Greenbone Products: Roadmap & Lifecycle

Greenbone OS: Supported Versions

Version
Greenbone OS 20.08
Lifecycle Status Mature
End of Life 2021-11-30
Patch Level 20.08.8 (2021-03-18)

Greenbone OS Lifecycle Status:

February 2021

Greenbone Security Manager Lifecycle Status:

February 2021

Greenbone Changelog

 

2020-08-31: Greenbone OS 20.08

Latest Patch Level: 20.08.8 (2021-03-18)

Lifecycle Phase: Mature

20.08.8 (2021-03-18):

  • Greenbone OS:
    • Improvement: The RAM limits for the GSM ONE and 25V appliances have been increased to 6 GB (#GPE-67).
    • Improvement: The gvm-tools included in GOS were updated to version 21.1.0 (#GPE-45).
    • Improvement: A GOS menu option to migrate all GMP sensors to OSP sensors has been added. The option will migrate the sensor configuration in GOS as well as in the web interface (#GPE-70).
    • Bugfix: If the Remote Syslog service was enabled, upgrades from GOS 6.0 to GOS 20.08.7 failed (#GPE-49, #2021021910000028, #2021021810000075, #2021021810000084).
    • Bugfix: If the HTTP Strict Transport Security (HSTS) functionality was enabled, upgrades from GOS 6.0 to any version of GOS 20.08 failed (#GPE-66, #2020121610000052).
    • Bugfix: Testing the configuration of a remote backup server added the public SSH key of its IP address without a new line to the SSH known hosts, causing subsequent connections to fail (#GPE-48, #202102221000002).
    • Bugfix: The logging of airgap feed updates on airgap sensor appliances failed partially (#GPE-69).
    • Bugfix: When importing a beaming image from a different GOS version, the migration of the SCAP database could fail (#GPE-71).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-03-18 (#GPE-44).
  • Vulnerability Management:
    • Bugfix: Invalid references in NVTs could cause database errors, resulting in missing NVT reference data. All NVT references are now validated before they are processed (#GPE-57).
    • Bugfix: Clicking hyperlinks to operating system assets in the web interface could cause an error in some cases (#GPE-34, #2021020210000069).
    • Bugfix: Scan tasks on GMP sensors failed if the same task was started multiple times on the master, or if they were not properly removed from the sensor after completion and then started again on the master. Timestamps are now added to GMP sensor task names to prevent this issue (#GPE-59, #2020101410000051).
    • Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used. The web interface has been adjusted to always show port 22 now (#GPE-51, #2021022610000014).
    • Minor improvement: The error messages when requesting invalid SecInfo items via the GMP API were improved (#GPE-58).
  • Vulnerability Scanning:
    • Bugfix: Scanning a target with an underscore character (“_”) in its hostname resulted in an interrupted scan (#GPE-32, #2021011110000035).
    • Bugfix: Scanning a single, unreachable target resulted in an interrupted scan (#GPE-65).
    • Minor improvement: The logging of interrupted scans was improved for debugging purposes (#GPE-25).

20.08.7 (2021-01-25):

