Blog Posts For 2024

Version 4.1
STIG Spider was synchronized with DISA's 2024 Q4 SRG-STIG Library Compilation.
Version 4.0
STIG Spider has been updated to version 4.0! Please enjoy this latest release the provides the following new features:
  • Modernized search interface just like the internet search engine you use every day.
  • Browse through any STIG, or browse just the highs, mediums, or lows for any STIG.
  • Browse the CCIs used by the STIG and view all the STIGs that use a particular CCI.
  • Further speed improvements. The web site works fast so you can work fast.
  • Light and dark modes are supported on the browsers/operating systems that support them and follows your system theme.
  • Non-subscription users can now access all of the Apple STIGs.
We hope you enjoy this latest release as much as we enjoyed creating it!
Version 3.18

STIG Spider was synchronized with DISA's 2024 Q3 SRG-STIG Library Compilation.

Version 3.17

STIG Spider has been updated to address the following upstream vulnerabilities:

  • CVE-2024-30105 A Denial of Service vulnerability exists in .NET when calling the JsonSerializer.DeserializeAsyncEnumerable method against an untrusted input using System.Text.Json.
  • CVE-2024-35264 A Remote Code Execution vulnerability exists in ASP.NET Core 8 when data corruption occurs in Kestrel HTTP/3.
  • CVE-2024-38095 A Denial of Service vulnerability exists when System.Formats.Asn1 when .NET parses a malicious X.509 certificate or collection of certificates, resulting in excessive CPU consumption on all platforms.

Version 3.16

Corrected an error that was preventing 7 STIGs from being available in STIG Spider. Also ceased using CAT I, II, and III terminology to retain consistency with DISA's use of high, medium, and info severity classifications.

Version 3.15

STIG Spider is now six years old! Thank you for your support every year. STIG Spider has been updated to address the following upstream vulnerabilities:

  • CVE-2024-30045 A Remote Code Execution vulnerability exists in .NET 7.0 and .NET 8.0 where a stack buffer overrun occurs in .NET Double Parse routine.
  • CVE-2024-30046 A Vulnerability exists in Microsoft.AspNetCore.Server.Kestrel.Core.dll where a dead-lock can occur resulting in Denial of Service.

Version 3.14

STIG Spider was synchronized with DISA's 2024 Q2 SRG-STIG Library Compilation.

Version 3.13

STIG Spider was updated with the latest CCI information.

Version 3.12

STIG Spider was synchronized with DISA's 2024 Q1 SRG-STIG Library Compilation.