Greenbone Products: Roadmap & Lifecycle

2019-04-30: Greenbone OS 5.0

Latest Patch Level: 5.0.9 (2019-08-26)

Lifecycle Phase: Mature

5.0.10 (2019-09-03):

• Greenbone OS:
  • Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
  • Minor improvement: Updated the integrated version of the GSM manual (#121640, #121753).
• Vulnerability Management:
  • Bugfix: Fixed a reflected XSS vulnerability in the web interface (#121870).
  • Bugfix: Sensor scans could erroneously show the status ‘Interrupted’ on the master in some cases (#121106).
  • Bugfix: Permissions could not be edited in the Administration/Roles/Edit Role dialog (#120601, #121343).
  • Bugfix: Disabled the ‘Trigger Alert’ button on Report details pages for GSM types that do not support Alerts and for users that have no permission to use Alerts (#120598, #120600).
  • Bugfix: Disabled the ‘Edit My Settings’ button on the Extras/My Settings page for users that have no permission to modify Settings (#120598).
  • Bugfix: Removed the ‘Clone Host’ button from all Assets/Hosts pages since it had no use case and caused an error (#121242).
  • Bugfix: The ‘sort-reverse’ filter was not applied in the GSR-PDF report (#119483).

5.0.9 (2019-08-26):

• Greenbone OS:
  • Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120973).
• Vulnerability Management:
  • Bugfix: On the Assets/Hosts page, creating a new target via a bulk action caused an error (#120185, #2019081310000032).
  • Bugfix: In the power filter, quotation marks in keywords starting with the character ‘~’ where not handled correctly, causing subsequent errors during bulk actions (#115293).

5.0.8 (2019-08-14):

• Greenbone OS:
  • Extension: The “Greenbone Security Manager with Greenbone OS 5” user manual is now included in GOS for offline use. It can be accessed via the web interface menu Help/Contents (#119292, #119764).
  • Improvement: Added an experimental “SQL chunking” setting for sensor scans. It is activated via the GOS command line and may improve the scan performance (#117778).
  • Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#116440).
  • Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
  • Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119829, #2019080510000021, #2019072410000022).
  • Bugfix: The database file of a user data backup was not renamed correctly when upgrading from GOS 4 to GOS 5, causing a redundant copy to be present (#118354).
  • Bugfix: Uploading a remote backup server host key could add a newline character, causing the host key to be invalid (#109875).
  • Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118338).
  • Minor bugfix: The Maintenance/Flash menu was erroneously shown for the virtual appliances GSM DECA, TERA, PETA and EXA. It was not functional and has been removed (#119052).
• Vulnerability Management:
  • Improvement: Single select dropdown menus in the web interface are now completely clickable (#118178, #2019071510000101).
  • Improvement: The Edit/New Schedule dialog has been extended to make picking Schedule times easier: The new “Now” button will always set the current time, the date picker has had a year picker added (#118251).
  • Bugfix: Schedules could be erroneously removed from Tasks, since the new iCalendar format was not used for all checks (#117775, #2019070910000033).
  • Bugfix: Schedule “Next Run” times were wrong if the Schedule was non-recurring or for certain timezone constellations (#119045, #119482, #2019072910000013).
  • Bugfix: Schedules migrated from GOS 4 were always using the UTC timezone (#118054, #2019071510000012).
  • Bugfix: Schedule times are once again shown in the timezone that the Schedule was configured for, not the general user settings timezone, restoring the behaviour from GOS 4 (#118873).
  • Bugfix: On the Report details page, the columns Ports, Apps, Distance, Auth, Start and End were missing in the Hosts tab (#115647).
  • Bugfix: The Export File Name settings in the web interface were not applied (#118181, #2019071610000029).
  • Bugfix: The Task setting “Once” for Schedules was not saved correctly (#118237, #118238, #2019071610000127).
  • Bugfix: Emails sent via the an Email Alert had a wrong “Return-path”, “envelope-from” respectively “X-MailRelay-From” (#119942, #2019080810000024).
  • Bugfix: If any default Permissions are missing, they will now be re-created when the Greenbone Vulnerability Manager starts (#117410, #2019062010000013).
  • Bugfix: Resuming a Task configured to run on a Sensor could lead to duplicate results (#113271).
  • Bugfix: Verifying a Report Format in the web interface was missing a feedback dialog (#115104).
  • Bugfix: Verifying a Scanner in the web interface was missing a feedback dialog (#112039).
  • Bugfix: Alerts with the deprecated Report Format “HTML” were not migrated to use the Report Format “TXT” correctly (#110772, #2019071510000085).
  • Bugfix: Opening the web interface login page in a new window or tab while a login was active in another window or tab could log the user out (#114452).
  • Bugfix: If two web users are configured with different user interface languages, switching between the two users required two login attempts (#118559, #2019072310000015).
  • Bugfix: On the Performance page, the performance graphs for Sensors were not working correctly (#119210, #2019073110000045).
  • Bugfix: On the Performance page, changes made via the date picker were not saved correctly (#118055).
  • Bugfix: An error in the CVSS calculator occured, if “Authorization” was set to “Single” (#118415).
  • Bugfix: Clicking the operating system icon on any Host details page caused an error, it now links to the corresponding operating system details (#117780).
  • Bugfix: Creating a valid, but incomplete Alert via GMP and then trying to view it in the web interface caused an error (#114775).
  • Bugfix: Exporting a NVT with an apostrophe in the name caused an error (#120071).
  • Minor bugfix: When creating new Permissions for a Task, the default, pre-selected Permissions were different than in GOS 4 (#114791).
  • Minor bugfix: The “Filter” field in the Scan Report Content Composer was not automatically resized to fit the filter string, causing the text to overflow (#118182, #2019071510000111).
  • Minor bugfix: On the Tasks page, the indicator icon for Tasks configured to run on a Sensor was missing (#119767).
  • Minor bugfix: In the Delta Report view, the indicator for changed items, (+) and (-), was missing colorization (#112862).
  • Minor bugfix: The Task settings “Maximum concurrently executed NVTs per host” and “Maximum concurrently scanned hosts” were not shown on the Task details view (#110104).
  • Minor bugfix: Viewing any Report Format details page as a user with the role “Observer” would show XML parsing errors (#118560).
  • Minor bugfix: The “rows” Filter allowed for invalid values and relations. Invalid values are now converted to “1”, invalid relations are converted to “=” (#111336).
  • Minor bugfix: The response for the GMP command “delete_ticket” has been adjusted to lowercase (#116531).
  • Minor improvement: Removed the preview icon for Delta Report result differences, since the preview can not support all relevant details. Delta Report result differences may still be clicked to view their full details (#113514).
  • Minor improvement: Lists of objects in the web interface, for example “Tasks using this Alert” on the Alert details page, have been improved to make individual objects easier to discern (#118179, #2019071510000067).
  • Minor improvement: The Edit/New Task dialog has been adjusted, allowing the display of longer Scan Target and Schedule names (#118178, #2019071510000101).
  • Minor improvement: The CVSS calculator now states that CVSS V2.0 is used (#113527).
  • Minor improvement: The “details” attribute of the GMP command “get_reports” was undocumented (#114702).
• Vulnerability Scanning:
  • Bugfix: The get_ssh_port() function of the scanner could fall back to port 22 when a custom port was configured (#114986).

5.0.7 (2019-07-25):

• Vulnerability Scanning:
  • Bugfix: Fixed an issue causing scans to abort early due to the scanner not being able to fork new processes. This could lead to less detection results and host details being reported (#116389, #116533, #116866, #2019062510000059, #2019071610000011).
  • Bugfix: Added missing libopenvas build dependencies to openvas-smb (#118501).

5.0.6 (2019-07-11):

• Vulnerability Management:
  • Bugfix: The HTTP timeout setting for the web interface was using an erroneous internal value, this has been corrected (#117889, #2019070810000071).

5.0.5 (2019-07-09):

• Greenbone OS:
  • Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117589).
  • Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#117030).
  • Bugfix: Support for importing old GOS 3.1 or 2.0 userdata backups has been improved (#117135).
  • Bugfix: Starting a GOS upgrade after importing an old GOS 3.1 or 2.0 userdata backup could cause a postgres error (#117412).
  • Minor bugfix: The system operation ‘Update Feed’ in the GOS menu ‘About’ was not named correctly in all cases (#117411).
  • Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117591).
  • Minor improvement: All occurences of ‘Airgap Slave’ have been renamed to ‘Airgap Sensor’ (#117282).
• Vulnerability Management:
  • Bugfix: Configuring a custom HTTP timeout setting for the web interface was not applied in all cases (#117640, #2019070810000071).

