Blog Posts For 2021

Version 3.0

STIG Spider was synchronized with DISA's 2021 Q4 SRG-STIG Library Compilation.

A new version of STIG Spider has been released! Version 3.0 contains the following improvements and enhancements:

  • A modernized user interface (UI) that utilizes the latest versions of industry-standard libraries. It is now clearer, less busy, smartly utilizes color to convey information, and more consistent.
  • STIG Spider now works correctly in modern browsers that no longer support the legacy features earlier versions of STIG Spider relied on.
  • Speed has been turned up to 11! Everything is now faster. Browsing the site, logging in, searching, etc. have all been optimized.
  • Search has been streamlined and no longer gets in the way. Now it only does what you want and nothing more. The search form also collapses when results are returned, allowing more results to be viewed before having to scroll.

Version 2.22

STIG Spider was synchronized with DISA's 2021 Q3 SRG-STIG Library Compilation.

Version 2.21

STIG Spider is now three years old! STIG Spider was synchronized with DISA's 2021 Q2 SRG-STIG Library Compilation.

Version 2.20

The following upstream vulnerabilities were addressed by the vendor and STIG Spider received automatic security updates:

  • CVE-2021-26701 A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed. The security update addresses the vulnerability by fixing the way text encoding is performed.

Version 2.19

STIG Spider was synchronized with DISA's 2021 Q1 SRG-STIG Library Compilation.

The following upstream vulnerabilities were addressed by the vendor and STIG Spider received automatic security updates:

  • CVE-2021-1721 A denial-of-service vulnerability exists when creating HTTPS web request during X509 certificate chain building. The security update addresses the vulnerability by fixing the way X509 certificate chain building is performed.
  • CVE-2021-1723 A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests.
  • CVE-2021-24112 A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux and is fixed with updated graphic file parsers.