Change log of the Cyberwatch software

15.0 (2025-09-29)

This version is a major release.

Highlighted features:

• Assets: add velocity indicators to track response times to vulnerabilities based on defined objectives (preview)
• UX: selecting a CVE, corrective action, security issue, compliance rule, or discovery from the list or the details of an Asset opens a side panel displaying the corresponding detailed information (preview) (preview)
• Projects: multiple improvements, including project-stored credentials, now offering system administrators with limited access the ability to add assets for all application scan modes
• UX: project activation in context is now more visible in the application (preview)
• Details of an Asset: added a map visualization of an asset and its relationships (preview)
• Cloud: support for integration with CloudFormation, to simplify the addition of your AWS environments to Cyberwatch and gain enhanced visibility across all your resources (preview)

New features:

• API: all users can now access the API
• Authentication provider: you can set a time limit before users are deactivated or deleted
• Compliance: added CIS Amazon Elastic Kubernetes Service (EKS) Benchmark
• Docker images: you can now scan Podman containers on Linux assets
• Discoveries:
  • Added AWS Organizations discoveries
  • Added Microsoft Hyper-V discoveries
• Kibana: added a new dashboard dedicated to priority vulnerabilities
• Network targets and websites: pages scanned during a target scan are now displayed on the Web pages tab of the details of an Asset
• Scope:
  • Added security advisories from Veeam Backup & Replication
  • Added support for Amazon SSM Agent on Windows
  • Added support for Debian 13
  • Added support for Erlang OTP
  • Added support for ManageEngine ADSelfService Plus
  • Added support for Rocky Linux 10

Updated features and performance improvements:

• Agentless mode connection: the SNMP device detection feature has been refactored
• API: the /api/v3/servers/{id}/cve_announcements/{cve_code} route also allows you to set a reactivation date for a vulnerability
• Cloud: UX improvements to the assistant to facilitate the use of discovery and compliance features
• Compliance:
  • Updated multiple CIS Benchmarks
  • You can define project-specific compliance repositories, allowing system administrators with limited access to manage the compliance of their assets
• Discoveries:
  • A system administrator with limited access can now create discoveries
  • Amazon ECR discoveries now rely on the AWS API
  • AWS discoveries are renamed to Amazon EC2
  • DNS and Certificate Transparency discoveries now rely on Nmap
• Docker images:
  • Failed analyses are automatically relaunched
  • Support for images with UIDs and GIDs greater than 60000
• External tools: you can specify the body format of Syslog requests
• Vulnerability encyclopedia: extension of CVE catalogs to authorities other than CERT-FR ALE and CISA KEV
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 17
• Scanning engine: improved the IBM AIX equipment analysis
• Scope: improved the Veritas Netbackup support
• Stored credentials: improved endpoint support for Amazon ECR registries

Bugfixes:

• Corrective actions: fixed the Windows Package Manager support to update third-party applications
• Compliance:
  • Fixed the script of Microsoft Windows Server 2022 CIS Benchmarks rules
  • Fixed the script of rule ICS-LIN-6.6.9
• Discoveries:
  • Fixed an IP address retrieval problem for Proxmox discoveries
  • Fixed an issue with uniqueness in group relationships that occurred when automatically adding groups to their associated assets in synchronization mode

14.8 (2025-06-23)

New features:

• Scope:
  • Added security advisories from the BSI Germany
  • Added security advisories from the CERT Centre for Cybersecurity Belgium
  • Added security advisories from the CERT INCIBE Spain
  • Added security advisories from the ENISA EUVD
  • Added security advisories from the EU CSIRTs Network
  • Added security alerts and advisories from the CERT Austria
  • Added support for AlmaLinux 10
  • Added support for Broadcom RabbitMQ Server
  • Added support for Red Hat 10

Updated features and performance improvements:

• Agentless mode connection:
  • The boot date of SNMP devices is now reported
  • The SHA-512 authentication on SNMP devices is now supported
• API: modified some PUT routes to PATCH in Swagger/OpenAPI documentation
• Integrations: technologies without associated CVEs are now taken into account in corrective action integrations
• Kibana: the vulnerability modification dates are now referenced in the cve_computers index
• UX: you can now sort by project in the assets management views

Bugfixes:

• Alerts: fixed an issue with item retrieval in compliance rule alerts
• Compliance: fixed the script of rule ICS-WIN-5.1

14.7 (2025-05-14)

Highlighted features:

