To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Elements Vulnerability Management Portal Changelog

Sylwia
Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

Elements Vulnerability Management Portal feature changes will be published under this announcement thread.

Every time there is a change, an entry will be created under this announcement describing new functionalities, improvements or bug fixes.

📝 Click here to see the most recent change log and bookmark the discussion to be notified of any updates.


Tagged:
«1

Comments

  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log moved from the https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: September - December 2017


    Version 3.0.0, released September 11, 2017

    New features and improvements:

    • Shorter release cycle for Radar Security Center (at least every 2 weeks).
    • Improved adding system scans and discovery scans in bulk (also from CSV file).
    • User interface localization (English, Japanese, French, German). More languages will be added soon.
    • New, responsive and adaptive HTML5-based user interface that follows F-Secure’s user experience guidelines. No more Flash content.
    • Filtering and sorting has been greatly improved to support the needs from advanced Radar users. Filters can be saved and reused, also on the Dashboard.
    • Batch actions are supported everywhere in the interface, making it easier to update scheduling templates on multiple scans, for example.
    • Both list view and group view are now supported on multiple pages.
    • Solution migrated to the latest Microsoft technologies on the backend.
    • New RESTful Radar application programming interface (API) for easy integration with 3rd party software.

    Fixed issues:

    • The vulnerabilities page now also lists web application (Web Scan) vulnerabilities.

    Version 3.1.0, released September 25, 2017

    New features and improvements:

    • Splitting API to integration (longer supported backward compatibility) and latest channels (for the latest changes).

    Version 3.2.0, released October 2, 2017

    New features and improvements:

    • New widget (Gauge) available for the Dashboard. The widget shows the number of hosts, average severity, and number of vulnerabilities found.

    Version 3.3.0, released October 10, 2017

    New features and improvements:

    • Radar API authentication implemented with Access Keys for third-party integration.

    Version 3.4.0, released October 24, 2017

    New features and improvements:

    • If you manage several Radar accounts, you can now access several of them through the “company selector” feature to manage several work spaces with one login.

    Version 3.5.0, released October 31, 2017

    New features and improvements:

    • Migration from .NET Core version 1.1 to 2.0 in the backend. Improved site performance.

    Version 3.5.1, released November 15, 2017

    Fixed issues:

    • Vulnerabilities from web scans were not visible when a summary report was generated.

    Version 3.6.0, released November 20, 2017

    New features and improvements:

    • Vulnerability status customization is now available on the user interface.
    • Feedback and support links are separated in the menu.

    Fixed issues:

    • The scan target URL for web scans were not being validated properly when a query string was passed.

    Version 3.6.1, released November 22, 2017

    Fixed issues:

    • Fixes to localized templates

    Version 3.6.2, released November 30, 2017

    Fixed issues:

    • Fixed an issue in the scan target name validation.

    Version 3.7.0, released December 11, 2017

    New features and improvements:

    • Added functionality that allows adding, editing, and deleting System Scan and Web Scan vulnerabilities to report by using API methods. There is also an option to attach or remove screenshots in Web Scan vulnerabilities.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff
    edited November 2022

    Old change log moved from the https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: January - July 2018

    Version 3.8, released January 4, 2018

    Fixed issues:

    • Unnecessary encoding on the sorting by status dropdown (Japanese locale).

    New features and improvements:

    • Notification bell component added next to the right corner of the screen to indicate that there are unread notifications.
    • It is possible to configure the level and category of notifications.
    • It is possible to see the full list (grouped by category or flat) of user notifications, show notification details, and mark notifications as read or unread.
    • Added a new type of notification for low disk space on the scan node.
    • Added a new type of notification to indicate when the limit of allowed monthly IP usage is reached.

    Version 3.9, released January 16, 2018

    Fixed issues:

    • License agreement appears all the time for new organizations.

    New features and improvements:

    • You can download one or more system and web scan configurations.
    • You can download one or more discovery scan template configurations.
    • You can upload one or more system and web scan configurations.
    • You can upload one or more discovery scan template configurations.

    Version 3.9.1, released February 08, 2018

    New features and improvements:

    • Ability to mark all notifications as read in the bell widget. Smaller visual improvements.
    • Ability to mark one or many notifications as unread.
    • Updating changes of the vulnerability scans and discovery scan list details without reloading the view.
    • Information about an expired scan node license on the scan node list.
    • Information about a disabled, due to abuse, scan node license on the scan node list.
    • Showing information in case running out of the disk space on the scan node machine.
    • Aggregated status on the scan node list row showing the most important warning.

    Version 3.11.0, released February 19, 2018

    New features and improvements:

    • SystemScan plugins RSS feed is published in a valid form. Vulnerability link points to a vulnerability definition available via API.
    • Added a new type of notification for when there is no communication with the scan node.
    • Added a new type of notification for when communication with the scan node is restored.

    Security issues:

    Two security vulnerabilities have been closed by this release:

    • CVE-2018-6189 - XSS via vectors involving the Tags parameter in the JSON request. Issue has a limited scope (only user's own workspace).
    • CVE-2018-6324 - Unvalidated Redirect via the ReturnUrl parameter.

    Version 3.11.1, released February 26, 2018

    New features and improvements:

    • Compressed tables to display more data on the screen, enabled user to read them easier.

    Version 3.12.0, released February 23, 2018

    New features and improvements:

    • When you filtered or sorted your data without saving a filter, then navigated to a different view and then got back to the list view the sorting and filtering was gone. As of now the filtering is remembered for the duration of the session. For now, the change doesn't apply to grouped views like Vulnerability scans group view, but is planned to be implemented as well (work in progress).

    Version 3.13.0, released March 02, 2018

    New features and improvements:

    • Added summary reports section to product documentation.

    Version 3.14.0, released March 12, 2018

    New features and improvements:

    • As an effort to have feature parity with version 2.3.6, the ticketing system is now available. You can create new tickets or add a number of vulnerability instances to an existing ticket. You can add it from the vulnerability list view, a system scan report, or a web scan report.

    Fixed issues:

    • Choosing port scan option in the discovery scan is properly bound in the discovery scan edit page.

    Version 3.14.1, released March 28, 2018

    Fixed issues:

    • The data from widgets on the dashboard was not being shown properly (all widgets displayed data from one widget).

    Version 3.14.2, released April 06, 2018

    Fixed issues:

    • 'New status if rediscovered in scan' and 'New status if not rediscovered in scan' columns are swapped when retrieved from the API (example: while retrieving vulnerability statuses in the General settings section).

    Version 3.15.0, released April 10, 2018

    New features and improvements:

    • Ability to check if F-Secure Radar is detecting a certain vulnerability, searching the entire database by name, tags, severity, CVE references (go to Vulnerabilities view, Vulnerability coverage tab).

    Version 3.15.1, released May 9, 2018

    New features and improvements:

    • Added option to start scanning from vulnerability details view.

    Version 3.15.2, released May 17, 2018

    Fixed issues:

    • Default retention setting for storing vulnerability reports in Radar has been changed to two years. This change affects only new accounts created after this release. You can change the retention settings for your organization at any time in the Settings -> General Settings -> "Miscellaneous" section in Radar Security Center.

    Version 3.15.3, released May 24, 2018

    New features and improvements:

    • Added links in the support section to the privacy policy document (the links are also shown during initial login and in the invitation mail).

    Fixed issues:

    • All new vulnerabilities when the target was scanned for the first time were shown as reappearing. It should be shown as new.

    Version 3.16.0, released June 07, 2018

    New features and improvements:

    • Feature parity: Manual findings can be added, edited, and deleted on a system scan report. In addition to detailed information, a CVSS calculator has been added to help to specify the severity of a finding. Comparing to 2.3.6, prefilling finding details has been improved, users can prefill data from existing findings (RADAR-9953)
    • Feature parity: While a system scan is running, clicking on the scan details gives users more statistical information such as average time per plugin, executed plugins, and last executed plugins (RADAR-10493)
    • Feature parity: System scan reports show the list of historical reports. Users can delete a given historical report. Users can see the details of the historical system scan report by clicking on the report on the list.

    Fixed issues:

    • Vulnerability by status chart displayed incorrectly on the statistics subpage of a system scan report (RADAR-10493)
    • (Partners only) When changing organization through the organization selector, filtering information was persisted on the page causing strange behavior. Filtering information is now purged after changing organization (RADAR-10288)
    • An interface bug experienced by a limited number of customers. Showing the action dropdown was broken after clicking on row actions (for example summary reports list or vulnerability scans list). (RADAR-9258)
    • Improvements while showing large discovery scan reports (more than a few hundred hosts discovered). Improvements should exclude the possibility of timeouts and long load times (RADAR-10226)

    Version 3.16.1, released July 02, 2018

    New features and improvements:

    • Ability to start/stop a scan and track its progress from a system/web/discovery scan report (RADAR-6753)
    • Enabling Content Security Policy checks on portal. (RADAR-10711)
    • Remember showing empty groups on the vulnerability scans group view (RADAR-9574)

    Fixed issues:

    • System scans can be added twice, added progress button to avoid double-clicking on an action. (RADAR-10768)

    Version 3.16.2, released July 18, 2018

    New features and improvements:

    • Discovery scans can be filtered by discovered host names (RADAR-9389)

    Fixed issues:

    • Fixes applied to select all rows on the vulnerability list (RADAR-10802)
    • Invalid actions menu visible for grouped vulnerabilities on the report page (RADAR-10933)
    • Access control adjustments for schedule templates (RADAR-10974), web scan recordings (RADAR-10980), and scan logs (RADAR-10977)


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change logs moved from: https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: August- December 2018

    Version 3.17.0, released August 02, 2018

    New features and improvements:

    • Internet discovery search has been visually improved. It's easier to query and save results. Users can change the query (for example for other domains used by the same IP) by clicking on a single search result. Users can also go directly to the found page. (RADAR-8617)
    • Notifications seen in the notifications view (for example a lost connection with a scan node) are also sent as an email (users can turn this off in Settings) (RADAR-10632)

