Release notes

Recent runZero release notes

4.0.250117.0

2025-01-17

• Operating System End of Life (EoL) coverage and accuracy has been improved.
• Fingerprint improvements.

4.0.250116.0

2025-01-16

• Layer 2 topology calculations have been improved.
• The task details page has been improved.
• The asset details page now includes the date the asset record was created in the runZero database. This information is also available via a new optional column in the asset inventory.
• Intune integration performance has been improved.
• Operating System End of Life (EoL) information is now available for Linux Mint.
• Credentials are now allowed to be re-used across multiple recurring tasks. runZero still recommends limiting credentials to a single recurring tasks in most situations to avoid duplicate asset ingestion.
• An issue that could result in inaccurate query metric representation on the dashboard has been resolved.
• An issue that prevented the Meraki integration from paginating Meraki resources has been resolved.
• An issue that caused the NO_PROXY environment variable to be ignored on self-hosted consoles has been resolved.
• Fingerprint improvements.

This release also includes the following fixes for low-severity findings from our annual third-party source code audit and security assessment:

• An issue that allowed Explorer information to be listed across organizations within the same tenant if the requester had knowledge of the Explorer’s ID has been resolved.

4.0.250113.0

2025-01-13

• Vulnerability reporting from the Inside Out Attack Surface Management feature is more accurate and adjusted for severity based on the type of exposure.
• Fingerprinting devices via the Matter IoT protocol is now supported.
• The Service Location Protocol (SLP) is now supported for device probing.
• The Tenable integration now records MAC addresses even if they don’t have an associated IP address.
• Unmapped MACs are now grouped by interface in the Layer2 information section of the asset details page.
• A flatten_json module with a flatten method can be used when authoring Custom Integration Scripts.
• An issue that prevented organization roles from being saved when creating or updating a group via the API has been resolved.
• An issue that prevented ingesting some assets from Tanium has been resolved.
• An issue that impacted the ability to retry timed-out requests in some connectors has been resolved.
• An issue that could cause a task to repeatedly retry when the task data was improperly formatted has been resolved.
• An issue that prevented setting some asset values in custom integration scripts has been resolved.
• An issue that prevented selecting ‘no parent’ when editing a project with a consulting license has been resolved.
• Fingerprint improvements.

4.0.250106.0

2025-01-06

• Custom Integration Scripts can now run directly on runZero Explorers and be triggered by runZero tasks. To learn more, see our custom integration scripts documentation.
• Vulnerability records are now created for potentially exposed internal assets (Inside Out Attack Surface Management) and misuse of shared encryption keys.
• AWS integration task configuration forms have a new look and feel.
• An issue that could result in a scanning deadlock when using maximum scan durations has been resolved.
• Fingerprint improvements.

4.0.241223.0

2024-12-23

• An issue that would cause devices discovered by the Tenable integration to not properly merge has been resolved.
• An issue that caused the list of Explorers to not be sorted correctly when configuring alert rules has been resolved.
• Fingerprint improvements.

4.0.241219.2

2024-12-19

• The runZero CLI is now available for download for all license tiers. Specific functionality is still based on your license and entitlements.
• Integrations run through an Explorer now use proxy settings in all cases.
• Explorer upgrades now strictly validate versions and update URLs.
• Added export APIs for export tasks.
• Scan tasks created via console now support an optional scan duration limit.
• The Getting Started Guide has been revamped with additional content.
• Intune logging has been improved.
• Custom multi-query widgets’ data sources list can now be reordered with drag and drop.
• An issue preventing users from changing their name or email when SSO is required but the user is not enrolled in SSO has been resolved.
• An issue that could cause the alert rule inventory query preview button to unexpectedly URL-encode search strings has been resolved.
• Fingerprint improvements.

4.0.241217.0

2024-12-17

• Merge avoidance logic for integration data has been improved.
• An issue that would cause all software for the entire organization to be displayed in the software section of the asset screen has been fixed.
• An issue that caused the “Copy as a new scan template” button to be displayed for tasks that the action is not available for has been resolved.
• An issue where stale IP addresses resolved through DNS were not periodically removed was resolved.
• Fingerprint improvements.

4.0.241213.0

2024-12-13

• An issue that would cause exporting software without a filter to fail has been fixed.
• An issue that caused an application error when uploading an invalid IDP metadata.xml in SSO Settings has been fixed.
• Fingerprint improvements.

4.0.241212.0

2024-12-12

• Alert rules for inventory query event types now include a button to preview the configured query in the inventory.
• The loading overlay on the data tables throughout the product has been improved for more clarity.
• An issue that prevented the delivery of scan alerts through Slack has been resolved.
• An issue where the alert error tooltip message wasn’t being rendered has been resolved.
• An issue preventing the discovery scope field on the task inspection card from appearing has been resolved.
• An issue causing the task inspection card to sometimes take longer than expected to load has been resolved.
• An issue that prevented Wiz connectors from working with Wiz API credentials scoped to specific projects has been resolved.
• Fingerprint improvements.

4.0.241210.0

2024-12-10

• An issue that caused some event rules, channels and templates to be hidden has been resolved.
• An issue that prevented alert rules from saving the query condition has been resolved.
• An issue that prevented event templates, channels, and rules from being removed when an organization is removed has been resolved.
• An issue that prevented some form “Back” buttons from functioning correctly has been resolved.
• Fingerprint improvements.

4.0.241209.1

2024-12-09

• The navigation menus have been redesigned for ease of use. User settings and sign out buttons are now located in the top right of the application.
• Alerts, rules, channels and templates are now scoped to one or more organizations allowing organization-level users to edit alert rules. See our alerts documentation for more information.
• Asset merge avoidance logic for custom integration data has been improved.
• A bug in merge logic for Tenable Security Center data has been resolved.
• Fingerprint improvements.

4.0.241206.0

2024-12-06

• An issue that prevented some forms from functioning correctly has been resolved.

4.0.241205.1

2024-12-05

• An issue that prevented some dashboard drill down pages from displaying has been resolved.

4.0.241205.0

2024-12-05

• Scans now probe Palo Alto firewalls for ARP cache information.
• A bug that allowed configuring the Wiz integration with no API URL has been resolved.
• A bug in hostname collection that could result in invalid asset hostnames and mergers has been resolved.

