Operating System Greenbone OS

Lifecycle, Roadmap and Patch Level Upgrades

Our latest versions:

Greenbone OS 3.1 Greenbone OS 4.2 Greenbone OS 4.3
Patch Level: 3.1.48
Patch Level: 4.2.22
Patch Level: 4.3.2
Lifecycle Status: Mature, LTS Lifecycle Status: Mature Lifecycle Status: New
Available for all platforms Available for all platforms Available for GSM ONE, GSM 100

Find more information here:

New and improved functions for our latest releases including detailed documentations are listed here: GOS 3.1, GOS 4.2and GOS 4.3.

Releases under development are listed here: Roadmap

The graduated scheme for each Greenbone OS release is listed here: Lifecycle

Releases beyond status End-of-Life are listed here: Old Releases

Greenbone OS Lifecycle Status: August 2018

GOS 3.1

2015-01-26: Greenbone OS 3.1

Latest patch level: 3.1.48 (2018-09-05)

The items marked with (*) will change the default behaviour.

  • New: Dynamic charts “bar-chart”, “donut” “lines” and “bubbles” for SecInfo Management of the web interface. For each object types, two chart types can be selected. Each chart can be detached into a window of its own, the underlying data can be exported in CSV format or opened as HTML table, the SVG representation can be opened in the browser or be exported.
  • New: Dashboard overview for SecInfo Management of the web interface. It consists of 4 charts which can each be individually selected by type and combined with a powerfilter. The configuration is persistent for each user.
  • New: Dynamic diagrams for tasks analog to SecInfo Management.
  • New section “Results” under menu “Scan Management”. This section offers a object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
  • New: SecInfo object type “CERT-Bund” which are the advisories published by the German federal CERT.
  • New: Attribute “Solution Type” for NVTs and results.
  • New: Bulk actions for example to remove or download many objects within a single action.
  • New: Configuration type “Scanner” allows to configure additional scanners of type OpenVAS (the default and pre-configured one) or OSP-based scanners. OSP stands for OpenVAS Scanner Protocol which can be used to wrap up arbitrary scanners with a generic interface to be handled generically for the vulnerability management. The task management is extended with scanner-type dependent  alternatives. These features prepare the integration of OSP scanners. Any default settings and behaviour remains like in the previous Greenbone OS release. OSP is entirely optional.
  • New: Option for anonymous guest access. Apart from the new role “Guest” which is similar to role “Info” allowing access only to the SecInfo section, there is now the opportunity in gos-admin-menu to enable access for guests. This makes it also possible to use static URLs to link into certain views in the SecInfo section.
  • New: Role “Monitor” that allows access to the performance data of the GSM.
  • New: Role “Super Admin” that allows access to all objects of all users.
  • New: Permissions “Super” that for example allows to create Group Administrators.
  • New: The filenames for Downloads can now be configured via “My Settings”.
  • New: Wizard for modifying a task.
  • GXR/GSR: These report format plugins were re-worked. Especially GSR was changed to have less pages for the same content and to get created faster.
  • Tasks: The dialog for setting permissions is re-worked.
  • Timezones: The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
  • (*) Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up to GOS 3.0, a second session always invalidated the previous one regardless of which browser is used.
  • For any web interface page, the duration of the backend operation will be shown at the bottom.
  • (*) Credentials: The public key of SSH credentials is not required anymore because it is extracted from the private key.
  • Credentials/Targets: Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
  • New: Statistics module at OMP level represented by the command “GET_AGGREGATES” which is also the foundation for charts.
  • (*) When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With GOS 3.0 the scanner immediately stopped activity and did not return so far collected host details. With GOS 3.1 this is now transferred to the database.
  • New internal inter-process communication of scanner.
  • Memory consumption of scanners reduced by 50%.
  • (*) Dropped support for pausing of tasks (OMP).
  • (*) Dropped support of outdated “openvasrc” Format (OMP).
Patch-Level GOS 3.1:
  • 3.1.48 (2018-09-05):
    • Vulnerability Scanning:
      • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#100238, #2018082010000021)
  • 3.1.47 (2018-03-13):
    • Greenbone OS:
      • Improvement for Migration to GOS 4 to allow a headless reboot (#88557).
      • Add public part of new upcoming Brainpool ECC feed signing key (#78138).
    • Scanner:
      • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88919).
      • Improvement: Prepare for handling upcoming Brainpool ECC feed signing key (#77601).
  • 3.1.46 (2018-01-06):
    • GOS-Admin:
      • Bugfix: Download of GOS 4.2 image now always correct for GSM 5300 model (#85212).
      • Improvement: Last preparations for migration of models GSM 500/510/550  (#84855).
  • 3.1.45 (2017-12-29):
    • Web Interface:
      • Bugfix: It was not possible to create schedules that start in the year 2018 (#85036, #2017122810000018).
  • 3.1.44 (2017-12-15):
    • GOS-Admin:
      • Improvement for migration of GSM 25 and 100 to GOS 4.2: Depending the status of BIOS/EFI/Firmware it could happen that a manual step is required. This improvement handle some of the cases. (#83790, #83964).
      • Improvement of migration from GOS 3.1 to GOS 4.2 of Midrange and Enterprise models (#83894, #83788, #80288).
  • 3.1.43 (2017-11-30):
    • GOS-Admin:
      • Improvement: During the upgrade from GOS 3.1 to 4.2 for GSM 25 and GSM 100, the system now boots automatically into the GSM installation system after the Flash update. This removes a manual step (#80049).
      • Extension: For the upcoming release of the migration of GSM 25 to GOS 4.2, the automatic transfer of the system configuration was added (#81118).
  • 3.1.42 (2017-11-17):
    • GOS-Admin:
      • Activation of upgrade menu for GOS 4 in GOS-Admin-Menu. An actual upgrade is only possible once the flash image for the respective GSM model becomes  available on the Greenbone Feed Server. The first one will be GSM 100 on November 20th. The availability of each model will be announced via the Greenbone Newsletter (#80049).
  • 3.1.41 (2017-09-05):
    • Web-Interface and OMP:
      • Bugfix: For scheduled tasks it sometimes happened that they were not executed according to their configured schedule or were executed too often (#77726, #2017062610000015, #78080, #2017071810000038).
    • Scanner:
      • Change of the scan method for authenticated scans of Windows systems: A replaced protocol layer now allows to scan Windows systems configured with any combination of SMBv1 and  SMBv2. Furthermore, there are no more situations where the scanner needs to use a volatile agent to access the registry service (#61498, #77109).
  • 3.1.40 (2017-08-05):
    • Web-Interface and OMP:
      • Workaround: When extensively using a combination of permissions and overrides the editing or deleting of overrides can lead to longer cache update. Multiple actions can sum the duration up. The new personal setting “Auto Cache Rebuild” allows to disable the automatic cache temporarily in order to apply multiple changes quickly (#76403, #2017071810000038).
  • 3.1.39 (2017-07-03):
    • Web-Interface and OMP:
      • Bugfix for editing a target object which has many host entries or which has syntax errors. This also removes the limitation of 2000 characters for the dialog of the web interface (#73059, #64285, #2017051910000049, #2016110210000061).
      • Improvement for slave passwords: Some special characters are now allowed (#72910, #2017050810000079).
      • BugFix for Super-Admin: This user was missing write access to notes and overrides of other users (#65028).
      • Bugfix: Under certain conditions it happened that during a feed update it was not possible to stop a scan task (#63837, #2016101710000044).
      • Performance improvement: For the combination of notes/overrides and task permissions the creation and the editing was accelerated in the backend (#73961).
      • Bugfix: When starting scans concurrently, it could have happened that some scans were blocked (#74876, #2017061910000047).
    • GOS-Admin:
      • Further preparations for the upgrade from GOS 3.1 to GOS 4 (#74401, #73429).
    • Scanner:
      • Performance improvement: Especially for large scans and for many HTTP pages sometimes latency effects happened. Due to some optimizations, such scans should be faster by about 3% and consume 20% less of CPU time. Also latency effects are considerably reduced (#71135).
  • 3.1.38 (2017-06-20):
    • Web-Interface and OMP:
      • Security Bugfix: It was possible for an authenticated  GSM user to delete the network interface setting of tasks of the other users. The models GSM ONE and 25V were not affected (#74682).
      • Performance improvement: For the combination of overrides and task permissions the caching for the tasks/results overview was optimized. Instead of updating the cache only upon need, it is now created after each scan report completed and after a override is created/updated. This accelerates the first login after changes happened to reports or overrides. This problem occurred only for users accounts not being the owner of the scan data (#73961, #72048, #68483, #2017042710000044).
      • Bugfix: For credentials used for authenticated scans of Windows systems, it was not possible to use the Euro symbol (#47080, #2015022010000055).
      • Bugfix: When importing a HTML report into MS Word, it could come to font problems (#67606).
      • Bugfix: Schedule were executed multiple times when they fall into daylight saving change (#70613, #2017040510000022, ##2017040310000017, #2017041010000058, #2017041210000018,#2017041310000061).
      • Bugfix: Under certain conditions when editing a powerfilter, an error message regarding “saver_filter_omp” could occur (#70093, #2017032910000024).
      • Change for the report auto-delete settings for tasks: The allowed minimum was reduced from 5 to 2 (#66470, #2017012310000011).
    • GOS-Admin:
      • Further preparations for the upgrade from GOS 3.1 to GOS 4 (#67409, #66266, #65983, #66348, #65984, #66267, #66268, #73642).
    • Scanner:
      • Bugfix: In some cases a scan test did exceed the configured timeout and was running for up-to 60 minutes (#67838).
      • Minor bugfix: In very rare cases an internal error occured for a scan (“invalid next size”) (#48814).
  • 3.1.37 (2017-02-21):
    • Web-Interface and OMP:
      • Performance improvement for the combination of many overrides and role based permissions (#67958).
      • Performance improvement for large number of LDAP-authenticated users (#67318).
      • Improvement: Documentation, logging und functionality for alert type “SCP” (#64696).
      • Bugfix: The selection of the Report Format Plugins for a “SCP” alert is now considered correctly (#64862, #2016112410000065).
      • Bugfix: Schedules with a period over 1 month were exexuted monthly (#65010, #2016120810000021).
      • Bugfix: A schedule with monthly period was removed from a task in case no duration was specified (#64362, #2016100610000065).
      • Improvement: The Report Format Plugin “CSV” now protects quotes in strings (#64678).
      • Minor bugfix: In very rare cases the internal timestamp about the feed status was not correctly processed (#66146).
    • GOS-Admin:
      • Improvement: It is now possible too update sensor certificates via the master. This is now part of “Reset all sensor certificates” (#51245, #51242, #2015072710000015).
      • Minor bugfix for rare cases during migration to GOS 4 (#67094).
    • Scanner:
      • Improvement: Detection of special host names in TLS certificates (#64997).
  • 3.1.36 (2016-12-23)
    • Web-Interface and OMP
      • Extension: New verince tag “gsm_system_Windows_Embedded” (#63875, #2016102010000074).
      • Improvement: The stopping of scans is enforced more strictly now. In favor of a faster cancellation, scan jobs now have less time to finish their current activity. These will be resumed in case the scan task is advised to do so later (#63832, #63830).
    • GOS-Admin
      • Bugfix for GSM 5300/6400: For a system backup the message were no adequate (#60020).
      • Improvement: For the USB airgap feature the messages on the LCD display are now more suitable (#64635).
      • Minor bugfix: The internal log rotation for scanner logs was changed so that this is also done when feed updates happen (#60130).
      • Internal preparations for a migration to GOS 4 (#64848).
    • Scanner
      • Extension: Support of TLS-SNI (#61661, #64588. #2016080410000019).
  • 3.1.35 (2016-10-27):
    • Web-Interface and OMP:
      • Performance improvements: The results view for large datasets was accelerated including the creation of notes and overrides. Also the host view is displayed faster now (#63767, #62927).
      • Increased the limit for results of the default email filter from 1000 to 2000. With GOS 4 this limit is dropped (#62290, #2016070510000019).
      • Bugfix: Verinice GSM Tags were corrected for various Windows versions (#63044, #2016092610000021).
      • Bugfix: Some minor bugs in the auto-generated credentials for Windows were fixed (#59700, #2016053110000018).
      • Bugfix: Error message will not appear anymore additionally in the results but rather only in the section “Error Messages” (#62937).
      • Minor BugFix: NVTs are now allowed to use the character “&” in their name (#63643).
      • Minor improvement GSR: Formatting of scan results can now better handle some more special cases (#57213, #2016022610000024).
      • Minor improvement: Scan-Config parameters “unscanned_closed” and “unscanned_closed_udp” now use the same input type in the dialog (#62929).
    • Web-Interface:
      • Bugfix: Some links issued inconsistent filter settings for charts and tables. Now the QoD is consistently used in charts and tables (#63340).
      • BugFix: The variable SCANNER_NVT_TIMEOUT is now properly substituted by its value in the GUI (#62931).
      • Minor Bugfix: A display error in the results view due to a line break was fixed (#62273, #2016082910000044).
      • Minor improvement of the online help about the “SCP” alert (#62274, #2015031210000014).
    • GOS-Admin:
      • Extension: The fingerprints of SSL certificates can now be shown in the GOS-Menu. This makes it easier to verify them (#53378).
      • Bugfix: After creating a userdata backup, temporary data are now deleted immediately (#57904).
      • Minor Bugfix: Wrong error messages about rsyncd in the logs are do not occur anymore (#62374).
    • Scanner:
      • Improved detection of “rsnyc” services (#63766).
      • Bugfix: In case of a circular dependency between NVTs, the scanner will not hang anymore and will also issue a detailed log message (#62797).
  • 3.1.34 (2016-09-21):
    • Web-Interface and OMP:
      • Updated GXR/GSR: Charts that were empty due to scan results or filtering are not included anymore. Also the OID were shortened for better readability. A formatting error for hostnames with underscores was fixed (#61602, #62598, #2016091310000045).
      • Improvement: When starting a scan, any NVT for settings was activated regardless of whether the settings are required in the respective context or not. This generic automatic activation was now disabled. Of course when attaching a SSH credetial, all necessary settings will be taken care of in the background. This now disabled feature was a transitional convenience for users of GOS 2. For large scans with small scan configurations you might notice a performance improvement (#62267).
      • BugFix: GSM Tag for Windows Server 2012 is now correctly set in the Verinice ISM Report Format Plugin (#60486, #2016062810000059).
      • BugFix: In the task overview of the scanner details page some obects were shown where actually permission is denied and thus clicking on the links led to a permission error. Those links are not shown anymore (#57759).
    • Web-Interface:
      • Bugfix: Under certain conditions the pre-configured sorting of reports was not by date (#62509).
      • Minor english typo fixed (#62509).
    • Scanner:
      • Extension: The scanner offers more ways to the NVTs about analysing TLS certificates (#62139).
      • Bugfix: Under very rare and very special circumstances the scanner had trouble during the execution of a NVT and cancelled the execution of this NVT (#62465).
  • 3.1.33 (2016-09-02):
    • Scanner:
      • Bugfix: An issue which caused scans to hang or abort prematurely under certain circumstances has been addressed (#62049).
      • Bugfix: An issue which caused error messages to contain references to incorrect hosts has been addressed (#62268).
      • Bugfix: An issue which caused slave tasks to remain in the ‘Requested’ state when master and slave were using different host limits under certain circumstances has been addressed (#54755).
      • Bugfix: An issue which caused vulnerability tests to abort prematurely under certain circumstances has been addressed (#60387).
    • Web-Interface and OMP:
      • Bugfix: An issue which caused an incorrect error message to be displayed when editing a task under certain circumstances has been addressed (#60442).
      • Bugfix: An issue which caused the ‘Alive Check’ property of a target to be ignored when cloning the target has been addressed (#60634, #2016070410000021).
      • Improvement: The filter used for Auto-Alerts has been modified to sort by severity to avoid misrepresenting the maximum severity when used with a large number of results (#60712, #2016070510000019).
      • Improvement: The limit for the field ‘Target Host’ in the Advanced Task Wizard has been increased (#56513, #2016012810000013).
      • Improvement: An issue with the help message for the ‘New Credential’ function has been addressed (#56663, #2016020410000021).
      • Improvement: The ‘Anonymous XML’ report format now strips even more items which could contain sensitive information from the report (#56793, #2016021010000027).
    • GOS-Admin:
      • Improvement: Support for using the RSA algorithm for authentication in Master-Sensor setups has been added (#62059).
  • 3.1.32 (2016-08-13):
    • GOS-Admin:
      • Critical Bugfix: Unfortunately version 3.1.31 has a critical problem for the sensor management. Sensors at version 3.1.31 can not be updated anymore by their master, neither NVT Feed updates nor GOS version updates.

If you upgraded from version 3.1.30 or prior to version 3.1.32, then there are no problems. But once a Master was updated to 3.1.31, the problem exists for all its sensors that were automatically updated to 3.1.31.

