• Greenbone Cloud Service TRIAL
  • Greenbone Enterprise TRIAL
  • Buy Here
  • Contact
  • Blog
  • German
  • English
  • Deutsch Deutsch German de
  • English English English en
Greenbone Networks
  • Products
    • Hardware Appliances
      • Greenbone Enterprise 6500
      • Greenbone Enterprise 5400
      • Greenbone Enterprise 650
      • Greenbone Enterprise 600
      • Greenbone Enterprise 450
      • Greenbone Enterprise 400
      • Greenbone Enterprise 150
      • Greenbone Enterprise 35
    • Virtual Appliances
      • Greenbone Enterprise EXA
      • Greenbone Enterprise PETA
      • Greenbone Enterprise TERA
      • Greenbone Enterprise DECA
      • Greenbone Enterprise CENO
      • Greenbone Enterprise ONE
      • Greenbone Enterprise 25V
    • Greenbone Cloud Service
    • Technology
      • Feed Comparison
      • Product Comparison
      • Roadmap & Lifecycle
  • Cyber Resilience
    • Cyber Resilience – Report
    • Vulnerability Management
  • Customer Services
    • Technical Support
    • Documents
    • Self-Learning Courses
  • About Greenbone
    • Contact
    • Careers
    • Media Contact
  • Search
  • Menu Menu

Current Versions

Version
 Lifecycle Status Patch Level
GOS 21.04 Mature 21.04.18 (2022-05-25)

Overview

Which Appliance Runs with Which GOS Version?
Hardware Appliances
GOS Version Appliance Model
6500 6400 5400 5300 650 Rev. 1 650 Rev. 2 600 Rev. 1 600 Rev. 2 450 Rev. 1 450 Rev. 2 400 Rev. 1 400 Rev. 2 150 35
GOS 21.04 ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔
GOS 22.04
 ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘
Virtual Appliances
GOS Version Appliance Model
EXA PETA TERA DECA CENO 25V ONE
GOS 21.04 ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔ ✔✔
GOS 22.04
 ⭘ ⭘ ⭘ ⭘ ⭘ ⭘ ⭘

✔✔ recommended | ✔ supported | ✘ not supported | ⭘ will be supported

Lifetime Phases of GOS Versions

Support Schedule of GOS Versions

Description Lifecycle System

Greenbone OS Lifecycle Phases

  • Planning: The feature set for the release is being defined. During the planning phase, we also take into account our customers’ requests and suggestions for new or enhanced features. As soon as an upcoming release enters this phase, it appears on our roadmap.
  • Development: The expected feature set is now defined. Changes to the feature set are only made if absolutely necessary. The new features are being designed and implemented by our developers. QA and other support systems for the release are being prepared.
  • Alpha: The new release is available internally, including some new features. Development of other features may continue. Release-specific documentation and QA starts.
  • Beta: The feature set is now final. All new features are implemented and tested. Development is focused on bug fixes and improvements. The new release may be made available to a select group of external testers, including partners and customers.
  • New: The new release is available to the public for all supported appliance models. Documentation and support for the new release are provided. Patches may be provided frequently to address any issues.
  • Mature: Most issues of the new release have been addressed. Patches are now provided at a regular 4-week interval. All users are encouraged to upgrade to the new release.
  • End-of-Life: The release is approaching the end of its lifecycle. Patches are limited to important fixes of core functionality and security issues. The next release is already in the mature phase, and users are notified to upgrade.
  • Retired: The release is removed from the list of current releases and archived. The functionality of a retired release may be limited and no more patches are provided. QA and documentation are discontinued. Support is limited to assistance in upgrading to the next release.
  • Obsolete: The release is not useable anymore. All support and other services are discontinued.

Greenbone OS Lifecycle Levels

  • Release: The first two numbers of a Greenbone OS version indicate the release version, for example the “21.04” in “21.04.3”.
    The versioning scheme is date-based (also called Calendar Versioning). For example, Greenbone OS 21.04 was released in April 2021 and Greenbone OS 22.10 will be released in October 2022.
    The purpose of a release is to introduce new features and to extend existing ones. A new release includes changes to the default behavior. Subject are the system itself, the scanner, the web interface, the database, the API and the administration.
    Since upgrading to a new release means significant changes and a migration of the database, the administrator must explicitly confirm a release upgrade. Once this is done, the release upgrade is performed in the same way as a regular patch level upgrade, however it takes more time.
    All releases are supported for a fixed amount of time. The end-of-life of a release never occurs earlier than at least 6 months after the deployment of the following release. The end-of-life of a release is always announced 3 months in advance. The Greenbone Community will regularly inform about such dates and all current versions and dates can be viewed on the Roadmap & Lifecycle page at any time.
  • Patch Level: The last number of a Greenbone OS version indicates the patch level, for example the “3” in “21.04.3”.
    The patch level count starts with “0” for the first publicly available patch level of a new Greenbone OS version, for example “21.04.0”.
    Within a release, only the latest patch level is fully supported. For all previous patch levels, the upgrade to the latest patch level is supported.
    Information about each patch level is made available via the Greenbone Community and the Roadmap & Lifecycle page in the section “Changelog”.
    The purpose of patch level upgrades are security- or bug fixes as well as general improvements. A patch-level upgrade does not add any features or change the default behavior or API unless absolutely necessary.
    Patch level upgrades are quick and easy to perform. Before opening a new support ticket, it should always be checked if the issue exists with the latest patch level.

Release Schedule

  • 2021-04-30

     

    Release

    GOS 21.04

  • 2021-12-02

    Retirement

    GOS 20.08

  • 2022

     

    GOS Release

PreviousNext

Changelog

GOS 21.04

2021-04-30: Greenbone OS 21.04

Latest Patch Level: 21.04.18 (2022-05-25)

Lifecycle-Phase: Mature

21.04.18 (2022-05-25):

  • Greenbone OS:
    • Improvement: the package libxml2 included in GOS was upgraded to version 2.9.4+dfsg1-7+deb10u4 as the former version 2.9.4+dfsg1-7+deb10u3 is vulnerable to CVE-2022-29824 (#GOS-879, #GSI-88).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-05-24 (#GOS-884).

21.04.17 (2022-05-19):

  • Greenbone OS:
    • Improvement: the package openssl included in GOS was upgraded to version 1.1.1n-0+deb10u2 as the former version 1.1.1n-0+deb10u1 is vulnerable to CVE-2022-1292 (#GOS-875, #GSI-87).
    • Improvement: the package postgresql included in GOS was upgraded to version 11.16-0+deb10u1 as the former version 11.14-0+deb10u1 is vulnerable to CVE-2022-1552 (#GOS-872, #GSI-84).
    • Bugfix: an error was fixed where a wrong check was used to determine whether a beaming image can be imported and the corresponding dialog in the GOS administration menu was changed to avoid confusions (#GOS-874).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-05-18 (#GOS-876).

21.04.16 (2022-05-12):

  • Greenbone OS:
    • Improvement: a function was implemented that will remove old incremental backups created with GOS 6 or earlier locally and remotely when upgrading to the next major GOS version since the backups are incompatible with all currently supported GOS versions and in order to reclaim hard disk space (#PL-835).
    • Improvement: the GOS kernel of hardware appliances was updated to include fixes for CVE-2021-4197, CVE-2022-0168, CVE-2022-1016, CVE-2022-1048, CVE-2022-1158, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1353, CVE-2022-1516, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390 and CVE-2022-29582 (#PL-864).
    • Improvement: the GOS kernel of virtual appliances was updated to include fixes for CVE-2022-0168, CVE-2022-1158, CVE-2022-1195, CVE-2022-1199 and CVE-2022-29582 (#PL-864).
    • Improvement: the packages gzip and xz-utils were upgraded to versions 1.9-3+deb10u1 and 5.2.4-1+deb10u1 respectively as the former versions were vulnerable to CVE-2022-1271 (#PL-863).
    • Improvement: the package zlib was upgraded to version 1:1.2.11.dfsg-1+deb10u1 as the former version was vulnerable to CVE-2018-25032 (#PL-858, #GS-2024).
    • Bugfix: an error was fixed for master-sensor setups where unnecessary checks for osp resulted in the (previously correctly configured) file /var/lib/gvm/sensor_ports.tsv being overwritten with an empty file (#PL-719).
    • Bugfix: an error was fixed where a VLAN’s IP address was not recognized by the self-check if only a VLAN was configured as the network connection resulting in a self-check warning and several GOS upload menu dialogs, e.g., Setup > Feed > Key(HTTP), not working correctly (#PL-821).
    • Minor improvement: the list of valid feed servers was updated (#PL-839).
    • Minor improvement: a function was implemented to create an override for the feed server used. However, the overwritten feed server must still be part of the list of valid feed servers (#PL-837, #PL-840).
    • Minor improvement: the URL for feed_home in the feed.xml files was updated to https://www.greenbone.net/en/feed-comparison/ (#PL-862).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-05-12 (#PL-870).
  • Vulnerability Scanning:
    • Bugfix: an error was fixed where openvas-nasl-lint was not able to detect issues in several vulnerability tests (#SC-584).
    • Improvement: the functions of wmic were extended to make it possible to add an optional ‘options’ parameter (#SC-568).
    • Minor improvement: the nasl linter count error message was modified to reflect that the number of scripts with errors is counted and not the total amount of errors (#SC-561).
    • Minor improvement: the unnecessary variable ${LIBNET_LDFLAGS} in target_link_libraries was removed from the file nasl/CMakeLists.txt (#SC-551).
    • Minor bugfix: a SIGSEGV handle that may cause a process not to terminate has been fixed (#SC-552).

21.04.15 (2022-03-17):

  • Greenbone OS:
    • Improvement: pam_tally2 that was used to protect the system from brute force attacks over SSH was replaced by pam_faillock as the former is deprecated (#PL-774).
    • Improvement: the package openssl included in GOS was upgraded to version 1.1.1d-0+deb10u8 as the former version 1.1.1d-0+deb10u7 is vulnerable to CVE-2021-4160 and CVE-2022-0778 (#PL-820).
    • Improvement: the package cyrus-sasl2 included in GOS was upgraded to version 2.1.27+dfsg-1+deb10u2 as the former version 2.1.27+dfsg-1+deb10u1 is vulnerable to CVE-2022-24407 (#PL-822).
    • Improvement: the menu option Advanced > Copyright and Licenses has been redesigned to a dialog-like menu (#PL-766).
    • Bugfix: an error was fixed where TLS 1.3 cipher suites could not be configured in the gos-state-manager (#PL-793).
    • Bugfix: an error was fixed where explicitly configured routes were ignored by the scanner (#PL-736, #SC-499 #GS-1278).
    • Bugfix: a configuration error on master-sensor setups was fixed that occured when the DNS server was misconfigured or not reachable  (#PL-768).
    • Minor improvement: for master-sensor setups the standard SSH “REMOTE HOST IDENTIFICATION HAS CHANGED” warning message was changed to be more user-friendly (#PL-104).
    • Minor improvement: the dialog that is displayed when no backups for restoring are found was improved (#PL-770).
    • Minor improvement: the menu option Advanced > Copyright and Licenses in the GOS administration menu was updated to show the new license information for the Greenbone Enterprise Feed (#PL-766).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-03-17 (#PL-823).
    • Minor bugfix: an error was fixed were upgrading to a GOS version with a newer postgres package resulted in an unwanted and misleading log message (#PL-744).
  • Vulnerability Management:
    • Major bugfix: an error was fixed where tasks resumed at 0 % had the status “Requested” forever and, after rebooting the appliance, the status “Interrupted at 0 %” (#AP-1893).
    • Bugfix: an error was fixed where executing the script create-consolidated-report.gmp.py resulted in an error message (#AP-1819).
    • Bugfix: the logging was fixed to show a certain backtrace error that was only shown in development environments before (#AP-1871, #GS-849).
    • Bugfix: an error was fixed where gvm-tools failed to execute commands if the known_host file did not exist for a user (#AP-1582).
    • Minor improvement: the copyright on the “About” page of the appliance’s web interface was updated to “2009-2022” (#PL-780).
  • Vulnerability Scanning:
    • Improvement: the scanner has been extended to detect and report SSL/TLS services requiring a client certificate (#SC-474).
    • Improvement: the scanner has been extended to detect and connect to SSL/TLS services using short diffie-hellman (DH) primes (< 1008 bits) (#SC-441).
    • Bugfix: an error was fixed where the sequence of starting and stopping a task and then starting (not resuming) the same task – one immediately after the other –  led to the scanner running unmonitored in the background (#SC-505).
    • Minor improvement: some SSL/TLS failure log messages have been extended with the hostname of the affected scan target for debugging purposes (#SC-486, #GS-843).
    • Minor improvement: where possible, g_memdup() was replaced by g_memdup2() and otherwise by memcpy (#SC-502).
    • Minor bugfix: an error was fixed where the host name was not recognized by the scanner from time to time (#SC-528, #GS-1302).

21.04.14 (2022-03-11):

  • Greenbone OS:
    • Improvement: for virtual appliances, the Linux kernel was upgraded to version 4.19.232-1 as the former version was vulnerable to CVE-2021-20322 (#PL-705).
    • Improvement: for hardware appliances, the Linux kernel was upgraded to version 5.10.103-1 as the former version was vulnerable to CVE-2022-0185 (#PL-816).
    • Improvement: for hardware appliances, the Linux kernel was upgraded to version 5.10.103-1 and for virtual appliances to version 4.19.232-1 as the former versions were vulnerable to CVE-2022-0492 (#PL-814).
    • Improvement: for hardware appliances, the Linux kernel was upgraded to version 5.10.103-1 and for virtual appliances to version 4.19.232-1 as the former versions were vulnerable to CVE-2022-0847 (#PL-816).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-03-11 (#PL-817).

21.04.13 (2022-02-25):

  • Greenbone OS:
    • Improvement: the library Expat included in GOS was upgraded to version libexpat1:amd64 2.2.6-2+deb10u3 as the former version libexpat1:amd64 2.2.6-2+deb10u1 is vulnerable to CVE-2022-23852 (#PL-788).
    • Improvement: as redis was vulnerable to CVE-2022-0543, the redis server included in GOS was upgraded from version 5:5.0.14-1+deb10u1 to version 5:5.0.14-1+deb10u2 (#PL-787).
    • Minor improvement: the included appliance manual was updated to the current version from 2022-02-25 (#PL-789).

21.04.12 (2022-01-31):

  • Greenbone OS:
    • Improvement: nginx was updated to version 1.20.2 to support configuring TLSv1.3 (#PL-735).
    • Minor improvement: the GOS administration menus Setup > Timesync, Setup > Remote Syslog and Setup > Time have been revised regarding the appliance time zone to avoid confusion (#PL-753).
    • Minor improvement: the included GSM manual was updated to the current version from 2022-01-31 (#PL-763).
    • Minor bugfix: an error was fixed where configuring a global gateway for a network interface that did not have an IP address assigned caused an errors in the logs (#PL-682).
    • Minor bugfix: for master-sensor setups, an error was fixed where the ED25519 host key could not be added for the IP address if a host name was chosen as the sensor’s address (#PL-740).
  • Vulnerability Management:
    • Minor improvement: the log messages “databases are already at the supported version” and “OSPd OpenVAS is still starting” have been changed from warnings to info messages (#AP-1864).
  • Vulnerability Scanning:
    • Bugfix: an error was fixed where tasks were not completed but were pending indefinitely (#SC-490).

21.04.11 (2022-01-04):

  • Greenbone OS:
    • Improvement: the Diffie-Hellman Ephemeral (DHE) key exchange algorithms were disabled for the default settings of the nginx web server as they are vulnerable to CVE-2002-20001 (#PL-729, #GSI-63, #GS-1148).
    • Improvement: the Diffie-Hellman Ephemeral (DHE) key exchange algorithms were disabled in all cases for the SSH service as they are vulnerable to CVE-2002-20001 (#PL-730, #GSI-63, #GS-1148).
    • Major bugfix: an error was fixed where running scans were either stopped or interrupted when changing the HTTPS timeout setting via the GOS administration menu (#PL-707).
    • Bugfix: an error was fixed where the command gvmd –rebuild did not finish, or ran in the background and was not caught by the upgrade system operation during a GOS upgrade (#PL-722).
    • Bugfix: an error was fixed where the GOS network manager failed to reload during a GOS upgrade (#PL-706, #GS-914).
    • Bugfix: an error was fixed where changing the HTTPS ciphers/protocols without using the setup wizard after upgrading to GOS 21.04 did not remove the self-check warning about ciphers/protocols (#PL-699).
    • Bugfix: an error was fixed where moving one or more network interfaces with a static IPv6 address from the management namespace to the scan1 namespace, or vice versa, did not work as intended (#PL-681).
    • Bugfix: an error was fixed where a vulnerability scan of GOS 21.04 reported “Missing Linux Kernel mitigations for ‘TAA – TSX Asynchronous Abort’ hardware vulnerabilities” (OID: 1.3.6.1.4.1.25623.1.0.108846) as a result (#PL-716).
    • Bugfix: an error was fixed where a vulnerability scan of GOS 21.04 reported “Missing Linux Kernel mitigations for ‘MDS – Microarchitectural Data Sampling’ hardware vulnerabilities” (OID: 1.3.6.1.4.1.25623.1.0.108840) as a result (#PL-717).
    • Minor improvement: the included GSM manual was updated to the current version from 2021-12-30 (#PL-734).
    • Minor bugfix: an error was fixed where the connection to the GSM was ended and a traceback error message appeared after uploading an HTTPS certificate that uses an unsupported Elliptic Curve Crypthography (ECC) algorithm (#PL-700).
  • Vulnerability Management:
    • Minor improvement: when a segmentation fault occurs in the gvmd service, a backtrace can now be written to the log file if the appropriate log levels are set (#AP-1820, #GS-849).
    • Minor improvement: the deprecated user setting Default Report Format was removed (#AP-1714).
  • Vulnerability Scanning
    • Bugfix: an error was fixed where a segmentation fault occured if openvas updated the VT info into the redis store from the VT files and no openvas_log.conf file existed (#SC-468).
    • Bugfix: an error was fixed where HTTPS certificates using Elliptic Curve Cryptography (ECC) were detected as using RSA cryptography (#SC-473).
    • Minor improvement: the function ssh_shell_read() was reworked for improved data retrieval. Previously, the function read the received data until a fixed buffer of 4096 was reached and then returned the data. Now the function receives the parameter “timeout” (#SC-452).

21.04.10 (2021-12-02):

  • Greenbone OS:
    • Improvement: for hardware appliances, the GOS kernel was updated to include a fix for CVE-2021-20322 (#PL-704).
    • Improvement: the Redis version was updated to include the DSA-5001-1 redis — security update (#PL-691).
    • Bugfix: an error was fixed where domains for SNMPD names containing hyphens were not accepted (#PL-695, #GS-747).
    • Bugfix: an error was fixed where data including rn instead of n used for line breaks caused wrong logging in the GOS log files (#PL-680, #GS-741).
    • Bugfix: an error was fixed where some verinice alert logs were ASCII encoded (#PL-685).
    • Minor improvement: to prepare for the next major release, the greenbone-security-assistant package was split into the packages greenbone-security-assistant and greenbone-security-assistant-daemon (#PL-698, #AP-1680).
    • Minor improvement: to prepare for the next major release, the ospd and ospd-openvas packages were merged into the ospd-openvas package (#SC-433).
  • Vulnerability Management:
    • Bugfix: an error was fixed where CVE scans got interrupted at 0 % (#AP-1727, #GS-661).
    • Bugfix: an error was fixed where reports with the report formats “Vulnerability Report PDF” and “Vulnerability Report HTML” were returned as empty files if a management IP address was set (#AP-1651, #PL-696, #GS-704, #GS-395, #GS-721)
    • Bugfix: an error was fixed where a PostgreSQL deadlock could occur when deleting or cloning a task (#AP-1506, #GS-149, #GS-163, #2021061710000033).
    • Minor bugfix: an error was fixed where the OSP parameters of ospd-openvas were passed on to other OSP scanners instead of their own parameters (#AP-1726).
    • Minor bugfix: an error was fixed where the texts under “Insight” and “Detection Method” in the result details on the web interface were not formatted correctly (#AP-1696, #AP-1005, #AP-1009).
    • Minor improvement: the process ID (PID) runtime directories of the gvmd and gsad services were separated, e.g., /run/gvmd for gvmd and /run/gsad for gsad (#AP-1789).
    • Minor improvement: if performance graphs are missing, an error message is now displayed (#AP-1478, #PL-537, #2021061010000046).
    • Minor improvement: the included GSM manual was updated to the current version from 2021-11-26 (#PL-709).
  • Vulnerability Scanning:
    • Extension: a functionality for getting the local and the remote MAC address of a target was added (#SC-382).
    • Extension: a functionality for forging frames on the local link layer (modifying the source and destination MAC addresses) was added (#SC-383).
    • Improvement: SSL/TLS failures are now only logged once per vulnerability test in order not to clutter the log messages (#SC-454, #GS-843).
    • Bugfix: two errors were fixed where the function isotime_add() did not work and returned an empty string/NULL, and where the function did not fill up missing seconds/minutes with zeros in the time format given to string2isotime() (#SC-455).
    • Minor bugfix: an error was fixed where the ENCAPS_TLSv13 definition was missing in nasl_init.c (#SC-453).

21.04.9 (2021-11-01):

  • Greenbone OS:
    • Improvement: the gvm-tools included in GOS have been updated to version 21.10.0 (#PL-684).
    • Minor improvement: information about the time synchronization (gsm-timesync) is now included in the Greenbone Support Package (#PL-672).
    • Minor improvement: the GOS copyright and licensing (“Advanced > Copyright and Licenses” GOS menu) was updated (#PL-656).
    • Minor improvement: the plug-in “NSIS Simple Service Plugin” was updated to version 1.30 and the plug-in “NSIS Simple Firewall Plugin” was updated to version 1.20 (#PL-242).
    • Major bugfix: an error was fixed where feed updates were not possible on sensor appliances (GSM 35 and GSM 25V) if triggered directly on the sensor (#PL-668).
    • Bugfix: to prevent errors, major GOS upgrades are now prevented if an invalid route 0.0.0.0/0 is configured (#PL-659, #GS-643).
    • Minor bugfix: an error was fixed where lcdproc.service exited abnormally with a non-zero return code when stopped during a shutdown/reboot (#PL-677).
    • Minor bugfix: an error was fixed where GOS upgrades from a retired to an end-of-life GOS version were not possible (#PL-664).
    • Minor bugfix: an error was fixed where it was possible to have multiple sensors with the same IP address or host name in the sensor list (#PL-125).
  • Vulnerability Management:
    • Bugfix: an error was fixed where resuming tasks directly after stopping them, or resuming tasks with the status “Interrupted”, caused the resumed task to be interrupted (#AP-1472).
    • Minor improvement: the included GSM manual was updated to the current version from 2021-10-26 (#PL-679).
  • Vulnerability Scanning:
    • Improvement: the two functions nasl_socket_ssl_do_handshake() (allows to do a re-handshake over an already established TLS/SSL session) and nasl_socket_check_ssl_safe_renegotiation() (do a status check over an already established TLS/SSL session to know if secure/safe renegotiation is supported or not) were added to the scanner (#SC-394).
    • Minor improvement: for TLS algorithms in scan results, the mapping of the detected algorithm IDs to their corresponding names was improved (#SC-417).
    • Bugfix: an error was fixed where scans of targets with subnet mask /16 and with multiple excluded networks were interrupted (#SC-350, #GS-280).
    • Bugfix: an error was fixed where scans of 32256 hosts caused “free(): invalid pointer” and were interrupted or stuck afterwards (#SC-229).
    • Bugfix: an error was fixed where the ospd scanner wrapper failed with a traceback, causing interrupted scans (#SC-369).

21.04.8 (2021-10-13):

  • Greenbone OS:
    • Major bugfix: an error for appliances with network namespaces was fixed where the listen address for the scan1 namespace was not added to /etc/dnsmasq.conf as expected resulting in the domain name resolution not working (#PL-661, #GS-645, #GS-651, #GS-655, #GS-657, #GS-659).
    • Bugfix: an error was fixed where the lock files /var/lib/openvas/feed-update.lock and /var/lib/gvm/feed-update.lock could only be opened with root permissions, resulting in subsequent errors (#PL-654, #PL-623, #SC-418, #GS-541).
    • Bugfix: an error was fixed where more VLANs than allowed could be created on appliances with more physical interfaces than expected (#PL-14, #PL-448).
  • Vulnerability Management
    • Minor improvement: the included GSM manual was updated to the current version from 2021-10-13 (#PL-665).

21.04.7 (2021-10-05):

  • Greenbone OS
    • Improvement: the self-check now also warns when there are problems with the services greenbone-security-assistant.service, greenbone-vulnerability-manager.service, gsm-pheme.service, ospd-openvas.service (#PL-115, #2020022610000025).
    • Improvement: a new configuration option to select between two Diffie-Hellman (DH) parameter options (2048 and 4096) was added to the „Setup > Services > HTTPS“ GOS menu (#PL-619).
    • Minor improvement: the sudo rule was expanded to allow ping commands in the scan1 namespace (#PL-641).
    • Minor improvement: a man page was created and added to gos-network-manager.service (#PL-286).
    • Bugfix: an error was fixed where the nginx self-check for a management IPv6 address failed (#PL-648).
    • Bugfix: an error was fixed where some keyboards of older generations were not recognized by the GSM 6400 (#PL-644).
    • Bugfix: an error was fixed where management IPv6 addresses were not displayed in nginx’s default file and the [::] address was used instead (#PL-638).
    • Bugfix: an error was fixed where GOS upgrades failed when a route was created for an interface, but no static IP address was set up. Routes are now only added if an IP address is set up for the same interface (#PL-573, #GS-178).
    • Bugfix: an error was fixed where GOS upgrades could fail if an IPv6 address was configured for the DNS server (#PL-635, #GS-487).
    • Bugfix: an error was fixed where global gateways could be entered as interface routes which caused errors in the network backend (#PL-588).
    • Bugfix: an error was fixed where dnsmasq failed to create a listening socket if IPv6 was enabled (#PL-81, #2019112110000011).
    • Bugfix: an error was fixed where dnsmasq failed to create a listening socket on GSM models without the network namespaces feature (#PL-589).
    • Bugfix: an error was fixed where interfaces where DHCPDISCOVER was active caused networking service, ansible and upgrade failures (#PL-79).
    • Bugfix: an error was fixed where the package apt-utils was missing during upgrades (#PL-394).
  • Vulnerability Management
    • Improvement: if a scan does not return any results, possible reasons for the missing results are now displayed on the report page (#AP-1032).
    • Minor improvement: The included GSM manual was updated to the current version from 2021-10-01 (#PL-650).
    • Bugfix: an error was fixed where some reports could not be imported into a container task (#AP-1641, #AP-1654, #GS-473, #GS-419).
    • Bugfix: an error was fixed where a user with minimal global permissions could create a ticket that could not be saved (#AP-1474, #GS-125).
  • Vulnerability Scanning
    • Improvement: the NASL function eregmatch() now returns all matches if the option find_all: TRUE is passed to the function (#SC-395).

21.04.6 (2021-09-08):

  • Greenbone OS:
    • Improvement: The configuration of the GOS nginx server was revised for better default security (#PL-560, #PL-590).
    • Improvement: A new configuration option to enable HTTP Strict Transport Security (HSTS) was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
    • Improvement: A new configuration option to enable Online Certificate Status Protocol (OCSP) stapling was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
    • Improvement: The feed data objects are now rebuilt during GOS feed updates and when upgrading to GOS 21.04.6 or later, if a feed import owner is set. This will automatically fix problems with these objects if they were corrupted in the database previously (#PL-632, #AP-1645, #AP-1646).
    • Improvement: the package openssl included in GOS was upgraded to version 1.1.1d-0+deb10u7 as the former version 1.1.1d-0+deb10u6 is vulnerable to CVE-2021-3711 and CVE-2021-3712 (#PL-614).
    • Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 21.04.6 or later, or when changing the “Feed Import Roles” setting (#PL-564).
    • Bugfix: A GSM master now pushes both APT feeds (for the current and previous GOS versions) to its sensors (#PL-594, #GS-271).
    • Bugfix: An error was fixed where sensors failed to get APT files via a feed push by the master (#PL-542, #GS-121).
    • Bugfix: An error was fixed where switching from a static IP address to an identical DHCP IP address removed the IP address until rebooting the GSM (#PL-590).
    • Bugfix: An error was fixed where a superfluous IPv6 address was assigned to a network interface, when using the new GOS network manager and IPv6 (#PL-578, #GS-182).
    • Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
    • Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
    • Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625).
    • Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
    • Bugfix: There were problems with the checksums of VTs when switching between GCF and GSF. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-605).
    • Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
    • Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
    • Bugfix: An error was fixed where empty performance graphs for deleted virtual interfaces in the management namespace were still shown on the web interface. After deleting a virtual interface, a reboot is required to remove the graphs (#PL-403, #2019032710000104).
    • Bugfix: An error was fixed where the HTTPS certificates of GSM TRIAL did not work (#PL-597).
    • Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
    • Minor improvement: The selfcheck menu texts for the GOS lifecycle states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
    • Minor improvement: The log /var/log/pheme/pheme.log is now included in the GOS Support Package (#PL-609).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-611).
  • Vulnerability Management:
    • Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
    • Bugfix: An error was fixed where targets with invalid port lists caused the Trashcan page to break (#AP-1581, #GS-205).
  • Vulnerability Scanning:
    • Improvement: A functionality was added to the scanner to initialize an FXP connection. Based on this functionality, vulnerability tests for SFTP detection can be implemented (#SC-376).
    • Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).
    • Bugfix: An error was fixed where the timeout preference for VTs could not be set with the gvm-tools included in GOS. Setting the timeout via the web interface was not affected by the bug (#SC-352).

21.04.5 (2021-08-02):

  • Greenbone OS:
    • Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
    • Bugfix: Importing HTTPS certificates with weak encryption, e.g. 1024-bit RSA, caused an error. To prevent the error and to improve security, it is now no longer possible to import such weak certificates (#PL-574, #GS-160).
    • Bugfix: When using the new network manager, configuring a VLAN with the ID 4094 caused an error (#PL-579, #GS-201).
    • Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
    • Bugfix: The GOS ansible tasks when restarting the ospd-openvas service could be executed in the wrong order (#PL-488).
    • Bugfix: Configuring scanner settings, e.g. “log_whole_attack”, while a scan was running caused several errors (#PL-230).
    • Bugfix: The maximum number of simultaneous SSH connections for GSM master-sensor setups has been increased (#PL-543).
    • Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
    • Minor improvement: A warning dialog is now shown when configuring a management IP for a DHCP-enabled network interface (#PL-457).
    • Minor improvement: The readability of LCD info messages for airgap feed updates has been improved (#PL-263).
    • Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
    • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-08-02 (#PL-568).
    • Minor bugfix: The labels for the GSM models 5300 and 6400 had minor display issues (#PL-524).
  • Vulnerability Management:
    • Improvement: The performance when managing tasks or audits with a large number of hosts has been improved (#AP-1432).
    • Improvement: The performance when adding a large number of results to reports has been improved (#AP-1495, #2021061710000033).
    • Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
    • Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
    • Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
    • Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
    • Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
    • Bugfix: In rare cases, the “Alerts” list page could not be displayed after upgrading to GOS 21.04 (#AP-1444, #2021052810000014).
    • Bugfix: When cloning an alterable task or audit, the clone is now also alterable (#AP-1425).
    • Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
    • Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
    • Bugfix: For VTs with a CVSS 3.1 severity, the CVSS origin and date information was not displayed in the web interface (#AP-1103).
    • Bugfix: For deprecated VTs, the deprecation information was not displayed in the web interface (#AP-1078).
    • Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
    • Minor improvement: The descriptions of charts in the web interface have been improved, and superfluous descriptions have been removed (#AP-1170).
    • Minor improvement: The placeholder text “GVM” in alerts has been replaced with “GSM” (#PL-494).
    • Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
    • Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
    • Minor bugfix: For VTs with references, the reference types were not displayed in the web interface (#AP-898).
  • Vulnerability Scanning:
    • Extension: Added a new experimental feature that allows the configuration of a second set of SSH credentials to gain elevated privileges on a target system, e.g. root. For a detailed description please refer to the GSM manual (PP-87).

21.04.4 (2021-07-12):

  • Greenbone OS:
    • Bugfix: Upgrading to GOS 21.04.3 on a GSM 400, 450, 600, 650, 5300, 5400, 6400 or 6500 showed a false positive integrity selfcheck problem (#PL-561).
    • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
    • Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
    • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-09 (#PL-562).

21.04.3 (2021-07-08):

  • Greenbone OS:
    • Bugfix: When using the new GOS network mode, user-defined routes are now created with the ‘onlink’ parameter as a fallback and only if the route creation fails without the parameter. This may solve some specific route creation errors (#PL-541).
    • Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
    • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-07 (#PL-558).
    • Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
  • Vulnerability Management:
    • Bugfix: If the trend of VT families in scan configs was set to include and activate new VTs automatically after a feed update, preferences for VTs in these families were not applied correctly. This could prevent the disabling of the brute force and default login checks for the “Full and …” configs, for example (#AP-1490, #2021061510000153).
    • Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476).