Our annual third-party source code audit and security assessment is in progress. This release includes fixes for the following issues:

• Content-Security-Policy headers have been made more strict.
• An XSS vulnerability was identified in the Asset Ownership form.
• A few minor weaknesses were identified in the password reset flow.

4.0.241203.0

2024-12-03

• Assets discovered via CIP backplane enumeration are now better displayed.
• Scan discovery scope has been added to the task inspection card on the task overview page.
• Improved discoverability of Fortinet appliances using the FortiGate to FortiManager (FGFM) protocol.
• Detection of bulk responses from Fortinet network filtering and interception products has been improved.
• An issue which delayed sample tasks from starting once a scan completed has been fixed.
• An issue that prevented exporting asset attribute reports for foreign attributes has been fixed.
• An issue that caused Tenable tasks to occasionally ignore their filter settings has been resolved.
• An issue that could cause inconsistent task inspection card state on the task overview page has been resolved.
• An issue that could cause Explorers with identical host IDs to replace Explorers in another organization has been resolved.
• An issue that could cause invalid events to be shown on the events page has been resolved.
• An issue resulting in assets retaining invalid serial numbers from filtered services has been resolved.
• Fingerprint improvements.

4.0.241125.0

2024-11-25

• Fingerprint improvements.

4.0.241123.0

2024-11-23

• A bug that could result in excessive error reporting under low memory conditions has been resolved.
• Fingerprint improvements.

4.0.241122.0

2024-11-22

• Assets with more than 128 ports open are no longer excluded from asset lists.
• The load time of dashboards when assets have many tags has been improved.
• The speed of loading the explorers list has been improved.
• An issue that would cause tasks to report spurious download errors has been corrected.
• An issue that could prevent rDNS names from being assigned as an asset name has been resolved.
• Fingerprint improvements.

4.0.241120.0

2024-11-20

• Tenable merge rules have been refined to reduce duplicate assets.
• Connection-related error messages for the Active Directory (LDAP) integration have been improved.
• Fingerprint improvements.

4.0.241118.0

2024-11-18

• Intune data collection speed has been improved.
• Qualys integration logging has been improved.
• A bug occasionally causing unprocessed sample tasks to overload the task queue has been fixed.
• Fingerprint improvements.

4.0.241114.0

2024-11-14

• runZero now supports the Hikvision SADP protocol.
• Microsoft Azure and Intune connections now complete faster.
• Recent tasks can now be easily reprocessed to take advantage of updates to asset merge logic.
• An issue that could prevent Shodan devices from being merged into existing assets has been resolved.
• An issue that could cause explorers to unregister due to operational issues with runZero’s platform has been resolved.
• An issue that caused api-export events to be logged as api-organization events has been fixed. The api-export events generated between versions 4.0.241022.0 and 4.0.241114.0 were logged as api-organization events.
• Fingerprint improvements.

4.0.241109.0

2024-11-09

• A bug that could prevent Qualys jobs from completing in some cases has been resolved.
• Fingerprint improvements.

4.0.241106.0

2024-11-06

• An issue that could cause Assets to have duplicate foreign data attribute sets has been resolved.
• The CLI scanner --output-raw option now produces gzipped output and disables output directory creation.
• The CLI scanner now supports the link4 and link6 scan targets for local network ranges.
• The CLI scanner help output now omits redundant host-ping/subnet-ping options.
• Fingerprint improvements.

4.0.241101.2

2024-11-01

• A bug that could prevent enumeration of buggy TLS ECDH implementations has been resolved.
• The scanner now reports SNMP interface aliases in addition to names.

4.0.241101.1

2024-11-01

• An issue that would prevent assets scanned over certain VPNs from merging correctly has been resolved.

4.0.241101.0

2024-11-01

• The event details modal now displays links to source and target objects.
• The events data grid page now includes an Organization column.
• The Tanium integration now retrieves endpoints’ Custom Tags when available.
• The switch topology export options have been expanded to include the entire graph.
• IP address ingestion via the CrowdStrike integration has been improved.
• The metrics recalculation actions found on the task overview and dashboard have been improved.
• Fingerprint improvements.

4.0.241029.0

2024-10-29

• An issue that could cause the GCP integration to attempt to retrieve resources from deleted projects has been resolved.
• Fingerprinting of Comtrol IO-Link devices is now supported.
• The FortiGate to FortiManager (FGFM) protocol is now supported for asset discovery.
• Fingerprint improvements.

4.0.241025.0

2024-10-25

• Enhanced the task details page view for recurring tasks.
• Information about whether individual users are required to use SSO is now displayed more clearly.
• An issue involving processing of UTF-8 BOM sequences in CSV files has been resolved.
• An issue causing broken links in the Switch Topology report has been resolved.
• An issue preventing access to the standard query library from the EU region has been resolved.
• An issue that could cause assets with stale service data to be fingerprinted incorrectly has been resolved.
• Fingerprint improvements.

4.0.241023.0

2024-10-23

• Backplane enumeration of OT devices using CIP over EtherNet/IP is now supported.
• CSV exports can now include Unicode characters.
• An issue that caused an error after editing organization settings has been fixed.
• An issue that prevented “SSO Required” login restrictions from being enforced on existing user accounts has been resolved.

4.0.241022.0

2024-10-22

• runZero now supports the creation of multiple export tokens.
• Newly created export tokens now show creation information and allow setting a description.
• Windows binaries are now exclusively signed with our runZero code signing certificate. The old Rumble code signing certificate has been retired.
• The service inventory view “Summary” column has been renamed “Service response” to better represent the data.
• A bug involving use of asset tags in alert templates has been fixed.
• A bug in parsing tags set to have no value has been fixed.
• A bug causing tags to get dropped from event rule data has been fixed.
• A bug in formatting tag changes in the event log has been fixed.
• A bug that prevented very long Explorer names from being fully visible on the Explorer details page has been resolved.
• A bug impacting fingerprinting when an asset had certain integration sources has been resolved.
• A bug in asset hostname collection from integration data has been resolved.
• A bug causing Windows Subsystem for Linux (WSL) guests observed in MS 365 Defender data to be merged with their hosts has been resolved.
• Merge avoidance logic for integration data has been improved.
• Merge logic improvements.
• Fingerprint improvements.