In case you are affected by this problem, it is unfortunately mandatory to apply a manual change on the sensors. The Greenbone Support has prepared a recipe for this manual change. We apologize for this inconvenience (#62030).

  • 3.1.31 (2016-08-08):
    • Web-Interface and OMP:
      • Extension: Automatic deletion of old reports. For tasks there is now a new setting that allows to specify a maximum number of reports stored for this task. If a further report is added, the oldest report gets automatically deleted. This makes it possible to for example to keep the latest 10 reports of a daily executed task. By default this is unset (#38210).
      • Improvement: If a scan via a scan slave fails due to a wrong password or wrong username for the slave, there will now be a respective note in a error message of the report (#59154).
      • Extension: The new alert method “SCP” allows to transfer a scan report in XML format via the SCP protocol. This is for example supported by some SIEM systems (#53932).
      • Extension: The alert method “SNMP” was separated from the method “SysLog” now forming a method of its own. It is not necessary anymore to additionally configure the SNMP trap received via GOS-Admin-Menu (#58742).
      • Extension: “Default Severity” was added under “My Settings”. This is the pre-defined severity to be used for NVTs that do not offer a severity. This can only happen if CVE-based OSP scanners are used and the CVEs do not have yet a CVSS assigned. Default is the conservative maximum of 10.0 (#49729).
      • Extension: It is now possible to attach a GXR and/or GSR to the Verinice ISM Report Format Plugin (#41074, #60444, #54603, #2015111910000013).
      • Minor extension: The powerfilter for permissions was extended with keyword “orphan”. With “orphan=1” orphaned permissions can be filtered. It is those permissions where the referring resource does not exist anymore (#55906, #2016010410000022).
      • GXR/GSR: The topology graph is created only for a maximum of 50 hosts (#56108, #2016011810000014).
      • Minor improvement: It is now allowed to use character “@” in the comment and value of tags (#57395).
      • Bugfix: If user names contained special characters, it was not possible to add them to groups or roles (#58879).
      • Bugfix: When importing special scan configurations it was possible that errors prevented the import (#59629).
      • Bugfix: Under certain conditions it was possible that a task executed via a scan slave hung in status “Stop Requested” (#59726, #2016050310000017, #2016052310000024).
      • Bugfix: Cloned pre-define report formats are now automatically trusted since only the general description can be changed and not the internal logic (#56990).
      • Bugfix: A formatting problem for special NVT descriptions was solved for the GSR PDF report format (#56150, #2016012010000037).
      • Bugfix: In very special cases it was not possible to positively verify a imported Report Format Plugin (#59287, #59756).
      • Bugfix: For delta reports some unneeded entries were created under certain conditions (#56952, #2016020910000011).
      • Bugfix: When creating for example GSR PDF reports directly in the web interface, the filter settings about hosts were not considered although this was considered in the GUI (#57256, #2016022910000055).
      • Bugfix: In the port list overview UUIDs were shown for targets using the port lists but which were not readable for the current user. The cross references did not work as a matter of fact. Now such UUIDs are not shown anymore (#58885).
      • Minor corrections of the OMP Documentation (#56666).
    • Web-Interface:
      • Layout improvements for host table in report results browser: The column content is now better wrapped (#55406).
      • Bugfix: Special manual changes to HTTP request now result immediately in an empty page and not cause anymore a delay (#57986).
      • Additional icons for operating systems were added (#57183).
      • Bugfix: When using the auto-refresh a error message could occur when creating a multiple permission (#56795).
      • Minor improvement: The titles for the filtering rules in the report results browser were changed to prevent misunderstanding about what exactly is the view about (#39535, #2014072410000121).
      • Minor improvement: The “once” status of a task is now also visible in the tooltip (#48265, #2015040910000028).
      • Bugfix: The edit-dialog for user account did not set the LDAP flag automatically if the user was managed via LDAP (#56469, #2016012610000017).
      • Improvement: Under high load of web interface (many concurrent users) it could happen that a new connection was denied. The limit of concurrent connections has been increased now (#58167, #2016040710000039).
    • GOS-Admin:
      • The menu for SNMP trap configuration was removed. It is now available via the web interface (#58743, #58745).
      • The cipher configuration of the SSH service was moved to a higher security level (#58450).
      • Improvement of internal logging: UUIDs of resources are now accompanied with the resource name and any “Internal Error” is now explicitly detailed (#58005, #58721, #59683).
      • Extension: For an in-depth analysis of a GSM in cooperation with the Greenbone Support there is now an option in the GOS-Admin-Menu to create a encrypted package with all relevant system data (#44900, #60301).
      • Extension: Internal clean-up method for resetting a scan sensor (#28277).
      • Improvement: The internal journal sizes of the database are limited now (#57888).
      • Bugfix: During a Factory Reset possibly (depending on the GSM model) an error occurred. This was only in very rare cases and it was possible to circumvent it. This is now fixed in general (#60488, #55414).
    • Scanner:
      • Improvement: The OpenVAS Scanner was made more robust handling timeouts. If a port was detected as open but later on it times out, a multiple retry strategy is applied (#48537).
      • Improvement: If SMBv1 is disabled on the target system and SMBv2 enabled, the scanner can achieve some more results during a authenticated scan. However, the detection capabilities very much depend on the presence of a running remote registry service (#50757, #2015071510000029).
      • Bugfix: Under extreme high load scan tasks could hang on a scan sensor. In combination with a limited schedule tasks could remain in status “Stop Requested” until next reboot. Measures are taken to prevent such so-called “scan zombies” (#56688, #2016020310000022).
      • Bugfix: Under certain conditions SSH scans could hang for a while. If the scanner has trouble with the remote ssh service, it terminates earlier now (#54059).
      • Improvement: When scanning SNMP services too many unneeded internal log information were created in case of missing MIBs (#59857).
  • 3.1.30 (2016-05-30):
    • Web-Interface and OMP:
      • Bugfix: For scheduled scans with limited duration and in master-slave operation it could happen that the scan task was stopped on the master but not on the slave. When resuming a task a new scan was started instead of finishing the stopped one (#59433, #59431).
    • Scanner:
      • Bugfix: Frequent stop and start of a task in short intervals could lead to a task that stay in status “Stop Requested”. A blocking scanner was responsible for this situation (#59642).
  • 3.1.29 (2016-04-21):
    • Web-Interface:
      • Bugfix: The action to resume a task while concurrently using a page refresh could lead to loosing the session ticket (#58356).
      • Bugfix: By using some special UTF-8 characters for filters it was possible to loose the session ticket (#57961).
    • GOS-Admin:
      • Update of an internal CA certificate with a new expiration date. This update is mandatory for proper operation of the vulnerability scanning and management. It is especially urgent for GSM ONE where the update needs to happen during April 2016 (#57946).
    • Scanner:
      • For authenticated scans via SSH it is now possible to use ECDSA keys (#57091, #29613).
  • 3.1.28 (2016-02-23):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#50862, #54971).
      • For various situations there is no blocking of actions anymore. A user can act in parallel to background processes like SCAP update. At the same time the CPU load is lowered (#44104, #56004, #56127).
      • Bugfix for the trashcan. It was possible that when emptying the trashcan also other resources were deleted (#55296).
      • Extended options for the condition of alerts: It is now possible to use the number of matches of a powerfilter as criterion (#45430, #2015010710000019).
      • Bugfix: Some graphs of Extras/Performance were not correctly displayed for the GSM ONE and for GSM 500/510/550 (#55648, #2014050510000017, #54799).
      • The Report Format Plugin “Verinice ISM” was prepared for a generalization (#43295).
      • Only GSM 100: Bugfix of the task scheduling. Not all of the scheduled tasks were always properly started (#55259, #56466, #2016012510000028).
    • Web-Interface:
      • The regular expressions for user inputs where checked and where possible narrowed down. This helps to identify invalid user input earlier (#55933).
      • Minor improvement: The icons for deleting notes and overrides are now only available if the user has no permission to execute this action (#55384).
      • Bugfix: When using auto-refresh it was possible to get an error message after creating a permission for a task. The task or permission as such was not affected, it was just a wrong error message (#55298).
      • Bugfix: When using IPv6 the redirection from http to https did not work properly for all of the possible IPv6 addresses (#54839).
    • GOS-Admin:
      • New: For the backup of user data the new method SFTP accompanies the methods USB and SCP (#51195, #2015072310000013).
      • Minor improvement for the TLS cipher support for OMP/HTTPS regarding the settings SECURE and NORMAL (#55940).
      • The range of accepted characters for proxy credentials was extended (#49453, #2015052710000055).
      • In GOS-Admin-Menu some passwords where shown in clear text. This was now changed so that GOS-Admin-Menu shows no passwords in clear text at all (#56599, #2016020110000035).
      • An option to delete source code was added to GOS-Admin-Menu. This can be use in case source codes were installed manually (#54020).
      • Minor improvement for upgrades: The new version number was shown too early in the process of the upgrade (#47727).
      • In order to prepare the upcoming feature of support packages, the PGP key of the Greenbone Support was integrated. This will allow in future releases to encrypt data when sending to the support team (#56126).
    • Scanner:
      • An updated base library for the SSH protocol improves the detection abilities of the scanner and also extends the support for SSH credentials used for authenticated scans (#52479).
      • Improved robustness of the scanner against incomplete NVT meta data (#55264).
      • Bugfix regarding SSH connections: When doing massive scans a slow-down or connection loss could happen (#54661).
  • 3.1.27 (2016-02-18):
    • GOS Base System:
      • Security-Bugfix closing a severe vulnerability in the general base library “glibc”. It is recommended to reboot the system after the upgrade completed (CVE-2015-7547).
  • 3.1.26 (2016-02-02):
    • Web-Interface:
      • Security-Bugfix closing a DoS attack vector. It was possible to invalidate web session tickets of other users. Neither integrity nor availability of OMP or SSH is affected (#56541, GBSA-2016-02).
  • 3.1.25 (2016-01-12):
    • Web-Interface:
      • Minor security bugfix that closes a open redirect which was present only with enabled guest mode (#55720).
  • 3.1.24 (2016-01-09):
    • Web-Interface:
      • Security-Bugfix solving a cross site scripting vulnerability. To exploit the vulnerability a valid session token is required. In case the guest account is activated, the general guest token can be used. However, the guest user account owns no write permissions for the GSM (#55720, GBSA-2016-01).
  • 3.1.23 (2015-12-15):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#51923).
      • New alert method “Send to host”: This method allows to send scan results in various formats to a configurable address as a simple TCP upload. Such upload opportunities are offered by several SIEM systems (#53931, #54296).
      • Bugfix for verinice ISM report plugin: It is now possible to attach a HTML report optionally (#54602, #2015111810000015).
      • Change for verinice ISM report plugin: The tag “Verinice Source ID” is now used instead of the previous work around based on the comment of a task (#54687).
      • New remote authentication method for GSM users via radius (#54696, #54060).
      • Changed: The “Once” checkbox for scheduled tasks now stays active after the scan was started. Before, it was deactivated but this added extra work for typical use cases (#48228, #2015040710000013).
      • Improvement: If no results were obtained during a scan, the user now gets some hints about potential reasons why the scan report could be empty (#51462).
      • Bugfix for overrides and CSV export: The overrides are now also applied for CSV exports (#52768, #2015092110000041).
      • Improvement for slave scans: a reboot of the master GSM does not anymore stop the slave scans. Now the slave scans can be resumed properly (#45074, #45073).
      • Improvement for the vulnerability view in the report browser: Notes and overrides are now also displayed (#52187, #2015090110000024).
      • Bugfix for overrides: The edit dialog was missing an explicit selection button for “yes” for the “active” setting (#52996).
      • Improvement for OSP scan configurations: Better defaults for selection lists (#52572, #52376).
      • Bugfix for counter of NVT Families in scan configurations: In some cases the number of NVTs was not shown correctly in the overview. The details view, however was correct (#53645, #2015091010000043).
      • Bugfix for deleting of ESXI credentials from trashcan: It was possible to ultimately delete a credential that was actually still in use (#54332).
      • Bugfix for scheduled scans with limited duration: After reaching the limit the task is now set to “Stopped” without any error notice (#53049, #2015093010000041).
      • Bugfix for importing OSP scan configurations (#53088, #2015100210000083).
      • Bugfix for LSC installer for Windows: Temporary files created during the installation are now removed immediately after the installation (#53680, #2015102210000036).
      • Bugfix for the performance charts: If data are no available, instead of showing an empty graph, now the graph is dropped. Several graphs are fixed and now use the correct data source (#22336, #22856, #36565).
      • Bugfix for prognosis reports: The format NBE is now also supported (#52897).
      • Minor bugfix that avoids an internal log message on slave GSMS in case scanning happens without credentials (#54526).
    • Web-Interface:
      • Minor improvement: For a guest access the page selection persists when the session ticket expires and a direct re-login is requested (#52165).
      • Minor bugfix: In some cases links to objects in the trashcan were non-functional (#54336).
      • Session tokens are now combined with the IP address of the browser. If a session token is used from a different system than it was issued for, it will not be accepted (#52008).
      • Minor improvement for the case a login user name is tried for logging in that contains invalid characters: In the past, a error dialog was raised. Now simply the login dialog returns and asks for a new try (#20082).
      • Bugfix: Missing icon for solution type “Mitigation” (#52596).
      • Minor bugfix: Enabling the bulk action, some icons remained visible, but without functionality. These are not visible anymore (#54335).
    • GOS-Admin:
      • Failed logins are now logged by default, including the source address (#51158, #51927).
      • Internal improvement: Some unneeded files that remained after an upgrade from GOS 3.0 are now deleted. These were just system files, no user data (#54019).
      • Minor improvement: When entering a proxy credential, a additional hint on the syntax for ADS environments is provided for convenience (#53684).
      • Bugfix: The Airgap menu of gos-admin now correctly reflects all of the airgap combinations (#54058, #51272).
    • Scanner:
      • OSP scanners report about the host alive status properly (#51924).
      • Bugfix for resolving hostnames in pure IPv6 environments (#54216).
      • Bugfix: For some OSP scans the target CIDR notation was not correctly resolved (#52373).
      • Internal improvement of the OpenVAS scanner regarding data stream block lengths (#53023, #52146).
      • Improved status message in case of a malfunctioning or unavailable OSP scanner (#52240).
  • 3.1.22 (2015-10-30):
    • GOS-Admin:
      • Improved robustness of the central data manager against special load and stress situations (#53834, #53825, #53832, #53646, #2015100710000047).
  • 3.1.21 (2015-10-20):
    • Web-Interface and OMP:
      • Minor Bugfix: Subject for email alerts are now prefixed with “GSM” (#53282).
    • GOS-Admin:
      • At high load it could happen that more than one feed update is executed in parallel. This could lead to a blocking situation (#53356, #53360, #2015100710000047).
      • The upgrade starting from a factory reset could lead to error messages in the log during a feed update due to inconsistent data migration (#53358, #2015100610000031).
  • 3.1.20 (2015-10-07):
    • GOS-Admin:
      • Bugfix: An issue which could cause the upgrade process to abort under certain circumstances has been addressed (#53089, #2015100210000065).
      • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53091).
      • Improved visibility of upgrade process in system log files (#44607).
  • 3.1.19 (2015-09-29):
    • Web-Interface and OMP:
      • Accelerated responses for task overview in case of high scan loads (#50860, #2015070610000037).
      • New: Extended configuration of email alerts. The title as well as the message body can now be specified individually. Some variables can be used to reference the task and to use text elements. The pre-configure settings reflect the title and content as was so far. So, there is not necessary to immediately change anything (#50859, #50572, #2015070810000042).
      • GSR Report: Under certain circumstances (triggered by an alert) wrong severity colors and classes could be applied that did not match the actual CVSS (#51820, #50171, #2015081810000058, #2015062310000015).
      • New: XML representation of tasks now includes the tags attached to the task (#52478).
      • Bugfix: Credentials shared via permissions were in some cases not accessible for the scan (#50363, #2015070110000028, #2015070810000051).
      • Bugfix: It could happen that a shared sub-object (for example a port list) was not readable (#51416, #2015080410000039).
      • Bugfix: Access of super admin via LDAP is not denied anymore (#48824, #2015042710000021).
      • Bugfix: When using dynamic severity, it could happen that timeout messages were displayed as a regular result instead of as an error (#50324, #2015070110000019).
      • Minor Bugfix: In scan configurations it could happen that the displayed number of selected NVTs for a family was wrong. The actual selection was handled correctly (#48250).
    • Web-Interface:
      • Bugfix for the export of larger data collections from ca. 100 objects, for example CPE resources (#52174).
      • New: When creating a new target, now the pre-set target is the source IP address of the user’s browser system (#47098, 51639, 51925).
      • New: When creating a new task, now it is possible to directly specify a tag for the new task (#35488, #2014022510000066).
      • Bugfix for host restrictions for a user: Ranges that were expressed using the hyphen syntax (from-to) were not accepted (#50915, #2015080710000015).
      • User names may now contain the dot character (“.”) (#51136).
      • Minor Bugfix: The Chinese translation is now identified as “zh_CN” instead of just “zh” (#51112).