    Fixed issues:

    • Issues when viewing bigger discovery scan reports (RADAR-11029)
    • Access control adjustments: visibility of schedule templates (RADAR-10974), invoking terminate sessions for deactivated users (RADAR-11058), and limiting API calls for less privileged users (RADAR-11061)

    Version 3.18.0, released August 13, 2018

    New features and improvements:

    • Ability to filter found vulnerabilities (system scan report, found vulnerabilities list, vulnerability coverage) to those that have publicly available exploits. This helps to identify found vulnerabilities that may be an easy target even for an inexperienced attacker. (RADAR-10793)

    Version 3.18.1, released August 27, 2018

    Fixed issues:

    • Resolved problem with changing status on reported vulnerability (RADAR-11166)
    • Problem with displaying the interface (using Internet Explorer v. 11.0) to set password (RADAR-11189)

    Version 3.19.0, released September 06, 2018

    New features and improvements:

    • Assets automatically created from automatic asset monitoring mechanism are shown with a special cog icon on vulnerability scans list and group view and on discovery scans list view. (RADAR-11180)
    • Radar introduces long-awaited automation between different asset sources (for example, collected from a discovery scan or Internet discovery) and assigned to a scan group. By defining an asset source while editing a scan group, you can let the system add new scan targets to a vulnerability scan group automatically. This feature might be very useful, for example, while scanning hosts with dynamic IP addresses. Select one of the asset types from the list and configure rules that the system will follow to automatically add (and remove) IP addresses according to data found by the asset source. You can also immediately run a vulnerability scan for new scan targets or leave it for a scheduled scan attached to a scan group (if applied). One vulnerability scan group can have more than one asset update source. (RADAR-11171), (RADAR-11164)
    • Allow the filtering of summary report findings by the exploitable markup (RADAR-10795)
    • Solution selector added to Radar portal header for better visibility of other F-Secure products. Later on, this panel will allow the user to navigate between all solutions that they have a subscription to, as well as various Support portals (RADAR-11195)

    Version 3.20.0, released September 17, 2018

    New features and improvements:

    • Summary information about asset monitoring is available when unfolding scan group details (Group View) (RADAR-11180)
    • Downloading logs is possible for historical system scan and web scan reports (RADAR-10730)

    Version 3.21.0, released October 15, 2018

    New features and improvements:

    • Proactively limit the number of IPs being scanned according to the current subscription (RADAR-10316)

    Version 3.22.0, released October 25, 2018

    New features and improvements:

    • Introducing interactive guidance, a Radar feature that provides help with onboarding, as well as instructions and advice for using the portal. The interactive guidance menu is available by clicking the big question mark icon in the top-right corner on most views. Currently, this shows a link to the Help Center. More content will follow (RADAR-11142).

    Version 3.23.0, released November 26, 2018

    New features and improvements:

    • Customers can now opt out from allowing users assigned to the upper organization accounts to log in to their organization account. This is an additional option related to the upcoming change to organization accounts (i.e. hierarchy, privilege inheritance). To opt out, customers need to go to Settings -> Security settings -> Isolate my organization (RADAR-10352)
    • Extended information about the scanned unique IP addresses calculated by month/year. This data is available via Settings -> General settings -> Subscription details -> Subscription utilization (RADAR-11752)
    • Dashboard widgets showing tables can now show more than 10 items. Edit the dashboard and a specific widget, and choose the desired number of items to show (range from 5 to 200)(RADAR-11815)
    • Standard user groups and their respective user roles (Administrators, Read-only team members, Team members) created by default by Radar cannot be changed (they are renamed as "locked"). (RADAR-11472)

    Fixed issues:

    • Problem with deleting a user via API (RADAR-11947)
    • Ticketing system not available due to missing organization-level flag (RADAR-12000)

    Version 3.24.0, released December 10, 2018

    New features and improvements:

    • [RADAR-11393] - Discovery Scan reports are able to show the MAC address of a scanned device if the scan node is able to determine it. The MAC address field is also present in the downloadable Excel report (RADAR-11995).
    • [RADAR-11994] - Ability to throttle API requests. When there are too many API requests from one IP address in one second, requests that exceed the limit (500) are blocked with 429 HTTP response message.
    • [RADAR-11744] - Support of inbound connection scan nodes has been improved. This type of connection between Security Center and the scan node is now naïvely supported by the portal. This feature is available for on-premise Radar Security Center deployments .
    • [RADAR-11443] - System scan vulnerability feed (RSS) has been moved to a new location. Go to the portal's news subpage to get the new URL.
    • [RADAR-8906] - Session handling changed to enable service redundancy and load balancing capabilities for Radar portal.
    • [RADAR-12085] - Subscription utilization for yearly entries now has an exact start date and end date. See Settings -> General Settings.

    Fixed issues:

    • [RADAR-11777] - Minor issues related to API replies when switching between organizations.
    • [RADAR-11947] - Issue with Radar API returning HTTP 500 response code for the delete user action.
    • [RADAR-11975] - The discovery scan report filter was not showing the correct amount of hosts not scanned for vulnerabilities.
    • [RADAR-11977] - Problem with unreadable UI in cases of a very long web scan vulnerability title.
    • [RADAR-12029] - Problem with timeouts while updating the scan status.
    • [RADAR-12043] - Refresh option not working on the View scan logs page while the scan is running.
    • [RADAR-9933] - Problem with the validation of IP address restrictions while switching between organizations

    Version 3.25.0, released December 18, 2018

    New features and improvements:

    • [RADAR-12139] - Superfluous tags count column has been removed from the Vulnerability Scans page in order to improve site performance.
    • [RADAR-11991] - Removed requirement of having an ordinary user account in each organization to be able to create scan groups, run scans and create tickets.
    • [RADAR-11689] - Performance of Web Scan API endpoints have been improved.
    • [RADAR-12007] - Added privileges to inbound Scan Nodes' updates directory

    Fixed issues:

    • [RADAR-11809] - Fixed vulnerability severity colors applied to Donut chart on Dashboard when vulnerabilities have been chosen as a data source.
    • [RADAR-12087] - Internet Discovery search did not work for some customers due to improper interpretation of configuration flags.
    • [RADAR-11443] - Fixed RSS for on-premise installations


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change logs: https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: January -July 2019

    Version 3.26.0, released January 07, 2019

    New features and improvements:

    • [RADAR-12113] - Introducing F-Secure Radar Web Scan Recorder, a Chrome add-on that helps user to record login steps as well as site discovery. A link to Chrome add-on is available in the Web Scan target add/edit form.
    • [RADAR-12310] - Karhu. Scheduler service will be uninstalled, because it is no longer necessary

    Fixed issues:

    • [RADAR-11963] - Added a limitation that users can only reset or change the password for their own organization's users or for users in suborganizations that they have permissions for.
    • [RADAR-12281] - Previous Radar Security Center installation detection issues (connection string format)
    • [RADAR-12328] - Radar Security Center update failed, because of System. ArgumentException: Illegal characters in path

    Version 3.27.0, released January 21, 2019

    New features and improvements:

    • [RADAR-12241] - Vulnerability details page shows additional information about the vulnerability check release date.

    Fixed issues:

    • [RADAR-12188] - Fixed issue with Summary Report wizard not applying the asset filtering scope when using tags assigned to a scan group.
    • [RADAR-11717] - Fixed an issue where user was getting a blank page when trying to create a scan group from Internet discovery's results page.
    • [RADAR-12393] - Fixed special character encoding on the Web Scan report.

    Version 3.27.1, released January 28, 2019

    Fixed issues:

    • [RADAR-12501] - Unable to update status or note for vulnerabilities.

    Version 3.28.0 released February 04, 2019

    New features and improvements:

    • [RADAR-11935] - Introducing a new authentication method for System Scan that uses Windows Remote Management (WinRM). The current authentication method for Windows is still supported for now, but renamed to “Windows Credential RPC” to differentiate it from the new method (“Windows Credential WinRM”). WinRM authentication is easier to configure and doesn’t require using an admin account. It is also safer and uses well-known PowerShell functionality. From now on, WinRM will be the recommended authentication method and at some point in the future will be the only supported authentication method for scanning Windows machines.
    • [RADAR-11577] - To align notification settings in the portal, the option to subscribe to the Radar newsletter has been moved from the "My profile" page to the general notification settings under Settings -> Notification Settings -> News.
    • [RADAR-11880] - Downloading Summary Report Word or Excel documents is now a non-blocking HTTP request. This change improves the user experience of the Summary Report page and allows faster downloading of the same report on the second attempt. Summary Report API endpoints have changed in this area and the new way of downloading reports will be documented with examples.
    • [RADAR-12005] - It is now possible to define a much longer Discovery Scan target IP range. The "IP ranges" input field accepts up to 16000 characters.

    Fixed issues:

    • [RADAR-9296] - Fixed an issue with redundant white spaces in the "Restrict login based on IP address" field that caused issues when saving changes.

    Version 3.28.1 released February 07, 2019

    Fixed issues:

    • [RADAR-12552] - Fixed issue with missing tickets on the ticket list in cases where tickets have no attached vulnerabilities .

    Version 3.29.0 released February 18, 2019

    New features and improvements:

    • [RADAR-11766] - Each discovered host's MAC address information (if available) is considered when interpreting the results of a discovery scan. This helps to uniquely identify a specific host in relation to the previous scan (if it is a new host, if the host is reappearing, etc.).
    • [RADAR-12424] - Reduced the size of XML summary reports by eliminating duplicated vulnerability description entries. This change also decreases the resources and time needed to generate summary reports in Word and Excel formats.

