Operating System Greenbone OS

Lifecycle, Roadmap and Patch Level Upgrades

Our latest versions:

Greenbone OS 3.1 Greenbone OS 4.0
Patch Level: 3.1.37 (2017-02-21) Patch Level: 4.0.3 (2017-01-13)
Lifecycle Status: Mature, LTS Lifecycle Status: New
Available for all platforms Available for GSM ONE, Greenbone Community Edition

New and improved functions for our latest releases including detailed documentations are listed here: GOS 3.1 and GOS 4.0

Releases under development are listed here: Roadmap

The graduated scheme for each Greenbone OS release is listed here: Lifecycle

Releases beyond status End-of-Life are listed here: Old Releases

Greenbone OS Status

GOS 3.1

New and improved functions for releases already launched are available as patch level upgrades:

2015-01-26: Greenbone OS 3.1

Latest patch level: 3.1.37 (2017-02-21)

The items marked with (*) will change the default behaviour.

  • New: Dynamic charts “bar-chart”, “donut” “lines” and “bubbles” for SecInfo Management of the web interface. For each object types, two chart types can be selected. Each chart can be detached into a window of its own, the underlying data can be exported in CSV format or opened as HTML table, the SVG representation can be opened in the browser or be exported.
  • New: Dashboard overview for SecInfo Management of the web interface. It consists of 4 charts which can each be individually selected by type and combined with a powerfilter. The configuration is persistent for each user.
  • New: Dynamic diagrams for tasks analog to SecInfo Management.
  • New section “Results” under menu “Scan Management”. This section offers a object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
  • New: SecInfo object type “CERT-Bund” which are the advisories published by the German federal CERT.
  • New: Attribute “Solution Type” for NVTs and results.
  • New: Bulk actions for example to remove or download many objects within a single action.
  • New: Configuration type “Scanner” allows to configure additional scanners of type OpenVAS (the default and pre-configured one) or OSP-based scanners. OSP stands for OpenVAS Scanner Protocol which can be used to wrap up arbitrary scanners with a generic interface to be handled generically for the vulnerability management.

The task management is extended with scanner-type dependent alternatives.

These features prepare the integration of OSP scanners. Any default settings and behaviour remains like in the previous Greenbone OS release. OSP is entirely optional.

  • New: Option for anonymous guest access. Apart from the new role “Guest” which is similar to role “Info” allowing access only to the SecInfo section, there is now the opportunity in gos-admin-menu to enable access for guests. This makes it also possible to use static URLs to link into certain views in the SecInfo section.
  • New: Role “Monitor” that allows access to the performance data of the GSM.
  • New: Role “Super Admin” that allows access to all objects of all users.
  • New: Permissions “Super” that for example allows to create Group Administrators.
  • New: The filenames for Downloads can now be configured via “My Settings”.
  • New: Wizard for modifying a task.
  • GXR/GSR: These report format plugins were re-worked. Especially GSR was changed to have less pages for the same content and to get created faster.
  • Tasks: The dialog for setting permissions is re-worked.
  • Timezones: The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
  • (*) Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up to GOS 3.0, a second session always invalidated the previous one regardless of which browser is used.
  • For any web interface page, the duration of the backend operation will be shown at the bottom.
  • (*) Credentials: The public key of SSH credentials is not required anymore because it is extracted from the private key.
  • Credentials/Targets: Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
  • New: Statistics module at OMP level represented by the command “GET_AGGREGATES” which is also the foundation for charts.
  • (*) When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With GOS 3.0 the scanner immediately stopped activity and did not return so far collected host details. With GOS 3.1 this is now transferred to the database.
  • New internal inter-process communication of scanner.
  • Memory consumption of scanners reduced by 50%.
  • (*) Dropped support for pausing of tasks (OMP).
  • (*) Dropped support of outdated “openvasrc” Format (OMP).
Patch-Level GOS 3.1:
  • 3.1.27 (2017-02-21):
    • Web-Interface and OMP:
      • Performance improvement for the combination of many overrides and role based permissions (#67958).
      • Performance improvement for large number of LDAP-authenticated users (#67318).
      • Improvement: Documentation, logging und functionality for alert type “SCP” (#64696).
      • Bugfix: The selection of the Report Format Plugins for a “SCP” alert is now considered correctly (#64862, #2016112410000065).
      • Bugfix: Schedules with a period over 1 month were exexuted monthly (#65010, #2016120810000021).
      • Bugfix: A schedule with monthly period was removed from a task in case no duration was specified (#64362, #2016100610000065).
      • Improvement: The Report Format Plugin “CSV” now protects quotes in strings (#64678).
      • Minor bugfix: In very rare cases the internal timestamp about the feed status was not correctly processed (#66146).
    • GOS-Admin:
      • Improvement: It is now possible too update sensor certificates via the master. This is now part of “Reset all sensor certificates” (#51245, #51242, #2015072710000015).
      • Minor bugfix for rare cases during migration to GOS 4 (#67094).
    • Scanner:
      • Improvement: Detection of special host names in TLS certificates (#64997).
  • 3.1.36 (2016-12-23)
    • Web-Interface and OMP
      • Extension: New verince tag “gsm_system_Windows_Embedded” (#63875, #2016102010000074).
      • Improvement: The stopping of scans is enforced more strictly now. In favor of a faster cancellation, scan jobs now have less time to finish their current activity. These will be resumed in case the scan task is advised to do so later (#63832, #63830).
    • GOS-Admin
      • Bugfix for GSM 5300/6400: For a system backup the message were no adequate (#60020).
      • Improvement: For the USB airgap feature the messages on the LCD display are now more suitable (#64635).
      • Minor bugfix: The internal log rotation for scanner logs was changed so that this is also done when feed updates happen (#60130).
      • Internal preparations for a migration to GOS 4 (#64848).
    • Scanner
      • Extension: Support of TLS-SNI (#61661, #64588. #2016080410000019).
  • 3.1.35 (2016-10-27):
    • Web-Interface and OMP:
      • Performance improvements: The results view for large datasets was accelerated including the creation of notes and overrides. Also the host view is displayed faster now (#63767, #62927).
      • Increased the limit for results of the default email filter from 1000 to 2000. With GOS 4 this limit is dropped (#62290, #2016070510000019).
      • Bugfix: Verinice GSM Tags were corrected for various Windows versions (#63044, #2016092610000021).
      • Bugfix: Some minor bugs in the auto-generated credentials for Windows were fixed (#59700, #2016053110000018).
      • Bugfix: Error message will not appear anymore additionally in the results but rather only in the section “Error Messages” (#62937).
      • Minor BugFix: NVTs are now allowed to use the character “&” in their name (#63643).
      • Minor improvement GSR: Formatting of scan results can now better handle some more special cases (#57213, #2016022610000024).
      • Minor improvement: Scan-Config parameters “unscanned_closed” and “unscanned_closed_udp” now use the same input type in the dialog (#62929).
    • Web-Interface:
      • Bugfix: Some links issued inconsistent filter settings for charts and tables. Now the QoD is consistently used in charts and tables (#63340).
      • BugFix: The variable SCANNER_NVT_TIMEOUT is now properly substituted by its value in the GUI (#62931).
      • Minor Bugfix: A display error in the results view due to a line break was fixed (#62273, #2016082910000044).
      • Minor improvement of the online help about the “SCP” alert (#62274, #2015031210000014).
    • GOS-Admin:
      • Extension: The fingerprints of SSL certificates can now be shown in the GOS-Menu. This makes it easier to verify them (#53378).
      • Bugfix: After creating a userdata backup, temporary data are now deleted immediately (#57904).
      • Minor Bugfix: Wrong error messages about rsyncd in the logs are do not occur anymore (#62374).
    • Scanner:
      • Improved detection of “rsnyc” services (#63766).
      • Bugfix: In case of a circular dependency between NVTs, the scanner will not hang anymore and will also issue a detailed log message (#62797).
  • 3.1.34 (2016-09-21):
    • Web-Interface and OMP:
      • Updated GXR/GSR: Charts that were empty due to scan results or filtering are not included anymore. Also the OID were shortened for better readability. A formatting error for hostnames with underscores was fixed (#61602, #62598, #2016091310000045).
      • Improvement: When starting a scan, any NVT for settings was activated regardless of whether the settings are required in the respective context or not. This generic automatic activation was now disabled. Of course when attaching a SSH credetial, all necessary settings will be taken care of in the background. This now disabled feature was a transitional convenience for users of GOS 2. For large scans with small scan configurations you might notice a performance improvement (#62267).
      • BugFix: GSM Tag for Windows Server 2012 is now correctly set in the Verinice ISM Report Format Plugin (#60486, #2016062810000059).
      • BugFix: In the task overview of the scanner details page some obects were shown where actually permission is denied and thus clicking on the links led to a permission error. Those links are not shown anymore (#57759).
    • Web-Interface:
      • Bugfix: Under certain conditions the pre-configured sorting of reports was not by date (#62509).
      • Minor english typo fixed (#62509).
    • Scanner:
      • Extension: The scanner offers more ways to the NVTs about analysing TLS certificates (#62139).
      • Bugfix: Under very rare and very special circumstances the scanner had trouble during the execution of a NVT and cancelled the execution of this NVT (#62465).
  • 3.1.33 (2016-09-02):
    • Scanner:
      • Bugfix: An issue which caused scans to hang or abort prematurely under certain circumstances has been addressed (#62049).
      • Bugfix: An issue which caused error messages to contain references to incorrect hosts has been addressed (#62268).
      • Bugfix: An issue which caused slave tasks to remain in the ‘Requested’ state when master and slave were using different host limits under certain circumstances has been addressed (#54755).
      • Bugfix: An issue which caused vulnerability tests to abort prematurely under certain circumstances has been addressed (#60387).
    • Web-Interface and OMP:
      • Bugfix: An issue which caused an incorrect error message to be displayed when editing a task under certain circumstances has been addressed (#60442).
      • Bugfix: An issue which caused the ‘Alive Check’ property of a target to be ignored when cloning the target has been addressed (#60634, #2016070410000021).
      • Improvement: The filter used for Auto-Alerts has been modified to sort by severity to avoid misrepresenting the maximum severity when used with a large number of results (#60712, #2016070510000019).
      • Improvement: The limit for the field ‘Target Host’ in the Advanced Task Wizard has been increased (#56513, #2016012810000013).
      • Improvement: An issue with the help message for the ‘New Credential’ function has been addressed (#56663, #2016020410000021).
      • Improvement: The ‘Anonymous XML’ report format now strips even more items which could contain sensitive information from the report (#56793, #2016021010000027).
    • GOS-Admin:
      • Improvement: Support for using the RSA algorithm for authentication in Master-Sensor setups has been added (#62059).
  • 3.1.32 (2016-08-13):
    • GOS-Admin:
      • Critical Bugfix: Unfortunately version 3.1.31 has a critical problem for the sensor management. Sensors at version 3.1.31 can not be updated anymore by their master, neither NVT Feed updates nor GOS version updates.

If you upgraded from version 3.1.30 or prior to version 3.1.32, then there are no problems. But once a Master was updated to 3.1.31, the problem exists for all its sensors that were automatically updated to 3.1.31.

