Release Notes Comply (Version 2.23)
Tanium Comply 2.23.63
Release Date: February 6, 2024
Important Upgrade Notice
- Upgrading from Comply 2.19 (or prior) to Comply 2.23 will result in Comply CX database corruption and data loss. A secondary effect is that after the database is re-created, all scans with age-based scheduling will run immediately, potentially resulting in resource impact. The problem can be avoided by doing the upgrade in two steps. E.g., by first upgrading to 2.20 and then upgrading to 2.23. Upgrading to Comply 2.21 is not recommended as it may introduce a known issue that causes assessments to fail. The Comply team is working on a fix for the database corruption issue and will announce a fix version soon.
Bug Fixes
Fixed issues with:
- Fixed Comply Health Checks showing Tools Outdated.
Security Update
This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium Resource Center, or by contacting support.
Feature Deprecation Notice
The Tanium Comply (Assessments) Connect source will be deprecated in the near future. Customers are advised to alternatively use the Tanium Comply (Findings) source or Tanium Reporting source in Connect to export vulnerability findings data.
Known Issues
- AWS 2023 endpoints cannot be used as satellites for Remote Authenticated Scans
- Remote Authenticated and Network Unauthenticated assessments will not run on Windows 11 on ARM
- The 'Platform' column in the Comply - Vulnerability Findings Details expanded sensor has been removed. Reports that use the platform column in the sensor will need to be edited to remove the column for the reports to render successfully without error.
- The download to CSV of investigation results from the workbench may fail due to the question completion threshold not being reached
Prerequisites
- Tanium™ Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
- Tanium™ Discover 3.0 or later required for remote vulnerability reports
- Tanium™ Endpoint Configuration 2.0.208 or later
- Tanium™ Interact 2.15.111 or later (Interact 3.0 or later requires Tanium Core Platform 7.6.1 or later)
- Tanium™ Trends 3.6 or later
- Tanium™ Reporting service 1.3.12 or later
- Tanium™ API Gateway 1.1.13 or later
- Tanium™ Blob service 1.0.6 or later
- Tanium™ RDB service 1.2.62 or later
- Tanium™ Secrets service 1.0.228 or later
- Tanium™ System User service 1.0.77 or later
Additional Remote Authenticated Scanning requirements:
- Tanium Direct Connect 2.1 or later
- Tanium Discover 4.7.186 or later
Remediate in Patch requirement:
- Tanium Patch 3.6.49 or later
Supported Tanium Platforms
- Tanium Server 7.4.1.1939 or later
Tanium Comply 2.23.61
Release Date: January 16, 2024
Enhancements
This release includes:
- Support for macOS 14 vulnerability assessments
- An new option to increase the timeout setting for assessments beyond 6 hours
- Connect findings plugin will retry with incrementally smaller page sizes
- Third party advisory links have been added to CVE remediation information
- Do not calculate Affected Product for CVEs that are O/S CVEs
- Summarizes remediation guidance by scoping solution links to OS associated with findings
Bug Fixes
Fixed issues with:
- Assessment page failing to load assessment metrics in some cases
- Filtering Affected Products for values that contain "++" causing an error in the Comply workbench
- Differences in Comply vulnerability findings summary statistics and number of findings items displayed
- Actual Values not being decoded in determining affected products
- Service not gracefully handling the missing engines folder after a Comply uninstall
- CPE to CVE mapping ignoring version_fields for network unauthenticated scan results
- The Comply - Is Vulnerable sensor returning N/A instead of false when an endpoint has no vulnerabilities
- Errors when setting Endpoint Configuration items cause service not to complete start up
- Saving Reports are not properly setting the Report Template causing migrations to fail
- Affected Platforms field was blank in workbench exports
- The “Has OVAL Definitions” column when exporting the Tanium Vulnerability Library CVE list from Vulnerability Standards
Changes to the Comply (Findings) Connect plugin:
- SecPod Link missing
- Vendor Links are now included in Solutions Links
- Remediation field now contains vendor links patches
- Remediation field now has values for SBOM scan findings
- Solution Links contains duplicates
- Connections can fail from TSE errors in sensors
- Connections can fail with a decodeURIComponent error
Feature Deprecation Notice
The Tanium Comply (Assessments) Connect source will be deprecated in the near future. Customers are advised to alternatively use the Tanium Comply (Findings) source or Tanium Reporting source in Connect to export vulnerability findings data.
Known Issues
- AWS 2023 endpoints cannot be used as satellites for Remote Authenticated Scans
- Remote Authenticated and Network Unauthenticated assessments will not run on Windows 11 on ARM
- The 'Platform' column in the Comply - Vulnerability Findings Details expanded sensor has been removed. Reports that use the platform column in the sensor will need to be edited to remove the column for the reports to render successfully without error.
- The download to CSV of investigation results from the workbench may fail due to the question completion threshold not being reached
Prerequisites
- Tanium™ Connect 4.10.5 or later (To customize columns for exports, you must have Connect 5.8.49 or later)
- Tanium™ Discover 3.0 or later required for remote vulnerability reports
- Tanium™ Endpoint Configuration 2.0 or later
- Tanium™ Interact 2.15.111 or later
- Tanium™ Trends 3.6 or later
- Tanium™ Reporting service 1.3.12 or later
- Tanium™ API Gateway 1.1.13 or later
- Tanium™ Blob service 1.0.6 or later
- Tanium™ RDB service 1.2.62 or later
- Tanium™ Secrets service 1.0.228 or later
- Tanium™ System User service 1.0.77 or later
Additional Remote Authenticated Scanning requirements:
- Tanium Direct Connect 2.1 or later
- Tanium Discover 4.7.186 or later
Supported Tanium Platforms
- Tanium Server 7.4.1.1939 or later