5.0.4 (2019-07-01):

• Greenbone OS:
  • Extension: Introduced new GSM types 450, CENO, DECA, TERA, PETA and EXA (#114981, #114992).
  • Improvement: Activated support for SMTPS encryption of emails sent by a GSM (#83277).
  • Improvement: Added a shell script to fix oversized postgres databases (#86497).
  • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#93050, #116252).
  • Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
  • Minor improvement: Added warnings regarding the usage of ECDSA SSH keys (#116303).
  • Bugfix: The flash drive of GSM hardware appliances was sometimes not detected correctly (#115837).
  • Bugfix: No network traffic performance graph data was shown for interfaces in the ‘scan1’ namespace (#110755).
  • Bugfix: The network route 0.0.0.0/0 can now be set (#115609).
  • Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876).
  • Minor bugfix: Improved the formating of the GOS sensor test results (#113219).
• Vulnerability Management:
  • Improvement: The Greenbone Vulnerability Manager now automatically adds a “login failed” host detail when a target has a credential configured and the login fails (#106677).
  • Improvement: Updated the manpage of gvmd (#112086).
  • Bugfix: Notes and overrides for results were not shown (#112702).
  • Bugfix: Not all result pages for delta reports could be viewed (#116392).
  • Bugfix: Task names were not visible in the reports view (#110527, #2019051010000034).
  • Bugfix: The ‘Edit’ dialogue for LDAP and RADIUS settings did not work in some cases (#115426).
• Vulnerability Scanning:
  • Bugfix: If there is no redis database available, the scanner will no longer wait forever, but resume operation as soon as a database becomes available again (#115613).

5.0.3 (2019-06-19):

• Greenbone OS:
  • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116440).

5.0.2 (2019-06-03)

• Greenbone OS:
  • Improvement: The GOS menu ‘About’ will now show the exact type of system operation that is in progress (#98619).
  • Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#115335).
  • Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113830).
  • Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#115285).
• Vulnerability Management:
  • Improvement: Greatly improved the performance of the ‘Edit Scan Config’ dialog (#112699).
  • Minor improvement: File upload buttons and text input fields are now inactive if their corresponding radio button is not selected (#113530).
  • Minor improvement: Added documentation of NVT categories in a GMP response (#109616).
  • Bugfix: The Task page could show an internal error in some circumstances (#114037, #2019051010000034).
  • Bugfix: When switching from the reports list page to the report details page, the page could get stuck while loading (#114040, #2019051010000034).
  • Bugfix: Giving write permissions for a task to another user still did not allow that user to start the task (#114793).
  • Bugfix: It was not possible to bulk-tag filtered resources, like port lists (#113729).
  • Bugfix: Vulnerabilities were not supposed to be tagged, the bulk-tag icon has been removed from the Vulnerabilities page (#115294).
  • Bugfix: Using the ‘Test Alert’ functionality for an alert with the method ‘Start Task’ did not start the task (#110778).
  • Bugfix: Verifying default report formats caused an error. Since they are always verified, the corresponding verification has been disabled (#110105).
  • Minor bugfix: Task details pages were not refreshed correctly (#113931).
  • Minor bugfix: The scheduled task icon tooltip did not list the next due date (#113203).
  • Minor bugfix: In the Results view the host IP column could display ‘null’ (#110583).
  • Minor bugfix: Email alerts could be configured with a syntactically invalid email address (#112103).
  • Minor bugfix: For email alerts with an attached report, the content type of the attachment was set to ‘null’ erroneously (#112155).
  • Minor bugfix: Changed the ‘Solution Type’ checkboxes in the Results power filter dialog to radio buttons, since only one selection is allowed at a time (#114039)
  • Minor bugfix: In the ‘Import Report’ dialog all available containers are now always shown (#112616).
  • Minor bugfix: The ‘NVTs by Family’ chart did not show the message ‘Applied filter…’ if a filter is used (#114094).
  • Minor bugfix: In report details, error messages could contain erroneous entities (#113516).
  • Minor bugfix: In scan config details, ‘Tasks using this Scan Config’ was missing linebreaks (#113871).
  • Minor bugfix: The delete icon was shown as active for scan configs which are in use, it now shows as inactive as intended in this case (#111525).
  • Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035).
  • Minor bugfix: The ‘Anonymous XML’ and ‘XML’ report format details were incorrectly describing both as ‘OpenVAS Manager XML format’ (#113873).
  • Minor bugfix: The ‘Common Platform Enumeration’ report format details were incorrectly referring to it as ‘Common Product Enumeration’ (#113874).
  • Minor bugfix: Fixed the parsing of CVSS single instance authentication in CVE details (#115277).
  • Minor bugfix: Creating a tag with an empty ‘id’ attribute via a GMP API call could lead to a duplicate response (#113815).
  • Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#115284).
  • Minor bugfix: The ‘get_vulns’ GMP command now returns a valid response when used without a filter (#113817).
  • Minor bugfix: Removed unneeded PostgreSQL error log messages when a lock was not available (#109087).
  • Minor bugfix: Fixed a possible race condition in the ‘Edit My Settings’ dialog (#113930).
  • Minor bugfix: Added German translations for error, date and status information (#114030, #114031, #114193).
• Vulnerability Scanning:
  • Bugfix: Each scan plugin process is now separated into its own process group, preventing defunct processes and NVTs being executed at a wrong time (#109743, #113267).

5.0.1 (2019-05-05):

• Greenbone OS:
  • Improvement: The default system maintenance time is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. The system maintenance time can still be adjusted manually (#113695).
• Vulnerability Management:
  • Improvement: Only fully translated user interface languages are now available to choose from in the My Settings menu. Incomplete translations are hidden until implementation (#113517).
  • Bugfix: The tasks page was not refreshed correctly when a task was in the status ‘Requested’ (#113515).
  • Bugfix: Viewing the TLS certificate details in a report view could lead to an error page (#113520).
  • Bugfix: The hosts topology graph was not displayed correctly if there was a host with no severity present (#113521).
  • Bugfix: Powerfilter dropdown menus were erroneously limited by the Rows per page / max_rows setting (#113528).
  • Minor bugfix: Some login page elements were offset for Microsoft Edge and Microsoft Internet Explorer (#113725).
  • Minor bugfix: The list of excluded hosts in the target details was missing a linewrap (#113204).
  • Minor bugfix: The download icons for credentials were missing tooltips (#112161).

5.0.0 (2019-04-30)

