What's new in this version:
- Fixed issue on Nessus Manager cluster parent node with processing Agent scan results greater than 2GB
- Ability to deploy Nessus as a Docker image for a container – Users can now access an official Docker image for Nessus to deploy as a container. You can run Nessus offline or online, and the deployment includes plugin support
- For more information, see Deploy Nessus as a Docker Image in the Nessus User Guide
- Additional operating system support – Nessus is now supported on Amazon Linux 2 and Apple macOS Big Sur (11)
- Agent Remote Configuration – You can configure some agent settings remotely from Nessus Manager, rather than having to configure the setting directly on the agent
- For more information, see Modify Remote Agent Settings in the Nessus User Guide
- New Predefined Reports for Nessus Professional– Added three new predefined reports for Nessus Professional customers, allowing users to create HTML or PDF reports that preconfigure the most useful summaries for vulnerability management
- Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.
Changed Functionality and Performance Enhancements:
- Added additional data to the Nessus debug report, to better assist in troubleshooting, including public/non-secret certificate information and license type and features.
- Removed the Scanner tab from the Nessus user interface for all license types except for Nessus Manager.
- In Nessus Manager, linked agents and scanners are now accessed from the new Sensors page in the top navigation bar.
- Fixed an issue with using the "pkg add" command for installation on FreeBSD v11
- Fixed an issue with connections being dropped if Nessus tried to open more than the configured maximum number of concurrent TCP sessions per host for a target
- Fixed an issue where the "last scanned" timestamp for an Agent was updated even if the Agent did not report results
- Fixed an issue where unlinked Agents were sometimes not being deleted from Nessus Manager
- Improved performance of some database queries that were potentially causing Agent merges to fail due to database lock timeouts.
- Fixed a bug with target list enumeration that in rare cases was causing Tenable.io cloud scanners to get in an infinite loop and run out of memory
Changed Functionality and Performance Enhancements:
- nessusd.dump Log File Millisecond Timestamps - When the advanced setting logfile_msec is enabled, millisecond resolution is enabled for nessusd.dump log file timestamps. Previously, only the nessusd.messages log file supported this setting
- Added Context for Security Notes - Nessus scan security notes now show the IP address and plugin ID of the target and plugin that produced the note, adding critical context which is useful for debugging
- Duplicate Agent Detection - Nessus Manager detects duplicates agents that have the same MAC address. When the agent setting detect_duplicates is enabled, agents detected as a duplicate automatically unlink and reset its Tenable UUID
- Updated jQuery third party library - Upgraded the version of jQuery used in the online Nessus API documentation, to remove security vulnerabilities reported in the older version
- Added protections to prevent out-of-bounds memory access in the NASL process space
- Added validation checks to the JSON config file used for streamlined scanner deployment
- Fixed an issue causing the session timeout to not be honored when the user was on the Settings > About page
- Added systemd support for Debian/Ubuntu on versions that use systemd over init.d, to address an issue with running as non-root user
- Fixed an issue encountered in Google Chrome where the navigation links were only clickable from the bottom
- Fixed a pagination issue with host discovery scan results when a large number of hosts was returned
- Fixed an issue where Agent scans configured with a 24-hour scan window would miss the next day's launch due to unfinished processing for the current scan
- Updated DB access settings to prevent the possibility of DB corruption on Nessus Manager configured as a Cluster Manager
- Fixed an issue where scanners managed by Tenable.io would not update plugins if a core software update was also pending
- Fixed a race condition that could cause scan results to not be detected as completed, resulting in aborted scan chunks
- Change log not available for this version
- Added Option to Force Stop a Scan Job - Added the ability to force a scan job to stop
Changed Functionality and Performance Enhancements:
- Increased time window for marking an agent as offline - Improved the determination of when an agent should be considered offline
- Upgraded Nessus to use OpenSSL 1.1.1g
- Streamlined application of large cloud-based exclusion lists to improve scan performance
- Scanners managed by Tenable.io will now support updating plugins from Tenable.io while scans are running. Updated plugins will be applied to new scans, not already-running scans
- Fixed an issue with target scanning access not being enforced consistently for Tenable.io scans
- When a recast rule is used for an emailed report the recast rule was ignored
- Resolved an issue where scans run on the first of the month filled-up the disk space with verbose log detail for certain customers
- When using the "CVSS Vector Contains" filter in Nessus Pro, results did not match the filter
- Email notification for agent scans did not send when clustering is enabled
- For Agent scans in clustered environment, the "plugin_set" value was not available in .nessus exports
- Resolved issue when processing large exclusion lists that caused delays in starting scans
- Exported HTML/PDF did not display enumerated service names
- Agent scan in clustered environment was reporting in pending state rather than running
- Improved the determination of when an Agent should be considered offline
- Fixed an issue where Agent blackout windows were not enforced for Agents in a clustering configuration
- Backup and Restore Tool - Ability to create Nessus backups that can easily and quickly be restored
- Nessus Upgrade Plan - In Nessus Professional and managed scanners linked to Tenable.io, users can set a Nessus Update Plan that determines the version that Nessus updates to.