• Administration: introduction of a new project-based management system to distribute assets according to your organization’s specific requirements, while making administration and control of associated rights easier (preview) (preview) (preview)

New features:

• Authentication provider: added an option to deny connection requests from new SAML or OpenID Connect users
• Compliance: added CIS Windows Server 2025 Benchmark
• Scope:
  • Added support for Fedora 42
  • Added support for HPE Aruba Networking EdgeConnect devices
  • Added support for Microsoft Visual Studio
  • Added support for Puppet Agent on Windows
  • Added support for Ubuntu 25.04

Updated features and performance improvements:

• Agentless mode connection: improved the IP address detection for SNMP devices
• Agents: the installation interface now allows you to create or select an API key for adding agents
• Authentication provider: you can configure a parameter for the OpenID Connect authentication assurance level (ACR)
• Cloud: the wizard includes new options, such as the ability to automatically create an Amazon Elastic Kubernetes Service (EKS) or Azure Kubernetes Service (AKS) discovery when a cloud asset is added
• Cloud environment compliance: implemented and updated compliance rules for Microsoft Azure and Microsoft 365
• Corrective actions: improved the Windows Package Manager support to update third-party applications
• External tools: a log is now sent to the Syslog server when a vulnerability is fixed on an asset
• Stored credentials: you can authenticate using a certificate on Microsoft Entra ID

Bugfixes:

• Agentless mode connection: fixed a detection issue on Extreme Networks devices in SNMP
• Discoveries: fixed a problem with the registration of Docker images discovered during an Amazon Elastic Kubernetes Service (EKS) discovery
• Docker images: fixed an operating system detection problem in Docker images when scanning with the application’s native scanner
• Scanning engine: fixed a detection issue on Alpine Linux

14.6 (2025-04-07)

Highlighted features:

• Cloud: introduced a wizard to facilitate the use of Discoveries and Compliance features (preview)
• Cloud environment compliance: added Microsoft 365 compliance rules (preview)
• Corrective actions: added the Windows Package Manager support to update third-party applications (preview)
• Criticalities: integrated EPSS Version 4 into the vulnerability prioritization method called “3D prioritization”

Updated features and performance improvements:

• API: the /api/v3/cve_announcements route now also retrieves the vulnerabilities referenced in the CISA KEV and CERT-FR ALE catalogs
• Authentication provider: improved user experience for creating and configuring OpenID Connect or SAML providers, including an auto-suggestion function to assist in filling out attributes
• Cloud environment compliance: implemented new Google Cloud Platform compliance rules
• Discoveries: you can now report only powered-on virtual machines during a VMware vSphere discovery
• Exports: technology installation paths are now included in the patches list CSV exports
• External tools: improved error management in case the Syslog server is down
• Kibana: custom comments on a vulnerability are now referenced in the cve_announcements index
• Network targets and websites: implemented scan support for Ivanti and Palo Alto Networks network devices
• Performance: further global performance improvements for the application
• Scanning engine: improved analysis of Microsoft SQL Server applications

Bugfixes:

• Cloud environment compliance: fixed a migration issue related to updating compliance rules
• Corrective actions: you can once again deploy patches from the corrective actions page
• Ignoring policies: you can once again remove keywords when editing an ignoring policy
• Kibana: fixed an issue that could prevent security issues from being sent to Kibana
• Scanning engine: fixed detection issues on Palo Alto Networks devices

14.5.4 (2025-03-13)

This release contains critical fixes to address CVE-2025-25291 / CVE-2025-25292 / CVE-2025-25293.

14.5 (2025-02-24)

Highlighted features:

• API: new documentation interface (preview)
• Compliance: you can add a comment for a compliance rule (preview)
• Discoveries: added a Stormshield discovery (preview)

Updated features and performance improvements:

• Agentless mode connection: improved the creation of stored credentials set when adding a new connection
• Cloud environment compliance:
  • Implemented new Google Cloud Platform compliance rules
  • Improved and implemented new Microsoft Azure compliance rules
• Compliance:
  • Implemented CIS Red Hat OpenShift Benchmark
  • Improved and updated Active Directory checkpoints for CERTFR_AD analysis
• Details of a Compliance rule: you can also filter by status
• Details of a Corrective action: the related vulnerabilities tab has been removed
• Details of an Asset: you can now edit the connector of a cloud asset
• Network targets and websites: improved detection mechanisms for vulnerabilities related to directory traversal and file inclusion in web applications
• Discoveries: the project and region information can also be reported during a Google Cloud Platform discovery
• Scanning engine: improved the installed updates analysis on Windows assets
• Performance: improved search responsiveness by application