      • Minor change: Die login page now has a CSS of its own (#50915).
      • New: The “Content-Security-Policy” settings are now used to limit the embedded access from within other sites (#51375).
    • GOS-Admin:
      • Accelerated Upgrade: Under certain circumstances a automatic update could take several hours because some internal data optimizations were executed. These are not enforced anymore for each upgrade (#51481, #2015081010000045).
      • Failed logins for the web interface are now logged by default including the source IP address (#51926).
      • Minor Bugfix: Applying changes of TLS Cipher is less delayed now (#43785).
      • Minor Bugfix: Lowered log noise about upgrades (#49956).
    • Scanner:
      • Accelerated scans by about 10%. The actual achievements depend on various circumstances and might be even better (#48799).
      • Improved integration of the web application scanner w3af, now also supporting the seed URL setting (#51266, #51334, #51412, #51283).
      • Improved integration of the IDS PaloAlto (#52600, #52579).
      • Improved error handling of OSP scanners (#51335).
      • Minor Bugfix: When creating a OSP scanner, expired certificates are immediately rejected (#50398).
      • OSP servers now refuse to launch with a certificate that expired anyway (#50397).
      • Bugfix: Dynamic severity will not display OSP scanner results as “0.0” anymore (#50738).
      • New: OSP connector for Fortinet which however is not yet supported for use (#49627, #52104).
      • OpenVAS Scanner: The option “max_sysload” was removed as a scan configuration option, because it is a system wide setting, not a scan-specific one (#51263).
      • Bugfix for OpenVAS Scanner: Improved SSH host key detection (#50588).
  • 3.1.18 (2015-09-24):
    • Hardware:
      • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52838, GBSA-2015-01).
  • 3.1.17 (2015-08-03):
    • Web-Interface and OMP:
      • Improvement of filtering regarding QoD by extending the use of filter element “min_qod”. This helps for a consistent view for default settings (#46117).
      • Extended powerfilter for results: All results for a task across all reports can be selected for a certain CVE (for example “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
      • Bugfix for the powerfilter when searching for parts of an IP address (#49497, #2015052910000015).
      • Resolved inconsistencies (None vs. Log) when handling PCIDSS severity classes and corrected ranges (#49080, #49075).
      • GSR PDF reports: Size limitation extended (#49655, #2015040810000021).
      • GSR/GXR PDF Reports: With more than 100 hosts the topology graph will not be included anymore since details can not be identified anymore anyway. With this, the creation of the larger reports is also accelerated (#49269, #2015051810000018).
      • Bugfix: QoD for “general_note” is now displayed with 1% and not anymore with the default of 75% (#50325).
      • Bugfix: The installation routine for automatically created credentials now also works for Windows 2012 R2 and Windows 10 (#47269, #2015030210000033).
      • Bugfix: Improved error handling for invalid user input for the powerfilter (#49412).
      • Bugfix: Global users were missing in the selection box for permission dialogs (#49381, #50497, #2015070610000046).
      • Minor bugfix: Less process overhead for the creation of report documents (#48977).
    • Web-Interface:
      • Improved support for user interface languages. By restructuring the handling it is now easier to add more languages. In this context, German and Chinese was updated and a partial translation for Russian was added (#44479, #50723).
      • Extended bulk actions: It is now allowed to handle a larger number of objects with a single action, for example to delete a larger number of reports (#50584, #2015070610000028).
      • Details dialog for tasks: Added the information about the total number of single results related to this task across all reports. This includes a direct link into the results table (#49628).
      • Improved: New User dialog now does not allow to enter a password in case LDAP is used because it was and is ignored anyway (#49271).
      • Bugfix for permissions: In some special cases the action icons were greyed out although the actions were allowed (#49583).
      • Bugfix for the Powerfilter: In some cases the combination of keywords did not establish the right selection, for example the combination of the keywords “task_id” and “cve”. (#49675).
      • Bugfix for the creation of a schedule: The comments was not stored (#49595).
      • Extended the set of allowed characters for comments by “:” (#49494, #2015052810000026).
    • GOS-Admin:
      • User-data backups can now be created even when the database exceeds the size of 4 GByte (#48109).
      • Extended the set of allowed characters for the SNMPv3 password by “$#?!” (#49312, #2014100110000023).
      • The SNMP setting are now also available via GOS-Admin-Menu for the GSM 25 (#49448, #2015052710000019).
      • Bugfix for the import of reports: The detection details were not imported (#49660, #2015060410000033).
      • Bugfix for the SNMP trap setting (#46321, #50323, #2015013010000029, #2015063010000083).
      • Bugfix to prevent non-functional internal processes. However, there was no impact on performance (#48109).
      • Minor bugfix for the scanner for rare special cases (#49593).
      • The setting “proxy_update” was not used since a very long time and now is finally removed. Instead, the setting “proxy_feed” is used (#49593).
      • Improved internal error messages in case of database problems (#48876).
    • Scanner:
      • Bugfix: Under certain conditions single checks were aborted too early (#48906).
      • Bugfix: For Linux systems with large package databases (ca. more than 8000 packages) it could happen that the list was truncated and thus not all packages were analyzed (#49727).
      • OSP: Extended to handle ports as host details and to handle timestamps (#48800, 49584).
      • New: Beta version of Palo-Alto OSP scanner for selected pilot customers (#48538, #51194, #50912, #50858).
      • New: Beta version of w3af OSP Scanner for selected pilot customers (#50912, #43436, #49673).
  • 3.1.16 (2015-07-03):
    • Web-Interface and OMP:
      • Bugfix: A scheduled start of a task will now only be done for the owner of the task (#50140, #2015020210000026).
      • Bugfix: A scheduled start of a task will now only be done once per given time window (#50314, #2015063010000065).
  • 3.1.15 (2015-06-19):
    • Web-Interface and OMP:
      • Bugfix: When stopping a scan task it could happen that the status of the task hangs at “Stop requested”. Only a reboot did set back the status to “Stopped” (#49496, #2015052810000017).
      • Bugfix: A report creation triggered by an alert could block the database for the duration of the report creation (#49975).
  • 3.1.14 (2015-06-16):
    • Web-Interface and OMP:
      • Bugfix: A combination of scans with a configured time window and automatically coupled creation of reports could lead to a blocked database in case the Scan was comprehensive or the time window short (#49861, #2015061110000011).
  • 3.1.13 (2015-05-21):
    • Web-Interface and OMP:
      • Permissions: Extended dialog for setting new permissions. It is now possible to create multiple permissions in one step. For example it is now possible when changing a target object, to apply the same permissions automatically to the related port list and credentials. Concurrently a unified permission dialog for all object types is introduced. It is available on the respective details pages. And it offers a direct link into the permission creation dialog and automatically configures all related objects for it.In total this increases the comfort for creating, reviewing and modifying permissions. (#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
      • QoD: Some inconsistent default filtering (min_qod) is now unified and the current min_qod selection will be kept when entering into a report (#46989, #47891).
      • Bugfix: The deleting of Report Format Plugins failed under certain conditions (#48961).
      • Bugfix: Accessing the trashcan failed under certain, rare conditions (#49058, #2015050710000021).
      • Bugfix: It was possible that by removing an override the severity did not follow the change (#47789).
      • Passwords for web and OMP users: Now it is also allowed to use whitespace and part of a password (#48712, #2015042210000021).
      • The Report Format Plugin “Verinice-ITG” is now a pre-configured plugin and it is not required anymore to import it explicitly (#41765).
      • Bugfix: The name of a NVT and its last tag are now considered for filtering (#48891, #2015041610000023).
      • Bugfix: The sorting by “Last” report in the task list did not work properly (#48823, #2015042710000011).
      • Bugfix for slave tasks: In case the sensor or slave was not reachable, it was problematic to stop a started scan as long as the start was still was not established (#48877, #2015040110000024).
      • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strictly (#47710, #48890, #2015040210000041).
      • Bugfix: Filter directives for delta reports were executed properly, but in the new view the filter was lost (#48063).
      • Bugfix: Individual port lists that were used for a scan via a slave or sensor where not automatically deleted after the scan finished (#47889).
      • Bugfix about displaying the trust status of Report Format Plugins (#47721, #2015022310000013).
      • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#48715, #2015031810000031).
      • Bugfix: Under certain conditions it could happen that expanding the results view did not show the actual details in case the results are owned by another user (#47411).
    • Web-Interface:
      • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#48981).
      • Bugfix: The version info about GSR and GXR did wrongly not show the actual version 3 (#48115).
      • Bugfix: The counter for notes and overrides in the NVT details dialog showed always 0 (#48247, #2015040810000048).
      • Minor extensions of the online help texts (#47708, #47858).
    • GOS-Admin:
      • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#48788).
      • OMP via IPv6: In case OMP is enabled, this protocol can now be accessed also via IPv6 (#13592).
      • User-Data backups: In GOS-Admin-Menu there is a new function that shows all local user data backups (#47787).
      • User-Data backups: In GOS-Admin-Menu there is a new function that allows to remove single local user data backups (#44852).
      • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#48523).
      • Backup Management: The structure in GOS-Admin-Menu was re-organized with a better separation of backup types and backup settings (#44769).
      • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#48442).
      • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#47055, #2015022010000019).
    • Scanner:
      • Bugfix: By stopping and then resuming a task it could happen that in the overlapping range some results were doubled (#48538, #48974, #2015041710000031).
      • Bugfix: In some cases the hostname for a scanned IP was missing in the results (#44904).
  • 3.1.12 (2015-04-23):
    • Scanner:
      • Bugfix for the scanner which did not reliably executed some tests for some Windows systems. This lead to a lower number of detected vulnerabilities compared to GOS 3.0 (#46115, #48521).
  • 3.1.11 (2015-04-08):
    • Web-Oberfläche und OMP:
      • Bugfix for the NVT details: The CVSS vector was missing in GOS 3.1.10. After the next feed update the vectors will be visible again (#48062).
  • 3.1.10 (2015-04-01):
    • Web-Interface and OMP:
      • Comprehensive update of the Report Format Plugins GXR and GSR. The representation of is more compact now. Especially the GSR will now get created faster and will have less pages. Apart from that, several new functions are support now like solution type and QoD (#46216).
      • The Report Format Plugins GXR and GSR now offer a tabular overview about the success of target host authentications (SMB, SSH and ESXi) (#45700, #2015011510000021).
      • Bugfix for GSR Report Plugin: The text entry about overrides was missing (#47212).
      • New Report Format Plugin “Anonymous XML”: Like XML, but IP addresses get pseudonyms and other potential hints about the origin of the scan are removed as well (#38250).
      • Comprehensive update of the permissions management regarding visibility of objects by Users, Groups and Roles. Now, several dependencies will be considered by the permissions management (#47310, #2015030410000011).
      • Bugfix for automatically created Debian credential packages (#46996).
      • Fully automized update of CERT-Bund now activated (#45364, #47176, #2015022610000062).
      • Bugfix for the keyword “owner” when used in the powerfilter (#46915).
      • Bugfix regarding transfer of task properties to scan slaves (#46721).
      • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#46897).
      • Bugfix to prevent piling up of lost scanner processes that slow down a GSM over time (#47854).
      • Bugfix regarding changing the “Host-Alive” method (#47989).
    • Web-Interface:
      • Charts: Tooltips extended with percentages and added tooltips for the legend (#47358).
      • Bugfix: Overrides were applied in the Report-Browser, but False Positives were not displayed (#47096).
      • Improved usability of powerfilters: The text entry now contains only specific elements. All others are displayed below, but could be set anytime as well (#45912).
      • Minor bugfix for Task Details Dialog: The Slave name is not displayed anymore if no slave is used anyway (#46819).
      • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#15343).
      • Improved online help for Scanner Details (#47282).
      • Added download option for certificates of OSP scanners (#47281, #47283).
      • SecInfo for NVTs was internally changed to now use the OMP command GET_INFO (#39910).
      • Minor bugfix: Graphical bug in Charts regarding too many percentage characters (#47357).
      • Minor bugfix: Graphical bug for IT-Schwachstellenampel regarding URLs (#46969).
      • Minor Bugfix for status info of OpenVAS Scanner: It was wrongly displayed that the scanner is offline (#47280).
    • GOS-Admin:
      • Extended SNMP monitoring parameters and MIB: The MIB for the Greenbone Security Managers as well as the newly supported standard properties are now documented at the Greenbone website about SNMP (#44239, #29960, #2013052810000039).
      • Internal improvement for self-check after an upgrade to identify incomplete upgrades (#47579).
      • Internal improvement of management of OSP Ovaldi: Certificate update via GOS-Admin-Menu (#47219).
      • Minor bugfix of NTP configuration to avoid error messages in the log (#46726, #2015021110000027).
      • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47264).
      • For GSM ONE the menu “Advanced Management” is now back in GOS-Admin-menu (#47724).
      • Improved Boot-Check log (#43682).
      • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46815).
    • Scanner:
      • Internal improvement: For NVTs of the OpenVAS Scanner it is not mandatory anymore to deliver a CVSS Base if they already offer a CVSS Base Vector (#41456).
      • Improvement of authenticated scans for target systems with specific SSH services and key types (#47304, #47278, #29613).
      • OSP-ovaldi now also delivers its own CPE as a host detail (#45909).
      • New Parameter “debug_mode” for all OSP scanners (#45906).
  • 3.1.9 (2015-03-13):
    • Bugfix for internal GOS upgrade handling (#47513).
  • 3.1.8 (2015-03-05):
    • Bugfix regarding TLS certificates of the pre-configured scanner. Under certain conditions it could happen that no scans are executed anymore and a manual update of the certificates was necessary. This has now been automated (#47279).
  • 3.1.7 (2015-03-03):
    • Quality of Detection (QoD): This concept for the reliability of successful detections of vulnerabilities now arrived also in the web interface. New NVTs were already equipped with specific QoD values (between 0% and 100%) for some time. The QoD is now visible for NVTs as well as for the scan results. Of course, it is now possible to use the QoD to filter. The defaults are chosen to match the previous behaviour. This means, the same number of results are filtered which corresponds to a QoD of 70%.
      With this new feature, the parameter “paranoid” in the scan configurations is dropped, because now even those tests with a low reliability are always executed. The results are present in the database and can be reviewed if needed. A separate scan for detecting so-called “potential vulnerabilities” is not necessary anymore. (#46396, #38193, #46118).
    • Extension of the permissions dialog for tasks: When granting permissions to a task, now the same permission is automatically granted for the depending objects like schedules or alerts. (#39459, #2014072210000017).
    • Reduction of DNS Reverse Lookups of the GSM for NTP servers (#46965, #2015012110000037).
    • Bugfix for executing scans via slaves: Now the configured port list is applied and not just the default port list (#46632).
    • Bugfix for the use of SSH keys for SSH credentials (#46474).
    • Bugfix for the Restore function of the user-data backup on GSM 100 when migrating to GOS 3.1 (#46813, 46835, 46241, 46515).
    • Bugfix for drop-down dialog elements for timestamp in task wizards (#46125).
    • Bugfix for scan progress bar: The progress is now reflected more adequately (#18591, #46694, #2015020210000053).
    • New functions via gos-admin-menu (section “Advanced”) to manage the database (vacuum, analyze) (#41097, #43688).
    • Bugfix for sensor upgrades, specifically for airgap (#46836).
    • Bugfix for individual timeout configuration of NVTs when executed via a slave system (#44857, #2014121110000019).
    • Bugfix for missing transfer of ESXi credentials to slave systems (#46691).
    • Creating web users with the same name is not allowed anymore (#46214).
    • Alterable tasks: If all reports are removed, the task does not anymore automatically turn into a regular tasks. It rather remains to be an alterable task (#42226, #2014101310000028).
    • Extension for creating a new task: It is now possible to assign a schedule and configure to execute the schedule only once. After this schedule is executed, it will automatically be removed from the task (#46184, #2015012610000028).
    • Tasks with schedules that define only a single execution: After the scan was started, the schedule object is removed from the task object because it won’t be ever executed anymore anyway. This means that now any task in the task overview that has a schedule symbol will definitely be executed in the future at least once. (#45943, #46185, #2015012610000046).
    • Extension of the selfcheck in gos-admin-menu to check availability of internal OMP service (#46397).
    • Update of an external link inside the Online Help system (#46390, #2015013010000047).
    • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46542).
    • Bugfix for sorting the numerical column “IPs” of targets (#39267, #2014071710000018).
    • Bugfix for Superadmin: Icons for cloning are not greyed anymore (#45888).
    • Bugfix for Superadmin: Access to notes and overrides is now possible (#45889).
    • Bugfix for auto-credentials (#45729, #45730).
    • Improved WMI RSOP support for the OpenVAS Scanner (#40407).
  • 3.1.6 (2015-01-26):
    • Last release of Beta phase. First release of 3.1.
GOS 4.2

2017-09-30: Greenbone OS 4.2

Latest Patch Level: 4.2.21 (2018-10-104

Lifecycle-Phase: Mature

  • Change: Slaves will become Scanners. This eases the use of scan sensors. Among others, the management of access rights for slaves is unified.
  • Approval of sensors now via GOS administration: Users can only configure sensors which got an overall approval by the administrator of the appliance.
  • Extended GOS Administration menu.

