Tenable.sc 5.23.1 Release Notes (2022-09-15)
You can download the update files from the Tenable.sc Downloads page.
If you are running Tenable.sc 5.12.0 or later, you can upgrade directly to Tenable.sc 5.23.1. If you are running a version earlier than Tenable.sc 5.12.0, upgrade to Tenable.sc 5.12.0 before upgrading to Tenable.sc 5.23.1.
If you are running Tenable.sc 5.23.1 and you are using pyTenable with the Tenable.sc API, you must upgrade pyTenable to version 1.4.2 or later.
If you upgrade Tenable.sc Director, upgrade Tenable.sc for all managed Tenable.sc instances connected to Tenable.sc Director. After upgrading, allow up to 15 minutes for your managed Tenable.sc instances to sync with Tenable.sc Director.
Tenable recommends performing a backup before upgrading Tenable.sc. For more information, see Perform a Backup in the Tenable.sc User Guide.
Note: If your upgrade path skips versions of Tenable.sc (for example, upgrading from 5.9.0 to 5.12.0 to 5.23.1), Tenable recommends reviewing the release notes for all skipped versions. You may need to update your configurations because of features and functionality added in skipped versions.
Note: Tenable.sc 5.21.0 is the last version of Tenable.sc that supports Internet Explorer. For more information about other supported browsers, see Web Browser Requirements in the Tenable.sc User Guide.
New Features
Nutanix Credential Integration
Tenable.sc customers can now perform local, remote, and agent-based scans for their Nutanix AOS/AHV infrastructure.
For more information, see Miscellaneous Credentials in the Tenable.sc User Guide.
Host Assets Export
Tenable.sc customers can now export a list of hosts and their attributes on the Host Assets page.
For more information, see Export Hosts in the Tenable.sc User Guide.
Asset Exposure Score (AES) Filtering
Tenable.sc customers can now filter by AES and AES Severity on vulnerabilities, dashboards, and reports.
For more information, see Vulnerability Analysis Filter Components in the Tenable.sc User Guide.
Changed Functionality and Performance Enhancements
Added commas to numbers with four or more digits to make them easier to read.
Bug Fixes
| Bug Fix | Defect ID |
|---|---|
|
Fixed a validation issue by adding a range validator to CVSS range input fields. The new validator will not allow users to enter an invalid value. |
01450804 |
|
There was an issue with the backup/restore config tools related to compliance plugins. The config backup tool was modified to only get rows from the xref table in the plugins.db for distinct rowids. Previously the code was not doing this, resulting in a constraint error when trying to insert the rows on config restore. |
01429824 |
|
Fixed an issue where Ticket Summary Dashboard components were incorrectly allowing the user to drill down, which led to an error in the UI. |
01429302 |
|
Fixed an issue that caused an error when updating an existing user role. |
01433817 |
|
Fix issue where certain Audit Files would not upload due to invalid file type. |
01429636 |
|
Fixed a synchronization bug in the UI so that the frontend code waits for fetchRole operation to finish before doing any other FE operation. |
01433037 |
|
Fixed an issue where scan results are inaccurate or getting removed on applying the Completion Time filter. Now when a user applies the Completion Time filter, Tenable.sc returns all completed/finished scan results. |
01431449 |
|
Fixed an issue where the Last Updated column was not sorting on the actual time of the column. |
01429272 |
|
Fix missing plugin name when using vulnerability details list tools in a dashboard component. |
01420121 |
|
Fixed an issue where the defragmentation job for repositories was being launched even in cases where it was not needed, causing other processes to take longer, like the preparation of remote repositories for synchronization. |
01412532 |
|
An issue has been fixed in which adding an entry using a UUID format for the Hashicorp Vault Type for the Hashicorp Credential failed. |
01405361, 01425261 |
|
Fixed the issue where system logs were not visible if the browser time zone was ahead of the Tenable.sc server time zone. |
01406784 |
|
Fixed an issue with user provisioning and Microsoft ADFS. |
01360624 |
|
Vulnerability mitigation for the port scanner types of plugins - 14272, 14274, 34220 - are now considered to have a port scan of "all" for a particular host if they report any port for a scan for that host. This will now mitigate various ports that were found open in earlier scans that are now fixed, since these types of plugins scan all of the ports. |
01374990 |
|
After a query has been deleted, users can now view, edit, export, or copy any report that references the deleted query. Now, owners of these reports can also move between groups. |
01369194 |
|
Fixed a readability issue in the matrix cells by removing the alpha blending, so that it shows the background and text color. |
01364070 |
|
Fixed an issue where sometimes one to all targets in a scan definition are scanned for, even inside an active Freeze Window. |
01306531, 01378779 |
|
Role-based access control is now available for host assets. There is a new role, View Host Assets, to allow users to access host assets. |
01327019 |
|
Fixed issues summing the number of devices in Asset Lists under repository contexts and across all repositories. |
01287270 |
|
Fixed an issue where if a scanner that Tenable.sc is utilizing for a scan goes down and back up again, the original scan reports/chunks from that scanner are not cleaned up during the scan. |
01287134 |
Known Issues
-
When a new user is created and the new user logs in right away after user creation, dashboards are not immediately populated with data.
- Switching quickly between LCE pages sometimes causes an error.
-
There is an error when a user drills down into analysis pages, and then clicks the back button in the browser. The workaround is to navigate using the headers in Tenable.sc.
API Changelog
For more information about the API changes for this release, see the Tenable.sc API Changelog.
Filenames and Checksums
Filenames and MD5 or SHA-256 checksums are located on the Tenable.sc Downloads page.
Tenable Integrated Product Compatibility
The following table lists the Tenable product versions tested with Tenable.sc 5.23.1.
For information about EOL dates and policies for Tenable products, see the Tenable Software Release Lifecycle Matrix and Policy.
| Product | Tested Version |
|---|---|
| Nessus |
8.9.0 and later |
| Tenable.ot | 3.9.25 and later |
| Log Correlation Engine | 6.0.0 and later |
| Nessus Network Monitor | 5.11.0 and later |