Bugfixes:

• Agentless mode connection:
  • Fixed a detection issue on SonicWall devices in SNMP
  • Fixed an application problem when adding a CyberArk Conjur connection
  • Fixed logins displaying problem on the edit form
• Compliance:
  • Fixed the script of rule ICS-WIN-4.2.1
  • Fixed the script of rule ICS-WIN-6.9
• Scanning engine:
  • Fixed on Mozilla Firefox patches versioning information
  • Fixed the Nginx application detection

14.4 (2025-01-27)

Application performance will be degraded if the machine hosting Cyberwatch has a Linux kernel lower than 4.0 (example: Red Hat 7 or CentOS 7), and a Docker version lower than 25.0. For more details on recommended configurations, please refer to the technical requirements.

Highlighted features:

• Cloud:
  • Updated Amazon Web Services compliance rules (preview)
  • Updated Google Cloud Platform compliance rules (preview)
  • Updated Microsoft Azure compliance rules (preview)
• Details of a Corrective action: added a section indicating Windows application details (preview)
• Performance: application global performance improvements

New features:

• Agentless mode connection:
  • Added a search bar to filter by asset, source, access protocol or address
  • Added a sortable column indicating the stored credential name of agentless mode connections
• Customization: you can customize the placeholders for comment sections
• Scope:
  • Added support for Alpine Linux 3.21
  • Added support for macOS 15

Updated features and performance improvements:

• API:
  • The /api/v3/assets/servers/{id} route now returns the date of first and last detection of technologies, as well as the ID of the scanning, deployment, reboot and ignoring policies assigned to the asset
  • The /api/v3/hosts and /api/v3/hosts/{id} routes now return the operating system names of discovered assets
  • The SBOM file uploading as air gap assets via the Cyberwatch API client is now supported
• Harbor and GitLab: the endpoint is now the same for the whole container scanner configurations defined in the application
• Scanning policies: the default execution frequency for Linux and Windows system metadata scans is now five days
• Scope:
  • Dynamic sending of Windows application data from the security database
  • Improved the Extreme Networks ExtremeSwitching devices support

Bugfixes:

• Alerts: fixed a problem preventing the filter selection when creating or editing an alert
• Assets rules: fixed an application problem that could occur when executing a rule applicable to multiple elements
• Compliance: fixed the script of SBP-LIN-01-002 rule
• Scanning engine:
  • Fixed a detection issue on HPE Aruba Networking
  • Fixed an analysis problem on VMware vCenter
  • Fixed an issue to detect the extended support presence on Red Hat systems
  • Fixed on Microsoft SharePoint Server (SharePoint On-Premise) patches versioning information

14.3 (2024-12-16)

Highlighted features:

• Assets inventory: the search bar now proposes finer filtering criteria for groups (preview)
• Discoveries: added a Red Hat OpenShift discovery (preview)

New features:

• Discoveries:
  • Added a Fortinet discovery
  • Added an Amazon ECR discovery
• Scope:
  • Added support for Dell EMC N4000 devices
  • Added support for Fedora 41
  • Added support for Jira
  • Added support for MikroTik CCR2004-1G-12S+2XS devices
  • Added support for OpenSUSE
  • Added support for Siemens SCALANCE XB-200 devices
  • Added support for Ubuntu 24.10
  • Added support for Windows Server 2025

Updated features and performance improvements:

• Discoveries: you can now restrict Kubernetes or OpenShift discoveries to a namespace
• Exports: the “CPE” column is added in the CSV technologies exports
• Scanning engine: improved the detection of applicative package versions on AlmaLinux

Bugfixes:

• Compliance:
  • Fixed the script of CIS-AWS-5.1 rule
  • Fixed the script of SBP-LIN-04-004 and SBP-LIN-02-005 rules
• Discovered assets: fixed a problem in the generated CSV exports, which could contain no elements at all
• Discoveries: fixed an application problem that could occur on some Cyberwatch instances during a network scan discovery
• Integrations: fixed an asset information sending problem on some compliance-related integration hook locations
• Vulnerabilities: fixed a problem where CVSS thresholds that had been configured were not taken into account

14.2 (2024-11-25)

Highlighted features:

• Docker images: image analysis in a GitLab pipeline is now possible (preview)
• Users: you can perform permission bulk edits (preview)

New features:

