Tenable Nessus 2023 Release Notes

Important: You currently cannot install Tenable Nessus on macOS 15.6 due to a known issue. Tenable is working with Apple to resolve the issue.

Plugin Releases

For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.

Tenable Nessus 10.6.4 (2023-12-12)

Bug Fix Defect ID Applies to
Improved error handling and retries of scan report exports to Tenable Security Center. 01686906, 01728336 All versions of Tenable Nessus

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.7 (2023-11-16)

The following are security updates included in Tenable Nessus 10.5.7:

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.6.3 (2023-11-16)

The following are security updates included in Tenable Nessus 10.6.3:

Bug Fix Defect ID Applies to
Improved the URL parsing when running web application scans against internal hosts. 01704954 Tenable Nessus Expert

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.6 (2023-10-31)

The following are security updates included in Tenable Nessus 10.5.6:

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.6.2 (2023-10-31)

The following are security updates included in Tenable Nessus 10.6.2:

  • Fixed a local privilege vulnerability.

  • Fixed an issue that caused file name integer overflow in zlib 1.3.

  • Updated OpenSSL to version 3.0.12.

    For more information, see the Tenable Product Security Advisory.

Bug Fix Defect ID Applies to
Fixed an issue that affected report exports generated from scans with names containing characters that are unsupported by file systems. 01646134, 01686249, 01685305, 01684468, 01685452, 01683218, 01690433, 01695246, 01697731, 01697414, 01700259, 01706480 All Tenable Nessus versions
Fixed an issue where Tenable Nessus rules would incorrectly reject outbound TCP connections when a rule specifies a host name. 829504 All Tenable Nessus versions
Fixed a scan permissions issue in the scan configuration user interface. 01690291, 01684786 All Tenable Nessus versions
Fixed an issue that sometimes caused scanner instability when verifying credentials using OCSP. 01684684 All Tenable Nessus versions
Fixed an issue that caused Tenable Nessus to crash when a plugin’s memory usage limit is met while deserializing data. 01701304 All Tenable Nessus versions

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.5 (2023-09-21)

The following are security updates included in Tenable Nessus 10.5.5:

  • Fixed an issue in which it was possible to configure log files to overwrite sensitive system files.

  • Fixed an issue in which is was possible to enumerate Tenable Nessus users without authentication.

  • Fixed a potential pass-back flaw in the Tenable Nessus SMTP credentials.

    For more information, see the Tenable Product Security Advisory.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.6.1 (2023-09-19)

The following are the new features included in Tenable Nessus 10.6.1:

  • Added web application scanning support for Tenable Nessus scanners managed by Tenable Security Center.

    Notes:

    • Tenable Nessus 10.6 does not support web application scanning on any host that uses an ARM-based processor (for example, AArch64 Linux distributions and macOS M1 and M2 systems).

    • Tenable Nessus 10.6 does not support web application scanning in Tenable Core + Tenable Nessus, or any Tenable Nessus instance that already runs within a Docker image.

    • Tenable Nessus web application scanning is not currently supported on Tenable Core+ platforms.

Bug Fix Defect ID Applies to
Fixed an issue in which Tenable Nessus used excessive system memory while processing large scan DBs. 01535710 All Tenable Nessus versions
Fixed an issue that caused plugin output to not show in compliance scans. 01679416 All Tenable Nessus versions
Fixed plugin forking misbehaviors that caused excessive memory usage. 01586848 All Tenable Nessus versions
Fix an installation failure issue that would occur when updating Tenable Nessus from 10.5.4 to 10.6.0 via msiexec. 01679465, 01677721, 01681671 Tenable Nessus 10.5.4

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.6.0 (2023-08-29)

The following are the new features included in Tenable Nessus 10.6.0:

  • Tenable Nessus Expert now supports web application scanning.

    Note: You cannot pause and resume web application scans in Tenable Nessus.

  • You can now configure the number of days that Tenable Nessus Manager retains scans.

  • Tenable Nessus 10.6 does not support web application scanning on any host that uses an ARM-based processor (for example, AArch64 Linux distributions and macOS M1 and M2 systems).