    Fixed issues:

    • [RADAR-12569] - Fixed an issue on the ticket creation wizard that caused Radar to show vulnerability instances that belong to logically deleted scan groups.
    • [RADAR-12714] - Fixed an issue on the Summary Report creation wizard that prevented users from selecting the report scope based on the tags attached to scan records.
    • [RADAR-11798] - Fixed an issue on the group view of the Account Management page that prevented the bottom panel with available actions from appearing when the user selected one or more users from the list.

    Version 3.30.0 released March 04, 2019

    New features and improvements:

    • [RADAR-12638] - Arranging Dashboard widgets has become easier thanks to the new sizing and placement system. Feature of locking and unlocking Dashboard has been removed.
    • [RADAR-12635] - Added an option to show Dashboard in fullscreen mode.
    • [RADAR-11952] - Scan node list shows new warning types reported by the scan node when the hosting machine has low RAM or high CPU usage.

    Fixed issues:

    • [RADAR-2191] - Vulnerability filtering on the ticket creation wizard has been improved. If the wizard has been initialized from the "Vulnerabilities" page, it will take the applied filter into account and respectively limit the list of affected hosts to be included in the new ticket.
    • [RADAR-12723] - Action to export affected hosts (vulnerability details view) to a CSV file did not consider the applied filter (used to export all affected hosts).
    • [RADAR-12860] - Summary report could not be created or edited when the "Public exploit is available" filtering option was checked.

    Version 3.31.0 released March 18, 2019

    New features and improvements:

    • [RADAR-12634] - Added new way of creating dashboard widgets. Moved the form to a popup window and enabled user to predefine size and placement of widget before it is created.
    • [RADAR-12865] - Dashboard: Histogram widget showing the overall severity of issues can now be filtered by scan group. This allows users to track the status of each class of asset separately.

    Fixed issues:

    • [RADAR-11644] - Improved visibility of configured asset sources defined in the scan group in case when the source has no data.
    • [RADAR-11829] - Added company name to email notifications subject text for events like scan start/stop.
    • [RADAR-12793] - Fixed an issue with configuring a new default value for open/closed vulnerability status in organization settings.
    • [RADAR-12829] - Dashboard: Added "Flags" column to the table widgets showing vulnerabilities. This shows which vulnerabilities have a public exploit available.
    • [RADAR-12823] - Fixed an issue that made it possible to create duplicates in custom tags on the Vulnerability Scans page.
    • [RADAR-12900, RADAR-12941] - Fixed an issue with incorrect counters in Web Scan report.
    • [RADAR-12979] - Fixed an issue on the Vulnerability Scans, group view that randomly showed an error message when the user opened one of the scan groups.
    • [RADAR-12767] - Added notifications for approaching and reached ticket deadlines. Notifications are sent to all the ticket's participants.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

     Old Change log moved from https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: April - July 2019


    Version 3.32.0 released April 01, 2019

    New features and improvements:

    ·       [RADAR-3741] - Ability to configure Linux and Windows authenticated scans within the same scan group. From now on, you can define multiple authentication credentials in a single System Scan configuration template and attach it to the selected scan group.

    ·       [RADAR-12020] - Simplified the view of System and Web Scan report pages by minimizing the amount of tabs. Statistics and charts become part of the default view, showed in a separate section. A histogram that presents vulnerability data distribution across scans of the same scan target has been moved to the 'Scan history' tab.

    ·       [RADAR-13087] - Changed the order of tabs on the left menu. "Discovery Scan" and "Internet Discovery" are swapped.

    ·       [RADAR-12975] - Added the vulnerability instance ID to Web Scan XML exports. The tag name is "guid" and it is available in the "instance" section of "vulnerabilities". The ID is also displayed in the Summary Report.

    ·       [RADAR-13141] - Scan node list shows information about the latest available Scan Node engine revision number to warn of outdated scan node vulnerability signatures and updates. Removed unused controls on the scan node edit window.

    ·       [RADAR-13025] - Classic F-Secure Radar (v. 2.3.6) portal has been decommissioned. The classic website redirects users to the latest version of the F-Secure Radar portal.

    Fixed issues:

    ·       [RADAR-12492] - Added a requirement to enter the two-factor authentication code if a user is about to turn off two-factor authentication. In addition, the masked two-factor code input box in the login process has been changed to unmasked (typed digits are visible).

    ·       [RADAR-12869] - Corrected information about scan group asset sources in the scan group details summary.

    ·       [RADAR-12984] - Fixed input validation for the "Number of day(s) before deadline to notify participants about it" field in Settings -> Workflow.

    ·       [RADAR-13000] - A few interactive guides available from the menu were broken, making it impossible to complete the guided walk-through.

    ·       [RADAR-13046] - Fixed an issue on the Dashboard that prevented deleting a cloned widget.

    ·       [RADAR-13088] - Fixed an issue in the ticketing module that caused an invalid amount of vulnerability instances to be shown on the ticket creation form.

     

    Version 3.33.0 released April 15, 2019

    New features and improvements:

    ·       [RADAR-13106] - Reintroduced option to add manually discovered vulnerabilities to the Web Scan report delivered by the scanning engine.

    ·       [RADAR-13139] - Added an option to reset the two-factor authentication code in the "My profile" modal window. This is useful when users change the location of the authorization code.

    ·       [RADAR-13162] - Added a link to the scan node settings tab to download the scan node installation program for Windows operating systems.

    ·       [RADAR-13171] - Introduced an option to order a scan node directly from the portal. Added a wizard that guides the user through the license ordering process and automatically registers it, so that users do not need to register modules manually anymore. This feature is available under the Settings → Scan Nodes page.

    Fixed issues:

    ·       [RADAR-12815] - On the create ticket wizard, scan group filters were not working when vulnerabilities were in the grouped view.

    ·       [RADAR-13064] - Fixed an issue in changing vulnerability statuses on the "Vulnerabilities" menu: status was changed for all vulnerabilities displayed in the current filter, not only for selected ones.

    ·       [RADAR-13168] - Fixed an issue with incorrect number of closed target hosts on vulnerability details page.

     

    Version 3.34.0 released May 13, 2019

    New features and improvements:

    ·       [RADAR-13341] - Notification added next to the vulnerability status save button explaining that changes in the status workflow will affect only new scans.

    Fixed issues:

    ·       [RADAR-13357] - Links to vulnerability scan reports in email notifications have been fixed to reflect the new URL structure.

    ·       [RADAR-13280] - Fixed an issue where clicking the help icon in the authenticated scan configuration changed the checkbox selection.

    ·       [RADAR-13505] - Fixed an issue in the wizard for adding a manual system scan vulnerability, which affected the calculated base score of the vulnerability.

    ·       [RADAR-12403] - Fixed an issue where the SSH password was requested when editing an authenticated scan configuration with the SSH password already defined.

    ·       [RADAR-13509] - Fixed an issue in the wizard for adding/editing manual system scan vulnerabilities that saved the CVSS Vector for informational findings.

    ·       [RADAR-13473] - Fixed an issue for Web Scan scanning state transition.

    Version 3.33.1 released April 16, 2019

    Fixed issues:

    ·       [RADAR-13324] - Resolved an issue that caused the Scan Nodes page to show incorrect warning messages about outdated scanning engines.

     

    Version 3.35.0 released May 27, 2019

    New features and improvements:

    ·       [RADAR-13590] - System Scan target can be defined by a host name that contains underscore characters.

    Fixed issues:

    ·       [RADAR-13681] - Could not initialize a new dashboard when already created user is assigned to the second organization.

    Version 3.35.1 released June 10, 2019

    Fixed issues:

    ·       [RADAR-13597, RADAR-13730] - Performance issue while starting/stopping a significant amount of scans or saving scan group with asset source automation enabled.

    ·       [RADAR-13649] - Vulnerability scan groups are properly handled according to "Show empty groups" switch state on vulnerability scans grouped view.

    ·       [RADAR-13537] - Radar tickets with resolved vulnerabilities in the scope could not be closed manually.

    ·       [RADAR-13756] - While creating a web scan target, the settings from the related configuration template were not applied.

    ·       [RADAR-13678] - Redundant empty pages removed from summary report grouped by hosts.

    ·       [RADAR-13524] - Fixed an issue with presenting characters from extended ASCII range.

    Version 3.36.0 released July 08, 2019

    New features and improvements:

    ·       [RADAR-13525, RADAR-13529, RADAR-13531] - Radar co-branding. Ability to apply brand attributes such as company name, logo, support link to Radar portal and downloadable scan reports. See Settings -> General settings -> Product customization section. Brand attributes will be inherited in the child organizations.

    Fixed issues:

    ·       [RADAR-13727] - Fixed an issue on the Dashboard table widgets: sorting by "Finished" status didn't work.

    ·       [RADAR-13910] - Fixed an issue in adding additional recipients of email notifications on a System Scan target edit form.

    ·       [RADAR-13946] - Asset update sources settings where not saved when user tried to edit existing Scan Group.

    ·       [RADAR-14009] - Fixed an issue with viewing host historical report overview, the highlights for vulnerabilities were not loading on the view.

    Version 3.37.0 released July 22, 2019

    New features and improvements:

    • [RADAR-13243] - A new ticket flag added to the vulnerabilities list. This shows which vulnerabilities have open tickets.
    • [RADAR-11383] - Asset source automation also tracks based on the discovered MAC address.
    • [RADAR-13779] - Optional settings available to limit the number of allowed API requests.

    Fixed issues:

    • [RADAR-13796] - When executing the manage tags action, the list of possible tags to choose from was hidden (outside of the screen).
    • [RADAR-14216] - Some of the interface elements were not available when the action panel was shown (the page couldn't be scrolled down). The fix impacts all portal views.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff
    edited November 2022

    Old change log

    Publication time frame: August - October 2019

    Version 3.38.0 released August 05, 2019

    New features and improvements:

    • [RADAR-14044] - Added a new "Most severe System Scan vulnerabilities" widget to the default Dashboard view. The widget shows the list of found system scan vulnerabilities sorted by severity.
    • [RADAR-14244] - Gauge widget can be shown for specific scan groups (option available while editing the widget).