• API: the /api/v3/servers/{id}/export route can be used to get asset information in CycloneDX JSON or SPDX JSON SBOM format

Updated features and performance improvements:

• Agentless mode connection: the Forcepoint version 7 devices scan in SNMP is also supported
• Air gap assets: improved the detection of operating system and technologies in the SBOM files import feature as air gap assets
• Corrective actions: improvements in the presentation of corrective actions for the same technology
• Integrations: you can add an integration from the compliance rules encyclopedia, the corrective actions, the security issues encyclopedia, the vulnerability encyclopedia and the details of a corrective action
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 16
• Network targets and websites: the authentication by a Selenium script in target scanning is also supported
• Scanning engine:
  • Improved the Java application detection
  • Improved the Mozilla Firefox application detection
  • Improved the Python package detection
• Users: improved the permission information displayed in the user profile

Bugfixes:

• Agentless mode connection: fixed a detection issue on Aruba and HPE devices in SNMP
• Reports: fixed a problem where filters used to generate PDF reports were not taken into account
• Repositories: fixed a displaying error on the number of rules and associated assets with a repository
• Scanning engine: fixed a detection issue on Alpine Linux

14.1 (2024-10-28)

Highlighted features:

• Network targets and websites: cookie authentication in target scanning is now supported (preview)

New features:

• Compliance: added CIS Ubuntu 24.04 LTS Benchmark
• Exports: added the package_detected_at field in the current technologies JSON export indicating the date on which the technology was first detected. This data is also present in Kibana or Google BigQuery, in the computers_packages index
• Scope:
  • Added GitLab security advisories
  • Added security advisories from the CCN-CERT Spain
  • Added security advisories from the CERT Santé France
  • Added security advisories from the CSIRT Italy
  • Added support for Cisco Business 250 and 350 devices
  • Added support for Opengear devices

Updated features and performance improvements:

• Administration:
  • The “Vulnerabilities” tab settings of the “Customization” sub-menu have been moved to the “Vulnerabilities” sub-menu
  • The “Customization” sub-menu has been refactored
• Agentless mode connection: improvements on the HPE devices detection in SNMP
• Air gap assets:
  • Improvements on the feature of SBOM import files as air gap assets
  • UX improvements and fixes to prevent the execution of a deployment and restart policy on air gap assets
• API:
  • The /api/v3/assets/servers/{id} route now returns the CPEs of packages that have them
  • The /api/v3/servers/{id}/cve_announcements/{cve_code} route can also be used to add a comment for a vulnerability
• Assets inventory: UX improvements on the customization modal
• Corrective actions: you can also filter by package type
• Dashboard: improvements on the modals and widgets displaying
• Details of an Asset: UX improvements in the “Technologies” tab for adding Docker images
• Details of a Security issue: you can now filter by payload in the list of associated assets
• Discoveries:
  • A discovery modified during its execution is now relaunched with its new configuration
  • A Harbor robot account can also be used for a Harbor registry discovery
  • Improvements on the automatic registration in agentless mode connections
  • Improvements on the Kubernetes namespace discoveries
  • You can now interrupt a discovery in progress
• Exports: you can now set a size limit for an export sent by email
• Kibana:
  • Improvements in the visualization of the CVE evolution graph
  • The “CVE Specific Dashboard” is renamed to “Vulnerability monitoring”
• Network targets and websites: you can also define URLs that will be excluded from the scan
• Repositories: the view has been refactored
• Scanning engine: improvements on the Red Hat detection to take extended support versions into account
• Scope: improved the Android support

Bugfixes:

• Agentless mode connection: fixed a retrieval problem on the system name of Stormshield devices in SNMP
• Air gap assets: fixed a sorting problem on last analysis dates
• Assets rules: fixed a problem with the selection of values in the search bar that could lead to errors in the list of asset rules
• Details of an Asset: fixed a display problem that could occur in the “Compliance” tab when checking custom rules
• Discovered assets: fixed a displaying error that may occur on the list of unregistered assets
• Discoveries: fixed an application problem that could occur during an AWS discovery
• Network targets and websites: fixed an API routes retrieval problem when scanning the Swagger/OpenAPI documentation of a target in headless mode
• Kibana: fixed a problem with the cvss_v3_access_vector field in the computers_cves index
• Scanning engine:
  • Fixed a detection issue on Firefox ESR
  • Fixed a detection issue on VMware
  • Fixed an analysis problem on F5 devices
  • Fixed an analysis problem on Java
  • Fixed analysis and detection problems on Microsoft .NET Framework and Windows

14.0 (2024-09-18)

This version is a major release.

