Tenable.sc 2023 Release Notes
These release notes are listed in reverse chronological order. To jump to a place in the release notes, use the following list:
Apply this patch to Tenable.sc installations running Tenable.sc 5.23.1. This patch fixes an issue where some users see a "scan progress not showing in Scan Results page" error while scanning.
Steps to Apply
Apply the patch to a standalone Tenable.sc or Tenable Core + Tenable.sc:
- Download the patch from https://www.tenable.com/downloads/tenable-sc to Tenable.sc. You can save the files in any location (e.g., /tmp).
Access the command line as a user with root-level permissions.
Run the following command to untar the patch file, where [patch file name] is the name of the .tgz patch file you downloaded:
tar zxf [patch file name]
Run the following command to change the directory to the extracted directory, where [directory] is the extracted directory:
Run the following command to begin the installation:
The installation begins and Tenable.sc stops. After the installation finishes, Tenable.sc automatically restarts.
What to do next:
(Optional) Confirm the patch successfully applied to Tenable.sc, as described in the knowledge base article.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.
You can download the update files from the Tenable.sc Downloads page.
If you are running Tenable.sc 5.12.0 or later, you can upgrade directly to Tenable.sc 6.0.0. If you are running a version earlier than Tenable.sc 5.12.0, upgrade to Tenable.sc 5.12.0 before upgrading to Tenable.sc 6.0.0.
If you are running Tenable.sc 6.0.0 and you are using pyTenable with the Tenable.sc API, you must upgrade pyTenable to version 1.4.2 or later.
If you upgrade Tenable.sc Director, upgrade Tenable.sc for all managed Tenable.sc instances connected to Tenable.sc Director. After upgrading, allow up to 15 minutes for your managed Tenable.sc instances to sync with Tenable.sc Director.
Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.
This release includes an upgrade to OpenSSL 3.0.x. This resolves two issues found in the open source libraries, CVE-2021-3450 and CVE-2021-3449. Both issues were rated High. As a result, X.509 certificates signed using SHA1 are no longer allowed at security level 1 or higher. The default security level for TLS is 1, so certificates signed using SHA1 are by default no longer trusted to authenticate servers or clients. Customers who encounter this issue should upgrade their certificates. For more information, see the OpenSSL 3.0 release notes.
Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Note: If your upgrade path skips versions of Tenable.sc (for example, upgrading from 5.9.0 to 5.12.0 to 6.0.0), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
Note: Tenable.sc 5.21.0 is the last version of Tenable.sc that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable.sc User Guide.
New Look and Feel
The Tenable.sc look and feel has been modernized by updating the typography, navigation, login screen, and more.
OpenSSL 3.0 Support
Tenable.sc now supports OpenSSL 3.0.
Oracle Linux 9 and Red Hat Enterprise Linux (RHEL) 9 Support
Added support for Oracle Linux 9 and RHEL 9. Tenable.sc will continue to support CentOS 7, RHEL 7, and RHEL 8.
For more information, see System Requirements in the Tenable.sc User Guide.
Dashboard Matrix Default Color Swatches
Tenable.sc customers can now select from a group of default colors when editing dashboard matrix component rules.
For more information, see Custom Dashboard Component Options in the Tenable.sc User Guide.
Scan Policy Plugin Management
Tenable.sc customers can now add and enable plugins in mixed plugin families.
For more information, see Configure Plugin Options in the Tenable.sc User Guide.
Updating SC Patches Through the Feed
Tenable.sc customers can now download and install patches directly inside the Tenable.sc console. There is a new option to automatically install patches with feed updates.
For more information, see Configuration Settings in the Tenable.sc User Guide.
Health Overview Dashboard
Tenable.sc has a new Health Overview dashboard that provides quick access to deployment issues. Tenable.sc customers can use this dashboard to gain better insight and understanding of their Tenable.sc infrastructure.
For more information, see Health Overview Dashboard in the Tenable.sc User Guide.
Tenable.sc administrative users can now set password expiration settings for users.
For more information, see User Account Options in the Tenable.sc User Guide.
Current/Previous Year Filter
The Time filter in Tenable.sc now includes the Current Year and Last Year options.
For more information, see Vulnerability Analysis Filters in the Tenable.sc User Guide.
Wallix Bastion PAM
Tenable.sc now supports the Wallix Bastion PAM authentication method.
For more information, see Database Credentials Authentication Method Settings in the Tenable.sc User Guide.
Tenable.sc customers can now search for vulnerabilities by CVE.
For more information, see Search in the Tenable.sc User Guide.
Increased PDF Encryption Strength
Tenable.sc customers can now encrypt PDF reports using a 256 bit AES algorithm.
For more information, see Report Options in the Tenable.sc User Guide.
Update Asset List before Running Dependent Scans
In Tenable.sc if a dependent scan is using a dynamic asset list, that asset list will now be updated before the scan runs.
For more information, see Assets in the Tenable.sc User Guide.
Tenable.sc customers can now filter vulnerabilities by NetBIOS name.