    Fixed issues:

    • [RADAR-14292] - Allow '#' characters when specifying a target URL for a Web Scan.
    • [RADAR-13739] - Fixed an issue with viewing historical reports for a host. The findings for vulnerabilities were not loading historical data properly.

    Version 3.39.0 released August 08, 2019

    New features and improvements:

    • [RADAR-13247] - Radar Asset Inventory BETA release. With Asset Inventory, you can:
      • See a list of assets in your environment, including IoT devices
      • Filter the list of assets according to various datapoints, like OS
      • See detailed information of individual assets, like software installed on the device
      • Assign custom tags and criticality rating for each asset for improved prioritization.

    NOTE: Asset Inventory is designed to be used with Authenticated Scan (WinRM authentication for Windows, SSH authentication for Linux). Non-authenticated scans will provide only a limited set of information.

    • [RADAR-13993] - Linux Scan Node BETA release. Go to Settings > Scan Nodes to download the Linux scan node software installer. See online documentation for installation instructions.

    NOTE: The BETA release does not provide automatic updates of the agent itself, although automatic updates of the scanning engines are supported.

    Version 3.40.0 released August 19, 2019

    New features and improvements:

    • [RADAR-13437] - A new way of presenting the gauge widget on the Dashboard view.


    Version 3.41.0 released September 03, 2019

    New features and improvements:

    • [RADAR-14058, RADAR-14203, RADAR-14207] - Tags assigned to assets can now be used to filter data on remaining pages such as Vulnerability scans, Vulnerabilities and Summary report pages.
    • [RADAR-14514] - Added "First discovered" attribute to asset details. This indicates when the particular asset has been discovered for the very first time.
    • [RADAR-14513] - Assets can be now filtered by first discovered, last seen, last scanned and last updated attributes. Together with the scheduled Discovery Scans, this allows users to track asset changes in the network.
    • [RADAR-14515] - Added a new "Assets" source type to the Dashboard table widget. You can edit the existing widget or create a new one and choose assets as a data source.
    • [RADAR-14517] - Added ability to delete selected asset from Radar, including associated vulnerability scan and its vulnerability instances.
    • [RADAR-13271] - Fixed minor bugs and applied new design to donut Dashboard widgets.
    • [RADAR-14501] - Asset notes moved to a separate tab on the Asset details page.

    Fixed issues:

    • [RADAR-14539] - Visual bug on the scan node registration. "New scan node" button is not the correct size.

    Version 3.42.0 released September 16, 2019

    New features and improvements:

    • [RADAR-13248] - Information about the asset has been expanded with data such as hardware type, BIOS, processor name, system memory, list of network interfaces and other information. Note: you have to run authenticated vulnerability scan to obtain this data.
    • [RADAR-14650] - Asset now has the asset source property, which allows you to filter the asset view to see only assets scanned by the authenticated vulnerability scan.

    Fixed issues:

    • [RADAR-14658] - Fixed an issue on the Assets pages with broken links to vulnerability scans which were previously deleted.

    Version 3.43.0 released September 30, 2019

    New features and improvements:

    • [RADAR-14622] - Asset description can be now populated by the employee and customer data classification. Data category and volume can be specified.

    Fixed issues:

    • [RADAR-13735] - Fixed an issue where the left menu was missing after exiting from full-screen Dashboard mode.
    • [RADAR-14709] - Fixed an issue with invalid links to the Web Scan vulnerability details page.
    • [RADAR-14804] - Fixed an issue with visibility of HTTP requests on Web Scan reports.
    • [RADAR-14809] - Added support for various field separators in the CSV import file with System Scan targets. Users can upload comma-delimited, colon-delimited, semicolon-delimited or tab-delimited records.
    • [RADAR-14822] - A checkbox to select all vulnerabilities on the System Scan report page didn't work.
    • [RADAR-14840] - Fixed an issue with processing information about the network interfaces for assets.

    Version 3.44.0 released October 16, 2019

    New features and improvements:

    • [RADAR-14769] - Mass data refresh and ability to download report's package as a ZIP file have been added to Summary reports. The maximum size for downloaded report's package is limited to 100 MB.
    • [RADAR-14662] - General styling improvements in Radar user interface have been added. Layout is changed in several places such as menu items, filters, paginations.
    • [RADAR-14813] - Added an option to choose "SSL"/"no SSL" transport for WinRM authentication method in System Scan configuration.

    Fixed issues:

    • [RADAR-13761] - Fixed an issue with labels of the dashboard histogram widget for "by day" schedule. Added additional information about the current week.
    • [RADAR-14827] - Fixed an issue with external links opening twice on the Internet discovery page.
    • [RADAR-14832] - Fixed styling for highlighted rows on the Discovery Scan view.

    Version 3.45.0 released October 28, 2019

    New features and improvements:

    • [RADAR-14687] - Configurable asset retention has been introduced. Users can define when asset data is archived and eventually deleted based on the last seen time. See the Settings -> General Settings -> Miscellaneous section for more information.
    • [RADAR-11394] - The MAC address of the scanned host is now visible in the System Scan details on the Vulnerability Scans page as well as on the vulnerability report.
    • [RADAR-14973] - Vulnerability scans group view is more compact. An aggregated progress bar has been added to show the average progress from all started scans in the group.

    Fixed issues:

    • [RADAR-14917] - Refactored notification icon. Removed red dot from the bell icon if there are no new, unread notifications.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change logs

    Publication time frame: November-December 2019


    Version 3.46.0 released November 12, 2019

    New features and improvements:

    • [RADAR-15285] - Asset management has ended BETA stage and is now available for all customers, including on-premise deployments.
    • [RADAR-15141] - The final release of Linux Scan Node, with auto update feature, is now available for download in the portal.
    • [RADAR-14616] - New view on Assets page that allows to group data by several asset attributes, such as business owner or operating system. Group view will be further extended with other asset attributes based on which user can group the assets.
    • [RADAR-14103] - Dashboard widgets allow users to click "show more" and see a pre-filtered list of vulnerabilities/scans/assets according to the current data context.
    • [RADAR-15087] - Decommission of a feature: the ability to define user groups with limited access to individual scan groups is disabled for new customers as well as existing customers who were not using this functionality before.
    • [RADAR-15001] - Unified look of various types of icons in the portal.
    • [RADAR-15002] - Asset's storage devices are shown on the Hardware tab.

    Fixed issues:

    • [RADAR-13098] - Added information text in notification settings page about settings affecting only personal user accounts.

    Version 3.47.0 released November 25, 2019

    New features and improvements:

    • [RADAR-15152] - Assets can be now grouped by tags. Only tags associated directly with asset records are subject to grouping.
    • [RADAR-15249] - Full-screen wizard layout has been improved. Top header, footer and tooltip icons were changed to align them with other corporate products.

    Version 3.48.0 released December 09, 2019

    New features and improvements:

    • [RADAR-15387, RADAR-15466] - Added new discovery scan templates for the top 100 and top 1000 most popular open ports. Default configuration settings for new discovery scan have been changed to the top 1000 open ports.
    • [RADAR-15332] - Added automation that removes scans from the queue after 14 days if there is no scan node available to pick up the job.

    Fixed issues:

    • [RADAR-15370] - Page layout issue: action panel hiding last rows in the data table, unable to select and deselect rows.
    • [RADAR-15485] - Fixed an issue with reset password functionality on the user profile page.

    Version 3.49.0 released December 24, 2019

    New features and improvements:

    • [RADAR-15511] - New F-Secure brand styles and color palette have been applied to the portal.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log

    Publication time frame: January 2020- September 2020


    Version 3.50.0 released January 21, 2020

    New features and improvements:

    • [RADAR-12335] - Improved visibility and management of custom tags added to scan groups.

    Fixed issues:

    • [RADAR-15720] - The row action to go to the vulnerability details on report from affected hosts was causing a blank screen.
    • [RADAR-15744] - Fixed an issue with invalid scan status on vulnerability scans API endpoint.

    Version 3.50.1 released February 04, 2020

    Fixed issues:

    • [RADAR-15762] - Fixed an issue with unavailable scan execution logs when the first scan attempt of given target is running or has been terminated.

    Version 3.50.2 released February 18, 2020

    Fixed issues:

    • [RADAR-15972] - Group by target on vulnerability details not working properly when the content of the findings is different.
    • [RADAR-16081] - Filtering on the vulnerability scans list uses exact matching for IP addresses.

    Version 3.51.0 released March 03, 2020

    New features and improvements:

    • [RADAR-15666] - A preliminary PCI scan results report is now available for download on the Summary Report page.

    Fixed issues:

    • [RADAR-15497] - Fixed an issue caused by a self-referenced loop within the discovered pages structure. The error occurred when the "Discovered pages" tab was selected on the Web Scan report page.

    Version 3.51.1 released March 17, 2020

    Fixed issues:

    • [RADAR-16160] - Fixed an issue with sending email notifications in cases where a discovery scan is completed and the list of open ports has changed.
    • [RADAR-16274] - Performance improvements when deleting a scan group with a massive number of scans.
    • [RADAR-16384] - Fixed an issue where the Assets page was not updated after a successful authenticated scan.

    Version 3.52.0 released March 31, 2020

    New features and improvements:

    • [RADAR-16002, RADAR-16004] - Web application vulnerabilities found by WebScan have now OWASP TOP 10, as well as CAPEC and WASC external references. References can be seen in the portal on the single WebScan report page as well as on the vulnerability details page.
    • [RADAR-10597] - Introducing the new WebScan add/edit wizard that allows organizations to configure web application scans more easily, with more detailed scanning options, and with support for the new F-Secure Radar Web Scan Recorder v. 2.0.0.

    Fixed issues:

    • [RADAR-16572] - Fixed an issue with incorrect dates in summary report file names.