4.0.241016.0

2024-10-16

• An issue causing current organization to be inconsistent when opening links in the console has been resolved.
• An issue causing the task card on the Explorer details page to show tasks from other Explorers when multiple Explorers with the same name are present in the organization has been resolved.
• An issue involving email invites from users with punctuation characters in their names was fixed.
• An issue that prevented exporting vulnerabilities from the UI when filtering by site has been resolved.
• An issue that prevented viewing recurring task details when no subtasks existed has been resolved.
• Fingerprint improvements.

4.0.241015.0

2024-10-15

• runZero now integrates with NetBox.
• Added new duration and average duration columns to the Completed and Recurring task list pages. This allows viewing and sorting tasks by duration.
• Added a quick link to login with SSO for self-hosted installs.
• The dashboard menu now includes an option to recalculate dashboard metrics.
• Individual assets can now be refingerprinted using the latest fingerprint database directly from the asset details page.
• A bug preventing users from being redirected to a newly-created organization or project after creating one has been resolved.
• A bug preventing the “Switch to” button in the organization table from working has been resolved.
• An issue causing invalid asset links in the organization comparison report has been resolved.
• Fingerprint improvements.

4.0.241010.0

2024-10-10

• An issue that prevented logging in via SSO when a first name or last name was missing has been resolved.
• An issue that allowed clicking on disabled project settings has been resolved.
• Fingerprint improvements.

4.0.241009.0

2024-10-09

• The active console region is now displayed on the login page.
• Improved memory efficiency when exporting assets to Splunk via the runZero Splunk Add-on (requires v3.1.0 or greater of the add-on).
• A bug preventing querying for assets with multiple CVE matches from the vulnerability inventory page has been resolved.
• Explorers older than v4.0 have been phased out and can no longer connect to the console.
• Fingerprint improvements.

4.0.241003.0

2024-10-03

• A bug resulting in incorrect Software Inventory population in certain limited situations has been resolved.
• A bug resulting in incorrect asset Type assertions in limited situations has been resolved.
• Fingerprinting of Apple macOS from CrowdStrike data has been improved.
• Merge logic improvements.
• Fingerprint improvements.

4.0.241001.0

2024-10-01

• An issue that prevented NOT and OR operators in queries on the site/organization report has been resolved.
• A bug resulting in incorrect Operating System End of Life (EoL) values for Red Hat Enterprise Linux has been resolved.
• A bug that could require some users to enter their email address twice on login has been resolved.
• A new search keyword first_seen_task allows searching for assets first seen by a particular task.
• The serial number coverage in the asset CSV export was expanded to include additional protocols and devices.
• Fingerprint improvements.

4.0.240927.0

2024-09-27

• Explorer TLS settings are now configurable via TLS_VERSION_MIN and TLS_VERSION_MAX parameters.
• Software and Vulnerability inventory queries can now be saved to the query library.
• Vulnerability groups now support searching by site ID or site name.
• A bug that prevented the task status icon and associated error/warning logs from updating when selecting different tasks has been resolved.
• Merge logic improvements.
• Fingerprint improvements.

4.0.240926.0

2024-09-26

• runZero scans now include the CUPS (IPP) Browser protocol as a new probe on UDP/631.
• A bug that could lead to incorrect matching between Tenable sources has been resolved.
• Any error messages from the SSO process are now prominently displayed.
• Fingerprint improvements.

4.0.240925.0

2024-09-25

• A bug resulting in malformed query when pivoting from grouped vulnerabilities with multiple CVEs has been resolved.
• A bug that resulted in sending invalid JSON in some events that reference organization.id or site.id has been resolved.
• A bug that could cause Wiz connections to report that results were not found even when using correct service account credentials has been resolved.
• Fingerprint improvements.

4.0.240924.1

2024-09-24

• A bug that could lead to an error message in scan logs from short rpcbind replies has been resolved.
• The Site ID and Organization ID fields in event messages are now formatted as strings and not byte arrays.

4.0.240924.0

2024-09-24

• A bug causing single-sign-on to fail with the error “Email address … is already in use” has been resolved.
• A bug preventing the OS CPE value from being displayed in the Asset inventory has been resolved.
• The Oracle Solaris Service Tag protocol is now supported for asset discovery.
• Fingerprint improvements.

4.0.240923.0

2024-09-23

• Introduced a new login screen.
• runZero now integrates with Tanium API Gateway.
• The API now supports the bulk removal of a custom integration source from a list of assets.
• Begin signing Windows binaries with our new runZero, Inc. code signing certificate. We are currently dual signing with the old and new certificates.
• The speed of navigating to subsequent pages in inventory tables has been improved.
• Improved performance of the Wiz integration.
• Minor UI enhancement to better provide event rule errors via tooltip within table.
• An issue preventing event channels from displaying in the Channels list if the user who created them no longer exists has been resolved.
• Upgraded npcap to v1.80.
• A bug that could prevent Wiz vulnerability data from being processed has been resolved.
• A bug in UUID handling in event rules was fixed.
• A bug that prevented importing some Wiz assets that were created more than 180 days ago has been resolved.
• A bug that resulted in incorrect directory user and group membership counts has been resolved.
• The Wiz integration now properly syncs when the Wiz Service Account credential is limited to specific projects.
• Fingerprint improvements.

4.0.240921.0

2024-09-21

• Merge logic improvements.
• Fingerprint improvements.

4.0.240919.0

2024-09-19

• Merge logic improvements.
• Fingerprint improvements.

4.0.240918.0

2024-09-18

• A race condition that could lead to incorrect asset matching has been resolved.
• A bug that could lead to integration attributes not being updated has been resolved.
• A bug that prevented all-organization admins from managing alerts has been resolved.
• The PCWORX protocol is now supported.
• Fingerprint improvements.

4.0.240917.2

2024-09-17

• An issue that could cause Crowdstrike tasks to fail and retry has been fixed.
• Fingerprint improvements.

4.0.240917.1

2024-09-17

• runZero now integrates with Microsoft Endpoint Configuration Manager (MECM).
• The self-hosted platform now supports ARM64 (aarch64) on Linux.
• Imported scan data now reports the correct scan times in the task view.
• CrowdStrike device last seen fields can now be queried as relative timestamps.
• The performance of the CrowdStrike integration has been improved.
• A bug that could prevent self-hosted from installing on newer versions of Alma Linux has been resolved.
• A bug in the display of the access summary of some users has been resolved.
• A bug that prevented querying directory user and group attributes with relative time queries has been fixed.
• Fingerprint improvements.