Highlighted features:

• Agentless mode connection and Discoveries: you can create an asset or register a discovered asset representing a Kubernetes project (preview) (preview)
• Air gap assets: the SBOM SPDX 2.3 JSON, CycloneDX v1.5 JSON and CycloneDX v1.6 JSON files can be imported as air gap assets
• Assets inventory: you can add customized columns to display asset metadata (preview)
• Criticalities: integration of the CISA’s Stakeholder-Specific Vulnerability Categorization (SSVC) system into the vulnerability prioritization method called “3D prioritization” (preview) (preview)
• Docker images: Cyberwatch now allows you to scan images natively with the 5.20 version of the orchestrator base
• Vulnerability encyclopedia: the CVSS 4.0 version is now integrated throughout the application (preview)

New features:

• Compliance: you can ignore a compliance rule
• Details of an Asset: you can select the columns to display in the “Vulnerabilities” tab including a sortable column indicating the contextual score (CVSS-BTE) and another for the SSVC decision
• Details of an Asset and Details of a Vulnerability:
  • You can add a comment for a vulnerability
  • You can ignore a vulnerability until a given date
• Discoveries:
  • Added a Proxmox discovery
  • You can create a group when creating a discovery
  • You can delete groups of discovered assets that have disappeared
• Harbor: added the support for the Scanner Adapter API new version, to run the SPDX SBOM generation of Docker images right from the Harbor web interface
• Scanning policies: you can duplicate an existing policy
• Scope:
  • Added end-of-life dates for PHP 8
  • Added support for Alpine Linux 3.20
  • Added support for Aruba 7005 devices
  • Added support for Fedora 40
  • Added support for Progress Kemp LoadMaster LM-X3 devices

Updated features and performance improvements:

• Agentless mode connection:
  • The IP addresses of SNMP device can now be reported on the application
  • The weak SNMP community strings configured on the device are now reported as a Security issue
• Alerts: added a dedicated page to see the items processed when an alert was last executed
• API:
  • Added reference and security_announcement fields in the /api/v3/cve_announcements route
  • The /api/v3/cve_announcements and /api/v3/cve_announcements/{id} routes now return the CVSS v2 or v3 vector and the CVSS v4 score of CVEs
  • The asset routes have been consolidated
• Assets: improved the patching deployment management
• Assets inventory: you can now reorder table columns
• Assets rules: you can now define opposite actions on rules
• Compliance rules encyclopedia: you can now filter by group
• Details of an Asset: the subnet mask is now reported in IP addresses
• Details of a Vulnerability: the information section now displays all CVSS scores available for a CVE
• Discoveries:
  • The discovery creation view for managing discovered assets has been refactored
  • You can now perform a namespace discovery for AKS, EKS and Kubernetes
• Discoveries and Docker images: the discovered images and assets with the same hash are now linked
• Docker images:
  • Improved the shell less Docker images scanning
  • UX improvements on Docker images presentation in the Assets inventory and their details
• Exports and Reports: CSV exports and PDF reports of Security issues now indicate the issues to be fixed
• Network targets and websites: improved the technology versions detection when scanning network ports
• Scanning engine:
  • Improved and fixed the SUSE detection
  • Improved the F5 devices detection
  • Linux application paths are now reported in the application
• Scanning policies:
  • Scanning frequencies are now configured in the policy details
  • UX improvements for associating a scan script and creating a custom analysis script
• Scanning, Deployment or Reboot policies: you can now specify a time zone when creating a policy
• UX: improved the creation and edition views of groups and repositories

Bugfixes:

• Agentless mode connection:
  • Fixed a detection problem on Aruba devices in SNMP
  • Fixed a patching deployment issue that could occur on some Linux assets
  • Fixed a problem that could lead to the display of duplicate Windows patches after restarting an analysis
  • Fixed a version retrieval problem on some Cisco devices in SNMP
• Air gap assets: fixed an issue to block the rebooting script execution on air gap assets
• Compliance:
  • Fixed an evaluation problem when multiple checks are performed on a rule
  • Fixed the script of ICS-WIN-8.2.3, SBP-LIN-01-004 and SBP-LIN-01-007 rules
• Harbor:
  • Fixed a problem with scanning Docker images not supported by the application
  • Fixed an application problem that could prevent the Docker images scanning
• Network targets and websites:
  • Fixed an analysis problem on some WordPress extensions and themes
  • Fixed an API routes retrieval problem when scanning the Swagger/OpenAPI documentation of a target
  • Fixed a problem preventing a target from being scanned from a Kubernetes node
• Scanning engine:
  • Fixed a detection issue on OpenVPN
  • Fixed a detection issue on Palo Alto devices
  • Fixed an analysis or a detection problem on Microsoft .NET Framework and Windows
  • Fixed on Mozilla Firefox ESR patches versioning information

13.12.1 (2024-09-13)

This release contains a critical fix to address CVE-2024-45409.