21.04.2 (2021-06-08):

  • Greenbone OS:
    • Bugfix: When using the new GOS network mode, the deletion of certain routes could fail (#PL-514, #2021052610000027).
    • Bugfix: When using the new GOS network mode, the configuration of a global gateway failed if it was located in another network and could only be reached via a user-defined route (#PL-529, #2021060410000012).
    • Bugfix: A false positive selfcheck warning could occur when switching to the new GOS network mode (#PL-445).
    • Bugfix: Beaming images could not be created if the network interface eth0 was not used (#PL-482, #2021051010000075).
    • Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
    • Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
    • Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, the file had the wrong permissions (#PL-476).
    • Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, it is now checked whether the file is a certificate file before processing it (#PL-475).
    • Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
    • Minor improvement: For the integrated web server, GZIP HTTP compression has been replaced by HTTP/2 compression (#PL-496, #2021051810000051).
    • Minor improvement: The postgres configuration file is now included in the GOS support package for debugging purposes (#PL-426).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-06-04 (#PL-528).
  • Vulnerability Management:
    • Improvement: The hash algorithm used for GVM user passwords has been updated from MD5 to SHA-512. Password hashes for new users will automatically use the new algorithm. Passwords hashes for existing users will be automatically updated using the new algorithm when a user logs in or when the password of a user is changed (#AP-1254).
    • Bugfix: The error “Whole-only families must include entire family and be growing” occured when editing and saving any “Full and …” scan config (#AP-1359, #2021052610000045).
    • Bugfix: Scans could get stuck if the target had a HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929).
    • Bugfix: In some cases reports could not be displayed in the web interface due to missing severity elements (#AP-1427, #AP-1434, #2021051010000011).
    • Bugfix: Overrides and notes could not be created directly from results (#AP-1353, #AP-1407, #2021052110000018).
    • Bugfix: When importing a GOS 20.08 backup with GMP scanners in GOS 21.04, the scanners would be migrated to OpenVAS scanners. They are now migrated to Greenbone Sensors as expected (#AP-1323).
    • Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
    • Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
    • Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
    • Minor bugfix: Saving schedules that had only a number as a name was not possible (#AP-933, #2021020210000087).
    • Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
    • Minor improvement: When creating a new scanner in the web interface, the default type is now “Greenbone Sensor” (#AP-1318).
    • Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
    • Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433, #2021051810000051).
  • Vulnerability Scanning:
    • Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215).
    • Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226, #2021051010000011).

21.04.1 (2021-05-19):

  • Greenbone OS:
    • Bugfix: When using the new GOS network mode, DHCPv6 and a Global Gateway with an IPv6 address at the same time, an error occured (#PL-450).
    • Bugfix: When using the new GOS network mode and a network route containing ‘::/0’, an error occured (#PL-468, #GS-41, #2021050710000189).
    • Bugfix: When using the new GOS network mode and DHCPv6, if all DHCP requests timed out, the network manager entered a failed state (#PL-397).
    • Bugfix: When using the new GOS network mode and saving IPv6 configuration changes, “Getting system network status failed” messages could appear in the logs (#PL-469, #GS-39).
    • Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
    • Bugfix: When restoring a USB backup with the network mode ‘gnm’, the mode was sometimes set to ‘default’ (#PL-431).
    • Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
    • Bugfix: On some GSM 35 appliances, the ‘gsm-hardware’ package was erroneously removed when upgrading to GOS 21.04, causing the appliances not to boot (#PL-464, #GS-29, #GS-35, #2021050510000058).
    • Bugfix: On the GSM TRIAL appliance, the ‘texlive-fonts-recommended’ package was erroneously removed with GOS 21.04.0, causing missing text in PDF reports (#PL-470).
    • Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
    • Bugfix: For the VPN feature, the deprecated ‘comp-lzo’ option has been disabled to prevent a traceback when uploading certain PKCS#12 files (#PL-455).
    • Bugfix: The feed or upgrade push from a GSM master appliance to a GSM sensor appliance could show a false positive error in the logs (#PL-486).
    • Minor improvement: The PKCS#12 file required for the VPN feature no longer needs to contain a certificate authority (CA) file. PKCS#12 files that contain only a certificate and a key can now be uploaded. In addition, a new GOS menu option to upload a single certificate authority (CA) file has been added (#PL-455).
    • Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
    • Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
    • Minor improvement: The notifications for the new GOS network mode have been made more detailed as well as easier to understand (#PL-454, #PL-466).
    • Minor improvement: Subject alternative name fields have been added to the remote syslog certificate generation menu (#PL-418).
    • Minor improvement: A subject alternative name has been added to the default HTTPS certificate of the GSM TRIAL (#PL-443).
    • Minor improvement: The subject alternative name fields for E-Mail and URI are now checked for correct input (#PL-409, #PL-410).
    • Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
    • Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
    • Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-05-17 (#PL-484).
  • Vulnerability Management:
    • Bugfix: For results of CVE scan reports, the result names were missing (#AP-1305).
    • Bugfix: Changing the result UUID of an existing note was not possible (#AP-1124).
    • Bugfix: Editing the RADIUS secret key in the web interface was not possible (#AP-1275).
  • Vulnerability Scanning:
    • Bugfix: When scanning targets with virtual hosts (vhosts), not all virtual host names were detected (#SC-194).

21.04.0 (2021-04-30):

  • Reports
    With GOS 21.04, two new report format are introduced: Vulnerability Report PDF and Vulnerability Report HTML.
    The new report formats are modern and clear in appearance and structure. They contain information about all vulnerabilities found.
  • CVSS
    With GOS 21.04, CVSS v3.0/v3.1 is supported. The extent of the CVSS v3.0/v3.1 support depends on the Greenbone Security Feed.
    However, VTs and CVEs may contain CVSS v2 and/or CVSS v3.0/v3.1 data. If a VT/CVE contains both CVSS v2 data and CVSS v3.0/v3.1 data, the CVSS v3.0/v3.1 data is always used and shown.
    The page CVSS Calculator now contains both a calculator for CVSS v2 and a calculator for CVSS v3.0/v3.1.
    The CVSS Base Vector shown in the details preview and on the details page of a VT can now be v2, v3.0 or v3.1.
    The table on the page CVEs now contains the entries Name, Description, Published, CVSS Base Vector and Severity. The CVSS Base Vector can be v2, v3.0 or v3.1. Clicking on the CVSS base vector opens the page CVSS Calculator. The input boxes of the corresponding calculator are already pre-filled.
  • Boreas Alive Scanner
    The Boreas alive scanner is a host alive scanner that identifies the active hosts in a target network. It was introduced with GOS 20.08, but was still optional. With GOS 21.04, the Boreas alive scanner is made default.
    In comparison to the port scanner Nmap that was traditionally used, the Boreas alive scanner is not limited regarding the maximum number of concurrently performed alive status scans and thus, faster. It is especially suitable for large network ranges with only a small number of active hosts.
  • Hardware Appliances
    With GOS 21.04, a new generation of Midrange hardware appliances is introduced.
    The new hardware now uses SSD-type hard drives instead of HDDs, which are 10 times faster and also quieter and lighter. There is also more hard drive space available. The RAM type is now DDR4 instead of DDR3, which makes the RAM much faster due to a higher clock rate (3200 MHz). There is also twice to four times as much RAM available. Additionally, a new, faster CPU of the latest generation has been installed.
    Additionally, the ports of the appliances changed from 6 ports GbE-Base-TX and 2 ports 1 GbE SFP to 8 ports GbE-Base-TX and 2 ports 10 GbE SFP+.
    The product names remain as they are.
  • Virtual Appliances
    The officially supported hypervisors for the virtual appliances are changed with GOS 21.04.
    The GSM EXA/PETA/TERA/DECA and 25V can be used with Microsoft Hyper-V, VMware vSphere Hypervisor (ESXi) and Huawei FusionCompute.
    The GSM CENO can be used with Microsoft Hyper-V and VMware vSphere Hypervisor (ESXi).
    The GSM ONE can be used with Oracle VirtualBox, VMware Workstation Pro and VMware Workstation Player.
    Additionally, GOS 21.04 supports the ARM instruction set on Huawei FusionCompute.
  • Scanning Through a VPN
    With GOS 21.04, OpenVPN is integrated in GOS to enable scanning through a Virtual Private Network (VPN).
    This feature is only available on virtual appliances of the Midrange Class. The VPN feature allows for targets that are reachable via the VPN tunnel to be scanned, but has no effect on other targets, network settings, or master-sensor connections.
    The VPN connection is configured and established via the GOS administration menu using the IP address of the VPN and a PKCS#12 file containing the necessary certificate authority, certificate, and private key files.
  • HTTPS
    The menus under Setup > Services > HTTPS > Certificate > Generate and Setup > Services > HTTPS > Certificate > CSR allow the configuration of a Subject Alternative Name (SAN).
  • Network Backend
    With GOS 21.04, the network configuration backend in GOS is improved. This prevents loss of connectivity in specific network setups as well as connection issues with SSH sessions.
    The GSM no longer needs to be restarted after specific network settings have been changed.
    The networking mode can be updated to the new mode gnm directly after upgrading to GOS 21.04. If the networking mode is not updated directly after upgrading, it can be changed in the new menu under Setup > Network > Switch Networking Mode.
  • Simultaneous Scanning via Multiple IP Addresses
    Some devices – especially IoT devices – may crash when scanned via several IP addresses at the same time. For example, this can happen if the device is connected via IPv4 and IPv6.
    With GOS 21.04, it is possible to avoid scanning via several IP addresses at the same time using the new setting Allow simultaneous scanning via multiple IPs when creating a target.
    The default of this setting is Yes and reflects the behavior of previous GOS releases.
Old Releases

2020-08-31: Greenbone OS 20.08

Latest Patch Level: 20.08.13 (2021-12-02)

Lifecycle Phase: Retired

20.08.13 (2021-12-02):

  • Greenbone OS:
    • Status: the lifecycle status of GOS 20.08 was set to “retired” for all GSM models. An upgrade notification will be displayed in the GOS self-check (#PL-710).
    • Minor bugfix: an error was fixed where it was not possible to upgrade from a retired to an end-of-life GOS version (#PL-664).
  • Vulnerability Management:
    • Minor improvement: the included GSM manual was updated to the current version from 2021-11-26 (#PL-713).

20.08.12 (2021-09-08):

  • Greenbone OS:
    • Status: The lifecycle status of GOS 20.08 was set to “end-of-life” (#PL-600).
    • Improvement: the package openssl included in GOS was upgraded to version 1.1.1d-0+deb10u7 as the former version 1.1.1d-0+deb10u6 is vulnerable to CVE-2021-3711 and CVE-2021-3712 (#PL-614).
    • Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 20.08.12 or later, or when changing the “Feed Import Roles” setting (#PL-564).
    • Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
    • Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
    • Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625, #GS-409).
    • Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
    • Bugfix: An error was fixed where the greenbone_signing_key.py integrity check failed after a GOS upgrade (#PL-591).
    • Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
    • Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
    • Bugfix: An error was fixed where empty performance graphs for deleted VLAN interfaces were still shown on the web interface. After deleting a VLAN interface, a reboot is also required to remove the graphs (#PL-403, #2019032710000104).
    • Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
    • Minor improvement: The selfcheck menu texts for the states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-612).
  • Vulnerability Management:
    • Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
  • Vulnerability Scanning:
    • Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).

20.08.11 (2021-08-02):

  • Greenbone OS:
    • Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
    • Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
    • Bugfix: To prevent errors and improve security, it is no longer possible to upgrade to GOS 21.04 if a HTTPS certificate with weak encryption, e.g. 1024-bit RSA, is used (#PL-574, #GS-160).
    • Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
    • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
    • Bugfix: The maximum number of simultaneous SSH connections for sensors has been increased (#PL-543).
    • Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
    • Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
    • Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
    • Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
    • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-30 (#PL-578).
  • Vulnerability Management:
    • Improvement: The performance when adding a large number of results to reports during scans has been improved (#AP-1495, #2021061710000033).
    • Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
    • Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
    • Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
    • Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476, #2020010310000016, #2021061810000022).
    • Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
    • Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
    • Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
    • Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
    • Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
    • Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
    • Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
    • Minor bugfix: For VTs with references, the reference type was not displayed in the web interface (#AP-898).

20.08.10 (2021-06-08):

  • Greenbone OS:
    • Bugfix: When upgrading to GOS 21.04, recommended system packages are no longer removed (#PL-471).
    • Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
    • Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
    • Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
    • Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
    • Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
    • Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
    • Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
    • Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
    • Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
    • Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-06-04 (#PL-527).
  • Vulnerability Management:
    • Improvement: The hashing algorithm used to hash GVM user passwords has been updated from MD5 to SHA-512. Passwords for new users will automatically use the new algorithm. Passwords for existing users will be changed automatically, if the user logs in, or if the password for the user is changed (#AP-1254).
    • Bugfix: Scans could get stuck if the target had an HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929, #2021020110000034).
    • Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
    • Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
    • Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
    • Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
    • Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
    • Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433).
  • Vulnerability Scanning:
    • Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215, #2021042810000043).
    • Bugfix: If the Boreas alive scanner was enabled, scanning targets with virtual hosts (vhosts) did not detect all virtual hostnames (#SC-194).
    • Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226).

20.08.9 (2021-05-03):

  • Greenbone OS:
    • Extension: The upgrade path to the next major GOS release, GOS 21.04, has been unlocked for all supported GSM models. Several requirements apply, for details see the GOS 21.04 manual (#PL-172, #PL-223, #PL-417).
    • Improvement: The data-objects (scan configs, report formats, port lists) of the next GOS version will now be automatically downloaded during feed updates. This improves useability when upgrading to the next major GOS release (#PL-388).
    • Bugfix: When restoring a GOS 6 backup in GOS 20.08, some GOS 20.08 database extensions were not installed correctly, which could cause subsequent SQL errors (#PL-356, #PL-381, #2021030910000036).
    • Bugfix: When restoring a backup, the GVM credential encryption key could be duplicated in some cases, making the credentials no longer accessible (#PL-343, #2021031810000055).
    • Bugfix: When restoring a backup, the incron service could fail in rare cases (#PL-366).
    • Bugfix: On GSM appliances with the network namespaces feature a segmentation fault for the collectd service occured, if network interfaces were moved to the scan namespace (#PL-400).
    • Bugfix: When importing a backup or beaming image with the network state ‘gnm’, the state was sometimes set to ‘default’ (#PL-275, #PL-431).
    • Bugfix: An issue with the collectd service has been fixed. Symptoms that could occur were missing performance data in the web interface for network interfaces in the scan namespace, and warning messages during the GOS boot process (#PL-196, #PL-216).
    • Bugfix: The GOS installer did not recognize flash cards with 16 GB capacity included in some newer GSM appliances (#PL-412).
    • Minor bugfix: The wording of some GOS menu dialogs has been changed so that failed GOS upgrades are no longer referred to as successful and a reboot is no longer recommended in such a situation (#PL-326).
    • Minor improvement: When importing a beaming image, a size check of the image is now done to see if there is enough hard disk space to process the image (#PL-322).
    • Minor improvement: The error messages for the beaming feature have been improved, making it easiert to understand why an error occured (#PL-404).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-05-03 (#PL-444).
    • Minor improvement: The error message when a NVT rebuild fails due to a hash value mismatch has been improved (#AP-1094).
  • Vulnerability Management:
    • Improvement: A retry option has been added for master-sensor connections in case the connection is temporarily lost due to network problems. The master will attempt to reconnect 3 times before the scan task is set to “Stopped” (#AP-1126).
    • Bugfix: CVE scans could return no or less results for hosts that were also the target of an ongoing vulnerability scan (#AP-848, #2021010510000074).
    • Bugfix: The alert condition ‘Severity at least’ did not work (#AP-1053, #2021020210000096).
    • Minor bugfix: A case where the Greenbone Vulnerability manager could fail when no report formats were present on a system has been fixed (#PL-331).
    • Minor bugfix: A problem with the “NOT” operator of the powerfilter has been fixed (#AP-962).
    • Minor bugfix: A case where new lines were erroneously removed from the “Detection Method” section of a result has been fixed (#AP-1005).
    • Minor improvement: It is now possible to create targets with underscore characters (“_”) in their hostnames (#AP-1112).
  • Vulnerability Scanning:
    • Bugfix: If excluded hosts were not part of the hosts to be scanned, the scan progress was calculated incorrectly, causing interrupted scans (#SC-33).
    • Bugfix: A case with the reverse_lookup_only preferences causing interrupted scans has been fixed (#SC-183, #2021031710000048).
    • Bugfix: A problem with the logging of the scanner that could cause interrupted scans has been fixed (#SC-23).
    • Minor improvement: Some miscellaneous improvements against interrupted scans have been added (#SC-27, #2021022410000054).
    • Minor improvement: The log messages have been improved for the case that a scan was started via a network source interface that has no IP configured and failed (#SC-22).

20.08.8 (2021-03-18):

  • Greenbone OS:
    • Improvement: The RAM limits for the GSM ONE and 25V appliances have been increased to 6 GB (#GPE-67).
    • Improvement: The gvm-tools included in GOS were updated to version 21.1.0 (#GPE-45).
    • Improvement: A GOS menu option to migrate all GMP sensors to OSP sensors has been added. The option will migrate the sensor configuration in GOS as well as in the web interface (#GPE-70).
    • Bugfix: If the Remote Syslog service was enabled, upgrades from GOS 6.0 to GOS 20.08.7 failed (#GPE-49, #2021021910000028, #2021021810000075, #2021021810000084).
    • Bugfix: If the HTTP Strict Transport Security (HSTS) functionality was enabled, upgrades from GOS 6.0 to any version of GOS 20.08 failed (#GPE-66, #2020121610000052).
    • Bugfix: Testing the configuration of a remote backup server added the public SSH key of its IP address without a new line to the SSH known hosts, causing subsequent connections to fail (#GPE-48, #202102221000002).
    • Bugfix: The logging of airgap feed updates on airgap sensor appliances failed partially (#GPE-69).
    • Bugfix: When importing a beaming image from a different GOS version, the migration of the SCAP database could fail (#GPE-71).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-03-18 (#GPE-44).
    • Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
  • Vulnerability Management:
    • Bugfix: Invalid references in NVTs could cause database errors, resulting in missing NVT reference data. All NVT references are now validated before they are processed (#GPE-57).
    • Bugfix: Clicking hyperlinks to operating system assets in the web interface could cause an error in some cases (#GPE-34, #2021020210000069).
    • Bugfix: Scan tasks on GMP sensors failed if the same task was started multiple times on the master, or if they were not properly removed from the sensor after completion and then started again on the master. Timestamps are now added to GMP sensor task names to prevent this issue (#GPE-59, #2020101410000051).
    • Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used. The web interface has been adjusted to always show port 22 now (#GPE-51, #2021022610000014).
    • Minor improvement: The error messages when requesting invalid SecInfo items via the GMP API were improved (#GPE-58).
  • Vulnerability Scanning:
    • Bugfix: Scanning a target with an underscore character (“_”) in its hostname resulted in an interrupted scan (#GPE-32, #2021011110000035).
    • Bugfix: Scanning a single, unreachable target resulted in an interrupted scan (#GPE-65).
    • Minor improvement: The logging of interrupted scans was improved for debugging purposes (#GPE-25).

20.08.7 (2021-01-25):

  • Greenbone OS:
    • Improvement: A 8 GB SWAP partition was added for the virtual midrange appliances GSM DECA, TERA, PETA, and EXA (#GPE-3).
    • Bugfix: The GOS menu option “Setup > Master > Sensor > Test all sensor connections” caused a traceback in GOS 20.08.6 (#GPE-6, #2020120310000059).
    • Bugfix: The GOS menu option “Setup > Feed > Synchronization” caused a traceback in GOS 20.08.6 (#GPE-24, #2021010810000014, #2021011210000088).
    • Bugfix: Upgrading to GOS 20.08.6 showed a false-positive warning for the hostkey integrity check (#GPE-20, #2020120110000071).
    • Minor improvement: The output of the GSM integrity check is now included in the GOS support package for debugging purposes (#GPE-10).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-01-21 (#GPE-28).
    • Minor bugfix: The GOS CPU and RAM limits for the GSM ONE and 25V appliances have been corrected to match the VM specifications (#GPE-22).
    • Minor bugfix: The GOS state variable “report_results_threshold” was missing in GOS 20.08 (#GPE-27).
  • Vulnerability Management:
    • Bugfix: If an attempt was made to delete the “Feed Import Owner” user and the deletion failed, all “data-objects-via-feed” report formats became unusable (#GPE-4, #2020111110000027).
    • Bugfix: A memory leak in the manager service when handling the scan progress was fixed (#GPE-7).
    • Bugfix: A problem where data-objects-via-feed scan configs could not be created due to vulnerability tests not having a family was fixed. Scan configs are now created in all cases and updated once the vulnerability test family information becomes available (#GPE-14).
    • Bugfix: It was not possible for super admin users to save changes to their own user settings. Most settings can now be changed and saved, with the exception of the user name (#GPE-15).
    • Minor improvement: For host assets with TLS certificates a direct link to the certificate was added on the host detail page. The link can be found in the upper left menu bar (#GPE-12).
    • Minor bugfix: The alert condition “Condition: Severity level changed” was erroneously displayed as “Severity level increased” on the alert list page (#GPE-11).
    • Minor bugfix: Creating permissions for an object without related resources displayed an erroneous menu option (#GPE-13).
    • Minor bugfix: German “Umlaut” characters are now supported in the Business Process Map (#GPE-8).
  • Vulnerability Scanning:
    • Bugfix: Modifying the mtime of a vulnerability test plugin file could bypass the signature check when the scanner loaded the file. With the fix, an error is now logged and the file is not loaded (#GPE-1, ##2020100610000011).
    • Bugfix: When running SNMP-related vulnerability tests, the scanner could return unexpected strings or an incomplete response (#GPE-5).
    • Minor improvement: The SSH timeout can now be configured by vulnerability tests. If no configuration is provided, the default of 10 seconds will be used (#GPE-17).

20.08.6 (2020-11-30):

  • Greenbone OS:
    • Extension: Alerts and Schedules are now available on the GSM ONE (#152653).
    • Improvement: The gvm-tools included in GOS were updated to version 20.10.1 (#150912).
    • Improvement: To prevent problems, major GOS upgrades are no longer possible if there is not enough storage space left for the database migration (#147578).
    • Improvement: If the Greenbone Feed Signing Key, which is required for the validation of GOS upgrades, is expired, upgrades are no longer possible instead of failing. For a solution, contact Greenbone Networks Support (#93687, #148007).
    • Bugfix: During a master-sensor feed update, not all NVTs were updated on the sensor in some cases (#150662, #2020101910000051).
    • Bugfix: The GOS system integrity check could report a false positive warning after a GOS backup was restored (#147070).
    • Bugfix: The LCD display service could sometimes fail on GSM models 5300 und 6400 (#136798, #2020032710000049).
    • Bugfix: During the first time setup wizard, the feed server is no longer contacted twice in rapid succession. This could cause problems in combination with the Greenbone Community Feed server. Users of the Greenbone Security Feed Server were not affected (#120005).
    • Bugfix: SSH keys of the types ‘rsa-sha2-256’ and ‘rsa-sha2-512’ are now supported (#150121, #2020101910000069).
    • Minor bugfix: The spelling and usability of the GOS administration menu have been improved (#101818, #103537, #123181, #144657, #150664, #2019062610000057).
    • Minor bugfix: Uninstalling the gsm-debug meta-package did not uninstall all contained packages (#147286).
    • Minor bugfix: The collected service could generate excessive, but harmless log messages (#68977).
    • Minor improvement: The full GOS version including the current patch level is now shown on the GOS login screen (#116817).
    • Minor improvement: If no SSH host keys exist, they will now be re-created when enabling the SSH service (#149548).
    • Minor improvement: A command line setting to configure the timeout of SCP alerts has been added (#144727).
    • Minor improvement: Help texts have been added for running the GOS integrity check via the command line (#146804).
    • Minor improvement: All files included in the Greenbone Support Package are now non-hidden by default (#81612).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-11-30 (#152775).
  • Vulnerability Management:
    • Improvement: The alert condition ‘[Filter] matches at least [x] result(s) NVT(s)’ has been added (#148607, #2020092310000036).
    • Improvement: When editing a ‘Username + SSH Key’ credential, the correctness of the password is now verified (#112159).
    • Bugfix: Deleting and then re-downloading a scan config that had all NVTs of a family selected, e.g. ‘Full and very deep’, caused that family to have no NVTs selected (#150579, #2020102210000053, #2020102610000019)
    • Bugfix: If a IP addresses of target hosts were configured with a leading zero in an octet, e.g. ‘192.168.50.010’, the maximum number of hosts was calculated incorrectly, and vulnerability scans could fail (#151801, #2020111010000029).
    • Bugfix: If a target credential cannot be decrypted, an unauthenticated vulnerability scan without a credential will now be run against the target. Previously, the scan would remain in the status ‘Requested’ indefinitely (#149549).
    • Bugfix: For SCP alerts the handling of usernames and destination paths has been improved in combination with Windows systems. In addition, a configurable timeout has been introduced for the SCP alert to prevent it from running indefinitely in some situations (#144727, #2020071610000044).
    • Bugfix: It was not possible to delete a web user, if the user owned TLS certificates, and no inheriting user was provided (#149652, #2020101410000078).
    • Bugfix: When deleting a web user, web interface settings will no longer be inherited. This will prevent settings of the inheriting user from being overwritten (#149652, #2020101410000078).
    • Bugfix: It was not possible to delete orphaned permissions in all cases (#150186, #2020102110000019).
    • Bugfix: The verification of ports and port ranges when editing a port list has been improved (#149776).
    • Bugfix: The ‘scan_nvt_version’ XML tag in XML reports was empty erroneously (#150569, #2020102210000071).
    • Bugfix: Moving a data object via feed scan config or policy to the trashcan generated excessive, but harmless log warnings (#149299, #2020100710000046).
    • Bugfix: Two SQL errors that could occur when rebuilding the SCAP or CERT databases have been fixed (#151175).
  • Vulnerability Scanning:
    • Bugfix: If a host name in a list of target hosts could not be resolved, scans could fail with the status ‘Interrupted’ (#150988, #2020102810000033).
    • Bugfix: When configuring a target IP with a subnet mask of less than /24, addresses ending in ‘.0’ are now supported (#150990).
    • Bugfix: When the host name resolution of a target resolved it to more than one IP address, the scan progress bar percentage could show ‘100%’ even though the scan was still in progress (#149349).
    • Bugfix: For scans with a SNMP credential, the SNMP community ‘None’ was erroneously used when configuring no community. An empty string is now used to assure that no community will be used (#149649).

20.08.5 (2020-10-15):

  • Greenbone OS:
    • Bugfix: Activating DHCPv6 could cause an error (#149180).
    • Bugfix: GOS upgrades did not stop as expected, if the packages to be upgraded could not be verified. An empty upgrade was applied in this case (#149212).
    • Bugfix: Vulnerability scans could erroneously show missing ‘iTLB multihit’ Linux kernel mitigations for GOS. Since no virtualization is in use, the system was and is always protected by the kernel unconditionally (#146845).
    • Minor bugfix: During feed updates, cosmetic known hosts warnings for the IP address ‘172.30.2.22’ appeared (#146729, #2020100210000028)
    • Minor improvement: The postgres database migration during GOS upgrades has been improved (#148526).
    • Minor improvement: To prevent problems, major GOS upgrades are no longer possible if a global gateway is used, but no global gateway interface is configured (#147418).
    • Minor improvement: The warning text displayed if a GOS upgrade is blocked has been updated (#148006).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-10-15 (#149706).
  • Vulnerability Management:
    • Bugfix: The Scans > Vulnerabilities page in the web interface could fail to load due to an error (#143484).
    • Bugfix: A database deadlock could occur if changing the feed import owner and browsing scan results at the same time (#146803).
    • Bugfix: The ‘Auto Delete Reports’ functionality did not work on GSM models that do not support schedules (#133136, #2020020310000041).
    • Bugfix: The advanced task wizard in the web interface no longer offers to create a schedule on GSM models that do not support schedules (#147660, #2020091010000122).
    • Bugfix: The number of hosts shown per operating system on the Assets > Operating Systems page included operating systems for which the user did not have permissions to view (#140467).
    • Bugfix: When changing the name or comment of a scan configuration or a policy that was in use, an erroneous warning was displayed (#120605, #147669).
    • Bugfix: Filters attached to SecInfo alerts could not be edited and saved (#109311, #2020081710000022, #202008171000002).
    • Bugfix: The placeholder ‘$U’ did not work for e-mail alerts (#148533, #2020092310000036).
    • Bugfix: Saving invalid values for the ‘Rows Per Page’ setting in the ‘My Settings’ menu is now prohibited, and corresponding tooltips have been implemented (#148529).
    • Bugfix: The deprecated ‘SecInfo’ filter setting has been removed from the ‘My Settings’ menu (#149179, #2020100510000031).
    • Bugfix: TLS certificates from container tasks, or belonging to other users, could not be downloaded even with permissions (#148892, #2020092810000081).
    • Bugfix: TLS certificates downloaded via the web interface could not be re-uploaded via the API (#125191).
    • Minor improvement: The tooltip for override indicators on result details pages in the web interface has been improved (#146799).
  • Vulnerability Scanning:
    • Bugfix: SNMPv3 authentication for vulnerability scans failed, if no SNMP community was configured, even though the SNMP community is not relevant for SNMPv3 (#148611).
    • Bugfix: Vulnerability scans failed, if a scan configuration or policy without any NVT preferences was used (#148894).
    • Minor improvement: The error handling for WMI queries has been improved. Previously the logging was too verbose and included events that were not errors, but expected behaviour (#125438).

20.08.4 (2020-09-23):

  • Greenbone OS:
    • Extension: The former ‘Greenbone Community Edition’ virtual appliance has been updated to GOS 20.08 and renamed to ‘GSM TRIAL’ (#148403).
    • Bugfix: Virtual GSM appliances with EFI/UEFI boot mode could fail to boot after being exported or cloned (#148262).
    • Bugfix: The ‘GSM Installation and Rescue’ GRUB option did not boot the GOS installer as expected (#148530).
    • Bugfix: The USB power management on GSM hardware appliances could consume excessive CPU time (#147583).
    • Bugfix: The verification of a downloaded flash image would always fail (#147878).
    • Bugfix: Sensor scans via a proxy could fail for OSP sensors (#147582).
    • Minor bugfix: The GOS version was not displayed correctly in the GOS installer (#147658).
    • Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148266).
    • Minor improvement: The description of the ‘Setup > Services > SNMP’ menu has been extended, it now includes a warning that saving SNMP configuration changes will stop all running scans (#148479).
    • Minor improvement: A warning has been added when using the command ‘su’ incorrectly in the Greenbone OS command line administration (#147666).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-22 (#147872).
  • Vulnerability Management:
    • Improvement: For Compliance Audits, the base colouring of all non-compliant audit status has been adjusted to red. This way, non-compliant audits can be identified much quicker, for example, a 0% compliant audit status will now be always shown in red (#147577).
    • Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147870).
    • Minor bugfix: On Schedule and Report Format details pages in the web interface, the ‘Move to trashcan’ button was incorrectly shown as a ‘Delete’ button (#147936).
  • Vulnerability Scanning:
    • Improvement: Experimental TLS 1.3 support has been enabled for the OpenVAS vulnerability scanner (#145963).
    • Improvement: Experimental SNMPv3 support has been enabled for the OpenVAS vulnerability scanner (#57662).
    • Bugfix: Stopping a vulnerability scan could fail in some cases (#147124).

20.08.3 (2020-09-10):

  • Greenbone OS:
    • Bugfix: GOS could not be installed with EFI/UEFI boot mode on VirtualBox 6.1.14 or later (#147300).
    • Bugfix: If no network interface as assigned to the global gateway, upgrades from GOS 6.0 failed (#147215, #2020090410000018, #2020090710000012, #2020090710000067, #2020090710000101).
    • Bugfix: The package ncat was erroneously removed when upgrading to GOS 20.08 (#147574).
    • Bugfix: Feed updates via proxy could fail on GSM models 35 and 25V (#147437).
    • Bugfix: Removed an unnecessary menu option to configure the sensor protocol for GSM modes 35 and 25V. These appliances will always use the OSP protocol (#147301).
    • Minor bugfix: Reduced the amount of error messages when the feed import owner had been set, but no feed was present on the system. These error messages were expected and are harmless (#147303).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-10 (#147570).
  • Vulnerability Scanning:
    • Bugfix: Only the default alive test method was applied (#147302, #2020090810000038).

20.08.2 (2020-09-07):

  • Greenbone OS:
    • Extension: EFI/UEFI boot mode has been implemented for all virtual GSM appliances shipped with GOS 20.08.2 or later (#147079).
    • Improvement: The GOS upgrade functionality has received several internal improvements and fixes (#147130).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-07 (#147129).

20.08.1 (2020-09-03):

  • Greenbone OS:
    • Bugfix: The settings ‘Management IP (v4)’ and ‘Management IP (v6)’ were not applied (#147079).
    • Bugfix: GOS upgrades no longer fail if the system integrity is compromised. However, after the upgrade, a system integrity warning will be displayed (#147125).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-03 (#146861).
  • Vulnerability Management:
    • Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#146855).
  • Vulnerability Scanning:
    • Bugfix: In rare cases stopping a scan task could cause system instability (#146802).

