Dropbox 歷史舊版本 Page1

更新時間：2023-05-03
更新細節：

What's new in this version:

- bgp - improved BGP VPN selection
- bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips
- bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall"
- certificate - fixed bogus log messages
- chr - fixed public SSH key pulling when running on AWS
- console - added "/task" submenu (CLI only)
- console - added option to create new files using "/file add" command (CLI only)
- console - improved stability when doing "/console inspect" in certain menus
- console - improved stability when editing long strings
- console - improved system stability
- console - removed bogus "reset" command from "/system resource usb" menu
- console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu
- console - replaced "fingerprint" with "skid" in "/certificate print"
- console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation
- container - fixed invoking "container shell" more than once
- container - improved "container pull" to support OCI manifest format
- defconf - added CAPs mode script for wifiwave2 devices
- detnet - fixed interface state detection after reboot
- dhcp - changed the default lease time for newly created DHCP servers to 30 minutes
- dhcpv4-server - release lease if "check-status" reveals no conflict
- disk - improved system stability when removing USB while formatting
- ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices
- filesystem - fixed partition "copy-to" function
- firewall - added "connection-nat-state" to IPv6 mangle and filter rules
- health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices
- health - fixed bogus value reporting for CRS510 device
- ike2 - fixed minor logging typo
- ipsec - added error log message when peer ID does not match certificate
- ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device
- ipsec - refactor X.509 implementation
- ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses
- ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated
- l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips
- leds - disable LEDs after "/system shutdown"
- lte - capped maximum lifetime of SLAAC address to 1 hour
- lte - fixed CA band clearing on RAT mode change
- lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used
- lte - fixed LTE interface not showing up when resetting RouterOS configuration
- lte - fixed passthrough mode when used together with another APN for Chateau 5G
- lte - fixed R11-LTE-US in LTE passthrough mode
- lte - fixed R11e-LTE-US reporting of RSSI in LTE mode
- lte - fixed re-attach in some cases where module would stay in not-running state after network detach
- lte - fixed second modem halt on dual R11e-LTE6 setup
- lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8)
- mpls- fixed LDP "preferred-afi" parameter
- netinstall-cli - improved device reinstall on failed attempt
- netwatch - added "startup-delay" setting (CLI only)
- netwatch - improved ICMP status evaluation when no reply was present
- netwatch - limit "start-delay" range
- ospf - fixed processing of fragmented LSAs
- ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file
- ovpn - improved system stability for Tile devices
- quickset - fixed displaying of "SINR" when value is 0
- rose-storage - added option to nvme-discover with hostname (CLI only)
- rose-storage - fixed crash on nvme-tcp disable
- rose-storage - fixed rsync transfer permissions
- rose-storage - various stability fixes
- route - fixed "dynamic-id" for VRF tables
- route - improved system stability when making routing decision
- route - show SLAAC routes under the "/routing route" menu
- route-filter - improved stability when matching blackhole routes
- routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only)
- sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices
- sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices
- sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices
- sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8)
- sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch
- sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices
- sfp - improved SFP28 interface stability with some optical modules for CRS518 switch
- sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices
- snmp - fixed SNMPv3 "Reportable" flag behavior
- snmp - improved outputting of routes
- socks - added VRF support
- ssh - added Ed25519 host key support
- ssh - added support for Ed25519 key export and import in PKCS8 format
- ssh - do not allow SHA1 usage with strong crypto enabled
- ssh - improved service responsiveness when changing SSH service settings
- ssh - improved SSH key import process
- storage - mount RAM drive for devices with 32MB flash
- supout - added DHCP server network section
- switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers
- switch - improved system stability during rapid MAC flapping for 98DXxxxx switches
- switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
- timezone - updated timezone information from "tzdata2023c" release
- vrrp - added "self" value for "group-master" setting
- vxlan - added forwarding table
- vxlan - fixed packet drops when host moves between remote VTEPs
- webfig - added inline comments
- webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu
- webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu
- webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu
- webfig - various stability fixes
- wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only)
- wifiwave2 - added ability to configure antenna gain
- wifiwave2 - added ability to configure beacon interval and DTIM period
- wifiwave2 - added information on additional interface capabilities to radio parameters
- wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN
- wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel
- wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since
- wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters
- wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs
- wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces
- wifiwave2 - fixed VLAN tagging for unencrypted (open) APs
- wifiwave2 - improved general interface stability
- wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax
- wifiwave2 - improved WPS connection speed
- wifiwave2 - increased maximum value for "channel.frequency" to 7300
- wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file
- winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu
- winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu
- winbox - added "S" flag under "IPv6/Firewall/Connections" menu
- winbox - added "Tx Power" property under "Wifiwave2/Status" menu
- winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab
- winbox - added "Username" and "Password" properties under "Container/Config" menu
- winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu
- winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu
- winbox - changed route flag name from "invalid" to "inactive"
- winbox - fixed "TLS" property under "Tools/Email" menu
- winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed
- winbox - fixed changing slot name under "System/Disk" menu
- winbox - fixed default value for "Allow managed" property under "Zerotier" menu
- winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu
- winbox - fixed minor typo in "WifiWave2/Radios" menu
- winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8)
- winbox - improved Ethernet advertise, speed and duplex settings
- winbox - only show permitted countries for wifiwave2 interfaces
- winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu
- www - allow unsecure HTTP access to REST API
- x86 - fixed changing software-id (introduced in v7.7)
- zerotier - upgraded to version 1.10.3

更新時間：2023-04-05
更新細節：

更新時間：2023-02-27
更新細節：

What's new in this version:

- storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only)
- bgp - fixed setting of "default-prepend" parameter
- bridge - fixed adding disabled MSTI
- bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall"
- bridge - fixed possible DHCP packet corruption when using DHCP snooping
- bridge - fixed PVID warning typo
- bridge - improved HW offloading logic
- certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long
- certificate - fixed PBES2 certificate import
- certificate - improved certificate management, signing and storing processes
- certificate - improved multiple certificate import process
- conntrack - improved system stability when changing connection tracking state
- conntrack - improved system stability when PPTP helper is used
- console - added "as-string" parameter to the ":execute" command
- container - added authentication option for registry (CLI only)
- container - fixed ".type" file ownership
- container - fixed file ownership after system upgrade for containers running on internal disk
- container - fixed multiple container automatic startup on boot
- dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used
- disk - limit maximum TMPFS size
- dns - added configurable DoH concurrent query limitation parameters
- dns - do not cache results from ":resolve" command with specific server
- dns - fixed CNAME reading from the cache
- dns - limited "DoH max concurrent queries reached" logging messages to once per minute
- dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server
- firewall - fixed bridge priority target
- firewall - fixed DSCP priority target for IPv6 Mangle
- firewall - fixed netmap range maximum address calculation for IPv6 NAT
- graphing - fixed hiding of target queues when "allow-target" is disabled
- graphing - fixed sorting of interface and queue graphs
- graphing - properly handle disabled and static-binding interface graphs
- graphing - removed "move" command for graphing rules
- health - fixed "temperature" and "power-consumption" readings for RB1100AHx4
- hotspot - fixed setting of "address" parameter for IP binding
- hotspot - restore cookie timeout on reboot
- ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only)
- ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt
- ipsec - added support for "Framed-Route" RADIUS attribute support
- ipsec - do not match incoming IKE requests by unresolved DNS name peers
- ipsec - fixed peer matcher for incoming connection with unresolved DNS
- ipv6 - added "pref64" option configuration for RA
- ipv6 - improved handling of "advertise" IPv6 address status changes
- ipv6 - limited "hop-limit" parameter value range to 255
- ipv6 - made distributed DNS lifetime RFC8106 compliant
- l3hw - added destination MAC address check for offloaded FastTrack connections
- led - fixed signal reading for KNOT device
- leds - always require to set interface name when setting "modem-signal" indication
- lte - added AT support for Telit LE910C4 in MBIM mode
- lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems
- lte - fixed automatic antenna selection on Chateau LTE12/LTE18
- lte - fixed dialing for Fibocom L850-GL module
- lte - fixed displaying of "subscriber-number"
- lte - fixed possible memory leak when using passthrough mode on Chateau 5G
- lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems
- lte - improved modem detection speed in lower mini-PCIe slot on LtAP
- lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout
- lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required)
- lte - parse USSD even if encoding is unsupported
- mpls - fixed handling of more than 9 VRF's
- mpls - fixed LDP listen socket creation before IPv6 address is ready for use
- mpls - improved stability when neighboring router reboots
- ospf - fixed "ospf-type" parameter for OSPFv3 routes
- ospf - fixed simple auth for OSPFv3
- ovpn - added AES-GCM and multicore encryption support
- ovpn - improved server stability
- ovpn - improved TLS-related error logging
- pimsm - improved system stability
- poe - added LLDP power management support for 802.3at PSE
- poe - properly turn off power when link not detected on hAP ax2 and hAP ax3
- port - fixed modem channel number on KNOT
- pppoe - fixed PPPoE client scan showing only one server
- resource - show filesystem related statistics on CCR2004
- route - fixed IPv6 default route presence when received from RA
- route - fixed printing of routing table's "count-only" parameter
- route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes
- routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required)
- routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required)
- sfp - fixed false link detection with S+RJ10 on RB5009
- sfp - fixed reading of SFP EEPROM on single SFP port devices
- sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices
- sms - improved reporting of SMS sending errors
- sms - log USSD response when USSD is sent over MBIM
- sniffer - added additional filtering parameters
- snmp - do not show identity in LLDP when branding is used with hide SNMP data
- snmp - fixed handling of disabled routes
- snmp - fixed reporting of total number of routes counter
- ssh - hard-coded "localhost" address for forwarding requests
- ssh - improved system stability when processing none-crypto SSH connection
- sstp - fixed TLS session establishment when "connect-to" is DNS name
- switch - fixed SFP rate select for CRS354 devices
- switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
- switch - improved system stability for 98DXxxxx switch chips
- swos - removed "/system swos" menu for CRS5xx series switches
- torch - allow "without-paging" parameter for Torch
- traffic-generator - increased maximum allowed stream count
- upgrade - show error message when license prohibits upgrade
- usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
- vxlan - added "dont-fragment" setting that allows managing fragmentation
- vxlan - added "max-fdb-size" parameter
- vxlan - added FastPath support
- webfig - allow setting numeric values in time interval fields
- webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin
- webfig - fixed editing of multi-field parameters with "not" checkbox
- webfig - fixed handling of empty skin files
- webfig - improved navigation responsiveness
- webfig - improved skin file parsing
- webfig - improved terminal operation
- webfig - properly escape all reserved URI characters
- webfig - updated WebFig and graph web pages to HTML5
- wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only)
- wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected
- wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax
- wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21
- wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4)
- wifiwave2 - implement 802.11w management protection SA Query procedures
- wifiwave2 - improve protections from denial-of-service attacks on WPA3
- winbox - added "Connect" button under "WifiWave2/Scan" menu
- winbox - added "Disable/Enable" buttons under "WifiWave2" menu
- winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu
- winbox - added "Provision" button under "WifiWave2" menu
- winbox - added "Start On Boot" checkbox under "Container" menu
- winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu
- winbox - added missing properties when setting "Use DoH Server"
- winbox - added missing WifiWave2 related parameters under "WifiWave2" menu
- winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu
- winbox - added Type "https-get" parameter under "Tools/Netwatch" menu
- winbox - allow selecting bridge for static entries under "Bridge/MDB" menu
- winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu
- winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu
- winbox - fixed displaying of flags under "System/Console" menu
- winbox - fixed displaying of multiple character flags
- winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu
- winbox - hide "TTL" value for static DNS entries with FWD type
- winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu
- winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu
- winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu
- winbox - show "Gateway" column by default under "IPv6/Routes" menu
- x86 - added support for TP-Link TG-3468
- x86 - fixed SR-IOV support for Intel X710 series NIC
- x86 - improved Intel 500 series 10G SFP module support
- x86 - improved stability for Intel X550 series NIC with SR-IOV
- zeroter - fixed routes after VRF change

更新時間：2023-01-13
更新細節：

What's new in this version:

- bgp - added comment functionality for BGP VPN (CLI only)
- bgp - do not reflect route back to sender
- bgp - fixed BGP advertisement PCAP saver
- bgp - fixed connection establishment using link-local addresses
- bgp - improved BGP advertisement printing
- bgp - improved BGP session load distribution across multiple CPU cores
- bgp - properly set "bgp-ext-communities" from "communities" list
- bluetooth - added unique advertise message filtering
- bonding - properly detect VPLS interface state changes
- branding - fixed identity setting from branding package
- bridge - added support for static MDB entries
- bridge - disallow port-controller while the bridge has MSTP enabled
- bridge - fixed "edge=yes" setting for MSTP
- bridge - fixed MSTP compatibility with STP
- bridge - fixed R/M/STP bridge identifier on protocol-mode change
- bridge - fixed RSTP BCP with bridged PPP interfaces
- bridge - fixed STP blocking state on port-controller
- bridge - fixed host moving with fast-path
- bridge - fixed incorrect root port blocking for MSTP
- bridge - fixed master port conversion
- bridge - fixed mst-override port priority for MSTP
- bridge - fixed port priority for STP and RSTP
- bridge - improved port-controller system stability
- bridge - improved system stability when using MSTP and many VLAN mappings
- bridge - removed "age" monitoring property from the host table
- certificate - improved Let's Encrypt logging and error recovery
- certificate - improved certificate management, signing and storing processes
- conntrack - improved system stability when PPTP helper is used
- conntrack - improved system stability when processing SCTP connections on TILE
- console - updated copyright notice
- container - fixed access to "/dev/stderr" from containers
- container - fixed handling of groups and usernames from Dockerfile
- container - fixed tar extracting
- container - made "ram" and "tmp" directories use tmpfs
- crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules
- dhcpv6-client - handle receiving of invalid T1 and T2 times
- discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor
- discovery - added "mode" parameter for discovery configuration
- discovery - fixed neighbor discovery on Mesh interfaces
- discovery - report IPv6 LL address if global address does not exist
- disk - added support for manual RAM file system (TMPFS) creation (CLI only)
- disk - improved external storage file system mounting, formatting and naming
- dns - do not query upstream DNS servers for matched regex records
- dns - fixed changing of "forward-to" parameter for FWD entries
- dns - fixed handling of CNAME entry pointing to another FWD entry
- dns - fixed handling of FWD entries where "forward-to" is a hostname
- dns - fixed incorrect TTL=0 reporting for cached entries
- dns - improved resolved static entry addition to address list
- dns - improved service stability when CNAME points to a FWD entry
- dns - query upstream DNS servers for other record types even if static entry exists
- dns - require "write" policy for DNS cache flushing
- dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains
- filesystem - fixed repartition on devices with containers
- firewall - added "set-priority" option for IPv6 mangle firewall
- firewall - made "dynamic" parameter settable for IPv4 address lists
- hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation
- hotspot - fixed maximum allowed connections limitation
- hotspot - fixed minor memory leak after each successful login from WEB
- hotspot - improved limitation of maximum allowed connections
- hotspot - improved system stability when clients migrate between bridge ports or VLANs
- ike1 - disallow "remote-id" setting for identity
- ike1 - fixed XAuth responder trying to recreate phase 1
- ike1 - improved expired IPsec-SA processing
- ike2 - added support for ChaChaPoly1305 encryption
- ike2 - added support for DH Group 31 (EC25519) (CLI only)
- ike2 - fixed rekey notify creation
- ike2 - improved certificate payload parsing
- interface - do not allow adding invalid "veth" interfaces
- interface - improved system stability when handling large packets on CCR2216
- interface - show RTL8153 CDC Modem Device as ethernet
- ipsec - added "current-address" parameter for peers with DNS address
- ipsec - added hardware acceleration support for IPQ-6010
- ipsec - added support for AVX optimized SHA acceleration
- ipsec - improved "H" (hw-aead) flag presence for accelerated SA's
- ipsec - improved IKE payload processing
- ipsec - improved configuration of IPsec proposal auth-algorithms
- ipsec - removed Blowfish and Camellia encryption algorithms for IKE
- ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled
- ipv6 - do not use invalid/disabled global addresses for IPv6 ND
- l2tp - added VRF support for L2TP Ether interfaces
- l3hw - fixed host offloading in a case of MAC address change
- l3hw - fixed offloaded NAT for CRS309 switch
- l3hw - improved system stability when disabling or enabling L3HW offloading
- leds - fixed default LED configuration on netFiber 9
- leds - fixed turning off LEDs after system shutdown
- lte - added AT channel support for Telit FN990
- lte - added CA information in 5G mode
- lte - fixed error handling on opening AT control channel
- lte - fixed new MTU value validation
- lte - improved stability when LTE passthrough is enabled on Chateau 5G
- lte - properly show leading zeros in MCC and MNC strings
- lte - show band number in "ca-band" in NSA mode on Chateau 5G
- lte - use RSRP value reported by MBIM signal for MBIM type modems
- macsec - fixed packet duplication on Ethernet interface
- macsec - fixed packet transmission using traffic-generator
- macsec - fixed packet validation
- modem - added USB tethering support for Google Pixel 7 devices
- mpls - added VPLS LDP information in remote/local-mappings
- mpls - fixed assigning of explicit null label for IPv6
- netinstall - added "-i " parameter for Netinstall (CLI Linux)
- netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41
- netinstall - improved automatic netbooting interface selection
- netwatch - added support for "https-get" type (CLI only)
- netwatch - fixed reporting of VRF name in logging messages
- netwatch - improved "interval" and "packet-interval" coexistence for ICMP type
- ntp - log error message when server is unreachable
- ospf - fixed MD5 checksum calculation
- ospf - fixed simple authentication and checksums for NBMA and PTMP links
- ospf - fixed simple authentication checksum calculation
- ospf - fixed virtual-link address selection for PTP links
- ovpn - added "CBC" postfix to AES cipher names
- ovpn - added "route-nopull" option for client side
- ovpn - added hardware acceleration support for IPQ-6010
- ovpn - added support for IPv6 tunneling
- ovpn - fixed "Called-Station-Id" usage in RADIUS requests
- package - fixed missing menus when both "lora" and "wifiwave2" packages are installed
- ping - fixed ARP ping
- port - added serial port support for Telit FN990 modem
- port - do not show unusable USB port on hAP ax^2
- port - fixed R11e-LTE6 port mapping
- ppp - changed default lease time of dynamic DHCPv6 server to 1 day
- ppp - do not inherit routing mark for encapsulated packets
- ppp - fixed displaying of "info" command for PPP client
- ppp - improved authentication method negotiation
- pppoe - improved service stability when establishing PPPoE sessions
- quickset - fixed addition of bridge filter rules in bridged mode
- quickset - fixed interface list member table on configuration changes
- quickset - update DNS server IP address when changing router's IP address
- rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto"
- sfp - added 2.5G SFP module support for RB5009
- sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module
- snmp - added support for "lldpRemLocalPortNum" OID's
- snmp - improved stability when receiving bogus packets
- ssh - added support for Ed25519 key exchange
- ssh - do not allow SHA1 usage with strong crypto enabled
- ssh - fixed handling of non standard size RSA keys
- supout - added MSTI and mst-override monitor for bridge MSTP
- supout - added missing IPv6 firewall sections
- switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches
- switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches
- switch - fixed egress mirror for 98DX4310 and 98DX8525 switches
- switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips
- switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches
- switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
- switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
- switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch
- switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6)
- switch - increased the maximum value of "rate" for ACL rules
- swos - fixed "allow-from-ports" setting
- swos - fixed SwOS configuration changes from RouterOS
- swos - improved default SwOS backup file name
- system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE
- system - improved handling of user policies
- timezone - updated timezone information from "tzdata2022g" release
- tr069-client - updated data model to version 2.15
- traffic-flow - fixed sending of sampling interval
- tunnels - added VRF support for EoIP, IPIP and GRE tunnels
- vpls - expose VPLS related debug logs to "vpls" logging topic
- vrrp - always use slave interface MTU
- vrrp - improved interface stability on configuration changes
- vxlan - added "local-address" parameter support
- vxlan - added VRF support
- w60g - improved system stability for Cube Pro devices
- webfig - ensure login page is displayed after each log out
- webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin
- webfig - fixed displaying of VRF routes
- webfig - fixed input validation for "VPLS ID" parameter
- webfig - fixed setting of "DHCP Option Set" parameter
- webfig - improved WEB caching capabilities
- webfig - properly detect current location for navigation buttons
- webfig - properly show limited number of available options
- wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only)
- wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT
- wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only)
- wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only)
- wifiwave2 - added information of per-station throughput in the registration table
- wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only)
- wifiwave2 - added interworking/Hotspot 2.0 support (CLI only)
- wifiwave2 - added more informative log messages on configuration profile changes
- wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only)
- wifiwave2 - do not permit a client device to be connected to more than one interface at a time
- wifiwave2 - fixed "radio-mac" provisioning matcher
- wifiwave2 - fixed 4-way handshake with TKIP
- wifiwave2 - improved compliance with regulatory domain information
- wifiwave2 - improved general system stability
- wifiwave2 - improved system stability when multiple virtual AP are configured
- wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently
- wifiwave2 - released packages for MMIPS, PPC, TILE and x86
- wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day
- winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces
- winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu
- winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax
- winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries
- winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table
- winbox - do not show LACP related status parameters for other bonding types
- winbox - fixed default MTU value for CAP interfaces
- winbox - fixed minor typo in "Zerotier" menu
- winbox - improved handling of large WinBox protocol messages
- winbox - increased maximum number of Winbox read-only sessions 5->25
- winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file
- winbox - removed bogus VRF tab from "Interface" menu
- winbox - show "Switch" menu on Chateau 5G ax
- winbox - show "Switch" menu on NetFiber 9
- winbox - show "System/Health/Settings" only on boards that have configurable values
- winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature
- winbox - show "USB Power Reset" menu on Chateau 5G ax
- winbox - show dynamic comment in WifiWave2 registration table
- wireless - fixed "nstreme" related parameter control in skins
- wireless - fixed setting of realms interworking parameter if realms-raw is unset
- x86 - added support for SUN 10G NICs
- x86 - improved igc driver support

