Tenable.sc 2023 Release Notes

These release notes are listed in reverse chronological order. To jump to a place in the release notes, use the following list:

Tenable.sc Patch 202302.1 Release Notes (2023-02-07)

Apply this patch to Tenable.sc installations running Tenable.sc 5.23.1. This patch fixes an issue where some users see a "scan progress not showing in Scan Results page" error while scanning.

Steps to Apply

Apply the patch to a standalone Tenable.sc or Tenable Core + Tenable.sc:

  1. Download the patch from https://www.tenable.com/downloads/tenable-sc to Tenable.sc. You can save the files in any location (e.g., /tmp).
  2. Access the command line as a user with root-level permissions.

  3. Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:

    tar zxf [patch file name]

  4. Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:

    cd [directory]

  5. Run the following command to begin the installation:

    sh ./install.sh

    The installation begins and Tenable.sc stops. After the installation finishes, Tenable.sc automatically restarts.

What to do next:

  • (Optional) Confirm the patch successfully applied to Tenable.sc, as described in the knowledge base article.

Contents

  • html/index.html

  • html/main.52a1ec78d7f29ac9bc2d.js

  • SCILib.php

  • style.css

  • darkmode.css

  • install.sh

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.

Tenable.sc 6.0.0 Release Notes (2023-01-25)

You can download the update files from the Tenable.sc Downloads page.

Upgrade Notes

If you are running Tenable.sc 5.12.0 or later, you can upgrade directly to Tenable.sc 6.0.0. If you are running a version earlier than Tenable.sc 5.12.0, upgrade to Tenable.sc 5.12.0 before upgrading to Tenable.sc 6.0.0.

If you are running Tenable.sc 6.0.0 and you are using pyTenable with the Tenable.sc API, you must upgrade pyTenable to version 1.4.2 or later.

If you upgrade Tenable.sc Director, upgrade Tenable.sc for all managed Tenable.sc instances connected to Tenable.sc Director. After upgrading, allow up to 15 minutes for your managed Tenable.sc instances to sync with Tenable.sc Director.

Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.

This release includes an upgrade to OpenSSL 3.0.x. This resolves two issues found in the open source libraries, CVE-2021-3450 and CVE-2021-3449. Both issues were rated High. As a result, X.509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to authenticate servers or clients. Customers who encounter this issue should upgrade their certificates. For more information, see the OpenSSL 3.0 release notes.

Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.

Note: If your upgrade path skips versions of Tenable.sc (for example, upgrading from 5.9.0 to 5.12.0 to 6.0.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.

Note: Tenable.sc 5.21.0 is the last version of Tenable.sc that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable.sc User Guide.

New Features

New Look and Feel

The Tenable.sc look and feel has been modernized by updating the typography, navigation, login screen, and more.

OpenSSL 3.0 Support

Tenable.sc now supports OpenSSL 3.0.

Oracle Linux 9 and Red Hat Enterprise Linux (RHEL) 9 Support

Added support for Oracle Linux 9 and RHEL 9. Tenable.sc will continue to support CentOS 7, RHEL 7, and RHEL 8.

For more information, see System Requirements in the Tenable.sc User Guide.

Dashboard Matrix Default Color Swatches

Tenable.sc customers can now select from a group of default colors when editing dashboard matrix component rules.

For more information, see Custom Dashboard Component Options in the Tenable.sc User Guide.

Scan Policy Plugin Management

Tenable.sc customers can now add and enable plugins in mixed plugin families.

For more information, see Configure Plugin Options in the Tenable.sc User Guide.

Updating SC Patches Through the Feed

Tenable.sc customers can now download and install patches directly inside the Tenable.sc console. There is a new option to automatically install patches with feed updates.

For more information, see Configuration Settings in the Tenable.sc User Guide.

Health Overview Dashboard

Tenable.sc has a new Health Overview dashboard that provides quick access to deployment issues. Tenable.sc customers can use this dashboard to gain better insight and understanding of their Tenable.sc infrastructure.

For more information, see Health Overview Dashboard in the Tenable.sc User Guide.

Password Expiration

Tenable.sc administrative users can now set password expiration settings for users.

For more information, see User Account Options in the Tenable.sc User Guide.

Current/Previous Year Filter

The Time filter in Tenable.sc now includes the Current Year and Last Year options.

For more information, see Vulnerability Analysis Filters in the Tenable.sc User Guide.

Wallix Bastion PAM

Tenable.sc now supports the Wallix Bastion PAM authentication method.

For more information, see Database Credentials Authentication Method Settings in the Tenable.sc User Guide.

Global Search

Tenable.sc customers can now search for vulnerabilities by CVE.

For more information, see Search in the Tenable.sc User Guide.

Increased PDF Encryption Strength

Tenable.sc customers can now encrypt PDF reports using a 256 bit AES algorithm.

For more information, see Report Options in the Tenable.sc User Guide.

Update Asset List before Running Dependent Scans

In Tenable.sc if a dependent scan is using a dynamic asset list, that asset list will now be updated before the scan runs.

For more information, see Assets in the Tenable.sc User Guide.