20.08.0 (2020-08-31):

    • Scan Queueing: To prevent scans from overloading the system and from starting at an inappropriate time (e.g., during a feed update), a scan queue management has been introduced. Scan tasks are only started if sufficient system resources are available. The available resources depend on the GSM model, the GOS version used, and the current workload of the system. If too many tasks are started and running at the same time and not enough resources are available, scans are added to a waiting queue. A new status bar “Queued” has been introduced.
    • Performance Improvements: Due to scan queueing as well as other architecture improvements, the number of scans that can be run simultaneously has been increased in GOS 20.08 when compared to GOS 6.0. On a GSM 400 we measured more than twice the capacity with GOS 20.08 in comparison to GOS 6.0.
    • Data Objects via Feed: With GOS 20.08, scan configurations, compliance policies, report formats, and port lists by Greenbone Networks will be distributed via the Greenbone Security Feed. This allows for direct updates of existing objects, and for the publication of new scan configurations, compliance policies, etc. for current, hot NVTs. In addition, users will not need to manually download additional files from the Greenbone website anymore.
    • Beaming: Beaming makes it possible to copy the current state of a GSM to another GSM. The data may be transferred directly and securely from one GSM to another, or it may be saved for a later transfer. The data includes all user data (e.g., tasks, reports, results) and – optionally – system settings, i.e., the GOS configuration. Beaming makes it much easier to upgrade from one GSM model to another while still keeping all previous data.
    • Business Process Map:The Business Process Map (BPM) can be used to illustrate the impact of collected scan results on a business. Each process has assigned hosts and will be highlighted based on the highest severity of these hosts. This way, it is possible to see the vulnerability of processes and their impact on any linked processes at a glance, determining the risk to the company based on the location of a host within the process chain.
    • Updated Feed Status Page: The feed status page of the web interface has received several improvements. The status of the objects that are distributed via the feed (scan configurations, compliance policies, port lists and report formats) is now included in the table. In addition, the feed status page now shows if a feed update is in progress.
    • Start Task via “New SecInfo” Alert: Starting a task automatically after a feed update is now possible. This feature unlocks the combination of a “New NVTs/CVEs/CPEs…” alert event and the “Start Task” alert method in the web interface.
    • GOS Backup Compatibility Checks: The Greenbone Operating System (GOS) now checks whether a backup is suitable before restoring the backup. Unsuitable backups cannot be restored, and warnings may be displayed. This feature prevents errors when restoring backups.
    • Comprehensive Update of the Base System: For GOS 20.08, the underlying Linux foundation of GOS was updated to the latest version.

2019-10-31: Greenbone OS 6.0

Latest Patch Level: 6.0.15 (2021-02-22)

Lifecycle Phase: Retired 2021-02-22

6.0.15 (2021-02-22):

  • Greenbone OS:
    • Status: Set the release status to “retired” for all GSM types with GOS 6.0. An upgrade notification will be displayed in the GOS selfcheck (#157074).
    • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157073).

6.0.14 (2020-09-23):

  • Greenbone OS:
    • Improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if there is not enough storage space left for the database migration (#147423).
    • Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148265).
    • Minor improvement: The warning text displayed if an upgrade to GOS 20.08 is blocked has been updated (#148005).

6.0.13 (2020-09-16):

  • Vulnerability Management:
    • Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#147938).
    • Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147938).

6.0.12 (2020-09-03):

  • Greenbone OS:
    • Bugfix: The upgrade to GOS 20.08 caused an error for hardware GSM appliances with active settings ‘Management IP (v4)’ or ‘Management IP (v6)’ (#146930, #2020090210000012, #2020090210000058, #2020090210000031).

6.0.11 (2020-08-31):

  • Greenbone OS:
    • Extension: The upgrade path to GOS 20.08 has been unlocked for all GSM models (#131625).
    • Bugfix: The GOS upgrade functionality has received several fixes and improvements (#143826, #144927).
    • Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, now require a reboot before being started, if another upgrade, such as the upgrade to GOS 6.0.11, was run immediately before (#146857).
    • Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if the the ‘gsm-debug’ package is installed (#144929).

6.0.10 (2020-07-30):

  • Greenbone OS:
    • Bugfix: The ‘Max email size’ setting in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143124).
    • Minor improvement: The installation history of all installed GOS versions, starting with version 6.0.10, is now included in the GOS support package (#134537).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#143155).
  • Vulnerability Management:
    • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
    • Bugfix: The ‘Solution’, ‘Summary’, ‘Insight’, ‘Affected Software/OS’, ‘Impact’, and ‘Detection Method’ NVT details could not be filtered (#143748, #2020071010000055).
    • Bugfix: The ‘Vulnerable Products’ could disappear from CVE detail pages during loading (#142986).
    • Bugfix: Reference identifiers on CVE detail pages were missing (#142987).
    • Bugfix: The ‘Published’, ‘Last updated’, ‘Modified’, and ‘ID’ information on CVE detail pages was missing (#143743).
    • Bugfix: ‘GCR PDF’ reports did not include compliance details (#143858, #2020071410000011).
    • Bugfix: The ‘Dashboards’ page could fail to load in rare cases (#131921, #2020013110000035, #2020070110000116).
    • Minor bugfix: The ‘XML’ and ‘Anonymous XML’ report formats had a interchanged description (#143812).
    • Minor improvement: The NVT rebuild of the manager now also rebuilds the NVT preferences. This removes any deprecated NVT preferences (#143852).
  • Vulnerability Scanning:
    • Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143315).

6.0.9 (2020-06-29):

  • Greenbone OS:
    • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#134852, #142326, #2020030410000065, #2020031810000039).
    • Bugfix: The GOS setup could fail in rare cases (#142487).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-06-27 (#143122).
  • Vulnerability Management:
    • Bugfix: CVEs that were removed during a feed update were not removed from the database in some cases, resulting in an incorrect number of CVEs and incorrect CVE <-> CPE references. The corresponding database is now rebuilt during each GOS 6.0 upgrade to ensure the correct data (#140008).
    • Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140464, #2020051910000015).
    • Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129752).
    • Bugfix: GSR HTML reports sometimes failed to load (#129078, #2020011410000095, #2020011710000026, #2020020510000038, #2020021710000033, #2020021710000168).
    • Bugfix: GSR HTML reports generated with GOS 6.0 did not include CVE nor CPE references (#137200, #2020040110000051).
    • Bugfix: Filtering a GSR HTML report using IPv4 addresses did not work correctly (#140620).
    • Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#129221).
    • Bugfix: The ‘Auto Cache Rebuild’ setting can cause a duplicate entry in the database. This could cause scans to freeze. Scans now work correctly even if this duplicate entry is present (#140255, #2020050810000045).
    • Bugfix: Tasks with an ampersand character (‘&’) in the task name caused an error if they were run on a GSM sensor (#141858).
    • Bugfix: ‘All SecInfo’ page contents could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#141867).
    • Minor bugfix: The number of hosts in the ‘Vulnerabilities’ section of GSR HTML reports was always ‘1’ (#131036).
    • Minor bugfix: Long result texts in GSR HTML reports were missing line breaks (#131689, #2019041710000041).
    • Minor improvement: GSR HTML reports now include notes (#107465, #2019011010000023)
  • Vulnerability Scanning:
    • Improvement: Scans can now be started at all times irregardless of feed updates. Since scans and feed updates may not occur at the same time, the feed update will now be postponed until all scans are finished. Scans that are started while a feed update is pending will use the older feed version. A warning message will be added to the scan reports and system logs, if a scan uses such an outdated feed version (#140411, #2020043010000031, #2020060910000112).
    • Minor bugfix: The CIDR address validation of target hosts has been improved further (#141308).
    • Minor improvement: The handling of scan preferences in Redis has been improved (#141193).

6.0.8 (2020-05-25):

  • Greenbone OS:
    • Bugfix: The available system memory (RAM) was lower than expected due to a ‘PCI hole’ problem, this has been corrected for all affected GSM appliances (#137862, #2020042410000016, #2020042810000027, #2020042910000043, #2020010210000018, #2020050710000038).
    • Bugfix: The upgrade path from GOS 4.2 to GOS 6.0.7 failed on GSM master appliances that had sensors configured (#140182, #2020051310000017).
    • Bugfix: A timeout for the feed update lockfile functionality from GOS 6.0.7 has been added to prevent processes potentially waiting infinitely to aquire the lockfile (#139495).
    • Bugfix: Airgap feed updates in progress now also take the feed update lockfile functionality from GOS 6.0.7 into account (#137870).
    • Bugfix: The keyboard layout selection was not applied sporadically (#139724).
    • Minor improvement: Added the dmidecode package to GOS, and added the dmidecode output to the Greenbone Support Package (#138961).
    • Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898).
    • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129755).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-18 (#138576).
  • Vulnerability Management:
    • Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132428).
    • Bugfix: The Quality of Detection (QoD) was set to 75% for Results gathered by a GSM sensor (#138692, #2020051510000068).
    • Bugfix: The ‘Deny all and allow’ hosts setting for a user had no effect (#132302).
    • Bugfix: The ‘Scanner’ setting was not available when configuring an Audit (#135118, #2020031010000035).
    • Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#134697).
    • Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132655).
    • Bugfix: The hyperlink to the NVT family ‘Windows : Microsoft Bulletins’ was always incorrect (#132577).
    • Bugfix: The ‘Audit visible to’ indicator was not shown in all expected cases (#136111).
    • Bugfix: OVAL definitions were duplicated in rare cases (#128163).
    • Bugfix: The placeholder ‘%F’ did not work in the Report Export Filename setting (#134768).
    • Minor bugfix: The counters on a Report details page switched between zero and the actual value when a scan is running (#131731, #131096)
    • Minor bugfix: The warning when triggering an Alert for a Report that is above the results threshold did not include the results threshold (#138573).
    • Minor bugfix: If the New/Edit Credential dialog was opened from another dialog, credential error messages were not shown as expected (#128599).
    • Minor bugfix: The Errors tab in Report details was missing information (#134698, #2020022710000121, #2020022810000031).
    • Minor improvement: The memory usage of the gvmd service has been improved (#140183).
    • Minor improvement: The ‘get_vts’ command will no longer return NVTs if the NVTs are being updated to prevent subsequent errors (#138759).
    • Minor improvement: When the same TLS Certificate was found multiple times for the same Host, the Host was displayed multiple times in the TLS Certificate details (#125193).
    • Minor improvement: The naming of the TLS Certificate content columns has been streamlined (#132009).
  • Vulnerability Scanning:
    • Bugfix: The CIDR format validation for targets has been improved (#135027).
    • Minor bugfix: The false positive warning ‘Invalid VT oid for a result’ was logged when scanning a dead host (#134693, #2020030410000065).
    • Minor bugfix: A missing ‘id’ function parameter in script_get_preference has been added (#131686).

6.0.7 (2020-04-15):

  • Greenbone OS:
    • Improvement: The system memory limits have been increased to 6 GB for the GSM types 400, 150 and 35 and to 5 GB for the GSM types ONE, MAVEN, 25V and CE (#137202).
    • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696).
    • Bugfix: The upgrade of GSM master-sensor setups to GOS 6.0.6 could fail if they were migrated from GOS 4.3 (#135389, #2020031210000013, #2020031210000022).
    • Minor improvement: The Greenbone Vulnerability Manager NVT cache rebuild during a GOS upgrades is now part of the GOS upgrade system operation (#136112).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-04-09 (#137204).
    • Minor improvement: The full GOS version and the installation date are now recorded in the installation log (#134536).
  • Vulnerability Management:
    • Improvement: For the Greenbone Vulnerability Manager the ‘–rebuild’ option was reintroduced, allowing to fully rebuild the NVT database in a clean state (#133336, #134667).
    • Bugfix: A lockfile is now created when either openvas or ospd-openvas update their respective NVT caches. Only one process will now be able to update its cache at a time, this should prevent potentially corrupted caches (#129077, #134666, #136113).
    • Bugfix: Reports from previous GOS versions which contain unescaped, invalid control characters will be cleaned when upgrading to GOS 6.0.7 (#134573, #2020022810000012, #2020030210000069, #2020030310000094, #2020030310000138, #2020030410000011, #2020030210000096, #2020012210000061, #2020021310000031, #2020022810000021, #2020032710000031, #2020030410000029).
  • Vulnerability Scanning:
    • Improvement: The memory usage of ospd-openvas has been improved (#137201, #2020010210000018, #2019122310000041, #2020011310000024, #2020030210000096, #2020012810000014).
    • Bugfix: For scan results, control characters that are not supported in XML are now properly escaped (#134573).

6.0.6 (2020-03-05):

  • Greenbone OS:
    • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132588).
    • Bugfix: The feed directories in GOS could have had erroneous permissions. The permissions are now corrected during every feed update (#130351, #132578).
    • Bugfix: GSM master appliances copied their flash images to all connected GSM sensors during a feed push. The images will no longer be copied, existing erroneous images on the sensors will be cleaned when using the ‘Maintenance/Flash/Download’ option in the GOS menu (#134524).
    • Bugfix: SCP Alerts caused a path error in GOS (#132433, #2020012810000032).
    • Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#132431, #2020012810000032).
    • Bugfix: An unsupported email attachment size setting could be used in rare cases, causing an error when a truncation warning should have been sent via email (#131574).
    • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134331).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-03-05 (#134851).
    • Minor improvement: The current NVT count of the GSM is now included in the Greenbone Support Package (#134413).
  • Vulnerability Management:
    • Bugfix: XML exports of Reports could produce corrupt XML files (#130561. #2020011510000066, #2020020610000027, #2020021310000031).
    • Bugfix: Invalid host details could cause a JavaScript error on the ‘Assets/Hosts’ page, preventing it from being displayed (#133624, #2020021110000053, #2020022710000103).
    • Bugfix: The Scan Config ‘scanner_plugins_timeout’ preference was not correctly migrated from GOS 5.0 in all cases, which led to subsequent errors when scanning (#130349).
    • Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
    • Bugfix: Verinice ISM exports of Reports could contain identical links, preventing the import in verinice. (#132592).
    • Bugfix: Erroneous ‘sync_scap’ and ‘Skipping CPEs’ messages could sometimes repeatedly appear after a feed update (#130352).
    • Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131629).
    • Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128686).
    • Bugfix: The ‘Add tag to page contents’, ‘Add tag to selection’ and ‘Add tag to all filtered’ buttons did not add the tag to the resources (#132814).
    • Bugfix: Vulnerabilities could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#125741).
    • Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131916).
    • Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#129700).
    • Bugfix: For Tasks created via the Task Wizard, the ‘Auto Delete Reports’ count could be out of range, causing an error (#131918, #2020020510000074).
    • Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130028).
    • Minor bugfix: Invalid SecInfo URLs did not display an error page in all cases (#112794).
    • Minor improvement: The wording for unavailable SecInfo item error pages, for example for CVEs, has been improved (#112794).
    • Minor improvement: The wording for unavailable results in delta reports has been improved (#125848).

6.0.5 (2020-02-19):

  •  Vulnerability Management:
    • Bugfix: Result details generated via NVTs with the new NVT OID scheme were incomplete (#134029).

6.0.4 (2020-02-13):

  • Greenbone OS:
    • Bugfix: The Greenbone Vulnerability Manager NVT cache is now rebuilt during a GOS upgrade (#132582, #133623).
    • Minor improvement: Log messages from ospd-openvas are now included in the GOS menu ‘Advanced/Logs/Scanner’ (#130353).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-02-11 (#133341).
  • Vulnerability Management:
    • Bugfix: Reports sent via the ‘Trigger Alert’ functionality on Report details pages did not contain any vulnerability details (#132585, #2020010710000036).
    • Bugfix: Reports sent via an Alert, if the event of the Alert was triggered, did not use the ‘Report Export Filename’ user setting (#132586).
    • Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102).
    • Bugfix: Anonymous XML reports had an incorrect XML declaration, which could cause an error when retrieving them via the command line (#131561, #2020011510000066).
  • Vulnerability Scanning:
    • Bugfix: The Scan Config Scanner preferences ‘expand_vhosts’, ‘max_sysload’, ‘min_free_mem’ and ‘test_empty_vhosts’ were missing (#131833).
    • Bugfix: The deprecated Scan Config Scanner preferences ‘debug_mode’, ‘dry_run’, ‘vhosts’ and ‘vhosts_ip’ were removed. These preferences may still appear in the web interface, but will not be functional. They should not be considered and may be hidden in a future GOS patch level (#131833).
    • Bugfix: The Target options ‘reverse_lookup_only’ and ‘reverse_lookup_unify’ were not sent to the Scanner (#132289).
    • Bugfix: The error handling for NVTs that are missing from the ospd dictionary was improved. They should now be skipped during a scan instead of causing a process failure (#130350).
    • Bugfix: The names of NVTs are now escaped before they are sent as a part of a Result (#132004).
    • Bugfix: SNMP credential preferences were missing delimiters when sent at the start of a scan (#132002).

6.0.3 (2020-01-23):

  • Greenbone OS:
    • Improvement: Significantly reduced the time required to upgrade from GOS 5 to GOS 6 for appliances with large databases (#128835).
    • Improvement: Added a GOS selfcheck to warn users about changes of default behaviour and necessary sensor adjustments after upgrading to GOS 6 (#128406).
    • Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#128479).
    • Bugfix: A sqlite database could still be generated on the file system of a GSM 150, even though sqlite usage was removed from GOS 6 (#130812).
    • Bugfix: A sudo prompt could be erroneously shown when uploading a GSF key. After upgrading to GOS 6.0.3, a reboot is required to fully remedy the situation (#129222).
    • Bugfix: The system integrity could be uncertain for new installations and after a factory reset due to a race condition (#131037).
    • Minor bugfix: Logs from the OpenVAS scanner were missing from the GOS support package (#129697).
    • Minor improvement: Updated the integrated version of the GSM manual (#131044).
  • Vulnerability Management:
    • Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128398).
    • Improvement: Improved the memory allocation management of the gsad webserver (#128981).
    • Improvement: The Verify Scanner action in the web interface now also checks whether the credential of the GMP scanner is correct (#89510).
    • Bugfix: The connection of a GSM master appliance to GMP scanners could fail (#131623, #131709, ##2020011610000037).
    • Bugfix: The Summary, Insight, Affected Software/OS and Detection Method paragraphs on Result details pages could show no or incomplete information (#129621).
    • Bugfix: In the New Override dialog, the Severity: Other input field did not accept valid inputs (#130795).
    • Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#131693).
    • Bugfix: Changing the Results filter for a Report that is loading did not apply the new filter (#131695).
    • Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#131694).
    • Bugfix: Permissions linked to Resources showed ‘Orphan’ instead of the link to the Resource (#129696).
    • Minor bugfix: Comments for Permissions could not be deleted as expected (#128145).
    • Minor bugfix: Dashboards on the Tasks page included Audits in the total number of Tasks (#128332).
  • Vulnerability Scanning:
    • Bugfix: The Alive Test setting of a Target did not overwrite the Scan Config default, if it was set to a custom value (#130722).

6.0.2 (2019-12-19):

  • Greenbone OS:
    • Bugfix: The system integrity check did not recognize all valid GSF keys as valid. This could cause ansible to fail (#129624, #2019121810000168, #2019121910000077).
    • Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to the system integrity check is now included (#129622).

6.0.1 (2019-12-17):

  • Greenbone OS:
    • Improvement: The time required for a synchronization of the Greenbone Security Feed has been reduced significantly (#126323).
    • Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#128984).
    • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#128597).
    • Bugfix: IPv6 routes were not shown correctly in the GOS menu (#128331).
    • Bugfix: The ‘Scanner’ and ‘Upgrade’ log options in the GOS menu did not work (#128112).
    • Minor improvement: Updated the integrated version of the GSM manual (#128691).
  • Vulnerability Management:
    • Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126498).
    • Improvement: Redesigned the ‘Edit Scan Config Family’ dialog for better performance and usability (#111530).
    • Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#128565).
    • Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#128334).
    • Bugfix: Resuming a Scan Task caused a new report to be generated. The Results from the resumed Scan will now be added to the current report as expected (#125046).
    • Bugfix: Icon tooltips in the web interface were not functional (#126250).
    • Bugfix: Sorting TLS Certificate Assets in the web interface did not work as expected (#128167).
    • Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128338).
    • Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#125744).
    • Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128066).
    • Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128404).
    • Bugfix: When editing a Scan Config in the web interface any selected checkboxes would be unselected after some time (#125747).
    • Bugfix: Fixed a resource error that could occur when editing a Permission (#118348).
    • Minor bugfix: When linking directly to a CVSS calculator calculation, the settings were not configured as expected (#127661).
    • Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128143).
    • Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used, and the web interface display has been adjusted (#124591).
    • Minor bugfix: Adjusted the mouse cursor icon used when hovering the mouse pointer over various icons (#127556).
    • Minor improvement: Added a basic Scan Config template with the minimum set of NVTs required to start a Scan (#56665).
    • Minor improvement: Added the currently configured timezone to the user/session menu (#126251).
    • Minor improvement: Added loading indicators for the contents of dropdown menus in the web interface (#126246).
  • Vulnerability Scanning:
    • Bugfix: Improved a case where the Scanner process could get stuck (#127759).
  • Explicit Compliance:
    Compliance audits are featured prominently and independently of vulnerability scans. The compliance status is now visible at a glance and managing compliance policies is easier than ever. In addition, the new Greenbone Compliance Report format is available for reporting the results (FS-180926-0105).
  • Lean Sensors:
    GSM SENSOR appliances now implement the Open Scanner Protocol (OSP). This means much lighter appliances that use less resources and can offer better performance, for example substantially decreased feed synchronization times (FS-171122-5830).
  • Updated GSA web interface:
    The new ‘Resilience’ category is introduced, offering central access to Compliance checks and Remediation tickets. In general the menu is reordered to provide a cleaner structure (FS-190124-5645).
  • New explicit asset type “TLS Certificates”:
    Detected TLS certificates are copied into the asset managemenet. This allows a overview on TLS certitifcate status independent of actual scan tasks (FS-171121-4722).
  • Self integrity checks for the Greenbone Security Manager:
    This feature extends the GOS with special integrity checks that try to identify unauthorized or unintended changes of key elements such as signing keys or disk encryption (FS-180823-5946).
  • Restart after upgrade option:
    A GSM may now be configured to restart automatically after an important system upgrade that would require a reboot. This alleviates the GOS upgrade management of sensors while still offering full control over each system (FS-171220-2932).
  • Configurable fail-over proxy:
    It is now possible to configure more than one proxy in GOS. If the feed synchronisation with the first proxy is not possible, the second proxy will act as a fallback (FS-180823-2319).
  • Internal hardening:
    The GOS Linux kernel has been updated to version 4.19.81, offering better hardening and support for future hardware upgrades. The ssh service is tailored as well (FS-190429-3226, FS-180918-4743).
  • Streamlining of the GMP API protocol:
    Several redundant or deprecated GMP elements were removed. Apart from a cleaner and leaner API these changes have a positive effect on performance (FS-181230-4813, FS-180927-1120, FS-181109-3633, FS-181116-4311, FS-181219-3932).
  • Prepared internal advanced NVT preference naming and identifier scheme:
    The previous preference identification scheme depended on the name of the NVT and preference while the new one uses independent identifiers like the NVT OID. This will allow NVT and preference names to be changed once GOS versions using the old scheme are retired (FS-180109-1807).
  • Consolidation Database Management System:
    The same database management system (DBMS) is now used for all GSM models. Essentially only GSM 150 now pgrades to a full DBMS while the SENSORs do not use a DBMS anymore. Further, a GOS migration is limited to upgrade to the direct successor, which also needs to be considered for activation of backups. The consolidation towards a single DBMS allows to simplify data management and gain performance improvements apart from a consistent behavior of all GSM models simplifying support cases (FS-180925-1323, FS-190227-3318).

2019-04-30: Greenbone OS 5.0

Latest Patch Level: 5.0.20 (2021-02-22)

Lifecycle Phase: Retired 2021-02-22

5.0.20 (2021-02-22):

  • Greenbone OS:
    • Status: Set the release status to “retired” for all GSM types with GOS 5.0. An upgrade recommendation will be displayed in the GOS selfcheck (#146929, #157072).
    • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157071).

5.0.19 (2020-07-30):

  • Greenbone OS:
    • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143643).
    • Bugfix: The GOS setup could fail in rare cases (#142488).
    • Bugfix: The setting ‘Max email size’ in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143123).
    • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#144474).
  • Vulnerability Management:
    • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
    • Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140469).
    • Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129751, #2019122310000023).
    • Bugfix: SSH private keys of the ‘ed25519’ key type were not accepted for credentials (#142242).
    • Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#114448, #114449, #2019090410000011).
    • Bugfix: Tasks with an ampersand character (‘&’) in the ask name caused an error if they were run on a GSM sensor (#141859).
    • Bugfix: Migrating sqlite user data from GOS 4.3 to GOS 5.0 manually could fail in some cases (#142144).
  • Vulnerability Scanning:
    • Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143798).

5.0.18 (2020-05-25):

  • Greenbone OS:
    • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132589).
    • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134695).
    • Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#134772).
    • Bugfix: SCP Alerts caused a path error in GOS (#134804).
    • Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#125050).
    • Bugfix: The keyboard layout selection was not applied sporadically (#139723).
    • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134332).
    • Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898, #2019111210000064).
    • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129754).
    • Minor improvement: Added a selfcheck if the given remote backup server is misconfigured or unreachable (#125752)
    • Minor improvement: Removed the selfcheck alerting the user about a pending switch release (#138967).
    • Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137537).
    • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-14 (#131710).
  • Vulnerability Management:
    • Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132426, #117784, #2019011610000021, #2019082010000037, #2019091110000061).
    • Bugfix: The ‘Deny all and allow’ hosts setting for a user did not deny host access if the input field for ‘allow’ was empty (#132301, #2019032810000013, #2020040210000031).
    • Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131628, #2019042610000033).
    • Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#127466).
    • Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
    • Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128685).
    • Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131912, #2020012410000021).
    • Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102, #131837, #2018083010000029).
    • Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132654).
    • Bugfix: OVAL definitions were duplicated in rare cases (#128163).
    • Bugfix: Verinice ISM and Verinice ITG reports were no longer importable in Verinice (#128330, #2019120410000014, #2019121310000015)
    • Bugfix: Downloading a credential as a RPM package could result in an unuseable package (#131207, #2020040310000038).
    • Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130027).

5.0.17 (2020-01-20)

  • Greenbone OS:
    • Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#129688, #131103).
  • Vulnerability Management:
    • Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128397).
    • Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#128600).
    • Bugfix: Changing the Report filter for a Report that is loading did not apply the new filter (#129127).
    • Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#129073).
    • Minor bugfix: Comments for Permissions could not be deleted as expected (#128144).

5.0.16 (2019-12-17)

  • Greenbone OS:
    • Improvement: Unlocked the switch releases to Greenbone OS 6.0.1 for all supported GSM types (#129123, #128405).
    • Bugfix: In rare cases, switch release upgrades could get triggered on GSM sensors unintentionally when upgrading the GSM master (#121478).
    • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#98371).
    • Bugfix: IPv6 routes were not shown correctly in the GOS menu (#127560).
    • Minor improvement: Updated the integrated version of the GSM manual (#128690).
  • Vulnerability Management:
    • Improvement: Improved the memory allocation management of the gsad webserver (#128399).
    • Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126497).
    • Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#124690).
    • Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#127760).
    • Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128336).
    • Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#124447).
    • Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128065).
    • Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128394).
    • Bugfix: The web interface tab ‘General Command Permissions’ listed duplicate permissions for default items (#118680).
    • Bugfix: ‘sort’ and ‘sort-reverse’ filters were not shown in the web interface Scan Report Content Composer (#121752).
    • Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128142).
  • Vulnerability Scanning:
    • Bugfix: Improved a case where the Scanner process could get stuck (#124695).

5.0.15 (2019-11-26):

  • Vulnerability Scanning:
    • Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127751).

5.0.14 (2019-11-01):

  • Vulnerability Management:
    • Bugfix: Results did not show up for downloaded reports (#126018).
    • Bugfix: Viewing a delta report in the web interface could show a constant loading indicator (#126022).
    • Bugfix: The number of high results was not shown in the ‘Hosts’ tab of the report details page (#126020).

5.0.13 (2019-10-29):

  • Greenbone OS:
    • Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123416).
    • Improvement: Added a check and an info dialogue to prevent GOS upgrades if deprecated settings are configured (#119699, #121980).
    • Bugfix: Added support for restoring old backups created with GOS 4 (#123292, #125198).
    • Bugfix: For airgap setups, the airgap master will now provide the airgap sensors with upgrade packages for the current and previous GOS versions, similar to normal master-sensor setups. This should improve switch releases between major GOS versions for airgap setups (#123183).
    • Bugfix: Incremental backups were only listed if at least one backup had been created locally. Incremental backups are now always listed, even if all backups are stored remotely (#122908, #2019091910000029).
    • Bugfix: The configuration of Remote Syslog settings did not become active until after reboot. They are now active when saving the settings in the corresponding menu (#122260, #2019091010000063).
    • Minor bugfix: Added proper system operation names for creating and restoring an USB backup (#123140, #125500).
    • Minor improvement: When sending emails, a GSM will now use its fully-qualified domain name as the hostname (#72221, #2019021410000014).
    • Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125234).
    • Minor improvement: Updated the integrated version of the GSM manual (#125754).
  • Vulnerability Management:
    • Improvement: Simplified the verification process for custom report formats: Custom report formats are no longer verified manually, only automatically. The ‘Verify Report Format’ button was removed in this scope (#111692).
    • Improvement: The report details page now opens at the ‘Information’ tab by default (#125850).
    • Bugfix: After encountering an error page in the web interface, the error is no longer displayed when trying to view another page (#124342).
    • Bugfix: The ‘Reset to Default Filter’ button on Report details pages set an erroneous filter, causing no Results to be displayed (#120979).
    • Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#119765).
    • Bugfix: When creating objects in the web interface, no preselections were shown even if suitable elements existed, for example when creating a Permission, no User would be preselected. The first element alphabetically is now preselected, if an element exists (#119932, #2019080810000015).
    • Bugfix: The icons identifying an operating system on the Assets pages would sometimes show up as “?” only, even if detailed information on the operating system is available (#125194).
    • Bugfix: It was not possible to delete comments for Users (#125448, #2019100910000054).
    • Bugfix: Saving a space character as a User comment caused an error (#124339, #2019100910000054).
    • Bugfix: Deleting a user with objects in the Trashcan could cause a sql error (#124694).
    • Bugfix: The dashboard display “Next Scheduled Task” was missing timezone information (#122387, #2019091110000016).
    • Minor bugfix: Verifying a Scanner on the corresponding scanner details page was missing a feedback dialog (#112039).
    • Minor bugfix: Increased the number of characters allowed in the ‘Filter’ input field of the ‘Update Filter’ dialogue (#121747).
    • Minor bugfix: On the dashboard display “Chart: Operating Systems by Vulnerability Score” CPE values could be truncated at the end, omitting operation system details. Such cases are truncated at the beginning now, allowing for easier identification of the operating systems in question (#122146, #2019090910000039).
    • Minor bugfix: Corrected a special character encoding issue on the User list page (#123139, #2019092310000066).
    • Minor bugfix: Corrected an error message that could occur when saving a Role (#121746).
    • Minor improvement: Improved the error message in case the web server does not respond (#113218).
    • Minor improvement: Removed the ‘Clone Report Format’ button since it had no use case (#111692).
    • Minor improvement: Improved the default name and password hints on the web interface login page (#124117).

5.0.12 (2019-10-08):

  • Greenbone OS:
    • Bugfix: GSM appliances without Alert functionality that were installed via a GOS 5.0.4 or newer image were exposing a SMTP port erroneously. The related service has been disabled for these appliances (#123978).
    • Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121977).
    • Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121977).