4.2.22 (2018-10-15):

  • Vulnerability Management:
    • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones
    • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102649, #2018101010000026).
    • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#101276).
    • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101658).
    • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers
      (#101653, #2018072710000037).
  • Greenbone OS:
    • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#83793, #2017112310000029).
    • Bugfix: Adding a custom IPv4 route caused a problem. Previously configured custom routes were not affected
      (#102289, #2018100510000054).
    • Minor Bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102837).
    • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102829).

4.2.21 (2018-10-04):

  • Greenbone OS:
    • Release switch to GOS 4.3 opened for GSM ONE. Please first upgrade to GOS 4.2.21 before switching to GOS 4.3 (#101440).
    • Maintenance update of base system. This especially includes a maintanance update of the database management system (#102250).
    • Minor bugfix: For hardware appliances, the boot-loader was updated only after first patch level update (#95566).

4.2.20 (2018-09-14):

  • Vulnerability Management:
    • Extensions: New option to add delta reports to alerts. The configuration of an alert is extended with the option to create a delta report first and then apply the actual alert method. This essentially means, not the report of the task is used for subsequent processing but rather the delta report (#95423, #22348, #45442, #2014121610000019, FS-180523-4304).
    • Improvement: The database cache was optimized for scan reports. This improves the performance for some scenarios with master-sensor setup and big scan reports (#88902, #2018030710000019).
    •  Bugfix: In rare situations it was possible that the database management system starts to become very busy and consumes all of the RAM. It is regarded a database bug because with GOS 4.3 (which includes a DBMS update) this is not reproducable. The bugfix solves the problem for GOS 4.2 for the lab test cases (#99585).
    • Bugfix: The scan configuration “System Discovery” was not reporting details on operating systems, now it does (#94398, #2018060710000031).
    • Bugfix: extreme large content of reports triggered a XSL transformation error when generating a report (#92618, #2018050810000022).
    • Bugfix: The operations “Apply to selection/filter” for creating a target from host assets were creating empty targets (#98482, #2018072710000037).
    • Bugfix: For tags the filter element “orphan” caused an error (#97694, #2018071810000045).
    • Minor bugfix: It was possible to delete a report format plugin although it is configured for a vernice.pro alert (#98054, #2018071910000034).
    • Minor Bugfix: Web-based creation of external scanners failed for some types (#95812).
  • Greenbone OS:
    • Minor bugfix: Invalid guest user account caused traceback message (#100916).
    • Minor bugfix: When uploading a non-certificate file when a certificate is expected, a traceback message occured (#95694).

4.2.19 (2018-08-24):

  • Vulnerability Scanning:
    • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem
      (#91015, #2018061410000036, #2018082210000035, #2018082010000011, #2018081710000036, #2018081710000018, #2018053110000023)

4.2.18 (2018-06-14):

  • Vulnerability Management:
    • Bugfix: The Web-UI service, if running for a longer time at a short refresh interval (30s) for special pages and possibly in multiple browsers tabs, could sum up to a low memory problem on the appliance which in turn might have caused other problems such as repsonsiveness and availability (#93126).
    • Bugfix: In the Web-UI in detached charts, the sorting was not copied over to the filter and thus the charts looked different
      compared to the embedded ones (#91416).
    • Bugfix: The asset IDs for host assets in the results were not correct and thus the links to the asset management pointed to the same asset for an entire report (#94285, #2018060510000044).
    • Bugfix: Adding user tags to SecInfo objects caused an internal error during saving (#91176, #2018041210000061).
    • Bugfix: IPv6 addresses were not accepted in the host entries in the edit user dialog (#92887, #2018042710000051).
    • Minor improvement: The target details were not abbreviating the target which could lead to very long entries if for example 1000 single IPs were imported. The Web-UI view is now abbreviating the content, the XML export of course still contains all data (#88918).
    • Minor Bugfix: In the PDF report summary section some special characters were not escaped properly (#92022).
    • Minor Bugfix: The GMP command get_reports, when applied for delta reports, did not work with empty filters (#88462).
    • Minor Bugfix: After uploading a LDAP certificate, the Web-UI redirected to task overview instead of remaining on LDAP configuration page (#88900).
    • Minor Bugfix: Improvements to the german online help of the Web-UI (#88411).
  • Greenbone OS:
    • Extension: The support package is extended with more system status information about the GSM to allow for a better analysis. The technical specification of the Greenbone Support Package (GSP) was updated accordingly to the status of 2018-06-04, see here for GSP specification
      (#88046, #93047, #93051).
    • Extension: New option to configure a web proxy for each connected scan sensor. This allows a master GSM to control its sensors through a http proxy instead of a direct connection (#93128, FS-180530-4837)
    • Extension: When accessing the Web-UI via a reverse proxy which defines a high number of keep-alive requests, this could exceed the default maximum number of concurrent connections of the Web-UI and thus lead to HTTP error code 503. To cope with such a situation where the proxy can not be re-configured, the GSM now allows to change the per-ip connection limit via internal GOS setting ‘per_ip_connection_imit’ (#84890, #2017122210000029).
    • Bugfix: When downloading a support package from the GSM, and in case more than one interface was configured, the information dialogs showed the wrong URL for the download (wrong IP address) (#90788, #2018040610000019).
    • Bugfix: The interface configuration naming for GSM 5300/6400 was for some cases inconsistently enumerated (#91287, #2018041110000045).
    • Minor Extension: Sudden power outage could lead to orphaned temporary database tables. This has no negative effect, but it will cause log messages until the orphaned tables are removed. An advanced opportunity was added to allow the removal of the orphaned tables in coordination with the Greenbone Support team (#88047).
    • Minor improvement: Moving NVT files inside the feed caused warning messages in the log. Since this is actually a normal thing to happen, it will not show up anymore as a warning (#89502).

4.2.17 (2018-05-12):

  • Vulnerability Management:
    • Bugfix: In case of comprehensive use of permissions and overrides the “Add Override” function triggered a significant amount of cache operations which slows down the system. This is avoided/optimized now (#92616, #2018050710000024).
  •  Greenbone OS:
    • Bugfix: Upgrading sensors via master automatically can be faulty with 4.2.16 (new brainpool signing key). This fixes the problem for automatic update and also the manual update trigger (#92722).
    • Extension: The magic SysRq keys are now active for the unlikely event of a system panic situation. This can help for example to shut down the system cleanly and protect filesystem integrity   (#91726).
    • Extension: In case of filesystem damages (for example due to a sudden power outage) the filesystem repair system at boot time will now propose to reboot always after repairs happened. We highly recommend to not cancel the recommended procedure of the system (#91005).

4.2.16 (2018-05-03):

  • Greenbone OS:
    • Bugfix: Expirey of signature key: The new brainpool key so far was only activated for NVTs, but not yet for GOS updates and new flash images. The old key expires on May 15th 2018. You must update to 4.2.16 prior to this date. Once beyond this date, GOS updates will not be possible anymore until a manual import of the new key is done (#92019, #92273, #92274, #92336, #76935).
    • Extension: Next to the already available http upload option, it is now optionally possible to paste a new signing key via clipboard into a text entry (#92409).

4.2.15 (2018-04-13):

  • Vulnerability Management:
    • Bugfix: Combining alerts with severity-based conditions could set a task connected with such an alert to Internal Error (#91095)
    • Improved dialog for new password (#89444, #2018031510000031)

4.2.14 (2018-04-10):

  • Vulnerability Management:
    • Extension: Search functionality for LDAP-based authentication by extending to use not only the DN, but also the uid attribute in the LDAP schema, and performing an LDAP search to get the DN (#57286, #75012, FS 171117-0939-UID-attribute-for-LDAP-Login).
    • Extension: A new alert method was added to send scan reports to a Tipping Point SMS (#82703, FS-171117-0551-alert-for-tipping-point).
    • Improvement: The response time for opening the details dialog for a single scan result was significantly shortened. We measured factors of up-to 100 times faster response (#86913).
    • Improvement: Extended coverage of chinese translation of Web UI (#86876).
    • Bugfix: Auto-generated credentials of type ssh-key were not working properly when scanning via sensors (#89728, #2018030810000026).
    • Bugfix: Under certain conditions it was possible that starting a scan while the feed update is running led to a task hanging in status “Requested” (#83713, #88787, #2018030610000021).
    • Bugfix: On some GSM models importing of Scan Reports could fail and raise an Internal Error dialog (#86914).
    • Bugfix for SMB alert: The placeholder “%F” is now replaced by the chosen filetype (#85434, #2018010810000021).
    • Bugfix: When deleting a user who distributed permissions, there was no warning and no option to let objects be inherited. The objects were simply deleted and not available anymore or the other users (#88321).
    • Minor bugfix: In certain situation with distributed read permissions, clicking on the hosts for a report resulted in an empty page instead of a permission denial message (#55350).
    • Minor bugfix: For schedules, the calendar editor did not allowto shift months backwards (#86730, #2018012910000017).
    • Minor bugfix: When leaving one of the password entry fields empty in the dialog “My Settings”, an internal error was raised. Now a helpful message explains the input error (#86736).
    • Minor bugfix: The report format “LaTeX” was missing some newlines around “rowcolor” (#86785).
    • Minor bugfix: For plain new databases, re-order the sequence of creating database functions to avoid undefined situations. This bug had no effect for any regular shipped GSM, thus minor  (#88876).
  • Greenbone OS:
    • Extension: Custom routing can now be configured explicitly via GOS menu for non-virtual GSM models. The new menu “Routes” under “Setup”/”Network” allows the configuration of IPv4 and IPv6 routes. The configuration is not per interface, rather the system will automatically pick the best route if any interface can reach the target network. There is also a warning about trying to configure a route to unreachable network. Some advanced routing still has to be done via Expert Mode, but the most common cases can now be configured via menu. Expert Mode and new Routes configuration cannot be applied concurrently (#89505).
    • Minor extension: The support package now also collect log information about user data import and system data import (#84847).
    • Bugfix: The configuration of VLANs in combination with DHCP was not consistent in all cases (#85213).
    • Bugfix: The configuration of DNS via menu after activating Network Expert Mode did not become active (#86503).
    • Minor improvement: In some migration scenarios a headless setup is desirable and this improvement makes a headless setup more flexible (#82206, #81119).
    • Minor bugfix: A non-relevant log message (“assertion” warning) when accessing a task was fixed. It occured only under certain conditions (#71011).
    • Minor bugfix: Removed a misleading entry from the internal boot menu (#86379).
    • Minor bugfix: Fixed a typo in the menu (#88911).
  • Vulnerability Scanning:
    • Extension: Introduce a “wait between requests/probe” option for scanning. Scanning “critical infrastructures” components have shown the need for waiting time between network probes. Such devices can have a quite fragile TCP/IP stack and can’t handle parallel and/or multiple subsequent network requests. Outages of the network communication with other connected devices can be the result. This change does not affect any defaults. It is an additional option for the Scan Config and a new Scan Config should be created when desired to apply this setting. However, note that acivating this naturally makes the scan take longer (#86582, FS-180125-3444-wait-between-probes-in-scanner).
    • Extension: The internal scan scheduler was extended with the ability to consider regular expressions for pre-conditions to launch NVTs. This enables the GSF development team to make NVTs smarter. It is planned to apply this feature in the feed very soon and improve performance for some scan scenarios, mainly authenticated scans of Linux systems will benefit (#88402, FS-180111-2416-NASL_mandatory_keys_with_re).
    • Bugfix: It was possible that some NVTs were launched for situations where they did not match the situation (presumed open ports). The fix has a slight positive effect for the scan performance (#89733).
    • Bugfix: In some situations many unneeded internal signature verifications were executed and could slow down scanning. This is a regression that was introduced in 4.2.13 (#89294).

4.2.13 (2018-03-14):

  • Scanner:
    • Bugfix: Randomly some NVTs were not accepted during feed update or during startup at the first attempt. In many cases the Scanner was able to overcome the situation on its own, but in a few cases the problem becomes severe. This bugfix resolves the problem at its root (#88860).
    • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88187).

4.2.12 (2018-03-03):

  • Greenbone OS:
    • Bugfix: The comprehensive changes of 4.2.11 introduced a bug for the feed update for updated NVTs leading to invalid hash sums. (#88630).

4.2.11 (2018-03-01):

  • Greenbone OS:
    • Performance: The duration of starting up the scanner and the duration for updating the NVT feed was accelerated significantly. We measured up-to a factor of 30. This  comprehensive change became necessary for the migration of the GSM 500/510/550 models to GOS 4.2. All other models were able to cope with the demands of the modern GOS 4.2 before, but will benefit from this acceleration. (#86323).
    • Feature: The menu for log view was added for the models GSM 25, GSM 25V and GSM ONE. (#83489, #2017112410000018, FS-171220-0411-logging-menu).
    • Robustness: In case the scanner runs into a severe problem that prevents to continue his job for whatever reason, the scanner is restarted after one minute. (#86734).

4.2.10 (20108-01-19):

  • Vulnerability Management:
    • Updated GSR HTML: The new version 0.4 adds the new section “TLS certificates”, sort indicators in table header, expand/collapse for all details of a table and total/average summary to some of the tables. Apart from some further smaller improvements, the resulting size of a report file is reduced. The level of reduction depends very much on the  actual content. The best value we measured was a reduction by 70% (#84502, #75109, #2017063010000043).
    • Change in power filter for performance improvement and consistency: The power filter will now search only for text columns for terms that do not refer to a specific column. This means that filters with a plain generic keyword that could be interpreted as a number (for example “6.4” or “212.10”) can produce less results (actually being more adequate). If for example explicitely a severity of 6.4 should be filterd, use “severity=6.4” (#82377, FS-171129-1004).
    • Extension: The Web-UI offers an updated German translation and and also a new and complete Arabic translation. (#81116).
    • Improved GSR PDF: In special situations, inconsistent fonts were applied for results. Also long CPE names are better treated in the section “Top 10 Applications”  (#83830, #2017120510000016, #82546, #2017111010000026).
    • Improvement for Web-UI consistency: The refresh drop down menu is no longer displayed on pages where it was non-interactive before (#80470).
    • Extension: The details dialog for a CERT-Bund advisory now displays the advisory version if available. (#83965).
    • Bugfix: The feedback button for Greenbone Support in the details dialog for results was missing and is now re-added (#84564).
    • Bugfix: When creating a Credential, for special types this caused an error and the credential was not created (#84509).
    • Bugfix: In case a schedule was configured in a special way, it caused an internal error and schedules for tasks were reset (#84889, #2017122210000011).
    • Minor bugfix: Typo in task wizard dialog. (#80048)
  • Greenbone OS:
    • Security bugfix: Although Greenbone OS did not expose an attack vector for Meltdown, the respective kernel updates are now adopted. These kernel changes affect performance in general. Our tests have shown little, but in some cases with high I/O a performance reduction of a few percent. We found no scenario with severe impact but we ask our customers to report about them to our support team in case it happens. We apologize for the Meltdown impacts, but we share this problem with virtually any other vendor (#85433, #85701).
    • Improved robustness of setup wizard regarding upload of a subscription key: It becomes easier to retry again after uploading wrong files or in other way invalid keys (#81615).
    • Extension: It is now optionally possible to activate encryption for the SysLog configuration (#65388, #2016121610000015).
    • Bugfix: For certain values for the VLAN configuration it was possible that an internal error occurred (#84334).
    • Bugfix: The log view for scanner modules stopped working after a log rotation (#85432, #2018010510000053).
    • Minor bugfix: Window title for VLAN configuration (#84335).
  • Vulnerability Scanning:
    • Bugfix: With each feed update the scanner consumed more memory due to a memory leak. Over time this resulted in performance reduction and subsequent effects. A reboot of the system solved the problem for a while. The memory leak is now resolved (#85977, #85073).
    • Change: The scanner preference “log_whole_attack” is not available anymore in Scan Configurations. This is actually a debugging feature and (unintended) massive use can cause unwanted side-effects. The debug feature can now be activated via GOS CLI and GOS will warn about the use during selfchecks (#83199, #83171, #2017111710000031).
    • Minor bugfix: A bug in the internal programming language for NVTs was fixed (#84584).

