/Feed Configuration page appears.

4. On the Plugins/Feed Configuration page, in the Tenable Security Center Software Updates section, enable the Enable Updates Through the Tenable Security Center Feed option.

   During the next scheduled feed update, Tenable Security Center applies the patch. In the Tenable Security Center Software Updates table, a timestamp appears in the row for the patch in the Last Updated column.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• httpd

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• httpd

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 6.1.0. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 6.1.0.

If you are running Tenable Security Center 6.1.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable Security Center Director, upgrade Tenable Security Center for all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.20.0 to 5.23.1 to 6.1.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.

Global Search for Assets

Tenable Security Center customers can now use the Global Search feature to search for host assets by IPv4.

For more information, see Search in the Tenable Security Center User Guide.

Domain Inventory Filtering

Tenable Security Center customers can now filter their domain inventory assets.

For more information, see Domain Inventory Filter Components in the Tenable Security Center User Guide.

Linked Users for Non-Admin Accounts

Tenable Security Center customers can now create linked users for Security Manager user accounts.

For more information, see Linked User Accounts in the Tenable Security Center User Guide.

Bulk ACR Edit

Tenable Security Center customers can now edit multiple ACR values at a time.

For more information, see Edit an ACR Manually in the Tenable Security Center User Guide.

Recast Expiration Date

Tenable Security Center customers can now set expiration dates for recast rules.

For more information, see Add a Recast Risk Rule in the Tenable Security Center User Guide.

Tenable One Data Reliability

For customers using the Lumin Connector, Tenable Security Center data in Lumin is now far more reliable as Tenable One now recognizes the host UUID generated by Tenable Security Center.

For more information, see Tenable One Synchronization in the Tenable Security Center User Guide.

Notification Bell Icon

The Tenable Security Center header now includes a notification bell, which alerts users of important notifications.

For more information, see Notifications in the Tenable Security Center User Guide.

Wildcards in NetBIOS Name Filter

Tenable Security Center customers can now user wildcards and regular expressions in the Vulnerability Analysis NetBIOS Name filter.

For more information, see Vulnerability Analysis Filter Components in the Tenable Security Center User Guide.

Delinea Secret Server PAM

Tenable Security Center now supports the Delinea Secret Server PAM authentication method.

For more information, see Windows Credentials, SSH Credentials, and Privilege Escalation in the Tenable Security Center User Guide.

Added commas to numbers with four or more digits to make them easier to read.

Bug Fix	Defect ID
A POST request to create a policy requires that the state (mixed or enabled), and the type (locked or unlocked for a state of mixed, and always unlocked for a state of enabled) be included for each family in the request.	01558364
Added a fix where "Create Plugin scans" is not visible if "Create Scan" is disabled on initial loading of a custom role edit.	01553947
Corrected how Tenable Security Center determines if the data is ready to refresh.	01509109
PDFs are no longer encrypted by default. The 'Encrypt PDF' option must be enabled before a PDF is encrypted.	01549696
Fixed issues handling and accounting for early, requested pauses, resumes and stops within the active scan process.	01546822
Fixed loading of AES/ACR from database.	01546444
This fixes a bug where the code was crashing if the user used an external SC API and did not provide a User Agent header.	01538318
Fixed issue where users were unable to copy Dashboard components to Dashboard tabs that they manage but not own.	01401206
Added a sort compare function for the risk reduction column and will sort properly in the dashboard component "Worst of the worst - Top 10 prioritized actions"	01513870
Fixed issue where column "IP/Device Count" did not sort properly in Repositories list view.	01524451
Improvements made to mobile scans to prevent timeouts.	01435903
Fixed user privileges for scan results view to have pause and stop button enabled for the scans created by that user, even without MO enabled.	01512444
typeFields was not handled properly for few credential types. Now all supported credential types support typeFields.	01489431
Optimization of backend queries during the SC feed process. This saves PHP memory and prevents PHP 'out of memory' issues.	01510611, 01508444, 01532158, 01537509
When creating a scan policy, setting "Search for DTLS" to anything other than 'None' saves correctly now.	01503411
Fixed an issue where importing a scan causes a "license check failed" error.	01501139, 01515264
Fixed an issue where column "Owner" did not sort properly in Active Scans list view.	01498956
Fixed an issue where old scan results were not being cleaned up when an expiration lifetime was configured.	01488760
Large Tenable Security Center Debug logs will no longer throw memory related issues.	01493694, 01497471, 01550915
Fixed an issue where the post-scan report was not generated if the active scan was created via API.	01439481