Bugfixes:

• Update the SAML library

13.12 (2024-07-11)

New features:

• Agentless mode connection: added a new Security issue type to indicate the SNMP devices using the default community
• Scope:
  • Added support for CloudLinux OS
  • Added support for Dell Command Configure
  • Added support for Dell Command Monitor

Updated features and performance improvements:

• Administration: the support identifier is now indicated in “About” page
• API: improved the codes and errors messages reporting
• Scanning engine: improved the filtering installation files method in the Windows user applications scan
• Scope: improved the Extreme Networks ExtremeSwitching devices support

Bugfixes:

• Details of an Asset: fixed the cancellation of global update schedules on an asset
• Discoveries:
  • Fixed a Docker image retrieval problem when discovering the Harbor registry
  • Fixed a problem related to the discoveries mandatory naming
• Network targets and websites: fixed a problem on the scan of the target API by providing the URL of its Swagger documentation
• Scanning engine: fixed a detection issue on SUSE packages
• Users: fixed a problem where some users with global access could lose their permissions
• Vulnerability encyclopedia: you can once again use the offline Vulnerability encyclopedia filter search bar

13.11 (2024-06-18)

Highlighted features:

• Alerts:
  • Alerts are now checked every hour
  • You can configure a minimum duration between the sending of two alerts (preview)
• Criticalities: you can now define the CVSS score type for prioritizing vulnerabilities (preview)

New features:

• Air gap assets: you can assign groups when importing assets
• Assets inventory and Details of an Asset: you can perform a global update of Windows and Linux systems
• Compliance: added Ubuntu 24.04 LTS to the Security_Best_Practices for Linux repository
• Scope:
  • Added support for M100V and C100V IronPort Cisco devices
  • Added support for S190 Cisco devices
• Users: you can close the remote user sessions

Updated features and performance improvements:

• Air gap assets: the asset “Last update” information now also takes into account the date of the last edition of declarative compliance data
• Alerts: you must now name your alerts
• API: the /api/v3/remote_accesses and /api/v3/remote_accesses/{id} routes now show the used stored credentials
• Compliance: updated multiple CIS Benchmarks
• Criticalities: updating a criticality automatically relaunches vulnerability scans on the related assets
• Discoveries: you must now name your discoveries, and the unnamed discoveries will be given a unique name when Cyberwatch is updated
• Exports:
  • Improved errors management in case of scheduled exports generation problem
  • The maximum EPSS score is now present in the CSV patches exports
  • The prioritized CVSS score and its type are now indicated in the CSV vulnerabilities exports
  • The “Statut” column is renamed to “État” in the French CSV exports
• MITRE ATT&CK: Cyberwatch now relies on attack techniques from ATT&CK version 15
• Network targets and websites: errors encountered during network port analysis are now reported in the application

Bugfixes:

• Authentication provider:
  • You can once again copy the client certificate in an OpenID Connect configuration
  • You can once again copy the Cyberwatch certificate in an SAML configuration
• Compliance:
  • Fixed the script of rule SBP-LIN-02-005
  • Fixed the script of rule SBP-LIN-03-003
  • Fixed the script of rule SBP-LIN-03-004
• Discoveries:
  • Fixed a Microsoft Azure assets registration problem in agentless mode connection via Azure API
  • Fixed an execution problem during the discovery of an Amazon Elastic Container Registry
• Scanning engine:
  • Fixed an analysis problem on Oracle Database 19c
  • Fixed an SNMP scan problem on some Cisco devices
• Reports: fixed a displaying problem in the annex of PDF executive reports
• UX: fixed options enabling or disabling problem when saving a stored credential

13.10 (2024-05-20)

Highlighted features:

• Details of an Asset: you can view, in the “Summary” tab, the vulnerabilities referenced in the CISA KEV and CERT-FR ALE catalogs (preview)
• Discoveries: you can automatically register discovered assets as a network target or website (preview)
• Vulnerability encyclopedia: added the summary of a CVE in the encyclopedia, as well as in the details. (preview) (preview)