    Version 3.52.1 released April 14, 2020

    Fixed issues:

    • [RADAR-16624] - A feature that guessed the hostname from the "Name" field (friendly name) has been disabled. It was in use when the Name was provided by the user in the System Scan wizard.
    • [RADAR-16627] - Fields description and help text improvements on the add/edit System Scan wizard.
    • [RADAR-16641] - Fixed an issue with incorrect values in the scan template description field.

    Version 3.53.0 released April 28, 2020

    New features and improvements:

    • [RADAR-16386] - Left menu in the management portal has been slightly reorganized. "Vulnerability Scans" and "Scan Nodes" have been moved into the "Scans" submenu, while "Discovery" submenu contains "Internet" and "Discovery Scans". Previous "Account management" in "Settings" has been renamed to "Users"

    Version 3.53.1 released May 12, 2020

    Fixed issues:

    • [RADAR-16791] - Fixed an issue where the scope selector was hidden behind widgets when scrolling through different tenants and moving the mouse cursor away from the dropdown. The location and view of the "Show more" link on Dashboard widgets has been changed. The navigation is available as an icon next to the widget action menu.

    Version 3.54.0 released May 26, 2020

    New features and improvements:

    • [RADAR-17082] - Scan node API endpoints processing optimization.

    Version 3.54.1 released June 09, 2020

    Fixed issues:

    • [RADAR-16760] - Fixed an issue where actions menu was hidden below the popup footer.
    • [RADAR-17113] - Fixed improper Japanese characters on a service list for System Scan reports in DOCX format.

    Version 3.54.2 released June 23, 2020

    Fixed issues:

    • [RADAR-17256] - Fixed a bug on the Vulnerabilities page where all vulnerability instances were not selected to be included in the ticket scope by default.
    • [RADAR-17283] - Fixed a bug on the Vulnerability Scans page where the option to sort the list by target name disappeared.

    Version 3.54.3 released July 07, 2020

    Fixed issues:

    • [RADAR-17436] - Fixed improper text encoding in ticket description.
    • [RADAR-17437] - Fixed an issue with removing the assigned user from ticket's followers.
    • [RADAR-17443] - Fixed an issue with editing ticket's deadline.

    Version 3.54.4 released July 21, 2020

    Fixed issues:

    • [RADAR-9777] - Fixed an issue with switching the organization context when on the vulnerability scan report page.
    • [RADAR-17518] - Fixed an issue with importing recorded files for Web Scan Recorder that do not contain login steps.
    • [RADAR-17542] - Fixed an issue with the IP filtering option on the Vulnerability Scans page.
    • [RADAR-17556] - Added the possibility to choose a new scan node for scan groups or discovery scans when the existing scan node is deleted from the portal.
    • [RADAR-17583] - Added remembering the last selected organization when logging in.

    Version 3.54.5 released August 04, 2020

    Fixed issues:

    • [RADAR-17608] - Fixed an issue with adding a large number (more than 4096 items) of scan targets to a scan group.

    Version 3.55.0 released August 10, 2020

    New features and improvements:

    • [RADAR-15765] - Radar Cloud management portal starts using F-Secure Business Account for authentication. F-Secure Business Account is a shared authentication system that provides access to other F-Secure services such as Partner Portal or Protection Service for Business with a single user account, and which will in the future be used for all F-Secure B2B services. Existing Radar users are moved to this shared authentication system.
    • [RADAR-17313] - Introduction of a new common portal header for all F-Secure B2B services. The solution selector allows users to quickly switch between different products.

    Version 3.56.0 released September 01, 2020

    New features and improvements:

    • [RADAR-17871] - Added a link to Business Account settings on the My Profile page to help users change their first and last name.

    Version 3.56.1 released September 15, 2020

    Fixed issues:

    • [RADAR-17959] - Aligned visual corrections on the Assets list and Asset details view.

    Version 3.57.0 released September 29, 2020

    New features and improvements:

    • [RADAR-17882] - Added options to the asset details view: you can now download the latest System Scan report and execution log and access the scan configuration.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log

    Publication time frame: October - December 2020

    Version 3.58.0 released October 13, 2020

    New features and improvements:

    • [RADAR-17696] - As a part of the transition towards asset-centric vulnerability management, a new "Vulnerabilities and findings" tab is added to the Asset details page.
    • [RADAR-17884] - The Asset details page now includes information about tickets associated with vulnerabilities found on the asset in question.
    • [RADAR-17886] - You can now create a remediation ticket for vulnerabilities from the Asset details page.
    • [RADAR-18129] - As a part of the transition towards asset-centric vulnerability management, the Asset details page becomes the default place for reviewing vulnerabilities. Links to scan results change to navigate users to the Asset details page. For the time being, the System Scan report page remains available through an additional icon with a link next to the scan target name.
    • [RADAR-18187] - Infrastructure changes in the Radar management portal shifting towards new operating systems.
    • [RADAR-18235] - The default filter for vulnerabilities on System/Web Scan reports and asset details shows only open vulnerabilities.

    Version 3.59.0 released October 29, 2020

    New features and improvements:

    • [RADAR-18132] - As a part of the transition towards asset-centric vulnerability management, the Asset details page starts to present Vulnerabilities and Findings discovered by System Scan. Asset becomes a central logical unit that aggregates vulnerability data from different types of scans. As a consequence of this change, the Asset details page can present duplicated findings in cases where the same target is scanned multiple times using different configurations and scanning techniques. A typical example is a host scanned by more than one System Scan, defined in various scan groups within the same organization.
    • [RADAR-18354] - Asset details page remembers user preferences for folding and unfolding sections.
    • [RADAR-18390] - Fixed an issue with preparing a ticket based on findings taken from Web Scan reports (related to [RADAR-15087] introduced in v. 3.46.0).
    • [RADAR-18474] - Incorrect handling of access control context in "My profile" page related to editing the user's own data.

    Version 3.59.1 released November 04, 2020

    Fixed issues:

    • [RADAR-18461] - Missing System Scan icon on the Vulnerability coverage page.
    • [RADAR-18514] - Missing vulnerabilities in Vulnerabilities and findings section when "Group vulnerabilities" is in use.
    • [RADAR-18527] - The use of templates was not properly handled on downloaded reports in DOCX format

    Version 3.60.0 released November 10, 2020

    New features and improvements:

    • [RADAR-18426] - Internal optimization of scan node queues.

    Version 3.61.0 released December 01, 2020

    New features and improvements:

    • [RADAR-18506] - New option "Automatically mark duplicated findings as duplicates" to control vulnerability workflow behavior. By enabling this option, the system will automatically mark duplicated vulnerabilities as "Duplicate", a built-in vulnerability status which belongs to the closed state. This setting applies only to platform vulnerability scans and affects only vulnerabilities reported by further scans.

    Fixed issues:

    • [RADAR-18607] - Missing vulnerability filter on a single-scan Web Scan report page

    Version 3.61.1 released December 09, 2020

    Fixed issues:

    • [RADAR-18733] - Fixed an issue in exportable Word reports where the title of the organization was embedded in a CDATA element.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log

    Publication time frame: January 2021- July 2021


    Version 3.62.0 released January 05, 2021

    New features and improvements:

    • [RADAR-18544] - Added the ability to choose the scope by selecting tags assigned only to Assets in the Summary report wizard, without needing to select individual scans or scan groups. Using scans or scan group tags to specify the scope works as before.
    • [RADAR-18645] - Added extended visibility to Radar subscription details in the portal. The subscription details section in an organization's settings now shows the subscription key, license type, billing type, and scan nodes limit.

    Version 3.63.0 released February 02, 2021

    New features and improvements:

    • [RADAR-18997] - Introduction of a new common portal menu for all F-Secure B2B services.

    Fixed issues:

    • [RADAR-17681] - Fixed handling of exceptions on list views. When an exception occurs on such pages, the portal currently displays the start page view instead of informing about the root cause of the issue.
    • [RADAR-18960] - Fixed an issue when saving time zone preferences on the organization's level.
    • [RADAR-19121] - Fixed an issue in Discovery Scan report processing where the incorrect Host name value was propagated from the Vendor name of an NIC (Network Interface of the Card).

    Version 3.64.0 released February 16, 2021

    New features and improvements:

    • [RADAR-18879, RADAR-19140] - Increased visibility to assets on the Dashboard page. Added an assets counter to the gauge widget. In addition, the "Most severe System Scan vulnerabilities" table widget now includes an affected assets column.

    Version 3.65.0 released March 02, 2021

    New features and improvements:

    • [RADAR-18507] - Added visibility to a set of basic events related to a specific asset on the Asset details page, under the "Activity log" tab.

    Version 3.65.1 released March 16, 2021

    Fixed issues:

    • [RADAR-14959] - Fixed an issue related to low memory when retrieving web scan resources.
    • [RADAR-19380] - Fixed a bug where vulnerabilities for a specific asset disappeared on the Assets view after running a discovery scan.

    Version 4.0.0 released April 07, 2021

    New features and improvements:

    • [RADAR-15198] - Introduced a major feature: Radar Endpoint Agent, an agent-based scan that complements the existing network-based vulnerability scanning. Radar Endpoint Agent allows organizations to reduce network usage and ensure comprehensive scanning coverage for in-network and remote endpoints with intermittent connectivity. A new Device discovery page allows you to discover Windows machines with F-Secure clients installed and enable vulnerability scanning.

    Version 4.0.1 released April 20, 2021

    Fixed issues:

    • [RADAR-19650] - Fixed an issue with the visibility of the left menu tabs depending on the access rights of the user account.

    Version 4.1.0 released May 13, 2021

    New features and improvements:

    • [RADAR-19292] - Restrictions in Web Scan configuration have been improved and renamed to "Rules". Now the user can allow a request to specific external URLs during the scan. These requests will not be included in the scan, but they can be a part of the website rendering (API request during headless crawling).
    • [RADAR-19909] - The Device discovery page has been improved. Now it displays the product type of each device that has been found. Also, there is an option to filter devices by the product type.