• The Address filter on the Domain Inventory page allows users to enter invalid values.

• Some instances of Tenable Lumin still appear in the UI, instead of Tenable One.

• If a user views the View Scan Result page while a scan is running, an error may appear in the admin log. This will not affect the scan.

• There is a cosmetic UI issue with overflowing borders on the Add Dynamic Asset page.

• There can be discrepancies between vulnerability data in Tenable Security Center and Tenable Vulnerability Management when vulnerabilities for dead hosts are removed from the cumulative database.

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.1.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Log Correlation Engine	6.0.0 and later
Tenable Nessus Network Monitor	5.11.0 and later

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• libcrypto.a

• libcrypto.so

• libcrypto.so.3

• libssl.so

• libssl.so.3

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• libcrypto.so.1.1

• libssl.so.1.1

• openssl

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• libcurl.a

• libcurl.la

• libcurl.so.4.8.0

• liblber.so.2.0.200

• libldap.so.2.0.200

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• httpd

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

Apply the patch to a standalone Tenable Security Center or Tenable Core + Tenable Security Center:

1. Download the patch from the Tenable Security Center Downloads page to Tenable Security Center. You can save the files in any location (e.g., /tmp).

2. Access the command line as a user with root-level permissions.

3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

   tar zxf [patch file name]

4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

   cd [directory]

5. Run the following command to begin the installation:

   sh ./install.sh

   The installation begins and Tenable Security Center stops. After the installation finishes, Tenable Security Center automatically restarts.

What to do next:

• (Optional) Confirm the patch successfully applied to Tenable Security Center, as described in the knowledge base article.

• html/index.html

• html/main.52a1ec78d7f29ac9bc2d.js

• SCILib.php

• style.css

• darkmode.css

• install.sh

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

If you are running Tenable Security Center 5.12.0 or later, you can upgrade directly to Tenable Security Center 6.0.0. If you are running a version earlier than Tenable Security Center 5.12.0, upgrade to Tenable Security Center 5.12.0 before upgrading to Tenable Security Center 6.0.0.

If you are running Tenable Security Center 6.0.0 and you are using pyTenable with the Tenable Security Center API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable Security Center Director, upgrade Tenable Security Center for all managed Tenable Security Center instances connected to Tenable Security Center Director. After upgrading, allow up to 15 minutes for your managed Tenable Security Center instances to sync with Tenable Security Center Director.

Tenable recommends performing a backup before upgrading Tenable Security Center. For more information, see Perform a Backup in the Tenable Security Center User Guide.

This release includes an upgrade to OpenSSL 3.0.x. This resolves two issues found in the open source libraries, CVE-2021-3450 and CVE-2021-3449. Both issues were rated High. As a result, X.509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to authenticate servers or clients. Customers who encounter this issue should upgrade their certificates. For more information, see the OpenSSL 3.0 release notes.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable Security Center (for example, upgrading from 5.9.0 to 5.12.0 to 6.0.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable Security Center 5.21.0 is the last version of Tenable Security Center that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable Security Center User Guide.

New Look and Feel

The Tenable Security Center look and feel has been modernized by updating the typography, navigation, login screen, and more.

OpenSSL 3.0 Support

Tenable Security Center now supports OpenSSL 3.0.