  • Greenbone OS:
    • Improvement: A 8 GB SWAP partition was added for the virtual midrange appliances GSM DECA, TERA, PETA, and EXA (#GPE-3).
    • Bugfix: The GOS menu option “Setup > Master > Sensor > Test all sensor connections” caused a traceback in GOS 20.08.6 (#GPE-6, #2020120310000059).
    • Bugfix: The GOS menu option “Setup > Feed > Synchronization” caused a traceback in GOS 20.08.6 (#GPE-24, #2021010810000014, #2021011210000088).
    • Bugfix: Upgrading to GOS 20.08.6 showed a false-positive warning for the hostkey integrity check (#GPE-20, #2020120110000071).
    • Minor improvement: The output of the GSM integrity check is now included in the GOS support package for debugging purposes (#GPE-10).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-01-21 (#GPE-28).
    • Minor bugfix: The GOS CPU and RAM limits for the GSM ONE and 25V appliances have been corrected to match the VM specifications (#GPE-22).
    • Minor bugfix: The GOS state variable “report_results_threshold” was missing in GOS 20.08 (#GPE-27).
  • Vulnerability Management:
    • Bugfix: If an attempt was made to delete the “Feed Import Owner” user and the deletion failed, all “data-objects-via-feed” report formats became unusable (#GPE-4, #2020111110000027).
    • Bugfix: A memory leak in the manager service when handling the scan progress was fixed (#GPE-7).
    • Bugfix: A problem where data-objects-via-feed scan configs could not be created due to vulnerability tests not having a family was fixed. Scan configs are now created in all cases and updated once the vulnerability test family information becomes available (#GPE-14).
    • Bugfix: It was not possible for super admin users to save changes to their own user settings. Most settings can now be changed and saved, with the exception of the user name (#GPE-15).
    • Minor improvement: For host assets with TLS certificates a direct link to the certificate was added on the host detail page. The link can be found in the upper left menu bar (#GPE-12).
    • Minor bugfix: The alert condition “Condition: Severity level changed” was erroneously displayed as “Severity level increased” on the alert list page (#GPE-11).
    • Minor bugfix: Creating permissions for an object without related resources displayed an erroneous menu option (#GPE-13).
    • Minor bugfix: German “Umlaut” characters are now supported in the Business Process Map (#GPE-8).
  • Vulnerability Scanning:
    • Bugfix: Modifying the mtime of a vulnerability test plugin file could bypass the signature check when the scanner loaded the file. With the fix, an error is now logged and the file is not loaded (#GPE-1, ##2020100610000011).
    • Bugfix: When running SNMP-related vulnerability tests, the scanner could return unexpected strings or an incomplete response (#GPE-5).
    • Minor improvement: The SSH timeout can now be configured by vulnerability tests. If no configuration is provided, the default of 10 seconds will be used (#GPE-17).

20.08.6 (2020-11-30):