4.0.240910.2

2024-09-10

• An issue that could prevent login link authentication from working has been resolved.
• An issue that left temporary files in Explorer temp directories has been resolved.
• An issue that prevented My Orgs from working with a large number of organizations has been resolved.

4.0.240909.0

2024-09-09

• The login process has been redesigned for a smoother user experience.
• An issue that could cause confusing navigation behavior when viewing different organizations in separate browser tabs has been resolved.
• Merge logic improvements.
• Fingerprint improvements.

4.0.240907.0

2024-09-07

• Asset correlation has been improved for Meraki, ChromeOS, and SentinelOne sources.
• Fingerprint improvements.

4.0.240904.1

2024-09-04

• An issue that could result in tasks that import software records failing has been fixed.

4.0.240904.0

2024-09-04

• A bug that could cause daily recurring tasks to incorrectly be scheduled after modification has been resolved.
• Assets can now be identified using the Automatic Tank Gauge protocol.
• Fingerprinting of Dell iDRAC devices has been improved.
• The RFC1918 scan options are now available from the RFC 1918 reports page.
• Asset merging logic has been improved.
• Performance of foreign data integrations has been improved.
• Fingerprint improvements.

4.0.240902.0

2024-09-02

• An issue that could lead to incorrect correlation due to hardcoded device-side MAC addresses has been resolved.
• Bogus network responses for PPTP and FTP services are now ignored.
• Fingerprint improvements.

4.0.240829.0

2024-08-29

• An issue with certain versions of Chrome that could cause the creation of large numbers of temporary files has been fixed.
• A bug that could result in setting an incorrect asset Type based on integration data has been resolved.
• An issue that could cause recurring tasks to create a new subtask when modifying properties other than “Start time” or “Scan frequency” has been resolved.
• Time and date values in searches now support relative times in more cases.
• Improved handling of API request retries for integrations.
• JSON alert templates now render arrays and objects as JSON arrays and JSON objects, without needing to loop through fields or values.
• Fingerprint improvements.

4.0.240826.0

2024-08-26

• A bug that could cause custom integration attributes to be deleted during asset merging has been fixed.
• A bug that could result in large numbers of attributes attached to assets in some situations has been fixed.
• The performance of the CrowdStrike integration has been improved.
• Fingerprint improvements.

4.0.240825.1

2024-08-25

• A bug that could result in integration source attributes not aging out during merges has been resolved.

4.0.240825.0

2024-08-25

• Scan and passive discovery tasks now complete faster for large sites.
• CrowdStrike integration tasks now complete faster.
• Fingerprint improvements.

4.0.240822.0

2024-08-22

• Operating System End of Life (EoL) coverage has been improved for Cisco IOS XE, IBM AIX, Juniper Junos OS, and Palo Alto Networks PAN-OS.
• Integration-source asset processing now avoids matching assets with excessive attribute sets.
• Self-hosted installations now track performance profiles per task automatically.
• The asset inventory now supports the foreign_attribute_count keyword.
• Fingerprint improvements.

4.0.240820.0

2024-08-20

• A new system query for assets past OS Extended End of Life has been added to the library.
• Passive sampling tasks can now identify Avast, Bitdefender, Carbon Black, ESET, Kaspersky, McAfee, SentinelOne, and Trellix AV/EDR products.
• The Alerts page has been redesigned for ease of use.
• Asset merging performance has been improved.
• Fingerprint improvements.

4.0.240817.0

2024-08-17

• A bug that could result in bad matches due to blank foreign IDs has been resolved. Assets that had conflicting source data due to blank foreign ID matching will rebuild as part of normal job processing.

4.0.240816.0

2024-08-16

• The self-hosted installer now supports custom installation and temporary directory paths.
• The self-hosted installer now supports systems with disabled or restricted sudo.
• The self-hosted console now supports text-format logging via the LOG_FORMAT=text configuration parameter.
• Asset merging performance has been improved.
• Fingerprint improvements.

4.0.240814.0

2024-08-14

• The Meraki integration now supports filtering the imported assets by organization name and/or ID.
• The Qualys integration now supports filtering the imported assets by tags.
• The Operating System icons in the Asset Inventory view have been improved.
• License utilization is now available as a percentage on the license information page.
• Directory group CSV exports now include the directory_group_user_count field at the end of the existing column set.
• The Switch topology report has been redesigned for ease of use.
• A bug that could cause multi-homed hosts to be missing links in the Switch topology report has been resolved.
• Fingerprinting logic has been improved so as to better account for certain source combinations.
• Fingerprint improvements.

4.0.240811.0

2024-08-11

• A bug that prevented software vendor searches by prefix with wildcards from working was fixed.
• Fingerprint improvements.

4.0.240809.0

2024-08-09

• The Alert Templates page has been redesigned for ease of use.
• A bug which caused valid JSON event rule templates to be rejected has been fixed.
• A bug causing MAC and IP address mapping information to be dropped from custom integration device data was fixed.
• Fingerprint improvements.

4.0.240807.0

2024-08-07

• The Alert Rules page has been redesigned for ease of use.
• Fingerprint improvements.

4.0.240803.0

2024-08-03

• Azure and GCP subscription IDs are now also stored in the top-level asset attributes.
• Fingerprint improvements.

4.0.240802.0

2024-08-02

• A bug that could prevent the Tenable Security Center from importing data has been resolved.
• The dashboard now supports filtering trending widgets by a customizable date range.
• Improved detection of invalid services.
• Fingerprint improvements.

4.0.240731.1

2024-07-31

• A bug that could lead to HTTP service data ordering being incorrect has been resolved.

4.0.240731.0

2024-07-31

• A bug that could reduce performance of large task processing has been resolved.
• Fingerprint improvements.

4.0.240730.0

2024-07-30

• Fingerprint improvements.

4.0.240729.1

2024-07-29

• A bug that could prevent the CrowdStrike integration from running from an Explorer has been resolved.
• The matching engine for integration-sourced assets is now faster, more accurate, and better at merging related devices.
• SSH enumeration now results in more consistently-named fields.

4.0.240729.0

2024-07-29

• The Meraki integration now supports filtering by VLAN and SSID.
• Fingerprint improvements.

