Nexpose release 5.6.6, May 29, 2013

Document created by mglinski Employee on May 23, 2013Last modified by mglinski Employee on Jun 21, 2013
Version 3Show Document
  • View in full screen mode

Rapid705-29-2013
Release Announcement
product & content updates


This Rapid7® Nexpose® 5.6.6 release includes new features and improvements in reporting, compatibility, accuracy, scanning, and scan data.

 

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.


Reporting | product


Vulnerability trend template

A new report template shows key vulnerability trends, so that you can easily track your security posture and the success of your remediation efforts over time. Trends include assets scanned, vulnerabilities discovered, vulnerability age, severity levels, and exploit and malware kit exposures. Learn more about the template and download it at  Three-month Vulnerability Trend report in Nexpose. Then upload it using the Security Console Web interface. Find other report templates in Security Street at Nexpose Report Templates.


Compatibility improvements| product


New supported platforms

You can now run the application on the following newly supported Microsoft operating systems:

  • Windows 8 64-bit
  • Windows Server 2012 64-bit


IE rendering issue resolved on intranets

The Security Console Web interface now displays properly in Microsoft Internet Explorer when the Security Console is hosted on an intranet site.


Accuracy improvements | product & content


Improvements to how scan result data is displayed give you a clearer view of the risk in your environment:

  • In specific situations, we have  improved the way that we correlate assets and aggregate vulnerability data for  those assets. As duplicate  information has been removed, you may notice a small decrease in asset, vulnerability, and malware kit counts  in your Web interface and reports.
  • The vulnerability check for CVE-2013-0631 in Adobe ColdFusion no longer produces false positives on systems that return an HTTP 200 status code for all pages

 

Application improvements | product


Improvements to the application help you manage vulnerability exceptions better:

  • Deleting a vulnerability exception for an asset in certain situations no longer removes other exceptions that were applied to the same asset.


Scanning improvements | product & content


Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • The Web spider now consistently avoids sensitive devices like printers if configured to do so in scan templates.
  • The vulnerability check for the availability of insecure SSL/TLS ciphers now reports all available insecure ciphers rather than just the first.


Policy scanning improvements

Improvements to policy scanning help you track your compliance more effectively:

  • Not Applicable (NA) policy scan results are now recorded more efficiently in the scan log.
  • Adjustments to Common Platform Enumerator (CPE) restrictions in XCCDF benchmarks prevent policy checks from being run on targets for which their operating systems are not applicable.


Reporting  improvements | product


The PCI Executive Summary report now includes PPTP in the list of discovered remote access services for more complete reporting coverage.


Database upgrade | product


The PostgreSQL database has been upgraded to version 9.0.13 for performance and security improvements. After applying this product update, the Security Console will restart  in  Maintenance Mode to apply the PostgreSQL changes and then restart again  to resume normal operations.


End-of-life for 32-bit installations


Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.


Product Update IDs

      
  • Linux 32 | Update ID: 936662221
  • Linux 64 | Update ID: 2484041413
  • Windows 32 | Update ID: 757860716
  • Windows 64 | Update ID: 1532648331
      

Content update ID

     
  • Update ID: 113919992
   

Installers

   Released on May 29, 2013 (see the FAQ).                              

md5sum files             

              

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

                       

Virtual Appliances

   Released on May 29, 2013.              

Download the Virtual Appliance Deployment Guide.

Attachments

    Outcomes