  • Greenbone OS:
    • Extension: Alerts and Schedules are now available on the GSM ONE (#152653).
    • Improvement: The gvm-tools included in GOS were updated to version 20.10.1 (#150912).
    • Improvement: To prevent problems, major GOS upgrades are no longer possible if there is not enough storage space left for the database migration (#147578).
    • Improvement: If the Greenbone Feed Signing Key, which is required for the validation of GOS upgrades, is expired, upgrades are no longer possible instead of failing. For a solution, contact Greenbone Networks Support (#93687, #148007).
    • Bugfix: During a master-sensor feed update, not all NVTs were updated on the sensor in some cases (#150662, #2020101910000051).
    • Bugfix: The GOS system integrity check could report a false positive warning after a GOS backup was restored (#147070).
    • Bugfix: The LCD display service could sometimes fail on GSM models 5300 und 6400 (#136798, #2020032710000049).
    • Bugfix: During the first time setup wizard, the feed server is no longer contacted twice in rapid succession. This could cause problems in combination with the Greenbone Community Feed server. Users of the Greenbone Security Feed Server were not affected (#120005).
    • Bugfix: SSH keys of the types ‘rsa-sha2-256’ and ‘rsa-sha2-512’ are now supported (#150121, #2020101910000069).
    • Minor bugfix: The spelling and usability of the GOS administration menu have been improved (#101818, #103537, #123181, #144657, #150664, #2019062610000057).
    • Minor bugfix: Uninstalling the gsm-debug meta-package did not uninstall all contained packages (#147286).
    • Minor bugfix: The collected service could generate excessive, but harmless log messages (#68977).
    • Minor improvement: The full GOS version including the current patch level is now shown on the GOS login screen (#116817).
    • Minor improvement: If no SSH host keys exist, they will now be re-created when enabling the SSH service (#149548).
    • Minor improvement: A command line setting to configure the timeout of SCP alerts has been added (#144727).
    • Minor improvement: Help texts have been added for running the GOS integrity check via the command line (#146804).
    • Minor improvement: All files included in the Greenbone Support Package are now non-hidden by default (#81612).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-11-30 (#152775).
  • Vulnerability Management:
    • Improvement: The alert condition ‘[Filter] matches at least [x] result(s) NVT(s)’ has been added (#148607, #2020092310000036).
    • Improvement: When editing a ‘Username + SSH Key’ credential, the correctness of the password is now verified (#112159).
    • Bugfix: Deleting and then re-downloading a scan config that had all NVTs of a family selected, e.g. ‘Full and very deep’, caused that family to have no NVTs selected (#150579, #2020102210000053, #2020102610000019)
    • Bugfix: If a IP addresses of target hosts were configured with a leading zero in an octet, e.g. ‘192.168.50.010’, the maximum number of hosts was calculated incorrectly, and vulnerability scans could fail (#151801, #2020111010000029).
    • Bugfix: If a target credential cannot be decrypted, an unauthenticated vulnerability scan without a credential will now be run against the target. Previously, the scan would remain in the status ‘Requested’ indefinitely (#149549).
    • Bugfix: For SCP alerts the handling of usernames and destination paths has been improved in combination with Windows systems. In addition, a configurable timeout has been introduced for the SCP alert to prevent it from running indefinitely in some situations (#144727, #2020071610000044).
    • Bugfix: It was not possible to delete a web user, if the user owned TLS certificates, and no inheriting user was provided (#149652, #2020101410000078).
    • Bugfix: When deleting a web user, web interface settings will no longer be inherited. This will prevent settings of the inheriting user from being overwritten (#149652, #2020101410000078).
    • Bugfix: It was not possible to delete orphaned permissions in all cases (#150186, #2020102110000019).
    • Bugfix: The verification of ports and port ranges when editing a port list has been improved (#149776).
    • Bugfix: The ‘scan_nvt_version’ XML tag in XML reports was empty erroneously (#150569, #2020102210000071).
    • Bugfix: Moving a data object via feed scan config or policy to the trashcan generated excessive, but harmless log warnings (#149299, #2020100710000046).
    • Bugfix: Two SQL errors that could occur when rebuilding the SCAP or CERT databases have been fixed (#151175).
  • Vulnerability Scanning:
    • Bugfix: If a host name in a list of target hosts could not be resolved, scans could fail with the status ‘Interrupted’ (#150988, #2020102810000033).
    • Bugfix: When configuring a target IP with a subnet mask of less than /24, addresses ending in ‘.0’ are now supported (#150990).
    • Bugfix: When the host name resolution of a target resolved it to more than one IP address, the scan progress bar percentage could show ‘100%’ even though the scan was still in progress (#149349).
    • Bugfix: For scans with a SNMP credential, the SNMP community ‘None’ was erroneously used when configuring no community. An empty string is now used to assure that no community will be used (#149649).

20.08.5 (2020-10-15):