4.0.240727.0

2024-07-27

• A bug that prevented vulnerability group exports from applying the search filter has been resolved.
• SSH enumeration now captures all host keys as well as server extensions.
• Fingerprint improvements.

4.0.240726.0

2024-07-26

• A bug that prevented checkbox states from persisting in some cases has been resolved.
• Fingerprint improvements.

4.0.240725.0

2024-07-25

• Discovery of devices using the TwinCAT ADS protocol is now supported.
• Asset risk, vulnerability, and outlier fields are now available for use in Event templates.
• Temporary directory selection for Explorers has been improved.
• A bug preventing the display of integration data fetch durations has been resolved.
• Fingerprint improvements.

4.0.240722.0

2024-07-22

• A bug that could result in vulnerabilites not being calculated when software entries were not present has been fixed.
• Name-based asset matching has been significantly improved and now uses more sources and trusts PTR records less.
• Fingerprint improvements.

4.0.240719.0

2024-07-19

• A bug regarding the Tenable Security Center integration risk filter has been resolved.
• Merging of VMware assets has been improved.
• Fingerprint improvements.

4.0.240718.0

2024-07-18

• A bug that caused the Goals Overview dashboard widget to display an incorrect number of days worth of data instead of the selected timeframe has been resolved.
• Network topology calculation is now faster and runs as part of the metrics analysis task and not inline with normal task processing.
• Additional Crowdstrike device data is available for users with access to Crowdstrike’s Discover API.
• CrowdStrike, InTune, Tenable, and Wiz integrations are now faster at processing large datasets.
• The Asset ID and Organization ID are now shown on their respective details pages.
• Fingerprint improvements.

4.0.240716.0

2024-07-16

• The CLI scanner now correctly supports the --import-pcap option.
• Hosts with only some of their addresses excluded will now match existing assets during merge.
• Meraki-connector sourced assets now report the wired-side MAC for better correlation.
• Fingerprint improvements.

4.0.240715.1

2024-07-15

• Connectors now use fast-fallback to IPv4 for non-responsive IPv6 endpoints.
• A performance regression with topology calculation has been resolved.
• The Tenable connector now supports filtering by source and tag.

4.0.240715.0

2024-07-15

• Fingerprint improvements.

4.0.240712.0

2024-07-12

• Performance of the Crowdstrike integration has been improved.
• A bug that prevented inventory table preferences from persisting throughout the product has been resolved.
• Fingerprint improvements.

4.0.240707.0

2024-07-07

• Support for searching for assets and vulnerabilities by VulnCheck KEV membership has been added.
• The CrowdStrike integration now retrieves more detailed information.
• An issue that could prevent users with community licenses from initiating hosted scans has been fixed.
• An issue that could cause VMware guest operating systems to be incorrectly fingerprinted has been fixed.
• Fingerprint improvements.

4.0.240702.0

2024-07-02

• An issue that could cause asset type to be set to Desktop incorrectly has been fixed.
• An issue that could cause certain virtual machine types to not merge properly has been fixed.
• An issue that could cause certain version comparison queries to not be parsed correctly has been fixed.
• Fingerprint improvements.

4.0.240628.0

2024-06-28

• Version fields across the product are now sortable semantically and can be filtered using the operators >, >=, <, <=, =.
• The Meraki integration now supports filtering on specific networks by name or ID.
• The scanner now supports the Canon BJNP protocol.
• Fingerprint improvements.

4.0.240627.0

2024-06-27

• EPSS scores for vulnerabilities are now searchable with the epss_score keyword.
• The vulnerability information page now shows more information about CISA KEV membership and EPSS scores for vulnerabilities that have relevant information.
• The Asset Ownership report now supports up to 15,000 owners at a time.
• Major performance improvements in vulnerability search.
• Fingerprint improvements.

4.0.240626.1

2024-06-26

• The Meraki integration now populates the switch topology report.
• VMware guests will now link correctly when observed between different ESXi servers and vCenter endpoints.
• The Intune integration now supports an optional filter for devices.
• The search option for the Azure AD integration has been deprecated.
• A bug causing custom widgets to drill down into inventory views with an incorrect alive:t filter despite the query’s configuration has been resolved.
• Fingerprint improvements.

4.0.240622.0

2024-06-22

• A bug that could lead to incomplete MSSQL enumeration has been resolved.
• A bug that could result in the wrong IP address being assigned to a CrowdStrike record has been resolved.
• Fingerprint improvements.

4.0.240621.0

2024-06-21

• A bug in the Organization Overview report has been fixed and the report speed was improved.
• Custom widgets based on queries have been added to the dashboard. Users can create custom widgets from the widget library on the dashboard, or from the query library.
• Improved discovery and data collection from Microsoft SQL Server endpoints.

4.0.240620.0

2024-06-20

• Fingerprint improvements.

4.0.240619.2

2024-06-19

• Improved logging for CrowdStrike connection errors.

4.0.240619.1

2024-06-19

• A bug that could prevent CrowdStrike credentials from successfully validating has been resolved.
• Fingerprint improvements.

4.0.240619.0

2024-06-19

• A bug that could prevent Azure integrations from being created has been resolved.
• Fingerprint improvements.

4.0.240618.0

2024-06-18

• Passive traffic sampling is now more accurate at detecting syslog clients.
• The scanner now supports providing scan options via a JSON formatted configuration file.
• Fingerprint improvements.

4.0.240616.0

2024-06-16

• The Export API endpoints now support POST requests with application/x-www-form-urlencoded parameters. This allows for larger search queries and field filters to be specified.
• Fingerprint improvements.

4.0.240614.0

2024-06-14

• A bug that could result in stalled scans in some situations has been fixed.
• x.509 serial number values in tls.serial will no longer have the leading zero removed.
• Fingerprint improvements.

4.0.240613.0

2024-06-13

• A bug that could prevent non-Windows installations of the runZero Explorer from restarting has been resolved.
• A bug that could result in stale MAC addresses accruing on Tenable assets has been resolved.
• A bug that could result in long timeouts for CrowdStrike tasks with invalid credentials has been resolved.
• A bug that prevented custom integration attribute links from returning results with mix-cased integration names has been resolved.
• Fingerprinting for Azure VMs now prefers the Azure HW assertion over other sources.
• Fingerprint improvements.

