Release 4.2: Alibaba | AWS | Azure | GCP | HyperV | IBM | KVM | Nutanix | Oracle Cloud | Openstack | Proxmox | RedHat Openshift | VMware | Xenserver
July 03, 2026
The operating system for Virtual Scanner cannot be upgraded. You need to replace the scanner image or deploy a new scanner with the latest image, although this may not always be necessary. For details on when scanner replacement is necessary, refer to the Know when scanner replacement is needed section.
What's New?
This release brings new features and updates to data centers and desktop platforms.
qVSA-4.2 supports both EFI and BIOS boot modes
New Features
With this release, we have introduced new features for:
Alibaba
Supports both UEFI and BIOS boot modes.
AWS
Supports both UEFI and BIOS boot modes, with UEFI as the default for all instance types that support it.
Azure
Supports both UEFI and BIOS boot modes.
GCP
Support of Shielded VM capabilities such as Secure Boot, vTPM (for Measured Boot), and Integrity Monitoring.
HyperV
Supports both UEFI and BIOS boot modes. UEFI is the default boot mode.
IBM
Supports both UEFI and BIOS boot modes.
KVM
Supports both UEFI and BIOS boot modes.
Nutanix
Supports both UEFI and BIOS boot modes.
OpenStack
Supports both UEFI and BIOS boot modes.
Oracle Cloud
Supports both UEFI and BIOS boot modes.
Proxmox
Supports both UEFI and BIOS boot modes.
RedHat OpenShift
Supports both UEFI and BIOS boot modes.
Vmware
Supports both UEFI and BIOS boot modes.
Xenserver
Supports both UEFI and BIOS boot modes.
Limitations
Currently, we are not supporting SCAP scanning (applies to all platforms).
Alibaba
Secure Boot and vTPM are not yet supported.
AWS
Secure Boot and vTPM are not yet supported.
Azure
- Secure Boot and vTPM are not yet supported.
- No support for security type: Confidential VMs.
- No support for security feature: Integrity Monitoring.
- New version is Gen2 based, refer to https://aka.ms/azuregen2vm for supported VM sizes.
HyperV
Secure Boot and vTPM are not yet supported.
IBM
Secure Boot and vTPM are not yet supported.
KVM
Secure Boot and vTPM are not yet supported.
Nutanix
Secure Boot and vTPM are not yet supported.
OpenStack
Secure Boot and vTPM are not yet supported.
Oracle Cloud
- No support for Confidential VM.
- Secure Boot and vTPM are not yet supported.
Proxmox
Secure Boot and vTPM are not yet supported.
RedHat OpenShift
- SecureBoot is not yet supported.
- QEMU guest agent is not included in the qVSA-4.2 image.
Vmware
Secure Boot and vTPM are not yet supported.
Xenserver
Secure Boot and vTPM are not yet supported.
Issues Addressed
| Component | Issue |
|---|---|
|
Security Fixes |
Earlier versions of qVSA were affected by CVE-2026-43284, a vulnerability in the Linux kernel XFRM/ESP (Encapsulating Security Payload) subsystem. In specific ESP-in-UDP scenarios, ESP input processing could perform in-place decryption on shared socket buffer (skb) fragments, potentially resulting in memory corruption and impacting system stability and security. The updated kernel ensures correct handling of skb fragments during ESP processing, eliminating the vulnerability. References:
This issue has been fixed for all platforms. |
|
Scan Capacity Correction |
Fixed an issue where scan capacity was incorrectly calculated, resulting in a higher-than-expected reported capacity. |