- Downgrade Option - Support downgrade to a prior version of Nessus
- Note: Users cannot downgrade to versions prior to 8.10.0
- Slow Rollout - Roll out new Nessus releases to the Tenable Update Server for licensed Nessus Professional and Nessus Manager installations separately from Tenable.io. New Nessus versions will be made GA for Tenable.io-linked scanners to auto-update one week after the GA for the release. The new version will be available on the Tenable Nessus Download page on the GA date, for customers that want to update earlier.
- Predefine Nessus Manager linking key - In Nessus Manager, you can manually set the linking key for Agents and Nessus scanners to help streamline deployments
- Specify scanner groups when linking scanners to Tenable.io - When linking Nessus scanners to Tenable.io using the CLI, you can set the scanner group to which to automatically add the scanner.
- Fixed an issue with Apple IOS MDM Compliance Checks that users were prompted to specify multiple credential types
- Fixed an issue were plugin 10716 caused the scanner to crash
- Fixed issues where high CPU usage was seen during a scan
- High CPU was seen on scan of Linux Server after upgrade to 8.7.2
- Scans aborting in Tenable.io because nessusd process throttles at 99%
- Fixed issues related to scans running longer than normal or not completing
- Nessus scans stuck stopping on scanners from Tenable.sc
- Unofficial External PCI scan never completes
- Tenable.io scan using local scanners is taking days rather than hours
- Tenable.io scan has been "Running" for over 5 days in UI
- External PCI Scan taking a lot longer than usual
- Scan taking longer than it should
- Scans inconsistently ending in 'partial' status due to scanners timing out
- Scans failing to complete
- Additional SSL cipher options - Additional security by updating our SSL cipher options to take full advantage of OpenSSL 1.1.1
- Additional OS support - Added support for MacOS Catalina (10.15)
- Changed Functionality and Performance Enhancements
- Quality and stability improvements
- Fixed issue where a user errantly receives a SIGABRT when running a large scan
- Fixed issue where SYN Scanner improperly listed ports by first numeral instead of entire port number
- Fixed issue with Scan config defaulting to UTC instead of system timezone
- Fixed issue with settings page not loading after upgrade
- Fixed issue related to poor performance of external PCI scans on AP cloud scanners
- Fixed issue with Dashboard Tab not showing despite being selected in the scan configuration
- Fixed issue related to data filtering of agents
- Fixed issue related to timezone misconfiguration allowing customers to schedule scans in the past
- Fixed issue with not being able to set the agent blackout window using IE 11
- Streamlined Sensor Deployment - Capability to include environmental configuration variables as part of a sensor installation
- For more information, see Mass Deployment Support in the Nessus User Guide
- Open SSL v1.1.1 Update - Nessus scanners will leverage OpenSSL v1.1.1 as part of this release
- This causes impact to the ciphers and SSL versions supported. For more information, see the knowledge base article
- Capability for Nessus to support plugin databases greater than 4 GB
- This causes an automatic full recompilation of the plugins upon first startup after upgrade, which may take several minutes
- Fixed issue where a user was unable to login to Nessus using a certificate
- Fixed issue where remediation tab was not being displayed
- Fixed issue where a basic user could not view results in Nessus Manager
- Fixed issue where a scan with a policy with mixed plugin families would not run
- Fixed issue related to upgrading on Windows platforms from earlier versions of Nessus
- Fixed issue with cloud scans aborting
- Red Hat 8 Support - Nessus now supports Red Hat 8 as a supported host operating system
- Agent key update confirmation - A confirmation prompt now appears when a user a
ttempts to update the Nessus Agent key
- Log rotation max_files default change - The default value for number of log files retained when rotating logs has changed from 100 to 10. This change applies to backend.log and www_server.log files, and will cause the oldest files to be rotated off if the new maximum is exceeded. Customers can modify the number of log files retained by changing the setting in the log.json file
- Fixed an issue where ping doesn't work in a static route network environment
- Fixed an issue where some appliances were consuming their available disk space with logs by reducing the default log rotation Max_Files value to 10
- Fixed an intermittent issue where blackout windows were not enforced by Nessus Manager
- Fixed an intermittent issue where agent policies may have been missing a selected tag
- Fixed a presentation issue in the UI with very long folder names
- Fixed an issue where blackout windows were not enforced immediately after 00:00
- Fixed an issue where an agent unlinked from UI cannot relink from agent CLI
- Fixed an intermittent issue with heartbeats not properly timing out in the NASL recv() function
- International Character Display: Added ability to properly store and display international characters in Nessus scan results.