    Version 4.2.0 released June 15, 2021

    New features and improvements:

    • [RADAR-17462] - Introducing the new product name and logo which are now used across the F-Secure Elements portal. Your familiar F-Secure Radar product is now known as F-Secure Elements Vulnerability Management. More information about the changes can be found on the following page: https://www.f-secure.com/en/business/solutions/elements.
    • [RADAR-19999] - Added the ability to remove devices on the Device discovery page. From now on, a user can delete devices which have the F-Secure agent with vulnerability scanning capability installed.
    • [RADAR-19783] - If the list of findings is empty, a more detailed explanation is shown on the Vulnerabilities and findings tab on the Asset details page.
    • [RADAR-19997] - A new column added in the table on the Device discovery page, indicating the time stamp of the last status update received from the agent.

    Fixed issues:

    • [RADAR-19678] - Resolved the issue in which some of the summary reports were lacking the target names and IP addresses in the Scope section.
    • [RADAR-20009] - Resolved the issue in which Dashboard widgets were not showing their content right after the page load.

    Version 4.3.0 released June 29, 2021

    New features and improvements:

    • [RADAR-20097] - One of the main menu items, "Vulnerability scans", has been renamed to "Network scans". We believe that the new name reflects better the function of the page where users can configure and manage network-based vulnerability scans: System scans and Web scans. It also describes the difference between the network and agent-based scans better.

    Fixed issues:

    • [RADAR-18876] - Redundant empty spaces between the findings removed from the summary report grouped by vulnerabilities.
    • [RADAR-19912] - Minor style enhancements and other general improvements to the Vulnerability Management user interface.

    Version 4.3.1 released July 13, 2021

    Fixed issues:

    • [RADAR-20123] - Enabled agent-based scan vulnerabilities to be taken into account in statistics calculations on the dashboard page.
    • [RADAR-20175] - Fixed an issue related to removing custom vulnerability statuses.
    • [RADAR-20360] - Fixed a bug where discovery scans cleared vulnerabilities from an asset. This happened when a discovery scan was assigned as an asset source to a scan group.
    • [RADAR-20368] - Fixed an issue with importing recorded files for Web Scan Recorder.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log

    Publication time frame August 2021-December 2021


    Version 4.4.0 released August 10, 2021

    New features and improvements:

    • [RADAR-17852] - Introducing a new section to the vulnerability details page called Affected assets. The section allows users to see and manage all occurrences of a single vulnerability across the assets of an organization.
    • [RADAR-20177] - The Asset Activity log has been extended with the ability to see vulnerability counters for scan reports, which were processed to update the information about the security status of a given asset.

    Fixed issues:

    • [RADAR-20473] - Fixed an issue with the broken format in the export to CSV file when the vulnerability data contains additional quotes.
    • [RADAR-20487] - Removed the unnecessary graphical element in the Dashboard widget tooltip which was overlapping the text.
    • [RADAR-20548] - Fixed an issue with incorrect numbers displayed in the counters visible on the Gauge Dashboard widget.

    Version 4.5.0 released August 24, 2021

    New features and improvements:

    • [RADAR-20537] - Improved the Summary Report wizard with the ability to specify which assets should be included in the report. Users can specify the scope of the final report by using assets, network scans, network scan groups or tags.

    Fixed issues:

    • [RADAR-20586] - Fixed an issue with choosing link-local IP address as the primary IP address for an asset having endpoint agent installed.

    Version 4.5.1 released September 07, 2021

    Fixed issues:

    • [RADAR-20321] - Fixed an issue with broken toggles for enabling organizations' scan window restrictions to given IP ranges. Reduced the amount of scan windows that the user can define to one scan window.
    • [RADAR-20729] - Fixed an issue with duplicated file names for different summary report formats downloadable from the portal.

    Version 4.5.2 released September 28, 2021

    Fixed issues:

    • [RADAR-20881] - Fixed an issue with a missing name in the "Template" column in the reports page when a new summary report is created from the template.

    Version 4.6.0 released October 12, 2021

    New features and improvements:

    • [RADAR-20935] - Performance of the API documentation page load has been improved.

    Fixed issues:

    • [RADAR-20850] - The extra blank lines in the Web scan vulnerability tab have been removed from the generated Summary Reports in Excel format.
    • [RADAR-20909] - Fixed an issue with cells of a merged target when the Summary Report contains multiple targets and it is exported to an Excel file.
    • [RADAR-20970] - Fixed an issue with the Summary Report where the "Network vulnerability scan groups" scope was ignoring Web scans if tags were used for filtering.

    Version 4.6.1 released October 26, 2021

    Fixed issues:

    • [RADAR-19898] - Fixed an issue with incorrectly displayed asset names after resizing widgets on the Dashboard page.
    • [RADAR-21066] - Fixed an issue with archived assets not being included in the generated reports scope.

    Version 4.6.2 released November 09, 2021

    Fixed issues:

    • [RADAR-21120] - Fixed an issue with the broken "Run indefinitely" toggle when configuring the number of occurrences for a schedule.

    Version 4.6.3 released November 23, 2021

    Fixed issues:

    • [RADAR-21204] - Fixed an issue with adding tags with duplicate names on the Assets details page. Now it reflects the behavior on the action panel on the Assets page. The list can contain multiple tags with the same name, but from different sources (according to the tag's tooltip).

    Version 4.6.4 released December 07, 2021

    Fixed issues:

    • [RADAR-20738] - The bulk option to remove multiple users at once from the Users page was not working.
    • [RADAR-21030] - Fixed the root cause of the "Unrecognized vulnerability" message which occasionally appeared on the vulnerability report view, and was caused by a flaw in the processing of the vulnerability instance.

    Version 4.7.0 released December 21, 2021

    New features and improvements:

    • [RADAR-21223, RADAR-21251] - Improved the asset identification algorithm by adding additional verification checks. The system is now able to recognize better the already scanned assets to avoid duplicates in the asset inventory.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log

    Publication time frame: January 2022-June 2022


    Version 4.8.0 released January 04, 2022

    New features and improvements:

    • [RADAR-20461] - Added the ability to exclude Web Scan plugins or to limit the amount of Web Scan plugins used during the vulnerability scan.

    Fixed issues:

    • [RADAR-21344] - Fixed an issue with disabling the Web Scan schedule for a single scan record. Note that when deleting a single-scan schedule, the scan group schedule settings are applied by default.
    • [RADAR-21397] - Fixed an issue with being unable to read the entire text for long schedule names. Additional tooltips have been added as well.

    Version 4.9.0 released February 01, 2022

    New features and improvements:

    • [RADAR-21521] - Improved and simplified the login flow and the application loading in the portal embedded mode.

    Fixed issues:

    • [RADAR-21433] - Fixed an issue in the Executive summary report where scan group names were missing and IDs were shown instead.
    • [RADAR-21677] - Fixed an issue related to remembering the "Run Attack" toggle status in the Web Scan configuration wizard.

    Version 4.10.0 released March 22, 2022

    New features and improvements:

    • [RADAR-22076] - The Elements VM portal is now embedded within Elements Security Center, providing harmonized look and feel, easy and unified navigation to Endpoint Protection, Endpoint Detection and Response, and Protection for Microsoft 365.

    Fixed issues:

    • [RADAR-21829] - Plugin settings defined in a Web Scan template are inherited by a scan configuration.

    Version 4.11.0 released April 12, 2022

    New features and improvements:

    • [RADAR-20067] - The existing Reports page has been replaced with a new version that introduces several features. Creating summary reports can be scheduled according to your needs. The report entity contains a list of up to ten instances of previous reports that you can download at any time in various formats (.xml, .xlsx, .docx). You can specify an email notification, set multiple recipients, and control the lifetime of the link to the report. Existing Summary Report templates have been migrated to become summary report entities without any report instance generated (yet). The ability to download summary reports in bulk mode (ZIP) has now been temporarily dropped from the feature set.
    • [RADAR-21705] - Fixed an issue related to lack of access rights inheritance in cases where the partner utilizes 3-level organization structure, including SOP, SEP and Company. In this scenario, SOP-level admins are now able to see Company organizations without needing to be an explicit member of SEP organization in between.

    Fixed issues:

    • [RADAR-21067] - Fixed an issue related to missing assets alias name in generated summary reports when Assets are being used to define the scope.

    Version 4.12.0 released April 19, 2022

    New features and improvements:

    • [RADAR-22134] - Earlier the discovery of a live host (in Discovery scans) was a trigger to create an Asset record in the system (seen in the Assets list). From now onward, only a successful agent or System scan will result in the creation of a new asset.
    • [RADAR-21564] - Company name has been added to the notification email of the scheduled summary reports.

    Version 4.12.1 released May 04, 2022

    New features and improvements:

    • [RADAR-21561] - The default state for vulnerabilities on the system scan and asset details view has been switched to "New and current findings". Moreover, the "All findings" state now displays also mitigated findings.
    • [RADAR-22016] - The design/layout of some user interface elements was upgraded.

    Fixed issues:

    • [RADAR-22350] - Fixed an issue with the "Select All" checkbox not working as expected on the Vulnerabilities details view (single vulnerability).
    • [RADAR-22303] - Fixed an issue where not all targets were added to the scan group when source automation was enabled on the scan group.
    • [RADAR-22219] - Fixed an issue with the naming of downloaded endpoint agent scan log. The proper name includes the 'Agent Scan' phrase.
    • [RADAR-21041] - Fixed an issue with assets not being created for each endpoint agent when enabling a large amount of endpoint agents at one time.

    Version 4.13.0 released May 17, 2022

    New features and improvements:

    • [RADAR-19096] - Added a new configurability option to the asset source update mechanism for scan groups. It is now possible to choose whether the system should use hostname, instead of IP address, to define the System Scan target.
    • [RADAR-19795] - For customers who do not have a valid partner-managed subscription, the button for downloading Elements Agent is disabled. In this case, the agent-based scanning is not possible.