更新時間：2023-01-04
更新細節：

更新時間：2022-11-30
更新細節：

更新時間：2022-11-29
更新細節：

更新時間：2022-10-31
更新細節：

更新時間：2022-10-27
更新細節：

更新時間：2022-10-27
更新細節：

What's new in this version:

Nessus 10.3.1
Security Updates:
The following are security updates included in Nessus 10.3.1:
Updated the following libraries to address several vulnerabilities:
- Updated datatables to 1.12.1
- Updated moment.js to 2.29.4
- Updated libexpat to 2.4.9
- Updated libxml2 to 2.10.3
- Updated zlib to 1.2.13

Upgrade Notes:
- If you are upgrading to Nessus Expert from a previous version of Nessus, you must upgrade Nessus to 10.3 prior to performing the Expert upgrade
- Due to the dynamic plugin compilation update, Nessus customers who have custom plugins could experience compilation failures if their plugins do not adhere to the updated standards outlined in the NASL Library Optimization guide. We recommend that customers with custom plugins review this guide and make any necessary updates before updating to Nessus 10.0.x.
- You can upgrade to the latest version of Nessus from any previously supported version
- If your upgrade path skips versions of Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes
- If you want your scanners to automatically update to the newest version before the GA date, set your Nessus Update Plan to Opt in to Early Access releases
- If you want to manually update your scanners to the latest version before the GA date, disable automatic updates so the scanner does not automatically downgrade to the previous version

For Nessus 8.8.0 and later running on Windows, you must install Visual C++ Redistributable for Visual Studio 2015 on the host operating system. The following Windows versions require a minimum Service Pack to be installed:
- Windows 7 SP1
- Windows Server 2008 SP2
- Windows Server 2008 R2 SP1


Nessus 10.3.0
New Features:
The following are the new features included in Nessus 10.3.0:
- Added the new Nessus Expert license and the ability to upgrade to Nessus Expert from the user interface
- Added new Terrascan scanning features to Nessus Expert
- Integrated Bit Discovery into Nessus Expert as a new scan template: Attack Surface Discovery
- Note: The attack surface discovery scan currently has a limit of discovering 375,000 child domains and displaying 2,500 domain results in the default results view. You can view all the scan results by applying filters. Tenable is working to extend the maximum child domain amount for customers with larger sets of exposed child domains.
- Updated OpenSSL to support version 3.0.5
- Updated Tenable.io-linked scanners to support differential plugin updates
- You can now configure trusted certificate authorities (CAs) for individual scans