In case you are affected by this problem, it is unfortunately mandatory to apply a manual change on the sensors. The Greenbone Support has prepared a recipe for this manual change. We apologize for this inconvenience (#62030).

  • 3.1.31 (2016-08-08):
    • Web-Interface and OMP:
      • Extension: Automatic deletion of old reports. For tasks there is now a new setting that allows to specify a maximum number of reports stored for this task. If a further report is added, the oldest report gets automatically deleted. This makes it possible to for example to keep the latest 10 reports of a daily executed task. By default this is unset (#38210).
      • Improvement: If a scan via a scan slave fails due to a wrong password or wrong username for the slave, there will now be a respective note in a error message of the report (#59154).
      • Extension: The new alert method “SCP” allows to transfer a scan report in XML format via the SCP protocol. This is for example supported by some SIEM systems (#53932).
      • Extension: The alert method “SNMP” was separated from the method “SysLog” now forming a method of its own. It is not necessary anymore to additionally configure the SNMP trap received via GOS-Admin-Menu (#58742).
      • Extension: “Default Severity” was added under “My Settings”. This is the pre-defined severity to be used for NVTs that do not offer a severity. This can only happen if CVE-based OSP scanners are used and the CVEs do not have yet a CVSS assigned. Default is the conservative maximum of 10.0 (#49729).
      • Extension: It is now possible to attach a GXR and/or GSR to the Verinice ISM Report Format Plugin (#41074, #60444, #54603, #2015111910000013).
      • Minor extension: The powerfilter for permissions was extended with keyword “orphan”. With “orphan=1” orphaned permissions can be filtered. It is those permissions where the referring resource does not exist anymore (#55906, #2016010410000022).
      • GXR/GSR: The topology graph is created only for a maximum of 50 hosts (#56108, #2016011810000014).
      • Minor improvement: It is now allowed to use character “@” in the comment and value of tags (#57395).
      • Bugfix: If user names contained special characters, it was not possible to add them to groups or roles (#58879).
      • Bugfix: When importing special scan configurations it was possible that errors prevented the import (#59629).
      • Bugfix: Under certain conditions it was possible that a task executed via a scan slave hung in status “Stop Requested” (#59726, #2016050310000017, #2016052310000024).
      • Bugfix: Cloned pre-define report formats are now automatically trusted since only the general description can be changed and not the internal logic (#56990).
      • Bugfix: A formatting problem for special NVT descriptions was solved for the GSR PDF report format (#56150, #2016012010000037).
      • Bugfix: In very special cases it was not possible to positively verify a imported Report Format Plugin (#59287, #59756).
      • Bugfix: For delta reports some unneeded entries were created under certain conditions (#56952, #2016020910000011).
      • Bugfix: When creating for example GSR PDF reports directly in the web interface, the filter settings about hosts were not considered although this was considered in the GUI (#57256, #2016022910000055).
      • Bugfix: In the port list overview UUIDs were shown for targets using the port lists but which were not readable for the current user. The cross references did not work as a matter of fact. Now such UUIDs are not shown anymore (#58885).
      • Minor corrections of the OMP Documentation (#56666).
    • Web-Interface:
      • Layout improvements for host table in report results browser: The column content is now better wrapped (#55406).
      • Bugfix: Special manual changes to HTTP request now result immediately in an empty page and not cause anymore a delay (#57986).
      • Additional icons for operating systems were added (#57183).
      • Bugfix: When using the auto-refresh a error message could occur when creating a multiple permission (#56795).
      • Minor improvement: The titles for the filtering rules in the report results browser were changed to prevent misunderstanding about what exactly is the view about (#39535, #2014072410000121).
      • Minor improvement: The “once” status of a task is now also visible in the tooltip (#48265, #2015040910000028).
      • Bugfix: The edit-dialog for user account did not set the LDAP flag automatically if the user was managed via LDAP (#56469, #2016012610000017).
      • Improvement: Under high load of web interface (many concurrent users) it could happen that a new connection was denied. The limit of concurrent connections has been increased now (#58167, #2016040710000039).
    • GOS-Admin:
      • The menu for SNMP trap configuration was removed. It is now available via the web interface (#58743, #58745).
      • The cipher configuration of the SSH service was moved to a higher security level (#58450).
      • Improvement of internal logging: UUIDs of resources are now accompanied with the resource name and any “Internal Error” is now explicitly detailed (#58005, #58721, #59683).
      • Extension: For an in-depth analysis of a GSM in cooperation with the Greenbone Support there is now an option in the GOS-Admin-Menu to create a encrypted package with all relevant system data (#44900, #60301).
      • Extension: Internal clean-up method for resetting a scan sensor (#28277).
      • Improvement: The internal journal sizes of the database are limited now (#57888).
      • Bugfix: During a Factory Reset possibly (depending on the GSM model) an error occurred. This was only in very rare cases and it was possible to circumvent it. This is now fixed in general (#60488, #55414).
    • Scanner:
      • Improvement: The OpenVAS Scanner was made more robust handling timeouts. If a port was detected as open but later on it times out, a multiple retry strategy is applied (#48537).
      • Improvement: If SMBv1 is disabled on the target system and SMBv2 enabled, the scanner can achieve some more results during a authenticated scan. However, the detection capabilities very much depend on the presence of a running remote registry service (#50757, #2015071510000029).
      • Bugfix: Under extreme high load scan tasks could hang on a scan sensor. In combination with a limited schedule tasks could remain in status “Stop Requested” until next reboot. Measures are taken to prevent such so-called “scan zombies” (#56688, #2016020310000022).
      • Bugfix: Under certain conditions SSH scans could hang for a while. If the scanner has trouble with the remote ssh service, it terminates earlier now (#54059).
      • Improvement: When scanning SNMP services too many unneeded internal log information were created in case of missing MIBs (#59857).
  • 3.1.30 (2016-05-30):
    • Web-Interface and OMP:
      • Bugfix: For scheduled scans with limited duration and in master-slave operation it could happen that the scan task was stopped on the master but not on the slave. When resuming a task a new scan was started instead of finishing the stopped one (#59433, #59431).
    • Scanner:
      • Bugfix: Frequent stop and start of a task in short intervals could lead to a task that stay in status “Stop Requested”. A blocking scanner was responsible for this situation (#59642).
  • 3.1.29 (2016-04-21):
    • Web-Interface:
      • Bugfix: The action to resume a task while concurrently using a page refresh could lead to loosing the session ticket (#58356).
      • Bugfix: By using some special UTF-8 characters for filters it was possible to loose the session ticket (#57961).
    • GOS-Admin:
      • Update of an internal CA certificate with a new expiration date. This update is mandatory for proper operation of the vulnerability scanning and management. It is especially urgent for GSM ONE where the update needs to happen during April 2016 (#57946).
    • Scanner:
      • For authenticated scans via SSH it is now possible to use ECDSA keys (#57091, #29613).
  • 3.1.28 (2016-02-23):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#50862, #54971).
      • For various situations there is no blocking of actions anymore. A user can act in parallel to background processes like SCAP update. At the same time the CPU load is lowered (#44104, #56004, #56127).
      • Bugfix for the trashcan. It was possible that when emptying the trashcan also other resources were deleted (#55296).
      • Extended options for the condition of alerts: It is now possible to use the number of matches of a powerfilter as criterion (#45430, #2015010710000019).
      • Bugfix: Some graphs of Extras/Performance were not correctly displayed for the GSM ONE and for GSM 500/510/550 (#55648, #2014050510000017, #54799).
      • The Report Format Plugin “Verinice ISM” was prepared for a generalization (#43295).
      • Only GSM 100: Bugfix of the task scheduling. Not all of the scheduled tasks were always properly started (#55259, #56466, #2016012510000028).
    • Web-Interface:
      • The regular expressions for user inputs where checked and where possible narrowed down. This helps to identify invalid user input earlier (#55933).
      • Minor improvement: The icons for deleting notes and overrides are now only available if the user has no permission to execute this action (#55384).
      • Bugfix: When using auto-refresh it was possible to get an error message after creating a permission for a task. The task or permission as such was not affected, it was just a wrong error message (#55298).
      • Bugfix: When using IPv6 the redirection from http to https did not work properly for all of the possible IPv6 addresses (#54839).
    • GOS-Admin:
      • New: For the backup of user data the new method SFTP accompanies the methods USB and SCP (#51195, #2015072310000013).
      • Minor improvement for the TLS cipher support for OMP/HTTPS regarding the settings SECURE and NORMAL (#55940).
      • The range of accepted characters for proxy credentials was extended (#49453, #2015052710000055).
      • In GOS-Admin-Menu some passwords where shown in clear text. This was now changed so that GOS-Admin-Menu shows no passwords in clear text at all (#56599, #2016020110000035).
      • An option to delete source code was added to GOS-Admin-Menu. This can be use in case source codes were installed manually (#54020).
      • Minor improvement for upgrades: The new version number was shown too early in the process of the upgrade (#47727).
      • In order to prepare the upcoming feature of support packages, the PGP key of the Greenbone Support was integrated. This will allow in future releases to encrypt data when sending to the support team (#56126).
    • Scanner:
      • An updated base library for the SSH protocol improves the detection abilities of the scanner and also extends the support for SSH credentials used for authenticated scans (#52479).
      • Improved robustness of the scanner against incomplete NVT meta data (#55264).
      • Bugfix regarding SSH connections: When doing massive scans a slow-down or connection loss could happen (#54661).
  • 3.1.27 (2016-02-18):
    • GOS Base System:
      • Security-Bugfix closing a severe vulnerability in the general base library “glibc”. It is recommended to reboot the system after the upgrade completed (CVE-2015-7547).
  • 3.1.26 (2016-02-02):
    • Web-Interface:
      • Security-Bugfix closing a DoS attack vector. It was possible to invalidate web session tickets of other users. Neither integrity nor availability of OMP or SSH is affected (#56541, GBSA-2016-02).
  • 3.1.25 (2016-01-12):
    • Web-Interface:
      • Minor security bugfix that closes a open redirect which was present only with enabled guest mode (#55720).
  • 3.1.24 (2016-01-09):
    • Web-Interface:
      • Security-Bugfix solving a cross site scripting vulnerability. To exploit the vulnerability a valid session token is required. In case the guest account is activated, the general guest token can be used. However, the guest user account owns no write permissions for the GSM (#55720, GBSA-2016-01).
  • 3.1.23 (2015-12-15):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#51923).
      • New alert method “Send to host”: This method allows to send scan results in various formats to a configurable address as a simple TCP upload. Such upload opportunities are offered by several SIEM systems (#53931, #54296).
      • Bugfix for verinice ISM report plugin: It is now possible to attach a HTML report optionally (#54602, #2015111810000015).
      • Change for verinice ISM report plugin: The tag “Verinice Source ID” is now used instead of the previous work around based on the comment of a task (#54687).
      • New remote authentication method for GSM users via radius (#54696, #54060).
      • Changed: The “Once” checkbox for scheduled tasks now stays active after the scan was started. Before, it was deactivated but this added extra work for typical use cases (#48228, #2015040710000013).
      • Improvement: If no results were obtained during a scan, the user now gets some hints about potential reasons why the scan report could be empty (#51462).
      • Bugfix for overrides and CSV export: The overrides are now also applied for CSV exports (#52768, #2015092110000041).
      • Improvement for slave scans: a reboot of the master GSM does not anymore stop the slave scans. Now the slave scans can be resumed properly (#45074, #45073).
      • Improvement for the vulnerability view in the report browser: Notes and overrides are now also displayed (#52187, #2015090110000024).
      • Bugfix for overrides: The edit dialog was missing an explicit selection button for “yes” for the “active” setting (#52996).
      • Improvement for OSP scan configurations: Better defaults for selection lists (#52572, #52376).
      • Bugfix for counter of NVT Families in scan configurations: In some cases the number of NVTs was not shown correctly in the overview. The details view, however was correct (#53645, #2015091010000043).
      • Bugfix for deleting of ESXI credentials from trashcan: It was possible to ultimately delete a credential that was actually still in use (#54332).
      • Bugfix for scheduled scans with limited duration: After reaching the limit the task is now set to “Stopped” without any error notice (#53049, #2015093010000041).
      • Bugfix for importing OSP scan configurations (#53088, #2015100210000083).
      • Bugfix for LSC installer for Windows: Temporary files created during the installation are now removed immediately after the installation (#53680, #2015102210000036).
      • Bugfix for the performance charts: If data are no available, instead of showing an empty graph, now the graph is dropped. Several graphs are fixed and now use the correct data source (#22336, #22856, #36565).
      • Bugfix for prognosis reports: The format NBE is now also supported (#52897).
      • Minor bugfix that avoids an internal log message on slave GSMS in case scanning happens without credentials (#54526).
    • Web-Interface:
      • Minor improvement: For a guest access the page selection persists when the session ticket expires and a direct re-login is requested (#52165).
      • Minor bugfix: In some cases links to objects in the trashcan were non-functional (#54336).
      • Session tokens are now combined with the IP address of the browser. If a session token is used from a different system than it was issued for, it will not be accepted (#52008).
      • Minor improvement for the case a login user name is tried for logging in that contains invalid characters: In the past, a error dialog was raised. Now simply the login dialog returns and asks for a new try (#20082).
      • Bugfix: Missing icon for solution type “Mitigation” (#52596).
      • Minor bugfix: Enabling the bulk action, some icons remained visible, but without functionality. These are not visible anymore (#54335).
    • GOS-Admin:
      • Failed logins are now logged by default, including the source address (#51158, #51927).
      • Internal improvement: Some unneeded files that remained after an upgrade from GOS 3.0 are now deleted. These were just system files, no user data (#54019).
      • Minor improvement: When entering a proxy credential, a additional hint on the syntax for ADS environments is provided for convenience (#53684).
      • Bugfix: The Airgap menu of gos-admin now correctly reflects all of the airgap combinations (#54058, #51272).
    • Scanner:
      • OSP scanners report about the host alive status properly (#51924).
      • Bugfix for resolving hostnames in pure IPv6 environments (#54216).
      • Bugfix: For some OSP scans the target CIDR notation was not correctly resolved (#52373).
      • Internal improvement of the OpenVAS scanner regarding data stream block lengths (#53023, #52146).
      • Improved status message in case of a malfunctioning or unavailable OSP scanner (#52240).
  • 3.1.22 (2015-10-30):
    • GOS-Admin:
      • Improved robustness of the central data manager against special load and stress situations (#53834, #53825, #53832, #53646, #2015100710000047).
  • 3.1.21 (2015-10-20):
    • Web-Interface and OMP:
      • Minor Bugfix: Subject for email alerts are now prefixed with “GSM” (#53282).
    • GOS-Admin:
      • At high load it could happen that more than one feed update is executed in parallel. This could lead to a blocking situation (#53356, #53360, #2015100710000047).
      • The upgrade starting from a factory reset could lead to error messages in the log during a feed update due to inconsistent data migration (#53358, #2015100610000031).
  • 3.1.20 (2015-10-07):
    • GOS-Admin:
      • Bugfix: An issue which could cause the upgrade process to abort under certain circumstances has been addressed (#53089, #2015100210000065).
      • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53091).
      • Improved visibility of upgrade process in system log files (#44607).
  • 3.1.19 (2015-09-29):
    • Web-Interface and OMP:
      • Accelerated responses for task overview in case of high scan loads (#50860, #2015070610000037).
      • New: Extended configuration of email alerts. The title as well as the message body can now be specified individually. Some variables can be used to reference the task and to use text elements. The pre-configure settings reflect the title and content as was so far. So, there is not necessary to immediately change anything (#50859, #50572, #2015070810000042).
      • GSR Report: Under certain circumstances (triggered by an alert) wrong severity colors and classes could be applied that did not match the actual CVSS (#51820, #50171, #2015081810000058, #2015062310000015).
      • New: XML representation of tasks now includes the tags attached to the task (#52478).
      • Bugfix: Credentials shared via permissions were in some cases not accessible for the scan (#50363, #2015070110000028, #2015070810000051).
      • Bugfix: It could happen that a shared sub-object (for example a port list) was not readable (#51416, #2015080410000039).
      • Bugfix: Access of super admin via LDAP is not denied anymore (#48824, #2015042710000021).
      • Bugfix: When using dynamic severity, it could happen that timeout messages were displayed as a regular result instead of as an error (#50324, #2015070110000019).
      • Minor Bugfix: In scan configurations it could happen that the displayed number of selected NVTs for a family was wrong. The actual selection was handled correctly (#48250).
    • Web-Interface:
      • Bugfix for the export of larger data collections from ca. 100 objects, for example CPE resources (#52174).
      • New: When creating a new target, now the pre-set target is the source IP address of the user’s browser system (#47098, 51639, 51925).
      • New: When creating a new task, now it is possible to directly specify a tag for the new task (#35488, #2014022510000066).