    Fixed issues:

    • [RADAR-21922] - Fixed the issue with uploading the Web Scan recording while submitting the configuration wizard.
    • [RADAR-22432] - Fixed an issue with incorrect redirection after setting up multi-factor authentication during the logon process.
    • [RADAR-22529] - Fixed the "Invalid file format" issue while uploading an organization logo.

    Version 4.14.0 released May 31, 2022

    New features and improvements:

    • [RADAR-21611] - Added pagination and additional filtering on the Device discovery page. From now on, admin can discover and review more than 500 devices without changing filter options.
    • [RADAR-22267] - Status indicator of the Reports page has been extended with guidance and reference ID whenever the report generation task cannot be completed.

    Fixed issues:

    • [RADAR-22531] - Minor vulnerability details page adjustments to better manage and review vulnerability instances from agent and traditional network-based scans.
    • [RADAR-22532] - Corrected displaying of long finding descriptions in Affected assets list.
    • [RADAR-22534] - Server OS detection has been improved on the Device discovery page.
    • [RADAR-22635] - API integration with scheduled reporting has been enabled.

    Version 4.15.0 released June 14, 2022

    New features and improvements:

    • [RADAR-20987] - Introducing VM Asset Risk Score. It is a step towards risk-based vulnerability management - an approach that reduces vulnerabilities across your attack surface by prioritizing remediation effort based on the risks they pose to your organization. Along with Asset Risk Score, the solution includes the ability to specify asset importance, a new attribute which plays a significant role in the risk evaluation. Within this release, the asset risk score and asset importance are exposed to the Asset list and Asset details page, and the visibility will be extended to dashboards and reporting in the future.
    • [RADAR-20342] - The new cross-check functionality allows users to specify if the system should make additional verification to avoid creating duplicates of the same scanned hosts within a single Scan group. Duplicates can be caused by Asset Update Source Automation in some specific use cases, typically with the combination of human-made changes in the portal. The expected result, after enabling this feature, is a cleaner Scan group (no two or more same scans) and less hassle mainly with the different scan target names.
    • [RADAR-21873] - Added the ability to search devices by using case-insensitive requests in a Search query on the Device discovery page.

    Fixed issues:

    • [RADAR-22253] - Fixed an issue with incorrect week number of the current date on the Overall statistics dashboard widget.

    Version 4.15.1 released June 28, 2022

    Fixed issues:

    • [RADAR-13918] - Fixed an issue when editing System Scan settings, in case where credentials for Linux authenticated scans are provided. Wizard validation has been improved to support the use case when SSH key has been already submitted before and there is no intention to re-upload it again.
    • [RADAR-22791] - Fixed an issue of ignoring vulnerability statuses selection in Summary Report if scope is set to Web Scans.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Old change log moved from: https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsr-latest-en

    Publication time frame: July 2022- October 2022

    Version 4.16.0 released July 12, 2022

    New features and improvements:

    • [RADAR-21227] - Added an ability to exclude certain vulnerabilities from the risk score evaluation by changing its status to "Accept the risk", for example.
    • [RADAR-22900] - Up to this point, vulnerability instances that affected assets that were already archived were taken into account in the scores on the Vulnerability list and in the vulnerability details view. This has been changed, and they are now excluded by default. You can include them by changing the default filter.

    Fixed issues:

    • [RADAR-22716] - Fixed an issue that caused change counters in hosts online and offline to be hidden on the Discovery scans list and details page.
    • [RADAR-22743] - Fixed an issue where the summary report Grouped by Vulnerabilities .xlsx had the wrong file name.
    • [RADAR-22754] - The asset's last scanned date is no longer updated when enabling or disabling scanning on VM Endpoint Agent.
    • [RADAR-22828] - Fixed an issue that caused a summary report with empty scope to be marked as completed and ready to download even though it was not available.

    Version 4.16.1 released July 26, 2022

    Fixed issues:

    • [RADAR-22872] - Fixed an issue where organization names containing diacritics were displayed incorrectly in the Summary report and the System scan report docx file.
    • [RADAR-22902] - Fixed an issue with missing assets on the Device discovery page when there is a large number of items.

    Version 4.16.2 released August 09, 2022

    Fixed issues:

    • [RADAR-22953] - Fixed an issue on the Network scans page that showed incorrect information about a number of resolved vulnerabilities related to the previous scan in the vulnerability change counters. This issue was introduced along with [RADAR-19589] v. 4.1.0, released on May 13, 2021.

    Version 4.17.0 released August 23, 2022

    New features and improvements:

    • [RADAR-22939] - Added a new option to the Web Scan configuration in the Scope wizard step. You can now define an "allow or block scan access" rule based on an External regular expression.

    Version 4.18.0 released September 06, 2022

    New features and improvements:

    • [RADAR-22992] - Changing the behavior of the grids when user selects items: "Select all" action is referring only to data seen on the current page (subset of data), in case pagination is on. The multi-page selection remains only in the Summary Reports wizard when Assets are in use to define the scope.

    Version 4.18.1 released September 20, 2022

    Fixed issues:

    • [RADAR-22825] - Fixed an issue with a scheduled vulnerability scan not being disabled on a device with Elements Agent once an organization is deleted.
    • [RADAR-23326] - Fixed an issue with the hostname not being copied to a virtual hostname filed by System Scan if System Scans are created based on the Discovery Scan report.

    Version 4.19.0 released October 04, 2022

    New features and improvements:

    • [RADAR-23505] - A section to provide Linux credentials for authenticated Network Scans has been renamed to "SSH credentials" so that it applies to authenticated scans of Network Devices as well.

    Fixed issues:

    • [RADAR-23577] - Fixed an issue with filtering Network Scans based on severity counters.
    • [RADAR-23578] - Fixed an issue when deleting assets on the Assets list page.

    Version 4.19.1 released October 18, 2022

    Fixed issues:

    • [RADAR-23104] - Fixed an issue where targets were still marked as related with the Discovery Scan source after removing the Discovery Scan that was an asset update source for the Scan Group.


  • Sylwia
    Sylwia W/ Staff, W/ Article Coordinator Posts: 44 W/ Staff

    Version 4.20.0 released November 02, 2022

    New features and improvements:

    • [RADAR-22641, RADAR-22642] - Summary reports now contain the asset risk score and importance attributes in various formats (.xml, .xlsx, .docx). New reports also use the new WithSecure brand.
    • [RADAR-23505] - You can now provide SSH credentials (on Elements VM user interface) for network device scans. You can use the existing SystemScan configuration template to define how to authenticate to a network device and Security administrator can use the existing System Scan configuration to define credentials for the network device scan.
    • "Linux credentials" section has been renamed to "SSH credentials (Linux, network devices)". These credentials are used to authenticate to network devices and to extract operating system and firmware versions. These are reported in the vulnerability report as an informative finding, specific for each network device vendor. If the network device version is known to be vulnerable, the report will list related vulnerabilities.
    • The current, first release supports Cisco IOS, Cisco IOS XE, and FortiOS and will be extended with other network device vendors in upcoming versions. Methods to authenticate network devices will be extended as well in the future.

    Fixed issues:

    • [RADAR-23777] - Fixed an issue where filtering devices based on the IP range was returning incorrect results in the Device discovery page.


  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.21.0 released November 15, 2022

    New features and improvements:

    • [RADAR-20686] - The status on the Device Discovery page has been extended with information about problems that may occur on the device that can block VM scanning. The expanded section of the row contains the issue explanation with a short guidance on how the problem can be solved.
    • [RADAR-23131] - New WithSecure brand styles and color palette have been applied to the portal.
    • [RADAR-23200] - The VM portal has a new stylesheet for vulnerability severity, vulnerability counters, and vulnerability change indicators.

    Fixed issues:

    • [RADAR-23868] - Fixed an issue with displaying an incorrect Web scan template on the Network scans list.
    • [RADAR-23909] - Fixed an issue while generating summary reports on the Reports page.
    • [RADAR-23905, RADAR-23911] - Fixed an issue with user's privileges rights and inheritance in the company hierarchy.


  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited November 2022

    Version 4.21.1 released November 29, 2022

    Fixed issues:

    • [RADAR-23870] - Fixed an issue where multiple assets were collapsed to only one asset under the Scope section in Summary reports.
    • [RADAR-23997] - Fixed an issue with an incorrect vulnerabilities classification in the Summary report when it is grouped by vulnerabilities.
  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.22.0 released December 13, 2022

    New features and improvements:

    • [RADAR-23237] - CVSS v3 Base Score and Vector have been added to the Vulnerability details page. Not all plugins contain the Base Score/Vector values yet. They will be added successively.
    • [RADAR-23297] - Summary reports have been extended with the ability to schedule the report generation on a quarterly basis.
    • [RADAR-23980] - The Device discovery page shows the device ID (UUID) in the expanded section of each record. You can identify the device in case of potential issues.

    Fixed issues:

    • [RADAR-24104] - Fixed an issue that caused missing Assets names in Summary Reports.
    • [RADAR-24124] - Fixed an issue with incorrect plugin settings in the 'SSL/TLS maturity scanning (locked)' scan template due to a deprecated plugin.
  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.22.1 released December 29, 2022

    Fixed issues:

    • [RADAR-23843, 24253] - Fixed an issue where the notification recipients for a scan group did not match the specific scans configuration.
    • [RADAR-24186] - Fixed an issue on the Device discovery page where the green icon indicating the agent scanning status was not displaying correctly.
  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited January 2023

    Version 4.23.0 released January 16, 2023

    New features and improvements:

    • [RADAR-23133] - Added a direct link from a single vulnerability finding, in the asset details view, to the Activity log tab. The intention is to help portal users to give a better understanding what is the exact source of given vulnerability instance. Especially when assets are evaluated using different scanning techniques (agent-based scan, authenticated / unauthenticated network scan), user can navigate to the Activity log and clearly see which scan report provided the vulnerability information for the last time.