Changed Functionality and Performance Enhancements:
The following enhancements are included in Nessus 10.3.0:
- Updated the Nessus NASL compiler to stop when it encounters file errors

Fixed:
- an issue where ACAS colors would appear incorrectly
- an infinite loop issue related to certain HTTP requests
- an RDNS lookup issue that affected some Nessus instances


Nessus 10.2.0
New Features:
The following are the new features included in Nessus 10.2.0:
- Added a new Scan Summary tab that highlights important scan data in Nessus Professional
- You can now configure update plans for Nessus Agents linked to Nessus Manager
- BYOL scanners can now add scan targets by Instance ID
- Added details of plugin execution failures to audit trails

Changed Functionality and Performance Enhancements:
- The following enhancements are included in Nessus 10.2.0:
- Added more detailed logging for node scans
- Improved compliance reporting performance by removing description data
- Extraneous data in compliance descriptions is now disabled by default
- Added a preference setting that limits the amount of data generated by compliance plugins

Security Updates:
- The following are security updates included in Nessus 10.2.0
- Updated Zlib to version 1.2.12 to address a medium level vulnerability
- Updated libexpac to version 2.4.8 to address several security vulnerabilities
- Removed Nessus version information from unauthenticated API calls
- Updated jQuery UI to version 1.13.0

Fixed:
- Fixed an issue where custom audit files were not included in user-to-user data transfers
- VPR data loading is now postponed until after an upgrade-driven restart
- Fixed an issue where a database file was incorrectly deleted due to contention
- Fixed an issue where plugins would fail to abort when reaching memory limits in certain environments
- Fixed an issue where agent scan durations were exceeding the scan window setting
- Fixed an issue where a User-Defined Nessus Agent scan would incorrectly save as an Advanced Agent scan
- Fixed an issue where the Nessus Manager dashboard would not change when plugin rules are applied
- Fixed an issue where Web App Scanning scan configuration options were not editable
- Fixed an issue where exported report sections would be incorrectly colored
- Fixed an issue where the report reference text would overlap the surrounding content
- Fixed an issue where linking a Nessus scanner to Tenable.io would fail when designating group memberships


Nessus 10.1.2
The following are the new features included in Nessus 10.1.2:
- You can now install and access Terrascan, a static code analyzer for Infrastructure as Code, on your Nessus Professional or Essentials instance from the new Terrascan page. Terrascan is most commonly used in automated pipelines to identify policy violations before insecure infrastructure is provisioned.

The following are security updates included in Nessus 10.1.2:
- OpenSSL was updated to the latest version 1.1.1n
- For more information, see the Tenable Product Security Advisory


Nessus 10.1.1
- Updated the Nessus Expat library to version 2.4.4 to address security vulnerabilities identified in previous Expat versions


Nessus 10.1.0
- Improved performance and scalability for Nessus Manager clustering

Nessus now supports the following operating systems:
- Oracle Linux 8
- Windows 11
- Windows Server 2022
- Ubuntu 18 for Arm/Graviton2
- Mac 12 (Monterrey)

Changed Functionality and Performance Enhancements:
The following additional enhancements are included in Nessus 10.1.0:
- Updated reports with a consistent look and feel
- Updated debug report with a list view for better ease of use
- Reduced CPU utilization of Nessus when running on Openshift servers
- Nessus now discards the results of a dead target if it becomes unreachable mid-scan when the stop_scan_on_disconnect flag is on
- Updated Nessus to use the latest version of snappy 1.1.7 (a compression agent)
- Updated Nessus to use the latest version of libxml2 2.9.11 (a XML parsing utility)

Security Updates:
The following are security updates included in Nessus 10.1.0:
- Secured underscore.js (a Javascript library) against arbitrary code injections

Fixed:
- memory allocation handling to better handle allocation errors encountered in certain plugins
- a reporting error where multiple vulnerabilities found on a single host were not counted properly
- a reporting user interface problem where the PDF report option was not being presented
- Improved the build process to address an Amazon Linux package signing error.
- a report issue where plugins with risk factor none would cause empty results
- a browser zoom issue where some vulnerability and compliance counts would disappear on the percentage bar
- Updated the scan API documentation to provide required integer values for severity levels.
- Updated Nessus KB article 000001742 to correctly describe the method by which the engine determines that a target host is unresponsive.
- manager web server performance by increasing file upload handling efficiency
- an error where the local scanner database item was inadvertently replaced


Nessus 10.0.2
Changed Functionality and Performance Enhancements:
- To facilitate a rapid response to new and critical security threats, Tenable.io users can now trigger an immediate plugin update on their scanners from the Tenable.io user interface, rather than waiting for the standard 24-hour plugin update cycle.


Nessus 8.15.2
- Nessus has been updated with the latest version of OpenSSL 1.1.1l


Nessus 8.15.1
Changed Functionality and Performance Enhancements:
- Improved scan times by enforcing plugin timeout values. Modified the evaluation order for plugin timeout options to allow for timeout value overrides for all plugins
- Improved plugin compilation speed

Fixed:
- Improved scan times by fixing an issue that caused slow plugin behavior after a plugin timeout
- Fixed an issue with memory usage tracking that could cause plugin aborts and Agent connection issues with large Nessus Manager / Agent deployments


Nessus 8.15.0
Security Updates:
- This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory
- A vulnerability where after an installation occurs and the user runs a repair on the installation, the repair option allows any user to execute the action without admin privileges has been fixed
- Two third-party libraries (SQLitesqlite)were identified as vulnerable and have been updated

New Features:
- Nessus CLI now supports a new command, nessuscli import-certs, to add certificates, validate that they are matching, and place them in the correct directory
- For more information, see Nessuscli in the Nessus User Guide

Changed Functionality and Performance Enhancements:
- Nessus now uses Npcap as a Windows packet capture library, instead of WinPcap, which was discontinued
- The Windows 2008 OS is no longer supported