  • Greenbone OS:
    • Bugfix: Activating DHCPv6 could cause an error (#149180).
    • Bugfix: GOS upgrades did not stop as expected, if the packages to be upgraded could not be verified. An empty upgrade was applied in this case (#149212).
    • Bugfix: Vulnerability scans could erroneously show missing ‘iTLB multihit’ Linux kernel mitigations for GOS. Since no virtualization is in use, the system was and is always protected by the kernel unconditionally (#146845).
    • Minor bugfix: During feed updates, cosmetic known hosts warnings for the IP address ‘172.30.2.22’ appeared (#146729, #2020100210000028)
    • Minor improvement: The postgres database migration during GOS upgrades has been improved (#148526).
    • Minor improvement: To prevent problems, major GOS upgrades are no longer possible if a global gateway is used, but no global gateway interface is configured (#147418).
    • Minor improvement: The warning text displayed if a GOS upgrade is blocked has been updated (#148006).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-10-15 (#149706).
  • Vulnerability Management:
    • Bugfix: The Scans > Vulnerabilities page in the web interface could fail to load due to an error (#143484).
    • Bugfix: A database deadlock could occur if changing the feed import owner and browsing scan results at the same time (#146803).
    • Bugfix: The ‘Auto Delete Reports’ functionality did not work on GSM models that do not support schedules (#133136, #2020020310000041).
    • Bugfix: The advanced task wizard in the web interface no longer offers to create a schedule on GSM models that do not support schedules (#147660, #2020091010000122).
    • Bugfix: The number of hosts shown per operating system on the Assets > Operating Systems page included operating systems for which the user did not have permissions to view (#140467).
    • Bugfix: When changing the name or comment of a scan configuration or a policy that was in use, an erroneous warning was displayed (#120605, #147669).
    • Bugfix: Filters attached to SecInfo alerts could not be edited and saved (#109311, #2020081710000022, #202008171000002).
    • Bugfix: The placeholder ‘$U’ did not work for e-mail alerts (#148533, #2020092310000036).
    • Bugfix: Saving invalid values for the ‘Rows Per Page’ setting in the ‘My Settings’ menu is now prohibited, and corresponding tooltips have been implemented (#148529).
    • Bugfix: The deprecated ‘SecInfo’ filter setting has been removed from the ‘My Settings’ menu (#149179, #2020100510000031).
    • Bugfix: TLS certificates from container tasks, or belonging to other users, could not be downloaded even with permissions (#148892, #2020092810000081).
    • Bugfix: TLS certificates downloaded via the web interface could not be re-uploaded via the API (#125191).
    • Minor improvement: The tooltip for override indicators on result details pages in the web interface has been improved (#146799).
  • Vulnerability Scanning:
    • Bugfix: SNMPv3 authentication for vulnerability scans failed, if no SNMP community was configured, even though the SNMP community is not relevant for SNMPv3 (#148611).
    • Bugfix: Vulnerability scans failed, if a scan configuration or policy without any NVT preferences was used (#148894).
    • Minor improvement: The error handling for WMI queries has been improved. Previously the logging was too verbose and included events that were not errors, but expected behaviour (#125438).

20.08.4 (2020-09-23):

  • Greenbone OS:
    • Extension: The former ‘Greenbone Community Edition’ virtual appliance has been updated to GOS 20.08 and renamed to ‘GSM TRIAL’ (#148403).
    • Bugfix: Virtual GSM appliances with EFI/UEFI boot mode could fail to boot after being exported or cloned (#148262).
    • Bugfix: The ‘GSM Installation and Rescue’ GRUB option did not boot the GOS installer as expected (#148530).
    • Bugfix: The USB power management on GSM hardware appliances could consume excessive CPU time (#147583).
    • Bugfix: The verification of a downloaded flash image would always fail (#147878).
    • Bugfix: Sensor scans via a proxy could fail for OSP sensors (#147582).
    • Minor bugfix: The GOS version was not displayed correctly in the GOS installer (#147658).
    • Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148266).
    • Minor improvement: The description of the ‘Setup > Services > SNMP’ menu has been extended, it now includes a warning that saving SNMP configuration changes will stop all running scans (#148479).
    • Minor improvement: A warning has been added when using the command ‘su’ incorrectly in the Greenbone OS command line administration (#147666).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-22 (#147872).
  • Vulnerability Management:
    • Improvement: For Compliance Audits, the base colouring of all non-compliant audit status has been adjusted to red. This way, non-compliant audits can be identified much quicker, for example, a 0% compliant audit status will now be always shown in red (#147577).
    • Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147870).
    • Minor bugfix: On Schedule and Report Format details pages in the web interface, the ‘Move to trashcan’ button was incorrectly shown as a ‘Delete’ button (#147936).
  • Vulnerability Scanning:
    • Improvement: Experimental TLS 1.3 support has been enabled for the OpenVAS vulnerability scanner (#145963).
    • Improvement: Experimental SNMPv3 support has been enabled for the OpenVAS vulnerability scanner (#57662).
    • Bugfix: Stopping a vulnerability scan could fail in some cases (#147124).

20.08.3 (2020-09-10):

  • Greenbone OS:
    • Bugfix: GOS could not be installed with EFI/UEFI boot mode on VirtualBox 6.1.14 or later (#147300).
    • Bugfix: If no network interface as assigned to the global gateway, upgrades from GOS 6.0 failed (#147215, #2020090410000018, #2020090710000012, #2020090710000067, #2020090710000101).
    • Bugfix: The package ncat was erroneously removed when upgrading to GOS 20.08 (#147574).
    • Bugfix: Feed updates via proxy could fail on GSM models 35 and 25V (#147437).
    • Bugfix: Removed an unnecessary menu option to configure the sensor protocol for GSM modes 35 and 25V. These appliances will always use the OSP protocol (#147301).
    • Minor bugfix: Reduced the amount of error messages when the feed import owner had been set, but no feed was present on the system. These error messages were expected and are harmless (#147303).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-10 (#147570).
  • Vulnerability Scanning:
    • Bugfix: Only the default alive test method was applied (#147302, #2020090810000038).