• Transform Web-GUI into a single page application:
  Transforming the web user interface into a single page application which is loaded once and then only updates the in-browser data from the server. This accelerates user interactions and unloads the server. The design bascially remains as in GOS 4, but the interaction with the user interface will be much more direct and responsive (FS-171117-1741).
• New view on scan results by vulnerability:
  The new view “Vulnerabilities” additional to Results and Reports summarizes identical vulnerabilities across all scans and of course arbitrary filters can be applied (FS-171117-1729).
• Increase speed of feed updates:
  SCAP/CERT updates consume less CPU and less RAM (FS-171117-4518).
• Transition from global objects to ownerless-predefined objects:
  In GOS 4 it was not possible to assign static global objects (Port lists, Scan configs, Scanner and Report  Formats) to roles as a specific permission. With the transition to ownerless-prefefined objects it is now possible to configure Users, Roles, and Groups in a way, which permits them only restricted usage of only a few, just one or even none of the predefined objects (FS-171117-4531).
• Add columns “Hosts” and “Location” to the overview for Notes and Overrides:
  This makes sorting and filtering for Hosts and Locations easier (FS-171117-1839).
• Extended edit dialog for overrides and notes:
  The edit dialog for Notes and Overrides now allows editing the NVT, Host, Location, Severity, Task and Result even if already set to
  “Any” or specified in other ways (FS-171117-5915).
• New option to upload a file for “exluded hosts” for a Target:
  This removes the limit of the previous text entry field (FS-171117-3759).
• Merge of Web-GUI built-in help and GSM Manual:
  The web version of the GSM manual is directly connected with the help buttons and placed into the appliance. This steamlines the documentation (FS-171116-1819).
• Remove menu item “Assets->Hosts (Classic)”:
  The key functionality “prognosis” is already available since GOS 4.0 as the “CVE-Scanner” (FS-171117-2431).
• Remove overrides indicator switch (web interface):
  The indicator/switch icon for overrides in the header of the severity columns in the tasks overview, reports overview, results overview and report-results overview is removed (FS-171117-1503).
• Link to Scan Configs from the OSP Scanner details page (web interface):
  This makes navigation between Scanners and Scan Configs more consistent (FS-171117-3656).
• Improved log files for scanner (internal):
  The scanner now follows the very same logging scheme as all other internal modules. This helps for support case about scanner (FS-171117-3025).
• Renamed internal vulnerability management service to “gvmd”:
  This is a follow-up change of renaming the protocol from OMP to GMP in GOS 4. This establishes an advanced consistency in internal terminology reaching even into the database. However there is no impact for the user interface or to GMP: Neither GUI nor the API is changed (FS-171117-3251).
• Automated internal database updates with feed content:
  This is a plain internal design change to avoid delayed data updates due to network problems or other issues (FS-171117-5003).
• Advanced internal process activity information scheme for vulnerability management service:
  This is a plain internal change which makes it easier for support cases to analyse the activity status of a GSM (FS-171117-5336).
• Removed Report Format Plugin “HTML”:
  The alternative GSR HTML is more advanced in any aspect. Alerts that were configured to use HTML will automatically fall back to use the lightweight “TXT”. Please change to GSR HTML where considered appropriate (FS-171127-5042).
• Multiple user-configured main dashboards:
  The current single main dashboard under menu “Dashboard” is extended to have up-to 10 user-configured named dashboards. This allows for example to configure “Europe”, “Asia”, “Last Week”, “Windows” or “Printers” by applying respective powerfilters to a individual chart selection. (FS-171116-0537).
• From the list of pre-defined severity classification schemes, “OpenVAS  Classic” is removed:
  It was kept for a transitional phase. Since a long time the NVD classification is the default. During migration, “OpenVAS Classic” is replaced by the NVD classification in case a user configured it as a personal setting (FS-180116-0845).
• Task status “Internal Error” is renamed to “Interrupted”:
  Scans that stopped for any other reason than the user pressing the stop button  will have the status “Interrupted at X%” which is shown in red color in the  GUI and and thus replace the status “Internal Error”. After a reboot of the manager, running tasks are set to “Interrupted at X%” instead of “Stopped at X%”. The “Stopped” status remains reserved for user-intentional stopping of a task. Both types can be resumed. This all allows to resume tasks that failed for example due to a network connection problem during a sensor scan. Also it allows to distinguish between user-intended stop and system-driven stop. This changes the status types as handled by the GMP commands get_tasks and get_reports (FS-180108-3217).
• Drop “version” element for NVTs and update version format for Results: The version information is actually redundant since the “last modification” element specifies the version even more meaningful. Thus, the “version” element is removed from the NVT meta data. This also means a minor change to the GMP protocol. Results are still given a version number of the respective NVT, but the format changes from for example “$Revision: 1244$” to “2017-12-20T08:01:27Z” (FS-171208-4740).
• Extend Schedules to allow more refined schedules: The internal task scheduling system was extended to allow more refined schedules. The dialog for editing alerts was extended with more options like “16:00 every monday and wednesday” (FS-171116-3106).
• Drop elements “host_start” and “host_end” from report element of GMP response from “get_reports”: The information in the elements “host_start” and “host_end”are already available in the “host” element. So, this changeis about dropping the redundant part (FS-180104-2357).
• Bulk tagging:
  This feature introduces the opportunity to assign the same tag to many objects with just a single action rather than adding the tag to each object one by one. For example you can easily assign 100 arbitrarily filtered hosts in the host asset management with the tag “Responsible:AdminTeam1” or “AssetGroup:Printers” (FS-171227-1841).
• Extended vhosts support:
  The scanner becomes much smarter about finding all hostnames:IPs relationships without need of extra user input. The previously used per-scan-config vhosts/vhosts_ip preferences are simply dropped. Whatever was configured here will now be done automatically and reliably. In environments with virtual hosts, the scan results will haveless results because duplicates are avoided now. The hostname is now a field of its own in the Web-UI as well as in GMP. (FS-171212-5724).
• Removed report type “prognostic”:
  This report type was available only at GMP level for GET_REPORTS. This removal is the last step of the transition from “Prognosis” reports to the “CVE-Scanner” (FS-180927-0546).
• Extended storage of results (internal):
  This is a plain internal change (no UI nor API change) to improve performance for some use cases. Technically speaking this reduces the size of the results table by introducing a separate results trash table (FS-180910-0459).
• Drop redundant information from NVT meta data:
  This is an internal change to reduce the copyright notice to a single occurance in the NVTs. This has a minor positive effect on performance for feed updates (FS-181022-5813).
• Encrypted alert emails:
  The alert method “Email” now allows to encrypt to a S/MIME certificate or to a PGP key, owned by the recipient. This way a secure end-to-end encryption is established. The encryption keys can be uploaded as a new Credential type in the Configuration section (FS-171122-0309).
• Scan Report Content Composer:
  This new dialog appears when a report download is requested, an alert execution is requested and is available when an alert is created/edited. The dialog offers to compose the content of the XML that is then passed on to the Report Format Plugin, and perhaps then to the Alert. Initially it allows to configure whether notes and/or overrides should be included into the report. Not all report plugins can handle all types of content. The content composer allows to reduce/extend the scope handled by the report plugin and is designed to be extend with further data groups in the future (FS-180924-3251).
• Integrated Remediation Workflow:
  For the product families MIDRANGE and ENTERPRISE, a integrated remediation workflow is introduced. It is a ticket management focussed on resolving the finding of  vulnerabilities. Compared to a generic ticket management system it is much simpler and has less options. On the other hand, it is capable to automatically consider re-scans in order to verify that an assignee has indeed fixed a security problem. Additionally, all valuable information to understand and resolve a problem is directly cross-linked and thus directly available for an assignee (FS-180103-0646).

2017-09-30: Greenbone OS 4.2

Latest Patch Level: 4.2.30 (2019-07-31)

Lifecycle-Phase: End-of-Life 2019-07-31

• Change: Slaves will become Scanners. This eases the use of scan sensors. Among others, the management of access rights for slaves is unified.
• Approval of sensors now via GOS administration: Users can only configure sensors which got an overall approval by the administrator of the appliance.
• Extended GOS Administration menu.

4.2.30 (2019-07-31):

• Greenbone OS:
  • Set the release status to “retired” for all GSM types with GOS 4.2. An upgrade recommendation will be displayed in the GOS selfcheck (#118948).

4.2.29 (2019-06-19):

• Greenbone OS:
  • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116441).

4.2.28 (2019-02-20):

• Greenbone OS:
  • Bugfix: It was possible that a scan executed on a sensor hangs in „Requested“ in case some types of SNMP credentials were configured for this scan (#0103031, #2018091310000032).

4.2.27 (2019-02-14):

• Greenbone OS:
  • Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#109009, #109314).
  • Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108960).
  • Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109095).
  • Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#108961).

4.2.26 (2019-02-02):

• Greenbone OS:
  • Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108671).

4.2.25 (2019-02-01):

Greenbone OS:
Improvement: A red-dialog warning was added to the release upgrade to GOS 4.3 to explain that 4.3 introduces a mandatory distinction of the mangement interface and the scan interface. This distinction make it necessary for GSM 400 and above to physically attach a second network cable to the appliance. (#108615).

4.2.24 (2018-11-20):

• Vulnerability Management:
  • Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in a empty file (#91951, #2018041710000043).
  • Bugfix: In some special cases, deleting a user was causing an error message (#103651, #2018081610000011).
  • Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied
    (#103818).
• Greenbone OS:
  • Bugfix: In very special cases, upon configuration changes the boot menu showed multiple entries (#103822).
• Vulnerability Scanning:
  • Bugfix: The scanner log showed error messages when using WMI to scan Windows systems. We have not observed impact on scan results though (#104645).

4.2.23 (2018-10-26):

• Vulnerability Management:
  • Bugfix: Using quotation marks in filter triggered error in bulk action (#98690, #2018072710000037).
  • Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102296, #2018100510000063).
  • Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103070, #2018091310000032).
  • Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100314, #2018090310000024).
  • Minor bugfix: It was not possible to create tags for scanners (#100317, #2018090310000079).
  • Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102252, #2018100410000056).
  • Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102457, #2018100510000036).
• Greenbone OS:
  • Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102832).
  • Minor bugfix: During upgrade a uneeded additional information dialog appeared (#102833).
• Vulnerability Scanning:
  • Improved consideration of UDP services (80572, #2017090110000021).

4.2.22 (2018-10-15):

• Vulnerability Management:
  • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones
    (#101817).
  • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102649, #2018101010000026).
  • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#101276).
  • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101658).
  • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers
    (#101653, #2018072710000037).
• Greenbone OS:
  • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#83793, #2017112310000029).
  • Bugfix: Adding a custom IPv4 route caused a problem. Previously configured custom routes were not affected
    (#102289, #2018100510000054).
  • Minor Bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102837).
  • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102829).

4.2.21 (2018-10-04):

• Greenbone OS:
  • Release switch to GOS 4.3 opened for GSM ONE. Please first upgrade to GOS 4.2.21 before switching to GOS 4.3 (#101440).
  • Maintenance update of base system. This especially includes a maintanance update of the database management system (#102250).
  • Minor bugfix: For hardware appliances, the boot-loader was updated only after first patch level update (#95566).