  • Tenable Nessus 10.6 does not support web application scanning in Tenable Core + Tenable Nessus, or any Tenable Nessus instance that already runs within a Docker image.

  • Tenable Nessus web application scanning is not currently supported on Tenable Core+ platforms.

The following enhancements are included in Tenable Nessus 10.6.0:

  • Improved child node updates from agents to parent nodes.

  • Improved agent connection quality to Tenable Nessus Manager.

  • Improved logging of Tenable Security Center communications in Tenable Nessus Manager.

The following are security updates included in Tenable Nessus 10.6.0:

  • Fixed an issue in which it was possible to configure log files to overwrite sensitive system files.

  • Fixed an issue in which is was possible to enumerate Tenable Nessus users without authentication.

  • Fixed a potential pass-back flaw in the Tenable Nessus SMTP credentials.

    For more information, see the Tenable Product Security Advisory.

Bug Fix Defect ID Applies to
Fixed an issue in which Tenable Nessus would crash due to an invalid custom_CA.inc or known_CA.inc. 01578615 All Tenable Nessus versions
Fix an issue in which Tenable Nessus Manager would show an incorrect Unlinked On date for agents in the cluster parent user interface. 01530492 Tenable Nessus Manager
By default, all Tenable Nessus logs now write timestamps as local time, and include timezone offset information for clarity. 01600357 All Tenable Nessus versions
Fixed a certificate common name validation issue which led to the improper regeneration of correct certificates. 01575233 All Tenable Nessus versions
Fixed for Tenable Nessus Manager user interface issue that occurred after setting bulk agent remote settings. 01557890 Tenable Nessus Manager
Fixed an issue that occurred when sorting by the Last Plugin Update column in the Tenable Nessus Manager agent list view. 01603024 Tenable Nessus Manager
Fixed an issue related to exporting history scan timing and policy data. 01589530 All Tenable Nessus versions
Fixed an issue related to the Windows registry key when upgrading Tenable Nessus through the user interface. 01562118, 01566902, 01568797, 01572253, 01576559, 01568976, 01566805 All Tenable Nessus versions
Fixed a database issue that caused the Tenable Nessusbackend to identify and use incorrect IDs during scan and agent operations. 01544328, 01587619 All Tenable Nessus versions
Fixed an issue related to recasting plugin severity when there are hosts have the same names but different IPs. 01508665 All Tenable Nessus versions
Fixed an issue in which slow loading scanners could not load activation workflow scripts. 01560087, 01606771 All Tenable Nessus versions
Fixed 500 errors that occurred when generating a report with a Japanese title. 01544125 All Tenable Nessus versions
Fixed Tenable Nessus Manager-to-Tenable Vulnerability Management migration errors that occurred when scans share the same credentials file. 01543231 Tenable Nessus Manager
Fixed an issue that occurred when using filters in a scan differential. 01469239 All Tenable Nessus versions
Fixed an issue that caused Tenable Nessus to erroneously delete unused policy files. 01529815 All Tenable Nessus versions
Fixed an issue in which the Manual Software Update button was disabled when Tenable Nessus did not have plugins or was compiling plugins. 01641290 All Tenable Nessus versions

  • You can manually update any supported Tenable Nessus version directly to Nessus 10.6. Automatic updates of earlier Nessus versions will first update to 10.5.4, and then update to 10.6.0 during their next software check-in. This usually occurs in approximately 24 hours.

  • You must run Tenable Nessus Expert version 10.6.0 or later to use web application scans.

    Note: The web application scanning functionality will be unavailable if you upgrade Tenable Nessus Expert to 10.6.0 and then downgrade to a prior version. Tenable recommends backing up your system before you downgrade.

  • You must install Docker on your machine to enable web application scanning in Tenable Nessus Expert.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.4 (2023-08-02)

The following enhancements are included in Tenable Nessus 10.5.4:

  • Improved the processing of known_CA.inc during plugin updates.