Oracle Linux 9 and Red Hat Enterprise Linux (RHEL) 9 Support

Added support for Oracle Linux 9 and RHEL 9. Tenable Security Center will continue to support CentOS 7, RHEL 7, and RHEL 8.

For more information, see System Requirements in the Tenable Security Center User Guide.

Dashboard Matrix Default Color Swatches

Tenable Security Center customers can now select from a group of default colors when editing dashboard matrix component rules.

For more information, see Custom Dashboard Component Options in the Tenable Security Center User Guide.

Scan Policy Plugin Management

Tenable Security Center customers can now add and enable plugins in mixed plugin families.

For more information, see Configure Plugin Options in the Tenable Security Center User Guide.

Updating Tenable Security Center Patches Through the Feed

Tenable Security Center customers can now download and install patches directly inside the Tenable Security Center console. There is a new option to automatically install patches with feed updates.

For more information, see Configuration Settings in the Tenable Security Center User Guide.

Health Overview Dashboard

Tenable Security Center has a new Health Overview dashboard that provides quick access to deployment issues. Tenable Security Center customers can use this dashboard to gain better insight and understanding of their Tenable Security Center infrastructure.

For more information, see Health Overview Dashboard in the Tenable Security Center User Guide.

Password Expiration

Tenable Security Center administrative users can now set password expiration settings for users.

For more information, see User Account Options in the Tenable Security Center User Guide.

Current/Previous Year Filter

The Time filter in Tenable Security Center now includes the Current Year and Last Year options.

For more information, see Vulnerability Analysis Filters in the Tenable Security Center User Guide.

Wallix Bastion PAM

Tenable Security Center now supports the Wallix Bastion PAM authentication method.

For more information, see Database Credentials Authentication Method Settings in the Tenable Security Center User Guide.

Global Search

Tenable Security Center customers can now search for vulnerabilities by CVE.

For more information, see Search in the Tenable Security Center User Guide.

Increased PDF Encryption Strength

Tenable Security Center customers can now encrypt PDF reports using a 256 bit AES algorithm.

For more information, see Report Options in the Tenable Security Center User Guide.

Update Asset List before Running Dependent Scans

In Tenable Security Center if a dependent scan is using a dynamic asset list, that asset list will now be updated before the scan runs.

For more information, see Assets in the Tenable Security Center User Guide.

NetBIOS Filter

Tenable Security Center customers can now filter vulnerabilities by NetBIOS name.

For more information, see Vulnerability Analysis Filter Components in the Tenable Security Center User Guide.

Universal Repository

Tenable Security Center customers have access to the new Universal repository type, which can store data from IPv4, IPv6, and Agent repositories.

For more information, see Universal Repositories in the Tenable Security Center User Guide.

CyberARK Credential Updates

Tenable Security Center customers that use CyberArk credentials can now use Address for the Get Credentials By setting.

For more information, see SSH Credentials in the Tenable Security Center User Guide.

Performance improvements for Tenable Security Center Director and syncing repositories.