4.2.20 (2018-09-14):

• Vulnerability Management:
  • Extensions: New option to add delta reports to alerts. The configuration of an alert is extended with the option to create a delta report first and then apply the actual alert method. This essentially means, not the report of the task is used for subsequent processing but rather the delta report (#95423, #22348, #45442, #2014121610000019, FS-180523-4304).
  • Improvement: The database cache was optimized for scan reports. This improves the performance for some scenarios with master-sensor setup and big scan reports (#88902, #2018030710000019).
  •  Bugfix: In rare situations it was possible that the database management system starts to become very busy and consumes all of the RAM. It is regarded a database bug because with GOS 4.3 (which includes a DBMS update) this is not reproducable. The bugfix solves the problem for GOS 4.2 for the lab test cases (#99585).
  • Bugfix: The scan configuration “System Discovery” was not reporting details on operating systems, now it does (#94398, #2018060710000031).
  • Bugfix: extreme large content of reports triggered a XSL transformation error when generating a report (#92618, #2018050810000022).
  • Bugfix: The operations “Apply to selection/filter” for creating a target from host assets were creating empty targets (#98482, #2018072710000037).
  • Bugfix: For tags the filter element “orphan” caused an error (#97694, #2018071810000045).
  • Minor bugfix: It was possible to delete a report format plugin although it is configured for a vernice.pro alert (#98054, #2018071910000034).
  • Minor Bugfix: Web-based creation of external scanners failed for some types (#95812).
• Greenbone OS:
  • Minor bugfix: Invalid guest user account caused traceback message (#100916).
  • Minor bugfix: When uploading a non-certificate file when a certificate is expected, a traceback message occured (#95694).

4.2.19 (2018-08-24):

• Vulnerability Scanning:
  • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem
    (#91015, #2018061410000036, #2018082210000035, #2018082010000011, #2018081710000036, #2018081710000018, #2018053110000023)

4.2.18 (2018-06-14):

• Vulnerability Management:
  • Bugfix: The Web-UI service, if running for a longer time at a short refresh interval (30s) for special pages and possibly in multiple browsers tabs, could sum up to a low memory problem on the appliance which in turn might have caused other problems such as repsonsiveness and availability (#93126).
  • Bugfix: In the Web-UI in detached charts, the sorting was not copied over to the filter and thus the charts looked different
    compared to the embedded ones (#91416).
  • Bugfix: The asset IDs for host assets in the results were not correct and thus the links to the asset management pointed to the same asset for an entire report (#94285, #2018060510000044).
  • Bugfix: Adding user tags to SecInfo objects caused an internal error during saving (#91176, #2018041210000061).
  • Bugfix: IPv6 addresses were not accepted in the host entries in the edit user dialog (#92887, #2018042710000051).
  • Minor improvement: The target details were not abbreviating the target which could lead to very long entries if for example 1000 single IPs were imported. The Web-UI view is now abbreviating the content, the XML export of course still contains all data (#88918).
  • Minor Bugfix: In the PDF report summary section some special characters were not escaped properly (#92022).
  • Minor Bugfix: The GMP command get_reports, when applied for delta reports, did not work with empty filters (#88462).
  • Minor Bugfix: After uploading a LDAP certificate, the Web-UI redirected to task overview instead of remaining on LDAP configuration page (#88900).
  • Minor Bugfix: Improvements to the german online help of the Web-UI (#88411).
• Greenbone OS:
  • Extension: The support package is extended with more system status information about the GSM to allow for a better analysis. The technical specification of the Greenbone Support Package (GSP) was updated accordingly to the status of 2018-06-04, see here for GSP specification
    (#88046, #93047, #93051).
  • Extension: New option to configure a web proxy for each connected scan sensor. This allows a master GSM to control its sensors through a http proxy instead of a direct connection (#93128, FS-180530-4837)
  • Extension: When accessing the Web-UI via a reverse proxy which defines a high number of keep-alive requests, this could exceed the default maximum number of concurrent connections of the Web-UI and thus lead to HTTP error code 503. To cope with such a situation where the proxy can not be re-configured, the GSM now allows to change the per-ip connection limit via internal GOS setting ‘per_ip_connection_imit’ (#84890, #2017122210000029).
  • Bugfix: When downloading a support package from the GSM, and in case more than one interface was configured, the information dialogs showed the wrong URL for the download (wrong IP address) (#90788, #2018040610000019).
  • Bugfix: The interface configuration naming for GSM 5300/6400 was for some cases inconsistently enumerated (#91287, #2018041110000045).
  • Minor Extension: Sudden power outage could lead to orphaned temporary database tables. This has no negative effect, but it will cause log messages until the orphaned tables are removed. An advanced opportunity was added to allow the removal of the orphaned tables in coordination with the Greenbone Support team (#88047).
  • Minor improvement: Moving NVT files inside the feed caused warning messages in the log. Since this is actually a normal thing to happen, it will not show up anymore as a warning (#89502).

4.2.17 (2018-05-12):

• Vulnerability Management:
  • Bugfix: In case of comprehensive use of permissions and overrides the “Add Override” function triggered a significant amount of cache operations which slows down the system. This is avoided/optimized now (#92616, #2018050710000024).
•  Greenbone OS:
  • Bugfix: Upgrading sensors via master automatically can be faulty with 4.2.16 (new brainpool signing key). This fixes the problem for automatic update and also the manual update trigger (#92722).
  • Extension: The magic SysRq keys are now active for the unlikely event of a system panic situation. This can help for example to shut down the system cleanly and protect filesystem integrity   (#91726).
  • Extension: In case of filesystem damages (for example due to a sudden power outage) the filesystem repair system at boot time will now propose to reboot always after repairs happened. We highly recommend to not cancel the recommended procedure of the system (#91005).

4.2.16 (2018-05-03):

• Greenbone OS:
  • Bugfix: Expirey of signature key: The new brainpool key so far was only activated for NVTs, but not yet for GOS updates and new flash images. The old key expires on May 15th 2018. You must update to 4.2.16 prior to this date. Once beyond this date, GOS updates will not be possible anymore until a manual import of the new key is done (#92019, #92273, #92274, #92336, #76935).
  • Extension: Next to the already available http upload option, it is now optionally possible to paste a new signing key via clipboard into a text entry (#92409).

4.2.15 (2018-04-13):

• Vulnerability Management:
  • Bugfix: Combining alerts with severity-based conditions could set a task connected with such an alert to Internal Error (#91095)
  • Improved dialog for new password (#89444, #2018031510000031)

4.2.14 (2018-04-10):

• Vulnerability Management:
  • Extension: Search functionality for LDAP-based authentication by extending to use not only the DN, but also the uid attribute in the LDAP schema, and performing an LDAP search to get the DN (#57286, #75012, FS 171117-0939-UID-attribute-for-LDAP-Login).
  • Extension: A new alert method was added to send scan reports to a Tipping Point SMS (#82703, FS-171117-0551-alert-for-tipping-point).
  • Improvement: The response time for opening the details dialog for a single scan result was significantly shortened. We measured factors of up-to 100 times faster response (#86913).
  • Improvement: Extended coverage of chinese translation of Web UI (#86876).
  • Bugfix: Auto-generated credentials of type ssh-key were not working properly when scanning via sensors (#89728, #2018030810000026).
  • Bugfix: Under certain conditions it was possible that starting a scan while the feed update is running led to a task hanging in status “Requested” (#83713, #88787, #2018030610000021).
  • Bugfix: On some GSM models importing of Scan Reports could fail and raise an Internal Error dialog (#86914).
  • Bugfix for SMB alert: The placeholder “%F” is now replaced by the chosen filetype (#85434, #2018010810000021).
  • Bugfix: When deleting a user who distributed permissions, there was no warning and no option to let objects be inherited. The objects were simply deleted and not available anymore or the other users (#88321).
  • Minor bugfix: In certain situation with distributed read permissions, clicking on the hosts for a report resulted in an empty page instead of a permission denial message (#55350).
  • Minor bugfix: For schedules, the calendar editor did not allowto shift months backwards (#86730, #2018012910000017).
  • Minor bugfix: When leaving one of the password entry fields empty in the dialog “My Settings”, an internal error was raised. Now a helpful message explains the input error (#86736).
  • Minor bugfix: The report format “LaTeX” was missing some newlines around “rowcolor” (#86785).
  • Minor bugfix: For plain new databases, re-order the sequence of creating database functions to avoid undefined situations. This bug had no effect for any regular shipped GSM, thus minor  (#88876).

