New

• We added checks for CVE-2019-19781 against Citrix ADC (formerly known as NetScaler).
• Microsoft Patch Tuesday coverage: This release includes updated scan coverage for January 2020.

Improvements

• We added checks to flag the following End-of-Life operating systems: Windows 7, Server 2008, and Server 2008 R2.
• We improved authenticated scan performance with the RPM package management system.
• We updated the built-in X.509 certificate store used by certificate-related checks.

Fixes

• SAML 2.0 authentication source configurations in the Security Console will no longer break if you or your users attempt to log in through your Identity Provider while the console is still initializing. Prior to this fix, failed single sign-on attempts would require a reconfiguration of the SAML authentication source altogether. With this change, single sign-on attempts to Security Consoles that have not yet fully initialized will redirect users to a status page indicating initialization progress so they know when to try logging in again.
• We fixed a false positive issue with our CVE-2019-11510 check.
• We fixed several false positives in our CentOS coverage by correcting the package versions used by the checks.
• We fixed an issue with Microsoft IIS policy scans that would cause an error if unexpected characters were found at the beginning of configuration files.
• Nexpose will no longer fingerprint Microsoft Office Developer tools for Visual Studio as Microsoft Office 2007.