      • Bugfix for host restrictions for a user: Ranges that were expressed using the hyphen syntax (from-to) were not accepted (#50915, #2015080710000015).
      • User names may now contain the dot character (“.”) (#51136).
      • Minor Bugfix: The Chinese translation is now identified as “zh_CN” instead of just “zh” (#51112).
      • Minor change: Die login page now has a CSS of its own (#50915).
      • New: The “Content-Security-Policy” settings are now used to limit the embedded access from within other sites (#51375).
    • GOS-Admin:
      • Accelerated Upgrade: Under certain circumstances a automatic update could take several hours because some internal data optimizations were executed. These are not enforced anymore for each upgrade (#51481, #2015081010000045).
      • Failed logins for the web interface are now logged by default including the source IP address (#51926).
      • Minor Bugfix: Applying changes of TLS Cipher is less delayed now (#43785).
      • Minor Bugfix: Lowered log noise about upgrades (#49956).
    • Scanner:
      • Accelerated scans by about 10%. The actual achievements depend on various circumstances and might be even better (#48799).
      • Improved integration of the web application scanner w3af, now also supporting the seed URL setting (#51266, #51334, #51412, #51283).
      • Improved integration of the IDS PaloAlto (#52600, #52579).
      • Improved error handling of OSP scanners (#51335).
      • Minor Bugfix: When creating a OSP scanner, expired certificates are immediately rejected (#50398).
      • OSP servers now refuse to launch with a certificate that expired anyway (#50397).
      • Bugfix: Dynamic severity will not display OSP scanner results as “0.0” anymore (#50738).
      • New: OSP connector for Fortinet which however is not yet supported for use (#49627, #52104).
      • OpenVAS Scanner: The option “max_sysload” was removed as a scan configuration option, because it is a system wide setting, not a scan-specific one (#51263).
      • Bugfix for OpenVAS Scanner: Improved SSH host key detection (#50588).
  • 3.1.18 (2015-09-24):
    • Hardware:
      • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52838, GBSA-2015-01).
  • 3.1.17 (2015-08-03):
    • Web-Interface and OMP:
      • Improvement of filtering regarding QoD by extending the use of filter element “min_qod”. This helps for a consistent view for default settings (#46117).
      • Extended powerfilter for results: All results for a task across all reports can be selected for a certain CVE (for example “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
      • Bugfix for the powerfilter when searching for parts of an IP address (#49497, #2015052910000015).
      • Resolved inconsistencies (None vs. Log) when handling PCIDSS severity classes and corrected ranges (#49080, #49075).
      • GSR PDF reports: Size limitation extended (#49655, #2015040810000021).
      • GSR/GXR PDF Reports: With more than 100 hosts the topology graph will not be included anymore since details can not be identified anymore anyway. With this, the creation of the larger reports is also accelerated (#49269, #2015051810000018).
      • Bugfix: QoD for “general_note” is now displayed with 1% and not anymore with the default of 75% (#50325).
      • Bugfix: The installation routine for automatically created credentials now also works for Windows 2012 R2 and Windows 10 (#47269, #2015030210000033).
      • Bugfix: Improved error handling for invalid user input for the powerfilter (#49412).
      • Bugfix: Global users were missing in the selection box for permission dialogs (#49381, #50497, #2015070610000046).
      • Minor bugfix: Less process overhead for the creation of report documents (#48977).
    • Web-Interface:
      • Improved support for user interface languages. By restructuring the handling it is now easier to add more languages. In this context, German and Chinese was updated and a partial translation for Russian was added (#44479, #50723).
      • Extended bulk actions: It is now allowed to handle a larger number of objects with a single action, for example to delete a larger number of reports (#50584, #2015070610000028).
      • Details dialog for tasks: Added the information about the total number of single results related to this task across all reports. This includes a direct link into the results table (#49628).
      • Improved: New User dialog now does not allow to enter a password in case LDAP is used because it was and is ignored anyway (#49271).
      • Bugfix for permissions: In some special cases the action icons were greyed out although the actions were allowed (#49583).
      • Bugfix for the Powerfilter: In some cases the combination of keywords did not establish the right selection, for example the combination of the keywords “task_id” and “cve”. (#49675).
      • Bugfix for the creation of a schedule: The comments was not stored (#49595).
      • Extended the set of allowed characters for comments by “:” (#49494, #2015052810000026).
    • GOS-Admin:
      • User-data backups can now be created even when the database exceeds the size of 4 GByte (#48109).
      • Extended the set of allowed characters for the SNMPv3 password by “$#?!” (#49312, #2014100110000023).
      • The SNMP setting are now also available via GOS-Admin-Menu for the GSM 25 (#49448, #2015052710000019).
      • Bugfix for the import of reports: The detection details were not imported (#49660, #2015060410000033).
      • Bugfix for the SNMP trap setting (#46321, #50323, #2015013010000029, #2015063010000083).
      • Bugfix to prevent non-functional internal processes. However, there was no impact on performance (#48109).
      • Minor bugfix for the scanner for rare special cases (#49593).
      • The setting “proxy_update” was not used since a very long time and now is finally removed. Instead, the setting “proxy_feed” is used (#49593).
      • Improved internal error messages in case of database problems (#48876).
    • Scanner:
      • Bugfix: Under certain conditions single checks were aborted too early (#48906).
      • Bugfix: For Linux systems with large package databases (ca. more than 8000 packages) it could happen that the list was truncated and thus not all packages were analyzed (#49727).
      • OSP: Extended to handle ports as host details and to handle timestamps (#48800, 49584).
      • New: Beta version of Palo-Alto OSP scanner for selected pilot customers (#48538, #51194, #50912, #50858).
      • New: Beta version of w3af OSP Scanner for selected pilot customers (#50912, #43436, #49673).
  • 3.1.16 (2015-07-03):
    • Web-Interface and OMP:
      • Bugfix: A scheduled start of a task will now only be done for the owner of the task (#50140, #2015020210000026).
      • Bugfix: A scheduled start of a task will now only be done once per given time window (#50314, #2015063010000065).
  • 3.1.15 (2015-06-19):
    • Web-Interface and OMP:
      • Bugfix: When stopping a scan task it could happen that the status of the task hangs at “Stop requested”. Only a reboot did set back the status to “Stopped” (#49496, #2015052810000017).
      • Bugfix: A report creation triggered by an alert could block the database for the duration of the report creation (#49975).
  • 3.1.14 (2015-06-16):
    • Web-Interface and OMP:
      • Bugfix: A combination of scans with a configured time window and automatically coupled creation of reports could lead to a blocked database in case the Scan was comprehensive or the time window short (#49861, #2015061110000011).
  • 3.1.13 (2015-05-21):
    • Web-Interface and OMP:
      • Permissions: Extended dialog for setting new permissions. It is now possible to create multiple permissions in one step. For example it is now possible when changing a target object, to apply the same permissions automatically to the related port list and credentials. Concurrently a unified permission dialog for all object types is introduced. It is available on the respective details pages. And it offers a direct link into the permission creation dialog and automatically configures all related objects for it.In total this increases the comfort for creating, reviewing and modifying permissions. (#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
      • QoD: Some inconsistent default filtering (min_qod) is now unified and the current min_qod selection will be kept when entering into a report (#46989, #47891).
      • Bugfix: The deleting of Report Format Plugins failed under certain conditions (#48961).
      • Bugfix: Accessing the trashcan failed under certain, rare conditions (#49058, #2015050710000021).
      • Bugfix: It was possible that by removing an override the severity did not follow the change (#47789).
      • Passwords for web and OMP users: Now it is also allowed to use whitespace and part of a password (#48712, #2015042210000021).
      • The Report Format Plugin “Verinice-ITG” is now a pre-configured plugin and it is not required anymore to import it explicitly (#41765).
      • Bugfix: The name of a NVT and its last tag are now considered for filtering (#48891, #2015041610000023).
      • Bugfix: The sorting by “Last” report in the task list did not work properly (#48823, #2015042710000011).
      • Bugfix for slave tasks: In case the sensor or slave was not reachable, it was problematic to stop a started scan as long as the start was still was not established (#48877, #2015040110000024).
      • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strictly (#47710, #48890, #2015040210000041).
      • Bugfix: Filter directives for delta reports were executed properly, but in the new view the filter was lost (#48063).
      • Bugfix: Individual port lists that were used for a scan via a slave or sensor where not automatically deleted after the scan finished (#47889).
      • Bugfix about displaying the trust status of Report Format Plugins (#47721, #2015022310000013).
      • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#48715, #2015031810000031).
      • Bugfix: Under certain conditions it could happen that expanding the results view did not show the actual details in case the results are owned by another user (#47411).
    • Web-Interface:
      • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#48981).
      • Bugfix: The version info about GSR and GXR did wrongly not show the actual version 3 (#48115).
      • Bugfix: The counter for notes and overrides in the NVT details dialog showed always 0 (#48247, #2015040810000048).
      • Minor extensions of the online help texts (#47708, #47858).
    • GOS-Admin:
      • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#48788).
      • OMP via IPv6: In case OMP is enabled, this protocol can now be accessed also via IPv6 (#13592).
      • User-Data backups: In GOS-Admin-Menu there is a new function that shows all local user data backups (#47787).
      • User-Data backups: In GOS-Admin-Menu there is a new function that allows to remove single local user data backups (#44852).
      • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#48523).
      • Backup Management: The structure in GOS-Admin-Menu was re-organized with a better separation of backup types and backup settings (#44769).
      • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#48442).
      • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#47055, #2015022010000019).
    • Scanner:
      • Bugfix: By stopping and then resuming a task it could happen that in the overlapping range some results were doubled (#48538, #48974, #2015041710000031).
      • Bugfix: In some cases the hostname for a scanned IP was missing in the results (#44904).
  • 3.1.12 (2015-04-23):
    • Scanner:
      • Bugfix for the scanner which did not reliably executed some tests for some Windows systems. This lead to a lower number of detected vulnerabilities compared to GOS 3.0 (#46115, #48521).
  • 3.1.11 (2015-04-08):
    • Web-Oberfläche und OMP:
      • Bugfix for the NVT details: The CVSS vector was missing in GOS 3.1.10. After the next feed update the vectors will be visible again (#48062).
  • 3.1.10 (2015-04-01):
    • Web-Interface and OMP:
      • Comprehensive update of the Report Format Plugins GXR and GSR. The representation of is more compact now. Especially the GSR will now get created faster and will have less pages. Apart from that, several new functions are support now like solution type and QoD (#46216).
      • The Report Format Plugins GXR and GSR now offer a tabular overview about the success of target host authentications (SMB, SSH and ESXi) (#45700, #2015011510000021).
      • Bugfix for GSR Report Plugin: The text entry about overrides was missing (#47212).
      • New Report Format Plugin “Anonymous XML”: Like XML, but IP addresses get pseudonyms and other potential hints about the origin of the scan are removed as well (#38250).
      • Comprehensive update of the permissions management regarding visibility of objects by Users, Groups and Roles. Now, several dependencies will be considered by the permissions management (#47310, #2015030410000011).
      • Bugfix for automatically created Debian credential packages (#46996).
      • Fully automized update of CERT-Bund now activated (#45364, #47176, #2015022610000062).
      • Bugfix for the keyword “owner” when used in the powerfilter (#46915).
      • Bugfix regarding transfer of task properties to scan slaves (#46721).
      • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#46897).
      • Bugfix to prevent piling up of lost scanner processes that slow down a GSM over time (#47854).
      • Bugfix regarding changing the “Host-Alive” method (#47989).
    • Web-Interface:
      • Charts: Tooltips extended with percentages and added tooltips for the legend (#47358).
      • Bugfix: Overrides were applied in the Report-Browser, but False Positives were not displayed (#47096).
      • Improved usability of powerfilters: The text entry now contains only specific elements. All others are displayed below, but could be set anytime as well (#45912).
      • Minor bugfix for Task Details Dialog: The Slave name is not displayed anymore if no slave is used anyway (#46819).
      • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#15343).
      • Improved online help for Scanner Details (#47282).
      • Added download option for certificates of OSP scanners (#47281, #47283).
      • SecInfo for NVTs was internally changed to now use the OMP command GET_INFO (#39910).
      • Minor bugfix: Graphical bug in Charts regarding too many percentage characters (#47357).
      • Minor bugfix: Graphical bug for IT-Schwachstellenampel regarding URLs (#46969).
      • Minor Bugfix for status info of OpenVAS Scanner: It was wrongly displayed that the scanner is offline (#47280).
    • GOS-Admin:
      • Extended SNMP monitoring parameters and MIB: The MIB for the Greenbone Security Managers as well as the newly supported standard properties are now documented at the Greenbone website about SNMP (#44239, #29960, #2013052810000039).
      • Internal improvement for self-check after an upgrade to identify incomplete upgrades (#47579).
      • Internal improvement of management of OSP Ovaldi: Certificate update via GOS-Admin-Menu (#47219).
      • Minor bugfix of NTP configuration to avoid error messages in the log (#46726, #2015021110000027).
      • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47264).
      • For GSM ONE the menu “Advanced Management” is now back in GOS-Admin-menu (#47724).
      • Improved Boot-Check log (#43682).
      • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46815).
    • Scanner:
      • Internal improvement: For NVTs of the OpenVAS Scanner it is not mandatory anymore to deliver a CVSS Base if they already offer a CVSS Base Vector (#41456).
      • Improvement of authenticated scans for target systems with specific SSH services and key types (#47304, #47278, #29613).
      • OSP-ovaldi now also delivers its own CPE as a host detail (#45909).
      • New Parameter “debug_mode” for all OSP scanners (#45906).
  • 3.1.9 (2015-03-13):
    • Bugfix for internal GOS upgrade handling (#47513).
  • 3.1.8 (2015-03-05):
    • Bugfix regarding TLS certificates of the pre-configured scanner. Under certain conditions it could happen that no scans are executed anymore and a manual update of the certificates was necessary. This has now been automated (#47279).
  • 3.1.7 (2015-03-03):
    • Quality of Detection (QoD): This concept for the reliability of successful detections of vulnerabilities now arrived also in the web interface. New NVTs were already equipped with specific QoD values (between 0% and 100%) for some time. The QoD is now visible for NVTs as well as for the scan results. Of course, it is now possible to use the QoD to filter. The defaults are chosen to match the previous behaviour. This means, the same number of results are filtered which corresponds to a QoD of 70%.
      With this new feature, the parameter “paranoid” in the scan configurations is dropped, because now even those tests with a low reliability are always executed. The results are present in the database and can be reviewed if needed. A separate scan for detecting so-called “potential vulnerabilities” is not necessary anymore. (#46396, #38193, #46118).
    • Extension of the permissions dialog for tasks: When granting permissions to a task, now the same permission is automatically granted for the depending objects like schedules or alerts. (#39459, #2014072210000017).
    • Reduction of DNS Reverse Lookups of the GSM for NTP servers (#46965, #2015012110000037).
    • Bugfix for executing scans via slaves: Now the configured port list is applied and not just the default port list (#46632).
    • Bugfix for the use of SSH keys for SSH credentials (#46474).
    • Bugfix for the Restore function of the user-data backup on GSM 100 when migrating to GOS 3.1 (#46813, 46835, 46241, 46515).
    • Bugfix for drop-down dialog elements for timestamp in task wizards (#46125).
    • Bugfix for scan progress bar: The progress is now reflected more adequately (#18591, #46694, #2015020210000053).
    • New functions via via gos-admin-menu (section “Advanced”) to manage the database (vacuum, analyze) (#41097, #43688).
    • Bugfix for sensor upgrades, specifically for airgap (#46836).
    • Bugfix for individual timeout configuration of NVTs when executed via a slave system (#44857, #2014121110000019).
    • Bugfix for missing transfer of ESXi credentials to slave systems (#46691).
    • Creating web users with the same name is not allowed anymore (#46214).
    • Alterable tasks: If all reports are removed, the task does not anymore automatically turn into a regular tasks. It rather remains to be a alterable task (#42226, #2014101310000028).
    • Extension for creating a new task: It is now possible to assign a schedule and configure to execute the schedule only once. After this schedule is executed, it will automatically be removed from the task (#46184, #2015012610000028).
    • Tasks with schedules that define only a single execution: After the scan was started, the schedule object is removed from the task object because it won’t be ever executed anymore anyway. This means that now any task in the task overview that has a schedule symbol will definitely be executed in the future at least once. (#45943, #46185, #2015012610000046).
    • Extension of the selfcheck in gos-admin-menu to check availability of internal OMP service (#46397).
    • Update of an external link inside the Online Help system (#46390, #2015013010000047).
    • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46542).
    • Bugfix for sorting the numerical column “IPs” of targets (#39267, #2014071710000018).
    • Bugfix for Superadmin: Icons for cloning are not greyed anymore (#45888).
    • Bugfix for Superadmin: Access to notes and overrides is now possible (#45889).
    • Bugfix for auto-credentials (#45729, #45730).
    • Improved WMI RSOP support for the OpenVAS Scanner (#40407).
  • 3.1.6 (2015-01-26):
    • Last release of Beta phase. First release of 3.1.
GOS 4.0