    Fixed issues:

    • [RADAR-24255] - Deprecated plugins are not included in the list of available options in the Scanning templates where the user can strictly define which plugins should be executed during the scan.
  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.24.0 released February 13, 2023

    New features and improvements:

    • [RADAR-16289] - The option of ignoring false positives on the Discovery scan configuration user interface has been added. By filtering out false or unreliable hosts based on their TTL (Time to Live) value, it helps to ensure that only accurate and trustworthy information is utilized within the network.


    • [RADAR-23894] - Added an updates to our Web scan configuration section. The default HTTP headers configuration has been moved to the Web scan section and custom headers now replace the default headers. A new option to include the Web scan product identifier in the User-Agent HTTP header has also been added.

    Fixed issues:

    • [RADAR-24463] - Fixed an issue by adding a new validation to the System scan template cloning process. This validation ensures that the cloned template cannot be saved with an empty password or key. The user will be required to update the SSH password or key before saving the cloned System scan template.
    • [RADAR-24492] - The API documentation has been updated to include a request for retrieving software from a specific Agent endpoint.


  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited March 2023

    Version 4.24.1 released March 02, 2023

    Fixed issues:

    • [RADAR-23903] Fixed an issue where the selection of checkboxes for chosen network scan groups on the second step of creating summary reports wizard was disappearing.
    • [RADAR-24650] - The issue with the checkbox value for "Public exploit is available" not being saved on the Summary report wizard has been resolved.
    • [RADAR-24667] - Fixed an issue where the Vulnerabilities page displayed entries where the number of affected assets and network scan targets was equal to zero. This occurred because vulnerabilities with open statuses were not included in the default filter on the page. The fix ensures that the Vulnerabilities page now displays only those vulnerabilities that meet the default filter criteria, including open status vulnerabilities. As a result, the page provides a more accurate view of the vulnerabilities that require attention.
  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.25.0 released March 09, 2023

    New features and improvements:

    • [RADAR-14447] - Elements Vulnerability Management introduces a new scoring system to align with industry standards and vulnerability scoring in Elements EPP.​ Vulnerability scoring changes from CVSS v2 to v3.1. The 4-level vulnerability severity scale changes to 5-level.


    The transition to CVSSv3 scoring system has a significant impact on the vulnerability evaluation, as it provides a more comprehensive and accurate way of assessing the severity of vulnerabilities. The new 5-level vulnerability severity scale is a consequence of transitioning to CVSSv3 and provides better visibility to the most critical vulnerabilities, out of high-severity vulnerabilities.


    The following link provides more detailed information regarding the CVSSv3: https://www.first.org/cvss/v3.1/user-guide.

    The transition to CVSSv3 scoring for organizations' vulnerability data in the portal may take some time. The primary indicator is the scan schedule and the frequency of re-evaluation of vulnerabilities for specific scan targets. For traditional, network-based vulnerability scanning, we recommend that you rerun all scans to obtain vulnerability data and severity counters that are calculated according to the new scoring system.

    The vulnerability severity counters will start providing 5 different severity levels, including Critical, High, Medium, Low, and Info. Note that from now on, the red color is reserved for Critical vulnerabilities, while High vulnerabilities are presented in orange.


    The changes in vulnerability scoring do not only apply to the most critical vulnerabilities with a CVSSv3 Base Score of 9.0 or higher. As part of this transition, you may notice that the same vulnerability scored in both v2 and v3 can have a different result in new severity scores. Our research indicates that the average base score increases from 6.5 in CVSSv2 to 7.4 in CVSSv3.

    To help customers identify vulnerabilities with a changed score, the Elements VM portal introduces an informative icon (with help text) that is next to the vulnerability title. As seen in the example screenshot, the icon provides information that the severity scoring has changed, which may result in the vulnerability being re-categorized from Medium to High severity, for example.


    For reference or to compare the current vulnerability score with the past, go to the Vulnerability Details page that shows both the CVSSv3/v2 vector and base score.


    A similar scenario can occur in the assets' Activity log or in the historical overview of individual System/Web scan reports, because vulnerabilities that are evaluated after March 8 may have been assigned new severity scores aligned with CVSSv3.


    To expedite the migration process, we recommend that you perform manual re-scans for all targets. This can help to quickly overcome any inconveniences and challenges associated with comparing previous scan cycle results with the current security posture.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.25.1 released March 23, 2023

    Fixed issues:

    • [RADAR-24311] - The email notifications have been updated to comply with the new CVSSv3 standard.
    • [RADAR-24927] - Fixed an issue with the Donut widget on the Dashboard page, where the "Number of vulnerabilities" content was not displaying data related to Critical vulnerabilities.

    • [RADAR-24885] - The missing information in the "Conclusions" section of the single System scan report in the docx format has been fixed.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited April 2023

    Version 4.26.0 released April 13/27, 2023

    New features and improvements:

    • [RADAR-24811] - Added support for ed25519 and SHA2 keys in scan templates and configurations, as RSA-SHA1 keys are deprecated by OpenSSH and no longer supported on newer systems like Ubuntu 22.04 LTS. This change ensures scanning can continue uninterrupted by allowing the use of other key exchange algorithms.
    • [RADAR-24945] - Enhanced vulnerability instance detail view by adding a 'First seen' date, which indicates the date when the vulnerability instance was initially discovered. Also added a 'Last seen' date to the vulnerability instance detail view, which reflects the most recent occurrence of the vulnerability instance in an incoming report.
    • [RADAR-24972] - 'First seen' date has been added in the Excel summary report under the Web Scan vulnerabilities tab. This provides further visibility into the discovery timeline of vulnerability instances and helps users better understand the history of their vulnerabilities. —added 27-Apr-2023


    Fixed issues:

    • [RADAR-24311] - Email notifications about scan processing have been updated to comply with the new standard of CVSSv3.
    • [RADAR-24783] - Fixed an issue where hostname and domain name information for assets created by a non-authenticated System scan was not being propagated to the Assets.
    • [RADAR-24933] - Fixed an issue where change indicators related to Web scans were not reflected in downloaded reports. The fix ensures that downloaded reports now accurately reflect the status of Web scans and any changes made since the last scan.
    • [RADAR-24968] - Fixed an issue where French-localized scan reports were not correctly exported to docx documents.


  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited May 2023

    Version 4.27.0 released May 10, 2023


    New features and improvements:

    • [RADAR-24505] - Customer or partner, maintaining activities from different tenants (company-level organization) is facing with the issue when using URLs to Elements VM data, obtained either through email or other source of information (such as 3rd party ticketing system where vulnerability issues are being managed). When the link is clicked, it results with 404 page due to the fact that the resource it is referring to, is not placed in the same company-level organization as the one that user currently chosen. Solution: all URLs to the EVM portal should contain optional account/[BorgsId]/ URL segments which allows automatically switch the scope to the correct tenant in order to be able to present requested data. EVM portal direct links works for logged in and non logged in users.

    Fixed issues:

    • [RADAR-25166] - Fixed an issue where sorting by Vulnerabilities did not account for the new CVSS3 Critical score.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.27.1 released May 16, 2023

    Fixed issues:

    • [RADAR-25152] - Fixed an issue where asset risk scores were being recalculated for archived assets, which was unintended behavior.


  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.27.2 released May 25, 2023


    Fixed issues:

    • [RADAR-25340] - Fixed an issue where users were unable to access the My profile page and generate API keys.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.27.3 released June 06, 2023

    Fixed issues:

    • [RADAR-25304] - Fixed an issue where moving scans from a scan group with assets automation marked by the gear icon did not maintain the proper markup. As a result, the expected behavior now is that moved targets will lose their automated asset root and automation status.
    • [RADAR-25318] - Fixed an issue where the URL links to network scans from email notifications were missing a part of the URL. Now, all URLs to the EVM portal include the optional "account/[BorgsId]/" URL segments. This ensures that the scope is automatically switched to the correct tenant, enabling the presentation of requested data.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff

    Version 4.28.0 released June 15, 2023

    New features and improvements:

    • [RADAR-25423] - Added an activity log for the deletion of asset alias events. This log provides visibility into the actions taken when an asset alias is deleted, allowing for better tracking and auditing of asset management activities.
    • [RADAR-25426] - Added event logging functionality for enabling and disabling agent scanning.

    Fixed issues:

    • [RADAR-25445] - Translated the column header "First Seen On" in the Excel format of summary reports. This update ensures that the column header is displayed in the appropriate language, providing a better user experience for international users when viewing and analyzing vulnerability data in summary reports.

  • Wojciech Niemczyk
    Wojciech Niemczyk W/ Staff Posts: 29 W/ Staff
    edited July 2023

    Version 4.29.0 released July 06, 2023

    New features and improvements:

    • [RADAR-25080] - To enhance system efficiency and table readability, we have merged the 'Include in risk score assessment' and 'Show in severity counts' switches into a single, unified switch called 'Include in risk severity and score'. When this switch is disabled for a specific vulnerability status:
      - The vulnerabilities with that status will not be considered when evaluating asset risks.
      - The vulnerabilities with that status will not be counted in the overall vulnerability counts.
      This update aims to streamline the configuration process and provide users with more clarity and control over the risk and severity assessment of vulnerabilities.
    • [RADAR-25316] - Added portal support for authenticated network device scans using API key credentials. Users can now authenticate scans by providing a secret API token to the remote device.

    Fixed issues:

    • [RADAR-25536] - Fixed an issue that allowed tickets to be assigned to users from different organizations. With this fix, tickets can now only be assigned to users within the same organization or higher-level organizations.
    • [RADAR-25547] - Fixed an issue of retrieving Network scan reports on the user interface. By optimizing the data retrieval process, we have reduced the time required to fetch the necessary information.