20.08.2 (2020-09-07):

  • Greenbone OS:
    • Extension: EFI/UEFI boot mode has been implemented for all virtual GSM appliances shipped with GOS 20.08.2 or later (#147079).
    • Improvement: The GOS upgrade functionality has received several internal improvements and fixes (#147130).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-07 (#147129).

20.08.1 (2020-09-03):

  • Greenbone OS:
    • Bugfix: The settings ‘Management IP (v4)’ and ‘Management IP (v6)’ were not applied (#147079).
    • Bugfix: GOS upgrades no longer fail if the system integrity is compromised. However, after the upgrade, a system integrity warning will be displayed (#147125).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-03 (#146861).
  • Vulnerability Management:
    • Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#146855).
  • Vulnerability Scanning:
    • Bugfix: In rare cases stopping a scan task could cause system instability (#146802).

20.08.0 (2020-08-31):

      •  
    • Scan Queueing: To prevent scans from overloading the system and from starting at an inappropriate time (e.g., during a feed update), a scan queue management has been introduced. Scan tasks are only started if sufficient system resources are available. The available resources depend on the GSM model, the GOS version used, and the current workload of the system. If too many tasks are started and running at the same time and not enough resources are available, scans are added to a waiting queue. A new status bar “Queued” has been introduced.
    • Performance Improvements: Due to scan queueing as well as other architecture improvements, the number of scans that can be run simultaneously has been increased in GOS 20.08 when compared to GOS 6.0. On a GSM 400 we measured more than twice the capacity with GOS 20.08 in comparison to GOS 6.0.
    • Data Objects via Feed: With GOS 20.08, scan configurations, compliance policies, report formats, and port lists by Greenbone Networks will be distributed via the Greenbone Security Feed. This allows for direct updates of existing objects, and for the publication of new scan configurations, compliance policies, etc. for current, hot NVTs. In addition, users will not need to manually download additional files from the Greenbone website anymore.
    • Beaming: Beaming makes it possible to copy the current state of a GSM to another GSM. The data may be transferred directly and securely from one GSM to another, or it may be saved for a later transfer. The data includes all user data (e.g., tasks, reports, results) and – optionally – system settings, i.e., the GOS configuration. Beaming makes it much easier to upgrade from one GSM model to another while still keeping all previous data.
    • Business Process Map:The Business Process Map (BPM) can be used to illustrate the impact of collected scan results on a business. Each process has assigned hosts and will be highlighted based on the highest severity of these hosts. This way, it is possible to see the vulnerability of processes and their impact on any linked processes at a glance, determining the risk to the company based on the location of a host within the process chain.
    • Updated Feed Status Page: The feed status page of the web interface has received several improvements. The status of the objects that are distributed via the feed (scan configurations, compliance policies, port lists and report formats) is now included in the table. In addition, the feed status page now shows if a feed update is in progress.
    • Start Task via “New SecInfo” Alert: Starting a task automatically after a feed update is now possible. This feature unlocks the combination of a “New NVTs/CVEs/CPEs…” alert event and the “Start Task” alert method in the web interface.
    • GOS Backup Compatibility Checks: The Greenbone Operating System (GOS) now checks whether a backup is suitable before restoring the backup. Unsuitable backups cannot be restored, and warnings may be displayed. This feature prevents errors when restoring backups.
    • Comprehensive Update of the Base System: For GOS 20.08, the underlying Linux foundation of GOS was updated to the latest version.