4.2.9 (2017-12-19):

  • Web Interface and GMP:
    • Bugfix: In rare cases, the Web Interface and GMP is not available after migrating from GOS 3.1. It is possible to re-enable manually, but this fix automates it (#84586, #2017111510000026).

4.2.8 (2017-12-15)

  • Web Interface and GMP:
    • Performance improvement: For large numbers of hosts and OSs the asset management queries are faster now (#82376).
    • Bugfix: In case a task has a special character in the title, results queries were not possible for that task (#83717, #82474, #2017112710000076).
    • Extension: For the alert type “EMail” the title now allows a length of 160 instead of 80 characters. The text template by default has now a maximum length of 2048 instead of 1024 characters (#83170, #2017102510000018).
  • Web Interface:
    • Bugfix: When editing a task, it was possible that not all changes were applied when closing the dialog (#83827, #2017111410000073).
  • Scanner:
    • Bugfix: With intensive scans, it happened that over time the scanner consumed too much memory and required a re-start (#83892).

4.2.7 (2017-12-04)

  • Web Interface and GMP:
    • Bugfix: The total number for results was including the error messages. These are not anymore included (#83476, #2017112310000056).
    • Migration of Report Format Plugins: During the migration from GOS 3.1 to GOS 4.2 all Report Format Plugins will be deactivated unless they belong to the system standard. Please consider the notes about the migration prior to reactivating an old Report Format Plugin (#75449).
    • Bugfix: It was possible that the progress bar for scans showed negative percentage values. This happened when special settings were made at GOS level and then revoked (#80284).
    • Bugfix: Under certain conditions it was possible that resetting the powerfilter in the classic Asset Management caused an error (#80291).
    • Bugfix: For the section Ports of the report browser the filter settings for overrides and QoD were not taken into account (#81947).
    • Bugfix: It was possible under certain conditions that applying an erroneous powerfilter caused a Internal Error message (#78351, #2017082910000033).
    • Bugfix: The auto-generated credential installation packages for Windows 10 were not functional (#81894, #2017101810000013).
    • Minor improvement: When using non-existent UUIDs for Reports via GMP a misleading error message was returned (#82301).
    • Minor improvement: In case a sensor is not available during a performance request, the error message is now more adequate (#78870).
    • Bugfix: GSR did not work when some specific content elements occurred in the scan results (#82601, #80179, #2017111310000057).
    • Improvement: The GMP service can handle very fast access better now (#66155).
    • Bugfix: Combining the filter element “sort-reversed” with delta reports did not work (#80472).
    • Bugfix: In very rare cases and in combination with special scan results, database problems were possible (#82215, #2017110110000016).
  • Web Interface:
    • Bugfix: Under certain conditions the assignment of users to groups was denied although it should have been possible (#76830, #2017072810000046).
    • Bugfix: A certain click sequence could lead to a wrongly set powerfilter element “rows” of “-1” (#80192).
    • Improvement: The advanced task wizards will not change the refresh interval anymore (#65521, #2016122110000014).
    • Improvement: Some language localization translations were improved for German (#80990, #2017101310000013).
  • GOS-Admin:
    • Improvements of the migration of user data from GOS 3.1 to GOS 4.2 (#83008, #80131, #82543).
    • Bugfix: Under certain conditions the master-sensor configuration caused problems in case at least one sensor was configured for port 9390 (#81607, #2017102310000058).
    • Improvement: The management of log data stored these for a too long time (#83234).
    • Improvement: In case of severe system errors a so-called failsafe mode could be entered which boots a minimal system for analysis and repair purpose (#81798).
    • Improvement: The self check of GOS-Admin-Menu now also checks for RAID errors (GSM 5300/6400) (#82208).
    • Minor Bugfix: Some unneeded error messages appears in the log about “gsad” (#80050).
    • Minor Bugfix: Error messages when starting the LCD module (#81298).
  • Scanner:
    • Bugfix: Under certain conditions it was possible that a authenticated scan via ssh did not stop on the target system although the actual scan was stopped (#38015, #82704, #2017111410000019).
    • Improvement: Various log messages of the scanner were improved for better problem analysis (#73002)

4.2.6 (2017-11-03)

  • Web Interface and GMP:
    • Bugfix: Tags permitted to be viewed by other users were not visible. This included even the superadmin (#80132, #2017092810000033).
    • Bugfix for GSR/GXR: Severity counts in the PDF report for hosts were not matching in some cases (#80951, #2017101110000017, #80466, #2017100410000085).
    • Bugfix for GSR HTML: The HTML showed blank pages when viewing with web browser IE (#79585).
    • Improvement for import of scan reports: The import now runs in the background and does not block the database anymore (#80988).
    • Improvement: The performance of the table Scans->Results was increased (#80124, #80115).
    • Minor bugfix for GSR: In rare cases some vulnerability results were using the wrong font in the PDF and displaying all special characters correctly (#65007, #2016120810000012, #67100, #2017020110000015).
  • Web Interface:
    • Bugfix: For Chrome browsers, check boxes for bulk action mode were not visible (#81301, #2017101710000033).
    • Bugfix: For IE browsers some buttons did not work with e left-click (#80418, #2017100410000067).
  • GOS-Admin:
    • Changed behavior of Schedules: In case a GSM is started after it was switched off some time, only those schedules are executed that were missed in the last hour. Any schedule missed more than one hour ago will not be executed. Prior to Version 4.2.6 any missed scheduled scan was started at boot time, those with a period of course only once (#81839).
    • New menu to show HTTPS certificate and fingerprint: The menu item “Fingerprints” and “Show” were added to GOS menu Setup/Services/HTTPS (#78214).
    • Bugfix for sysLog: Using some special characters in the syslog configuration caused the syslog service to fail (#81163).
    • Internal extensions for controlling scheduling behavior for maintenance works (#81801).
    • Internal extensions for controlling request/query cancellation for performance adaption. (#70226, #81895).
    • Internal extension for controlling memory consumption to avoid use of swap memory (#81837).
    • Bugfix: In case of a sudden power-off, some self-reconstructions are running to cope with potential file system damages. Under certain conditions, this lead to an error message when logging in, because the logging system was used before it was repaired (#81208, #2017101610000062).
    • Bugfix: In case of a sudden shutdown of the database, the GMP service will not stop being available (#80566, #2017100610000027).
    • Improvements of the Support package (#73641, #81306, #81307, #81308).
    • Improvement: For GSM models 5300/6400 the LCD now displays the RAID sync status (#80051).
    • Minor internal improvement to avoid misleading log messages about “redis” (#76132).
    • Minor improvements: Various wordings in GOS-Admin-Menu improved and some inconsistencies resolved (#80052, #78620, #79216, #80185, #79521, #80114, #80414, #80570).
    • Internal improvements (new signing keys, EFI, kernel) (#73818, #78139, #80112, #81117, #72047, #81003, #73487).
  • Scanner:
    • Performance improvement: For some scan scenarios (few NVTs, many hosts, reverse lookup), the scans now are significantly faster (#77776).
    • Improvements for authentication part of scanning Windows systems (#78621, #81111, #201709051000003).
    • Bugfix: In case of special temporary internal resource problems, the scanner will recover on its own (#78711).
    • Performance adaption for GSM models 400, 500, 510 and 550 to better handle high scan load situations (#81614).
GOS 4.3

2018-08-31: Greenbone OS 4.3

Latest Patch Level: 4.3.2 (2018-10-15)

Lifecycle Phase: New

  • This release is planned to be the LTS release of generation 4.
  • Update of the base system and of the database management system. This modernizes the basement but leaves the application stack untouched. The user interface, the APIs etc. will remain the same (FS-180108-2522).
  • Generator routine for auto-credentials for Debian and RPM based systems updated: In fact, the entire generator was implemented anew, making it much easier to maintain (FS-180514-3416).
  • Improved usability of GOS menu: Updated structure and item sequences, consistent spelling, grammar and terms throughout the menu,
    introduce check boxes and radio buttons for state of settings (FS-180723-4923).

    Substitute ExpertNet functionality by network namespace management: The GOS menu “Network” is extended with settings for network interface asssignments. This covers the standard cases of using the ExpertNet functionality. Especially this allows an esier way to assign arbitrary interfaces for scanning and management. This feature is only availble for GSM Midrange and Enterprise series (FS-180626-0915).

    In case you are using the ExpertNet functionality in GOS 4.2, please follow these steps:

    1. Save the ExpertNet Configuration separate from the GSM.
    2. Optional: Consult Greenbone Support about possible challenges for the substitution of your ExpertNet configuration. Some advanced ways might not directly be transferable to the new scheme.
    3. Deactivate ExpertNet.
    4. Migrate to GOS 4.3
    5. Configure the network with the new opportunities based on the details in the preserved ExpertNet configuration.

4.3.2 (2018-10-15):

  • Vulnerability Management:
    • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones
    • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102648, #2018101010000026).
    • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#98416).
    • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101657).
    • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers
      (#101654, #2018072710000037).
  • Greenbone OS:
    • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#102467, #2017112310000029).
    • Bugfix: Custom gateway configurations were not properky migrated from GOS 4.2 to GOS 4.3 (#102468).
      Improvement: GOS settings are now type-aware and also extended with range/content checking. Various settings outside sensible ranges are not rejected now (#59806, #95326, #95811, #101624).
    • Improvement: When using DHCP but some network trouble causes that no IP is provided by DHCP, GOS now tries to cope with the situation better. For example, it offers to retry or skip (#99467).
    • Bugfix: VLAN addresses were not poperly shown in GOS menu (#100099).
    • Minor bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102836).
    • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102828).
    • Minor bugfix: disallow reserved IPv6 addresses during IPv6 type check (#101279).
    • Minor improvements on boot/kernel, getting rid of useless warnings (#102010).

There are four phases for upcoming releases: Planning, Development, Alpha and Beta.

Greenbone OS 5.0

Lifecycle Phase: Development

  • Transform Web-GUI into a single page application:
    Transforming the web user interface into a single page application which is loaded once and then only updates the in-browser data from the server. This accelerates user interactions and unloads the server. The design bascially remains as in GOS 4, but the interaction with the user interface will be much more direct and responsive (FS-171117-1741).
  • New view on scan results by vulnerability:
    The new view “Vulnerabilities” additional to Results and Reports summarizes identical vulnerabilities across all scans and of course arbitrary filters can be applied (FS-171117-1729).
  • Increase speed of feed updates:
    SCAP/CERT updates consume less CPU and less RAM (FS-171117-4518).
  • Transition from global objects to ownerless-predefined objects:
    In GOS 4 it was not possible to assign static global objects (Port lists, Scan configs, Scanner and Report  Formats) to roles as a specific permission. With the transition to ownerless-prefefined objects it is now possible to configure Users, Roles, and Groups in a way, which permits them only restricted usage of only a few, just one or even none of the predefined objects (FS-171117-4531).
  • Add columns “Hosts” and “Location” to the overview for Notes and Overrides:
    This makes sorting and filtering for Hosts and Locations easier (FS-171117-1839).
  • Extended edit dialog for overrides and notes:
    The edit dialog for Notes and Overrides now allows editing the NVT, Host, Location, Severity, Task and Result even if already set to
    “Any” or specified in other ways (FS-171117-5915).
  • New option to upload a file for “exluded hosts” for a Target:
    This removes the limit of the previous text entry field (FS-171117-3759).
  • Merge of Web-GUI built-in help and GSM Manual:
    The web version of the GSM manual is directly connected with the help buttons and placed into the appliance. This steamlines the documentation (FS-171116-1819).
  • Remove menu item “Assets->Hosts (Classic)”:
    The key functionality “prognosis” is already available since GOS 4.0 as the “CVE-Scanner” (FS-171117-2431).
  • Remove overrides indicator switch (web interface):
    The indicator/switch icon for overrides in the header of the severity columns in the tasks overview, reports overview, results overview and report-results overview is removed (FS-171117-1503).
  • Link to Scan Configs from the OSP Scanner details page (web interface):
    This makes navigation between Scanners and Scan Configs more consistent (FS-171117-3656).
  • Improved log files for scanner (internal):
    The scanner now follows the very same logging scheme as all other internal modules. This helps for support case about scanner (FS-171117-3025).
  • Renamed internal vulnerability management service to “gvmd”:
    This is a follow-up change of renaming the protocol from OMP to GMP in GOS 4. This establishes an advanced consistency in internal terminology reaching even into the database. However there is no impact for the user interface or to GMP: Neither GUI nor the API is changed (FS-171117-3251).
  • Automated internal database updates with feed content:
    This is a plain internal design change to avoid delayed data updates due to network problems or other issues (FS-171117-5003).
  • Advanced internal process activity information scheme for vulnerability management service:
    This is a plain internal change which makes it easier for support cases to analyse the activity status of a GSM (FS-171117-5336).
  • Removed Report Format Plugin “HTML”:
    The alternative GSR HTML is more advanced in any aspect. Alerts that were configured to use HTML will automatically fall back to use the lightweight “TXT”. Please change to GSR HTML where considered appropriate (FS-171127-5042).
  • Multiple user-configured main dashboards:
    The current single main dashboard under menu “Dashboard” is extended to have up-to 10 user-configured named dashboards. This allows for example to configure “Europe”, “Asia”, “Last Week”, “Windows” or “Printers” by applying respective powerfilters to a individual chart selection. (FS-171116-0537).
  • From the list of pre-defined severity classification schemes, “OpenVAS  Classic” is removed:
    It was kept for a transitional phase. Since a long time the NVD classification is the default. During migration, “OpenVAS Classic” is replaced by the NVD classification in case a user configured it as a personal setting (FS-180116-0845).
  • Task status “Internal Error” is renamed to “Interrupted”:
    Scans that stopped for any other reason than the user pressing the stop button  will have the status “Interrupted at X%” which is shown in red color in the  GUI and and thus replace the status “Internal Error”. After a reboot of the manager, running tasks are set to “Interrupted at X%” instead of “Stopped at X%”. The “Stopped” status remains reserved for user-intentional stopping of a task. Both types can be resumed. This all allows to resume tasks that failed for example due to a network connection problem during a sensor scan. Also it allows to distinguish between user-intended stop and system-driven stop. This changes the status types as handled by the GMP commands get_tasks and get_reports (FS-180108-3217).
  • Drop “version” element for NVTs and update version format for Results: The version information is actually redundant since the “last modification” element specifies the version even more meaningful. Thus, the “version” element is removed from the NVT meta data. This also means a minor change to the GMP protocol. Results are still given a version number of the respective NVT, but the format changes from for example “$Revision: 1244$” to “2017-12-20T08:01:27Z” (FS-171208-4740).
  • Extend Schedules to allow more refined schedules: The internal task scheduling system was extended to allow more refined schedules. The dialog for editing alerts was extended with more options like “16:00 every monday and wednesday” (FS-171116-3106).
  • Drop elements “host_start” and “host_end” from report element of GMP response from “get_reports”: The information in the elements “host_start” and “host_end”are already available in the “host” element. So, this changeis about dropping the redundant part (FS-180104-2357).
  • Bulk tagging:
    This feature introduces the opportunity to assign the same tag to many objects with just a single action rather than adding the tag to each object one by one. For example you can easily assign 100 arbitrarily filtered hosts in the host asset management with the tag “Responsible:AdminTeam1” or “AssetGroup:Printers” (FS-171227-1841).

The lifecycle of Greenbone OS release follows a distinct graduated scheme. We do not only take care of stability of each release, we also ensure a seamless and simple migration path. Any additional measure to bring the technological state of the art to our users in a comfortable way is also applied.

Greenbone OS Lifecycle Phases

  • Planning:During the planning phase we also consider any wishes and proposals of our customers for new or extended functionalities.
  • Development:Some new functionalities are implemented, some are still in the works. The final feature set is still open to be determined. As soon as a upcoming Release enters this phase, it appears on our Roadmap.
  • Alpha:First version of the new Greenbone OS are assembled and handed over to a internal test group. It is still possible add further functionalities, but adding larger ones needs to be well justified. The first QA system for this Release is set up and will be active until the retirement of this Release.
  • Beta:The feature set is now fixed. The new Greenbone OS is made available to extended group of testers, among them also selected partners and customers.
  • New:The new release is available for some GSM, but not yet all. Step by step all GSM will be supported during this phase. The new Release is removed from the Roadmap and now appears on page Greenbone OS: Current.
  • Mature:Any existing GSM can now be migrated to the new version.
  • End-of-Life:As soon as a date for the end of life is published, the Release enters the End-of-Live phase. Users are encouraged to upgrade to a newer Release.
  • Retired:The End-of-Life date is reached. Possibly such an old version is still present on some Flash system and reactivated via a Factory Reset. In that case the updating to a new Release is still supported.

The release now leaves the QA process. The corresponding QA systems are now finally switched off and the Release gets archived.

The release is also now removed from the list of current Releases and moved into the Archive.

  • Obsolete: No support whatsoever anymore.