New features:

• Administration: added an “English (US)” language using international date format
• Assets inventory: you can filter by discovery name in the search bar
• Details of an Asset: you can go directly, from the information section, to the discoveries associated with this asset
• Network targets and websites: added scan support for Harbor registry, and some Citrix Fortinet and Ubika network devices
• Scope:
  • Added Rocky Linux security advisories
  • Added support for Dell EMC Networking devices
  • Added support for Foxit PDF Editor
  • Added support for TensorFlow
  • Added support for Ubuntu 24.04
  • Added support for XnView Classic and XNView MP

Updated features and performance improvements:

• Agentless mode connection: improved connection errors management reported by the application
• API:
  • The /api/v3/exports route now returns more detailed information on the filters used when generating a report
  • The /api/v3/vulnerabilities/servers/{id} route now shows EPSS scores of the asset vulnerabilities
• Assets inventory: you can now search by address range in the search bar
• Compliance: updated Active Directory checkpoints for CERTFR_AD analysis
• Discoveries:
  • Docker images hashes and tags can now be reported during an Amazon EKS, Azure Kubernetes Service or Kubernetes discovery
  • Docker images tags can also be reported during a Harbor registry discovery
• Kibana: the information of attack paths and techniques are now referenced in the cve_announcements index
• Network targets and websites: the scan scope is now indicated in the target details
• Scanning engine:
  • Improvements on the Chromium and Google Chrome detection
  • The vulnerability assessment mode of Windows and Microsoft .NET Framework has been refactored
• UX:
  • A search performed from the search bar of the dashboard, the asset inventory the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia is automatically kept in recent queries
  • The Stored credentials creation form has been refactored

Bugfixes:

• Dashboard: fixed a problem that could lead to the display of duplicate widgets
• Details of a Vulnerability: fixed a 500 error that could prevent some CVEs displaying
• Reports: fixed a PDF reports displaying problem with Adobe Reader
• Scanning engine:
  • Fixed a detection problem on Fortinet devices
  • Fixed a detection problem that could occur on some Jira Server versions
  • Fixed an analysis problem on Stormshield devices

13.9 (2024-04-22)

Highlighted features:

• Alerts: added a dedicated page to see all sent alerts (preview)
• Network targets and websites: you can scan the target API by providing the URL of its Swagger documentation (preview)

New features:

• Scope:
  • Added support for CISCO Firepower devices
  • Added support for Extreme Networks ExtremeSwitching devices
  • Added support for NetApp ONTAP devices
  • Added support for Zimbra Collaboration
• Reports: you can custom the disclaimer

Updated features and performance improvements:

• API: the /api/v3/users/{id} route now shows whether a user is active in the application
• Criticalities: you can now prioritize asset vulnerabilities using only the full CVSS score criterion (CVSS-BTE)
• Details of an Asset: when an ignoring policy is modified or deleted the vulnerability list to consider is now automatically refreshed
• Discoveries: the Assets discoveries view has been refactored
• Docker images: labels in metadata are now retrieved with the Docker API latest version
• Network targets and websites: pages scanned during a target scan are now indicated in analysis reports
• Scanning engine: improvements on the Schneider Electric Modicon devices detection

Bugfixes:

• Compliance:
  • Fixed a rule creation problem that could occur with some operating systems
  • Fixed an infinite scanning problem that could occur on a CERTFR_AD analysis
  • Fixed the script of ICS-LIN-12.5.2 rule
• Discoveries: Kubernetes discoveries now assign all their namespaces to assets using metadata
• Kibana: multiple fixes
• Network targets and websites: fixed detection problems that could occur on some CMS
• Scanning engine:
  • Fixed a detection problem on Microsoft SharePoint Server (SharePoint On-Premise)
  • Fixed an analysis problem on Fortinet devices
  • Fixed on Microsoft .NET Framework versioning installed on an asset

13.8 (2024-03-25)

Highlighted features:

• Alerts: you can create alerts from the discovered assets view to highlight new identified assets (preview)
• Network targets and websites: added security issues on the certificate expiration of the target (preview)
• Scanning engine: Cyberwatch now relies on CNA data for vulnerability analysis

New features:

• Compliance: added and updated multiple CIS Benchmarks
• Reports: you can generate a PDF report for a corrective action
• Scope:
  • Added end-of-life dates for Ruby
  • Added support for AnyDesk
  • Added support for Foxit PDF Reader
• Stored credentials: added support for CyberArk Central Credential Provider, for agentless mode connections

Updated features and performance improvements:

• Activities: actions related to asset policies are now logged
• Details of a Corrective action: you can sort by version in the related assets table
• Discovered assets: selectors have been replaced by a filter search bar
• Discoveries: you can now use the certificate authentication mode for Kubernetes discoveries
• Exports and Reports:
  • Added an option to block unauthenticated access to exports and reports from email
  • You can now disable the mailing feature
• Harbor: you can now define a permanent credential on the Harbor scanner, to launch the Docker images analysis from Cyberwatch and not only from Harbor
• Network targets and websites: the headless mode is now enabled by default when a new scanning policy is created
• Scanning engine: improved the scanning execution states management on Docker and Cloud assets
• Users: multiple UX improvements on the users list

Bugfixes:

• Agentless mode connection:
  • Fixed a Microsoft Azure API connection creation problem
  • Fixed a problem where the login could be lost when creating a connection
• Compliance: fixed the script of SBP-LIN-04-005 rule
• Network targets and websites: fixed the feature to sort by last connection error
• Scanning engine:
  • Fixed an analysis problem on Adobe Acrobat Standard
  • Fixed an analysis problem on some Microsoft Office versions
  • Fixed an analysis problem on Zoom
  • Fixed a detection issue on Fortinet devices
  • Fixed a detection issue on Java
  • Fixed a detection issue on SUSE 12 SP5 packages
  • Fixed an SNMP scan problem that could occur on some network devices
• Security issues encyclopedia: the filters of the search bar are once again considered in the generated PDF reports

13.7 (2024-02-19)

Highlighted features:

• Alerts: multiple improvements (preview)
• Discoveries: added a discovery to retrieve running Docker images on Linux assets (preview)
• UX: you can create a saved query from a recent search, from the search bar of the dashboard the asset inventory, the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia (preview)

New features:

• API: the /api/v3/vulnerabilities/servers/info route is now documented and can be used to get the raw export of an asset
• Exports: added the OS column in the discoveries CSV exports
• Scope:
  • Added Ethernet-IP protocol support for monitoring industrial devices
  • Added security advisories from the CERT-EU
  • Added support for Allen Bradley Rockwell Automation devices
  • Added support for Devolutions Remote Desktop Manager
  • Added support for Fortinet FortiMail devices
  • Added support for Schneider Electric EcoStruxure Control Expert
  • Added support for Siemens SIMATIC applications
  • Added support for Ucopia devices
• Vulnerability encyclopedia: added a tooltip when hovering over a CVE to display its summary

Updated features and performance improvements:

• Assets inventory: you can now sort by description
• API: the /api/v3/assets/servers/{id} now shows whether an application is part of the asset history or if it is currently detected
• Discoveries: The «Automatic registration of discovered assets» configuration has been refactored
• Docker images: the Docker applicative package scanning script now supports NPM 9, NPM 10 and Yarn 4
• Identity Providers: you can now use a self-signed certificate for the SAML identity provider metadata URL
• Network targets and websites: the AES-CBC encryption algorithm is now considered obsolete
• Scanning engine:
  • Improved on Windows user applications versioning installed on an asset
  • Improved performances of the vulnerabilities analysis
• UX:
  • Improved application error notifications
  • You can also view the five most recent searches in the search bar of the dashboard the vulnerability encyclopedia, the corrective actions, the security issues encyclopedia and the compliance rules encyclopedia

Bugfixes:

• API: you can once again import the Swagger documentation on API clients
• Detail of an Asset: fixed a displaying error that may occur on the status of security issues associated to an asset
• Discoveries: fixed some information reported in the Microsoft Azure discoveries
• Docker images: fixed a Docker images analysis problem from Amazon Elastic Container Registry
• Reports: fixed a displaying problem on some characters in the PDF reports of a compliance rule
• Scanning engine:
  • Fixed a detection issue on Ivanti Connect Secure
  • Fixed a package detection issue on VMWare Workstation
  • Fixed an analysis problem on Fortinet Fortigate devices
  • Fixed detection issues on Amazon Linux 1 and Amazon Linux 2

---

Table of contents

• Changelog of the base of the orchestrator
• Changelog of the Cyberwatch agent
• Changelog of the Helm Chart
• Release frequency and support lifecycle of updates