Lifecycle Scheme

 

The lifecycle of Greenbone OS release follows a distinct graduated scheme. In doing so, we take care of:

      • Stability of each release
      • Seamless and simple migration path
      • Comfortable way to the technological state of the art

Greenbone OS Lifecycle Phases

      • Planning: during the planning phase we also consider any wishes and proposals of our customers for new or extended functionalities.
      • Development: some new functionalities are implemented, some are still in progress. The final feature set is still open to be determined. As soon as a upcoming release enters this phase, it appears on our Roadmap.
      • Alpha: a first version of the new Greenbone OS is assembled and handed over to an internal test group. It is still possible to add further functionalities, but adding larger ones needs to be justified. The first QA system for this release is set up and will be active until the retirement of the release.
      • Beta: the feature set is now fixed. The new Greenbone OS is made available to an extended group of testers, including selected partners and customers.
      • New: the new release is available for some GSMs, but not all yet. Step by step, all GSMs will be supported during this phase. The new release is removed from the roadmap and appears on the page Greenbone OS: Current.
      • Mature: any existing GSMs can now be migrated to the new release.
      • End-of-Life: as soon as a date for the End-of-Life is published, the release enters the End-of-Life phase. Users are encouraged to upgrade to a newer release.
      • Retired: the End-of-Life date is reached. Such an old version may still be present on some flash system and reactivated via a factory reset. In that case, the upgrading to a new release is still supported.
        The release now leaves the QA process. The corresponding QA systems are finally switched off. The release is also removed from the list of current releases and moved into the Archive.
      • Obsolete: no support whatsoever anymore.

Greenbone OS Lifecycle Levels

      • Patch Level: the last number of a GOS version indicates the patch level, e.g., “21” in “3.0.21”. Prior to GOS 3.0, the patch level was indicated with a dash (e.g., “2.0.0-21”).
        Always the newest patch level is fully supported within a release. For all previous patch levels the upgrade to the newest patch level is supported. A patch level upgrade will not change any default behavior. Neither will it introduce major changes of functionality.
        Information about the newest patch levels is made available via the newsletter and via the page Greenbone OS: Current.
        The intention of patch level upgrades are bug fixes and minor new feature as long as they do not require migration or API changes. In addition to this, Greenbone OS security upgrades are managed via patch level upgrades.
        Patch level upgrades are executed easily. Prior to opening a new support ticket, you should always verify the defect is present with the newest patch level.
        The counting of patch levels starts with 0. The first patch level of a new release (for example 3.0.0) is the first alpha version. Before a new release reaches the customers, the patch level counter reflects the number of alpha and beta iterations.
      • Release: the middle number of a GOS version indicates the release, e.g., “0” in “3.0.21”.
        Within a generation all releases are supported for some time. Once it is clear that the next release will also be the next generation, the latest release of the generation becomes subject to Longterm Support (LTS Release) while the older releases of that generation are only supported with regard to upgrading to the LTS release. GOS 2.2, for example, is a LTS release because the next release included a change to the next generation, GOS 3.0. In this case, the support for GOS 2.0 and GOS 2.1 ended earlier than for GOS 2.2.
        The End-of-Life of a release is always announced at least 3 month in advance, for a LTS release even 6 month in advance. The newsletter will regularly inform about such deadlines and all states and deadlines can be reviewed at any time on this page: Greenbone OS: Current.
        The intention of a release is the introduction of new functionalities and the extension of existing ones. This may even include changes of the default behavior. Subject are the scanner itself, the web interface, the API and the administration. The upgrade of the flash system of hardware-based GSMs is typically not subject for a release. Migration of the database is usually mandatory and will be executed automatically.
        Because a release upgrade means considerable changes, the administrator must explicitly select a release change. If this is done, the release upgrade is done the same way as a regular patch level upgrade.
      • Generation: the first number of a GOS version indicates the generation, e.g., “3” in “3.0.21”.
        The End-of-Life of a generation happens never earlier than at least one year after the following generation was released to the users. Another precondition is the presence of a flash upgrade and a guide for upgrading and migrating to the next generation.
        The intention of a Greenbone OS generation is the introduction of an entirely new basis in order to provide the user with the newest state-of-the-art without making any compromises.
        Usually, with a new generation also the flash system of the GSM hardware is updated as well.