5.0.11 (2019-09-24):

  • Greenbone OS:
    • Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121983).
    • Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121478).
    • Bugfix: Added the missing ‘gpgsm’ package for S/MIME certificate support to GOS (#121985).
    • Bugfix: Fixed frequent, cosmetic redis error messages that were shown after a GOS upgrade (#118683).
    • Minor bugfix: Fixed scanner logs during a feed update sometimes not showing the correct progress when loading NVTs (#81956).
    • Minor improvement: Added warnings regarding the usage of ECDSA/DSA remote backup server host keys (#120115).
    • Minor improvement: Added a name for the ‘Flash Write’ system operation in the ‘About’ menu (#119046).
    • Minor improvement: Updated the integrated version of the GSM manual (#123087).
  • Vulnerability Management:
    • Improvement: On Report details pages, only ‘high’, ‘medium’ and ‘low’ severity Results will now be displayed by default. ‘Log’ Results are no longer displayed by default, but may still be shown via a Filter. This may improve the performance of displaying Reports with a very large number of Results (#121641).
    • Improvement: Changed the default sorting of Results on Report details pages. Results are now sorted from highest to lowest severity (#121641, #2019082910000057).
    • Improvement: Added the columns ‘Ports’, ‘Apps’, ‘Distance’ and ‘Auth’ to the ‘CSV Hosts’ report format (#120739, #2019082010000028).
    • Improvement: Added an animation and a lock to the ‘OK’ buttons of the report composer and trigger alert dialogues in the web interface to indicate that they been clicked, and to prevent further clicks until the original operation is finished (#120695, #2019081910000021).
    • Improvement: Added a short animation to the ‘Empty Trash’ button in the web interface to indicate that it has been clicked (#121341).
    • Improvement: Improved the ‘Edit User Settings’ dialog part for changing the current password. The description and error handling have been improved (#121974).
    • Improvement: Enhanced the Alert details pages to show more information regarding the configured Alert type and settings (#119766).
    • Improvement: Added tooltips to the ‘Edit Task’ dialog to indicate which settings cannot be edited for non-alterable tasks (#119840).
    • Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#108616, #2019011510000041).
    • Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122907, #2019091810000067).
    • Bugfix: Filtering Remediation Tickets by status was not working correctly. Remediation Tickets can now be filtered via ‘Open’, ‘Fixed’, ‘Fix Verified’ and ‘Closed’ as expected (#117783).
    • Bugfix: Remediation Tickets linked to a Task that is in the Trashcan or deleted had several display and useability issues (#116253).
    • Bugfix: Fixed a further issue with the CVSS calculator, if “Authorization” was set to “Single” (#118415).
    • Bugfix: Fixed the ‘Download CSV’ chart button causing an error (#121745).
    • Bugfix: Fixed long note texts breaking the boundaries of the text box on Notes details pages (#120981).
    • Bugfix: It was not possible to request individual vulnerabilities when using the GMP command ‘get_vulns’ with the ‘vuln_id’ attribute (#116532).
    • Minor improvement: Updated the man page of gsad (#112036).

5.0.10 (2019-09-03):

  • Greenbone OS:
    • Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
    • Minor improvement: Updated the integrated version of the GSM manual (#121640, #121753).
  • Vulnerability Management:
    • Bugfix: Fixed a reflected XSS vulnerability in the web interface (#121870).
    • Bugfix: Sensor scans could erroneously show the status ‘Interrupted’ on the master in some cases (#121106).
    • Bugfix: Permissions could not be edited in the Administration/Roles/Edit Role dialog (#120601, #121343).
    • Bugfix: Disabled the ‘Trigger Alert’ button on Report details pages for GSM types that do not support Alerts and for users that have no permission to use Alerts (#120598, #120600).
    • Bugfix: Disabled the ‘Edit My Settings’ button on the Extras/My Settings page for users that have no permission to modify Settings (#120598).
    • Bugfix: Removed the ‘Clone Host’ button from all Assets/Hosts pages since it had no use case and caused an error (#121242).
    • Bugfix: The ‘sort-reverse’ filter was not applied in the GSR-PDF report (#119483).

5.0.9 (2019-08-26):

  • Greenbone OS:
    • Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120973).
  • Vulnerability Management:
    • Bugfix: On the Assets/Hosts page, creating a new target via a bulk action caused an error (#120185, #2019081310000032).
    • Bugfix: In the power filter, quotation marks in keywords starting with the character ‘~’ where not handled correctly, causing subsequent errors during bulk actions (#115293).

5.0.8 (2019-08-14):

  • Greenbone OS:
    • Extension: The “Greenbone Security Manager with Greenbone OS 5” user manual is now included in GOS for offline use. It can be accessed via the web interface menu Help/Contents (#119292, #119764).
    • Improvement: Added an experimental “SQL chunking” setting for sensor scans. It is activated via the GOS command line and may improve the scan performance (#117778).
    • Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#116440).
    • Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
    • Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119829, #2019080510000021, #2019072410000022).
    • Bugfix: The database file of a user data backup was not renamed correctly when upgrading from GOS 4 to GOS 5, causing a redundant copy to be present (#118354).
    • Bugfix: Uploading a remote backup server host key could add a newline character, causing the host key to be invalid (#109875).
    • Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118338).
    • Minor bugfix: The Maintenance/Flash menu was erroneously shown for the virtual appliances GSM DECA, TERA, PETA and EXA. It was not functional and has been removed (#119052).
  • Vulnerability Management:
    • Improvement: Single select dropdown menus in the web interface are now completely clickable (#118178, #2019071510000101).
    • Improvement: The Edit/New Schedule dialog has been extended to make picking Schedule times easier: The new “Now” button will always set the current time, the date picker has had a year picker added (#118251).
    • Bugfix: Schedules could be erroneously removed from Tasks, since the new iCalendar format was not used for all checks (#117775, #2019070910000033).
    • Bugfix: Schedule “Next Run” times were wrong if the Schedule was non-recurring or for certain timezone constellations (#119045, #119482, #2019072910000013).
    • Bugfix: Schedules migrated from GOS 4 were always using the UTC timezone (#118054, #2019071510000012).
    • Bugfix: Schedule times are once again shown in the timezone that the Schedule was configured for, not the general user settings timezone, restoring the behaviour from GOS 4 (#118873).
    • Bugfix: On the Report details page, the columns Ports, Apps, Distance, Auth, Start and End were missing in the Hosts tab (#115647).
    • Bugfix: The Export File Name settings in the web interface were not applied (#118181, #2019071610000029).
    • Bugfix: The Task setting “Once” for Schedules was not saved correctly (#118237, #118238, #2019071610000127).
    • Bugfix: Emails sent via the an Email Alert had a wrong “Return-path”, “envelope-from” respectively “X-MailRelay-From” (#119942, #2019080810000024).
    • Bugfix: If any default Permissions are missing, they will now be re-created when the Greenbone Vulnerability Manager starts (#117410, #2019062010000013).
    • Bugfix: Resuming a Task configured to run on a Sensor could lead to duplicate results (#113271).
    • Bugfix: Verifying a Report Format in the web interface was missing a feedback dialog (#115104).
    • Bugfix: Verifying a Scanner in the web interface was missing a feedback dialog (#112039).
    • Bugfix: Alerts with the deprecated Report Format “HTML” were not migrated to use the Report Format “TXT” correctly (#110772, #2019071510000085).
    • Bugfix: Opening the web interface login page in a new window or tab while a login was active in another window or tab could log the user out (#114452).
    • Bugfix: If two web users are configured with different user interface languages, switching between the two users required two login attempts (#118559, #2019072310000015).
    • Bugfix: On the Performance page, the performance graphs for Sensors were not working correctly (#119210, #2019073110000045).
    • Bugfix: On the Performance page, changes made via the date picker were not saved correctly (#118055).
    • Bugfix: An error in the CVSS calculator occured, if “Authorization” was set to “Single” (#118415).
    • Bugfix: Clicking the operating system icon on any Host details page caused an error, it now links to the corresponding operating system details (#117780).
    • Bugfix: Creating a valid, but incomplete Alert via GMP and then trying to view it in the web interface caused an error (#114775).
    • Bugfix: Exporting a NVT with an apostrophe in the name caused an error (#120071).
    • Minor bugfix: When creating new Permissions for a Task, the default, pre-selected Permissions were different than in GOS 4 (#114791).
    • Minor bugfix: The “Filter” field in the Scan Report Content Composer was not automatically resized to fit the filter string, causing the text to overflow (#118182, #2019071510000111).
    • Minor bugfix: On the Tasks page, the indicator icon for Tasks configured to run on a Sensor was missing (#119767).
    • Minor bugfix: In the Delta Report view, the indicator for changed items, (+) and (-), was missing colorization (#112862).
    • Minor bugfix: The Task settings “Maximum concurrently executed NVTs per host” and “Maximum concurrently scanned hosts” were not shown on the Task details view (#110104).
    • Minor bugfix: Viewing any Report Format details page as a user with the role “Observer” would show XML parsing errors (#118560).
    • Minor bugfix: The “rows” Filter allowed for invalid values and relations. Invalid values are now converted to “1”, invalid relations are converted to “=” (#111336).
    • Minor bugfix: The response for the GMP command “delete_ticket” has been adjusted to lowercase (#116531).
    • Minor improvement: Removed the preview icon for Delta Report result differences, since the preview can not support all relevant details. Delta Report result differences may still be clicked to view their full details (#113514).
    • Minor improvement: Lists of objects in the web interface, for example “Tasks using this Alert” on the Alert details page, have been improved to make individual objects easier to discern (#118179, #2019071510000067).
    • Minor improvement: The Edit/New Task dialog has been adjusted, allowing the display of longer Scan Target and Schedule names (#118178, #2019071510000101).
    • Minor improvement: The CVSS calculator now states that CVSS V2.0 is used (#113527).
    • Minor improvement: The “details” attribute of the GMP command “get_reports” was undocumented (#114702).
  • Vulnerability Scanning:
    • Bugfix: The get_ssh_port() function of the scanner could fall back to port 22 when a custom port was configured (#114986).

5.0.7 (2019-07-25):

  • Vulnerability Scanning:
    • Bugfix: Fixed an issue causing scans to abort early due to the scanner not being able to fork new processes. This could lead to less detection results and host details being reported (#116389, #116533, #116866, #2019062510000059, #2019071610000011).
    • Bugfix: Added missing libopenvas build dependencies to openvas-smb (#118501).

5.0.6 (2019-07-11):

  • Vulnerability Management:
    • Bugfix: The HTTP timeout setting for the web interface was using an erroneous internal value, this has been corrected (#117889, #2019070810000071).

5.0.5 (2019-07-09):

  • Greenbone OS:
    • Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117589).
    • Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#117030).
    • Bugfix: Support for importing old GOS 3.1 or 2.0 userdata backups has been improved (#117135).
    • Bugfix: Starting a GOS upgrade after importing an old GOS 3.1 or 2.0 userdata backup could cause a postgres error (#117412).
    • Minor bugfix: The system operation ‘Update Feed’ in the GOS menu ‘About’ was not named correctly in all cases (#117411).
    • Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117591).
    • Minor improvement: All occurences of ‘Airgap Slave’ have been renamed to ‘Airgap Sensor’ (#117282).
  • Vulnerability Management:
    • Bugfix: Configuring a custom HTTP timeout setting for the web interface was not applied in all cases (#117640, #2019070810000071).

5.0.4 (2019-07-01):

  • Greenbone OS:
    • Extension: Introduced new GSM types 450, CENO, DECA, TERA, PETA and EXA (#114981, #114992).
    • Improvement: Activated support for SMTPS encryption of emails sent by a GSM (#83277).
    • Improvement: Added a shell script to fix oversized postgres databases (#86497).
    • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#93050, #116252).
    • Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
    • Minor improvement: Added warnings regarding the usage of ECDSA SSH keys (#116303).
    • Bugfix: The flash drive of GSM hardware appliances was sometimes not detected correctly (#115837).
    • Bugfix: No network traffic performance graph data was shown for interfaces in the ‘scan1’ namespace (#110755).
    • Bugfix: The network route 0.0.0.0/0 can now be set (#115609).
    • Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876).
    • Minor bugfix: Improved the formating of the GOS sensor test results (#113219).
  • Vulnerability Management:
    • Improvement: The Greenbone Vulnerability Manager now automatically adds a “login failed” host detail when a target has a credential configured and the login fails (#106677).
    • Improvement: Updated the manpage of gvmd (#112086).
    • Bugfix: Notes and overrides for results were not shown (#112702).
    • Bugfix: Not all result pages for delta reports could be viewed (#116392).
    • Bugfix: Task names were not visible in the reports view (#110527, #2019051010000034).
    • Bugfix: The ‘Edit’ dialogue for LDAP and RADIUS settings did not work in some cases (#115426).
  • Vulnerability Scanning:
    • Bugfix: If there is no redis database available, the scanner will no longer wait forever, but resume operation as soon as a database becomes available again (#115613).

5.0.3 (2019-06-19):

  • Greenbone OS:
    • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116440).

5.0.2 (2019-06-03)

  • Greenbone OS:
    • Improvement: The GOS menu ‘About’ will now show the exact type of system operation that is in progress (#98619).
    • Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#115335).
    • Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113830).
    • Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#115285).
  • Vulnerability Management:
    • Improvement: Greatly improved the performance of the ‘Edit Scan Config’ dialog (#112699).
    • Minor improvement: File upload buttons and text input fields are now inactive if their corresponding radio button is not selected (#113530).
    • Minor improvement: Added documentation of NVT categories in a GMP response (#109616).
    • Bugfix: The Task page could show an internal error in some circumstances (#114037, #2019051010000034).
    • Bugfix: When switching from the reports list page to the report details page, the page could get stuck while loading (#114040, #2019051010000034).
    • Bugfix: Giving write permissions for a task to another user still did not allow that user to start the task (#114793).
    • Bugfix: It was not possible to bulk-tag filtered resources, like port lists (#113729).
    • Bugfix: Vulnerabilities were not supposed to be tagged, the bulk-tag icon has been removed from the Vulnerabilities page (#115294).
    • Bugfix: Using the ‘Test Alert’ functionality for an alert with the method ‘Start Task’ did not start the task (#110778).
    • Bugfix: Verifying default report formats caused an error. Since they are always verified, the corresponding verification has been disabled (#110105).
    • Minor bugfix: Task details pages were not refreshed correctly (#113931).
    • Minor bugfix: The scheduled task icon tooltip did not list the next due date (#113203).
    • Minor bugfix: In the Results view the host IP column could display ‘null’ (#110583).
    • Minor bugfix: Email alerts could be configured with a syntactically invalid email address (#112103).
    • Minor bugfix: For email alerts with an attached report, the content type of the attachment was set to ‘null’ erroneously (#112155).
    • Minor bugfix: Changed the ‘Solution Type’ checkboxes in the Results power filter dialog to radio buttons, since only one selection is allowed at a time (#114039)
    • Minor bugfix: In the ‘Import Report’ dialog all available containers are now always shown (#112616).
    • Minor bugfix: The ‘NVTs by Family’ chart did not show the message ‘Applied filter…’ if a filter is used (#114094).
    • Minor bugfix: In report details, error messages could contain erroneous entities (#113516).
    • Minor bugfix: In scan config details, ‘Tasks using this Scan Config’ was missing linebreaks (#113871).
    • Minor bugfix: The delete icon was shown as active for scan configs which are in use, it now shows as inactive as intended in this case (#111525).
    • Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035).
    • Minor bugfix: The ‘Anonymous XML’ and ‘XML’ report format details were incorrectly describing both as ‘OpenVAS Manager XML format’ (#113873).
    • Minor bugfix: The ‘Common Platform Enumeration’ report format details were incorrectly referring to it as ‘Common Product Enumeration’ (#113874).
    • Minor bugfix: Fixed the parsing of CVSS single instance authentication in CVE details (#115277).
    • Minor bugfix: Creating a tag with an empty ‘id’ attribute via a GMP API call could lead to a duplicate response (#113815).
    • Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#115284).
    • Minor bugfix: The ‘get_vulns’ GMP command now returns a valid response when used without a filter (#113817).
    • Minor bugfix: Removed unneeded PostgreSQL error log messages when a lock was not available (#109087).
    • Minor bugfix: Fixed a possible race condition in the ‘Edit My Settings’ dialog (#113930).
    • Minor bugfix: Added German translations for error, date and status information (#114030, #114031, #114193).
  • Vulnerability Scanning:
    • Bugfix: Each scan plugin process is now separated into its own process group, preventing defunct processes and NVTs being executed at a wrong time (#109743, #113267).

5.0.1 (2019-05-05):

  • Greenbone OS:
    • Improvement: The default system maintenance time is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. The system maintenance time can still be adjusted manually (#113695).
  • Vulnerability Management:
    • Improvement: Only fully translated user interface languages are now available to choose from in the My Settings menu. Incomplete translations are hidden until implementation (#113517).
    • Bugfix: The tasks page was not refreshed correctly when a task was in the status ‘Requested’ (#113515).
    • Bugfix: Viewing the TLS certificate details in a report view could lead to an error page (#113520).
    • Bugfix: The hosts topology graph was not displayed correctly if there was a host with no severity present (#113521).
    • Bugfix: Powerfilter dropdown menus were erroneously limited by the Rows per page / max_rows setting (#113528).
    • Minor bugfix: Some login page elements were offset for Microsoft Edge and Microsoft Internet Explorer (#113725).
    • Minor bugfix: The list of excluded hosts in the target details was missing a linewrap (#113204).
    • Minor bugfix: The download icons for credentials were missing tooltips (#112161).

5.0.0 (2019-04-30)

  • Transform Web-GUI into a single page application:
    Transforming the web user interface into a single page application which is loaded once and then only updates the in-browser data from the server. This accelerates user interactions and unloads the server. The design bascially remains as in GOS 4, but the interaction with the user interface will be much more direct and responsive (FS-171117-1741).
  • New view on scan results by vulnerability:
    The new view “Vulnerabilities” additional to Results and Reports summarizes identical vulnerabilities across all scans and of course arbitrary filters can be applied (FS-171117-1729).
  • Increase speed of feed updates:
    SCAP/CERT updates consume less CPU and less RAM (FS-171117-4518).
  • Transition from global objects to ownerless-predefined objects:
    In GOS 4 it was not possible to assign static global objects (Port lists, Scan configs, Scanner and Report  Formats) to roles as a specific permission. With the transition to ownerless-prefefined objects it is now possible to configure Users, Roles, and Groups in a way, which permits them only restricted usage of only a few, just one or even none of the predefined objects (FS-171117-4531).
  • Add columns “Hosts” and “Location” to the overview for Notes and Overrides:
    This makes sorting and filtering for Hosts and Locations easier (FS-171117-1839).
  • Extended edit dialog for overrides and notes:
    The edit dialog for Notes and Overrides now allows editing the NVT, Host, Location, Severity, Task and Result even if already set to
    “Any” or specified in other ways (FS-171117-5915).
  • New option to upload a file for “exluded hosts” for a Target:
    This removes the limit of the previous text entry field (FS-171117-3759).
  • Merge of Web-GUI built-in help and GSM Manual:
    The web version of the GSM manual is directly connected with the help buttons and placed into the appliance. This steamlines the documentation (FS-171116-1819).
  • Remove menu item “Assets->Hosts (Classic)”:
    The key functionality “prognosis” is already available since GOS 4.0 as the “CVE-Scanner” (FS-171117-2431).
  • Remove overrides indicator switch (web interface):
    The indicator/switch icon for overrides in the header of the severity columns in the tasks overview, reports overview, results overview and report-results overview is removed (FS-171117-1503).
  • Link to Scan Configs from the OSP Scanner details page (web interface):
    This makes navigation between Scanners and Scan Configs more consistent (FS-171117-3656).
  • Improved log files for scanner (internal):
    The scanner now follows the very same logging scheme as all other internal modules. This helps for support case about scanner (FS-171117-3025).
  • Renamed internal vulnerability management service to “gvmd”:
    This is a follow-up change of renaming the protocol from OMP to GMP in GOS 4. This establishes an advanced consistency in internal terminology reaching even into the database. However there is no impact for the user interface or to GMP: Neither GUI nor the API is changed (FS-171117-3251).
  • Automated internal database updates with feed content:
    This is a plain internal design change to avoid delayed data updates due to network problems or other issues (FS-171117-5003).
  • Advanced internal process activity information scheme for vulnerability management service:
    This is a plain internal change which makes it easier for support cases to analyse the activity status of a GSM (FS-171117-5336).
  • Removed Report Format Plugin “HTML”:
    The alternative GSR HTML is more advanced in any aspect. Alerts that were configured to use HTML will automatically fall back to use the lightweight “TXT”. Please change to GSR HTML where considered appropriate (FS-171127-5042).
  • Multiple user-configured main dashboards:
    The current single main dashboard under menu “Dashboard” is extended to have up-to 10 user-configured named dashboards. This allows for example to configure “Europe”, “Asia”, “Last Week”, “Windows” or “Printers” by applying respective powerfilters to a individual chart selection. (FS-171116-0537).
  • From the list of pre-defined severity classification schemes, “OpenVAS  Classic” is removed:
    It was kept for a transitional phase. Since a long time the NVD classification is the default. During migration, “OpenVAS Classic” is replaced by the NVD classification in case a user configured it as a personal setting (FS-180116-0845).
  • Task status “Internal Error” is renamed to “Interrupted”:
    Scans that stopped for any other reason than the user pressing the stop button  will have the status “Interrupted at X%” which is shown in red color in the  GUI and and thus replace the status “Internal Error”. After a reboot of the manager, running tasks are set to “Interrupted at X%” instead of “Stopped at X%”. The “Stopped” status remains reserved for user-intentional stopping of a task. Both types can be resumed. This all allows to resume tasks that failed for example due to a network connection problem during a sensor scan. Also it allows to distinguish between user-intended stop and system-driven stop. This changes the status types as handled by the GMP commands get_tasks and get_reports (FS-180108-3217).
  • Drop “version” element for NVTs and update version format for Results: The version information is actually redundant since the “last modification” element specifies the version even more meaningful. Thus, the “version” element is removed from the NVT meta data. This also means a minor change to the GMP protocol. Results are still given a version number of the respective NVT, but the format changes from for example “$Revision: 1244$” to “2017-12-20T08:01:27Z” (FS-171208-4740).
  • Extend Schedules to allow more refined schedules: The internal task scheduling system was extended to allow more refined schedules. The dialog for editing alerts was extended with more options like “16:00 every monday and wednesday” (FS-171116-3106).
  • Drop elements “host_start” and “host_end” from report element of GMP response from “get_reports”: The information in the elements “host_start” and “host_end”are already available in the “host” element. So, this changeis about dropping the redundant part (FS-180104-2357).
  • Bulk tagging:
    This feature introduces the opportunity to assign the same tag to many objects with just a single action rather than adding the tag to each object one by one. For example you can easily assign 100 arbitrarily filtered hosts in the host asset management with the tag “Responsible:AdminTeam1” or “AssetGroup:Printers” (FS-171227-1841).
  • Extended vhosts support:
    The scanner becomes much smarter about finding all hostnames:IPs relationships without need of extra user input. The previously used per-scan-config vhosts/vhosts_ip preferences are simply dropped. Whatever was configured here will now be done automatically and reliably. In environments with virtual hosts, the scan results will haveless results because duplicates are avoided now. The hostname is now a field of its own in the Web-UI as well as in GMP. (FS-171212-5724).
  • Removed report type “prognostic”:
    This report type was available only at GMP level for GET_REPORTS. This removal is the last step of the transition from “Prognosis” reports to the “CVE-Scanner” (FS-180927-0546).
  • Extended storage of results (internal):
    This is a plain internal change (no UI nor API change) to improve performance for some use cases. Technically speaking this reduces the size of the results table by introducing a separate results trash table (FS-180910-0459).
  • Drop redundant information from NVT meta data:
    This is an internal change to reduce the copyright notice to a single occurance in the NVTs. This has a minor positive effect on performance for feed updates (FS-181022-5813).
  • Encrypted alert emails:
    The alert method “Email” now allows to encrypt to a S/MIME certificate or to a PGP key, owned by the recipient. This way a secure end-to-end encryption is established. The encryption keys can be uploaded as a new Credential type in the Configuration section (FS-171122-0309).
  • Scan Report Content Composer:
    This new dialog appears when a report download is requested, an alert execution is requested and is available when an alert is created/edited. The dialog offers to compose the content of the XML that is then passed on to the Report Format Plugin, and perhaps then to the Alert. Initially it allows to configure whether notes and/or overrides should be included into the report. Not all report plugins can handle all types of content. The content composer allows to reduce/extend the scope handled by the report plugin and is designed to be extend with further data groups in the future (FS-180924-3251).
  • Integrated Remediation Workflow:
    For the product families MIDRANGE and ENTERPRISE, a integrated remediation workflow is introduced. It is a ticket management focussed on resolving the finding of  vulnerabilities. Compared to a generic ticket management system it is much simpler and has less options. On the other hand, it is capable to automatically consider re-scans in order to verify that an assignee has indeed fixed a security problem. Additionally, all valuable information to understand and resolve a problem is directly cross-linked and thus directly available for an assignee (FS-180103-0646).

2018-08-31: Greenbone OS 4.3

Latest Patch Level: 4.3.22 (2021-02-22)

Lifecycle Phase: Retired 2021-02-22

4.3.22 (2021-02-22):

  • Greenbone OS:
    • Status: Set the release status to “retired” for all GSM types with GOS 4.3. An upgrade notification will be displayed in the GOS selfcheck (#157070).
    • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157069).

4.3.21 (2020-07-30):

  • Greenbone OS:
    • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143745).
  • Vulnerability Management:
    • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. Only IPv4 or IPv6 addresses are accepted as a name now (#143733).

4.3.20 (2020-05-25):

  • Greenbone OS:
    • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132590).
    • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696, #125755, #2019102910000016).
    • Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#102470).
    • Bugfix: The keyboard layout selection was not applied sporadically (#1398861).
    • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#125586, #2018072410000079).
    • Bugfix: IPv6 routes where not shown in the corresponding administration menu (#127559, #2019112110000029).
    • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134333).
    • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#134341).
    • Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137538).
    • Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125235).

4.3.19 (2019-11-26):

  • Greenbone OS:
    • Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123417).
  • Vulnerability Scanning:
    • Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127752).

4.3.18 (2019-10-08):

  • Greenbone OS:
    • Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121978).
    • Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121978).

4.3.17 (2019-09-24):

  • This release is planned to be the LTS release of generation 4.
  • Update of the base system and of the database management system. This modernizes the basement but leaves the application stack untouched. The user interface, the APIs etc. will remain the same (FS-180108-2522).
  • Generator routine for auto-credentials for Debian and RPM based systems updated: In fact, the entire generator was implemented anew, making it much easier to maintain (FS-180514-3416).
  • Improved usability of GOS menu: Updated structure and item sequences, consistent spelling, grammar and terms throughout the menu,
    introduce check boxes and radio buttons for state of settings (FS-180723-4923).
  • Substitute ExpertNet functionality by network namespace management: The GOS menu “Network” is extended with settings for assigning network interfaces to namespaces. This covers the standard cases of using the ExpertNet functionality. In particular, this allows for an esier way to assign specific interfaces for scanning and management.Note: This feature is only available for GSM Midrange and Enterprise series (FS-180626-0915).

In case you are using the ExpertNet functionality in GOS 4.2, please follow these steps:

1. Save the ExpertNet Configuration separate from the GSM.
2. Optional: Consult Greenbone Support about possible challenges for the substitution of your ExpertNet configuration. Some advanced ways might not directly be transferable to the new scheme.
3. Deactivate ExpertNet.
4. Migrate to GOS 4.3
5. Configure the network with the new opportunities based on the details in the preserved ExpertNet configuration.

4.3.17 (2019-09-24):

  • Greenbone OS:
    • Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121982).
    • Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#121337).
    • Bugfix: The switch release from GOS 4.2 to GOS 4.3 could fail in some cases, if an IPv6 management IP was configured (#118949).
    • Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121479).
    • Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120972).
    • Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
    • Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119838).
    • Bugfix: Uploading a remote backup server host key could add a newline character or new lines, causing the host key to be invalid (#109875, #119485).
    • Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118184).
    • Minor bugfix: Improved the spelling in the GOS self check (#112714).
    • Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
  • Vulnerability Management:
    • Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#121333, #2019011510000041).
    • Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122909, #2019091810000067).

4.3.16 (2019-07-09):

  • Greenbone OS:
    • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117635).
    • Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117132, #2019070110000011, #2019070410000051).

4.3.15 (2019-07-01):

  • Greenbone OS:
    • Bugfix: Switch releases from GOS 4.2 could fail due to a networking error (#116250, #2019061110000021, #2019061110000012, #2019060610000059).
    • Bugfix: The network route 0.0.0.0/0 can now be set (#115609, #2019060310000028).
    • Bugfix: Network interfaces were sometimes be erroneously named on the new GSM type 5400 (#116814, #2019062510000041).
    • Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876, #2019042910000046).
    • Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
    • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#116640).
    • Minor improvement: Improved the error logging for the TippingPoint alert (#114090, #2019041610000098).
    • Minor improvement: Updated the info dialogue when upgrading to GOS 5.0 (#116910).

4.3.14 (2019-06-19):

  • Greenbone OS:
    • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116439).

4.3.13 (2019-06-03)

  • Greenbone OS:
    • Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#114780, #2019040110000026).
    • Improvement: The default system maintenance time for new Greenbone OS installations is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. Existing setups are not changed, and the system maintenance time can still be adjusted manually (#113697).
    • Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113829).
    • Bugfix: Opening the IPv6 global gateway menu lead to a traceback (#114746, #2019051610000032).
    • Bugfix: Manually deactivating the deprecated expert networking feature on namespace appliances could cause issues when configuring the scan namespace (#113816).
    • Bugfix: The migration from GOS 4.2 to GOS 4.3 could fail for non-namespace appliances (#114750).
    • Bugfix: On namespace appliances, the OpenVAS scanner was sometimes started in the wrong namespace (#113823, #2019050610000015).
    • Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#109142, #2019021210000027).
    • Minor bugfix: The Greenbone OS upgrade info dialogue and selfcheck could display the version information ‘None’ in some cases (#113531).
  • Vulnerability Management:
    • Bugfix: In some cases the default quality of detection for all vulnerabilities was set to 75% due to the OpenVAS manager not correctly generating its internal metadata database (#108670).
    • Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#114035, #2019050910000064).
    • Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035, #2019050910000064).

4.3.12 (2019-05-01):

  • Greenbone OS:
    • Improvement: Added info dialogues to explain why a GOS upgrade might not be possible due to a range of issues, as well as how to solve them (#109524).
    • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to redis is now included (#113457).
    • Bugfix: The internal GOS configuration management did not generate a correct return code in some cases, leading to subsequent problems (#112707, #112712).
    • Minor bugfix: A file path in the Support Package pointed to the wrong location (#112526).
  • Vulnerability Management:
    • Improvement: Added a configurable setting to control the interval at which a GSM master appliance requests scan results from a GSM sensor appliance. Different values may be used for performance optimization (#112620).
    • Bugfix: For some default scan configs the current value of “Mark unrechable Hosts as dead” in “Ping Host” was set to “No”, leading to significantly increased scan times. It has been set to “Yes” for all default scan configs (#91358).
    • Bugfix: Resuming a scan task on a GSM sensor appliance could lead to duplicate scan results (#113339).
    • Bugfix: Adjusted the SMB alert to provide better compatibility with non Microsoft Windows SMB shares (#110811, #2019040110000026).
    • Bugfix: Fixed a traceback that could occur for the TippingPoint SMS alert (#112681, #2019041610000098).
    • Bugfix: Deleting assets selected with “Apply to all filtered” was not working (#99285).
  • Vulnerability Scanning:
    • Improvement: Adjusted the redis ‘databases’ setting to improve high-load situations (#113216, #2019042410000037).

4.3.11 (2019-04-03):

  • Vulnerability Management:
    • Improvement: Added a command line setting to control the chunk size of the data that is transfered between master and sensor appliances (#111446).

4.3.10 (2019-04-02):

  • Greenbone OS:
    • Bugfix: Configuring a static IP address on non-namespace appliances could lead to a traceback (#111326).

4.3.9 (2019-03-26)

  • Greenbone OS:
    • Extension: Global gateways can now be assigned to a specific network interface via the GOS menu (#108189, #2018110810000047).
    • Extension: A script to manually verify the integrity of the USB Airgap APT feed has been added to GOS (#100162, #2018082910000041).
    • Improvement: Debug information for the scan namespace is now included in the GOS support package (#110536).
    • Bugfix: Setting a route for the scan namespace could sometimes fail, this has been fixed for all cases (#109811, #2019021510000076).
    • Bugfix: It was possible to assign the same IP address to different interfaces in the management namespace, leading to subsequent problems. IP addresses in the management namespace must be unique now (#095757).
    • Bugfix: In some cases the SSH service could fail when no IP was configured (#110806, #109821, #2019022710000026, #2019032110000026).
    • Bugfix: Search domains were not forwarded from the management namespace to the scan namespace. They are now shared between all namespaces (#109752, #2019022510000021).
    • Bugfix: The internal GOS configuration management now handles multi dimensional arrays correctly (#110597).
    • Minor bugfix: The GOS self check did not display the correct check in progress if this check involved a network timeout (#109819).
    • Minor bugfix: In some cases the GOS menu could warn about no network being available if an interface other than eth0/mgmt0 was configured for management (#104990).
    • Minor bugfix: The LDAP and Radius configuration files on appliances that do not support these features were incorrect (#109826).
  • Vulnerability Management:
    • Improvement: The TCP-SYN and TCP-ACK settings for “Alive Test” method have been updated (#110452).
    • Bugfix: GMP users were able to lock themselves out of their account via the modify_config command (#109746).
    • Minor bugfix: For email alerts, the lines preceding the first blank line were omitted on some email clients like Microsoft Outlook and The Bat! (#100158, #2018080210000019).
    • Minor bugfix: Improved the German translation of the web interface (#109751, #2019030710000071).
  • Vulnerability Scanning:
    • Improvement: The performance of handling large sets of hosts during the start of a scan has been improved (#110795, #110809).

4.3.8 (2019-02-25):

  • Greenbone OS:
    • Improvement: The scanner will now be started in the scan namespace only if at least one interface has been switched to the scan namespace (#0109576).
    • Bugfix: The second out of band management port on GSM 6500 could not be configured correctly (#0109623).