Implemented multiple improvements for logging:
- A new log file, nessuscli.log, logs all Nessus CLI operations
- Improved logging to show successful and failed scan uploads
- Improved logging for www_server.log to show start, end, and elapsed times for each access to the Nessus web server
- Nessus scanner type added to the log
- pre_sig.txt & post_sig.txt have been combined into other_logs.txt
- Nessus now uses milliseconds timestamps in backend.log
- Added to logs when a scan fails due to missing files instead of ignoring
- Advanced settings of agent scan for "Audit Trail Verbosity" and "Include the KB", settings override the server advanced settings called "agent_merge_audit_trail" and "agent_merge_kb" if disabled to ensure proper function
- A new Advanced Setting, merge_plugin_results, was added to support merging plugin results for plugins that generate multiple findings with the same host, port, and protocol. This setting is recommended to be enabled for scanners linked to Tenable.sc

Fixed:
- an issue where agents would not link after transitioning from Nessus Manager to Tenable.io
- an issue where scheduled scans in Nessus Manager would fail
- an issue where there is a discrepancy in CSV file generated from compliance scan export vs what is shown in the U
- an issue where an IPv6 target scan would fail
- an issue where Nessus would ignore certain rules


Nessus 8.14.0
New Features:
CVSSv2 and CVSSv3 Support: Configurable Severity Base:
- You can choose whether Nessus calculates the severity of vulnerabilities using CVSSv2 or CVSSv3 scores by configuring your default severity base setting. When you change the default severity base, the change applies to all existing scans that are configured with the default severity base. Future scans also use the default severity base. For more information, see Configure Your Default Severity Base in the Nessus User Guide.
- You can also configure individual scans to use a particular severity base, which overrides the default severity base for those scan results. For more information, see Configure Severity Base for an Individual Scan in the Nessus User Guide.
- By default, new installations of Nessus 8.14 or later use CVSSv3 scores (when available) to calculate severity for vulnerabilities. Preexisting upgraded installations from earlier than 8.14 retain the previous default of CVSSv2 scores.

VPR Support for Nessus:
- Vulnerability Priority Rating (VPR), the output of Tenable Predictive Prioritization, is a dynamic companion to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to reflect the current threat landscape. VPR helps organizations improve their remediation efficiency and effectiveness by rating vulnerabilities based on severity level – Critical, High, Medium and Low. For more information, see CVSS Scores vs. VPR in the Nessus User Guide.
- You can now view a new tab for scan results, Top Threats by VPR, which displays the 10 most severe vulnerabilities as determined by their VPR score. For more information, see View VPR Top Threats in the Nessus User Guide.
- VPR is a dynamic score that changes over time to reflect the current threat landscape. However, VPR Top Threats reflect the VPR score for the vulnerability at the time the scan was run. To get updated VPR scores for vulnerabilities in a scan, re-run the scan.
- To ensure VPR data is available for your scans, enable plugin updates
- Changed Functionality and Performance Enhancements

The following additional enhancements are included in Nessus 8.14.0:
- The Nessus user interface was updated to use more inclusive language
- Nessus backups now include concatenated certificate container .pem files

Security Updates:
- OpenSSL was updated to the latest version 1.1.1k. For more information, see the Tenable Product Advisory

Fixed:
- Fixed an issue with Nessus agent clustering where not all agent results were shown correctly in the UI when under heavy load, due to DB lock and network connection issues.
- Fixed an issue where group settings would not get honored when linking agents to a clustered Nessus Manager
- Fixed an issue where agent scans could get aborted if the node it was linked to performed a plugin update while the scan was active
- Fixed an issue that, in very rare cases, could cause Nessus to crash on the first day of each month when attempting to run scheduled scans
- Corrected the URL displayed for offline Nessus activation to use HTTPS instead of HTTP
- Added UI support for specifying an IPv6 address when configuring a proxy server to link a managed scanner
- Corrected the online API documentation for the /api#/resources/scans/configure to note that the "name" field is required


Nessus 8.13.2
- OpenSSL was updated to the latest version 1.1.1k


Nessus 8.13.1
- Fixed issue on Nessus Manager cluster parent node with processing Agent scan results greater than 2GB


Nessus 8.13.0
- Ability to deploy Nessus as a Docker image for a container – Users can now access an official Docker image for Nessus to deploy as a container. You can run Nessus offline or online, and the deployment includes plugin support
- For more information, see Deploy Nessus as a Docker Image in the Nessus User Guide
- Additional operating system support – Nessus is now supported on Amazon Linux 2 and Apple macOS Big Sur (11)
- Agent Remote Configuration – You can configure some agent settings remotely from Nessus Manager, rather than having to configure the setting directly on the agent
- For more information, see Modify Remote Agent Settings in the Nessus User Guide
- New Predefined Reports for Nessus Professional– Added three new predefined reports for Nessus Professional customers, allowing users to create HTML or PDF reports that preconfigure the most useful summaries for vulnerability management


Nessus 8.12.1
Fixed:
- Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.


Nessus 8.12.0
Changed Functionality and Performance Enhancements:
- Added additional data to the Nessus debug report, to better assist in troubleshooting, including public/non-secret certificate information and license type and features.
- Removed the Scanner tab from the Nessus user interface for all license types except for Nessus Manager.
- In Nessus Manager, linked agents and scanners are now accessed from the new Sensors page in the top navigation bar.

Bug Fixes:
- Fixed an issue with using the "pkg add" command for installation on FreeBSD v11
- Fixed an issue with connections being dropped if Nessus tried to open more than the configured maximum number of concurrent TCP sessions per host for a target
- Fixed an issue where the "last scanned" timestamp for an Agent was updated even if the Agent did not report results
- Fixed an issue where unlinked Agents were sometimes not being deleted from Nessus Manager
- Improved performance of some database queries that were potentially causing Agent merges to fail due to database lock timeouts.
- Fixed a bug with target list enumeration that in rare cases was causing Tenable.io cloud scanners to get in an infinite loop and run out of memory