• Greenbone OS:
  • Extension: Custom routing can now be configured explicitly via GOS menu for non-virtual GSM models. The new menu “Routes” under “Setup”/”Network” allows the configuration of IPv4 and IPv6 routes. The configuration is not per interface, rather the system will automatically pick the best route if any interface can reach the target network. There is also a warning about trying to configure a route to unreachable network. Some advanced routing still has to be done via Expert Mode, but the most common cases can now be configured via menu. Expert Mode and new Routes configuration cannot be applied concurrently (#89505).
  • Minor extension: The support package now also collect log information about user data import and system data import (#84847).
  • Bugfix: The configuration of VLANs in combination with DHCP was not consistent in all cases (#85213).
  • Bugfix: The configuration of DNS via menu after activating Network Expert Mode did not become active (#86503).
  • Minor improvement: In some migration scenarios a headless setup is desirable and this improvement makes a headless setup more flexible (#82206, #81119).
  • Minor bugfix: A non-relevant log message (“assertion” warning) when accessing a task was fixed. It occured only under certain conditions (#71011).
  • Minor bugfix: Removed a misleading entry from the internal boot menu (#86379).
  • Minor bugfix: Fixed a typo in the menu (#88911).

• Vulnerability Scanning:
  • Extension: Introduce a “wait between requests/probe” option for scanning. Scanning “critical infrastructures” components have shown the need for waiting time between network probes. Such devices can have a quite fragile TCP/IP stack and can’t handle parallel and/or multiple subsequent network requests. Outages of the network communication with other connected devices can be the result. This change does not affect any defaults. It is an additional option for the Scan Config and a new Scan Config should be created when desired to apply this setting. However, note that acivating this naturally makes the scan take longer (#86582, FS-180125-3444-wait-between-probes-in-scanner).
  • Extension: The internal scan scheduler was extended with the ability to consider regular expressions for pre-conditions to launch NVTs. This enables the GSF development team to make NVTs smarter. It is planned to apply this feature in the feed very soon and improve performance for some scan scenarios, mainly authenticated scans of Linux systems will benefit (#88402, FS-180111-2416-NASL_mandatory_keys_with_re).
  • Bugfix: It was possible that some NVTs were launched for situations where they did not match the situation (presumed open ports). The fix has a slight positive effect for the scan performance (#89733).
  • Bugfix: In some situations many unneeded internal signature verifications were executed and could slow down scanning. This is a regression that was introduced in 4.2.13 (#89294).

4.2.13 (2018-03-14):

• Scanner:
  • Bugfix: Randomly some NVTs were not accepted during feed update or during startup at the first attempt. In many cases the Scanner was able to overcome the situation on its own, but in a few cases the problem becomes severe. This bugfix resolves the problem at its root (#88860).
  • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88187).

4.2.12 (2018-03-03):

• Greenbone OS:
  • Bugfix: The comprehensive changes of 4.2.11 introduced a bug for the feed update for updated NVTs leading to invalid hash sums. (#88630).

4.2.11 (2018-03-01):

• Greenbone OS:
  • Performance: The duration of starting up the scanner and the duration for updating the NVT feed was accelerated significantly. We measured up-to a factor of 30. This  comprehensive change became necessary for the migration of the GSM 500/510/550 models to GOS 4.2. All other models were able to cope with the demands of the modern GOS 4.2 before, but will benefit from this acceleration. (#86323).
  • Feature: The menu for log view was added for the models GSM 25, GSM 25V and GSM ONE. (#83489, #2017112410000018, FS-171220-0411-logging-menu).
  • Robustness: In case the scanner runs into a severe problem that prevents to continue his job for whatever reason, the scanner is restarted after one minute. (#86734).

4.2.10 (20108-01-19):

• Vulnerability Management:
  • Updated GSR HTML: The new version 0.4 adds the new section “TLS certificates”, sort indicators in table header, expand/collapse for all details of a table and total/average summary to some of the tables. Apart from some further smaller improvements, the resulting size of a report file is reduced. The level of reduction depends very much on the  actual content. The best value we measured was a reduction by 70% (#84502, #75109, #2017063010000043).
  • Change in power filter for performance improvement and consistency: The power filter will now search only for text columns for terms that do not refer to a specific column. This means that filters with a plain generic keyword that could be interpreted as a number (for example “6.4” or “212.10”) can produce less results (actually being more adequate). If for example explicitely a severity of 6.4 should be filterd, use “severity=6.4” (#82377, FS-171129-1004).
  • Extension: The Web-UI offers an updated German translation and and also a new and complete Arabic translation. (#81116).
  • Improved GSR PDF: In special situations, inconsistent fonts were applied for results. Also long CPE names are better treated in the section “Top 10 Applications”  (#83830, #2017120510000016, #82546, #2017111010000026).
  • Improvement for Web-UI consistency: The refresh drop down menu is no longer displayed on pages where it was non-interactive before (#80470).
  • Extension: The details dialog for a CERT-Bund advisory now displays the advisory version if available. (#83965).
  • Bugfix: The feedback button for Greenbone Support in the details dialog for results was missing and is now re-added (#84564).
  • Bugfix: When creating a Credential, for special types this caused an error and the credential was not created (#84509).
  • Bugfix: In case a schedule was configured in a special way, it caused an internal error and schedules for tasks were reset (#84889, #2017122210000011).
  • Minor bugfix: Typo in task wizard dialog. (#80048)
• Greenbone OS:
  • Security bugfix: Although Greenbone OS did not expose an attack vector for Meltdown, the respective kernel updates are now adopted. These kernel changes affect performance in general. Our tests have shown little, but in some cases with high I/O a performance reduction of a few percent. We found no scenario with severe impact but we ask our customers to report about them to our support team in case it happens. We apologize for the Meltdown impacts, but we share this problem with virtually any other vendor (#85433, #85701).
  • Improved robustness of setup wizard regarding upload of a subscription key: It becomes easier to retry again after uploading wrong files or in other way invalid keys (#81615).
  • Extension: It is now optionally possible to activate encryption for the SysLog configuration (#65388, #2016121610000015).
  • Bugfix: For certain values for the VLAN configuration it was possible that an internal error occurred (#84334).
  • Bugfix: The log view for scanner modules stopped working after a log rotation (#85432, #2018010510000053).
  • Minor bugfix: Window title for VLAN configuration (#84335).
• Vulnerability Scanning:
  • Bugfix: With each feed update the scanner consumed more memory due to a memory leak. Over time this resulted in performance reduction and subsequent effects. A reboot of the system solved the problem for a while. The memory leak is now resolved (#85977, #85073).
  • Change: The scanner preference “log_whole_attack” is not available anymore in Scan Configurations. This is actually a debugging feature and (unintended) massive use can cause unwanted side-effects. The debug feature can now be activated via GOS CLI and GOS will warn about the use during selfchecks (#83199, #83171, #2017111710000031).
  • Minor bugfix: A bug in the internal programming language for NVTs was fixed (#84584).

4.2.9 (2017-12-19):

• Web Interface and GMP:
  • Bugfix: In rare cases, the Web Interface and GMP is not available after migrating from GOS 3.1. It is possible to re-enable manually, but this fix automates it (#84586, #2017111510000026).

4.2.8 (2017-12-15)

• Web Interface and GMP:
  • Performance improvement: For large numbers of hosts and OSs the asset management queries are faster now (#82376).
  • Bugfix: In case a task has a special character in the title, results queries were not possible for that task (#83717, #82474, #2017112710000076).
  • Extension: For the alert type “EMail” the title now allows a length of 160 instead of 80 characters. The text template by default has now a maximum length of 2048 instead of 1024 characters (#83170, #2017102510000018).
• Web Interface:
  • Bugfix: When editing a task, it was possible that not all changes were applied when closing the dialog (#83827, #2017111410000073).
• Scanner:
  • Bugfix: With intensive scans, it happened that over time the scanner consumed too much memory and required a re-start (#83892).

4.2.7 (2017-12-04)