2016-12-21: Greenbone OS 4.0

Latest patch level: 4.0.3 (2017-01-13)

  • Web-Interface and OMP:
    • Minor bugfixes: Some functions were available in the web interface even if no persmission was available for these. Selecting them led to a internal error (#65303, #64592, #64681, #64712).
    • Minor bugfix: After deleting a user a blank page was shown (#65301).

Greenbone OS 4.0.2 for GSM ONE and GCE

Lifecycle Phase: New

  • Entirely updated base system.
    • Updates for all components.
    • Consistent 64bit architecture for all appliances and VMs.
  • Integrated full-featured database management system (DBMS) as backend.
  • Extensively reworked administration layer.
  • New: Explicit asset management. The first themes for the newly designed asset management are now available.
    • Hosts: Can be transferred automatically from scans. Manual transfer or adding new entries is also possible. New targets can be created from the host assets based on filters, for example “all Windows 2012 Servers” or “all hosts not scanned in the past 10 days”.
    • Operating Systems: Are automatically or manually transferred from scans. It is possible to compare average and maximum severity and of course the number of occurrences.
  • Comprehensive update of the web interface. This includes visual, technical and also workflow changes. No GOS update before covered so fundamental changes.
    • Dynamic and interactively configurable chart and dashboard views.
    • Dynamic use of the entire area of the browser window.
    • Web pages for changing or creating a resource are now turned into dialogs. This allows to open them in a chain, for example to create a target from within the task creation dialog.
    • Dynamic input systems, for example for selection lists or a date.
  • The filter of the report results is changed to the general powerfilter. With this step the powerfilter behavior is unified across the entire application. A complete automatic migration of the filters is unfortunately not possible. Thus we recommend the check, and where necessary, update your filter. This is especially relevant if they are used for alerts.
  • New charts:
    • Tasks: Next scheduled tasks as GANTT chart.
    • Tasks: Hight severity per host as bubble chart.
    • Tasks: Most high severity per host as vertical bar chart.
    • Reports: High severity as timeline chart.
    • Results: Vulnerability titles as word cloud chart.
    • Results: Vulnerability descriptions as word cloud chart.
  • New: Alerts for SecInfo. It is now possible to configure alerts based on new incoming SecInfo data.
  • New: Builtin CVE scanner. The prognosis scan is now a scanner that can be selected for a task among other scanners. All methods for tasks can thus now also be applied to CVE scans (the prognosis scans).
Roadmap

There are four phases for upcoming releases: Planning, Development, Alpha and Beta.

Greenbone OS 4.1 (ca. Q1/2017)

Lifecycle Phase: Beta

  • Using LVM (Logical Volume Manager) for all appliances.
  • Encrypted file system for all appliances.
  • Redesign and enhanced display of information in the LCD panel. Using the appliances LCD panel controls, scrolling through system status information is possible.
  • Complete revision of the Backup Management, now fully automatable and efficient backup procedure. Every revision status can be restored on demand. Backups are transferred to a backup server via encrypted connection, additionally flashdrive (USB) backups are possible.
  • Configuration of VLANs is possible in the administrative interface of GOS.

Greenbone OS 4.2 (ca. Q3/2017)

Lifecycle Phase: Planning

  • Change: Slaves will become Scanner. This eases the use of scan sensors. Among others, the management of access rights for slaves will be unified.
  • Changing the WebUI to SPA technology (Single Page App). Design remains as it is, the interaction with the user interface will be much more direct and responsive.
  • New view “Vulnerabilities” additional to Results and Reports. This view summarizes identical vulnerabilities across all scans, which can the be filtered or otherwise worked with.
  • Enhancing the Asset Management: view on ‘Applications’.
  • Enhancing the Asset Managements; view on ‘TLS certificates’.
  • Increase speed of feed updates and change to continous update.
  • Currently static global objects (Port lists, Scan configs, Scanner and Report Formats) are assigned to roles carrying specific rights. That enables configuring Users, Roles, and Groups in a way, which allows them only restricted usage of only a few or none of these predefined objects.
Lifecycle

The lifecycle of Greenbone OS release follows a distinct graduated scheme. We do not only take care of stability of each release, we also ensure a seamless and simple migration path. Any additional measure to bring the technological state of the art to our users in a comfortable way is also applied.

Greenbone OS Lifecycle Phases

  • Planning:During the planning phase we also consider any wishes and proposals of our customers for new or extended functionalities.
  • Development:Some new functionalities are implemented, some are still in the works. The final feature set is still open to be determined. As soon as a upcoming Release enters this phase, it appears on our Roadmap.
  • Alpha:First version of the new Greenbone OS are assembled and handed over to a internal test group. It is still possible add further functionalities, but adding larger ones needs to be well justified. The first QA system for this Release is set up and will be active until the retirement of this Release.
  • Beta:The feature set is now fixed. The new Greenbone OS is made available to extended group of testers, among them also selected partners and customers.
  • New:The new release is available for some GSM, but not yet all. Step by step all GSM will be supported during this phase. The new Release is removed from the Roadmap and now appears on page Greenbone OS: Current.
  • Mature:Any existing GSM can now be migrated to the new version.
  • End-of-Life:As soon as a date for the end of life is published, the Release enters the End-of-Live phase. Users are encouraged to upgrade to a newer Release.
  • Retired:The End-of-Life date is reached. Possibly such an old version is still present on some Flash system and reactivated via a Factory Reset. In that case the updating to a new Release is still supported.

The release now leaves the QA process. The corresponding QA systems are now finally switched off and the Release gets archived.

The release is also now removed from the list of current Releases and moved into the Archive.

  • Obsolete: No support whatsoever anymore.

Greenbone OS Lifecycle-Levels

  • Patch-Level: The last number of a GOS version indicates the Patch-Level. For example, “3.0.21” is Patch-Level 21 of release “3.0”. Prior to 3.0, the Patch-Level was indicated with a dash like “2.0.0-21”.

Within a release always the newest Patch-Level is fully supported. For all previous Patch-Levels the upgrade to the newest Patch-Level is supported. A Patch-Level update will not change default behaviour. Neither will it introduce major changes of functionality.

Information about the newest Patch-Levels is made available via the newsletter and via the page Greenbone OS: Current.

The intention of Patch-Level updates are bugfixes and minor new feature as long as these do not require migration or API changes. In addition to this, Greenbone OS security updates are managed via Patch-Level updates.

Patch-Level updates are simple to execute. Prior to opening a new support ticket you should always verify the defect is present with the newest Patch-Level.

The counting of Patch-Levels starts with 0. The first Patch-Level of a new release (for example 3.0.0) is the first alpha version. Before a new release reaches the customers, the Patch-Level counter reflects the number of alpha and beta iterations.

  • Release: The middle number of a GOS version indicates the Release. For example, “3.0.21” is Release 0 of Generation 3. Within a Generation all releases are supported for some time. Once it is clear that the next Release will also be the next Generation, the latest Release of the Generation becomes subject to Longterm-Support (LTS-Release) while the older Releases of that Generation are only support with regard to upgrading to the LTS-Release. Version 2.2, for example, is a LTS-Release because the next Release included a change the next Generation, 3.0. In this case the support for 2.0 and 2.1 ends earlier than for 2.2. The end of life of a Release is always announced at least 3 month in advance, for a LTS-Release even 6 month in advance. The newsletter will regularly inform about such deadlines and status and deadlines can be reviewed any time on this page: Greenbone OS: Current.

The intention of a Release is the introduction of new functions and extension of existing ones. This may even include changes of default behaviour. Subject are the scanner itself, the web interface, the API and the administration. The update of the Flash system of hardware-based GSMs is usually not subject for a Release. Migration of the database is usually mandatory and will be executed automatically.

Because a Release update means considerable changes, the administrator must explicitly select a Release change. Once done so, the Release update is done the same way as a normal Patch-Level update.

  • Generation: The first number of a GOS version indicates the Generation. For example, “3.0.21” is Generation 3. The end of life of a Generation happens never earlier than at least one year after the next Generation was released to the users. Another pre-condition is the presence of a Flash-Upgrade and a guide for updating and migrating to the next Generation.The intention of a Greenbone OS Generation is the introduction of a entirely new basis in order to provide the user with the newest state of the art without making a compromise. Typically, with a new Generation also the Flash system of the GSM hardware is updated as well.
Old Releases

2014-03-21: Greenbone OS 3.0

Latest patch level: 3.1.34 (2016-09-21)

The items marked with (*) will change the default behaviour.

  • Versioning: From GOS 3.0 the patch level versions will be indicated by the third part of the version number. For example the tenth patch level will be “3.0.10” instead of “3.0.0-10”.
  • Groups: For access permissions users can now be associated with Groups. The web interface allows full management of these groups for users with Administrator role.
  • Permissions: Under menu “Configuration” there is now a new item “Permissions”. Here the user has an overview on all of his access permissions and opportunities to manage them.
  • (*) For role “User” the permission is removed to see all other user names. From now on the permission to see other users (“get_users”) must be explicitly granted.

This means that you only can access the GUI elements to add or edit observers of your task if you own this permission. This can be granted for example directly for a single user via the administration of users.
Alternatively you can create a new role (e.g. “userlist”) with the only permission “get_users”. This new role can then be added to all users who should be provided with this extended permission. Of course other concepts of permission modelling could be applied as well.