Nessus 8.11.1
Changed Functionality and Performance Enhancements:
- nessusd.dump Log File Millisecond Timestamps - When the advanced setting logfile_msec is enabled, millisecond resolution is enabled for nessusd.dump log file timestamps. Previously, only the nessusd.messages log file supported this setting
- Added Context for Security Notes - Nessus scan security notes now show the IP address and plugin ID of the target and plugin that produced the note, adding critical context which is useful for debugging
- Duplicate Agent Detection - Nessus Manager detects duplicates agents that have the same MAC address. When the agent setting detect_duplicates is enabled, agents detected as a duplicate automatically unlink and reset its Tenable UUID
- Updated jQuery third party library - Upgraded the version of jQuery used in the online Nessus API documentation, to remove security vulnerabilities reported in the older version

Bug Fixes:
- Added protections to prevent out-of-bounds memory access in the NASL process space
- Added validation checks to the JSON config file used for streamlined scanner deployment
- Fixed an issue causing the session timeout to not be honored when the user was on the Settings > About page
- Added systemd support for Debian/Ubuntu on versions that use systemd over init.d, to address an issue with running as non-root user
- Fixed an issue encountered in Google Chrome where the navigation links were only clickable from the bottom
- Fixed a pagination issue with host discovery scan results when a large number of hosts was returned
- Fixed an issue where Agent scans configured with a 24-hour scan window would miss the next day's launch due to unfinished processing for the current scan
- Updated DB access settings to prevent the possibility of DB corruption on Nessus Manager configured as a Cluster Manager
- Fixed an issue where scanners managed by Tenable.io would not update plugins if a core software update was also pending
- Fixed a race condition that could cause scan results to not be detected as completed, resulting in aborted scan chunks


Nessus 8.11.0
- Change log not available for this version


Nessus 8.10.1
New:
- Added Option to Force Stop a Scan Job - Added the ability to force a scan job to stop

Changed Functionality and Performance Enhancements:
- Increased time window for marking an agent as offline - Improved the determination of when an agent should be considered offline
- Upgraded Nessus to use OpenSSL 1.1.1g
- Streamlined application of large cloud-based exclusion lists to improve scan performance

Bug Fixes:
- Scanners managed by Tenable.io will now support updating plugins from Tenable.io while scans are running. Updated plugins will be applied to new scans, not already-running scans
- Fixed an issue with target scanning access not being enforced consistently for Tenable.io scans
- When a recast rule is used for an emailed report the recast rule was ignored
- Resolved an issue where scans run on the first of the month filled-up the disk space with verbose log detail for certain customers
- When using the "CVSS Vector Contains" filter in Nessus Pro, results did not match the filter
- Email notification for agent scans did not send when clustering is enabled
- For Agent scans in clustered environment, the "plugin_set" value was not available in .nessus exports
- Resolved issue when processing large exclusion lists that caused delays in starting scans
- Exported HTML/PDF did not display enumerated service names
- Agent scan in clustered environment was reporting in pending state rather than running
- Improved the determination of when an Agent should be considered offline
- Fixed an issue where Agent blackout windows were not enforced for Agents in a clustering configuration


Nessus 8.10.0
New Features:
- Backup and Restore Tool - Ability to create Nessus backups that can easily and quickly be restored
- Nessus Upgrade Plan - In Nessus Professional and managed scanners linked to Tenable.io, users can set a Nessus Update Plan that determines the version that Nessus updates to.
- Downgrade Option - Support downgrade to a prior version of Nessus
- Note: Users cannot downgrade to versions prior to 8.10.0
- Slow Rollout - Roll out new Nessus releases to the Tenable Update Server for licensed Nessus Professional and Nessus Manager installations separately from Tenable.io. New Nessus versions will be made GA for Tenable.io-linked scanners to auto-update one week after the GA for the release. The new version will be available on the Tenable Nessus Download page on the GA date, for customers that want to update earlier.
- Predefine Nessus Manager linking key - In Nessus Manager, you can manually set the linking key for Agents and Nessus scanners to help streamline deployments
- Specify scanner groups when linking scanners to Tenable.io - When linking Nessus scanners to Tenable.io using the CLI, you can set the scanner group to which to automatically add the scanner.

Bug Fixes:
- Fixed an issue with Apple IOS MDM Compliance Checks that users were prompted to specify multiple credential types
- Fixed an issue were plugin 10716 caused the scanner to crash
- Fixed issues where high CPU usage was seen during a scan
- High CPU was seen on scan of Linux Server after upgrade to 8.7.2
- Scans aborting in Tenable.io because nessusd process throttles at 99%
- Fixed issues related to scans running longer than normal or not completing
- Nessus scans stuck stopping on scanners from Tenable.sc
- Unofficial External PCI scan never completes
- Tenable.io scan using local scanners is taking days rather than hours
- Tenable.io scan has been "Running" for over 5 days in UI
- External PCI Scan taking a lot longer than usual
- Scan taking longer than it should
- Scans inconsistently ending in 'partial' status due to scanners timing out
- Scans failing to complete


Nessus 8.9.1
New Features:
- Additional SSL cipher options - Additional security by updating our SSL cipher options to take full advantage of OpenSSL 1.1.1
- Additional OS support - Added support for MacOS Catalina (10.15)
- Changed Functionality and Performance Enhancements
- Quality and stability improvements

Bug Fixes:
- Fixed issue where a user errantly receives a SIGABRT when running a large scan
- Fixed issue where SYN Scanner improperly listed ports by first numeral instead of entire port number
- Fixed issue with Scan config defaulting to UTC instead of system timezone
- Fixed issue with settings page not loading after upgrade
- Fixed issue related to poor performance of external PCI scans on AP cloud scanners
- Fixed issue with Dashboard Tab not showing despite being selected in the scan configuration
- Fixed issue related to data filtering of agents
- Fixed issue related to timezone misconfiguration allowing customers to schedule scans in the past
- Fixed issue with not being able to set the agent blackout window using IE 11


Nessus 8.9.0
New features:
- Streamlined Sensor Deployment - Capability to include environmental configuration variables as part of a sensor installation
- For more information, see Mass Deployment Support in the Nessus User Guide

Changed:
- Open SSL v1.1.1 Update - Nessus scanners will leverage OpenSSL v1.1.1 as part of this release
- This causes impact to the ciphers and SSL versions supported. For more information, see the knowledge base article
- Capability for Nessus to support plugin databases greater than 4 GB
- This causes an automatic full recompilation of the plugins upon first startup after upgrade, which may take several minutes

