Skip to main content

Mondoo 11.21 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 11.21 is out! This release includes improved vulnerability views, policy and resource additions, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐Ÿงน IMPROVEMENTSโ€‹

Risk summaries for softwareโ€‹

Quickly understand the risk of software versions deployed throughout your infrastructure with new risk summary boxes on software pages. The risk, CVSS score, EPSS score, risk factors, and blast radius help you make informed decisions when it comes to prioritizing software updates in your infrastructure.

Related Advisories on a CVE page

Discover advisories for CVEsโ€‹

CVE pages now show whether the CVE has a related advisory. Now you can dive deeper into specific vendor recommendations when evaluating the impact of CVEs on your infrastructure.

Related Advisories on a CVE page

New checks in the CIS Azure Foundations benchmark policyโ€‹

Harden your Microsoft Azure subscriptions with expanded checks in the CIS Azure Foundations Benchmark policy. This policy now ensures that guest users in Entra ID are further restricted and that storage accounts have logging.

Resource updatesโ€‹

azure.subscription.keyVaultService.vaultโ€‹

  • New autorotation field using the new azure.subscription.keyVaultService.key.autorotation resource

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Truncate long control names in compliance report filenames.
  • Rename the TLS/SSL Security policy to Mondoo TLS/SSL Security to match other Mondoo policies.
  • Fix asset search at the organization level not returning results.
  • Improve colorblind mode display.
  • Show space names instead of space IDs in organization-level search results.
  • Add EOL detection for FreeBSD 13.2 and 14.1.
  • Update EOL dates for AlmaLinux 8 and Ubuntu 24.04 to match the latest vendor dates.
  • Fix false positive CVEs in packages on Red Hat Enterprise Linux and UBI container images.
  • Fix MRNs displaying in top security findings list instead of names.
  • Provide a helpful error message if the cnquery/cnspec GCP provider fails to authenticate with Google Cloud.
  • Fix mapping of checks to compliance frameworks when a policy includes variants.
  • Update integration setup flow to mention both recommended query packs and policies.
  • Show an unknown risk score when no risk is known for a CVE or advisory.
  • Don't show findings with a blast radius of 0 in the top security findings list.
  • Ensure the vulnerabilities page lists only CVEs that impact the space.
  • Improve rendering of risk rank numbers above 999.