  • (*) Alive-Test (Up-Test, Ping-Test): The type of this test that determines whether a system is active and therefore can be scanned is now adjustable as a property of the object “Target”. Which means it can be changed without the need to change Tasks or Scan Configurations. Possible methods are the same as before: ICMP, TCP and ARP.  The default setting for the Alive-Test changes from ICMP&TCP&ARP to just ICMP. Hence it can happen that results change for some of your Tasks because some systems are not regarded as alive anymore. But in most cases where larger IP ranges are scanned the scan duration will significantly drop down. However, you do not need to change a Scan Configuration or Task to get back to the previous state, you just need to adjust the Alive-Test method for the respective Target.
  • (*) Severity replaces Threat: The concept of Threat Classes is extended to the Severity concept where the severity is not just a class but also contains a specific CVSS value. The CVSS value of a Severity is always the highest occurring CVSS value in the corresponding scan results. This allows a higher granularity in the view and for example improves sorting.
    This means comprehensive changes for the whole application:

    • Task Overview: So far only the Threat level was stored for Tasks. Because old tasks covered results with only threat level and no CVSS level (meanwhile all NVTs are assigned with a CVSS), the migration will use old rules of attaching a threat level and therefore insert the maximum of the respective level. This means that the Severity may show a higher CVSS value than then highest value actually present in the results. But this guarantees that the threat level will remain the same. The following values are therefore applied during the migration: High: 10.0, Medium: 5.0, Low: 2.0. Of course for new scans the exact values as occurring in the results are applied.
    • Task-Details: For the list of reports of a task the very same changes and migration rule is applied as for the Task Overview.
    • Notes: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that notes may get invisible when NVTs are updated.
    • Overrides: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that overrides may not be applied when NVTs are updated. Furthermore, the New Severity is not anymore just a threat level but rather a CVSS value. Old overrides with just threat level are migrated with the same scheme as the Tasks and Reports (see above).
  • Tags: The new configuration object class “Tag” allows to attach short texts to almost any other object. These texts are available to filtering and are included in export files. This enables to create thematic groups or attach arbitrary attributes to objects.
  • Reports: Under menu “Scan Management” there is now an overview on any available scan report, regardless of the relations to a task. The powerfilter is available here as well. This new view replaces the report list in the task details dialog. Suitable filters are set automatically.
  • Search interface for all objects of the SecInfo Management: Via new menu item “All SecInfo” it is possible to search for keywords and with other methods of the Powerfilter through almost 300.000 objects of various types.
  • Web interface is extended with multi-lingual support and translated into German language.
  • New pre-configure Scan Configuration “Host Discovery”. This Scan Configuration simply searches for real systems for the given target addresses. No vulnerability tests are executed. The result is just a list of hosts that are regarded active.
  • New pre-configure Scan Configuration “System Discovery”. This Scan Configuration applies any NVTs that discover operating system types and/or hardware device types. No vulnerability tests are executed. The main result is an overview on the found operating system and devices.
  • New pre-configure Scan Configuration “Discovery”. This Scan Configuration applies any NVTs that discover as many details about the target system, installed services and applications, as possible. No vulnerability tests are executed.
  • Tasks: New class “Alterable Task” allows to change Target and Scan Config even if there are already reports for this task. This allows to have a playground task not designed to grant consistency between its reports.
  • Integrated online CVSS calculator: Under menu “Extras/CVSS Calculator” a form is available that supports calculating a CVSS value.
  • (*) Reports: The browser for the report view was entirely reworked and split up into multiple sections, each with a page of its own. Countless changes and extensions were applied. Attention: The changes are significant regarding the default view and regarding the powerfilter. Older stored powerfilters for reports may not work anymore and need to be re-created
  • (*) Reports: Users can now individually configure the severity class ranges (High, Medium, Low) for the results view. Attention: The predefined class range is now the one of NIST. Therefore the colors in the view can change for old results and filters may return different results. If you want to switch back to the old behaviour, just enter “My Settings” and select “OpenVAS Classic” for severity classes.
  • Powerfilter: The powerfilter now offers a expand/collapse functionality in order to offer a regular dialog as equivalent to the content of the filter string. Dialog and filter string are automatically mutually synchronized.
  • Target: It is now possible to reduce the selected range of target systems via some rules. This includes an exclude list, reduction of double entries via Reverse Lookup and making Reverse Lookup obligatory.
  • Host access rules: More opportunities to deny or allow scan of host for each users, for example hostnames can now also be applied.
  • Interface access rules: This new feature allows on the one hand to specify a special interface (like “eth1”) for each task. On the other hand it is possible to express rules to allow or deny access to interfaces for each user.
  • Problems with DNS resolving during scan: Each failed resolving of a target system name is not listed in section “Errors” of the report browser.
  • Reports: The port information is now extended with the current IANA service name that is registered for this port.
  • New pre-defined Report Format Plugin “CSV Results”: Comma-separated text table of single results.
  • New pre-defined Report Format Plugin “CSV Hosts”: Comma-separated text table of result overview for each target system.
  • (*) The Scanner preference “silent_dependencies” was removed. It was reducing the number of reported results to only those NVTs that were explicitly selected. This is not necessary anymore because the filtering can now take care of reducing reports. Furthermore, incomplete reports without log information do not offer adequate transparency. In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports.

In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports. Note that when using one of the pre-defined Scan Configurations you will see no changes because these were explicitly selecting all the NVTs.

  • (*) The Scanner preference “host_expansion” was removed. Its purpose was to automatically expand the target hosts. This functionality should not be done by a Scanner, especially because it can lead to unforeseeable expansions. Using one of the pre-defined Scan Configurations or derived ones, no changes of the behaviour will happen.
  • (*) The Scanner will not create explicit results for detected ports anymore. These results had no reference to NVTs and were redundant anyway. An overview on the detected ports is already provided by other NVTs as log information. Additionally the new user interface even offers a explicit tabular overview in identified ports as part of the new report browser.
  • Tasks: It is now possible to configure the order in which the target hosts are scanned: Sequential (like before), reverse and random.
  • Task Details: The list of reports is now handled via the new object management. This also adds the powerfilter to this page.
  • Notes/Overrides: The actual note text is now used as identifier in the list instead of the NVT name.
  • Web-GUI: Consistent access to object details always via identifier in first column. The redundant button for Details is therefore removed from the set of Actions.
  • User management is made available via OMP.
  • Feed management is made available via OMP.
  • Port 80 is automatically redirected to 443. This means that if you enter “http://gsm.example.com” this is automatically changed to “https://gsm.example.com” instead of a failure message of the browser.
  • OVAL Definitions: The overview as well as the details dialog for OVAL Definitions has been reworked.

Patch-Level GOS 3.0:

  • 3.0.39 (2016-08-18):
    • GOS-Admin:
      • A warning appears when start gos-admin-menu saying that this release is retired and should not be actively used (#52993).
      • Bugfix: Prior to upgrading to GOS 3.1, there needs be done a test on BIOS version and presence of a BMC. This is relevant for a factory reset of some GSM Midrange models with a Flash Image older than GOS 3.1 (#61512).
  • 3.0.38 (2015-10-07):
    • GOS-Admin:
      • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53092).
  • 3.0.37 (2015-09-24):
    • Hardware:
      • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52840, GBSA-2015-01).
  • 3.0.36 (2015-06-12):
    • GSR PDF reports: Size limitation extended (#48813, #2015040810000021).
    • GSR/GXR PDF reports: With more than 100 hosts, the topology graph is dropped. The details are not readable anywy and the report creation is accelerated (#49274).
    • Improved import of reports into container tasks. The web interface is now available during the import (#48660).
    • Improved report filter for results (#48543, #2015041610000023).
    • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#49591).
  • 3.0.35 (2015-04-24):
    • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager models (#48657).
    • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#37419).
    • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#47706, #2015031810000031).
    • Bugfix for the OpenVAS Scanner to avoid high CPU load under certain conditions (#41205, #2014081510000029).
    • Bugfix for the OpenVAS Scanner to avoid hanging scan processes when scanning authenticated special network devices with special SSH servers (#47681, #2015031110000016).
    • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#48710).
    • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#47512).
    • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strict (#48237, #2015040210000041).
    • Bugfix for the scanning via slave: Host exceptions of a Target are now considered on the slave (#48112, #2015040210000022).
    • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#47683).
    • Bugfix that prevents timeouts when modifying larger NVT families (#48396, #2015041310000038).
    • Bugfix regarding the change of the “Host-Alive” method (#47935, #2015032710000013)
    • Minor bugfix of NTP configuration to avoid error messages in the log (#47356, #2015021110000027).
    • Bugfix for newly created automatically generated credentials (#47086, #2015021910000067).
    • Bugfix about displaying the trust status of Report Format Plugins (#47092, #2015022310000013).
    • Extensions of the online help for overrides (#47912).
    • Bugfix to prevent timeouts when creating or importing large scan reports (#48305, #48304, #48303, #48268, #2015040910000046, #2015041010000034).
  • 3.0.34 (2015-03-12):
    • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager of type “GSM 100” (#47309).
    • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#44856, #2014073110000063).
    • Bugfix for reports that applied a filter for a single IP address: It was possible that some result entries were missing (#45891, #2015011510000058, #2015022510000037).
    • Bugfix for running scans via slaves: Now the selected port list will be used instead of just the default one (#46692).
    • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46543).
    • Improved performance for lists of reports (#46964).
    • Bugfix for the GSR report plugin: The text entry of overrides was missing (#38158, #2014060310000046).
    • Bugfix for scan progress bar: The progress is now displayed with better accuracy (#46401, #2015020210000053).
    • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46246).
    • Minor bugfix for upgrading GOS 2.2 to 3.0. The removal of an unneeded file directory failed (users-remote). (#46320).
    • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47265).
    • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#47091).
    • Bugfix for schedules that were configured to run for only a very short duration like just 1 minute (#46520).
    • Minor bugfix for a changed external URL in the online help of the web interface. (#46545).
  • 3.0.33 (2015-02-05):
    • Bugfix for Scan Configuration regarding the counter of active NVTs per family. Under certain conditions the number was too high by 1 (#44476).
    • Bugfix for autorefresh: Under rare conditions the session ticket became invalid, making it necessary to log in again (#44673).
    • Consistency fix for alerts: Here the default filter included the element “autofp” while it was not included in the results browser. Now “autofp” was removed from the defaults for alerts (#45083, #2014120310000016).
    • Improved error message for alerts that failed to execute due to missing report plugins (#43915).
    • Bugfix for expanded powerfilter: The checkbox for overrides was not always visible (#44858).
    • Bugfix regarding the delete-user function in gos-admin-menu (#45902).
    • Extended selfcheck of gos-admin-menu to cover the availability of the internal OMP service (#41194).
    • Extension of gos-admin-menu with configuration option for MTU of the interfaces (#44953, #2014121910000059).
    • Bugfix for inactive overrides: Such will not anymore be shown by the Report Plugins (#45076, #2014122210000034).
    • Bugfixes that lower the CPU load under certain conditions (#45564, #45562, #44544).
    • Bugfix for the overrides checkbox for the powerfilter, so that no wrong jump to default powerfilter settings happens anymore (#44905).
    • Bugfix for the Reports view so that now also those reports are shown for which a user has proxy permissions (#44052).
    • Activated Release Change to GOS 3.1 for GSM ONE. (#46468).
    • Lowered the number of reverse-lookups of the GOS base system for NTP in order to lower the log noise in the network monitoring (#45933).
    • Bugfix for permission checks for objects in the trashcan (#44902).
    • Bugfix for individual timeout configuration of NVTs when executed on a slave system (#46297, #2014121110000019).
  • 3.0.32 (2015-01-29):
    • Bugfix that updates an internal TLS certificate. With an expired certificate it is not possible to log in to the web interface. This problem currently occurs only for GSM 600 (#46218).
  • 3.0.31 (2014-12-18):
    • Bugfix for the recovery of a userdata backup for model GSM 500 (#44474).
    • Bugfix for sensor upgrades, especially for Airgap. In case of problems please contact our Support with reference to ticket number 44535 (#44535, #44477, #44444, #2014082010000019).
    • Activated slave assignments: Slaves created by a administrator and made accessible to users will now appear in the users’ selection lists for Slaves and can be used for scanning accordingly. The assignment of slaves currently still only works via direct permissions configuration (#44187, #2014112110000029).
    • Improvement of the behavior of the web interface in case autorefresh and Post requests are combined (#44362).
    • Bugfix about the NVT selection when using older, imported scan configurations where not always all NVTs were actually executed when scanning (#44446, #2014120310000016).
    • For userdata backups it is now possible to configure a backup server (SSH-based) and via gos-admin-menu the userdata backups can be transferred from/to the configured backup server (#43687, #2014110510000032).
  • 3.0.30 (2014-12-04):
    • Performance improvement for operations that retrieve lists of scan reports (#44348).
    • Bugfix for the automatic refresh in the web interface: After submitting a form, the refresh will not try to re-submit the form. This cause the interface to jump to another page (#43714).
    • Bugfix for missing graphs in the GXR report when sent via an email alert. The GXR/GSR reports where reworked regarding some other details, among these an improved timezone indication (#40211, #2014082110000026, #44275, #40028, #2014072410000022, #43853, #2014101410000035).
    • Improvement for starting scheduled scans so that these are started, possibly slightly delayed, even under high system load (#44024, #2014073110000063).
    • Bugfix for occasionally missing logo in the web interface (#43713).
    • Internal improvement to prevent wrong usage of feed synchronisation in the expert mode of GSM administration (#35126).
    • Bugfix that reduces the memory consumption of the scanner (#43581).
  • 3.0.29 (2014-11-29):
    • Urgent security-relevant bugfix about a attack vector for SQL injections. The attacker needs a user account for the GSM. (#44316, #44315, GBSA-2014-02).
  • 3.0.28 (2014-11-13):
    • Simplification of the internal processing for the management of Greenbone OS. Essentially the “Scheduling” phase is dropped for various routines and thus accelerates them considerably. The improved functions are: Sensor Trigger, GOS Upgrade, Feed Sync, GOS Sync, Flash-Image Sync, Airgap, any Backup and Restore (#43776, #42781, #42782, #43298, #43297, #43584, #43618, #43617).
    • Performance improvement for a Master-GSM that controls many sensors where the tasks intensively use automatic alerts (#41734, #43328, #43329, #2014073110000063).
    • The content of the “affected” information of a NVT is now also shown in the results details view and various Report Formats (#40460).
    • Internal improvement for the analysis of NVT bugs by adding more details into the respective log messages (#40418)
    • Improved online help about “Edit Tasks” regarding Alterable Tasks (#41189, #2014091810000031).
    • Bugfix for Selfcheck in GOS-Admin-menu where occasionally a freeze of the selfcheck occurred (#43813).
    • Bugfix regarding schedules that wrongly executed multiple times per day. This problem occurred when timezone changes (#43619, #2014110510000023).
    • Bugfix for Backup/Restore across GOS generations (#43622, #43681, #43715, #43681, #2014082010000019).
    • Extension of the Powerfilter, so that for some objects the presence of sub-objects can be considered. For example it is now possible to apply “schedule=” for task overview to filter for any tasks that do have a schedule associated (#39947, #2014081310000023).
    • Bugfix for timestamps about when a scan of a host finished when done via a scan sensor. Now the timestamp is immediately available when the scan of that host finished and not only when the entire scan finished (#32725, #2013102110000041).
    • Improved response times of web interface when used intensively in parallel (#42029).
    • The pre-configuration of the scan parameter “unscanned_closed_udp” was changed from “no” to “yes” for harmonization with the analog setting for tcp. This prevents some unnecessary timeouts during a scan (#31638).
    • Improved internal consistency checks regarding incomplete update downloads (#35948).
    • Slight performance improvement for Asset Management (#42062, #2014100810000011).
    • Extended user management of GOS-Admin-Menu: Now it is possible to set a new password for a web-admin also at this place (#31074, #2013080610000021).
    • Bugfix so that now the Powerfilter for NVTs includes the script tags (#43455).
    • A analysis of the database about some specific properties can now be executed via GOS-Admin-Menu (menu “Advanced”) (#43686, #41096).
    • Bugfix for the problem that under some specific, non-reproducible conditions some NVTs where not executed for a given target (#43300).
    • In the web interface the task filter selection is now persistent. Choosing a filter there and returning later to task overview will activate that filter again automatically (#39676).
    • In the web interface the refresh setting is now persistent when changing the views (#39673, #2014073110000018)
    • Online help about roles was extended (#42033).
    • Improvement of the Airgap function for GSM 5300/6400 so that the USB Stick device sequence is not relevant anymore (#42021).
    • Internal consistency check for GOS prior version 2.0 now finally removed (#41152).
    • Minor internal improvement to drop false error messages in the boot log (only GSM 600) (#37059).
    • Changed appearance of CLI Admin shell prompt which now includes the hostname of the GSM (#24692).
  • 3.0.27 (2014-10-16):
    • Bugfixes for Airgap feature. In this context a new logic was implemented for this process that prevents various side effects (for example changing device enumeration (#26710, #42149, #42010).
    • Bugfix for GSM 600 and GSM 650 that removes a processor slow-down. The performance of these appliances should increase visibly (#42148).
    • Reduced size of GXR and GSR PDF reports (#31553).
    • Feed-Push and Upgrade functionality for sensors added to gos-admin-menu. This allows to manually start updating sensors for example in case the sensor was not reachable during automatic update (#21553, #33986, #2013122010000021 ).
    • Added switch in gos-admin-menu to change the graphical web interface. Available are the classic view and the extremely reduced German interface “IT-Schwachstellenampel” (ITS) (#37879).
    • Administrative interface: There is a new explicit setting “all” that makes all interfaces administrative interfaces. This is now treated identical to empty or missing setting (#41004).
    • Bugfix for sensor check in selfcheck: This check now behaves in the same way like the check in the Sensor-Management does (#40324).
    • Bugfix for selfcheck in sensor mode: Non-reachability of feed server is not complained about anymore (#37577, #2014051310000011).
    • Extended selfcheck with a warning about TLS certificates that will expire in near future (#39502, #2014072410000102).
    • Changed pre-configured MTA to mail.example.com to avoid confusion (#40741).
    • Bugfix that prevents the internal GOS cron processes trying to send local emails about log data to “postmaster” (#42013).
  • 3.0.26 (2014-09-26):
    • Security update for third party tools used by Greenbone OS. This includes fixes for the vulnerabilities described in CVE-2014-6271 (Shellshock), CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187 in GNU Bash (#41575).
  • 3.0.25 (2014-09-13):