4.3.7 (2019-02-14):

  • Greenbone OS:
    • Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#108957, #109013, #109313).
    • Improvement: Added a selfcheck warning if Expert Mode networking is active. Expert Mode networking is deprecated in GOS 4.3 (#109147).
    • Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108963).
    • Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109097, #2019011410000016).
    • Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#109007).
    • Bugfix: The remote backup server configuration is now always migrated correctly during a switch release (#109303, #2019021310000034, #2019021310000043).
    • Bugfix: Fixed host key fingerprint checks during feed synchronisation to work with all supported ports (#108901, #2019021310000043, #2019021310000061, #2019021410000087).
    • Bugfix: The scanner was sometimes started in the wrong namespaces after specific configuration steps. The scanner is always started in the scan namespace now (#109318).
    • Bugfix: Due to a race condition, hostname resolution for scans could sometimes fail on appliances with network namespaces, this has been fixed (#099349).

4.3.6 (2019-02-02):

  • Greenbone OS:
    • Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108672).

4.3.5 (2019-02-01):

  • Vulnerability Management:
    • Extension: SMB alerts capabilities are extended, especially with regard to how the target filenames are determined. Among the changes, the default report filename changes and depending on how you configured this alert, the behaviour might change. In essence it could happen that the target filename is now “report.xml.xml” instead of just “report.xml”, which can be adjusted easily in the Alert configuration. Please contact the Greenbone Support if you are using SMB alerts and are unsure whether you might be affected by this change. A primary extension is that the SMB alert can consider special tagging of scan tasks to assemble the file path dynamically (FS-180110-4337, #79989, #79987, #105198, #2018041710000043, #2019010910000026, #79986).
    • Extension: The new alert type “Alemba vFire” (minimum vFire version 9.7) allows to transfer scan reports to the vFire ticket system (FS-180917-5139, #67013).
    • Extension: Overrides are now capable to consider IP ranges and the entry field size is increased from 80 to 200 characters (#103028, #2018040610000037).
    • Improvement: The UI and reports can now also inform about success or failure regarding SNMP credentials, analog to what is already imformed about SSH and SMB credentials (#108310).
    • Bugfix/Improvement: The alert method for the Sourcefire Defence Center, meanwhile known as FirePower Threat Defense, was fixed and improved (#2018051410000011, #99769).
    • Bugfixes: A couple of problems with the Windows Autocredential Installer were fixed. Among this were special characters in passwords and special behaviour of Windows Server 2008 R2 (#99466, #2018081410000041, #2018121310000017, #63874).
    • Bugfix: It was possible that a scan executed on a sensor hangs in “Requested” in case some types of SNMP credentials were configured for this scan (#103073, #2018091310000032).
    • Bugfix: In a few cases, URLs provided as a cross reference of a NVT were wrongly assembled in the UI (#102293).
    • Bugfix: Under certain conditions it was possible that the scanner falls back to its default settings (#107824).
    • Bugfix: The performance overview showed charts for unavailable components (#108079).
    • Bugfix: The robustness of the scanner against rare race conditions for the NVT cache management was improved. This is about observations where a scan stops on its own shortly after it was started (#104878).
      Minor bugfix: The Icon “Edit Filter” was missing a tooltip (#104990).
  • Vulnerability Scanning:
    • Bugfix: Credentials for SSH with ecdsa256 were causing an error when uploaded (#106266, #2018121410000015).
  • Greenbone OS:
    • Extension: The GOS administration allows to activate a limit of subsequent failed logins as GOS administration user. If the limit is reached, access via SSH is locked. To unlock it, it is necessary to login at the console and enter the administration menu for the SSH service. The selfcheck is extended to consider and inform about the status. Note that activating this feature means to add brute-force-login protection on the one hand, but also expose a denial of service attack vector on the other hand. The choice is subject to individual policy and security consideration. They mutually excluded each other, so you can not have both at the same time (FS-180823-3404, #105677).
    • Bugfix: For imported TLS certificates to be used for the web user interface, two problems were solved regarding longer certificate chains (with intermediate CA certificates) and regarding PKCS12 import (#93042, #107737, #2018092410000039).
    • Bugfix: In a few cases, restoring a userdata backup was causing problems (#102534).
    • Bugfix: For the USB backup, the GOS administration offers to format a USB stick in case it is not formatted properly yet. This formatting failed (#107301, #2019010710000075).
    • Bugfix: Some configurations of the Remote Syslog feature could cause the related service to fail (#106306, #2018112810000018).
    • Bugfix: Reintroduced the next version number when listing available GOS upgrades (#105589, #2018120410000016).
    • Improvement: Improved the GOS upgrade management of sensors via the GSM master appliance (#104452).
    • Improvement: Several internal improvements for MSSP setups (#105889, #103380, #105887).
    • Improvement: Added / updated support for SSH access with regard to supported algorithms/ciphers, for example curve25519 (#97126).
    • Improvement: The host key fingerprint checks during feed synchronisation have been configured to be stricter by default (#104258).
    • Improvement: The internal state management for the GOS configuration is improved to better handle roles affected by a configuration change (#106595).
    • Minor bugfix: When uploading a GSF access key but using no key file, now a proper error message is displayed instead of an internal error message (#108321).

4.3.4 (2018-12-03):

  • Vulnerability Management:
    • Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in an empty file (#104970).
    • Bugfix: In some special cases, deleting a user was causing an error message (#104883).
    • New: The Web Interface was extended with a Japanese translation (#104813).
    • Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied (#103819).
    • Minor Bugfix: Export Topology SVG file now names the source (the host from where scans are execute) “Greenbone” (#104882, #2018111610000013).
  • Greenbone OS:
    • Improvement: In GOS Administration Menu a range check was added for MTU (#101622, #102975).
    • Improvement: Configuration changes in GOS Administration Menu on a GSM 100 will now be processed faster (about half the time) (#102464).
    • Bugfix: Upon a VLAN configuration change in GOS Administration Menu, errors could occur and only after a reboot the changes came into efect (#104037, #2018110110000023).
    • Bugfix: The network interface was shutdown upon activating IPv6 DHCP (#101743).
    • Bugfix: Configuring a route for a VLAN caused an error (#100100, #201810241000001).
    • Minor Bugfix: In GOS Administration Menu, some minor improvements and minor fixes were done (#105071, #102469, #102973).

4.3.3 (2018-10-26):

  • Vulnerability Management:
    • Bugfix: Using quotation marks in filter triggered error in bulk action (#103032, #2018072710000037).
    • Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102295, #2018100510000063).
    • Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103072, #2018091310000032).
    • Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100315, #2018090310000024).
    • Minor bugfix: It was not possible to create tags for scanners (#100318, #2018090310000079).
    • Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102251, #2018100410000056).
    • Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102456, #2018100510000036).
  • Greenbone OS:
    • Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102831).
    • Bugfix: Configuring a VLAN interface without configuring the parent LAN interface caused an error (#103653, #2018102310000011).
    • Bugfix: Once a the network configuration ended up in an error, further configuration was not possible (#103654, #2018102310000011).
    • Minor bugfix: During upgrade a uneeded additional information dialog appeared (#103076).
    • Minor bugfix: During upgrade the GOS version was not always shown properly in the about-box (#103544).
    • Minor bugfix: Routes menu dialog was missing a title (#102654).
  • Vulnerability Scanning:
    • Improved consideration of UDP services (#103074, #2017090110000021).

4.3.2 (2018-10-15):

  • Vulnerability Management:
    • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones
      (#101365).
    • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102648, #2018101010000026).
    • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#98416).
    • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101657).
    • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers
      (#101654, #2018072710000037).
  • Greenbone OS:
    • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#102467, #2017112310000029).
    • Bugfix: Custom gateway configurations were not properky migrated from GOS 4.2 to GOS 4.3 (#102468).
      Improvement: GOS settings are now type-aware and also extended with range/content checking. Various settings outside sensible ranges are not rejected now (#59806, #95326, #95811, #101624).
    • Improvement: When using DHCP but some network trouble causes that no IP is provided by DHCP, GOS now tries to cope with the situation better. For example, it offers to retry or skip (#99467).
    • Bugfix: VLAN addresses were not poperly shown in GOS menu (#100099).
    • Minor bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102836).
    • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102828).
    • Minor bugfix: disallow reserved IPv6 addresses during IPv6 type check (#101279).
    • Minor improvements on boot/kernel, getting rid of useless warnings (#102010).

2017-09-30: Greenbone OS 4.2

Latest Patch Level: 4.2.30 (2019-07-31)

Lifecycle-Phase: End-of-Life 2019-07-31

  • Change: Slaves will become Scanners. This eases the use of scan sensors. Among others, the management of access rights for slaves is unified.
  • Approval of sensors now via GOS administration: Users can only configure sensors which got an overall approval by the administrator of the appliance.
  • Extended GOS Administration menu.

4.2.30 (2019-07-31):

  • Greenbone OS:
    • Set the release status to “retired” for all GSM types with GOS 4.2. An upgrade recommendation will be displayed in the GOS selfcheck (#118948).

4.2.29 (2019-06-19):

  • Greenbone OS:
    • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116441).

4.2.28 (2019-02-20):

  • Greenbone OS:
    • Bugfix: It was possible that a scan executed on a sensor hangs in „Requested“ in case some types of SNMP credentials were configured for this scan (#0103031, #2018091310000032).

4.2.27 (2019-02-14):

  • Greenbone OS:
    • Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#109009, #109314).
    • Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108960).
    • Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109095).
    • Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#108961).

4.2.26 (2019-02-02):

  • Greenbone OS:
    • Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108671).

4.2.25 (2019-02-01):

Greenbone OS:
Improvement: A red-dialog warning was added to the release upgrade to GOS 4.3 to explain that 4.3 introduces a mandatory distinction of the mangement interface and the scan interface. This distinction make it necessary for GSM 400 and above to physically attach a second network cable to the appliance. (#108615).

4.2.24 (2018-11-20):

  • Vulnerability Management:
    • Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in a empty file (#91951, #2018041710000043).
    • Bugfix: In some special cases, deleting a user was causing an error message (#103651, #2018081610000011).
    • Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied
      (#103818).
  • Greenbone OS:
    • Bugfix: In very special cases, upon configuration changes the boot menu showed multiple entries (#103822).
  • Vulnerability Scanning:
    • Bugfix: The scanner log showed error messages when using WMI to scan Windows systems. We have not observed impact on scan results though (#104645).

4.2.23 (2018-10-26):

  • Vulnerability Management:
    • Bugfix: Using quotation marks in filter triggered error in bulk action (#98690, #2018072710000037).
    • Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102296, #2018100510000063).
    • Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103070, #2018091310000032).
    • Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100314, #2018090310000024).
    • Minor bugfix: It was not possible to create tags for scanners (#100317, #2018090310000079).
    • Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102252, #2018100410000056).
    • Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102457, #2018100510000036).
  • Greenbone OS:
    • Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102832).
    • Minor bugfix: During upgrade a uneeded additional information dialog appeared (#102833).
  • Vulnerability Scanning:
    • Improved consideration of UDP services (80572, #2017090110000021).

4.2.22 (2018-10-15):

  • Vulnerability Management:
    • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones
      (#101817).
    • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102649, #2018101010000026).
    • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#101276).
    • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101658).
    • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers
      (#101653, #2018072710000037).
  • Greenbone OS:
    • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#83793, #2017112310000029).
    • Bugfix: Adding a custom IPv4 route caused a problem. Previously configured custom routes were not affected
      (#102289, #2018100510000054).
    • Minor Bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102837).
    • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102829).

4.2.21 (2018-10-04):

  • Greenbone OS:
    • Release switch to GOS 4.3 opened for GSM ONE. Please first upgrade to GOS 4.2.21 before switching to GOS 4.3 (#101440).
    • Maintenance update of base system. This especially includes a maintanance update of the database management system (#102250).
    • Minor bugfix: For hardware appliances, the boot-loader was updated only after first patch level update (#95566).

4.2.20 (2018-09-14):

  • Vulnerability Management:
    • Extensions: New option to add delta reports to alerts. The configuration of an alert is extended with the option to create a delta report first and then apply the actual alert method. This essentially means, not the report of the task is used for subsequent processing but rather the delta report (#95423, #22348, #45442, #2014121610000019, FS-180523-4304).
    • Improvement: The database cache was optimized for scan reports. This improves the performance for some scenarios with master-sensor setup and big scan reports (#88902, #2018030710000019).
    •  Bugfix: In rare situations it was possible that the database management system starts to become very busy and consumes all of the RAM. It is regarded a database bug because with GOS 4.3 (which includes a DBMS update) this is not reproducable. The bugfix solves the problem for GOS 4.2 for the lab test cases (#99585).
    • Bugfix: The scan configuration “System Discovery” was not reporting details on operating systems, now it does (#94398, #2018060710000031).
    • Bugfix: extreme large content of reports triggered a XSL transformation error when generating a report (#92618, #2018050810000022).
    • Bugfix: The operations “Apply to selection/filter” for creating a target from host assets were creating empty targets (#98482, #2018072710000037).
    • Bugfix: For tags the filter element “orphan” caused an error (#97694, #2018071810000045).
    • Minor bugfix: It was possible to delete a report format plugin although it is configured for a vernice.pro alert (#98054, #2018071910000034).
    • Minor Bugfix: Web-based creation of external scanners failed for some types (#95812).
  • Greenbone OS:
    • Minor bugfix: Invalid guest user account caused traceback message (#100916).
    • Minor bugfix: When uploading a non-certificate file when a certificate is expected, a traceback message occured (#95694).

4.2.19 (2018-08-24):

  • Vulnerability Scanning:
    • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem
      (#91015, #2018061410000036, #2018082210000035, #2018082010000011, #2018081710000036, #2018081710000018, #2018053110000023)

4.2.18 (2018-06-14):

  • Vulnerability Management:
    • Bugfix: The Web-UI service, if running for a longer time at a short refresh interval (30s) for special pages and possibly in multiple browsers tabs, could sum up to a low memory problem on the appliance which in turn might have caused other problems such as repsonsiveness and availability (#93126).
    • Bugfix: In the Web-UI in detached charts, the sorting was not copied over to the filter and thus the charts looked different
      compared to the embedded ones (#91416).
    • Bugfix: The asset IDs for host assets in the results were not correct and thus the links to the asset management pointed to the same asset for an entire report (#94285, #2018060510000044).
    • Bugfix: Adding user tags to SecInfo objects caused an internal error during saving (#91176, #2018041210000061).
    • Bugfix: IPv6 addresses were not accepted in the host entries in the edit user dialog (#92887, #2018042710000051).
    • Minor improvement: The target details were not abbreviating the target which could lead to very long entries if for example 1000 single IPs were imported. The Web-UI view is now abbreviating the content, the XML export of course still contains all data (#88918).
    • Minor Bugfix: In the PDF report summary section some special characters were not escaped properly (#92022).
    • Minor Bugfix: The GMP command get_reports, when applied for delta reports, did not work with empty filters (#88462).
    • Minor Bugfix: After uploading a LDAP certificate, the Web-UI redirected to task overview instead of remaining on LDAP configuration page (#88900).
    • Minor Bugfix: Improvements to the german online help of the Web-UI (#88411).
  • Greenbone OS:
    • Extension: The support package is extended with more system status information about the GSM to allow for a better analysis. The technical specification of the Greenbone Support Package (GSP) was updated accordingly to the status of 2018-06-04, see here for GSP specification
      (#88046, #93047, #93051).
    • Extension: New option to configure a web proxy for each connected scan sensor. This allows a master GSM to control its sensors through a http proxy instead of a direct connection (#93128, FS-180530-4837)
    • Extension: When accessing the Web-UI via a reverse proxy which defines a high number of keep-alive requests, this could exceed the default maximum number of concurrent connections of the Web-UI and thus lead to HTTP error code 503. To cope with such a situation where the proxy can not be re-configured, the GSM now allows to change the per-ip connection limit via internal GOS setting ‘per_ip_connection_imit’ (#84890, #2017122210000029).
    • Bugfix: When downloading a support package from the GSM, and in case more than one interface was configured, the information dialogs showed the wrong URL for the download (wrong IP address) (#90788, #2018040610000019).
    • Bugfix: The interface configuration naming for GSM 5300/6400 was for some cases inconsistently enumerated (#91287, #2018041110000045).
    • Minor Extension: Sudden power outage could lead to orphaned temporary database tables. This has no negative effect, but it will cause log messages until the orphaned tables are removed. An advanced opportunity was added to allow the removal of the orphaned tables in coordination with the Greenbone Support team (#88047).
    • Minor improvement: Moving NVT files inside the feed caused warning messages in the log. Since this is actually a normal thing to happen, it will not show up anymore as a warning (#89502).

4.2.17 (2018-05-12):

  • Vulnerability Management:
    • Bugfix: In case of comprehensive use of permissions and overrides the “Add Override” function triggered a significant amount of cache operations which slows down the system. This is avoided/optimized now (#92616, #2018050710000024).
  •  Greenbone OS:
    • Bugfix: Upgrading sensors via master automatically can be faulty with 4.2.16 (new brainpool signing key). This fixes the problem for automatic update and also the manual update trigger (#92722).
    • Extension: The magic SysRq keys are now active for the unlikely event of a system panic situation. This can help for example to shut down the system cleanly and protect filesystem integrity   (#91726).
    • Extension: In case of filesystem damages (for example due to a sudden power outage) the filesystem repair system at boot time will now propose to reboot always after repairs happened. We highly recommend to not cancel the recommended procedure of the system (#91005).

4.2.16 (2018-05-03):

  • Greenbone OS:
    • Bugfix: Expirey of signature key: The new brainpool key so far was only activated for NVTs, but not yet for GOS updates and new flash images. The old key expires on May 15th 2018. You must update to 4.2.16 prior to this date. Once beyond this date, GOS updates will not be possible anymore until a manual import of the new key is done (#92019, #92273, #92274, #92336, #76935).
    • Extension: Next to the already available http upload option, it is now optionally possible to paste a new signing key via clipboard into a text entry (#92409).

4.2.15 (2018-04-13):

  • Vulnerability Management:
    • Bugfix: Combining alerts with severity-based conditions could set a task connected with such an alert to Internal Error (#91095)
    • Improved dialog for new password (#89444, #2018031510000031)

4.2.14 (2018-04-10):

  • Vulnerability Management:
    • Extension: Search functionality for LDAP-based authentication by extending to use not only the DN, but also the uid attribute in the LDAP schema, and performing an LDAP search to get the DN (#57286, #75012, FS 171117-0939-UID-attribute-for-LDAP-Login).
    • Extension: A new alert method was added to send scan reports to a Tipping Point SMS (#82703, FS-171117-0551-alert-for-tipping-point).
    • Improvement: The response time for opening the details dialog for a single scan result was significantly shortened. We measured factors of up-to 100 times faster response (#86913).
    • Improvement: Extended coverage of chinese translation of Web UI (#86876).
    • Bugfix: Auto-generated credentials of type ssh-key were not working properly when scanning via sensors (#89728, #2018030810000026).
    • Bugfix: Under certain conditions it was possible that starting a scan while the feed update is running led to a task hanging in status “Requested” (#83713, #88787, #2018030610000021).
    • Bugfix: On some GSM models importing of Scan Reports could fail and raise an Internal Error dialog (#86914).
    • Bugfix for SMB alert: The placeholder “%F” is now replaced by the chosen filetype (#85434, #2018010810000021).
    • Bugfix: When deleting a user who distributed permissions, there was no warning and no option to let objects be inherited. The objects were simply deleted and not available anymore or the other users (#88321).
    • Minor bugfix: In certain situation with distributed read permissions, clicking on the hosts for a report resulted in an empty page instead of a permission denial message (#55350).
    • Minor bugfix: For schedules, the calendar editor did not allowto shift months backwards (#86730, #2018012910000017).
    • Minor bugfix: When leaving one of the password entry fields empty in the dialog “My Settings”, an internal error was raised. Now a helpful message explains the input error (#86736).
    • Minor bugfix: The report format “LaTeX” was missing some newlines around “rowcolor” (#86785).
    • Minor bugfix: For plain new databases, re-order the sequence of creating database functions to avoid undefined situations. This bug had no effect for any regular shipped GSM, thus minor  (#88876).
  • Greenbone OS:
    • Extension: Custom routing can now be configured explicitly via GOS menu for non-virtual GSM models. The new menu “Routes” under “Setup”/”Network” allows the configuration of IPv4 and IPv6 routes. The configuration is not per interface, rather the system will automatically pick the best route if any interface can reach the target network. There is also a warning about trying to configure a route to unreachable network. Some advanced routing still has to be done via Expert Mode, but the most common cases can now be configured via menu. Expert Mode and new Routes configuration cannot be applied concurrently (#89505).
    • Minor extension: The support package now also collect log information about user data import and system data import (#84847).
    • Bugfix: The configuration of VLANs in combination with DHCP was not consistent in all cases (#85213).
    • Bugfix: The configuration of DNS via menu after activating Network Expert Mode did not become active (#86503).
    • Minor improvement: In some migration scenarios a headless setup is desirable and this improvement makes a headless setup more flexible (#82206, #81119).
    • Minor bugfix: A non-relevant log message (“assertion” warning) when accessing a task was fixed. It occured only under certain conditions (#71011).
    • Minor bugfix: Removed a misleading entry from the internal boot menu (#86379).
    • Minor bugfix: Fixed a typo in the menu (#88911).
  • Vulnerability Scanning:
    • Extension: Introduce a “wait between requests/probe” option for scanning. Scanning “critical infrastructures” components have shown the need for waiting time between network probes. Such devices can have a quite fragile TCP/IP stack and can’t handle parallel and/or multiple subsequent network requests. Outages of the network communication with other connected devices can be the result. This change does not affect any defaults. It is an additional option for the Scan Config and a new Scan Config should be created when desired to apply this setting. However, note that acivating this naturally makes the scan take longer (#86582, FS-180125-3444-wait-between-probes-in-scanner).
    • Extension: The internal scan scheduler was extended with the ability to consider regular expressions for pre-conditions to launch NVTs. This enables the GSF development team to make NVTs smarter. It is planned to apply this feature in the feed very soon and improve performance for some scan scenarios, mainly authenticated scans of Linux systems will benefit (#88402, FS-180111-2416-NASL_mandatory_keys_with_re).
    • Bugfix: It was possible that some NVTs were launched for situations where they did not match the situation (presumed open ports). The fix has a slight positive effect for the scan performance (#89733).
    • Bugfix: In some situations many unneeded internal signature verifications were executed and could slow down scanning. This is a regression that was introduced in 4.2.13 (#89294).

4.2.13 (2018-03-14):

  • Scanner:
    • Bugfix: Randomly some NVTs were not accepted during feed update or during startup at the first attempt. In many cases the Scanner was able to overcome the situation on its own, but in a few cases the problem becomes severe. This bugfix resolves the problem at its root (#88860).
    • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88187).

4.2.12 (2018-03-03):

  • Greenbone OS:
    • Bugfix: The comprehensive changes of 4.2.11 introduced a bug for the feed update for updated NVTs leading to invalid hash sums. (#88630).

4.2.11 (2018-03-01):

  • Greenbone OS:
    • Performance: The duration of starting up the scanner and the duration for updating the NVT feed was accelerated significantly. We measured up-to a factor of 30. This  comprehensive change became necessary for the migration of the GSM 500/510/550 models to GOS 4.2. All other models were able to cope with the demands of the modern GOS 4.2 before, but will benefit from this acceleration. (#86323).
    • Feature: The menu for log view was added for the models GSM 25, GSM 25V and GSM ONE. (#83489, #2017112410000018, FS-171220-0411-logging-menu).
    • Robustness: In case the scanner runs into a severe problem that prevents to continue his job for whatever reason, the scanner is restarted after one minute. (#86734).

4.2.10 (20108-01-19):

  • Vulnerability Management:
    • Updated GSR HTML: The new version 0.4 adds the new section “TLS certificates”, sort indicators in table header, expand/collapse for all details of a table and total/average summary to some of the tables. Apart from some further smaller improvements, the resulting size of a report file is reduced. The level of reduction depends very much on the  actual content. The best value we measured was a reduction by 70% (#84502, #75109, #2017063010000043).
    • Change in power filter for performance improvement and consistency: The power filter will now search only for text columns for terms that do not refer to a specific column. This means that filters with a plain generic keyword that could be interpreted as a number (for example “6.4” or “212.10”) can produce less results (actually being more adequate). If for example explicitely a severity of 6.4 should be filterd, use “severity=6.4” (#82377, FS-171129-1004).
    • Extension: The Web-UI offers an updated German translation and and also a new and complete Arabic translation. (#81116).
    • Improved GSR PDF: In special situations, inconsistent fonts were applied for results. Also long CPE names are better treated in the section “Top 10 Applications”  (#83830, #2017120510000016, #82546, #2017111010000026).
    • Improvement for Web-UI consistency: The refresh drop down menu is no longer displayed on pages where it was non-interactive before (#80470).
    • Extension: The details dialog for a CERT-Bund advisory now displays the advisory version if available. (#83965).
    • Bugfix: The feedback button for Greenbone Support in the details dialog for results was missing and is now re-added (#84564).
    • Bugfix: When creating a Credential, for special types this caused an error and the credential was not created (#84509).
    • Bugfix: In case a schedule was configured in a special way, it caused an internal error and schedules for tasks were reset (#84889, #2017122210000011).
    • Minor bugfix: Typo in task wizard dialog. (#80048)
  • Greenbone OS:
    • Security bugfix: Although Greenbone OS did not expose an attack vector for Meltdown, the respective kernel updates are now adopted. These kernel changes affect performance in general. Our tests have shown little, but in some cases with high I/O a performance reduction of a few percent. We found no scenario with severe impact but we ask our customers to report about them to our support team in case it happens. We apologize for the Meltdown impacts, but we share this problem with virtually any other vendor (#85433, #85701).
    • Improved robustness of setup wizard regarding upload of a subscription key: It becomes easier to retry again after uploading wrong files or in other way invalid keys (#81615).
    • Extension: It is now optionally possible to activate encryption for the SysLog configuration (#65388, #2016121610000015).
    • Bugfix: For certain values for the VLAN configuration it was possible that an internal error occurred (#84334).
    • Bugfix: The log view for scanner modules stopped working after a log rotation (#85432, #2018010510000053).
    • Minor bugfix: Window title for VLAN configuration (#84335).
  • Vulnerability Scanning:
    • Bugfix: With each feed update the scanner consumed more memory due to a memory leak. Over time this resulted in performance reduction and subsequent effects. A reboot of the system solved the problem for a while. The memory leak is now resolved (#85977, #85073).
    • Change: The scanner preference “log_whole_attack” is not available anymore in Scan Configurations. This is actually a debugging feature and (unintended) massive use can cause unwanted side-effects. The debug feature can now be activated via GOS CLI and GOS will warn about the use during selfchecks (#83199, #83171, #2017111710000031).
    • Minor bugfix: A bug in the internal programming language for NVTs was fixed (#84584).

4.2.9 (2017-12-19):

  • Web Interface and GMP:
    • Bugfix: In rare cases, the Web Interface and GMP is not available after migrating from GOS 3.1. It is possible to re-enable manually, but this fix automates it (#84586, #2017111510000026).

4.2.8 (2017-12-15)

  • Web Interface and GMP:
    • Performance improvement: For large numbers of hosts and OSs the asset management queries are faster now (#82376).
    • Bugfix: In case a task has a special character in the title, results queries were not possible for that task (#83717, #82474, #2017112710000076).
    • Extension: For the alert type “EMail” the title now allows a length of 160 instead of 80 characters. The text template by default has now a maximum length of 2048 instead of 1024 characters (#83170, #2017102510000018).
  • Web Interface:
    • Bugfix: When editing a task, it was possible that not all changes were applied when closing the dialog (#83827, #2017111410000073).
  • Scanner:
    • Bugfix: With intensive scans, it happened that over time the scanner consumed too much memory and required a re-start (#83892).

4.2.7 (2017-12-04)

  • Web Interface and GMP:
    • Bugfix: The total number for results was including the error messages. These are not anymore included (#83476, #2017112310000056).
    • Migration of Report Format Plugins: During the migration from GOS 3.1 to GOS 4.2 all Report Format Plugins will be deactivated unless they belong to the system standard. Please consider the notes about the migration prior to reactivating an old Report Format Plugin (#75449).
    • Bugfix: It was possible that the progress bar for scans showed negative percentage values. This happened when special settings were made at GOS level and then revoked (#80284).
    • Bugfix: Under certain conditions it was possible that resetting the powerfilter in the classic Asset Management caused an error (#80291).
    • Bugfix: For the section Ports of the report browser the filter settings for overrides and QoD were not taken into account (#81947).
    • Bugfix: It was possible under certain conditions that applying an erroneous powerfilter caused a Internal Error message (#78351, #2017082910000033).
    • Bugfix: The auto-generated credential installation packages for Windows 10 were not functional (#81894, #2017101810000013).
    • Minor improvement: When using non-existent UUIDs for Reports via GMP a misleading error message was returned (#82301).
    • Minor improvement: In case a sensor is not available during a performance request, the error message is now more adequate (#78870).
    • Bugfix: GSR did not work when some specific content elements occurred in the scan results (#82601, #80179, #2017111310000057).
    • Improvement: The GMP service can handle very fast access better now (#66155).
    • Bugfix: Combining the filter element “sort-reversed” with delta reports did not work (#80472).
    • Bugfix: In very rare cases and in combination with special scan results, database problems were possible (#82215, #2017110110000016).
  • Web Interface:
    • Bugfix: Under certain conditions the assignment of users to groups was denied although it should have been possible (#76830, #2017072810000046).
    • Bugfix: A certain click sequence could lead to a wrongly set powerfilter element “rows” of “-1” (#80192).
    • Improvement: The advanced task wizards will not change the refresh interval anymore (#65521, #2016122110000014).
    • Improvement: Some language localization translations were improved for German (#80990, #2017101310000013).
  • GOS-Admin:
    • Improvements of the migration of user data from GOS 3.1 to GOS 4.2 (#83008, #80131, #82543).
    • Bugfix: Under certain conditions the master-sensor configuration caused problems in case at least one sensor was configured for port 9390 (#81607, #2017102310000058).
    • Improvement: The management of log data stored these for a too long time (#83234).
    • Improvement: In case of severe system errors a so-called failsafe mode could be entered which boots a minimal system for analysis and repair purpose (#81798).
    • Improvement: The self check of GOS-Admin-Menu now also checks for RAID errors (GSM 5300/6400) (#82208).
    • Minor Bugfix: Some unneeded error messages appears in the log about “gsad” (#80050).
    • Minor Bugfix: Error messages when starting the LCD module (#81298).
  • Scanner:
    • Bugfix: Under certain conditions it was possible that a authenticated scan via ssh did not stop on the target system although the actual scan was stopped (#38015, #82704, #2017111410000019).
    • Improvement: Various log messages of the scanner were improved for better problem analysis (#73002)

4.2.6 (2017-11-03)

  • Web Interface and GMP:
    • Bugfix: Tags permitted to be viewed by other users were not visible. This included even the superadmin (#80132, #2017092810000033).
    • Bugfix for GSR/GXR: Severity counts in the PDF report for hosts were not matching in some cases (#80951, #2017101110000017, #80466, #2017100410000085).
    • Bugfix for GSR HTML: The HTML showed blank pages when viewing with web browser IE (#79585).
    • Improvement for import of scan reports: The import now runs in the background and does not block the database anymore (#80988).
    • Improvement: The performance of the table Scans->Results was increased (#80124, #80115).
    • Minor bugfix for GSR: In rare cases some vulnerability results were using the wrong font in the PDF and displaying all special characters correctly (#65007, #2016120810000012, #67100, #2017020110000015).
  • Web Interface:
    • Bugfix: For Chrome browsers, check boxes for bulk action mode were not visible (#81301, #2017101710000033).
    • Bugfix: For IE browsers some buttons did not work with e left-click (#80418, #2017100410000067).
  • GOS-Admin:
    • Changed behavior of Schedules: In case a GSM is started after it was switched off some time, only those schedules are executed that were missed in the last hour. Any schedule missed more than one hour ago will not be executed. Prior to Version 4.2.6 any missed scheduled scan was started at boot time, those with a period of course only once (#81839).
    • New menu to show HTTPS certificate and fingerprint: The menu item “Fingerprints” and “Show” were added to GOS menu Setup/Services/HTTPS (#78214).
    • Bugfix for sysLog: Using some special characters in the syslog configuration caused the syslog service to fail (#81163).
    • Internal extensions for controlling scheduling behavior for maintenance works (#81801).
    • Internal extensions for controlling request/query cancellation for performance adaption. (#70226, #81895).
    • Internal extension for controlling memory consumption to avoid use of swap memory (#81837).
    • Bugfix: In case of a sudden power-off, some self-reconstructions are running to cope with potential file system damages. Under certain conditions, this lead to an error message when logging in, because the logging system was used before it was repaired (#81208, #2017101610000062).
    • Bugfix: In case of a sudden shutdown of the database, the GMP service will not stop being available (#80566, #2017100610000027).
    • Improvements of the Support package (#73641, #81306, #81307, #81308).
    • Improvement: For GSM models 5300/6400 the LCD now displays the RAID sync status (#80051).
    • Minor internal improvement to avoid misleading log messages about “redis” (#76132).
    • Minor improvements: Various wordings in GOS-Admin-Menu improved and some inconsistencies resolved (#80052, #78620, #79216, #80185, #79521, #80114, #80414, #80570).
    • Internal improvements (new signing keys, EFI, kernel) (#73818, #78139, #80112, #81117, #72047, #81003, #73487).
  • Scanner:
    • Performance improvement: For some scan scenarios (few NVTs, many hosts, reverse lookup), the scans now are significantly faster (#77776).
    • Improvements for authentication part of scanning Windows systems (#78621, #81111, #201709051000003).
    • Bugfix: In case of special temporary internal resource problems, the scanner will recover on its own (#78711).
    • Performance adaption for GSM models 400, 500, 510 and 550 to better handle high scan load situations (#81614).