Bug Fix	Defect ID
Fixes a race condition on login that may have caused incorrect permissions for the logged-in user under poor network conditions.	01504937
Fixed an issue with sorting accept rules by Creator.	01494988
Fixed issues related to chunk deletion and chunk re-injection when scanners go offline during a scan.	01490102, 01496734, 01529623, 01536174
Stopped using recursion to process combination asset lists to prevent using up stack memory.	01485883, 01479281, 01509793, 01475287
The SC feed was updated to exclude the AD Identity Scan policy template.	01483391
Removed *.cloudfront.net from the CSP request header. The domain was previously added to download content for Pendo, but now all external resources are served from a Tenable domain.	01483322
Fixed an issue where large scan result imports were failing by removing database locks.	01482303
Fixed a dashboard query error with the Output Assets filter.	01480528
Fixed an issue so the agentScan API returns agentGroups field information upon request. agentScan?fields=agentGroups::GET	01478230
Fixed an issue where selecting the Initiator column would not properly sort the job queue.	01474973
Fixed an issue where the Licensing Status dashboard widget appeared blank.	01471612, 01479097, 01468610, 01517641
Fixed an issue where if the diagnostic scan failed, the diagnostic scan password was not sanitized in the system log.	01470275
Fixed the backup and restore config tools to correctly backup and restore compliance plugin data. This was resolved by accounting for an offset in row IDs between the backup and restore box, particularly plugin external reference data.	01469141
Introduced the new Time filter with Created and Finished options to replace the Completion Time filter.	01467850, 01477190, 01481914, 01506659, 01466750, 01524139, 01536947
Fixed an issue where Asset bulk delete throws an error. A condition has been added to /asset/id::DELETE to verify JobLib::getIgnoreAddingNewJobsStatus(). If the Ignore adding new job option is enabled, we return the response without looking for the affected group.	01459697, 01479181, 01497531, 01523580
Fixed an issue when using the import option in IBM DB2 credentials where the client certificates entered in the Legacy CyberArk credentials screen were not retained after saving the details.	01455757
Fixed an issue where the last item in the data grid(tabulator) could not be accommodated when classification is mentioned. The issue is fixed by modifying the logic to calculate the height for the new screens appropriately to contain the classification and removing the "!important" in the css.	01451953
Fixed an issue where system logs would not scroll beyond the selected month. This was resolved by changing the design of the table. System logs are now in a paginated list, instead of an infinite scroll paradigm.	01449648, 01475247
Fixed an issue where clicking the dashboard component with Query Value: Hosts would take the user to the wrong tool in Vulnerability Analysis. The user now lands correctly on the Vulnerability List.	01449110
Fixed an issue where a query error would appear in Vulnerability Analysis after deleting a scan result. The issue was fixed by adding a check to find if the scan result exists in the system, then loading the view based on that.	01443526
Fixed an issue where the automatic refresh on the Scan Results page did not save the user's scroll position in the table,	01442405, 01507580, 01518858
Fixed an issue where a Tenable Nessus Compliance Scan import failed, despite a success message from Tenable Security Center.	01436887
Fixed an issue where dashboard components were referencing invalid queries, making users unable to edit the dashboard components.	01406788
Fixed an issue where the Owner filter on the Report Results page would show multiple instances of the same owner name.	01400225
Fixed an issue where the file /opt/sc/support/etc/SimpleSAML/config/config.php could be overwritten during a Tenable Security Center upgrade.	01385220
Reduced the time and accuracy of the List Software tool to calculate results from updates made to Plugin #22869 and Plugin #20811.	01382651

• When an admin creates a new user, the Switch User option doesn't show up immediately after creating the linked user.

• When the browser window is resized, Line Chart components will not resize appropriately to fit their respective containers.

• When zooming in on the browser, some elements in the header may no longer be visible.

• Pendo is reporting an incorrect date format in the SC productExpirationDate metadata.

• Safari SC users will see shadows of the left navigation after clicking.

• When in any Analysis view, the Analysis icon in SideNav should have a blue background with a dark blue line to the left.

• Creating a risk rule doesn't work for certain combinations for fields and repositories. For example, creating a risk rule with an IP as the identifier doesn't work for an Agent repo.

• Pagination icons should appear grayed out when they are unusable, for example, when there is only 1 page of results.

• Universal repository is not available in the Quick Setup Guide.

For more information about the API changes for this release, see the Tenable Security Center API Changelog.

Filenames and MD5 or SHA-256 checksums are located on the Tenable Security Center Downloads page.

The following table lists the Tenable product versions tested with Tenable Security Center 6.0.0.

For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.

Product	Tested Version
Tenable Nessus	8.9.0 and later
OT Security	3.9.25 and later
Tenable Log Correlation Engine	6.0.0 and later
Tenable Nessus Network Monitor	5.11.0 and later