    • Bugfix for the migration of imported report formats with non-unique IDs (#40970).
    • Bugfix for the migration of schedules with missing time zones (#40737).
    • A bug which caused an internal error when attempting to empty the trashcan under certain circumstances has been fixed (#40358).
    • A bug which caused the “alterable” state to be displayed incorrectly in the web interface has been fixed (#40084, #2014081510000011).
    • The name of the task is now included in the PDF, LaTeX, HTML and TXT report formats (#25269).
    • A bug which caused start and end times to be displayed in an incorrect time zone when using slaves in different time zones under certain circumstances has been fixed (#39691, #2014072410000022).
    • A bug which caused the scan status to be displayed incorrectly as “-1 %” when scanning through a slave under certain circumstances has been fixed (#39679, #2014073110000063).
    • CPU usage on the master during slave scan has been reduced considerably, resulting in improved performance (#40120, #2014073110000063).
    • If enabled, JavaScript is now used in more situations to automatically apply the selection in a drop down menu (#39672, #2014073010000047).
    • A bug which cause excessive logging under certain circumstances has been fixed (#40121).
    • The “clone” functionality is now more easily accessible for a number of objects (#39674, #2014073110000027).
  • 3.0.24 (2014-08-22):
    • Bugfix that prevents a migration failure during a release switch. Changes introduced with the GOS 3.0.23 caused a release switch from GOS 2.2 to GOS 3.0.23 to fail during user migration (#40159).
  • 3.0.23 (2014-08-16):
    • Bugfix regarding visibility of GXR PDF plugins in case several copies are used in parallel (#39058).
    • Bugfix for defect masterkeys on sensors so that such are now identified (#38958).
    • Bugfix for the redirection from port 80 to 443 for the case that another than the default network interface is used (#39762).
    • Bugfix about using the administrative interfaces regarding the web interface in case another than the default network interface is used (#34964).
    • Bugfix to remove some false internal log messages about SCAP and CERT databases (#39185).
    • Bugfix for the behaviour of the CLI command “addadmin”. The user management via gos-admin-menu was not affected (#39227, #39245, #2014071510000067).
    • Some non-functional (empty) commands were removed from CLI Admin (#39472).
    • Removal of some since GOS 3.0 unneeded internal data files. Only in very few cases this will visibly lower disk storage consumption (#34966).
    • Bugfix that improves the redirection from port 80 to port 443 for some client applications. Standard browsers were not affected (#38612).
    • Minor bugfix to enable the internal log rotate for a log file (#37483).
    • Feedback button added to results: The details view of a result now offers a button to submit feedback about a scan result to the Greenbone support team (#38249).
    • Bugfix to remove internal temporary backup file while doing a user data backup (#39335).
    • The functionality “pause” for tasks was removed from the web interface. Paused tasks could block a significant amount of memory and stopped tasks can also be resumed (#39914).
    • Bugfix for the import of brute-force login lists within the scan configuration (#39471).
    • Bugfix to allow the multiple import of the very same report format plugins (#38016).
    • Changed the choice of refresh times: Instead of 10s/30s/60s it is now 30s/60s/2m/5m (#36561, #2014040710000024).
    • Bugfix about adding LDAP user accounts to user groups (#38459).
    • Bugfix about usage of filters for which read access was granted (#38787).
    • Minor bugfix about internal process handling when creating a tag (#39936).
    • The functionality “unfold filter” is now also available in the report view “summary” (#38783).
    • Internal extension of so that individual configuration of services is possible in case of very special needs (#37575, #39692, #2014051310000038).
    • IP addresses and hostnames in the report view do now link into the asset management (#39226, #2014071510000049).
    • Extension of the tooltips about hosts in the asset management to name the CPE (#39225, #2014071510000031).
    • Creating new LDAP users does not require to specify a (unused) password anymore (#31438, #2013082810000033).
    • Extension of gos-admin-menu with a hint that reboot is necessary after changes about the SSL certificate (#39503, #2014072410000111).
    • Increased number of possible IPs in host access field for user restrictions to 16,777,216 (#39405, #2014072110000046).
    • Improved LVM based backup functionality for GSM 6×0 (#37820).
    • The name of the task is now visible in the menu of the report view (#38782, #2014063010000021).
    • In CVSS vectors “AU” is now accepted for “Au” (#37710).
  • 3.0.22 (2014-07-11):
    • Bugfix that prevents a system freeze at boot time. Under certain conditions it can happen that a GOS 3.0.20 and GOS 3.0.21 will stop during boot process. The Greenbone Support team knows what to do in this case. In case you upgraded to 3.0.20 or 3.0.21 but have not rebooted the system, please first upgrade to 3.0.22 before doing so. (#39159).
  • 3.0.21 (2014-07-09):
    • Extended Alert type “verinice” with choice of the applied Report Report Format (#38995, #2014070710000037, #38996, #2014070710000046).
    • Bugfix regarding the extended SSL/TLS capabilities that were introduced with GOS 3.0.20. It ensures proper detection of SSL ports which did not happen in 3.0.20 (#38997).
    • Deactivated internal boot log because under certain conditions this caused problems regarding the console (#39007).
    • Bugfix regarding permissions of pre-configured roles: These can now not even more be changed with administrative rights (#38607).
  • 3.0.20 (2014-07-05):
    • Updated and extended SSL/TLS capabilities for both, the GOS services and the actual scanner. This also adds support for PFS (Perfect Forward Secrecy) (#38046, #33832).
    • Added support to configure TLS cipher priorities for OMP and HTTPS via gos-admin-menu (#36507, #38615).
    • Added support for SINA One Way Gateway to allow Feed updates across this gateway from an external GSM to an internal GSM. gos-admin-menu is extended with configuration for both sides, the update master and the update slave (#37854, #38047).
    • In order to allow updates of inhomogeneous GSM setups (for example 5300/600/100) in an internal network from a single external GSM, the GSM Midrange/Enterprise models are now enabled to hand over updates for a variety of GSM types (#38069).
    • In order to allow chained Master-Sensor setup (for example 5300>600>100) support was added configure a GSM to be Master and Sensor at the same time (#38048).
    • Bugfix that resolves database locking issues for Airgap updates that could occur under certain conditions (#38460).
    • Bugfix that adds transfer of CERT data for Airgap updates (#38049).
    • Minor bugfix about global-indicator icons for notes (#38722, 2014062610000011).
    • Bugfix that fixes the problem with multiple entries in the Host Access entry of a user configuration. Now all elements are accepted (#36137, #2014031910000031).
    • Allow scheduled tasks to be also startable manually (#28892, #2013040610000028).
    • Bugfix about triggering GSM 25V upgrades via Master GSMs (#38192).
    • Bugfix for the problem that entering the user/password management in gos-admin-menu sets sensor tasks to “stopped” (#38288).
    • Bugfix for an UTF-8 issue in ITG scan results (#37163, #2014042410000064).
    • Report Format Plugin “verinice ISM” is now a predefined one (#30425, #38708, #2013062610000013).
    • Added support for multiple email addresses for a email alert, rather than just a single one (#37652, #2014051410000036).
    • Minor bug fixes for rendering issues in some Chrome browsers (#35495).
    • Minor bugfix for some synchronisation log message cases (#38197).
    • Bugfix for restoring deleted Groups. Now the users are not lost (#38614).
    • Minor internal cleanup (removal of a left-over file) (#36423).
    • Bugfix to guarantee quick access to user and password management of gos-admin-menu. In some cases to took a considerable time open this menu (#38287).
    • Bugfix about cloning tasks with observers where permissions were dropped wrongly for the clone (#38213).
    • Bugfix to accelerate boot time which in some special cases took about 2 minutes and is now back to a few seconds (#38286).
    • Added check for expired certificate to selfcheck in gos-admin-menu (#35918).
    • Minor improvement about timezones in schedules (displaying and online help) (#38611, #38613).
  • 3.0.19 (2014-06-05):
    • Extension of gos-admin-menu to allow configuration of TLS Ciphers for OMP (#37763, #2014051910000018).
    • Updated guest tools for GSM 25V (#37566).
    • Bugfix for GSM25V regarding a defect boot menu (#38012).
    • Bugfix for the SCAP database to not ignore some specific CVEs in queries (#37236).
    • Fixed typo in gos-admin-menu in a path note (“2.1” vs. “3.0”) (#37561).
    • Bugfix to disallow deleting of a Report Format Plugins via OMP or web interface in case it is still being used for an alert (#37485, #35960).
    • Bugfix for non-self-signed SSL certificates to allow also longer certificate chains (#37863, #2013120910000043).
    • Extension of sensor checks of master GSMs to validate SSL certificates of the sensors (#37414).
    • Bugfix to close a memory and CPU leakage that occurred when using Chrome (#37988).
    • Bugfix that solves the issue that some deleted Report Format Plugins are still shown as long as they are kept in the trashcan (#36509).
    • Bugfix to add newly imported and activated Report Format Plugins to respective drop-down lists (#37457).
    • Bugfix for login procedure of LDAP accounts regarding LDAP server TLS certificates so that now all LDAP accounts can login again (#37458).
    • Bugfix to take care for deleted user account also the configured group and role relationships are removed (#37439).
    • Bugfix to make the boot log visible via gos-admin-menu (#37600).
    • Bugfix to make permissions invisible on a GSM ONE that refer to functionalities that are not available for this GSM anyway (#34539).
    • Improved internal log mechanism so that also very long log messages are not truncated (#37476).
    • Improved error message when deleting a user account (#37451).
    • Bugfix for deleting of user accounts via gos-admin-menu (#37878).
  • 3.0.18 (2014-05-10):
    • Bugfix for Migration (ANALYZE) from GOS 2.2.0 to 3.0 (#37357).
    • Improvement that removed unneeded temporary files (kbs) (#37263).
    • Bugfix regarding encoding which prevented configuration of some NVTs (#37146, #2014042410000073).
    • Bugfix for Feed synchronization routines for master-sensor updates (#37240).
    • Bugfix for sensor check in gos-admin-menu (#37243).
    • Bugfix to prevent that individual timezone settings get lost (#37265).
    • Bugfix that takes care all permissions of roles User and Observer are preserved during a migration from GOS 2.2.0 to 3.0 (#37438).
    • Bugfix to avoid truncated long CPE names in report format GSR (#36508, #2014040410000011).
  • 3.0.17 (2014-04-23):
    • Bugfix for initial database creation (#37045).
    • Bugfix for consistent LCD content (#36544).
    • Improvement of LCD content (GOS version and IP address) (#36281).
  • 3.0.16 (2014-04-17):
    • Improvement for GSM ONE: If the initial web account is still missing, then a corresponding hint is given on the console (#36444).
    • Improvement for upgrades to be more tolerant upon problems that might occur during a data migration (#36546).
    • Bugfix to make the LDAP configuration dialog available (#35363).
    • Bugfix for the TLS settings of the OMP service (#36789).
    • Extension that will automatically create a self-signed certificate at first start of GOS (#36574).
    • Bugfix to allow the AD account names for authenticated proxies in gos-admin-menu (#36586).
    • Bugfix for the redirect from http to https of the web interface (#36762).
    • Bugfix for migration from GOS 2.2.0 (#36764, #36545).
  • 3.0.15 (2014-04-05):
    • The NVTs “Host Summary” and “CPE Inventory” have been disabled for all pre-installed scan configurations. These data are available in the other results sections anyway (#36104, #35927).
    • For GSM ONE the web address is now displayed directly on the console (#36316).
    • Switched internal logging of web service to SysLog (#36340).
    • Formatting improvements of various login messages of the internal administration level (#36201, #36317).
    • Bugfix for Report Format Plugin GSR which failed in some cases (#36282).
    • Bugfix that moves the DHCP log information in gos-admin-menu to the suitable section (#31287).
    • New: Quick-Task Wizard, available on the wizard page of tasks. For GSM ONE this dialog is reduced (no alerts) (#33889, #36424, #28196, #2013022810000017, #2013112510000014).
    • Restricted offer of TLS versions and ciphers of the web interfaces. Older browsers can not access the web interface any more (#35333).
    • The pre-selected Report Format Plugin for prognosis is now the simple PDF report (#26361).
    • Bugfix that removes unneeded temporary files of services that were removed since GOS 3.0 (#36357).
    • Extended scanner capabilities for TLS services (v1.1 und v1.2) (#36109).
    • Bugfix for the setting of results filter for alerts (#36094).
    • TLS ciphers settings of OMP adjusted to the same as for HTTPS (#34747).
    • Bugfix regarding the LCD display control (#36372).
    • Bugfix to have now an absolute path for the location header of the web interface. This improves the use with proxies (#9709).
  • 3.0.14 (2014-03-27):
    • Updated Report Format Plugins GXR and GSR to version 2.0.1 (#35767).
    • Reduced internal log information of Greenbone OS (#35710).
    • Improved support for hypervisor for GSM ONE (#20497).
    • Bugfix for the entry of Alive-Test method in the web interface (#36165).