4.0.240612.0

2024-06-12

• A bug that could cause the Meraki integration to error has been resolved.
• A bug that could cause incorrect data to display on the dashboard’s most and least seen widgets when toggling the view has been resolved.
• Fingerprint improvements.

4.0.240610.0

2024-06-10

• A visual bug making some toggles in the UI appear incorrectly has been resolved.
• A bug that could prevent Intune devices from being synced has been resolved.
• Fingerprint improvements.

4.0.240607.0

2024-06-07

• Improved discovery and data collection from Microsoft SQL Server endpoints.
• Fingerprint improvements.

4.0.240606.1

2024-06-06

• A bug that could cause the Intune integration to skip syncing certain devices has been resolved.

4.0.240606.0

2024-06-06

• A bug that could result in new Explorer installations on Windows not including npcap has been resolved.
• A bug that could result in connector tasks being stuck in “stopping” status has been resolved.
• Users with no access permissions are no longer allowed to view the account’s superusers.
• Organization hierarchies are now supported up to four levels deep.
• Fingerprint improvements.

4.0.240605.0

2024-06-05

• Support for searching for assets and vulnerabilities by CISA KEV membership has been added.
• Performance improvements.
• Fingerprint improvements.

4.0.240603.0

2024-06-03

• The Defender integration now supports filtering assets that have not been fully onboarded.
• The Defender integration now supports the Graph API filter parameter when running as a scanner probe.
• The Events view is no longer limited to the previous 30 days of records.
• The Explorer now uses consistent file names during the upgrade process.
• A bug that prevented the Defender and Intune configuration from validating when specifying a new Azure credential has been resolved.
• Fingerprint improvements.

4.0.240531.0

2024-05-31

• Discovery of devices using the XDMCP protocol is now supported.
• A bug that could cause incorrect OS CPE generation has been resolved.
• OS version information in Fortinet FortiOS CPE values has been improved.
• Operating System End of Life (EoL) information is now available for Fortinet FortiOS.
• Asset merge logic has been improved.
• Fingerprint improvements.

4.0.240530.0

2024-05-30

• A bug that could show a “user not found” error in API-submitted import jobs has been resolved.
• Fingerprint improvements.

4.0.240529.1

2024-05-29

• runZero now integrates with Meraki. This initial support syncs Devices and Clients to your runZero inventory.
• A bug that could result in an “invalid query” message shown in the self-hosted query library has been resolved.
• A bug that could result in incorrect display of Punycode-encoded hostnames has been resolved.
• A bug that could lead to incorrectly assigned MAC addresses due to cross-VLAN mDNS relays in traffic sampling has been resolved.
• A bug that could lead to invalid MAC address attributes from Defender 365 sources has been resolved.
• A bug that could lead to runZero scan results being attached to not-onboarded Defender 365 assets instead of onboarded assets has been resolved.
• A bug that could result in assets being marked as Laptops instead of Desktops has been resolved.
• A bug that could result in multiple passive sampling tasks being scheduled on the same Explorer has been resolved.
• Fingerprint improvements.

4.0.240524.0

2024-05-24

• The dashboard now supports theater/kiosk mode and fullscreen display options.
• The dashboard widget library now includes a customizable bookmarks widget, that can be used to jump to your favorite reports and views in runZero or to external web sites.
• A bug that could prevent users with organization-specific roles from editing asset tags has been resolved.
• Fingerprint improvements.

4.0.240522.0

2024-05-22

• Performance improvements.
• Fingerprint improvements.

4.0.240519.0

2024-05-19

• The domain: scan target keyword now returns substantially more results for most domains.
• The scanner now treats in-scope addresses found by SNMP as primary addresses.
• The scanner no longer adds reflected IP addresses in L2TP hostname responses.
• The scanner no longer merges specific Netgear switches unintentionally.
• The AzureAD (EntraID) connector now supports the $search and $filter parameters for the Microsoft Graph API.
• The LDAP connector now syncs additional fields, including employeeID, ms-Mcs-AdmPwdExpirationTime, and ms-LAPS-PasswordExpirationTime.
• The CrowdStrike connector now provides better OS fingerprinting during multi-source asset processing.
• The Qualys connector is now more resilient with transient network and service timeouts.
• The Qualys connector now prioritizes Agent-based operating system fingerprints.
• The Custom Integration SDK can now ingest ipAddresses, ipAddressesExtra, and macAddresses fields directly without the presence of a NetworkInterface structure.
• A bug that could prevent the Tenable connector from exporting data has been resolved.
• A bug that could result in stale asset attributes after passive discovery has been resolved.
• A bug that could result in stale service summary columns has been resolved.
• Fingerprint improvements.

4.0.240516.0

2024-05-16

• Fingerprint improvements.

4.0.240514.0

2024-05-14

• Filtering of bogus responses, particularly from interception features of Fortinet gear, has been greatly improved.
• Improved logging for Azure and Intune integrations.
• Fingerprint improvements.

4.0.240508.0

2024-05-08

• A bug that could result in unexpected Wiz authentication errors being included in task logs has been resolved.

4.0.240503.0

2024-05-03

• Creating hosted zone scan tasks via API no longer fails if the site has no non-hosted explorers.
• Fingerprint improvements.

4.0.240501.0

2024-05-01

• Fingerprint improvements.

4.0.240429.0

2024-04-29

• Improved handling of large vulnerability results in the CrowdStrike integration.
• Fingerprint improvements.

4.0.240425.0

2024-04-25

• Fingerprint improvements.

4.0.240424.0

2024-04-24

• Fingerprint improvements.

4.0.240423.0

2024-04-23

• A bug that prevented SSO users from setting a password when SSO was disabled at the runZero account level has been resolved.
• Operating System End of Life (EoL) information is now available for SUSE Enterprise Linux and Apple tvOS.
• Fingerprint improvements.

4.0.240419.0

2024-04-19

• Fingerprinting of assets based on Microsoft 365 Defender data has been improved.
• Fingerprint improvements.

4.0.240417.0

2024-04-17

• Accessibility improvements.
• A bug that could result in errors when deleting a site has been resolved.
• A bug that could cause Wiz tasks to error has been resolved.
• Fingerprint improvements.

4.0.240411.0

2024-04-11

• runZero customers can now sync asset, software, and vulnerability data from Wiz.
• Fingerprint improvements.