Greenbone OS Lifecycle-Levels

  • Patch-Level: The last number of a GOS version indicates the Patch-Level. For example, “3.0.21” is Patch-Level 21 of release “3.0”. Prior to 3.0, the Patch-Level was indicated with a dash like “2.0.0-21”.

Within a release always the newest Patch-Level is fully supported. For all previous Patch-Levels the upgrade to the newest Patch-Level is supported. A Patch-Level update will not change default behaviour. Neither will it introduce major changes of functionality.

Information about the newest Patch-Levels is made available via the newsletter and via the page Greenbone OS: Current.

The intention of Patch-Level updates are bugfixes and minor new feature as long as these do not require migration or API changes. In addition to this, Greenbone OS security updates are managed via Patch-Level updates.

Patch-Level updates are simple to execute. Prior to opening a new support ticket you should always verify the defect is present with the newest Patch-Level.

The counting of Patch-Levels starts with 0. The first Patch-Level of a new release (for example 3.0.0) is the first alpha version. Before a new release reaches the customers, the Patch-Level counter reflects the number of alpha and beta iterations.

  • Release: The middle number of a GOS version indicates the Release. For example, “3.0.21” is Release 0 of Generation 3. Within a Generation all releases are supported for some time. Once it is clear that the next Release will also be the next Generation, the latest Release of the Generation becomes subject to Longterm-Support (LTS-Release) while the older Releases of that Generation are only support with regard to upgrading to the LTS-Release. Version 2.2, for example, is a LTS-Release because the next Release included a change the next Generation, 3.0. In this case the support for 2.0 and 2.1 ends earlier than for 2.2. The end of life of a Release is always announced at least 3 month in advance, for a LTS-Release even 6 month in advance. The newsletter will regularly inform about such deadlines and status and deadlines can be reviewed any time on this page: Greenbone OS: Current.

The intention of a Release is the introduction of new functions and extension of existing ones. This may even include changes of default behaviour. Subject are the scanner itself, the web interface, the API and the administration. The update of the Flash system of hardware-based GSMs is usually not subject for a Release. Migration of the database is usually mandatory and will be executed automatically.

Because a Release update means considerable changes, the administrator must explicitly select a Release change. Once done so, the Release update is done the same way as a normal Patch-Level update.

  • Generation: The first number of a GOS version indicates the Generation. For example, “3.0.21” is Generation 3. The end of life of a Generation happens never earlier than at least one year after the next Generation was released to the users. Another pre-condition is the presence of a Flash-Upgrade and a guide for updating and migrating to the next Generation.The intention of a Greenbone OS Generation is the introduction of a entirely new basis in order to provide the user with the newest state of the art without making a compromise. Typically, with a new Generation also the Flash system of the GSM hardware is updated as well.
Old Releases

2017-04-25: Greenbone OS 4.1 for new deliveries without sensor coupling of GSM 400, GSM 600 and GSM 650

Also available for all GSM ONE as upgrade with migration

Latest Patch Level: 4.1.7 (2017-08-24)

Lifecycle-Phase: End-of-Life 2017-12-15

  • Using LVM (Logical Volume Manager) for all appliances.
  • Encrypted file system for all appliances.
  • Redesign and enhanced display of information in the LCD panel. Using the appliances LCD panel controls, scrolling through system status information is possible.
  • Complete revision of the Backup Management, now fully automatable and efficient backup procedure. Every revision status can be restored on demand. Backups are transferred to a backup server via encrypted connection, additionally flashdrive (USB) backups are possible.
  • Configuration of VLANs is possible in the administrative interface of GOS.

Greenbone OS 4.1.7 (2017-08-24)

  • Web Interface:
    • Bugfix: In some input fields some special characters were not accepted and led to internal error 500 (#77779).
    • Bugfix: With a short refresh interval and long action a second automatic refresh could stop the previous action (#72656, #2017051210000043).
  • Web Interface and OMP:
    • Improvement: Queries in the Results view are consideraby faster now (#72655, #2017051210000043).
    • Bugfix: It was possible to delete Credentials that are connected to an Alert and thus invalidate the Alert (#75529).
  • GOS-Admin:
    • Improvement: The shutdown duration of GOS was reduced (#69204, #74730).
    • Improvements for the migration from GOS 3.1 to 4.1 (#75205, #71995)
  • Scanner:
    • Change of the scan method for authenticated scans of Windows systems: A replaced protocol layer now allows to scan Windows systems configured with any combination of SMBv1 and SMBv2. Furthermore, there are no more situations where the scanner needs to use a volatile agent to access the registry service (#77754, #77108).

Greenbone OS 4.1.6 (2017-07-18)

  • Web Interface:
    • Bugfix: Various layout problems for IE 11 were fixed (#75208, #73555, #73556, #73557).
    • Bugfix: The timestamp representation for specific timezones were not correct (“NaN”) (#75524).
    • Bugfix: In some charts the name of the applied filter was missing (#72228, #2017050210000026).
    • Minor improvement: The web interface now delivers a robots.txt for the case a compliant search engine visits (#70916).
    • Minor improvement: Some dialogs are now displayed bigger (#72618, #2017051110000054).
    • Improvement of the online documentation (#75248).
  • Web Interface and OMP:
    • Bugfix: For imported Report Format Plugin the signature trust check failed although the signature was valid (#72859, #2017051510000047).
    • Bugfix: Cloning the default OpenVAS Scanner is not allowed anymore (#72652).
    • Bugfix: Super-Admin can now delete and recover Report Format Plugins owned by other users (#75651).
    • Bugfix: The performance charts were not displayed in some cases (#75443, #2017070610000033).
    • Bugfix: When starting scans concurrently, it could have happened thatsome scans were blocked(#75177).
    • Bugfix: The powerfilter did not consider the RegExp pattern “(?i)” (#72261, #2017050210000099).
    • Bugfix for Super-Admin: This user was missing write access to notes and overrides of other users (#75176).
    • Bugfix for editing a target object which has many host entries or which has syntax errors (#73060).
    • Bugfix: From MySettings, a configured Scan Configuration was not considered as default (#73132, #2017052210000042).
    • Performance improvement: For the combination of notes/overrides and task permissions the creation and the editing was accelerated in the backend (#73889, #72431).
    • Performance improvement: Following the results link on the NVT details page was considerably accelerated (#69345).
    • Bugfix: For credentials used for authenticated scans of Windows systems,it was not possible to use the Euro symbol (#72258).
  • GOS-Admin:
    • Improvements for the LCD display of the midrange models (#71141, #73640).
    • Internal improvements of GOS regarding filesytem checks (#73290).
    • Minor bugfix for GOS menu: Hostnames with a dot are rejected (#75178).
    • Improvement for GOS menu: Under certain conditions the menu was blocked (#74400).
    • Improvement of availability even under high load of the database (#69206).
    • Bugfix: It could have happened that the automatic backup failed (#73689).
    • Extension: For the gateway it is now possible to apply a IPv6 address (#67696).
    • Improved robustness during boot process in case a feed update is started immediately at boot time (#75175).
    • Improvements of the migration from GOS 3.1 to GOS 4.1 (#64702, #65890, #66582, #68587, #68588, #68997, #66349, #66638, #72270, #2017041210000063).
  •  Scanner:
    • Performance improvement: Checking the digital signatures of NVTs was accelerated. This especially shows positive effects when running a feed update after a longer offline period (#75173).
    • Performance improvement: Especially for large scans and for many HTTP pages sometimes latency effects happened. Due to some optimizations, such scans should be faster by about 3% and consume 20% less of CPU time. Also latency effects are considerably reduced (#74459).
    • Improvement: The detection coverage for TLS scans was increased (#72647).
    • Internal improvement: Support of multiple signatures for NVTs (#74871).
    • Internal improvement for scan performance (#75174).

Greenbone OS 4.1.5 (2017-06-20)

  • Web-Interface and GMP:
    • Security Bugfix: It was possible for an authenticated GSM user to delete the network interface setting of tasks of the other users. The models GSM ONE and 25V were not affected (#74684).

Greebone OS 4.1.4 (2017-05-31)

  • Scanner:
    • Urgent Bugfix: During scans it could happen that the checks were not executed in the correct sequence. This could lead to less reported scan results because some information about the target system were not yet available when checks are running (#73601).

Greenbone OS 4.1.3 (2017-05-23)

  • Web Interface:
    • Bugfix: When editing a Scanner, the corresponding credential type “up” was wrongly shown as type “cc” (#70583).
    • Bugfix: graphical bug for IE 11 for the host toplogy graph (#70904).
    • Bugfix: When chaning the timezone settings, the language selection was lost (#72027, #2017042710000035).
    • Bugfix: When a filter is used for an alert, now the delete-icon for the filter is greyed out (#68999).
    • Change for the report auto-delete settings for tasks: The allowed minimum was reduced from 5 to 2 (#67694).
  • Web Interface and OMP:
    • Bugfix: Schedule were executed multiple times when they fall into daylight saving change (#71930).
    • Performance improvement for task overview (#72267).
    • Bugfix: Under special conditions a scan with a progress of 1% could suddenly change into status “Stopped” (#64112).
    • Bugfix: It was necessary to delete all users of a role before deleting the role, else a error message appeared (#69381).
  • GOS-Admin:
    • Minor internal bugfix: A file of the automatic backup system was wrongly placed in the backup area (#72851).
    • Internal improvement for upgrades for more consistent configuration files in the case of disruptions like power outage or manual system changes (#72967).
    • Activation of interal size settings (#70800).
    • Bugfix: The logging of the GSA modul (the web interface) is re-activated and includes succesful logins along with unsuccesful ones (#72553, 66595).
    • Improvements for the upgrade from GOS 4.0 to 4.1 (#72432, #68860, #72423, #2017050710000026, #71561, #2017042110000046).
    • Improvements for the upgrade from GOS 3.1 to 4.1 (#68860, #68653).
    • Extensions and improvements of the support package (#72021, #72650, #71138).
    • Preparations to support model GSM 100 (#72549, #72049).
    • Improvement: The SNMP Engine-ID can now be viewed via the GOS menu (#66466, #2017012010000026).
    • More robustness in case of serious hardware problems including a note on the LCD display (#70909).
    • Bugfix: New self-signed certificates ignored personal input and used the defaults instead (#72023, #72217, #2017042710000017, #2017042810000015).
    • Improvement: During a CSR between request and upload, HTTPS is not available. Via HTTP now a respective note is displayed (#69879).Minor bugfix: The cancellation of a CSR produced an unncessary internal error message (#72022).
    • Minor internal improvement for robustness of wrong syntax for GOS variables (#72430).
    • Minor improvement in GOS menu: Unified use of the term “Selfcheck” (#70796).
    • Minor bugfix in the logging about IP addresses (#69959).
    • Extension: During the selfcheck it is now noted when no reboot happened after the last upgrade (#72256).
    • Bugfix: For IPv4 it was not possible to configure MTU (#71991).
  • Scanner:
    • Bugfix: In some cases a scan test did exceed the configured timeout and was running for up-to 60 minutes (#69139).
    • Minor bugfix: In very rare cases an internal error occured for a scan (“invalid next size”) (#72259).
    • Extension: The scanner can now check for very special types of SSH backdoors (#55907).

Greenbone OS 4.1.2 (2017-04-25):

  • Last release of the Beta phase. Firste release of 4.1.

2016-12-21: Greenbone OS 4.0 for GSM ONE and GCE

Latest patch level: 4.0.5 (2017-04-04)

Lifecycle Phase: End-of-Life (2017-07-30)

  • Entirely updated base system.
    • Updates for all components.
    • Consistent 64bit architecture for all appliances and VMs.
  • Integrated full-featured database management system (DBMS) as backend.
  • Extensively reworked administration layer.
  • New: Explicit asset management. The first themes for the newly designed asset management are now available.
    • Hosts: Can be transferred automatically from scans. Manual transfer or adding new entries is also possible. New targets can be created from the host assets based on filters, for example “all Windows 2012 Servers” or “all hosts not scanned in the past 10 days”.
    • Operating Systems: Are automatically or manually transferred from scans. It is possible to compare average and maximum severity and of course the number of occurrences.
  • Comprehensive update of the web interface. This includes visual, technical and also workflow changes. No GOS update before covered so fundamental changes.
    • Dynamic and interactively configurable chart and dashboard views.
    • Dynamic use of the entire area of the browser window.
    • Web pages for changing or creating a resource are now turned into dialogs. This allows to open them in a chain, for example to create a target from within the task creation dialog.
    • Dynamic input systems, for example for selection lists or a date.
  • The filter of the report results is changed to the general powerfilter. With this step the powerfilter behavior is unified across the entire application. A complete automatic migration of the filters is unfortunately not possible. Thus we recommend the check, and where necessary, update your filter. This is especially relevant if they are used for alerts.
  • New charts:
    • Tasks: Next scheduled tasks as GANTT chart.
    • Tasks: Hight severity per host as bubble chart.
    • Tasks: Most high severity per host as vertical bar chart.
    • Reports: High severity as timeline chart.
    • Results: Vulnerability titles as word cloud chart.
    • Results: Vulnerability descriptions as word cloud chart.
  • New: Alerts for SecInfo. It is now possible to configure alerts based on new incoming SecInfo data.
  • New: Builtin CVE scanner. The prognosis scan is now a scanner that can be selected for a task among other scanners. All methods for tasks can thus now also be applied to CVE scans (the prognosis scans).

Latest patch level: 4.0.5 (2017-04-04)

  • Web Interface:
    • Bugfix: In the line charts the power filter elemenet “rows” was not properly considered (#66149).
    • Bugfix: Creating permissions directly from a note object or from an override did not work (#66156, #66343).
    • Bugfix: In some cases (inconsistent timestamps) it could happen that the session cookie is not accepted anymore by the browser and requests a new one (#68506, #67829)
    • Improvement: The dialog of the “Performance” page was reworked (#67076).
    • Minor Bugfix: Scaling problems with some IE 11 browsers (#65299).
    • Minor extension: Language support for Portoguese and Arabic was extended (#66272).
  • Web Interface and OMP:
    • Minor bugfix: In very rare cases the internal timestamp about the feed status was not correctly processed (#66342).
    • Improvement: The Report Format Plugin “CSV” now protects quotes in strings (#66339).
  • GOS-Admin:
    • Preparations for the the upgrade to 4.1 (#69343, #66637, #67863, #69949, #69950, #70172, #66346).
    • GCE only: Improved note about Greenbone evaluation key (#69951, #68778).
    • GCE only: Preparation for evaliuation keys (GEF) (#70394).
  • Scanner:
    • Extension to support TLS-SNI (#66336).
    • Bugfix: The “Host-Dead” check was improved (#67080).
    • Bugfix: The scanner did have problems with detecting specific samba services (#68106).
    • Bugfix: The scanner now processes special types of large scan target environments faster (#68777).
    • Bugfix: Under certain conditions it could happen that the scanner consumer more CPU time than needed (#64551)
    • Minor improvement: The internal logging of the scanner was extended for easier analysis in case of some special problems (#56130).

Greenbone OS 4.0.4 (2017-03-30)

  • GOS-Admin:
    • Bugfix: Under certain conditions (missing or slow DNS), host names (for example scan targets) are resolved to the local host (#70091).

Greenbone OS 4.0.3 for GSM ONE and Greenbone Community Edition

  • Web-Interface and OMP:
    • Minor bugfixes: Some functions were available in the web interface even if no persmission was available for these. Selecting them led to a internal error (#65303, #64592, #64681, #64712).
    • Minor bugfix: After deleting a user a blank page was shown (#65301).

2014-03-21: Greenbone OS 3.0

Latest patch level: 3.1.34 (2016-09-21)

The items marked with (*) will change the default behaviour.

  • Versioning: From GOS 3.0 the patch level versions will be indicated by the third part of the version number. For example the tenth patch level will be “3.0.10” instead of “3.0.0-10”.
  • Groups: For access permissions users can now be associated with Groups. The web interface allows full management of these groups for users with Administrator role.
  • Permissions: Under menu “Configuration” there is now a new item “Permissions”. Here the user has an overview on all of his access permissions and opportunities to manage them.
  • (*) For role “User” the permission is removed to see all other user names. From now on the permission to see other users (“get_users”) must be explicitly granted.

This means that you only can access the GUI elements to add or edit observers of your task if you own this permission. This can be granted for example directly for a single user via the administration of users.
Alternatively you can create a new role (e.g. “userlist”) with the only permission “get_users”. This new role can then be added to all users who should be provided with this extended permission. Of course other concepts of permission modelling could be applied as well.