NetBIOS Filter

Tenable.sc customers can now filter vulnerabilities by NetBIOS name.

For more information, see Vulnerability Analysis Filter Components in the Tenable.sc User Guide.

Universal Repository

Tenable.sc customers have access to the new Universal repository type, which can store data from IPv4, IPv6, and Agent repositories.

For more information, see Universal Repositories in the Tenable.sc User Guide.

CyberARK Credential Updates

Tenable.sc customers that use CyberArk credentials can now use Address for the Get Credentials By setting.

For more information, see SSH Credentials in the Tenable.sc User Guide.

Changed Functionality and Performance Enhancements

Performance improvements for Tenable.sc Director and syncing repositories.

Bug Fixes

Bug Fix Defect ID
Fixes a race condition on login that may have caused incorrect permissions for the logged-in user under poor network conditions. 01504937

Fixed an issue with sorting accept rules by Creator.

01494988

Fixed issues related to chunk deletion and chunk re-injection when scanners go offline during a scan.

01490102, 01496734, 01529623, 01536174

Stopped using recursion to process combination asset lists to prevent using up stack memory.

01485883, 01479281, 01509793, 01475287

The SC feed was updated to exclude the AD Identity Scan policy template. 01483391

Removed *.cloudfront.net from the CSP request header. The domain was previously added to download content for Pendo, but now all external resources are served from a Tenable domain.

01483322

Fixed an issue where large scan result imports were failing by removing database locks.

01482303

Fixed a dashboard query error with the Output Assets filter. 01480528
Fixed an issue so the agentScan API returns agentGroups field information upon request. agentScan?fields=agentGroups::GET 01478230

Fixed an issue where selecting the Initiator column would not properly sort the job queue.

01474973
Fixed an issue where the Licensing Status dashboard widget appeared blank. 01471612, 01479097, 01468610, 01517641
Fixed an issue where if the diagnostic scan failed, the diagnostic scan password was not sanitized in the system log. 01470275
Fixed the backup and restore config tools to correctly backup and restore compliance plugin data. This was resolved by accounting for an offset in row IDs between the backup and restore box, particularly plugin external reference data. 01469141
Introduced the new Time filter with Created and Finished options to replace the Completion Time filter. 01467850, 01477190, 01481914, 01506659, 01466750, 01524139, 01536947
Fixed an issue where Asset bulk delete throws an error. A condition has been added to /asset/id::DELETE to verify JobLib::getIgnoreAddingNewJobsStatus(). If the Ignore adding new job option is enabled, we return the response without looking for the affected group. 01459697, 01479181, 01497531, 01523580
Fixed an issue when using the import option in IBM DB2 credentials where the client certificates entered in the Legacy CyberArk credentials screen were not retained after saving the details. 01455757

Fixed an issue where the last item in the data grid(tabulator) could not be accommodated when classification is mentioned. The issue is fixed by modifying the logic to calculate the height for the new screens appropriately to contain the classification and removing the "!important" in the css.

01451953
Fixed an issue where system logs would not scroll beyond the selected month. This was resolved by changing the design of the table. System logs are now in a paginated list, instead of an infinite scroll paradigm. 01449648, 01475247
Fixed an issue where clicking the dashboard component with Query Value: Hosts would take the user to the wrong tool in Vulnerability Analysis. The user now lands correctly on the Vulnerability List. 01449110
Fixed an issue where a query error would appear in Vulnerability Analysis after deleting a scan result. The issue was fixed by adding a check to find if the scan result exists in the system, then loading the view based on that. 01443526
Fixed an issue where the automatic refresh on the Scan Results page did not save the user's scroll position in the table, 01442405, 01507580, 01518858
Fixed an issue where a Nessus Compliance Scan import failed, despite a success message from Tenable.sc. 01436887
Fixed an issue where dashboard components were referencing invalid queries, making users unable to edit the dashboard components. 01406788
Fixed an issue where the Owner filter on the Report Results page would show multiple instances of the same owner name. 01400225
Fixed an issue where the file /opt/sc/support/etc/SimpleSAML/config/config.php could be overwritten during a Tenable.sc upgrade. 01385220
Reduced the time and accuracy of the List Software tool to calculate results from updates made to Plugin #22869 and Plugin #20811. 01382651

Known Issues

  • When an admin creates a new user, the Switch User option doesn't show up immediately after creating the linked user.

  • When the browser window is resized, Line Chart components will not resize appropriately to fit their respective containers.

  • When zooming in on the browser, some elements in the header may no longer be visible.

  • Pendo is reporting an incorrect date format in the SC productExpirationDate metadata.

  • Safari SC users will see shadows of the left navigation after clicking.

  • When in any Analysis view, the Analysis icon in SideNav should have a blue background with a dark blue line to the left.

  • Creating a risk rule doesn't work for certain combinations for fields and repositories. For example, creating a risk rule with an IP as the identifier doesn't work for an Agent repo.

  • Pagination icons should appear grayed out when they are unusable, for example, when there is only 1 page of results.

  • Universal repository is not available in the Quick Setup Guide.

API Changelog

For more information about the API changes for this release, see the Tenable.sc API Changelog.

Filenames and Checksums

Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.