2013-06-07: Greenbone OS 2.2.0 

Latest patch level: 2.2.0-37 (2015-07-01)

The items marked with (*) will change the default behaviour.

  • Tasks: Now with new object management

Tasks are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Overrides: Now with new object management

Overrides are now handled via the new object management and therefore gain access to the power filter and to the trashcan. Functionalities Clone and Export are also added.

Furthermore Overrides can now be directly created even without necessity to go via a Task.

All user interfaces where lists of Overrides were shown, like for NVT Details, were changed so that the lists are replaced by a link into the Overrides management with a appropriate context filter.

  • SecInfo Management: CVE data with new object management

The CVE Lookup is replaced by the new object management. This makes interactive search, the Powerfilter and many other functions available for CVE data. The Greenbone SecInfo CVE database contains the official CVE database of MITRE with over 50,000 CVEs.

  • SecInfo Management: OVAL database

New element of the SecInfo Management are the OVAL data. OVAL stands for Open Vulnerability Assessment Language and is a formal description for vulnerability evaluation. These information help with the analysis and are cross-referenced via CVE. The Greenbone SecInfo OVAL database contains the official OVAL Repository of MITRE with over 14,000 OVAL Definitions.

  • SecInfo Management: DFN-CERT Database

A new class in the SecInfo Management are the security alerts issued by the German DFN-CERT, the CERT of the German research network. These security alerts are published in German language and are referenced into scan result via CVE identifiers.

  • Port Lists: Now with new object management

Port Lists are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Credentials: Now with new object management

Credentials are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export. Passwords will of course not be present in exported data.

  • Schedules: Now with new object management

Schedules are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Scan Configs: Now with new object management

Scan Configs are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Alerts: Now with new object management

Alerts are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Report Formats: Now with new object management

Report Formats are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Slaves: Now with new object management

Slaves are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Powerfilter: Syntax extension to select backward from current date for a fixed time span in timestamp columns. For example, “modified>-7d” will select all objects modified in the past 7 days.
  • Powerfilter: Syntax extension to select exact matches in multiple fields. For example, “=192.168.12.1” will select all objects where any of the fields contains exactly this IP.
  • SCAP Feed-Update: This function is now also available via the Web-Interface in the Administration area. However, the updates are still done automatically in the background. A manual start is rarely needed in special situations.
  • Personal default powerfilters: In “My Settings” it is now possible to set a preferred Powerfilter for each object class. If you open the overview of the object class, for example the Task overview, automatically your personal default Powerfilter will be used to apply your preferred sorting and filtering.
  • Agents: Now with new object management