  • (*) Alive-Test (Up-Test, Ping-Test): The type of this test that determines whether a system is active and therefore can be scanned is now adjustable as a property of the object “Target”. Which means it can be changed without the need to change Tasks or Scan Configurations. Possible methods are the same as before: ICMP, TCP and ARP.  The default setting for the Alive-Test changes from ICMP&TCP&ARP to just ICMP. Hence it can happen that results change for some of your Tasks because some systems are not regarded as alive anymore. But in most cases where larger IP ranges are scanned the scan duration will significantly drop down. However, you do not need to change a Scan Configuration or Task to get back to the previous state, you just need to adjust the Alive-Test method for the respective Target.
  • (*) Severity replaces Threat: The concept of Threat Classes is extended to the Severity concept where the severity is not just a class but also contains a specific CVSS value. The CVSS value of a Severity is always the highest occurring CVSS value in the corresponding scan results. This allows a higher granularity in the view and for example improves sorting.
    This means comprehensive changes for the whole application:

    • Task Overview: So far only the Threat level was stored for Tasks. Because old tasks covered results with only threat level and no CVSS level (meanwhile all NVTs are assigned with a CVSS), the migration will use old rules of attaching a threat level and therefore insert the maximum of the respective level. This means that the Severity may show a higher CVSS value than then highest value actually present in the results. But this guarantees that the threat level will remain the same. The following values are therefore applied during the migration: High: 10.0, Medium: 5.0, Low: 2.0. Of course for new scans the exact values as occurring in the results are applied.
    • Task-Details: For the list of reports of a task the very same changes and migration rule is applied as for the Task Overview.
    • Notes: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that notes may get invisible when NVTs are updated.
    • Overrides: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that overrides may not be applied when NVTs are updated. Furthermore, the New Severity is not anymore just a threat level but rather a CVSS value. Old overrides with just threat level are migrated with the same scheme as the Tasks and Reports (see above).
  • Tags: The new configuration object class “Tag” allows to attach short texts to almost any other object. These texts are available to filtering and are included in export files. This enables to create thematic groups or attach arbitrary attributes to objects.
  • Reports: Under menu “Scan Management” there is now an overview on any available scan report, regardless of the relations to a task. The powerfilter is available here as well. This new view replaces the report list in the task details dialog. Suitable filters are set automatically.
  • Search interface for all objects of the SecInfo Management: Via new menu item “All SecInfo” it is possible to search for keywords and with other methods of the Powerfilter through almost 300.000 objects of various types.
  • Web interface is extended with multi-lingual support and translated into German language.
  • New pre-configure Scan Configuration “Host Discovery”. This Scan Configuration simply searches for real systems for the given target addresses. No vulnerability tests are executed. The result is just a list of hosts that are regarded active.
  • New pre-configure Scan Configuration “System Discovery”. This Scan Configuration applies any NVTs that discover operating system types and/or hardware device types. No vulnerability tests are executed. The main result is an overview on the found operating system and devices.
  • New pre-configure Scan Configuration “Discovery”. This Scan Configuration applies any NVTs that discover as many details about the target system, installed services and applications, as possible. No vulnerability tests are executed.
  • Tasks: New class “Alterable Task” allows to change Target and Scan Config even if there are already reports for this task. This allows to have a playground task not designed to grant consistency between its reports.
  • Integrated online CVSS calculator: Under menu “Extras/CVSS Calculator” a form is available that supports calculating a CVSS value.
  • (*) Reports: The browser for the report view was entirely reworked and split up into multiple sections, each with a page of its own. Countless changes and extensions were applied. Attention: The changes are significant regarding the default view and regarding the powerfilter. Older stored powerfilters for reports may not work anymore and need to be re-created
  • (*) Reports: Users can now individually configure the severity class ranges (High, Medium, Low) for the results view. Attention: The predefined class range is now the one of NIST. Therefore the colors in the view can change for old results and filters may return different results. If you want to switch back to the old behaviour, just enter “My Settings” and select “OpenVAS Classic” for severity classes.
  • Powerfilter: The powerfilter now offers a expand/collapse functionality in order to offer a regular dialog as equivalent to the content of the filter string. Dialog and filter string are automatically mutually synchronized.
  • Target: It is now possible to reduce the selected range of target systems via some rules. This includes an exclude list, reduction of double entries via Reverse Lookup and making Reverse Lookup obligatory.
  • Host access rules: More opportunities to deny or allow scan of host for each users, for example hostnames can now also be applied.
  • Interface access rules: This new feature allows on the one hand to specify a special interface (like “eth1”) for each task. On the other hand it is possible to express rules to allow or deny access to interfaces for each user.
  • Problems with DNS resolving during scan: Each failed resolving of a target system name is not listed in section “Errors” of the report browser.
  • Reports: The port information is now extended with the current IANA service name that is registered for this port.
  • New pre-defined Report Format Plugin “CSV Results”: Comma-separated text table of single results.
  • New pre-defined Report Format Plugin “CSV Hosts”: Comma-separated text table of result overview for each target system.
  • (*) The Scanner preference “silent_dependencies” was removed. It was reducing the number of reported results to only those NVTs that were explicitly selected. This is not necessary anymore because the filtering can now take care of reducing reports. Furthermore, incomplete reports without log information do not offer adequate transparency. In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports.

In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports. Note that when using one of the pre-defined Scan Configurations you will see no changes because these were explicitly selecting all the NVTs.

  • (*) The Scanner preference “host_expansion” was removed. Its purpose was to automatically expand the target hosts. This functionality should not be done by a Scanner, especially because it can lead to unforeseeable expansions. Using one of the pre-defined Scan Configurations or derived ones, no changes of the behaviour will happen.
  • (*) The Scanner will not create explicit results for detected ports anymore. These results had no reference to NVTs and were redundant anyway. An overview on the detected ports is already provided by other NVTs as log information. Additionally the new user interface even offers a explicit tabular overview in identified ports as part of the new report browser.
  • Tasks: It is now possible to configure the order in which the target hosts are scanned: Sequential (like before), reverse and random.
  • Task Details: The list of reports is now handled via the new object management. This also adds the powerfilter to this page.
  • Notes/Overrides: The actual note text is now used as identifier in the list instead of the NVT name.
  • Web-GUI: Consistent access to object details always via identifier in first column. The redundant button for Details is therefore removed from the set of Actions.
  • User management is made available via OMP.
  • Feed management is made available via OMP.
  • Port 80 is automatically redirected to 443. This means that if you enter “http://gsm.example.com” this is automatically changed to “https://gsm.example.com” instead of a failure message of the browser.
  • OVAL Definitions: The overview as well as the details dialog for OVAL Definitions has been reworked.

Patch-Level GOS 3.0:

  • 3.0.39 (2016-08-18):
    • GOS-Admin:
      • A warning appears when start gos-admin-menu saying that this release is retired and should not be actively used (#52993).
      • Bugfix: Prior to upgrading to GOS 3.1, there needs be done a test on BIOS version and presence of a BMC. This is relevant for a factory reset of some GSM Midrange models with a Flash Image older than GOS 3.1 (#61512).
  • 3.0.38 (2015-10-07):
    • GOS-Admin:
      • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53092).
  • 3.0.37 (2015-09-24):
    • Hardware:
      • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52840, GBSA-2015-01).
  • 3.0.36 (2015-06-12):
    • GSR PDF reports: Size limitation extended (#48813, #2015040810000021).
    • GSR/GXR PDF reports: With more than 100 hosts, the topology graph is dropped. The details are not readable anywy and the report creation is accelerated (#49274).
    • Improved import of reports into container tasks. The web interface is now available during the import (#48660).
    • Improved report filter for results (#48543, #2015041610000023).
    • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#49591).
  • 3.0.35 (2015-04-24):
    • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager models (#48657).
    • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#37419).
    • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#47706, #2015031810000031).
    • Bugfix for the OpenVAS Scanner to avoid high CPU load under certain conditions (#41205, #2014081510000029).
    • Bugfix for the OpenVAS Scanner to avoid hanging scan processes when scanning authenticated special network devices with special SSH servers (#47681, #2015031110000016).
    • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#48710).
    • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#47512).
    • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strict (#48237, #2015040210000041).
    • Bugfix for the scanning via slave: Host exceptions of a Target are now considered on the slave (#48112, #2015040210000022).
    • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#47683).
    • Bugfix that prevents timeouts when modifying larger NVT families (#48396, #2015041310000038).
    • Bugfix regarding the change of the “Host-Alive” method (#47935, #2015032710000013)
    • Minor bugfix of NTP configuration to avoid error messages in the log (#47356, #2015021110000027).
    • Bugfix for newly created automatically generated credentials (#47086, #2015021910000067).
    • Bugfix about displaying the trust status of Report Format Plugins (#47092, #2015022310000013).
    • Extensions of the online help for overrides (#47912).
    • Bugfix to prevent timeouts when creating or importing large scan reports (#48305, #48304, #48303, #48268, #2015040910000046, #2015041010000034).
  • 3.0.34 (2015-03-12):
    • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager of type “GSM 100” (#47309).
    • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#44856, #2014073110000063).
    • Bugfix for reports that applied a filter for a single IP address: It was possible that some result entries were missing (#45891, #2015011510000058, #2015022510000037).
    • Bugfix for running scans via slaves: Now the selected port list will be used instead of just the default one (#46692).
    • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46543).
    • Improved performance for lists of reports (#46964).
    • Bugfix for the GSR report plugin: The text entry of overrides was missing (#38158, #2014060310000046).
    • Bugfix for scan progress bar: The progress is now displayed with better accuracy (#46401, #2015020210000053).
    • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46246).
    • Minor bugfix for upgrading GOS 2.2 to 3.0. The removal of an unneeded file directory failed (users-remote). (#46320).
    • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47265).
    • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#47091).
    • Bugfix for schedules that were configured to run for only a very short duration like just 1 minute (#46520).
    • Minor bugfix for a changed external URL in the online help of the web interface. (#46545).
  • 3.0.33 (2015-02-05):
    • Bugfix for Scan Configuration regarding the counter of active NVTs per family. Under certain conditions the number was too high by 1 (#44476).
    • Bugfix for autorefresh: Under rare conditions the session ticket became invalid, making it necessary to log in again (#44673).
    • Consistency fix for alerts: Here the default filter included the element “autofp” while it was not included in the results browser. Now “autofp” was removed from the defaults for alerts (#45083, #2014120310000016).
    • Improved error message for alerts that failed to execute due to missing report plugins (#43915).
    • Bugfix for expanded powerfilter: The checkbox for overrides was not always visible (#44858).
    • Bugfix regarding the delete-user function in gos-admin-menu (#45902).
    • Extended selfcheck of gos-admin-menu to cover the availability of the internal OMP service (#41194).
    • Extension of gos-admin-menu with configuration option for MTU of the interfaces (#44953, #2014121910000059).
    • Bugfix for inactive overrides: Such will not anymore be shown by the Report Plugins (#45076, #2014122210000034).
    • Bugfixes that lower the CPU load under certain conditions (#45564, #45562, #44544).
    • Bugfix for the overrides checkbox for the powerfilter, so that no wrong jump to default powerfilter settings happens anymore (#44905).
    • Bugfix for the Reports view so that now also those reports are shown for which a user has proxy permissions (#44052).
    • Activated Release Change to GOS 3.1 for GSM ONE. (#46468).
    • Lowered the number of reverse-lookups of the GOS base system for NTP in order to lower the log noise in the network monitoring (#45933).
    • Bugfix for permission checks for objects in the trashcan (#44902).
    • Bugfix for individual timeout configuration of NVTs when executed on a slave system (#46297, #2014121110000019).
  • 3.0.32 (2015-01-29):
    • Bugfix that updates an internal TLS certificate. With an expired certificate it is not possible to log in to the web interface. This problem currently occurs only for GSM 600 (#46218).
  • 3.0.31 (2014-12-18):
    • Bugfix for the recovery of a userdata backup for model GSM 500 (#44474).
    • Bugfix for sensor upgrades, especially for Airgap. In case of problems please contact our Support with reference to ticket number 44535 (#44535, #44477, #44444, #2014082010000019).
    • Activated slave assignments: Slaves created by a administrator and made accessible to users will now appear in the users’ selection lists for Slaves and can be used for scanning accordingly. The assignment of slaves currently still only works via direct permissions configuration (#44187, #2014112110000029).
    • Improvement of the behavior of the web interface in case autorefresh and Post requests are combined (#44362).
    • Bugfix about the NVT selection when using older, imported scan configurations where not always all NVTs were actually executed when scanning (#44446, #2014120310000016).
    • For userdata backups it is now possible to configure a backup server (SSH-based) and via gos-admin-menu the userdata backups can be transferred from/to the configured backup server (#43687, #2014110510000032).
  • 3.0.30 (2014-12-04):
    • Performance improvement for operations that retrieve lists of scan reports (#44348).
    • Bugfix for the automatic refresh in the web interface: After submitting a form, the refresh will not try to re-submit the form. This cause the interface to jump to another page (#43714).
    • Bugfix for missing graphs in the GXR report when sent via an email alert. The GXR/GSR reports where reworked regarding some other details, among these an improved timezone indication (#40211, #2014082110000026, #44275, #40028, #2014072410000022, #43853, #2014101410000035).
    • Improvement for starting scheduled scans so that these are started, possibly slightly delayed, even under high system load (#44024, #2014073110000063).
    • Bugfix for occasionally missing logo in the web interface (#43713).
    • Internal improvement to prevent wrong usage of feed synchronisation in the expert mode of GSM administration (#35126).
    • Bugfix that reduces the memory consumption of the scanner (#43581).
  • 3.0.29 (2014-11-29):
    • Urgent security-relevant bugfix about a attack vector for SQL injections. The attacker needs a user account for the GSM. (#44316, #44315, GBSA-2014-02).
  • 3.0.28 (2014-11-13):
    • Simplification of the internal processing for the management of Greenbone OS. Essentially the “Scheduling” phase is dropped for various routines and thus accelerates them considerably. The improved functions are: Sensor Trigger, GOS Upgrade, Feed Sync, GOS Sync, Flash-Image Sync, Airgap, any Backup and Restore (#43776, #42781, #42782, #43298, #43297, #43584, #43618, #43617).
    • Performance improvement for a Master-GSM that controls many sensors where the tasks intensively use automatic alerts (#41734, #43328, #43329, #2014073110000063).
    • The content of the “affected” information of a NVT is now also shown in the results details view and various Report Formats (#40460).
    • Internal improvement for the analysis of NVT bugs by adding more details into the respective log messages (#40418)
    • Improved online help about “Edit Tasks” regarding Alterable Tasks (#41189, #2014091810000031).
    • Bugfix for Selfcheck in GOS-Admin-menu where occasionally a freeze of the selfcheck occurred (#43813).
    • Bugfix regarding schedules that wrongly executed multiple times per day. This problem occurred when timezone changes (#43619, #2014110510000023).
    • Bugfix for Backup/Restore across GOS generations (#43622, #43681, #43715, #43681, #2014082010000019).
    • Extension of the Powerfilter, so that for some objects the presence of sub-objects can be considered. For example it is now possible to apply “schedule=” for task overview to filter for any tasks that do have a schedule associated (#39947, #2014081310000023).
    • Bugfix for timestamps about when a scan of a host finished when done via a scan sensor. Now the timestamp is immediately available when the scan of that host finished and not only when the entire scan finished (#32725, #2013102110000041).
    • Improved response times of web interface when used intensively in parallel (#42029).
    • The pre-configuration of the scan parameter “unscanned_closed_udp” was changed from “no” to “yes” for harmonization with the analog setting for tcp. This prevents some unnecessary timeouts during a scan (#31638).
    • Improved internal consistency checks regarding incomplete update downloads (#35948).
    • Slight performance improvement for Asset Management (#42062, #2014100810000011).
    • Extended user management of GOS-Admin-Menu: Now it is possible to set a new password for a web-admin also at this place (#31074, #2013080610000021).
    • Bugfix so that now the Powerfilter for NVTs includes the script tags (#43455).
    • A analysis of the database about some specific properties can now be executed via GOS-Admin-Menu (menu “Advanced”) (#43686, #41096).
    • Bugfix for the problem that under some specific, non-reproducible conditions some NVTs where not executed for a given target (#43300).
    • In the web interface the task filter selection is now persistent. Choosing a filter there and returning later to task overview will activate that filter again automatically (#39676).
    • In the web interface the refresh setting is now persistent when changing the views (#39673, #2014073110000018)
    • Online help about roles was extended (#42033).
    • Improvement of the Airgap function for GSM 5300/6400 so that the USB Stick device sequence is not relevant anymore (#42021).
    • Internal consistency check for GOS prior version 2.0 now finally removed (#41152).
    • Minor internal improvement to drop false error messages in the boot log (only GSM 600) (#37059).
    • Changed appearance of CLI Admin shell prompt which now includes the hostname of the GSM (#24692).
  • 3.0.27 (2014-10-16):
    • Bugfixes for Airgap feature. In this context a new logic was implemented for this process that prevents various side effects (for example changing device enumeration (#26710, #42149, #42010).
    • Bugfix for GSM 600 and GSM 650 that removes a processor slow-down. The performance of these appliances should increase visibly (#42148).
    • Reduced size of GXR and GSR PDF reports (#31553).
    • Feed-Push and Upgrade functionality for sensors added to gos-admin-menu. This allows to manually start updating sensors for example in case the sensor was not reachable during automatic update (#21553, #33986, #2013122010000021 ).
    • Added switch in gos-admin-menu to change the graphical web interface. Available are the classic view and the extremely reduced German interface “IT-Schwachstellenampel” (ITS) (#37879).
    • Administrative interface: There is a new explicit setting “all” that makes all interfaces administrative interfaces. This is now treated identical to empty or missing setting (#41004).
    • Bugfix for sensor check in selfcheck: This check now behaves in the same way like the check in the Sensor-Management does (#40324).
    • Bugfix for selfcheck in sensor mode: Non-reachability of feed server is not complained about anymore (#37577, #2014051310000011).
    • Extended selfcheck with a warning about TLS certificates that will expire in near future (#39502, #2014072410000102).
    • Changed pre-configured MTA to mail.example.com to avoid confusion (#40741).
    • Bugfix that prevents the internal GOS cron processes trying to send local emails about log data to “postmaster” (#42013).
  • 3.0.26 (2014-09-26):
    • Security update for third party tools used by Greenbone OS. This includes fixes for the vulnerabilities described in CVE-2014-6271 (Shellshock), CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187 in GNU Bash (#41575).
  • 3.0.25 (2014-09-13):
    • Bugfix for the migration of imported report formats with non-unique IDs (#40970).
    • Bugfix for the migration of schedules with missing time zones (#40737).
    • A bug which caused an internal error when attempting to empty the trashcan under certain circumstances has been fixed (#40358).
    • A bug which caused the “alterable” state to be displayed incorrectly in the web interface has been fixed (#40084, #2014081510000011).
    • The name of the task is now included in the PDF, LaTeX, HTML and TXT report formats (#25269).
    • A bug which caused start and end times to be displayed in an incorrect time zone when using slaves in different time zones under certain circumstances has been fixed (#39691, #2014072410000022).
    • A bug which caused the scan status to be displayed incorrectly as “-1 %” when scanning through a slave under certain circumstances has been fixed (#39679, #2014073110000063).
    • CPU usage on the master during slave scan has been reduced considerably, resulting in improved performance (#40120, #2014073110000063).
    • If enabled, JavaScript is now used in more situations to automatically apply the selection in a drop down menu (#39672, #2014073010000047).
    • A bug which cause excessive logging under certain circumstances has been fixed (#40121).
    • The “clone” functionality is now more easily accessible for a number of objects (#39674, #2014073110000027).
  • 3.0.24 (2014-08-22):
    • Bugfix that prevents a migration failure during a release switch. Changes introduced with the GOS 3.0.23 caused a release switch from GOS 2.2 to GOS 3.0.23 to fail during user migration (#40159).
  • 3.0.23 (2014-08-16):
    • Bugfix regarding visibility of GXR PDF plugins in case several copies are used in parallel (#39058).
    • Bugfix for defect masterkeys on sensors so that such are now identified (#38958).
    • Bugfix for the redirection from port 80 to 443 for the case that another than the default network interface is used (#39762).
    • Bugfix about using the administrative interfaces regarding the web interface in case another than the default network interface is used (#34964).
    • Bugfix to remove some false internal log messages about SCAP and CERT databases (#39185).
    • Bugfix for the behaviour of the CLI command “addadmin”. The user management via gos-admin-menu was not affected (#39227, #39245, #2014071510000067).
    • Some non-functional (empty) commands were removed from CLI Admin (#39472).
    • Removal of some since GOS 3.0 unneeded internal data files. Only in very few cases this will visibly lower disk storage consumption (#34966).
    • Bugfix that improves the redirection from port 80 to port 443 for some client applications. Standard browsers were not affected (#38612).
    • Minor bugfix to enable the internal log rotate for a log file (#37483).
    • Feedback button added to results: The details view of a result now offers a button to submit feedback about a scan result to the Greenbone support team (#38249).
    • Bugfix to remove internal temporary backup file while doing a user data backup (#39335).
    • The functionality “pause” for tasks was removed from the web interface. Paused tasks could block a significant amount of memory and stopped tasks can also be resumed (#39914).
    • Bugfix for the import of brute-force login lists within the scan configuration (#39471).
    • Bugfix to allow the multiple import of the very same report format plugins (#38016).
    • Changed the choice of refresh times: Instead of 10s/30s/60s it is now 30s/60s/2m/5m (#36561, #2014040710000024).
    • Bugfix about adding LDAP user accounts to user groups (#38459).
    • Bugfix about usage of filters for which read access was granted (#38787).
    • Minor bugfix about internal process handling when creating a tag (#39936).
    • The functionality “unfold filter” is now also available in the report view “summary” (#38783).
    • Internal extension of so that individual configuration of services is possible in case of very special needs (#37575, #39692, #2014051310000038).
    • IP addresses and hostnames in the report view do now link into the asset management (#39226, #2014071510000049).
    • Extension of the tooltips about hosts in the asset management to name the CPE (#39225, #2014071510000031).
    • Creating new LDAP users does not require to specify a (unused) password anymore (#31438, #2013082810000033).
    • Extension of gos-admin-menu with a hint that reboot is necessary after changes about the SSL certificate (#39503, #2014072410000111).
    • Increased number of possible IPs in host access field for user restrictions to 16,777,216 (#39405, #2014072110000046).
    • Improved LVM based backup functionality for GSM 6×0 (#37820).
    • The name of the task is now visible in the menu of the report view (#38782, #2014063010000021).
    • In CVSS vectors “AU” is now accepted for “Au” (#37710).
  • 3.0.22 (2014-07-11):
    • Bugfix that prevents a system freeze at boot time. Under certain conditions it can happen that a GOS 3.0.20 and GOS 3.0.21 will stop during boot process. The Greenbone Support team knows what to do in this case. In case you upgraded to 3.0.20 or 3.0.21 but have not rebooted the system, please first upgrade to 3.0.22 before doing so. (#39159).
  • 3.0.21 (2014-07-09):
    • Extended Alert type “verinice” with choice of the applied Report Report Format (#38995, #2014070710000037, #38996, #2014070710000046).
    • Bugfix regarding the extended SSL/TLS capabilities that were introduced with GOS 3.0.20. It ensures proper detection of SSL ports which did not happen in 3.0.20 (#38997).
    • Deactivated internal boot log because under certain conditions this caused problems regarding the console (#39007).
    • Bugfix regarding permissions of pre-configured roles: These can now not even more be changed with administrative rights (#38607).
  • 3.0.20 (2014-07-05):
    • Updated and extended SSL/TLS capabilities for both, the GOS services and the actual scanner. This also adds support for PFS (Perfect Forward Secrecy) (#38046, #33832).
    • Added support to configure TLS cipher priorities for OMP and HTTPS via gos-admin-menu (#36507, #38615).
    • Added support for SINA One Way Gateway to allow Feed updates across this gateway from an external GSM to an internal GSM. gos-admin-menu is extended with configuration for both sides, the update master and the update slave (#37854, #38047).
    • In order to allow updates of inhomogeneous GSM setups (for example 5300/600/100) in an internal network from a single external GSM, the GSM Midrange/Enterprise models are now enabled to hand over updates for a variety of GSM types (#38069).
    • In order to allow chained Master-Sensor setup (for example 5300>600>100) support was added configure a GSM to be Master and Sensor at the same time (#38048).
    • Bugfix that resolves database locking issues for Airgap updates that could occur under certain conditions (#38460).
    • Bugfix that adds transfer of CERT data for Airgap updates (#38049).
    • Minor bugfix about global-indicator icons for notes (#38722, 2014062610000011).
    • Bugfix that fixes the problem with multiple entries in the Host Access entry of a user configuration. Now all elements are accepted (#36137, #2014031910000031).
    • Allow scheduled tasks to be also startable manually (#28892, #2013040610000028).
    • Bugfix about triggering GSM 25V upgrades via Master GSMs (#38192).
    • Bugfix for the problem that entering the user/password management in gos-admin-menu sets sensor tasks to “stopped” (#38288).
    • Bugfix for an UTF-8 issue in ITG scan results (#37163, #2014042410000064).
    • Report Format Plugin “verinice ISM” is now a predefined one (#30425, #38708, #2013062610000013).
    • Added support for multiple email addresses for a email alert, rather than just a single one (#37652, #2014051410000036).
    • Minor bug fixes for rendering issues in some Chrome browsers (#35495).
    • Minor bugfix for some synchronisation log message cases (#38197).
    • Bugfix for restoring deleted Groups. Now the users are not lost (#38614).
    • Minor internal cleanup (removal of a left-over file) (#36423).
    • Bugfix to guarantee quick access to user and password management of gos-admin-menu. In some cases to took a considerable time open this menu (#38287).
    • Bugfix about cloning tasks with observers where permissions were dropped wrongly for the clone (#38213).
    • Bugfix to accelerate boot time which in some special cases took about 2 minutes and is now back to a few seconds (#38286).
    • Added check for expired certificate to selfcheck in gos-admin-menu (#35918).
    • Minor improvement about timezones in schedules (displaying and online help) (#38611, #38613).
  • 3.0.19 (2014-06-05):
    • Extension of gos-admin-menu to allow configuration of TLS Ciphers for OMP (#37763, #2014051910000018).
    • Updated guest tools for GSM 25V (#37566).
    • Bugfix for GSM25V regarding a defect boot menu (#38012).
    • Bugfix for the SCAP database to not ignore some specific CVEs in queries (#37236).
    • Fixed typo in gos-admin-menu in a path note (“2.1” vs. “3.0”) (#37561).
    • Bugfix to disallow deleting of a Report Format Plugins via OMP or web interface in case it is still being used for an alert (#37485, #35960).
    • Bugfix for non-self-signed SSL certificates to allow also longer certificate chains (#37863, #2013120910000043).
    • Extension of sensor checks of master GSMs to validate SSL certificates of the sensors (#37414).
    • Bugfix to close a memory and CPU leakage that occurred when using Chrome (#37988).
    • Bugfix that solves the issue that some deleted Report Format Plugins are still shown as long as they are kept in the trashcan (#36509).
    • Bugfix to add newly imported and activated Report Format Plugins to respective drop-down lists (#37457).
    • Bugfix for login procedure of LDAP accounts regarding LDAP server TLS certificates so that now all LDAP accounts can login again (#37458).
    • Bugfix to take care for deleted user account also the configured group and role relationships are removed (#37439).
    • Bugfix to make the boot log visible via gos-admin-menu (#37600).
    • Bugfix to make permissions invisible on a GSM ONE that refer to functionalities that are not available for this GSM anyway (#34539).
    • Improved internal log mechanism so that also very long log messages are not truncated (#37476).
    • Improved error message when deleting a user account (#37451).
    • Bugfix for deleting of user accounts via gos-admin-menu (#37878).
  • 3.0.18 (2014-05-10):
    • Bugfix for Migration (ANALYZE) from GOS 2.2.0 to 3.0 (#37357).
    • Improvement that removed unneeded temporary files (kbs) (#37263).
    • Bugfix regarding encoding which prevented configuration of some NVTs (#37146, #2014042410000073).
    • Bugfix for Feed synchronization routines for master-sensor updates (#37240).
    • Bugfix for sensor check in gos-admin-menu (#37243).
    • Bugfix to prevent that individual timezone settings get lost (#37265).
    • Bugfix that takes care all permissions of roles User and Observer are preserved during a migration from GOS 2.2.0 to 3.0 (#37438).
    • Bugfix to avoid truncated long CPE names in report format GSR (#36508, #2014040410000011).
  • 3.0.17 (2014-04-23):
    • Bugfix for initial database creation (#37045).
    • Bugfix for consistent LCD content (#36544).
    • Improvement of LCD content (GOS version and IP address) (#36281).
  • 3.0.16 (2014-04-17):
    • Improvement for GSM ONE: If the initial web account is still missing, then a corresponding hint is given on the console (#36444).
    • Improvement for upgrades to be more tolerant upon problems that might occur during a data migration (#36546).
    • Bugfix to make the LDAP configuration dialog available (#35363).
    • Bugfix for the TLS settings of the OMP service (#36789).
    • Extension that will automatically create a self-signed certificate at first start of GOS (#36574).
    • Bugfix to allow the AD account names for authenticated proxies in gos-admin-menu (#36586).
    • Bugfix for the redirect from http to https of the web interface (#36762).
    • Bugfix for migration from GOS 2.2.0 (#36764, #36545).
  • 3.0.15 (2014-04-05):
    • The NVTs “Host Summary” and “CPE Inventory” have been disabled for all pre-installed scan configurations. These data are available in the other results sections anyway (#36104, #35927).
    • For GSM ONE the web address is now displayed directly on the console (#36316).
    • Switched internal logging of web service to SysLog (#36340).
    • Formatting improvements of various login messages of the internal administration level (#36201, #36317).
    • Bugfix for Report Format Plugin GSR which failed in some cases (#36282).
    • Bugfix that moves the DHCP log information in gos-admin-menu to the suitable section (#31287).
    • New: Quick-Task Wizard, available on the wizard page of tasks. For GSM ONE this dialog is reduced (no alerts) (#33889, #36424, #28196, #2013022810000017, #2013112510000014).
    • Restricted offer of TLS versions and ciphers of the web interfaces. Older browsers can not access the web interface any more (#35333).
    • The pre-selected Report Format Plugin for prognosis is now the simple PDF report (#26361).
    • Bugfix that removes unneeded temporary files of services that were removed since GOS 3.0 (#36357).
    • Extended scanner capabilities for TLS services (v1.1 und v1.2) (#36109).
    • Bugfix for the setting of results filter for alerts (#36094).
    • TLS ciphers settings of OMP adjusted to the same as for HTTPS (#34747).
    • Bugfix regarding the LCD display control (#36372).
    • Bugfix to have now an absolute path for the location header of the web interface. This improves the use with proxies (#9709).
  • 3.0.14 (2014-03-27):
    • Updated Report Format Plugins GXR and GSR to version 2.0.1 (#35767).
    • Reduced internal log information of Greenbone OS (#35710).
    • Improved support for hypervisor for GSM ONE (#20497).
    • Bugfix for the entry of Alive-Test method in the web interface (#36165).

2013-06-07: Greenbone OS 2.2.0 

Latest patch level: 2.2.0-37 (2015-07-01)

The items marked with (*) will change the default behaviour.

  • Tasks: Now with new object management

Tasks are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Overrides: Now with new object management

Overrides are now handled via the new object management and therefore gain access to the power filter and to the trashcan. Functionalities Clone and Export are also added.

Furthermore Overrides can now be directly created even without necessity to go via a Task.

All user interfaces where lists of Overrides were shown, like for NVT Details, were changed so that the lists are replaced by a link into the Overrides management with a appropriate context filter.

  • SecInfo Management: CVE data with new object management

The CVE Lookup is replaced by the new object management. This makes interactive search, the Powerfilter and many other functions available for CVE data. The Greenbone SecInfo CVE database contains the official CVE database of MITRE with over 50,000 CVEs.

  • SecInfo Management: OVAL database

New element of the SecInfo Management are the OVAL data. OVAL stands for Open Vulnerability Assessment Language and is a formal description for vulnerability evaluation. These information help with the analysis and are cross-referenced via CVE. The Greenbone SecInfo OVAL database contains the official OVAL Repository of MITRE with over 14,000 OVAL Definitions.

  • SecInfo Management: DFN-CERT Database

A new class in the SecInfo Management are the security alerts issued by the German DFN-CERT, the CERT of the German research network. These security alerts are published in German language and are referenced into scan result via CVE identifiers.

  • Port Lists: Now with new object management

Port Lists are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Credentials: Now with new object management

Credentials are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export. Passwords will of course not be present in exported data.

  • Schedules: Now with new object management

Schedules are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Scan Configs: Now with new object management

Scan Configs are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

  • Alerts: Now with new object management

Alerts are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Report Formats: Now with new object management

Report Formats are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Slaves: Now with new object management

Slaves are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

  • Powerfilter: Syntax extension to select backward from current date for a fixed time span in timestamp columns. For example, “modified>-7d” will select all objects modified in the past 7 days.
  • Powerfilter: Syntax extension to select exact matches in multiple fields. For example, “=” will select all objects where any of the fields contains exactly this IP.
  • SCAP Feed-Update: This function is now also available via the Web-Interface in the Administration area. However, the updates are still done automatically in the background. A manual start is rarely needed in special situations.
  • Personal default powerfilters: In “My Settings” it is now possible to set a preferred Powerfilter for each object class. If you open the overview of the object class, for example the Task overview, automatically your personal default Powerfilter will be used to apply your preferred sorting and filtering.
  • Agents: Now with new object management