Release Notes

Latest (v9)

A list of features and releases for version 9. Latest releases are at the top.

**IMPORTANT**

  • Please upgrade your Linked Account Roles to v1.14.001 or later BEFORE upgrading your console/agent to v9. If you do not upgrade your Linked Account Roles then you could experience problems when using EventBridge. Click here to learn more about Linked Account Updates.

  • Please upgrade your console/agent to the latest current version you're currently on before you can upgrade to the next major version. For example, if you are on v8, you'll need to upgrade v8.08.002, then upgrade to v9.

August 2025 - Console: v9.02.000, Agent: v9.02.000

In this release:

GCP Event-Based Scanning

  • Event-Based scanning for GCP is now available, scan files in real-time as they enter GCP Buckets

  • Enable in Malware Scanning > GCP

License Management UI Updates

  • When the account is low on data in BYOL Mode, users will receive a new Prepaid Data Details page explaining the logic behind prepaid data

New Console APIs

We've added 4 new Console APIs.

The 3 new Monitoring APIs closely match our 'See What's Infected' > 'AV Results' page in the Console

  • GET Monitoring/Results/Summary returns information on data scanned, total size, and number of objects for each time for the time-frame requested

  • GET Monitoring/Results/Account returns information on data scanned, total size, and number of objects for each account

  • GET Monitoring/Results/Container returns information on data scanned, total size, and number of objects for each container

The new Proactive Notification API affects existing Proactive Notifications.

  • PATCH ProactiveNotifications/{subscriptionid} allows modification of an existing Proactive Notification

Azure Improvements

  • Azure Linked Accounts can now be deployed with Terraform. Please consult our Linking an Azure Account page for more details

  • Blobs moved into Azure quarantine are now tagged with their respective attributes (Quarantine, Error, Unscannable)

  • Fixed a bug in Azure where the Console was unable to retrieve private network access Storage Containers

  • Fixed a bug where the CSS Bicep Template was occasionally failing to deploy

Sophos Engine Update

  • Sophos engine updated to v3.95.0

Restricted Bucket UI Improvement

  • Buckets that cannot be accessed due to our Restrict Bucket Access by Prefixes feature will be marked with a yellow symbol

Various Improvements and Bug Fixes

  • Reduced ClamAV engine timeout threshold from 5 to 2 minutes

  • API Scan Existing file volume is now added to the Storage Breakdown table

  • GCP Buckets now properly show as conflicted if protected by another Console

  • GCP Buckets that are created by the Terraform Linked Account template do not show up in the Console

  • Improved the response time of unresponsive API Agent replacement

  • Extended the credential timeout of cross-account Large File Scans

  • Fixed a bug where MFA was failing to disable

  • Fixed a bug affecting Large File Scan tagging in cross-account scanning

  • Fixed a bug affecting Data Classification scanning

  • Fixed a bug affecting quarantine buckets when limiting general bucket access

  • UI Improvements and Fixes

v9.02.000 Cloud Formation Template

v9.02.000

July 2025 - Console: v9.01.003, Agent: v9.01.003

In this release:

  • Fixed a bug where Azure linked accounts were occasionally unable to ingest some Storage Accounts for protection.

v9.01.003 Cloud Formation Template

v9.01.003

July 2025 - Console: v9.01.002, Agent: v9.01.002

In this release:

  • Added additional coverage for the bug affecting Cognito's JWT upon user login to the Console.

v9.01.002 Cloud Formation Template

v9.01.002

July 2025 - Console: v9.01.001, Agent: v9.01.001

In this release:

  • Fixed a bug affecting Cognito's JWT upon user login to the Console.

v9.01.001 Cloud Formation Template

v9.01.001

June 2025 - Console: v9.01.000, Agent: v9.01.000

In this release:

New Console APIs

We've added 3 new Console APIs to manage Proactive Notifications.

  • GET API ProactiveNotifications retrieves all existing Proactive Notifications

  • POST API ProactiveNotifications creates a new Proactive Notification

  • GET API ProactiveNotifications/{subscriptionId} retrieves information about an existing Proactive Notification

Enable EBS Encryption

  • When enabled, all new EBS volumes will be created with encryption.

  • Enable feature in Configuration > Scan Settings > Enable EBS Encryption

Event Agent Stall Protection

  • The application now detects and restarts stalled Event Agents if they are unresponsive

  • This process can take around 20-30 minutes for detection and the creation of a backup task

GCP Least Privilege Role Permissions

  • We've improved upon 4 GCP role permissions to adhere to the principle of least privilege:

    • CSSStoragePermissions is created for each Protected Project to access the objects for that Project

    • CSSMainStoragePermissions is created to access the CSS Project

    • CloudRunJobsMinimalAccess is created to utlilize Cloud Run Jobs

    • CSSMainSecretPermissions is created to manage secrets

ClamAV Engine Update

  • ClamAV engine has been updated to v1.0.9

Various Improvements and Bug Fixes

  • Console Settings UI for Terraform deployments have been updated as 'disabled' for the following settings that can only be changed in the module:

    • EventBridge Proactive Notifications

    • System Tags

  • SNS Notifications convert non-BMP symbols to the "?" character to avoid delivery errors

  • Console-initiated Agent Settings updates now update CFT instead of the task definition manually

  • The Terraform module now has inputs for the Console CPU and Memory, refer to the module for all inputs

  • Fixed a bug where API Agents would occasionally fail to send notifications to custom EventBridge buses

  • Fixed a bug where the /api/scan API fails to resolve private or local IPs

  • UI Fixes and Improvements

v9.01.000 Cloud Formation Template

v9.01.000

June 2025 - Console: v9.00.003, Agent: v9.00.003

In this release:

  • Fixed a bug affecting API Scanning where scan attempts would return a 500 HTTP response

v9.00.003 Cloud Formation Template

v9.00.003

June 2025 - Console: v9.00.002, Agent: v9.00.002

In this release:

  • Fixed a bug affecting Large File Scans

v9.00.002 Cloud Formation Template

v9.00.002

May 2025 - Console: v9.00.001, Agent: v9.00.001

In this release:

  • Fixed a bug affecting Smart Scan and Protect Everything

v9.00.001 Cloud Formation Template

v9.00.001

May 2025 - Console: v9.00.000, Agent: v9.00.000

In this release:

Protect Everything

Adds the ability to Protect all storage containers for comprehensive storage coverage

  • Added indicator of storage container protection posture

  • Protect AWS, Azure, and GCP buckets in one menu

  • Offers exclusion lists

  • Containers that were already protected will remain protected if Protect Everything is turned off

Server-Side encryption for Two-Bucket System

  • Console-created two-bucket systems allow encryption enforcement

Console-Side Upgrade Improvement

  • Console requires upgrade to latest minor version before upgrade to latest major version

Vulnerability Patching

  • Various vulnerability fixes have been implemented

WorkDocs Support Removed

  • AWS is removing support for WorkDocs. We've removed WorkDocs options from the Console

Various Improvements and Bug Fixes

  • Object tags now support the following symbols: + - = . _ : /

  • Containers now use Rocky Linux instead of CentOS Stream 10

  • Agent Config improvements

  • Fixed a bug affecting Scan and Skip lists

  • Fixed a bug affecting custom EventBridge Buses

  • Fixed a bug affecting precreated IAM Roles

  • Improved Large File Scan handling

  • UI Fixes for the Console Dashboard

v9.00.000 Cloud Formation Template

v9.00.000

PreviousRelease NotesNextv8

Last updated