- Fixed an issue where Tenable.io linked scanners had intermittent SSL errors if they could not reach ocsp.digicert.com.
- Nessus Manager Clustering Enhancements: Support for agent migration into Nessus Manager clusters is now available. Clustering no longer requires a licensing flag, and is available to be configured for all customers using Nessus Manager for large agent installations.
- Tenable Research News Widget: In Nessus Essentials, RSS feed-based notifications present recent publications from Tenable Research in the UI, providing a live view of the ongoing research and publications of Tenable's cutting-edge Research organization.
- Host Discovery Scan Wizard: New users of Nessus Essentials and Nessus Professional trial are presented with a scan wizard upon first use of the product to walk through the process from host discovery to vulnerability scanning. Now it only takes a couple clicks for new users to create and execute their first scan.
- Licensing transparency for Nessus Essentials and Nessus Professional Trial: A new License Utilization page gives Nessus Essentials and Nessus Professional trial users visibility into the hosts that have consumed their licensed pool of hosts, as well as the length of time before each asset will no longer count against the license.
- Updated Host Discovery Results Page: Refreshed the results page for Host Discovery Scans to present more relevant information. Users can now see port, host, and OS information when available, based on the type of discovery scan performed.
- Launch scans from result set of another scan: Users can now select hosts from one scan result set to open or launch a new scan with those hosts pre-populated as targets.
- Scan templates have been grouped by type: Scan templates have now been grouped by type and will fall into one of the following categories: Discovery, Vulnerability, and Compliance.
- Fixed an issue where all agent filters are removed when removing just one.
- Fixed an issue with Nessus compliance filters returning zero results.
- Fixed an issue where Nessus Manager blackout window was not being enforced.
- Fixed an intermittent issue where a scan ran outside of the scheduled scan time when daylight savings time started.
- Fixed an issue where managed scanners were displaying templates that are only available through Tenable.io.
- Fixed an issue where the re-balance button for clustering was not always responsive on first pass.
- Fixed an issue where disabled scans may not run after being re-enabled.
- Fixed an issue where the unread/read scan(s) indicator in the UI was sometimes incorrect.
- Documented the possible agent status values returned from the Nessus/Agents API in the online API documentation.
- In-Product Notification Enhancements - Improved expiration notifications by adding call to action, upsell links, and added the ability for users to dismiss them until the next scheduled reminder. Added new dynamic strings to enable future notification functionality. Also added new notification history to allow users to review previous notifications.
- Watermarked reports for Nessus Essentials and Nessus Pro Trials - Added watermarks to exported reports for Nessus Essentials and Nessus Pro evaluations.
- Enterprise Supportability: Scan and Policy Ownership - Our enterprise users of Nessus often have personnel changes that require them to change or remove users from their system. This feature allows administrators to claim ownership of user content.
- Telemetry Enhancements - Added an advanced setting that allows users to opt out of providing telemetry reporting back to Tenable. Telemetry information ensures that users will benefit from more intuitive and useful features and capabilities in future Nessus releases. Please refer to the documentation describing advanced settings for more information.
- Bug Fix Defect ID
- Fixed an issue where users were unable to filter the agent list by IP address in Nessus Manager 00832160
- Fixed an issue with exporting HTML custom reports containing non-standard character sets 00775714
- Fixed an issue where multi-homed machines would not honor the forced source IP command 00801670
- Fixed an issue with scan result filters no longer accepting a comma delimited list of values 00832101, 00833265
- Fixed an issue when attempting to add agents by search results to agent groups 00832160
- Fixed an issue where plugin attributes were no longer included in .nessus files sent to T.sc, by adding a config setting to re-enable the attributes 00840184, 00848793
- Fixed an issue where the scanner health page does not appear to display CPU usage correctly
- Fixed an issue with scan plugin filters
- Fixed an intermittent issue with displaying records in the Vulnerabilities view
- Fixed a number of UI presentation issues
- Fixed typo in the advanced settings for Max HTTP Connections
- Fixed an intermittent issue with Agent 'status' on Agent Detail page is not displaying state correctly
- Fixed an issue where 'Plugin Family' filter is not working as expected and showing "no result found"
- Fixed an issue with agent group deletion work flow
- Fixed an issue where search agent count is not displaying correctly
- Fixed an issue where search functionality wasn't as inclusive as expected
- Fixed an issue where unlicensed scanners show as "expired"
- Updated OpenSSL version to 1.0.2s.
- Fixed a potential issue in XMLRPC API affecting Windows installations