The following are security updates included in Tenable Nessus 10.5.4:

Bug Fix Defect ID Applies to
Fixed an issue in which the Extended Migration tab would load indefinitely. 01634438 Tenable Nessus Manager
Fixed an issue that caused a cluster child node to restart every hour. 01624618 All Tenable Nessus versions

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.3 (2023-06-27)

The following are security updates included in Tenable Nessus 10.5.3:

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.2 (2023-05-11)

The following are security updates included in Tenable Nessus 10.5.2:

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.1 (2023-03-30)

Bug Fix Defect ID Applies to
Fixed the logic that Tenable Nessus plugins use to determine whether ports are open or closed before port scanning. 01567463, 01565318, 01570037, 01567594, 01571554, 01570459, 01574943, 01569096 All Tenable Nessus versions
Fixed an issue where Tenable Security Center-managed scanners were not communicating with Tenable Security Center during setup. 01570364, 01572426, 01571146 All Tenable Nessus versions
Fixed an issue where agent core updates were not processing on Tenable Nessus Manager. 01576489, 01571544 Tenable Nessus Manager

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.5.0 (2023-03-02)

The following are the new features included in Tenable Nessus 10.5.0:

  • Added Docker support for Tenable Security Center-managed scanners. For more information, see Deploy Tenable Nessus as a Docker Image.

  • Added the ability to save custom filter configurations. For more information, see Search and Filter Results.

  • Improved the activation workflow of purchased products. Activating previously purchased products is now easier. For more information, see Configure Tenable Nessus.

  • Expanded VPR for Tenable Nessus Professional, Tenable Nessus Expert, and Tenable Nessus Essentials.

  • Updated the Tenable Nessus Manager Sensors tab to show agent UUIDs.

  • Enhanced Attack Surface Discovery results filtering so that you can filter by all result columns.

  • Added the ability to export Attack Surface Discovery scan results.

The following enhancements are included in Tenable Nessus 10.5.0:

  • Removed the VPR Top Threats scan results tab.

  • Improved CA read performance over TLS.

  • Improved Tenable Nessus global DB backup performance.

  • Added Terrascan.db to the nessuscli backup command.

The following are security updates included in Tenable Nessus 10.5.0:

  • Updated spin.js to 2.3.2.

  • Updated datatables.net to 1.13.2.

  • Updated OpenSSL to 3.0.8.

For more information, see the Tenable Product Security Advisory.

Bug Fix Defect ID Applies to
Updated Tenable Nessus to send socket timeouts when the send operation is in the SSL_WANT_READ state. 01515292 Managed Tenable Nessus scanners
Reduced Tenable Nessus memory use when parsing hostnames. 01490663 All Tenable Nessus scanners installed in Windows environments
Fixed a bug that generated the API disabled message. 01521210 All Tenable Nessus versions
Added Kanji font support in PDF reports. 01406825 All Tenable Nessus versions
Prevented configuration of the default cluster group while plugins are compiling. 01499319 Tenable Nessus Manager
Tenable Nessus now backs up default files when you perform a full reset of Tenable Nessus. 01469769 All Tenable Nessus versions
Fixed a PDF page break issue. 01474946 All Tenable Nessus versions
Added the build number to the available Tenable Agent upgrade listing. 01449324 Tenable Nessus Manager
Modified the behavior of payload handling to return a 400 error if a payload is not complete. 01443043 All Tenable Nessus versions
Modified Tenable Nessus to load activation workflow scripts locally to prevent plugin 119811 from flagging tenable.com. 01518622, 01516109 All Tenable Nessus versions

  • Added support for the following operating systems:

    • Rocky Linux 9 (x86_64 and AArch64)

    • Alma Linux 9 (x86_64 and AArch64)

    • Red Hat Enterprise Linux 9 (x86_64 and AArch64)

    • Debian 11 (i386 and AMD64)

  • Removed support for the following operating systems:

    • FreeBSD 11 and earlier

    • Ubuntu 13.10 and earlier

    • SUSE 11 and earlier

    • Debian 9 and earlier

    • Oracle Linux 6 and earlier

    • CentOS 6 and earlier

    • Kali 2019 and earlier

    • Windows 8 and earlier

    • Windows Server 2008 R2 and earlier

    • macOS 10.15 and earlier

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.