4.0.240410.0

2024-04-10

• The runZero dashboard has been improved to better respond to browser window resizing.
• Fingerprint improvements.

4.0.240408.0

2024-04-08

• Data collection from slow SSH services has been improved.
• Fortinet devices are now less likely to cause duplicate assets when traffic is collected using traffic sampling.
• The runZero Explorer now silently skips non-ethernet-like utun (tunnel) interfaces on macOS.
• A bug preventing the “User details” page for external users from loading has been resolved.
• A bug that could lead to errors when changing email address was fixed.
• A bug that could lead to errors when deleting a user was fixed.
• Fingerprint improvements.

4.0.240405.0

2024-04-05

• The profile settings page has been redesigned.
• Names can now be given to multi-factor authentication tokens when enrolling new tokens.

4.0.240404.0

2024-04-04

• Fingerprint improvements.

4.0.240403.0

2024-04-03

• A bug that prevented proper click through from the Query Insights dashboard widget to the appropriate inventory view was fixed.
• Matching of MAC addresses of Fortinet firewall devices was improved.
• Fingerprint improvements.

4.0.240402.0

2024-04-02

• Fingerprint improvements.

4.0.240401.0

2024-04-01

• The layout of the runZero dashboard is now fully customizable.
• The runZero dashboard now supports exporting views as CSV and PNG.
• Fingerprint improvements.

4.0.240331.0

2024-03-31

• Integration task processing is now much faster for assets with large numbers of MAC addresses.
• A bug that could result in assets accumulating link-local IPv6 addresses has been resolved.
• Fingerprint improvements.

4.0.240329.0

2024-03-29

• The “Contact runZero support” menu has been redesigned.
• A bug that could cause the services attribute report to fail has been resolved.
• A bug that could cause hostnames with spaces to be turned into multiple hostnames when imported from the AzureAD connector has been resolved.
• Improved logging for the Intune integration.
• UI improvements.
• Fingerprint improvements.

4.0.240327.0

2024-03-27

• Tenable connector data processing is now significantly faster for devices with large numbers of MAC addresses.
• A bug that could result in the self-hosted updater showing a SQL error during startup has been resolved.
• A bug that could cause scans running on Windows Explorers to accidentially terminate unrelated processes has been resolved.
• Fingerprint improvements.

4.0.240326.0

2024-03-26

• The CrowdStrike connector now only imports actively installed software.
• The CrowdStrike connector now handles large software and vulnerability results reliably.
• The CrowdStrike connector now better filters system accounts from the lastInteractiveUser attribute.
• Fingerprint improvements.

4.0.240325.0

2024-03-25

• Fingerprint improvements.

4.0.240320.0

2024-03-20

• Fingerprint improvements.

4.0.240318.0

2024-03-18

• Task ID is now visible when inspecting a task on the task overview page and on the task details page.
• An issue with calculating mid-scan progress for connector tasks running on Explorers has been resolved.
• A bug that could cause service start issues after upgrading self-hosted runZero instances has been resolved.
• Fingerprint improvements.

4.0.240314.0

2024-03-14

• Colors throughout the product have been tweaked to improve accessibility, legibility, and consistency.
• Tables in the product can now be configured to prefer a mono-spaced variant of the table font.
• Tables throughout the product now allow users to choose text casing preference, available via the “Prefs” dropdown.
• An issue that could prevent updates to Directory Users / Groups has been resolved.
• A bug that could cause the “concurrency” setting on Explorers to be incorrectly changed when editing an Explorer’s settings has been resolved.
• Accessibility improvements.
• Fingerprint improvements.

4.0.240311.0

2024-03-11

• An issue with processing malformed header data from RTSP responses has been resolved.
• The runZero CLI now completes faster for local networks.
• Self-hosted customers can now unbind SSO from a user account using the runzeroctl user reset command.
• Self-hosted customers can now change the SSO mode using the runzeroctl sso-mode mode command.
• Accessibility improvements.
• Fingerprint improvements.

4.0.240308.0

2024-03-08

• A bug that could cause short keywords to not show any autocomplete suggestions in the query builder has been resolved.
• Long fields in Nmap XML exports of asset data are no longer truncated.
• Probing devices using EtherNet/IP is now supported over UDP.
• Fingerprint improvements.

4.0.240306.0

2024-03-06

• An issue that could prevent new self hosted installations or updating existing installations has been resolved.
• Fingerprint improvements.

4.0.240305.1

2024-03-05

• An issue that could result in incorrect asset merging in certain situations has been resolved.
• An issue that could result in delayed analysis for busy Organizations has been resolved.
• Fingerprint improvements.

4.0.240305.0

2024-03-05

• Fingerprint improvements.

4.0.240304.0

2024-03-04

• Fingerprint improvements.

4.0.240301.0

2024-03-01

• A new “serialNumbers” column has been added to the asset CSV export. This field contains serial numbers observed during scanning, along with the protocol used to discover the serial number.
• An issue that could cause incorrect attack surface assignment to assets discovered by traffic sampling has been fixed.
• A bug which caused some task errors and warnings to fail to display has been fixed.
• Fingerprint improvements.

4.0.240228.0

2024-02-28

• A bug that could prevent sites from being created per project for the Google Cloud Platform integration has been resolved.
• Fingerprint improvements.

4.0.240226.0

2024-02-26

• A bug impacting Operating System End of Life (EoL) assertions for certain versions of Microsoft Windows and Linux distributions has been resolved.

4.0.240223.0

2024-02-23

• A bug that could cause organization statistics to become out of date in organizations with frequent and concurrent tasks has been resolved.
• Operating System End of Life (EoL) information is now available for Apple iOS and iPadOS as well as CentOS Stream.
• Operating System Extended End of Life (EoL) generation has been improved.
• Fingerprint improvements.

4.0.240221.0

2024-02-21

• The vulnerability inventory is now much faster for large organizations.
• Fingerprinting of devices via BGP is now supported.
• Tenable integration performance has been improved.
• A bug that could cause the asset and service attribute reports to fail has been resolved.
• A bug causing some credential form fields to disappear when modifying an existing credential has been resolved.
• An issue with the query format of site-filtered insights has been resolved.
• Fingerprint improvements.

