Skip to main content

Mondoo 8.15 is out!

ยท 2 min read
Tim Smith
Tim Smith
Mondoo Core Team

๐Ÿฅณ Mondoo 8.15 is out! This release includes new MQL helpers, updated platform end of life data, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container

๐ŸŽ‰ NEW FEATURESโ€‹

New MQL helpersโ€‹

Everyone needs a little help sometimes, so we've added new helpers to MQL to make it easier to write checks against complex infrastructure.

Check strings using regexesโ€‹

The .contains() helper can now search a string using a regex. You can use this to write powerful queries against resource data:

cnquery> packages.where( name.contains(/libnginx-mod-.*-filter/) )
packages.where.list: [
  0: package name="libnginx-mod-http-image-filter" version="1.18.0-6.1+deb11u3"
  1: package name="libnginx-mod-http-xslt-filter" version="1.18.0-6.1+deb11u3"
]

Flatten nested arraysโ€‹

Use the new flat() helper to flatten arrays that include nested arrays, so you can more easily check the contained values:

> [[0],[[1, 2]], 3].flat
[0,1,2,3]

๐Ÿงน IMPROVEMENTSโ€‹

Updated Linux distribution EOL dataโ€‹

It seems like every week a new Linux distribution comes out and that means existing distributions are reaching their end of life dates. We've added support for the latest new distributions and newly announced distribution end of life dates:

  • Google COS 105 release and EOL dates
  • openSUSE 15.5 release and EOL dates
  • SLES 15.4 EOL date
  • SLES 15.5 release date
  • Ubuntu 23.10 release date

๐Ÿ› BUG FIXES AND UPDATESโ€‹

  • Fix older registration tokens that were no longer able to register clients.
  • Fix incorrect CVE scores on the Vulnerabilities console page.
  • Improve default value output from terraform.blocks resource.
  • Scan large container images on disk instead of in memory to prevent out-of-memory conditions with large images.
  • Fix scanning of Kubernetes manifests that are piped to cnspec.
  • Fix some policies not properly executing against container images.
  • Fix the Ensure IPv6 firewall rules exist for all open ports and Ensure firewall rules exist for all open ports controls in the CIS Distribution Independent Linux benchmark policy to support loopback addresses other than 127.0.0.1.