• Web Interface and GMP:
  • Bugfix: The total number for results was including the error messages. These are not anymore included (#83476, #2017112310000056).
  • Migration of Report Format Plugins: During the migration from GOS 3.1 to GOS 4.2 all Report Format Plugins will be deactivated unless they belong to the system standard. Please consider the notes about the migration prior to reactivating an old Report Format Plugin (#75449).
  • Bugfix: It was possible that the progress bar for scans showed negative percentage values. This happened when special settings were made at GOS level and then revoked (#80284).
  • Bugfix: Under certain conditions it was possible that resetting the powerfilter in the classic Asset Management caused an error (#80291).
  • Bugfix: For the section Ports of the report browser the filter settings for overrides and QoD were not taken into account (#81947).
  • Bugfix: It was possible under certain conditions that applying an erroneous powerfilter caused a Internal Error message (#78351, #2017082910000033).
  • Bugfix: The auto-generated credential installation packages for Windows 10 were not functional (#81894, #2017101810000013).
  • Minor improvement: When using non-existent UUIDs for Reports via GMP a misleading error message was returned (#82301).
  • Minor improvement: In case a sensor is not available during a performance request, the error message is now more adequate (#78870).
  • Bugfix: GSR did not work when some specific content elements occurred in the scan results (#82601, #80179, #2017111310000057).
  • Improvement: The GMP service can handle very fast access better now (#66155).
  • Bugfix: Combining the filter element “sort-reversed” with delta reports did not work (#80472).
  • Bugfix: In very rare cases and in combination with special scan results, database problems were possible (#82215, #2017110110000016).
• Web Interface:
  • Bugfix: Under certain conditions the assignment of users to groups was denied although it should have been possible (#76830, #2017072810000046).
  • Bugfix: A certain click sequence could lead to a wrongly set powerfilter element “rows” of “-1” (#80192).
  • Improvement: The advanced task wizards will not change the refresh interval anymore (#65521, #2016122110000014).
  • Improvement: Some language localization translations were improved for German (#80990, #2017101310000013).
• GOS-Admin:
  • Improvements of the migration of user data from GOS 3.1 to GOS 4.2 (#83008, #80131, #82543).
  • Bugfix: Under certain conditions the master-sensor configuration caused problems in case at least one sensor was configured for port 9390 (#81607, #2017102310000058).
  • Improvement: The management of log data stored these for a too long time (#83234).
  • Improvement: In case of severe system errors a so-called failsafe mode could be entered which boots a minimal system for analysis and repair purpose (#81798).
  • Improvement: The self check of GOS-Admin-Menu now also checks for RAID errors (GSM 5300/6400) (#82208).
  • Minor Bugfix: Some unneeded error messages appears in the log about “gsad” (#80050).
  • Minor Bugfix: Error messages when starting the LCD module (#81298).
• Scanner:
  • Bugfix: Under certain conditions it was possible that a authenticated scan via ssh did not stop on the target system although the actual scan was stopped (#38015, #82704, #2017111410000019).
  • Improvement: Various log messages of the scanner were improved for better problem analysis (#73002)

4.2.6 (2017-11-03)

• Web Interface and GMP:
  • Bugfix: Tags permitted to be viewed by other users were not visible. This included even the superadmin (#80132, #2017092810000033).
  • Bugfix for GSR/GXR: Severity counts in the PDF report for hosts were not matching in some cases (#80951, #2017101110000017, #80466, #2017100410000085).
  • Bugfix for GSR HTML: The HTML showed blank pages when viewing with web browser IE (#79585).
  • Improvement for import of scan reports: The import now runs in the background and does not block the database anymore (#80988).
  • Improvement: The performance of the table Scans->Results was increased (#80124, #80115).
  • Minor bugfix for GSR: In rare cases some vulnerability results were using the wrong font in the PDF and displaying all special characters correctly (#65007, #2016120810000012, #67100, #2017020110000015).
• Web Interface:
  • Bugfix: For Chrome browsers, check boxes for bulk action mode were not visible (#81301, #2017101710000033).
  • Bugfix: For IE browsers some buttons did not work with e left-click (#80418, #2017100410000067).
• GOS-Admin:
  • Changed behavior of Schedules: In case a GSM is started after it was switched off some time, only those schedules are executed that were missed in the last hour. Any schedule missed more than one hour ago will not be executed. Prior to Version 4.2.6 any missed scheduled scan was started at boot time, those with a period of course only once (#81839).
  • New menu to show HTTPS certificate and fingerprint: The menu item “Fingerprints” and “Show” were added to GOS menu Setup/Services/HTTPS (#78214).
  • Bugfix for sysLog: Using some special characters in the syslog configuration caused the syslog service to fail (#81163).
  • Internal extensions for controlling scheduling behavior for maintenance works (#81801).
  • Internal extensions for controlling request/query cancellation for performance adaption. (#70226, #81895).
  • Internal extension for controlling memory consumption to avoid use of swap memory (#81837).
  • Bugfix: In case of a sudden power-off, some self-reconstructions are running to cope with potential file system damages. Under certain conditions, this lead to an error message when logging in, because the logging system was used before it was repaired (#81208, #2017101610000062).
  • Bugfix: In case of a sudden shutdown of the database, the GMP service will not stop being available (#80566, #2017100610000027).
  • Improvements of the Support package (#73641, #81306, #81307, #81308).
  • Improvement: For GSM models 5300/6400 the LCD now displays the RAID sync status (#80051).
  • Minor internal improvement to avoid misleading log messages about “redis” (#76132).
  • Minor improvements: Various wordings in GOS-Admin-Menu improved and some inconsistencies resolved (#80052, #78620, #79216, #80185, #79521, #80114, #80414, #80570).
  • Internal improvements (new signing keys, EFI, kernel) (#73818, #78139, #80112, #81117, #72047, #81003, #73487).
• Scanner:
  • Performance improvement: For some scan scenarios (few NVTs, many hosts, reverse lookup), the scans now are significantly faster (#77776).
  • Improvements for authentication part of scanning Windows systems (#78621, #81111, #201709051000003).
  • Bugfix: In case of special temporary internal resource problems, the scanner will recover on its own (#78711).
  • Performance adaption for GSM models 400, 500, 510 and 550 to better handle high scan load situations (#81614).

2015-01-26: Greenbone OS 3.1

Latest patch level: 3.1.48 (2018-09-05)

Lifecycle-Phase: End-of-Life 2019-07-31

The items marked with (*) will change the default behaviour.

• New: Dynamic charts “bar-chart”, “donut” “lines” and “bubbles” for SecInfo Management of the web interface. For each object types, two chart types can be selected. Each chart can be detached into a window of its own, the underlying data can be exported in CSV format or opened as HTML table, the SVG representation can be opened in the browser or be exported.
• New: Dashboard overview for SecInfo Management of the web interface. It consists of 4 charts which can each be individually selected by type and combined with a powerfilter. The configuration is persistent for each user.
• New: Dynamic diagrams for tasks analog to SecInfo Management.
• New section “Results” under menu “Scan Management”. This section offers a object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
• New: SecInfo object type “CERT-Bund” which are the advisories published by the German federal CERT.
• New: Attribute “Solution Type” for NVTs and results.
• New: Bulk actions for example to remove or download many objects within a single action.
• New: Configuration type “Scanner” allows to configure additional scanners of type OpenVAS (the default and pre-configured one) or OSP-based scanners. OSP stands for OpenVAS Scanner Protocol which can be used to wrap up arbitrary scanners with a generic interface to be handled generically for the vulnerability management. The task management is extended with scanner-type dependent  alternatives. These features prepare the integration of OSP scanners. Any default settings and behaviour remains like in the previous Greenbone OS release. OSP is entirely optional.
• New: Option for anonymous guest access. Apart from the new role “Guest” which is similar to role “Info” allowing access only to the SecInfo section, there is now the opportunity in gos-admin-menu to enable access for guests. This makes it also possible to use static URLs to link into certain views in the SecInfo section.
• New: Role “Monitor” that allows access to the performance data of the GSM.
• New: Role “Super Admin” that allows access to all objects of all users.
• New: Permissions “Super” that for example allows to create Group Administrators.
• New: The filenames for Downloads can now be configured via “My Settings”.
• New: Wizard for modifying a task.
• GXR/GSR: These report format plugins were re-worked. Especially GSR was changed to have less pages for the same content and to get created faster.
• Tasks: The dialog for setting permissions is re-worked.
• Timezones: The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
• (*) Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up to GOS 3.0, a second session always invalidated the previous one regardless of which browser is used.
• For any web interface page, the duration of the backend operation will be shown at the bottom.
• (*) Credentials: The public key of SSH credentials is not required anymore because it is extracted from the private key.
• Credentials/Targets: Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
• New: Statistics module at OMP level represented by the command “GET_AGGREGATES” which is also the foundation for charts.
• (*) When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With GOS 3.0 the scanner immediately stopped activity and did not return so far collected host details. With GOS 3.1 this is now transferred to the database.
• New internal inter-process communication of scanner.
• Memory consumption of scanners reduced by 50%.
• (*) Dropped support for pausing of tasks (OMP).
• (*) Dropped support of outdated “openvasrc” Format (OMP).