4.0.240218.0

2024-02-18

• Software inventory is now calcuated as part of metrics, reducing task processing time.
• A bug that prevented the Organization picker from working on some pages has been resolved.
• Saved queries in the search suggestions menu are now ordered by when they were last updated.
• Improved asset correlation logic for devices with wired and wireless interfaces.
• Improved OS detection logic when considering multiple data sources.
• Fingerprint improvements.

4.0.240216.0

2024-02-16

• Improved correlation behavior for assets with information from NTLMSSP or Qualys.
• Search query and query builder autocomplete results have been improved for shorter sets of input.
• A bug preventing the parent-organization-picker from appearing on the organization create and edit pages has been resolved.
• Fingerprint improvements.

4.0.240214.0

2024-02-14

• Improved protocol detection during traffic sampling.
• The alert event type emitted after a client switch has changed from “login” to “client-switched”.
• The “Site” column has been removed from the software groups table.
• An issue where the software inventory sometimes failed to update after a task has been resolved.

4.0.240213.0

2024-02-13

• The Software Inventory is now much faster for large organizations.
• An issue that could result in stale service attributes persisting through rescans has been resolved.
• The LOG_FORMAT and LOG_MAX_LENGTH configuration values were renamed to RUNZERO_LOG_FORMAT and RUNZERO_LOG_MAX_LENGTH respectively. The old values will continue to work but are deprecated.
• The request timeout for the Qualys integration has been decreased.
• TCP stack based OS fingerprinting has been improved.
• Fingerprint improvements.

4.0.240208.0

2024-02-08

• An issue with adding addresses for Custom Integration assets without MACs has been resolved.
• The request timeout for the Qualys integration has been increased.

4.0.240207.0

2024-02-07

• Additional data points for result count and sent/received data have been added to the Tasks CSV export.
• An issue with the display format of site subnet tags on assets has been resolved.

4.0.240206.0

2024-02-06

• Improved performance on the Software inventory table.
• Additional fields added to Query Builder autocomplete.
• An issue that prevented Site Subnet information from exporting with Assets has been resolved.
• An issue with data missing from the default email template for alerts has been resolved.

4.0.240205.0

2024-02-05

• Filtering of hostnames collected from TLS X.509 certificates has been improved.
• An issue that could cause overlapping subnets to apply another Site’s subnet tags has been resolved.
• An issue that could result in incorrect asset correlation between HP iLOs and their servers has been resolved.
• Fingerprint improvements.

4.0.240202.0

2024-02-02

• Performance of Tenable.io connector tasks when only a subset of Severity/Risk values are selected has been improved.
• An issue that allowed users with the Administrator role to downgrade their own permissions has been resolved.
• An issue that could prevent Nessus attributes from being fully hydrated by runZero has been resolved.
• Fingerprint improvements.

4.0.240131.0

2024-01-31

• Fingerprint improvements.

4.0.240129.0

2024-01-29

• A query builder is now available, accessible from most datagrids by clicking the “Query builder” button to the right of the search bar.
• An issue which caused some out-of-date service information to remain on assets has been resolved.
• An issue which caused service information to be incorrectly removed from assets that were offline during a scan has been resolved.

4.0.240126.0

2024-01-26

• Discovery of devices using the DNP3 protocol is now supported.
• Operating System End of Life (EoL) information is now available for Oracle Linux.
• Page break locations in the overview report have been improved.
• Operating System End of Life (EoL) generation for Red Hat Enterprise Linux and CentOS Linux has been improved.
• Assets with no known address are now labeled with “Unknown” for their address rather than “Unscanned”.
• The bundled npcap driver has been updated to version 1.79.
• An issue that could prevent last task details from correctly displaying on the Sites datatable has been resolved.
• An issue that prevented the expansion of dropdown menu sub-menus using keyboard navigation has been resolved.
• An issue that could result in certain OS fingerprinting data not being updated has been resolved.
• An issue that could prevent creating new Azure Credentials via the Azure connector configuration page has been resolved.
• An issue causing Tenable.io integration tasks to import vulnerability data even when no severity or risk levels were selected has been resolved.
• Fingerprint improvements.

4.0.240124.0

2024-01-24

• An issue that could result in hidden fields on the SNMP v3 Credentials form has been resolved.
• Fingerprinting of Red Hat Enterprise Linux derivatives when limited data is available has been improved.
• Additional fingerprint improvements.

4.0.240122.0

2024-01-22

• The datagrid search bar has been improved to show recent queries and available queries from the query library.
• Fingerprinting of Red Hat Enterprise Linux and derivatives from Tenable product data has been improved.

4.0.240119.0

2024-01-19

• Fixed an issue that prevented the “Edit user permissions” modal from working correctly.
• Fingerprint improvements.

4.0.240117.0

2024-01-17

• Fixed an issue where custom integration task data could not be re-imported.
• Fixed an issue where Nessus imports could fail due to Nessus response size.
• Fingerprinting of Red Hat Enterprise Linux derivatives such as CentOS, Rocky Linux, and Oracle Linux has been improved.
• Fingerprint improvements.
• Accessibility improvements.

4.0.240112.0

2024-01-12

• Site column has been added to all tasks lists in the task overview.
• Fingerprint improvements.

4.0.240110.0

2024-01-10

• The Nmap XML export now uses the minimum and maximum asset last_seen timestamps as the start and stop times.
• An issue that could prevent stale services from being cleared from updated Assets has been resolved.
• A resource leak that affects self-hosted customers with transparent huge pages (THP) enabled has been resolved.
• Fingerprint improvements.

4.0.240109.0

2024-01-09

• Tenable Security Center tasks now only retrieve records updated since the previous sync.
• Fingerprint improvements.

4.0.240105.0

2024-01-05

• A bug that prevented the API for creating passive sampling tasks from working as documented was fixed.
• A bug that could cause inventory grids to disappear when using Firefox and resizing the window below a certain point has been resolved.
• Improved error handling for Tenable, Tenable Security Center, and CrowdStrike integrations.
• Fingerprint improvements.

4.0.240103.0

2024-01-03

• Improved correlation for assets sourced from the Censys and Shodan integrations.
• A bug that incorrectly logged certain task failures as ’explorer failed to queue task’ has been resolved.
• Fingerprint improvements.

Archived release notes

Release notes prior to 2024 can be found in the release notes archive.