2015-01-26: Greenbone OS 3.1

Latest patch level: 3.1.48 (2018-09-05)

Lifecycle-Phase: End-of-Life 2019-07-31

The items marked with (*) will change the default behaviour.

  • New: Dynamic charts “bar-chart”, “donut” “lines” and “bubbles” for SecInfo Management of the web interface. For each object types, two chart types can be selected. Each chart can be detached into a window of its own, the underlying data can be exported in CSV format or opened as HTML table, the SVG representation can be opened in the browser or be exported.
  • New: Dashboard overview for SecInfo Management of the web interface. It consists of 4 charts which can each be individually selected by type and combined with a powerfilter. The configuration is persistent for each user.
  • New: Dynamic diagrams for tasks analog to SecInfo Management.
  • New section “Results” under menu “Scan Management”. This section offers a object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
  • New: SecInfo object type “CERT-Bund” which are the advisories published by the German federal CERT.
  • New: Attribute “Solution Type” for NVTs and results.
  • New: Bulk actions for example to remove or download many objects within a single action.
  • New: Configuration type “Scanner” allows to configure additional scanners of type OpenVAS (the default and pre-configured one) or OSP-based scanners. OSP stands for OpenVAS Scanner Protocol which can be used to wrap up arbitrary scanners with a generic interface to be handled generically for the vulnerability management. The task management is extended with scanner-type dependent  alternatives. These features prepare the integration of OSP scanners. Any default settings and behaviour remains like in the previous Greenbone OS release. OSP is entirely optional.
  • New: Option for anonymous guest access. Apart from the new role “Guest” which is similar to role “Info” allowing access only to the SecInfo section, there is now the opportunity in gos-admin-menu to enable access for guests. This makes it also possible to use static URLs to link into certain views in the SecInfo section.
  • New: Role “Monitor” that allows access to the performance data of the GSM.
  • New: Role “Super Admin” that allows access to all objects of all users.
  • New: Permissions “Super” that for example allows to create Group Administrators.
  • New: The filenames for Downloads can now be configured via “My Settings”.
  • New: Wizard for modifying a task.
  • GXR/GSR: These report format plugins were re-worked. Especially GSR was changed to have less pages for the same content and to get created faster.
  • Tasks: The dialog for setting permissions is re-worked.
  • Timezones: The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
  • (*) Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up to GOS 3.0, a second session always invalidated the previous one regardless of which browser is used.
  • For any web interface page, the duration of the backend operation will be shown at the bottom.
  • (*) Credentials: The public key of SSH credentials is not required anymore because it is extracted from the private key.
  • Credentials/Targets: Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
  • New: Statistics module at OMP level represented by the command “GET_AGGREGATES” which is also the foundation for charts.
  • (*) When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With GOS 3.0 the scanner immediately stopped activity and did not return so far collected host details. With GOS 3.1 this is now transferred to the database.
  • New internal inter-process communication of scanner.
  • Memory consumption of scanners reduced by 50%.
  • (*) Dropped support for pausing of tasks (OMP).
  • (*) Dropped support of outdated “openvasrc” Format (OMP).
Patch-Level GOS 3.1:
  • 3.1.48 (2018-09-05):
    • Vulnerability Scanning:
      • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#100238, #2018082010000021)
  • 3.1.47 (2018-03-13):
    • Greenbone OS:
      • Improvement for Migration to GOS 4 to allow a headless reboot (#88557).
      • Add public part of new upcoming Brainpool ECC feed signing key (#78138).
    • Scanner:
      • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88919).
      • Improvement: Prepare for handling upcoming Brainpool ECC feed signing key (#77601).
  • 3.1.46 (2018-01-06):
    • GOS-Admin:
      • Bugfix: Download of GOS 4.2 image now always correct for GSM 5300 model (#85212).
      • Improvement: Last preparations for migration of models GSM 500/510/550  (#84855).
      • 3.1.45 (2017-12-29):
        • Web Interface:
          • Bugfix: It was not possible to create schedules that start in the year 2018 (#85036, #2017122810000018).
  • 3.1.44 (2017-12-15):
    • GOS-Admin:
      • Improvement for migration of GSM 25 and 100 to GOS 4.2: Depending the status of BIOS/EFI/Firmware it could happen that a manual step is required. This improvement handle some of the cases. (#83790, #83964).
      • Improvement of migration from GOS 3.1 to GOS 4.2 of Midrange and Enterprise models (#83894, #83788, #80288).
  • 3.1.43 (2017-11-30):
    • GOS-Admin:
      • Improvement: During the upgrade from GOS 3.1 to 4.2 for GSM 25 and GSM 100, the system now boots automatically into the GSM installation system after the Flash update. This removes a manual step (#80049).
      • Extension: For the upcoming release of the migration of GSM 25 to GOS 4.2, the automatic transfer of the system configuration was added (#81118).
      • 3.1.42 (2017-11-17):
        • GOS-Admin:
          • Activation of upgrade menu for GOS 4 in GOS-Admin-Menu. An actual upgrade is only possible once the flash image for the respective GSM model becomes  available on the Greenbone Feed Server. The first one will be GSM 100 on November 20th. The availability of each model will be announced via the Greenbone Newsletter (#80049).
      • 3.1.41 (2017-09-05):
        • Web-Interface and OMP:
          • Bugfix: For scheduled tasks it sometimes happened that they were not executed according to their configured schedule or were executed too often (#77726, #2017062610000015, #78080, #2017071810000038).
        • Scanner:
          • Change of the scan method for authenticated scans of Windows systems: A replaced protocol layer now allows to scan Windows systems configured with any combination of SMBv1 and  SMBv2. Furthermore, there are no more situations where the scanner needs to use a volatile agent to access the registry service (#61498, #77109).
      • 3.1.40 (2017-08-05):
        • Web-Interface and OMP:
          • Workaround: When extensively using a combination of permissions and overrides the editing or deleting of overrides can lead to longer cache update. Multiple actions can sum the duration up. The new personal setting “Auto Cache Rebuild” allows to disable the automatic cache temporarily in order to apply multiple changes quickly (#76403, #2017071810000038).
      • 3.1.39 (2017-07-03):
        • Web-Interface and OMP:
          • Bugfix for editing a target object which has many host entries or which has syntax errors. This also removes the limitation of 2000 characters for the dialog of the web interface (#73059, #64285, #2017051910000049, #2016110210000061).
          • Improvement for slave passwords: Some special characters are now allowed (#72910, #2017050810000079).
          • BugFix for Super-Admin: This user was missing write access to notes and overrides of other users (#65028).
          • Bugfix: Under certain conditions it happened that during a feed update it was not possible to stop a scan task (#63837, #2016101710000044).
          • Performance improvement: For the combination of notes/overrides and task permissions the creation and the editing was accelerated in the backend (#73961).
          • Bugfix: When starting scans concurrently, it could have happened that some scans were blocked (#74876, #2017061910000047).
        • GOS-Admin:
          • Further preparations for the upgrade from GOS 3.1 to GOS 4 (#74401, #73429).
        • Scanner:
          • Performance improvement: Especially for large scans and for many HTTP pages sometimes latency effects happened. Due to some optimizations, such scans should be faster by about 3% and consume 20% less of CPU time. Also latency effects are considerably reduced (#71135).
      • 3.1.38 (2017-06-20):
        • Web-Interface and OMP:
          • Security Bugfix: It was possible for an authenticated  GSM user to delete the network interface setting of tasks of the other users. The models GSM ONE and 25V were not affected (#74682).
          • Performance improvement: For the combination of overrides and task permissions the caching for the tasks/results overview was optimized. Instead of updating the cache only upon need, it is now created after each scan report completed and after a override is created/updated. This accelerates the first login after changes happened to reports or overrides. This problem occurred only for users accounts not being the owner of the scan data (#73961, #72048, #68483, #2017042710000044).
          • Bugfix: For credentials used for authenticated scans of Windows systems, it was not possible to use the Euro symbol (#47080, #2015022010000055).
          • Bugfix: When importing a HTML report into MS Word, it could come to font problems (#67606).
          • Bugfix: Schedule were executed multiple times when they fall into daylight saving change (#70613, #2017040510000022, ##2017040310000017, #2017041010000058, #2017041210000018,#2017041310000061).
          • Bugfix: Under certain conditions when editing a powerfilter, an error message regarding “saver_filter_omp” could occur (#70093, #2017032910000024).
          • Change for the report auto-delete settings for tasks: The allowed minimum was reduced from 5 to 2 (#66470, #2017012310000011).
        • GOS-Admin:
          • Further preparations for the upgrade from GOS 3.1 to GOS 4 (#67409, #66266, #65983, #66348, #65984, #66267, #66268, #73642).
        • Scanner:
          • Bugfix: In some cases a scan test did exceed the configured timeout and was running for up-to 60 minutes (#67838).
          • Minor bugfix: In very rare cases an internal error occured for a scan (“invalid next size”) (#48814).
      • 3.1.37 (2017-02-21):
        • Web-Interface and OMP:
          • Performance improvement for the combination of many overrides and role based permissions (#67958).
          • Performance improvement for large number of LDAP-authenticated users (#67318).
          • Improvement: Documentation, logging und functionality for alert type “SCP” (#64696).
          • Bugfix: The selection of the Report Format Plugins for a “SCP” alert is now considered correctly (#64862, #2016112410000065).
          • Bugfix: Schedules with a period over 1 month were exexuted monthly (#65010, #2016120810000021).
          • Bugfix: A schedule with monthly period was removed from a task in case no duration was specified (#64362, #2016100610000065).
          • Improvement: The Report Format Plugin “CSV” now protects quotes in strings (#64678).
          • Minor bugfix: In very rare cases the internal timestamp about the feed status was not correctly processed (#66146).
        • GOS-Admin:
          • Improvement: It is now possible too update sensor certificates via the master. This is now part of “Reset all sensor certificates” (#51245, #51242, #2015072710000015).
          • Minor bugfix for rare cases during migration to GOS 4 (#67094).
        • Scanner:
          • Improvement: Detection of special host names in TLS certificates (#64997).
      • 3.1.36 (2016-12-23)
        • Web-Interface and OMP
          • Extension: New verince tag “gsm_system_Windows_Embedded” (#63875, #2016102010000074).
          • Improvement: The stopping of scans is enforced more strictly now. In favor of a faster cancellation, scan jobs now have less time to finish their current activity. These will be resumed in case the scan task is advised to do so later (#63832, #63830).
        • GOS-Admin
          • Bugfix for GSM 5300/6400: For a system backup the message were no adequate (#60020).
          • Improvement: For the USB airgap feature the messages on the LCD display are now more suitable (#64635).
          • Minor bugfix: The internal log rotation for scanner logs was changed so that this is also done when feed updates happen (#60130).
          • Internal preparations for a migration to GOS 4 (#64848).
        • Scanner
          • Extension: Support of TLS-SNI (#61661, #64588. #2016080410000019).
      • 3.1.35 (2016-10-27):
        • Web-Interface and OMP:
          • Performance improvements: The results view for large datasets was accelerated including the creation of notes and overrides. Also the host view is displayed faster now (#63767, #62927).
          • Increased the limit for results of the default email filter from 1000 to 2000. With GOS 4 this limit is dropped (#62290, #2016070510000019).
          • Bugfix: Verinice GSM Tags were corrected for various Windows versions (#63044, #2016092610000021).
          • Bugfix: Some minor bugs in the auto-generated credentials for Windows were fixed (#59700, #2016053110000018).
          • Bugfix: Error message will not appear anymore additionally in the results but rather only in the section “Error Messages” (#62937).
          • Minor BugFix: NVTs are now allowed to use the character “&” in their name (#63643).
          • Minor improvement GSR: Formatting of scan results can now better handle some more special cases (#57213, #2016022610000024).
          • Minor improvement: Scan-Config parameters “unscanned_closed” and “unscanned_closed_udp” now use the same input type in the dialog (#62929).
        • Web-Interface:
          • Bugfix: Some links issued inconsistent filter settings for charts and tables. Now the QoD is consistently used in charts and tables (#63340).
          • BugFix: The variable SCANNER_NVT_TIMEOUT is now properly substituted by its value in the GUI (#62931).
          • Minor Bugfix: A display error in the results view due to a line break was fixed (#62273, #2016082910000044).
          • Minor improvement of the online help about the “SCP” alert (#62274, #2015031210000014).
        • GOS-Admin:
          • Extension: The fingerprints of SSL certificates can now be shown in the GOS-Menu. This makes it easier to verify them (#53378).
          • Bugfix: After creating a userdata backup, temporary data are now deleted immediately (#57904).
          • Minor Bugfix: Wrong error messages about rsyncd in the logs are do not occur anymore (#62374).
        • Scanner:
          • Improved detection of “rsnyc” services (#63766).
          • Bugfix: In case of a circular dependency between NVTs, the scanner will not hang anymore and will also issue a detailed log message (#62797).
  • 3.1.34 (2016-09-21):
    • Web-Interface and OMP:
      • Updated GXR/GSR: Charts that were empty due to scan results or filtering are not included anymore. Also the OID were shortened for better readability. A formatting error for hostnames with underscores was fixed (#61602, #62598, #2016091310000045).
      • Improvement: When starting a scan, any NVT for settings was activated regardless of whether the settings are required in the respective context or not. This generic automatic activation was now disabled. Of course when attaching a SSH credetial, all necessary settings will be taken care of in the background. This now disabled feature was a transitional convenience for users of GOS 2. For large scans with small scan configurations you might notice a performance improvement (#62267).
      • BugFix: GSM Tag for Windows Server 2012 is now correctly set in the Verinice ISM Report Format Plugin (#60486, #2016062810000059).
      • BugFix: In the task overview of the scanner details page some obects were shown where actually permission is denied and thus clicking on the links led to a permission error. Those links are not shown anymore (#57759).
    • Web-Interface:
      • Bugfix: Under certain conditions the pre-configured sorting of reports was not by date (#62509).
      • Minor english typo fixed (#62509).
    • Scanner:
      • Extension: The scanner offers more ways to the NVTs about analysing TLS certificates (#62139).
      • Bugfix: Under very rare and very special circumstances the scanner had trouble during the execution of a NVT and cancelled the execution of this NVT (#62465).
  • 3.1.33 (2016-09-02):
    • Scanner:
      • Bugfix: An issue which caused scans to hang or abort prematurely under certain circumstances has been addressed (#62049).
      • Bugfix: An issue which caused error messages to contain references to incorrect hosts has been addressed (#62268).
      • Bugfix: An issue which caused slave tasks to remain in the ‘Requested’ state when master and slave were using different host limits under certain circumstances has been addressed (#54755).
      • Bugfix: An issue which caused vulnerability tests to abort prematurely under certain circumstances has been addressed (#60387).
    • Web-Interface and OMP:
      • Bugfix: An issue which caused an incorrect error message to be displayed when editing a task under certain circumstances has been addressed (#60442).
      • Bugfix: An issue which caused the ‘Alive Check’ property of a target to be ignored when cloning the target has been addressed (#60634, #2016070410000021).
      • Improvement: The filter used for Auto-Alerts has been modified to sort by severity to avoid misrepresenting the maximum severity when used with a large number of results (#60712, #2016070510000019).
      • Improvement: The limit for the field ‘Target Host’ in the Advanced Task Wizard has been increased (#56513, #2016012810000013).
      • Improvement: An issue with the help message for the ‘New Credential’ function has been addressed (#56663, #2016020410000021).
      • Improvement: The ‘Anonymous XML’ report format now strips even more items which could contain sensitive information from the report (#56793, #2016021010000027).
    • GOS-Admin:
      • Improvement: Support for using the RSA algorithm for authentication in Master-Sensor setups has been added (#62059).
  • 3.1.32 (2016-08-13):
    • GOS-Admin:
      • Critical Bugfix: Unfortunately version 3.1.31 has a critical problem for the sensor management. Sensors at version 3.1.31 can not be updated anymore by their master, neither NVT Feed updates nor GOS version updates.

If you upgraded from version 3.1.30 or prior to version 3.1.32, then there are no problems. But once a Master was updated to 3.1.31, the problem exists for all its sensors that were automatically updated to 3.1.31.

In case you are affected by this problem, it is unfortunately mandatory to apply a manual change on the sensors. The Greenbone Support has prepared a recipe for this manual change. We apologize for this inconvenience (#62030).