• 3.1.34 (2016-09-21):
  • Web-Interface and OMP:
    • Updated GXR/GSR: Charts that were empty due to scan results or filtering are not included anymore. Also the OID were shortened for better readability. A formatting error for hostnames with underscores was fixed (#61602, #62598, #2016091310000045).
    • Improvement: When starting a scan, any NVT for settings was activated regardless of whether the settings are required in the respective context or not. This generic automatic activation was now disabled. Of course when attaching a SSH credetial, all necessary settings will be taken care of in the background. This now disabled feature was a transitional convenience for users of GOS 2. For large scans with small scan configurations you might notice a performance improvement (#62267).
    • BugFix: GSM Tag for Windows Server 2012 is now correctly set in the Verinice ISM Report Format Plugin (#60486, #2016062810000059).
    • BugFix: In the task overview of the scanner details page some obects were shown where actually permission is denied and thus clicking on the links led to a permission error. Those links are not shown anymore (#57759).
  • Web-Interface:
    • Bugfix: Under certain conditions the pre-configured sorting of reports was not by date (#62509).
    • Minor english typo fixed (#62509).
  • Scanner:
    • Extension: The scanner offers more ways to the NVTs about analysing TLS certificates (#62139).
    • Bugfix: Under very rare and very special circumstances the scanner had trouble during the execution of a NVT and cancelled the execution of this NVT (#62465).
• 3.1.33 (2016-09-02):
  • Scanner:
    • Bugfix: An issue which caused scans to hang or abort prematurely under certain circumstances has been addressed (#62049).
    • Bugfix: An issue which caused error messages to contain references to incorrect hosts has been addressed (#62268).
    • Bugfix: An issue which caused slave tasks to remain in the ‘Requested’ state when master and slave were using different host limits under certain circumstances has been addressed (#54755).
    • Bugfix: An issue which caused vulnerability tests to abort prematurely under certain circumstances has been addressed (#60387).
  • Web-Interface and OMP:
    • Bugfix: An issue which caused an incorrect error message to be displayed when editing a task under certain circumstances has been addressed (#60442).
    • Bugfix: An issue which caused the ‘Alive Check’ property of a target to be ignored when cloning the target has been addressed (#60634, #2016070410000021).
    • Improvement: The filter used for Auto-Alerts has been modified to sort by severity to avoid misrepresenting the maximum severity when used with a large number of results (#60712, #2016070510000019).
    • Improvement: The limit for the field ‘Target Host’ in the Advanced Task Wizard has been increased (#56513, #2016012810000013).
    • Improvement: An issue with the help message for the ‘New Credential’ function has been addressed (#56663, #2016020410000021).
    • Improvement: The ‘Anonymous XML’ report format now strips even more items which could contain sensitive information from the report (#56793, #2016021010000027).
  • GOS-Admin:
    • Improvement: Support for using the RSA algorithm for authentication in Master-Sensor setups has been added (#62059).

• 3.1.32 (2016-08-13):
  • GOS-Admin:
    • Critical Bugfix: Unfortunately version 3.1.31 has a critical problem for the sensor management. Sensors at version 3.1.31 can not be updated anymore by their master, neither NVT Feed updates nor GOS version updates.

If you upgraded from version 3.1.30 or prior to version 3.1.32, then there are no problems. But once a Master was updated to 3.1.31, the problem exists for all its sensors that were automatically updated to 3.1.31.

In case you are affected by this problem, it is unfortunately mandatory to apply a manual change on the sensors. The Greenbone Support has prepared a recipe for this manual change. We apologize for this inconvenience (#62030).

• 3.1.31 (2016-08-08):
  • Web-Interface and OMP:
    • Extension: Automatic deletion of old reports. For tasks there is now a new setting that allows to specify a maximum number of reports stored for this task. If a further report is added, the oldest report gets automatically deleted. This makes it possible to for example to keep the latest 10 reports of a daily executed task. By default this is unset (#38210).
    • Improvement: If a scan via a scan slave fails due to a wrong password or wrong username for the slave, there will now be a respective note in a error message of the report (#59154).
    • Extension: The new alert method “SCP” allows to transfer a scan report in XML format via the SCP protocol. This is for example supported by some SIEM systems (#53932).
    • Extension: The alert method “SNMP” was separated from the method “SysLog” now forming a method of its own. It is not necessary anymore to additionally configure the SNMP trap received via GOS-Admin-Menu (#58742).
    • Extension: “Default Severity” was added under “My Settings”. This is the pre-defined severity to be used for NVTs that do not offer a severity. This can only happen if CVE-based OSP scanners are used and the CVEs do not have yet a CVSS assigned. Default is the conservative maximum of 10.0 (#49729).
    • Extension: It is now possible to attach a GXR and/or GSR to the Verinice ISM Report Format Plugin (#41074, #60444, #54603, #2015111910000013).
    • Minor extension: The powerfilter for permissions was extended with keyword “orphan”. With “orphan=1” orphaned permissions can be filtered. It is those permissions where the referring resource does not exist anymore (#55906, #2016010410000022).
    • GXR/GSR: The topology graph is created only for a maximum of 50 hosts (#56108, #2016011810000014).
    • Minor improvement: It is now allowed to use character “@” in the comment and value of tags (#57395).
    • Bugfix: If user names contained special characters, it was not possible to add them to groups or roles (#58879).
    • Bugfix: When importing special scan configurations it was possible that errors prevented the import (#59629).
    • Bugfix: Under certain conditions it was possible that a task executed via a scan slave hung in status “Stop Requested” (#59726, #2016050310000017, #2016052310000024).
    • Bugfix: Cloned pre-define report formats are now automatically trusted since only the general description can be changed and not the internal logic (#56990).
    • Bugfix: A formatting problem for special NVT descriptions was solved for the GSR PDF report format (#56150, #2016012010000037).
    • Bugfix: In very special cases it was not possible to positively verify a imported Report Format Plugin (#59287, #59756).
    • Bugfix: For delta reports some unneeded entries were created under certain conditions (#56952, #2016020910000011).
    • Bugfix: When creating for example GSR PDF reports directly in the web interface, the filter settings about hosts were not considered although this was considered in the GUI (#57256, #2016022910000055).
    • Bugfix: In the port list overview UUIDs were shown for targets using the port lists but which were not readable for the current user. The cross references did not work as a matter of fact. Now such UUIDs are not shown anymore (#58885).
    • Minor corrections of the OMP Documentation (#56666).
  • Web-Interface:
    • Layout improvements for host table in report results browser: The column content is now better wrapped (#55406).
    • Bugfix: Special manual changes to HTTP request now result immediately in an empty page and not cause anymore a delay (#57986).
    • Additional icons for operating systems were added (#57183).
    • Bugfix: When using the auto-refresh a error message could occur when creating a multiple permission (#56795).
    • Minor improvement: The titles for the filtering rules in the report results browser were changed to prevent misunderstanding about what exactly is the view about (#39535, #2014072410000121).
    • Minor improvement: The “once” status of a task is now also visible in the tooltip (#48265, #2015040910000028).
    • Bugfix: The edit-dialog for user account did not set the LDAP flag automatically if the user was managed via LDAP (#56469, #2016012610000017).
    • Improvement: Under high load of web interface (many concurrent users) it could happen that a new connection was denied. The limit of concurrent connections has been increased now (#58167, #2016040710000039).
  • GOS-Admin:
    • The menu for SNMP trap configuration was removed. It is now available via the web interface (#58743, #58745).
    • The cipher configuration of the SSH service was moved to a higher security level (#58450).
    • Improvement of internal logging: UUIDs of resources are now accompanied with the resource name and any “Internal Error” is now explicitly detailed (#58005, #58721, #59683).
    • Extension: For an in-depth analysis of a GSM in cooperation with the Greenbone Support there is now an option in the GOS-Admin-Menu to create a encrypted package with all relevant system data (#44900, #60301).
    • Extension: Internal clean-up method for resetting a scan sensor (#28277).
    • Improvement: The internal journal sizes of the database are limited now (#57888).
    • Bugfix: During a Factory Reset possibly (depending on the GSM model) an error occurred. This was only in very rare cases and it was possible to circumvent it. This is now fixed in general (#60488, #55414).
  • Scanner:
    • Improvement: The OpenVAS Scanner was made more robust handling timeouts. If a port was detected as open but later on it times out, a multiple retry strategy is applied (#48537).
    • Improvement: If SMBv1 is disabled on the target system and SMBv2 enabled, the scanner can achieve some more results during a authenticated scan. However, the detection capabilities very much depend on the presence of a running remote registry service (#50757, #2015071510000029).
    • Bugfix: Under extreme high load scan tasks could hang on a scan sensor. In combination with a limited schedule tasks could remain in status “Stop Requested” until next reboot. Measures are taken to prevent such so-called “scan zombies” (#56688, #2016020310000022).
    • Bugfix: Under certain conditions SSH scans could hang for a while. If the scanner has trouble with the remote ssh service, it terminates earlier now (#54059).
    • Improvement: When scanning SNMP services too many unneeded internal log information were created in case of missing MIBs (#59857).