Bug Fixes:
- Fixed issue where a user was unable to login to Nessus using a certificate
- Fixed issue where remediation tab was not being displayed
- Fixed issue where a basic user could not view results in Nessus Manager
- Fixed issue where a scan with a policy with mixed plugin families would not run
- Fixed issue related to upgrading on Windows platforms from earlier versions of Nessus
- Fixed issue with cloud scans aborting


Nessus 8.8.0
New Features:
- Red Hat 8 Support - Nessus now supports Red Hat 8 as a supported host operating system
- Agent key update confirmation - A confirmation prompt now appears when a user a
ttempts to update the Nessus Agent key

Change:
- Log rotation max_files default change - The default value for number of log files retained when rotating logs has changed from 100 to 10. This change applies to backend.log and www_server.log files, and will cause the oldest files to be rotated off if the new maximum is exceeded. Customers can modify the number of log files retained by changing the setting in the log.json file

Bug Fix:
- Fixed an issue where ping doesn't work in a static route network environment
- Fixed an issue where some appliances were consuming their available disk space with logs by reducing the default log rotation Max_Files value to 10
- Fixed an intermittent issue where blackout windows were not enforced by Nessus Manager
- Fixed an intermittent issue where agent policies may have been missing a selected tag
- Fixed a presentation issue in the UI with very long folder names
- Fixed an issue where blackout windows were not enforced immediately after 00:00
- Fixed an issue where an agent unlinked from UI cannot relink from agent CLI
- Fixed an intermittent issue with heartbeats not properly timing out in the NASL recv() function


Nessus 8.7.2
New Features:
- International Character Display: Added ability to properly store and display international characters in Nessus scan results.
Bug Fixes:
- Fixed an issue where Tenable.io linked scanners had intermittent SSL errors if they could not reach ocsp.digicert.com.
 

Nessus 8.7.0
New Features:
- Nessus Manager Clustering Enhancements: Support for agent migration into Nessus Manager clusters is now available. Clustering no longer requires a licensing flag, and is available to be configured for all customers using Nessus Manager for large agent installations.
- Tenable Research News Widget: In Nessus Essentials, RSS feed-based notifications present recent publications from Tenable Research in the UI, providing a live view of the ongoing research and publications of Tenable's cutting-edge Research organization.
- Host Discovery Scan Wizard: New users of Nessus Essentials and Nessus Professional trial are presented with a scan wizard upon first use of the product to walk through the process from host discovery to vulnerability scanning. Now it only takes a couple clicks for new users to create and execute their first scan.
- Licensing transparency for Nessus Essentials and Nessus Professional Trial: A new License Utilization page gives Nessus Essentials and Nessus Professional trial users visibility into the hosts that have consumed their licensed pool of hosts, as well as the length of time before each asset will no longer count against the license.
- Updated Host Discovery Results Page: Refreshed the results page for Host Discovery Scans to present more relevant information. Users can now see port, host, and OS information when available, based on the type of discovery scan performed.
- Launch scans from result set of another scan: Users can now select hosts from one scan result set to open or launch a new scan with those hosts pre-populated as targets.
- Scan templates have been grouped by type: Scan templates have now been grouped by type and will fall into one of the following categories: Discovery, Vulnerability, and Compliance.

Bug Fixes:
- Fixed an issue where all agent filters are removed when removing just one.
- Fixed an issue with Nessus compliance filters returning zero results.
- Fixed an issue where Nessus Manager blackout window was not being enforced.
- Fixed an intermittent issue where a scan ran outside of the scheduled scan time when daylight savings time started.
- Fixed an issue where managed scanners were displaying templates that are only available through Tenable.io.
- Fixed an issue where the re-balance button for clustering was not always responsive on first pass.
- Fixed an issue where disabled scans may not run after being re-enabled.
- Fixed an issue where the unread/read scan(s) indicator in the UI was sometimes incorrect.
- Documented the possible agent status values returned from the Nessus/Agents API in the online API documentation.


Nessus 8.6.0
New Features:
- In-Product Notification Enhancements - Improved expiration notifications by adding call to action, upsell links, and added the ability for users to dismiss them until the next scheduled reminder. Added new dynamic strings to enable future notification functionality. Also added new notification history to allow users to review previous notifications.
- Watermarked reports for Nessus Essentials and Nessus Pro Trials - Added watermarks to exported reports for Nessus Essentials and Nessus Pro evaluations.
- Enterprise Supportability: Scan and Policy Ownership - Our enterprise users of Nessus often have personnel changes that require them to change or remove users from their system. This feature allows administrators to claim ownership of user content.
- Telemetry Enhancements - Added an advanced setting that allows users to opt out of providing telemetry reporting back to Tenable. Telemetry information ensures that users will benefit from more intuitive and useful features and capabilities in future Nessus releases. Please refer to the documentation describing advanced settings for more information.
Bug Fixes:
- Bug Fix Defect ID
- Fixed an issue where users were unable to filter the agent list by IP address in Nessus Manager 00832160
- Fixed an issue with exporting HTML custom reports containing non-standard character sets 00775714
- Fixed an issue where multi-homed machines would not honor the forced source IP command 00801670
- Fixed an issue with scan result filters no longer accepting a comma delimited list of values 00832101, 00833265
- Fixed an issue when attempting to add agents by search results to agent groups 00832160
- Fixed an issue where plugin attributes were no longer included in .nessus files sent to T.sc, by adding a config setting to re-enable the attributes 00840184, 00848793
- Fixed an issue where the scanner health page does not appear to display CPU usage correctly
- Fixed an issue with scan plugin filters
- Fixed an intermittent issue with displaying records in the Vulnerabilities view
- Fixed a number of UI presentation issues
- Fixed typo in the advanced settings for Max HTTP Connections
- Fixed an intermittent issue with Agent 'status' on Agent Detail page is not displaying state correctly
- Fixed an issue where 'Plugin Family' filter is not working as expected and showing "no result found"
- Fixed an issue with agent group deletion work flow
- Fixed an issue where search agent count is not displaying correctly
- Fixed an issue where search functionality wasn't as inclusive as expected
- Fixed an issue where unlicensed scanners show as "expired"
- Updated OpenSSL version to 1.0.2s.
- Fixed a potential issue in XMLRPC API affecting Windows installations