  • 3.1.31 (2016-08-08):
    • Web-Interface and OMP:
      • Extension: Automatic deletion of old reports. For tasks there is now a new setting that allows to specify a maximum number of reports stored for this task. If a further report is added, the oldest report gets automatically deleted. This makes it possible to for example to keep the latest 10 reports of a daily executed task. By default this is unset (#38210).
      • Improvement: If a scan via a scan slave fails due to a wrong password or wrong username for the slave, there will now be a respective note in a error message of the report (#59154).
      • Extension: The new alert method “SCP” allows to transfer a scan report in XML format via the SCP protocol. This is for example supported by some SIEM systems (#53932).
      • Extension: The alert method “SNMP” was separated from the method “SysLog” now forming a method of its own. It is not necessary anymore to additionally configure the SNMP trap received via GOS-Admin-Menu (#58742).
      • Extension: “Default Severity” was added under “My Settings”. This is the pre-defined severity to be used for NVTs that do not offer a severity. This can only happen if CVE-based OSP scanners are used and the CVEs do not have yet a CVSS assigned. Default is the conservative maximum of 10.0 (#49729).
      • Extension: It is now possible to attach a GXR and/or GSR to the Verinice ISM Report Format Plugin (#41074, #60444, #54603, #2015111910000013).
      • Minor extension: The powerfilter for permissions was extended with keyword “orphan”. With “orphan=1” orphaned permissions can be filtered. It is those permissions where the referring resource does not exist anymore (#55906, #2016010410000022).
      • GXR/GSR: The topology graph is created only for a maximum of 50 hosts (#56108, #2016011810000014).
      • Minor improvement: It is now allowed to use character “@” in the comment and value of tags (#57395).
      • Bugfix: If user names contained special characters, it was not possible to add them to groups or roles (#58879).
      • Bugfix: When importing special scan configurations it was possible that errors prevented the import (#59629).
      • Bugfix: Under certain conditions it was possible that a task executed via a scan slave hung in status “Stop Requested” (#59726, #2016050310000017, #2016052310000024).
      • Bugfix: Cloned pre-define report formats are now automatically trusted since only the general description can be changed and not the internal logic (#56990).
      • Bugfix: A formatting problem for special NVT descriptions was solved for the GSR PDF report format (#56150, #2016012010000037).
      • Bugfix: In very special cases it was not possible to positively verify a imported Report Format Plugin (#59287, #59756).
      • Bugfix: For delta reports some unneeded entries were created under certain conditions (#56952, #2016020910000011).
      • Bugfix: When creating for example GSR PDF reports directly in the web interface, the filter settings about hosts were not considered although this was considered in the GUI (#57256, #2016022910000055).
      • Bugfix: In the port list overview UUIDs were shown for targets using the port lists but which were not readable for the current user. The cross references did not work as a matter of fact. Now such UUIDs are not shown anymore (#58885).
      • Minor corrections of the OMP Documentation (#56666).
    • Web-Interface:
      • Layout improvements for host table in report results browser: The column content is now better wrapped (#55406).
      • Bugfix: Special manual changes to HTTP request now result immediately in an empty page and not cause anymore a delay (#57986).
      • Additional icons for operating systems were added (#57183).
      • Bugfix: When using the auto-refresh a error message could occur when creating a multiple permission (#56795).
      • Minor improvement: The titles for the filtering rules in the report results browser were changed to prevent misunderstanding about what exactly is the view about (#39535, #2014072410000121).
      • Minor improvement: The “once” status of a task is now also visible in the tooltip (#48265, #2015040910000028).
      • Bugfix: The edit-dialog for user account did not set the LDAP flag automatically if the user was managed via LDAP (#56469, #2016012610000017).
      • Improvement: Under high load of web interface (many concurrent users) it could happen that a new connection was denied. The limit of concurrent connections has been increased now (#58167, #2016040710000039).
    • GOS-Admin:
      • The menu for SNMP trap configuration was removed. It is now available via the web interface (#58743, #58745).
      • The cipher configuration of the SSH service was moved to a higher security level (#58450).
      • Improvement of internal logging: UUIDs of resources are now accompanied with the resource name and any “Internal Error” is now explicitly detailed (#58005, #58721, #59683).
      • Extension: For an in-depth analysis of a GSM in cooperation with the Greenbone Support there is now an option in the GOS-Admin-Menu to create a encrypted package with all relevant system data (#44900, #60301).
      • Extension: Internal clean-up method for resetting a scan sensor (#28277).
      • Improvement: The internal journal sizes of the database are limited now (#57888).
      • Bugfix: During a Factory Reset possibly (depending on the GSM model) an error occurred. This was only in very rare cases and it was possible to circumvent it. This is now fixed in general (#60488, #55414).
    • Scanner:
      • Improvement: The OpenVAS Scanner was made more robust handling timeouts. If a port was detected as open but later on it times out, a multiple retry strategy is applied (#48537).
      • Improvement: If SMBv1 is disabled on the target system and SMBv2 enabled, the scanner can achieve some more results during a authenticated scan. However, the detection capabilities very much depend on the presence of a running remote registry service (#50757, #2015071510000029).
      • Bugfix: Under extreme high load scan tasks could hang on a scan sensor. In combination with a limited schedule tasks could remain in status “Stop Requested” until next reboot. Measures are taken to prevent such so-called “scan zombies” (#56688, #2016020310000022).
      • Bugfix: Under certain conditions SSH scans could hang for a while. If the scanner has trouble with the remote ssh service, it terminates earlier now (#54059).
      • Improvement: When scanning SNMP services too many unneeded internal log information were created in case of missing MIBs (#59857).
  • 3.1.30 (2016-05-30):
    • Web-Interface and OMP:
      • Bugfix: For scheduled scans with limited duration and in master-slave operation it could happen that the scan task was stopped on the master but not on the slave. When resuming a task a new scan was started instead of finishing the stopped one (#59433, #59431).
    • Scanner:
      • Bugfix: Frequent stop and start of a task in short intervals could lead to a task that stay in status “Stop Requested”. A blocking scanner was responsible for this situation (#59642).
  • 3.1.29 (2016-04-21):
    • Web-Interface:
      • Bugfix: The action to resume a task while concurrently using a page refresh could lead to loosing the session ticket (#58356).
      • Bugfix: By using some special UTF-8 characters for filters it was possible to loose the session ticket (#57961).
    • GOS-Admin:
      • Update of an internal CA certificate with a new expiration date. This update is mandatory for proper operation of the vulnerability scanning and management. It is especially urgent for GSM ONE where the update needs to happen during April 2016 (#57946).
    • Scanner:
      • For authenticated scans via SSH it is now possible to use ECDSA keys (#57091, #29613).
  • 3.1.28 (2016-02-23):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#50862, #54971).
      • For various situations there is no blocking of actions anymore. A user can act in parallel to background processes like SCAP update. At the same time the CPU load is lowered (#44104, #56004, #56127).
      • Bugfix for the trashcan. It was possible that when emptying the trashcan also other resources were deleted (#55296).
      • Extended options for the condition of alerts: It is now possible to use the number of matches of a powerfilter as criterion (#45430, #2015010710000019).
      • Bugfix: Some graphs of Extras/Performance were not correctly displayed for the GSM ONE and for GSM 500/510/550 (#55648, #2014050510000017, #54799).
      • The Report Format Plugin “Verinice ISM” was prepared for a generalization (#43295).
      • Only GSM 100: Bugfix of the task scheduling. Not all of the scheduled tasks were always properly started (#55259, #56466, #2016012510000028).
    • Web-Interface:
      • The regular expressions for user inputs where checked and where possible narrowed down. This helps to identify invalid user input earlier (#55933).
      • Minor improvement: The icons for deleting notes and overrides are now only available if the user has no permission to execute this action (#55384).
      • Bugfix: When using auto-refresh it was possible to get an error message after creating a permission for a task. The task or permission as such was not affected, it was just a wrong error message (#55298).
      • Bugfix: When using IPv6 the redirection from http to https did not work properly for all of the possible IPv6 addresses (#54839).
    • GOS-Admin:
      • New: For the backup of user data the new method SFTP accompanies the methods USB and SCP (#51195, #2015072310000013).
      • Minor improvement for the TLS cipher support for OMP/HTTPS regarding the settings SECURE and NORMAL (#55940).
      • The range of accepted characters for proxy credentials was extended (#49453, #2015052710000055).
      • In GOS-Admin-Menu some passwords where shown in clear text. This was now changed so that GOS-Admin-Menu shows no passwords in clear text at all (#56599, #2016020110000035).
      • An option to delete source code was added to GOS-Admin-Menu. This can be use in case source codes were installed manually (#54020).
      • Minor improvement for upgrades: The new version number was shown too early in the process of the upgrade (#47727).
      • In order to prepare the upcoming feature of support packages, the PGP key of the Greenbone Support was integrated. This will allow in future releases to encrypt data when sending to the support team (#56126).
    • Scanner:
      • An updated base library for the SSH protocol improves the detection abilities of the scanner and also extends the support for SSH credentials used for authenticated scans (#52479).
      • Improved robustness of the scanner against incomplete NVT meta data (#55264).
      • Bugfix regarding SSH connections: When doing massive scans a slow-down or connection loss could happen (#54661).
  • 3.1.27 (2016-02-18):
    • GOS Base System:
      • Security-Bugfix closing a severe vulnerability in the general base library “glibc”. It is recommended to reboot the system after the upgrade completed (CVE-2015-7547).
  • 3.1.26 (2016-02-02):
    • Web-Interface:
      • Security-Bugfix closing a DoS attack vector. It was possible to invalidate web session tickets of other users. Neither integrity nor availability of OMP or SSH is affected (#56541, GBSA-2016-02).
  • 3.1.25 (2016-01-12):
    • Web-Interface:
      • Minor security bugfix that closes a open redirect which was present only with enabled guest mode (#55720).
  • 3.1.24 (2016-01-09):
    • Web-Interface:
      • Security-Bugfix solving a cross site scripting vulnerability. To exploit the vulnerability a valid session token is required. In case the guest account is activated, the general guest token can be used. However, the guest user account owns no write permissions for the GSM (#55720, GBSA-2016-01).
  • 3.1.23 (2015-12-15):
    • Web-Interface and OMP:
      • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#51923).
      • New alert method “Send to host”: This method allows to send scan results in various formats to a configurable address as a simple TCP upload. Such upload opportunities are offered by several SIEM systems (#53931, #54296).
      • Bugfix for verinice ISM report plugin: It is now possible to attach a HTML report optionally (#54602, #2015111810000015).
      • Change for verinice ISM report plugin: The tag “Verinice Source ID” is now used instead of the previous work around based on the comment of a task (#54687).
      • New remote authentication method for GSM users via radius (#54696, #54060).
      • Changed: The “Once” checkbox for scheduled tasks now stays active after the scan was started. Before, it was deactivated but this added extra work for typical use cases (#48228, #2015040710000013).
      • Improvement: If no results were obtained during a scan, the user now gets some hints about potential reasons why the scan report could be empty (#51462).
      • Bugfix for overrides and CSV export: The overrides are now also applied for CSV exports (#52768, #2015092110000041).
      • Improvement for slave scans: a reboot of the master GSM does not anymore stop the slave scans. Now the slave scans can be resumed properly (#45074, #45073).
      • Improvement for the vulnerability view in the report browser: Notes and overrides are now also displayed (#52187, #2015090110000024).
      • Bugfix for overrides: The edit dialog was missing an explicit selection button for “yes” for the “active” setting (#52996).
      • Improvement for OSP scan configurations: Better defaults for selection lists (#52572, #52376).
      • Bugfix for counter of NVT Families in scan configurations: In some cases the number of NVTs was not shown correctly in the overview. The details view, however was correct (#53645, #2015091010000043).
      • Bugfix for deleting of ESXI credentials from trashcan: It was possible to ultimately delete a credential that was actually still in use (#54332).
      • Bugfix for scheduled scans with limited duration: After reaching the limit the task is now set to “Stopped” without any error notice (#53049, #2015093010000041).
      • Bugfix for importing OSP scan configurations (#53088, #2015100210000083).
      • Bugfix for LSC installer for Windows: Temporary files created during the installation are now removed immediately after the installation (#53680, #2015102210000036).
      • Bugfix for the performance charts: If data are no available, instead of showing an empty graph, now the graph is dropped. Several graphs are fixed and now use the correct data source (#22336, #22856, #36565).
      • Bugfix for prognosis reports: The format NBE is now also supported (#52897).
      • Minor bugfix that avoids an internal log message on slave GSMS in case scanning happens without credentials (#54526).
    • Web-Interface:
      • Minor improvement: For a guest access the page selection persists when the session ticket expires and a direct re-login is requested (#52165).
      • Minor bugfix: In some cases links to objects in the trashcan were non-functional (#54336).
      • Session tokens are now combined with the IP address of the browser. If a session token is used from a different system than it was issued for, it will not be accepted (#52008).
      • Minor improvement for the case a login user name is tried for logging in that contains invalid characters: In the past, a error dialog was raised. Now simply the login dialog returns and asks for a new try (#20082).
      • Bugfix: Missing icon for solution type “Mitigation” (#52596).
      • Minor bugfix: Enabling the bulk action, some icons remained visible, but without functionality. These are not visible anymore (#54335).
    • GOS-Admin:
      • Failed logins are now logged by default, including the source address (#51158, #51927).
      • Internal improvement: Some unneeded files that remained after an upgrade from GOS 3.0 are now deleted. These were just system files, no user data (#54019).
      • Minor improvement: When entering a proxy credential, a additional hint on the syntax for ADS environments is provided for convenience (#53684).
      • Bugfix: The Airgap menu of gos-admin now correctly reflects all of the airgap combinations (#54058, #51272).
    • Scanner:
      • OSP scanners report about the host alive status properly (#51924).
      • Bugfix for resolving hostnames in pure IPv6 environments (#54216).
      • Bugfix: For some OSP scans the target CIDR notation was not correctly resolved (#52373).
      • Internal improvement of the OpenVAS scanner regarding data stream block lengths (#53023, #52146).
      • Improved status message in case of a malfunctioning or unavailable OSP scanner (#52240).
  • 3.1.22 (2015-10-30):
    • GOS-Admin:
      • Improved robustness of the central data manager against special load and stress situations (#53834, #53825, #53832, #53646, #2015100710000047).
  • 3.1.21 (2015-10-20):
    • Web-Interface and OMP:
      • Minor Bugfix: Subject for email alerts are now prefixed with “GSM” (#53282).
    • GOS-Admin:
      • At high load it could happen that more than one feed update is executed in parallel. This could lead to a blocking situation (#53356, #53360, #2015100710000047).
      • The upgrade starting from a factory reset could lead to error messages in the log during a feed update due to inconsistent data migration (#53358, #2015100610000031).
  • 3.1.20 (2015-10-07):
    • GOS-Admin:
      • Bugfix: An issue which could cause the upgrade process to abort under certain circumstances has been addressed (#53089, #2015100210000065).
      • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53091).
      • Improved visibility of upgrade process in system log files (#44607).
  • 3.1.19 (2015-09-29):
    • Web-Interface and OMP:
      • Accelerated responses for task overview in case of high scan loads (#50860, #2015070610000037).
      • New: Extended configuration of email alerts. The title as well as the message body can now be specified individually. Some variables can be used to reference the task and to use text elements. The pre-configure settings reflect the title and content as was so far. So, there is not necessary to immediately change anything (#50859, #50572, #2015070810000042).
      • GSR Report: Under certain circumstances (triggered by an alert) wrong severity colors and classes could be applied that did not match the actual CVSS (#51820, #50171, #2015081810000058, #2015062310000015).
      • New: XML representation of tasks now includes the tags attached to the task (#52478).
      • Bugfix: Credentials shared via permissions were in some cases not accessible for the scan (#50363, #2015070110000028, #2015070810000051).
      • Bugfix: It could happen that a shared sub-object (for example a port list) was not readable (#51416, #2015080410000039).
      • Bugfix: Access of super admin via LDAP is not denied anymore (#48824, #2015042710000021).
      • Bugfix: When using dynamic severity, it could happen that timeout messages were displayed as a regular result instead of as an error (#50324, #2015070110000019).
      • Minor Bugfix: In scan configurations it could happen that the displayed number of selected NVTs for a family was wrong. The actual selection was handled correctly (#48250).
    • Web-Interface:
      • Bugfix for the export of larger data collections from ca. 100 objects, for example CPE resources (#52174).
      • New: When creating a new target, now the pre-set target is the source IP address of the user’s browser system (#47098, 51639, 51925).
      • New: When creating a new task, now it is possible to directly specify a tag for the new task (#35488, #2014022510000066).
      • Bugfix for host restrictions for a user: Ranges that were expressed using the hyphen syntax (from-to) were not accepted (#50915, #2015080710000015).
      • User names may now contain the dot character (“.”) (#51136).
      • Minor Bugfix: The Chinese translation is now identified as “zh_CN” instead of just “zh” (#51112).
      • Minor change: Die login page now has a CSS of its own (#50915).
      • New: The “Content-Security-Policy” settings are now used to limit the embedded access from within other sites (#51375).
    • GOS-Admin:
      • Accelerated Upgrade: Under certain circumstances a automatic update could take several hours because some internal data optimizations were executed. These are not enforced anymore for each upgrade (#51481, #2015081010000045).
      • Failed logins for the web interface are now logged by default including the source IP address (#51926).
      • Minor Bugfix: Applying changes of TLS Cipher is less delayed now (#43785).
      • Minor Bugfix: Lowered log noise about upgrades (#49956).
    • Scanner:
      • Accelerated scans by about 10%. The actual achievements depend on various circumstances and might be even better (#48799).
      • Improved integration of the web application scanner w3af, now also supporting the seed URL setting (#51266, #51334, #51412, #51283).
      • Improved integration of the IDS PaloAlto (#52600, #52579).
      • Improved error handling of OSP scanners (#51335).
      • Minor Bugfix: When creating a OSP scanner, expired certificates are immediately rejected (#50398).
      • OSP servers now refuse to launch with a certificate that expired anyway (#50397).
      • Bugfix: Dynamic severity will not display OSP scanner results as “0.0” anymore (#50738).
      • New: OSP connector for Fortinet which however is not yet supported for use (#49627, #52104).
      • OpenVAS Scanner: The option “max_sysload” was removed as a scan configuration option, because it is a system wide setting, not a scan-specific one (#51263).
      • Bugfix for OpenVAS Scanner: Improved SSH host key detection (#50588).
  • 3.1.18 (2015-09-24):
    • Hardware:
      • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52838, GBSA-2015-01).
  • 3.1.17 (2015-08-03):
    • Web-Interface and OMP:
      • Improvement of filtering regarding QoD by extending the use of filter element “min_qod”. This helps for a consistent view for default settings (#46117).
      • Extended powerfilter for results: All results for a task across all reports can be selected for a certain CVE (for example “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
      • Bugfix for the powerfilter when searching for parts of an IP address (#49497, #2015052910000015).
      • Resolved inconsistencies (None vs. Log) when handling PCIDSS severity classes and corrected ranges (#49080, #49075).
      • GSR PDF reports: Size limitation extended (#49655, #2015040810000021).
      • GSR/GXR PDF Reports: With more than 100 hosts the topology graph will not be included anymore since details can not be identified anymore anyway. With this, the creation of the larger reports is also accelerated (#49269, #2015051810000018).
      • Bugfix: QoD for “general_note” is now displayed with 1% and not anymore with the default of 75% (#50325).
      • Bugfix: The installation routine for automatically created credentials now also works for Windows 2012 R2 and Windows 10 (#47269, #2015030210000033).
      • Bugfix: Improved error handling for invalid user input for the powerfilter (#49412).
      • Bugfix: Global users were missing in the selection box for permission dialogs (#49381, #50497, #2015070610000046).
      • Minor bugfix: Less process overhead for the creation of report documents (#48977).
    • Web-Interface:
      • Improved support for user interface languages. By restructuring the handling it is now easier to add more languages. In this context, German and Chinese was updated and a partial translation for Russian was added (#44479, #50723).
      • Extended bulk actions: It is now allowed to handle a larger number of objects with a single action, for example to delete a larger number of reports (#50584, #2015070610000028).
      • Details dialog for tasks: Added the information about the total number of single results related to this task across all reports. This includes a direct link into the results table (#49628).
      • Improved: New User dialog now does not allow to enter a password in case LDAP is used because it was and is ignored anyway (#49271).
      • Bugfix for permissions: In some special cases the action icons were greyed out although the actions were allowed (#49583).
      • Bugfix for the Powerfilter: In some cases the combination of keywords did not establish the right selection, for example the combination of the keywords “task_id” and “cve”. (#49675).
      • Bugfix for the creation of a schedule: The comments was not stored (#49595).
      • Extended the set of allowed characters for comments by “:” (#49494, #2015052810000026).
    • GOS-Admin:
      • User-data backups can now be created even when the database exceeds the size of 4 GByte (#48109).
      • Extended the set of allowed characters for the SNMPv3 password by “$#?!” (#49312, #2014100110000023).
      • The SNMP setting are now also available via GOS-Admin-Menu for the GSM 25 (#49448, #2015052710000019).
      • Bugfix for the import of reports: The detection details were not imported (#49660, #2015060410000033).
      • Bugfix for the SNMP trap setting (#46321, #50323, #2015013010000029, #2015063010000083).
      • Bugfix to prevent non-functional internal processes. However, there was no impact on performance (#48109).
      • Minor bugfix for the scanner for rare special cases (#49593).
      • The setting “proxy_update” was not used since a very long time and now is finally removed. Instead, the setting “proxy_feed” is used (#49593).
      • Improved internal error messages in case of database problems (#48876).
    • Scanner:
      • Bugfix: Under certain conditions single checks were aborted too early (#48906).
      • Bugfix: For Linux systems with large package databases (ca. more than 8000 packages) it could happen that the list was truncated and thus not all packages were analyzed (#49727).
      • OSP: Extended to handle ports as host details and to handle timestamps (#48800, 49584).
      • New: Beta version of Palo-Alto OSP scanner for selected pilot customers (#48538, #51194, #50912, #50858).
      • New: Beta version of w3af OSP Scanner for selected pilot customers (#50912, #43436, #49673).
  • 3.1.16 (2015-07-03):
    • Web-Interface and OMP:
      • Bugfix: A scheduled start of a task will now only be done for the owner of the task (#50140, #2015020210000026).
      • Bugfix: A scheduled start of a task will now only be done once per given time window (#50314, #2015063010000065).
  • 3.1.15 (2015-06-19):
    • Web-Interface and OMP:
      • Bugfix: When stopping a scan task it could happen that the status of the task hangs at “Stop requested”. Only a reboot did set back the status to “Stopped” (#49496, #2015052810000017).
      • Bugfix: A report creation triggered by an alert could block the database for the duration of the report creation (#49975).
  • 3.1.14 (2015-06-16):
    • Web-Interface and OMP:
      • Bugfix: A combination of scans with a configured time window and automatically coupled creation of reports could lead to a blocked database in case the Scan was comprehensive or the time window short (#49861, #2015061110000011).
  • 3.1.13 (2015-05-21):
    • Web-Interface and OMP:
      • Permissions: Extended dialog for setting new permissions. It is now possible to create multiple permissions in one step. For example it is now possible when changing a target object, to apply the same permissions automatically to the related port list and credentials. Concurrently a unified permission dialog for all object types is introduced. It is available on the respective details pages. And it offers a direct link into the permission creation dialog and automatically configures all related objects for it.In total this increases the comfort for creating, reviewing and modifying permissions. (#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
      • QoD: Some inconsistent default filtering (min_qod) is now unified and the current min_qod selection will be kept when entering into a report (#46989, #47891).
      • Bugfix: The deleting of Report Format Plugins failed under certain conditions (#48961).
      • Bugfix: Accessing the trashcan failed under certain, rare conditions (#49058, #2015050710000021).
      • Bugfix: It was possible that by removing an override the severity did not follow the change (#47789).
      • Passwords for web and OMP users: Now it is also allowed to use whitespace and part of a password (#48712, #2015042210000021).
      • The Report Format Plugin “Verinice-ITG” is now a pre-configured plugin and it is not required anymore to import it explicitly (#41765).
      • Bugfix: The name of a NVT and its last tag are now considered for filtering (#48891, #2015041610000023).
      • Bugfix: The sorting by “Last” report in the task list did not work properly (#48823, #2015042710000011).
      • Bugfix for slave tasks: In case the sensor or slave was not reachable, it was problematic to stop a started scan as long as the start was still was not established (#48877, #2015040110000024).
      • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strictly (#47710, #48890, #2015040210000041).
      • Bugfix: Filter directives for delta reports were executed properly, but in the new view the filter was lost (#48063).
      • Bugfix: Individual port lists that were used for a scan via a slave or sensor where not automatically deleted after the scan finished (#47889).
      • Bugfix about displaying the trust status of Report Format Plugins (#47721, #2015022310000013).
      • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#48715, #2015031810000031).
      • Bugfix: Under certain conditions it could happen that expanding the results view did not show the actual details in case the results are owned by another user (#47411).
    • Web-Interface:
      • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#48981).
      • Bugfix: The version info about GSR and GXR did wrongly not show the actual version 3 (#48115).
      • Bugfix: The counter for notes and overrides in the NVT details dialog showed always 0 (#48247, #2015040810000048).
      • Minor extensions of the online help texts (#47708, #47858).
    • GOS-Admin:
      • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#48788).
      • OMP via IPv6: In case OMP is enabled, this protocol can now be accessed also via IPv6 (#13592).
      • User-Data backups: In GOS-Admin-Menu there is a new function that shows all local user data backups (#47787).
      • User-Data backups: In GOS-Admin-Menu there is a new function that allows to remove single local user data backups (#44852).
      • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#48523).
      • Backup Management: The structure in GOS-Admin-Menu was re-organized with a better separation of backup types and backup settings (#44769).
      • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#48442).
      • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#47055, #2015022010000019).
    • Scanner:
      • Bugfix: By stopping and then resuming a task it could happen that in the overlapping range some results were doubled (#48538, #48974, #2015041710000031).
      • Bugfix: In some cases the hostname for a scanned IP was missing in the results (#44904).
  • 3.1.12 (2015-04-23):
    • Scanner:
      • Bugfix for the scanner which did not reliably executed some tests for some Windows systems. This lead to a lower number of detected vulnerabilities compared to GOS 3.0 (#46115, #48521).
  • 3.1.11 (2015-04-08):
    • Web-Oberfläche und OMP:
      • Bugfix for the NVT details: The CVSS vector was missing in GOS 3.1.10. After the next feed update the vectors will be visible again (#48062).
  • 3.1.10 (2015-04-01):
    • Web-Interface and OMP:
      • Comprehensive update of the Report Format Plugins GXR and GSR. The representation of is more compact now. Especially the GSR will now get created faster and will have less pages. Apart from that, several new functions are support now like solution type and QoD (#46216).
      • The Report Format Plugins GXR and GSR now offer a tabular overview about the success of target host authentications (SMB, SSH and ESXi) (#45700, #2015011510000021).
      • Bugfix for GSR Report Plugin: The text entry about overrides was missing (#47212).
      • New Report Format Plugin “Anonymous XML”: Like XML, but IP addresses get pseudonyms and other potential hints about the origin of the scan are removed as well (#38250).
      • Comprehensive update of the permissions management regarding visibility of objects by Users, Groups and Roles. Now, several dependencies will be considered by the permissions management (#47310, #2015030410000011).
      • Bugfix for automatically created Debian credential packages (#46996).
      • Fully automized update of CERT-Bund now activated (#45364, #47176, #2015022610000062).
      • Bugfix for the keyword “owner” when used in the powerfilter (#46915).
      • Bugfix regarding transfer of task properties to scan slaves (#46721).
      • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#46897).
      • Bugfix to prevent piling up of lost scanner processes that slow down a GSM over time (#47854).
      • Bugfix regarding changing the “Host-Alive” method (#47989).
    • Web-Interface:
      • Charts: Tooltips extended with percentages and added tooltips for the legend (#47358).
      • Bugfix: Overrides were applied in the Report-Browser, but False Positives were not displayed (#47096).
      • Improved usability of powerfilters: The text entry now contains only specific elements. All others are displayed below, but could be set anytime as well (#45912).
      • Minor bugfix for Task Details Dialog: The Slave name is not displayed anymore if no slave is used anyway (#46819).
      • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#15343).
      • Improved online help for Scanner Details (#47282).
      • Added download option for certificates of OSP scanners (#47281, #47283).
      • SecInfo for NVTs was internally changed to now use the OMP command GET_INFO (#39910).
      • Minor bugfix: Graphical bug in Charts regarding too many percentage characters (#47357).
      • Minor bugfix: Graphical bug for IT-Schwachstellenampel regarding URLs (#46969).
      • Minor Bugfix for status info of OpenVAS Scanner: It was wrongly displayed that the scanner is offline (#47280).
    • GOS-Admin:
      • Extended SNMP monitoring parameters and MIB: The MIB for the Greenbone Security Managers as well as the newly supported standard properties are now documented at the Greenbone website about SNMP (#44239, #29960, #2013052810000039).
      • Internal improvement for self-check after an upgrade to identify incomplete upgrades (#47579).
      • Internal improvement of management of OSP Ovaldi: Certificate update via GOS-Admin-Menu (#47219).
      • Minor bugfix of NTP configuration to avoid error messages in the log (#46726, #2015021110000027).
      • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47264).
      • For GSM ONE the menu “Advanced Management” is now back in GOS-Admin-menu (#47724).
      • Improved Boot-Check log (#43682).
      • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46815).
    • Scanner:
      • Internal improvement: For NVTs of the OpenVAS Scanner it is not mandatory anymore to deliver a CVSS Base if they already offer a CVSS Base Vector (#41456).
      • Improvement of authenticated scans for target systems with specific SSH services and key types (#47304, #47278, #29613).
      • OSP-ovaldi now also delivers its own CPE as a host detail (#45909).
      • New Parameter “debug_mode” for all OSP scanners (#45906).
  • 3.1.9 (2015-03-13):
    • Bugfix for internal GOS upgrade handling (#47513).
  • 3.1.8 (2015-03-05):
    • Bugfix regarding TLS certificates of the pre-configured scanner. Under certain conditions it could happen that no scans are executed anymore and a manual update of the certificates was necessary. This has now been automated (#47279).
  • 3.1.7 (2015-03-03):
    • Quality of Detection (QoD): This concept for the reliability of successful detections of vulnerabilities now arrived also in the web interface. New NVTs were already equipped with specific QoD values (between 0% and 100%) for some time. The QoD is now visible for NVTs as well as for the scan results. Of course, it is now possible to use the QoD to filter. The defaults are chosen to match the previous behaviour. This means, the same number of results are filtered which corresponds to a QoD of 70%.
      With this new feature, the parameter “paranoid” in the scan configurations is dropped, because now even those tests with a low reliability are always executed. The results are present in the database and can be reviewed if needed. A separate scan for detecting so-called “potential vulnerabilities” is not necessary anymore. (#46396, #38193, #46118).
    • Extension of the permissions dialog for tasks: When granting permissions to a task, now the same permission is automatically granted for the depending objects like schedules or alerts. (#39459, #2014072210000017).
    • Reduction of DNS Reverse Lookups of the GSM for NTP servers (#46965, #2015012110000037).
    • Bugfix for executing scans via slaves: Now the configured port list is applied and not just the default port list (#46632).
    • Bugfix for the use of SSH keys for SSH credentials (#46474).
    • Bugfix for the Restore function of the user-data backup on GSM 100 when migrating to GOS 3.1 (#46813, 46835, 46241, 46515).
    • Bugfix for drop-down dialog elements for timestamp in task wizards (#46125).
    • Bugfix for scan progress bar: The progress is now reflected more adequately (#18591, #46694, #2015020210000053).
    • New functions via gos-admin-menu (section “Advanced”) to manage the database (vacuum, analyze) (#41097, #43688).
    • Bugfix for sensor upgrades, specifically for airgap (#46836).
    • Bugfix for individual timeout configuration of NVTs when executed via a slave system (#44857, #2014121110000019).
    • Bugfix for missing transfer of ESXi credentials to slave systems (#46691).
    • Creating web users with the same name is not allowed anymore (#46214).
    • Alterable tasks: If all reports are removed, the task does not anymore automatically turn into a regular tasks. It rather remains to be an alterable task (#42226, #2014101310000028).
    • Extension for creating a new task: It is now possible to assign a schedule and configure to execute the schedule only once. After this schedule is executed, it will automatically be removed from the task (#46184, #2015012610000028).
    • Tasks with schedules that define only a single execution: After the scan was started, the schedule object is removed from the task object because it won’t be ever executed anymore anyway. This means that now any task in the task overview that has a schedule symbol will definitely be executed in the future at least once. (#45943, #46185, #2015012610000046).
    • Extension of the selfcheck in gos-admin-menu to check availability of internal OMP service (#46397).
    • Update of an external link inside the Online Help system (#46390, #2015013010000047).
    • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46542).
    • Bugfix for sorting the numerical column “IPs” of targets (#39267, #2014071710000018).
    • Bugfix for Superadmin: Icons for cloning are not greyed anymore (#45888).
    • Bugfix for Superadmin: Access to notes and overrides is now possible (#45889).
    • Bugfix for auto-credentials (#45729, #45730).
    • Improved WMI RSOP support for the OpenVAS Scanner (#40407).
  • 3.1.6 (2015-01-26):
    • Last release of Beta phase. First release of 3.1.

2017-04-25: Greenbone OS 4.1 for new deliveries without sensor coupling of GSM 400, GSM 600 and GSM 650

Also available for all GSM ONE as upgrade with migration

Latest Patch Level: 4.1.7 (2017-08-24)

Lifecycle-Phase: End-of-Life 2017-12-15

      • Using LVM (Logical Volume Manager) for all appliances.
      • Encrypted file system for all appliances.
      • Redesign and enhanced display of information in the LCD panel. Using the appliances LCD panel controls, scrolling through system status information is possible.
      • Complete revision of the Backup Management, now fully automatable and efficient backup procedure. Every revision status can be restored on demand. Backups are transferred to a backup server via encrypted connection, additionally flashdrive (USB) backups are possible.
      • Configuration of VLANs is possible in the administrative interface of GOS.

Greenbone OS 4.1.7 (2017-08-24)

      • Web Interface:
        • Bugfix: In some input fields some special characters were not accepted and led to internal error 500 (#77779).
        • Bugfix: With a short refresh interval and long action a second automatic refresh could stop the previous action (#72656, #2017051210000043).
      • Web Interface and OMP:
        • Improvement: Queries in the Results view are consideraby faster now (#72655, #2017051210000043).
        • Bugfix: It was possible to delete Credentials that are connected to an Alert and thus invalidate the Alert (#75529).
      • GOS-Admin:
        • Improvement: The shutdown duration of GOS was reduced (#69204, #74730).
        • Improvements for the migration from GOS 3.1 to 4.1 (#75205, #71995)
      • Scanner:
        • Change of the scan method for authenticated scans of Windows systems: A replaced protocol layer now allows to scan Windows systems configured with any combination of SMBv1 and SMBv2. Furthermore, there are no more situations where the scanner needs to use a volatile agent to access the registry service (#77754, #77108).

Greenbone OS 4.1.6 (2017-07-18)

      • Web Interface:
        • Bugfix: Various layout problems for IE 11 were fixed (#75208, #73555, #73556, #73557).
        • Bugfix: The timestamp representation for specific timezones were not correct (“NaN”) (#75524).
        • Bugfix: In some charts the name of the applied filter was missing (#72228, #2017050210000026).
        • Minor improvement: The web interface now delivers a robots.txt for the case a compliant search engine visits (#70916).
        • Minor improvement: Some dialogs are now displayed bigger (#72618, #2017051110000054).
        • Improvement of the online documentation (#75248).
      • Web Interface and OMP:
        • Bugfix: For imported Report Format Plugin the signature trust check failed although the signature was valid (#72859, #2017051510000047).
        • Bugfix: Cloning the default OpenVAS Scanner is not allowed anymore (#72652).
        • Bugfix: Super-Admin can now delete and recover Report Format Plugins owned by other users (#75651).
        • Bugfix: The performance charts were not displayed in some cases (#75443, #2017070610000033).
        • Bugfix: When starting scans concurrently, it could have happened thatsome scans were blocked(#75177).
        • Bugfix: The powerfilter did not consider the RegExp pattern “(?i)” (#72261, #2017050210000099).
        • Bugfix for Super-Admin: This user was missing write access to notes and overrides of other users (#75176).
        • Bugfix for editing a target object which has many host entries or which has syntax errors (#73060).
        • Bugfix: From MySettings, a configured Scan Configuration was not considered as default (#73132, #2017052210000042).
        • Performance improvement: For the combination of notes/overrides and task permissions the creation and the editing was accelerated in the backend (#73889, #72431).
        • Performance improvement: Following the results link on the NVT details page was considerably accelerated (#69345).
        • Bugfix: For credentials used for authenticated scans of Windows systems,it was not possible to use the Euro symbol (#72258).
      • GOS-Admin:
        • Improvements for the LCD display of the midrange models (#71141, #73640).
        • Internal improvements of GOS regarding filesytem checks (#73290).
        • Minor bugfix for GOS menu: Hostnames with a dot are rejected (#75178).
        • Improvement for GOS menu: Under certain conditions the menu was blocked (#74400).
        • Improvement of availability even under high load of the database (#69206).
        • Bugfix: It could have happened that the automatic backup failed (#73689).
        • Extension: For the gateway it is now possible to apply a IPv6 address (#67696).
        • Improved robustness during boot process in case a feed update is started immediately at boot time (#75175).
        • Improvements of the migration from GOS 3.1 to GOS 4.1 (#64702, #65890, #66582, #68587, #68588, #68997, #66349, #66638, #72270, #2017041210000063).
      •  Scanner:
        • Performance improvement: Checking the digital signatures of NVTs was accelerated. This especially shows positive effects when running a feed update after a longer offline period (#75173).
        • Performance improvement: Especially for large scans and for many HTTP pages sometimes latency effects happened. Due to some optimizations, such scans should be faster by about 3% and consume 20% less of CPU time. Also latency effects are considerably reduced (#74459).
        • Improvement: The detection coverage for TLS scans was increased (#72647).
        • Internal improvement: Support of multiple signatures for NVTs (#74871).
        • Internal improvement for scan performance (#75174).

Greenbone OS 4.1.5 (2017-06-20)

      • Web-Interface and GMP:
        • Security Bugfix: It was possible for an authenticated GSM user to delete the network interface setting of tasks of the other users. The models GSM ONE and 25V were not affected (#74684).

Greebone OS 4.1.4 (2017-05-31)

      • Scanner:
        • Urgent Bugfix: During scans it could happen that the checks were not executed in the correct sequence. This could lead to less reported scan results because some information about the target system were not yet available when checks are running (#73601).

Greenbone OS 4.1.3 (2017-05-23)

      • Web Interface:
        • Bugfix: When editing a Scanner, the corresponding credential type “up” was wrongly shown as type “cc” (#70583).
        • Bugfix: graphical bug for IE 11 for the host toplogy graph (#70904).
        • Bugfix: When chaning the timezone settings, the language selection was lost (#72027, #2017042710000035).
        • Bugfix: When a filter is used for an alert, now the delete-icon for the filter is greyed out (#68999).
        • Change for the report auto-delete settings for tasks: The allowed minimum was reduced from 5 to 2 (#67694).
      • Web Interface and OMP:
        • Bugfix: Schedule were executed multiple times when they fall into daylight saving change (#71930).
        • Performance improvement for task overview (#72267).
        • Bugfix: Under special conditions a scan with a progress of 1% could suddenly change into status “Stopped” (#64112).
        • Bugfix: It was necessary to delete all users of a role before deleting the role, else a error message appeared (#69381).
      • GOS-Admin:
        • Minor internal bugfix: A file of the automatic backup system was wrongly placed in the backup area (#72851).
        • Internal improvement for upgrades for more consistent configuration files in the case of disruptions like power outage or manual system changes (#72967).
        • Activation of interal size settings (#70800).
        • Bugfix: The logging of the GSA modul (the web interface) is re-activated and includes succesful logins along with unsuccesful ones (#72553, 66595).
        • Improvements for the upgrade from GOS 4.0 to 4.1 (#72432, #68860, #72423, #2017050710000026, #71561, #2017042110000046).
        • Improvements for the upgrade from GOS 3.1 to 4.1 (#68860, #68653).
        • Extensions and improvements of the support package (#72021, #72650, #71138).
        • Preparations to support model GSM 100 (#72549, #72049).
        • Improvement: The SNMP Engine-ID can now be viewed via the GOS menu (#66466, #2017012010000026).
        • More robustness in case of serious hardware problems including a note on the LCD display (#70909).
        • Bugfix: New self-signed certificates ignored personal input and used the defaults instead (#72023, #72217, #2017042710000017, #2017042810000015).
        • Improvement: During a CSR between request and upload, HTTPS is not available. Via HTTP now a respective note is displayed (#69879).Minor bugfix: The cancellation of a CSR produced an unncessary internal error message (#72022).
        • Minor internal improvement for robustness of wrong syntax for GOS variables (#72430).
        • Minor improvement in GOS menu: Unified use of the term “Selfcheck” (#70796).
        • Minor bugfix in the logging about IP addresses (#69959).
        • Extension: During the selfcheck it is now noted when no reboot happened after the last upgrade (#72256).
        • Bugfix: For IPv4 it was not possible to configure MTU (#71991).
      • Scanner:
        • Bugfix: In some cases a scan test did exceed the configured timeout and was running for up-to 60 minutes (#69139).
        • Minor bugfix: In very rare cases an internal error occured for a scan (“invalid next size”) (#72259).
        • Extension: The scanner can now check for very special types of SSH backdoors (#55907).

Greenbone OS 4.1.2 (2017-04-25):

      • Last release of the Beta phase. Firste release of 4.1.

2016-12-21: Greenbone OS 4.0 for GSM ONE and GCE

Latest patch level: 4.0.5 (2017-04-04)

Lifecycle Phase: End-of-Life (2017-07-30)

      • Entirely updated base system.
        • Updates for all components.
        • Consistent 64bit architecture for all appliances and VMs.
      • Integrated full-featured database management system (DBMS) as backend.
      • Extensively reworked administration layer.
      • New: Explicit asset management. The first themes for the newly designed asset management are now available.
        • Hosts: Can be transferred automatically from scans. Manual transfer or adding new entries is also possible. New targets can be created from the host assets based on filters, for example “all Windows 2012 Servers” or “all hosts not scanned in the past 10 days”.
        • Operating Systems: Are automatically or manually transferred from scans. It is possible to compare average and maximum severity and of course the number of occurrences.
      • Comprehensive update of the web interface. This includes visual, technical and also workflow changes. No GOS update before covered so fundamental changes.
        • Dynamic and interactively configurable chart and dashboard views.
        • Dynamic use of the entire area of the browser window.
        • Web pages for changing or creating a resource are now turned into dialogs. This allows to open them in a chain, for example to create a target from within the task creation dialog.
        • Dynamic input systems, for example for selection lists or a date.
      • The filter of the report results is changed to the general powerfilter. With this step the powerfilter behavior is unified across the entire application. A complete automatic migration of the filters is unfortunately not possible. Thus we recommend the check, and where necessary, update your filter. This is especially relevant if they are used for alerts.
      • New charts:
        • Tasks: Next scheduled tasks as GANTT chart.
        • Tasks: Hight severity per host as bubble chart.
        • Tasks: Most high severity per host as vertical bar chart.
        • Reports: High severity as timeline chart.
        • Results: Vulnerability titles as word cloud chart.
        • Results: Vulnerability descriptions as word cloud chart.
      • New: Alerts for SecInfo. It is now possible to configure alerts based on new incoming SecInfo data.
      • New: Builtin CVE scanner. The prognosis scan is now a scanner that can be selected for a task among other scanners. All methods for tasks can thus now also be applied to CVE scans (the prognosis scans).

Latest patch level: 4.0.5 (2017-04-04)

      • Web Interface:
        • Bugfix: In the line charts the power filter elemenet “rows” was not properly considered (#66149).
        • Bugfix: Creating permissions directly from a note object or from an override did not work (#66156, #66343).
        • Bugfix: In some cases (inconsistent timestamps) it could happen that the session cookie is not accepted anymore by the browser and requests a new one (#68506, #67829)
        • Improvement: The dialog of the “Performance” page was reworked (#67076).
        • Minor Bugfix: Scaling problems with some IE 11 browsers (#65299).
        • Minor extension: Language support for Portoguese and Arabic was extended (#66272).
      • Web Interface and OMP:
        • Minor bugfix: In very rare cases the internal timestamp about the feed status was not correctly processed (#66342).
        • Improvement: The Report Format Plugin “CSV” now protects quotes in strings (#66339).
      • GOS-Admin:
        • Preparations for the the upgrade to 4.1 (#69343, #66637, #67863, #69949, #69950, #70172, #66346).
        • GCE only: Improved note about Greenbone evaluation key (#69951, #68778).
        • GCE only: Preparation for evaliuation keys (GEF) (#70394).
      • Scanner:
        • Extension to support TLS-SNI (#66336).
        • Bugfix: The “Host-Dead” check was improved (#67080).
        • Bugfix: The scanner did have problems with detecting specific samba services (#68106).
        • Bugfix: The scanner now processes special types of large scan target environments faster (#68777).
        • Bugfix: Under certain conditions it could happen that the scanner consumer more CPU time than needed (#64551)
        • Minor improvement: The internal logging of the scanner was extended for easier analysis in case of some special problems (#56130).

Greenbone OS 4.0.4 (2017-03-30)

      • GOS-Admin:
        • Bugfix: Under certain conditions (missing or slow DNS), host names (for example scan targets) are resolved to the local host (#70091).

Greenbone OS 4.0.3 for GSM ONE and Greenbone Community Edition

      • Web-Interface and OMP:
        • Minor bugfixes: Some functions were available in the web interface even if no persmission was available for these. Selecting them led to a internal error (#65303, #64592, #64681, #64712).
        • Minor bugfix: After deleting a user a blank page was shown (#65301).

2014-03-21: Greenbone OS 3.0

Latest patch level: 3.1.34 (2016-09-21)

The items marked with (*) will change the default behaviour.

      • Versioning: From GOS 3.0 the patch level versions will be indicated by the third part of the version number. For example the tenth patch level will be “3.0.10” instead of “3.0.0-10”.
      • Groups: For access permissions users can now be associated with Groups. The web interface allows full management of these groups for users with Administrator role.
      • Permissions: Under menu “Configuration” there is now a new item “Permissions”. Here the user has an overview on all of his access permissions and opportunities to manage them.
      • (*) For role “User” the permission is removed to see all other user names. From now on the permission to see other users (“get_users”) must be explicitly granted.

This means that you only can access the GUI elements to add or edit observers of your task if you own this permission. This can be granted for example directly for a single user via the administration of users.
Alternatively you can create a new role (e.g. “userlist”) with the only permission “get_users”. This new role can then be added to all users who should be provided with this extended permission. Of course other concepts of permission modelling could be applied as well.