For more information, see Vulnerability Analysis Filter Components in the Tenable.sc User Guide.
Tenable.sc customers have access to the new Universal repository type, which can store data from IPv4, IPv6, and Agent repositories.
For more information, see Universal Repositories in the Tenable.sc User Guide.
CyberARK Credential Updates
Tenable.sc customers that use CyberArk credentials can now use Address for the Get Credentials By setting.
For more information, see SSH Credentials in the Tenable.sc User Guide.
Changed Functionality and Performance Enhancements
Performance improvements for Tenable.sc Director and syncing repositories.
|Bug Fix||Defect ID|
|Fixes a race condition on login that may have caused incorrect permissions for the logged-in user under poor network conditions.||01504937|
Fixed an issue with sorting accept rules by Creator.
Fixed issues related to chunk deletion and chunk re-injection when scanners go offline during a scan.
01490102, 01496734, 01529623, 01536174
Stopped using recursion to process combination asset lists to prevent using up stack memory.
01485883, 01479281, 01509793, 01475287
|The SC feed was updated to exclude the AD Identity Scan policy template.||01483391|
Removed *.cloudfront.net from the CSP request header. The domain was previously added to download content for Pendo, but now all external resources are served from a Tenable domain.
Fixed an issue where large scan result imports were failing by removing database locks.
|Fixed a dashboard query error with the Output Assets filter.||01480528|
|Fixed an issue so the agentScan API returns agentGroups field information upon request. agentScan?fields=agentGroups::GET||01478230|
Fixed an issue where selecting the Initiator column would not properly sort the job queue.
|Fixed an issue where the Licensing Status dashboard widget appeared blank.||01471612, 01479097, 01468610, 01517641|
|Fixed an issue where if the diagnostic scan failed, the diagnostic scan password was not sanitized in the system log.||01470275|
|Fixed the backup and restore config tools to correctly backup and restore compliance plugin data. This was resolved by accounting for an offset in row IDs between the backup and restore box, particularly plugin external reference data.||01469141|
|Introduced the new Time filter with Created and Finished options to replace the Completion Time filter.||01467850, 01477190, 01481914, 01506659, 01466750, 01524139, 01536947|
|Fixed an issue where Asset bulk delete throws an error. A condition has been added to /asset/id::DELETE to verify JobLib::getIgnoreAddingNewJobsStatus(). If the Ignore adding new job option is enabled, we return the response without looking for the affected group.||01459697, 01479181, 01497531, 01523580|
|Fixed an issue when using the import option in IBM DB2 credentials where the client certificates entered in the Legacy CyberArk credentials screen were not retained after saving the details.||01455757|
Fixed an issue where the last item in the data grid(tabulator) could not be accommodated when classification is mentioned. The issue is fixed by modifying the logic to calculate the height for the new screens appropriately to contain the classification and removing the "!important" in the css.
|Fixed an issue where system logs would not scroll beyond the selected month. This was resolved by changing the design of the table. System logs are now in a paginated list, instead of an infinite scroll paradigm.||01449648, 01475247|
|Fixed an issue where clicking the dashboard component with Query Value: Hosts would take the user to the wrong tool in Vulnerability Analysis. The user now lands correctly on the Vulnerability List.||01449110|
|Fixed an issue where a query error would appear in Vulnerability Analysis after deleting a scan result. The issue was fixed by adding a check to find if the scan result exists in the system, then loading the view based on that.||01443526|
|Fixed an issue where the automatic refresh on the Scan Results page did not save the user's scroll position in the table,||01442405, 01507580, 01518858|
|Fixed an issue where a Nessus Compliance Scan import failed, despite a success message from Tenable.sc.||01436887|
|Fixed an issue where dashboard components were referencing invalid queries, making users unable to edit the dashboard components.||01406788|
|Fixed an issue where the Owner filter on the Report Results page would show multiple instances of the same owner name.||01400225|
|Fixed an issue where the file /opt/sc/support/etc/SimpleSAML/config/config.php could be overwritten during a Tenable.sc upgrade.||01385220|
|Reduced the time and accuracy of the List Software tool to calculate results from updates made to Plugin #22869 and Plugin #20811.||01382651|
When an admin creates a new user, the Switch User option doesn't show up immediately after creating the linked user.
When the browser window is resized, Line Chart components will not resize appropriately to fit their respective containers.
When zooming in on the browser, some elements in the header may no longer be visible.
Pendo is reporting an incorrect date format in the SC productExpirationDate metadata.
Safari SC users will see shadows of the left navigation after clicking.
When in any Analysis view, the Analysis icon in SideNav should have a blue background with a dark blue line to the left.
Creating a risk rule doesn't work for certain combinations for fields and repositories. For example, creating a risk rule with an IP as the identifier doesn't work for an Agent repo.
Pagination icons should appear grayed out when they are unusable, for example, when there is only 1 page of results.
Universal repository is not available in the Quick Setup Guide.
For more information about the API changes for this release, see the Tenable.sc API Changelog.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.