      • (*) Alive-Test (Up-Test, Ping-Test): The type of this test that determines whether a system is active and therefore can be scanned is now adjustable as a property of the object “Target”. Which means it can be changed without the need to change Tasks or Scan Configurations. Possible methods are the same as before: ICMP, TCP and ARP.  The default setting for the Alive-Test changes from ICMP&TCP&ARP to just ICMP. Hence it can happen that results change for some of your Tasks because some systems are not regarded as alive anymore. But in most cases where larger IP ranges are scanned the scan duration will significantly drop down. However, you do not need to change a Scan Configuration or Task to get back to the previous state, you just need to adjust the Alive-Test method for the respective Target.
      • (*) Severity replaces Threat: The concept of Threat Classes is extended to the Severity concept where the severity is not just a class but also contains a specific CVSS value. The CVSS value of a Severity is always the highest occurring CVSS value in the corresponding scan results. This allows a higher granularity in the view and for example improves sorting.
        This means comprehensive changes for the whole application:

        • Task Overview: So far only the Threat level was stored for Tasks. Because old tasks covered results with only threat level and no CVSS level (meanwhile all NVTs are assigned with a CVSS), the migration will use old rules of attaching a threat level and therefore insert the maximum of the respective level. This means that the Severity may show a higher CVSS value than then highest value actually present in the results. But this guarantees that the threat level will remain the same. The following values are therefore applied during the migration: High: 10.0, Medium: 5.0, Low: 2.0. Of course for new scans the exact values as occurring in the results are applied.
        • Task-Details: For the list of reports of a task the very same changes and migration rule is applied as for the Task Overview.
        • Notes: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that notes may get invisible when NVTs are updated.
        • Overrides: The distinction of High, Medium, Low is dropped and the migration will place into one class. This prevents that overrides may not be applied when NVTs are updated. Furthermore, the New Severity is not anymore just a threat level but rather a CVSS value. Old overrides with just threat level are migrated with the same scheme as the Tasks and Reports (see above).
      • Tags: The new configuration object class “Tag” allows to attach short texts to almost any other object. These texts are available to filtering and are included in export files. This enables to create thematic groups or attach arbitrary attributes to objects.
      • Reports: Under menu “Scan Management” there is now an overview on any available scan report, regardless of the relations to a task. The powerfilter is available here as well. This new view replaces the report list in the task details dialog. Suitable filters are set automatically.
      • Search interface for all objects of the SecInfo Management: Via new menu item “All SecInfo” it is possible to search for keywords and with other methods of the Powerfilter through almost 300.000 objects of various types.
      • Web interface is extended with multi-lingual support and translated into German language.
      • New pre-configure Scan Configuration “Host Discovery”. This Scan Configuration simply searches for real systems for the given target addresses. No vulnerability tests are executed. The result is just a list of hosts that are regarded active.
      • New pre-configure Scan Configuration “System Discovery”. This Scan Configuration applies any NVTs that discover operating system types and/or hardware device types. No vulnerability tests are executed. The main result is an overview on the found operating system and devices.
      • New pre-configure Scan Configuration “Discovery”. This Scan Configuration applies any NVTs that discover as many details about the target system, installed services and applications, as possible. No vulnerability tests are executed.
      • Tasks: New class “Alterable Task” allows to change Target and Scan Config even if there are already reports for this task. This allows to have a playground task not designed to grant consistency between its reports.
      • Integrated online CVSS calculator: Under menu “Extras/CVSS Calculator” a form is available that supports calculating a CVSS value.
      • (*) Reports: The browser for the report view was entirely reworked and split up into multiple sections, each with a page of its own. Countless changes and extensions were applied. Attention: The changes are significant regarding the default view and regarding the powerfilter. Older stored powerfilters for reports may not work anymore and need to be re-created
      • (*) Reports: Users can now individually configure the severity class ranges (High, Medium, Low) for the results view. Attention: The predefined class range is now the one of NIST. Therefore the colors in the view can change for old results and filters may return different results. If you want to switch back to the old behaviour, just enter “My Settings” and select “OpenVAS Classic” for severity classes.
      • Powerfilter: The powerfilter now offers a expand/collapse functionality in order to offer a regular dialog as equivalent to the content of the filter string. Dialog and filter string are automatically mutually synchronized.
      • Target: It is now possible to reduce the selected range of target systems via some rules. This includes an exclude list, reduction of double entries via Reverse Lookup and making Reverse Lookup obligatory.
      • Host access rules: More opportunities to deny or allow scan of host for each users, for example hostnames can now also be applied.
      • Interface access rules: This new feature allows on the one hand to specify a special interface (like “eth1”) for each task. On the other hand it is possible to express rules to allow or deny access to interfaces for each user.
      • Problems with DNS resolving during scan: Each failed resolving of a target system name is not listed in section “Errors” of the report browser.
      • Reports: The port information is now extended with the current IANA service name that is registered for this port.
      • New pre-defined Report Format Plugin “CSV Results”: Comma-separated text table of single results.
      • New pre-defined Report Format Plugin “CSV Hosts”: Comma-separated text table of result overview for each target system.
      • (*) The Scanner preference “silent_dependencies” was removed. It was reducing the number of reported results to only those NVTs that were explicitly selected. This is not necessary anymore because the filtering can now take care of reducing reports. Furthermore, incomplete reports without log information do not offer adequate transparency. In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports.

In case you applied Scan Configurations that were using this preference, you will get more (all) results now in new reports. Note that when using one of the pre-defined Scan Configurations you will see no changes because these were explicitly selecting all the NVTs.

      • (*) The Scanner preference “host_expansion” was removed. Its purpose was to automatically expand the target hosts. This functionality should not be done by a Scanner, especially because it can lead to unforeseeable expansions. Using one of the pre-defined Scan Configurations or derived ones, no changes of the behaviour will happen.
      • (*) The Scanner will not create explicit results for detected ports anymore. These results had no reference to NVTs and were redundant anyway. An overview on the detected ports is already provided by other NVTs as log information. Additionally the new user interface even offers a explicit tabular overview in identified ports as part of the new report browser.
      • Tasks: It is now possible to configure the order in which the target hosts are scanned: Sequential (like before), reverse and random.
      • Task Details: The list of reports is now handled via the new object management. This also adds the powerfilter to this page.
      • Notes/Overrides: The actual note text is now used as identifier in the list instead of the NVT name.
      • Web-GUI: Consistent access to object details always via identifier in first column. The redundant button for Details is therefore removed from the set of Actions.
      • User management is made available via OMP.
      • Feed management is made available via OMP.
      • Port 80 is automatically redirected to 443. This means that if you enter “http://gsm.example.com” this is automatically changed to “https://gsm.example.com” instead of a failure message of the browser.
      • OVAL Definitions: The overview as well as the details dialog for OVAL Definitions has been reworked.

Patch-Level GOS 3.0:

      • 3.0.39 (2016-08-18):
        • GOS-Admin:
          • A warning appears when start gos-admin-menu saying that this release is retired and should not be actively used (#52993).
          • Bugfix: Prior to upgrading to GOS 3.1, there needs be done a test on BIOS version and presence of a BMC. This is relevant for a factory reset of some GSM Midrange models with a Flash Image older than GOS 3.1 (#61512).
      • 3.0.38 (2015-10-07):
        • GOS-Admin:
          • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53092).
      • 3.0.37 (2015-09-24):
        • Hardware:
          • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52840, GBSA-2015-01).
      • 3.0.36 (2015-06-12):
        • GSR PDF reports: Size limitation extended (#48813, #2015040810000021).
        • GSR/GXR PDF reports: With more than 100 hosts, the topology graph is dropped. The details are not readable anywy and the report creation is accelerated (#49274).
        • Improved import of reports into container tasks. The web interface is now available during the import (#48660).
        • Improved report filter for results (#48543, #2015041610000023).
        • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#49591).
      • 3.0.35 (2015-04-24):
        • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager models (#48657).
        • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#37419).
        • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#47706, #2015031810000031).
        • Bugfix for the OpenVAS Scanner to avoid high CPU load under certain conditions (#41205, #2014081510000029).
        • Bugfix for the OpenVAS Scanner to avoid hanging scan processes when scanning authenticated special network devices with special SSH servers (#47681, #2015031110000016).
        • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#48710).
        • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#47512).
        • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strict (#48237, #2015040210000041).
        • Bugfix for the scanning via slave: Host exceptions of a Target are now considered on the slave (#48112, #2015040210000022).
        • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#47683).
        • Bugfix that prevents timeouts when modifying larger NVT families (#48396, #2015041310000038).
        • Bugfix regarding the change of the “Host-Alive” method (#47935, #2015032710000013)
        • Minor bugfix of NTP configuration to avoid error messages in the log (#47356, #2015021110000027).
        • Bugfix for newly created automatically generated credentials (#47086, #2015021910000067).
        • Bugfix about displaying the trust status of Report Format Plugins (#47092, #2015022310000013).
        • Extensions of the online help for overrides (#47912).
        • Bugfix to prevent timeouts when creating or importing large scan reports (#48305, #48304, #48303, #48268, #2015040910000046, #2015041010000034).
      • 3.0.34 (2015-03-12):
        • Released upgrade to Greenbone OS 3.1 for all Greenbone Security Manager of type “GSM 100” (#47309).
        • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#44856, #2014073110000063).
        • Bugfix for reports that applied a filter for a single IP address: It was possible that some result entries were missing (#45891, #2015011510000058, #2015022510000037).
        • Bugfix for running scans via slaves: Now the selected port list will be used instead of just the default one (#46692).
        • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46543).
        • Improved performance for lists of reports (#46964).
        • Bugfix for the GSR report plugin: The text entry of overrides was missing (#38158, #2014060310000046).
        • Bugfix for scan progress bar: The progress is now displayed with better accuracy (#46401, #2015020210000053).
        • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46246).
        • Minor bugfix for upgrading GOS 2.2 to 3.0. The removal of an unneeded file directory failed (users-remote). (#46320).
        • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47265).
        • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#47091).
        • Bugfix for schedules that were configured to run for only a very short duration like just 1 minute (#46520).
        • Minor bugfix for a changed external URL in the online help of the web interface. (#46545).
      • 3.0.33 (2015-02-05):
        • Bugfix for Scan Configuration regarding the counter of active NVTs per family. Under certain conditions the number was too high by 1 (#44476).
        • Bugfix for autorefresh: Under rare conditions the session ticket became invalid, making it necessary to log in again (#44673).
        • Consistency fix for alerts: Here the default filter included the element “autofp” while it was not included in the results browser. Now “autofp” was removed from the defaults for alerts (#45083, #2014120310000016).
        • Improved error message for alerts that failed to execute due to missing report plugins (#43915).
        • Bugfix for expanded powerfilter: The checkbox for overrides was not always visible (#44858).
        • Bugfix regarding the delete-user function in gos-admin-menu (#45902).
        • Extended selfcheck of gos-admin-menu to cover the availability of the internal OMP service (#41194).
        • Extension of gos-admin-menu with configuration option for MTU of the interfaces (#44953, #2014121910000059).
        • Bugfix for inactive overrides: Such will not anymore be shown by the Report Plugins (#45076, #2014122210000034).
        • Bugfixes that lower the CPU load under certain conditions (#45564, #45562, #44544).
        • Bugfix for the overrides checkbox for the powerfilter, so that no wrong jump to default powerfilter settings happens anymore (#44905).
        • Bugfix for the Reports view so that now also those reports are shown for which a user has proxy permissions (#44052).
        • Activated Release Change to GOS 3.1 for GSM ONE. (#46468).
        • Lowered the number of reverse-lookups of the GOS base system for NTP in order to lower the log noise in the network monitoring (#45933).
        • Bugfix for permission checks for objects in the trashcan (#44902).
        • Bugfix for individual timeout configuration of NVTs when executed on a slave system (#46297, #2014121110000019).
      • 3.0.32 (2015-01-29):
        • Bugfix that updates an internal TLS certificate. With an expired certificate it is not possible to log in to the web interface. This problem currently occurs only for GSM 600 (#46218).
      • 3.0.31 (2014-12-18):
        • Bugfix for the recovery of a userdata backup for model GSM 500 (#44474).
        • Bugfix for sensor upgrades, especially for Airgap. In case of problems please contact our Support with reference to ticket number 44535 (#44535, #44477, #44444, #2014082010000019).
        • Activated slave assignments: Slaves created by a administrator and made accessible to users will now appear in the users’ selection lists for Slaves and can be used for scanning accordingly. The assignment of slaves currently still only works via direct permissions configuration (#44187, #2014112110000029).
        • Improvement of the behavior of the web interface in case autorefresh and Post requests are combined (#44362).
        • Bugfix about the NVT selection when using older, imported scan configurations where not always all NVTs were actually executed when scanning (#44446, #2014120310000016).
        • For userdata backups it is now possible to configure a backup server (SSH-based) and via gos-admin-menu the userdata backups can be transferred from/to the configured backup server (#43687, #2014110510000032).
      • 3.0.30 (2014-12-04):
        • Performance improvement for operations that retrieve lists of scan reports (#44348).
        • Bugfix for the automatic refresh in the web interface: After submitting a form, the refresh will not try to re-submit the form. This cause the interface to jump to another page (#43714).
        • Bugfix for missing graphs in the GXR report when sent via an email alert. The GXR/GSR reports where reworked regarding some other details, among these an improved timezone indication (#40211, #2014082110000026, #44275, #40028, #2014072410000022, #43853, #2014101410000035).
        • Improvement for starting scheduled scans so that these are started, possibly slightly delayed, even under high system load (#44024, #2014073110000063).
        • Bugfix for occasionally missing logo in the web interface (#43713).
        • Internal improvement to prevent wrong usage of feed synchronisation in the expert mode of GSM administration (#35126).
        • Bugfix that reduces the memory consumption of the scanner (#43581).
      • 3.0.29 (2014-11-29):
        • Urgent security-relevant bugfix about a attack vector for SQL injections. The attacker needs a user account for the GSM. (#44316, #44315, GBSA-2014-02).
      • 3.0.28 (2014-11-13):
        • Simplification of the internal processing for the management of Greenbone OS. Essentially the “Scheduling” phase is dropped for various routines and thus accelerates them considerably. The improved functions are: Sensor Trigger, GOS Upgrade, Feed Sync, GOS Sync, Flash-Image Sync, Airgap, any Backup and Restore (#43776, #42781, #42782, #43298, #43297, #43584, #43618, #43617).
        • Performance improvement for a Master-GSM that controls many sensors where the tasks intensively use automatic alerts (#41734, #43328, #43329, #2014073110000063).
        • The content of the “affected” information of a NVT is now also shown in the results details view and various Report Formats (#40460).
        • Internal improvement for the analysis of NVT bugs by adding more details into the respective log messages (#40418)
        • Improved online help about “Edit Tasks” regarding Alterable Tasks (#41189, #2014091810000031).
        • Bugfix for Selfcheck in GOS-Admin-menu where occasionally a freeze of the selfcheck occurred (#43813).
        • Bugfix regarding schedules that wrongly executed multiple times per day. This problem occurred when timezone changes (#43619, #2014110510000023).
        • Bugfix for Backup/Restore across GOS generations (#43622, #43681, #43715, #43681, #2014082010000019).
        • Extension of the Powerfilter, so that for some objects the presence of sub-objects can be considered. For example it is now possible to apply “schedule=” for task overview to filter for any tasks that do have a schedule associated (#39947, #2014081310000023).
        • Bugfix for timestamps about when a scan of a host finished when done via a scan sensor. Now the timestamp is immediately available when the scan of that host finished and not only when the entire scan finished (#32725, #2013102110000041).
        • Improved response times of web interface when used intensively in parallel (#42029).
        • The pre-configuration of the scan parameter “unscanned_closed_udp” was changed from “no” to “yes” for harmonization with the analog setting for tcp. This prevents some unnecessary timeouts during a scan (#31638).
        • Improved internal consistency checks regarding incomplete update downloads (#35948).
        • Slight performance improvement for Asset Management (#42062, #2014100810000011).
        • Extended user management of GOS-Admin-Menu: Now it is possible to set a new password for a web-admin also at this place (#31074, #2013080610000021).
        • Bugfix so that now the Powerfilter for NVTs includes the script tags (#43455).
        • A analysis of the database about some specific properties can now be executed via GOS-Admin-Menu (menu “Advanced”) (#43686, #41096).
        • Bugfix for the problem that under some specific, non-reproducible conditions some NVTs where not executed for a given target (#43300).
        • In the web interface the task filter selection is now persistent. Choosing a filter there and returning later to task overview will activate that filter again automatically (#39676).
        • In the web interface the refresh setting is now persistent when changing the views (#39673, #2014073110000018)
        • Online help about roles was extended (#42033).
        • Improvement of the Airgap function for GSM 5300/6400 so that the USB Stick device sequence is not relevant anymore (#42021).
        • Internal consistency check for GOS prior version 2.0 now finally removed (#41152).
        • Minor internal improvement to drop false error messages in the boot log (only GSM 600) (#37059).
        • Changed appearance of CLI Admin shell prompt which now includes the hostname of the GSM (#24692).
      • 3.0.27 (2014-10-16):
        • Bugfixes for Airgap feature. In this context a new logic was implemented for this process that prevents various side effects (for example changing device enumeration (#26710, #42149, #42010).
        • Bugfix for GSM 600 and GSM 650 that removes a processor slow-down. The performance of these appliances should increase visibly (#42148).
        • Reduced size of GXR and GSR PDF reports (#31553).
        • Feed-Push and Upgrade functionality for sensors added to gos-admin-menu. This allows to manually start updating sensors for example in case the sensor was not reachable during automatic update (#21553, #33986, #2013122010000021 ).
        • Added switch in gos-admin-menu to change the graphical web interface. Available are the classic view and the extremely reduced German interface “IT-Schwachstellenampel” (ITS) (#37879).
        • Administrative interface: There is a new explicit setting “all” that makes all interfaces administrative interfaces. This is now treated identical to empty or missing setting (#41004).
        • Bugfix for sensor check in selfcheck: This check now behaves in the same way like the check in the Sensor-Management does (#40324).
        • Bugfix for selfcheck in sensor mode: Non-reachability of feed server is not complained about anymore (#37577, #2014051310000011).
        • Extended selfcheck with a warning about TLS certificates that will expire in near future (#39502, #2014072410000102).
        • Changed pre-configured MTA to mail.example.com to avoid confusion (#40741).
        • Bugfix that prevents the internal GOS cron processes trying to send local emails about log data to “postmaster” (#42013).
      • 3.0.26 (2014-09-26):
        • Security update for third party tools used by Greenbone OS. This includes fixes for the vulnerabilities described in CVE-2014-6271 (Shellshock), CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187 in GNU Bash (#41575).
      • 3.0.25 (2014-09-13):
        • Bugfix for the migration of imported report formats with non-unique IDs (#40970).
        • Bugfix for the migration of schedules with missing time zones (#40737).
        • A bug which caused an internal error when attempting to empty the trashcan under certain circumstances has been fixed (#40358).
        • A bug which caused the “alterable” state to be displayed incorrectly in the web interface has been fixed (#40084, #2014081510000011).
        • The name of the task is now included in the PDF, LaTeX, HTML and TXT report formats (#25269).
        • A bug which caused start and end times to be displayed in an incorrect time zone when using slaves in different time zones under certain circumstances has been fixed (#39691, #2014072410000022).
        • A bug which caused the scan status to be displayed incorrectly as “-1 %” when scanning through a slave under certain circumstances has been fixed (#39679, #2014073110000063).
        • CPU usage on the master during slave scan has been reduced considerably, resulting in improved performance (#40120, #2014073110000063).
        • If enabled, JavaScript is now used in more situations to automatically apply the selection in a drop down menu (#39672, #2014073010000047).
        • A bug which cause excessive logging under certain circumstances has been fixed (#40121).
        • The “clone” functionality is now more easily accessible for a number of objects (#39674, #2014073110000027).
      • 3.0.24 (2014-08-22):
        • Bugfix that prevents a migration failure during a release switch. Changes introduced with the GOS 3.0.23 caused a release switch from GOS 2.2 to GOS 3.0.23 to fail during user migration (#40159).
      • 3.0.23 (2014-08-16):
        • Bugfix regarding visibility of GXR PDF plugins in case several copies are used in parallel (#39058).
        • Bugfix for defect masterkeys on sensors so that such are now identified (#38958).
        • Bugfix for the redirection from port 80 to 443 for the case that another than the default network interface is used (#39762).
        • Bugfix about using the administrative interfaces regarding the web interface in case another than the default network interface is used (#34964).
        • Bugfix to remove some false internal log messages about SCAP and CERT databases (#39185).
        • Bugfix for the behaviour of the CLI command “addadmin”. The user management via gos-admin-menu was not affected (#39227, #39245, #2014071510000067).
        • Some non-functional (empty) commands were removed from CLI Admin (#39472).
        • Removal of some since GOS 3.0 unneeded internal data files. Only in very few cases this will visibly lower disk storage consumption (#34966).
        • Bugfix that improves the redirection from port 80 to port 443 for some client applications. Standard browsers were not affected (#38612).
        • Minor bugfix to enable the internal log rotate for a log file (#37483).
        • Feedback button added to results: The details view of a result now offers a button to submit feedback about a scan result to the Greenbone support team (#38249).
        • Bugfix to remove internal temporary backup file while doing a user data backup (#39335).
        • The functionality “pause” for tasks was removed from the web interface. Paused tasks could block a significant amount of memory and stopped tasks can also be resumed (#39914).
        • Bugfix for the import of brute-force login lists within the scan configuration (#39471).
        • Bugfix to allow the multiple import of the very same report format plugins (#38016).
        • Changed the choice of refresh times: Instead of 10s/30s/60s it is now 30s/60s/2m/5m (#36561, #2014040710000024).
        • Bugfix about adding LDAP user accounts to user groups (#38459).
        • Bugfix about usage of filters for which read access was granted (#38787).
        • Minor bugfix about internal process handling when creating a tag (#39936).
        • The functionality “unfold filter” is now also available in the report view “summary” (#38783).
        • Internal extension of so that individual configuration of services is possible in case of very special needs (#37575, #39692, #2014051310000038).
        • IP addresses and hostnames in the report view do now link into the asset management (#39226, #2014071510000049).
        • Extension of the tooltips about hosts in the asset management to name the CPE (#39225, #2014071510000031).
        • Creating new LDAP users does not require to specify a (unused) password anymore (#31438, #2013082810000033).
        • Extension of gos-admin-menu with a hint that reboot is necessary after changes about the SSL certificate (#39503, #2014072410000111).
        • Increased number of possible IPs in host access field for user restrictions to 16,777,216 (#39405, #2014072110000046).
        • Improved LVM based backup functionality for GSM 6×0 (#37820).
        • The name of the task is now visible in the menu of the report view (#38782, #2014063010000021).
        • In CVSS vectors “AU” is now accepted for “Au” (#37710).
      • 3.0.22 (2014-07-11):
        • Bugfix that prevents a system freeze at boot time. Under certain conditions it can happen that a GOS 3.0.20 and GOS 3.0.21 will stop during boot process. The Greenbone Support team knows what to do in this case. In case you upgraded to 3.0.20 or 3.0.21 but have not rebooted the system, please first upgrade to 3.0.22 before doing so. (#39159).
      • 3.0.21 (2014-07-09):
        • Extended Alert type “verinice” with choice of the applied Report Report Format (#38995, #2014070710000037, #38996, #2014070710000046).
        • Bugfix regarding the extended SSL/TLS capabilities that were introduced with GOS 3.0.20. It ensures proper detection of SSL ports which did not happen in 3.0.20 (#38997).
        • Deactivated internal boot log because under certain conditions this caused problems regarding the console (#39007).
        • Bugfix regarding permissions of pre-configured roles: These can now not even more be changed with administrative rights (#38607).
      • 3.0.20 (2014-07-05):
        • Updated and extended SSL/TLS capabilities for both, the GOS services and the actual scanner. This also adds support for PFS (Perfect Forward Secrecy) (#38046, #33832).
        • Added support to configure TLS cipher priorities for OMP and HTTPS via gos-admin-menu (#36507, #38615).
        • Added support for SINA One Way Gateway to allow Feed updates across this gateway from an external GSM to an internal GSM. gos-admin-menu is extended with configuration for both sides, the update master and the update slave (#37854, #38047).
        • In order to allow updates of inhomogeneous GSM setups (for example 5300/600/100) in an internal network from a single external GSM, the GSM Midrange/Enterprise models are now enabled to hand over updates for a variety of GSM types (#38069).
        • In order to allow chained Master-Sensor setup (for example 5300>600>100) support was added configure a GSM to be Master and Sensor at the same time (#38048).
        • Bugfix that resolves database locking issues for Airgap updates that could occur under certain conditions (#38460).
        • Bugfix that adds transfer of CERT data for Airgap updates (#38049).
        • Minor bugfix about global-indicator icons for notes (#38722, 2014062610000011).
        • Bugfix that fixes the problem with multiple entries in the Host Access entry of a user configuration. Now all elements are accepted (#36137, #2014031910000031).
        • Allow scheduled tasks to be also startable manually (#28892, #2013040610000028).
        • Bugfix about triggering GSM 25V upgrades via Master GSMs (#38192).
        • Bugfix for the problem that entering the user/password management in gos-admin-menu sets sensor tasks to “stopped” (#38288).
        • Bugfix for an UTF-8 issue in ITG scan results (#37163, #2014042410000064).
        • Report Format Plugin “verinice ISM” is now a predefined one (#30425, #38708, #2013062610000013).
        • Added support for multiple email addresses for a email alert, rather than just a single one (#37652, #2014051410000036).
        • Minor bug fixes for rendering issues in some Chrome browsers (#35495).
        • Minor bugfix for some synchronisation log message cases (#38197).
        • Bugfix for restoring deleted Groups. Now the users are not lost (#38614).
        • Minor internal cleanup (removal of a left-over file) (#36423).
        • Bugfix to guarantee quick access to user and password management of gos-admin-menu. In some cases to took a considerable time open this menu (#38287).
        • Bugfix about cloning tasks with observers where permissions were dropped wrongly for the clone (#38213).
        • Bugfix to accelerate boot time which in some special cases took about 2 minutes and is now back to a few seconds (#38286).
        • Added check for expired certificate to selfcheck in gos-admin-menu (#35918).
        • Minor improvement about timezones in schedules (displaying and online help) (#38611, #38613).
      • 3.0.19 (2014-06-05):
        • Extension of gos-admin-menu to allow configuration of TLS Ciphers for OMP (#37763, #2014051910000018).
        • Updated guest tools for GSM 25V (#37566).
        • Bugfix for GSM25V regarding a defect boot menu (#38012).
        • Bugfix for the SCAP database to not ignore some specific CVEs in queries (#37236).
        • Fixed typo in gos-admin-menu in a path note (“2.1” vs. “3.0”) (#37561).
        • Bugfix to disallow deleting of a Report Format Plugins via OMP or web interface in case it is still being used for an alert (#37485, #35960).
        • Bugfix for non-self-signed SSL certificates to allow also longer certificate chains (#37863, #2013120910000043).
        • Extension of sensor checks of master GSMs to validate SSL certificates of the sensors (#37414).
        • Bugfix to close a memory and CPU leakage that occurred when using Chrome (#37988).
        • Bugfix that solves the issue that some deleted Report Format Plugins are still shown as long as they are kept in the trashcan (#36509).
        • Bugfix to add newly imported and activated Report Format Plugins to respective drop-down lists (#37457).
        • Bugfix for login procedure of LDAP accounts regarding LDAP server TLS certificates so that now all LDAP accounts can login again (#37458).
        • Bugfix to take care for deleted user account also the configured group and role relationships are removed (#37439).
        • Bugfix to make the boot log visible via gos-admin-menu (#37600).
        • Bugfix to make permissions invisible on a GSM ONE that refer to functionalities that are not available for this GSM anyway (#34539).
        • Improved internal log mechanism so that also very long log messages are not truncated (#37476).
        • Improved error message when deleting a user account (#37451).
        • Bugfix for deleting of user accounts via gos-admin-menu (#37878).
      • 3.0.18 (2014-05-10):
        • Bugfix for Migration (ANALYZE) from GOS 2.2.0 to 3.0 (#37357).
        • Improvement that removed unneeded temporary files (kbs) (#37263).
        • Bugfix regarding encoding which prevented configuration of some NVTs (#37146, #2014042410000073).
        • Bugfix for Feed synchronization routines for master-sensor updates (#37240).
        • Bugfix for sensor check in gos-admin-menu (#37243).
        • Bugfix to prevent that individual timezone settings get lost (#37265).
        • Bugfix that takes care all permissions of roles User and Observer are preserved during a migration from GOS 2.2.0 to 3.0 (#37438).
        • Bugfix to avoid truncated long CPE names in report format GSR (#36508, #2014040410000011).
      • 3.0.17 (2014-04-23):
        • Bugfix for initial database creation (#37045).
        • Bugfix for consistent LCD content (#36544).
        • Improvement of LCD content (GOS version and IP address) (#36281).
      • 3.0.16 (2014-04-17):
        • Improvement for GSM ONE: If the initial web account is still missing, then a corresponding hint is given on the console (#36444).
        • Improvement for upgrades to be more tolerant upon problems that might occur during a data migration (#36546).
        • Bugfix to make the LDAP configuration dialog available (#35363).
        • Bugfix for the TLS settings of the OMP service (#36789).
        • Extension that will automatically create a self-signed certificate at first start of GOS (#36574).
        • Bugfix to allow the AD account names for authenticated proxies in gos-admin-menu (#36586).
        • Bugfix for the redirect from http to https of the web interface (#36762).
        • Bugfix for migration from GOS 2.2.0 (#36764, #36545).
      • 3.0.15 (2014-04-05):
        • The NVTs “Host Summary” and “CPE Inventory” have been disabled for all pre-installed scan configurations. These data are available in the other results sections anyway (#36104, #35927).
        • For GSM ONE the web address is now displayed directly on the console (#36316).
        • Switched internal logging of web service to SysLog (#36340).
        • Formatting improvements of various login messages of the internal administration level (#36201, #36317).
        • Bugfix for Report Format Plugin GSR which failed in some cases (#36282).
        • Bugfix that moves the DHCP log information in gos-admin-menu to the suitable section (#31287).
        • New: Quick-Task Wizard, available on the wizard page of tasks. For GSM ONE this dialog is reduced (no alerts) (#33889, #36424, #28196, #2013022810000017, #2013112510000014).
        • Restricted offer of TLS versions and ciphers of the web interfaces. Older browsers can not access the web interface any more (#35333).
        • The pre-selected Report Format Plugin for prognosis is now the simple PDF report (#26361).
        • Bugfix that removes unneeded temporary files of services that were removed since GOS 3.0 (#36357).
        • Extended scanner capabilities for TLS services (v1.1 und v1.2) (#36109).
        • Bugfix for the setting of results filter for alerts (#36094).
        • TLS ciphers settings of OMP adjusted to the same as for HTTPS (#34747).
        • Bugfix regarding the LCD display control (#36372).
        • Bugfix to have now an absolute path for the location header of the web interface. This improves the use with proxies (#9709).
      • 3.0.14 (2014-03-27):
        • Updated Report Format Plugins GXR and GSR to version 2.0.1 (#35767).
        • Reduced internal log information of Greenbone OS (#35710).
        • Improved support for hypervisor for GSM ONE (#20497).
        • Bugfix for the entry of Alive-Test method in the web interface (#36165).

2013-06-07: Greenbone OS 2.2.0 

Latest patch level: 2.2.0-37 (2015-07-01)

The items marked with (*) will change the default behaviour.

      • Tasks: Now with new object management

Tasks are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

      • Overrides: Now with new object management

Overrides are now handled via the new object management and therefore gain access to the power filter and to the trashcan. Functionalities Clone and Export are also added.

Furthermore Overrides can now be directly created even without necessity to go via a Task.

All user interfaces where lists of Overrides were shown, like for NVT Details, were changed so that the lists are replaced by a link into the Overrides management with a appropriate context filter.

      • SecInfo Management: CVE data with new object management

The CVE Lookup is replaced by the new object management. This makes interactive search, the Powerfilter and many other functions available for CVE data. The Greenbone SecInfo CVE database contains the official CVE database of MITRE with over 50,000 CVEs.

      • SecInfo Management: OVAL database

New element of the SecInfo Management are the OVAL data. OVAL stands for Open Vulnerability Assessment Language and is a formal description for vulnerability evaluation. These information help with the analysis and are cross-referenced via CVE. The Greenbone SecInfo OVAL database contains the official OVAL Repository of MITRE with over 14,000 OVAL Definitions.

      • SecInfo Management: DFN-CERT Database

A new class in the SecInfo Management are the security alerts issued by the German DFN-CERT, the CERT of the German research network. These security alerts are published in German language and are referenced into scan result via CVE identifiers.

      • Port Lists: Now with new object management

Port Lists are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

      • Credentials: Now with new object management

Credentials are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export. Passwords will of course not be present in exported data.

      • Schedules: Now with new object management

Schedules are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

      • Scan Configs: Now with new object management

Scan Configs are now handled via the new object management and therefore gain access to the power filter and to the functionality Clone.

      • Alerts: Now with new object management

Alerts are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

      • Report Formats: Now with new object management

Report Formats are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

      • Slaves: Now with new object management

Slaves are now handled via the new object management and therefore gain access to the power filter and to the functionalities Clone and Export.

      • Powerfilter: Syntax extension to select backward from current date for a fixed time span in timestamp columns. For example, “modified>-7d” will select all objects modified in the past 7 days.
      • Powerfilter: Syntax extension to select exact matches in multiple fields. For example, “=192.168.12.1” will select all objects where any of the fields contains exactly this IP.
      • SCAP Feed-Update: This function is now also available via the Web-Interface in the Administration area. However, the updates are still done automatically in the background. A manual start is rarely needed in special situations.
      • Personal default powerfilters: In “My Settings” it is now possible to set a preferred Powerfilter for each object class. If you open the overview of the object class, for example the Task overview, automatically your personal default Powerfilter will be used to apply your preferred sorting and filtering.
      • Agents: Now with new object management

Products & Solutions

  • Hardware Appliances
  • Virtual Appliances
  • Greenbone Cloud Service
  • Buy Here
  • Test Here
ISO9001EN

Service & Support

  • Customer Services
  • FAQ
  • Documents
  • Warranty
  • Community Forum
ISO27001EN

About us

  • About Greenbone
  • Licence Information
  • Privacy Statement
  • Terms & Conditions
  • Blog

Contact with us

  • Contact
  • Product Request
  • Careers
  • Partners
  • Security Response Team
  • Imprint
© Copyright - Greenbone Networks 2020-2022
  • LinkedIn
  • Xing
  • Twitter
  • Youtube
  • Mail
Scroll to top

This site is only using technically necessary cookies. By continuing to browse the site, you are agreeing to use this cookies.

Accept CookiesPrivacy policy

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Datenschutzerklärung
Einstellungen akzeptierenVerberge nur die Benachrichtigung
  • Deutsch
  • English