• 3.1.30 (2016-05-30):
  • Web-Interface and OMP:
    • Bugfix: For scheduled scans with limited duration and in master-slave operation it could happen that the scan task was stopped on the master but not on the slave. When resuming a task a new scan was started instead of finishing the stopped one (#59433, #59431).
  • Scanner:
    • Bugfix: Frequent stop and start of a task in short intervals could lead to a task that stay in status “Stop Requested”. A blocking scanner was responsible for this situation (#59642).
• 3.1.29 (2016-04-21):
  • Web-Interface:
    • Bugfix: The action to resume a task while concurrently using a page refresh could lead to loosing the session ticket (#58356).
    • Bugfix: By using some special UTF-8 characters for filters it was possible to loose the session ticket (#57961).
  • GOS-Admin:
    • Update of an internal CA certificate with a new expiration date. This update is mandatory for proper operation of the vulnerability scanning and management. It is especially urgent for GSM ONE where the update needs to happen during April 2016 (#57946).
  • Scanner:
    • For authenticated scans via SSH it is now possible to use ECDSA keys (#57091, #29613).
• 3.1.28 (2016-02-23):
  • Web-Interface and OMP:
    • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#50862, #54971).
    • For various situations there is no blocking of actions anymore. A user can act in parallel to background processes like SCAP update. At the same time the CPU load is lowered (#44104, #56004, #56127).
    • Bugfix for the trashcan. It was possible that when emptying the trashcan also other resources were deleted (#55296).
    • Extended options for the condition of alerts: It is now possible to use the number of matches of a powerfilter as criterion (#45430, #2015010710000019).
    • Bugfix: Some graphs of Extras/Performance were not correctly displayed for the GSM ONE and for GSM 500/510/550 (#55648, #2014050510000017, #54799).
    • The Report Format Plugin “Verinice ISM” was prepared for a generalization (#43295).
    • Only GSM 100: Bugfix of the task scheduling. Not all of the scheduled tasks were always properly started (#55259, #56466, #2016012510000028).
  • Web-Interface:
    • The regular expressions for user inputs where checked and where possible narrowed down. This helps to identify invalid user input earlier (#55933).
    • Minor improvement: The icons for deleting notes and overrides are now only available if the user has no permission to execute this action (#55384).
    • Bugfix: When using auto-refresh it was possible to get an error message after creating a permission for a task. The task or permission as such was not affected, it was just a wrong error message (#55298).
    • Bugfix: When using IPv6 the redirection from http to https did not work properly for all of the possible IPv6 addresses (#54839).
  • GOS-Admin:
    • New: For the backup of user data the new method SFTP accompanies the methods USB and SCP (#51195, #2015072310000013).
    • Minor improvement for the TLS cipher support for OMP/HTTPS regarding the settings SECURE and NORMAL (#55940).
    • The range of accepted characters for proxy credentials was extended (#49453, #2015052710000055).
    • In GOS-Admin-Menu some passwords where shown in clear text. This was now changed so that GOS-Admin-Menu shows no passwords in clear text at all (#56599, #2016020110000035).
    • An option to delete source code was added to GOS-Admin-Menu. This can be use in case source codes were installed manually (#54020).
    • Minor improvement for upgrades: The new version number was shown too early in the process of the upgrade (#47727).
    • In order to prepare the upcoming feature of support packages, the PGP key of the Greenbone Support was integrated. This will allow in future releases to encrypt data when sending to the support team (#56126).
  • Scanner:
    • An updated base library for the SSH protocol improves the detection abilities of the scanner and also extends the support for SSH credentials used for authenticated scans (#52479).
    • Improved robustness of the scanner against incomplete NVT meta data (#55264).
    • Bugfix regarding SSH connections: When doing massive scans a slow-down or connection loss could happen (#54661).
• 3.1.27 (2016-02-18):
  • GOS Base System:
    • Security-Bugfix closing a severe vulnerability in the general base library “glibc”. It is recommended to reboot the system after the upgrade completed (CVE-2015-7547).
• 3.1.26 (2016-02-02):
  • Web-Interface:
    • Security-Bugfix closing a DoS attack vector. It was possible to invalidate web session tickets of other users. Neither integrity nor availability of OMP or SSH is affected (#56541, GBSA-2016-02).
• 3.1.25 (2016-01-12):
  • Web-Interface:
    • Minor security bugfix that closes a open redirect which was present only with enabled guest mode (#55720).
• 3.1.24 (2016-01-09):
  • Web-Interface:
    • Security-Bugfix solving a cross site scripting vulnerability. To exploit the vulnerability a valid session token is required. In case the guest account is activated, the general guest token can be used. However, the guest user account owns no write permissions for the GSM (#55720, GBSA-2016-01).
• 3.1.23 (2015-12-15):
  • Web-Interface and OMP:
    • Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#51923).
    • New alert method “Send to host”: This method allows to send scan results in various formats to a configurable address as a simple TCP upload. Such upload opportunities are offered by several SIEM systems (#53931, #54296).
    • Bugfix for verinice ISM report plugin: It is now possible to attach a HTML report optionally (#54602, #2015111810000015).
    • Change for verinice ISM report plugin: The tag “Verinice Source ID” is now used instead of the previous work around based on the comment of a task (#54687).
    • New remote authentication method for GSM users via radius (#54696, #54060).
    • Changed: The “Once” checkbox for scheduled tasks now stays active after the scan was started. Before, it was deactivated but this added extra work for typical use cases (#48228, #2015040710000013).
    • Improvement: If no results were obtained during a scan, the user now gets some hints about potential reasons why the scan report could be empty (#51462).
    • Bugfix for overrides and CSV export: The overrides are now also applied for CSV exports (#52768, #2015092110000041).
    • Improvement for slave scans: a reboot of the master GSM does not anymore stop the slave scans. Now the slave scans can be resumed properly (#45074, #45073).
    • Improvement for the vulnerability view in the report browser: Notes and overrides are now also displayed (#52187, #2015090110000024).
    • Bugfix for overrides: The edit dialog was missing an explicit selection button for “yes” for the “active” setting (#52996).
    • Improvement for OSP scan configurations: Better defaults for selection lists (#52572, #52376).
    • Bugfix for counter of NVT Families in scan configurations: In some cases the number of NVTs was not shown correctly in the overview. The details view, however was correct (#53645, #2015091010000043).
    • Bugfix for deleting of ESXI credentials from trashcan: It was possible to ultimately delete a credential that was actually still in use (#54332).
    • Bugfix for scheduled scans with limited duration: After reaching the limit the task is now set to “Stopped” without any error notice (#53049, #2015093010000041).
    • Bugfix for importing OSP scan configurations (#53088, #2015100210000083).
    • Bugfix for LSC installer for Windows: Temporary files created during the installation are now removed immediately after the installation (#53680, #2015102210000036).
    • Bugfix for the performance charts: If data are no available, instead of showing an empty graph, now the graph is dropped. Several graphs are fixed and now use the correct data source (#22336, #22856, #36565).
    • Bugfix for prognosis reports: The format NBE is now also supported (#52897).
    • Minor bugfix that avoids an internal log message on slave GSMS in case scanning happens without credentials (#54526).
  • Web-Interface:
    • Minor improvement: For a guest access the page selection persists when the session ticket expires and a direct re-login is requested (#52165).
    • Minor bugfix: In some cases links to objects in the trashcan were non-functional (#54336).
    • Session tokens are now combined with the IP address of the browser. If a session token is used from a different system than it was issued for, it will not be accepted (#52008).
    • Minor improvement for the case a login user name is tried for logging in that contains invalid characters: In the past, a error dialog was raised. Now simply the login dialog returns and asks for a new try (#20082).
    • Bugfix: Missing icon for solution type “Mitigation” (#52596).
    • Minor bugfix: Enabling the bulk action, some icons remained visible, but without functionality. These are not visible anymore (#54335).
  • GOS-Admin:
    • Failed logins are now logged by default, including the source address (#51158, #51927).
    • Internal improvement: Some unneeded files that remained after an upgrade from GOS 3.0 are now deleted. These were just system files, no user data (#54019).
    • Minor improvement: When entering a proxy credential, a additional hint on the syntax for ADS environments is provided for convenience (#53684).
    • Bugfix: The Airgap menu of gos-admin now correctly reflects all of the airgap combinations (#54058, #51272).
  • Scanner:
    • OSP scanners report about the host alive status properly (#51924).
    • Bugfix for resolving hostnames in pure IPv6 environments (#54216).
    • Bugfix: For some OSP scans the target CIDR notation was not correctly resolved (#52373).
    • Internal improvement of the OpenVAS scanner regarding data stream block lengths (#53023, #52146).
    • Improved status message in case of a malfunctioning or unavailable OSP scanner (#52240).
• 3.1.22 (2015-10-30):
  • GOS-Admin:
    • Improved robustness of the central data manager against special load and stress situations (#53834, #53825, #53832, #53646, #2015100710000047).
• 3.1.21 (2015-10-20):
  • Web-Interface and OMP:
    • Minor Bugfix: Subject for email alerts are now prefixed with “GSM” (#53282).
  • GOS-Admin:
    • At high load it could happen that more than one feed update is executed in parallel. This could lead to a blocking situation (#53356, #53360, #2015100710000047).
    • The upgrade starting from a factory reset could lead to error messages in the log during a feed update due to inconsistent data migration (#53358, #2015100610000031).
• 3.1.20 (2015-10-07):
  • GOS-Admin:
    • Bugfix: An issue which could cause the upgrade process to abort under certain circumstances has been addressed (#53089, #2015100210000065).
    • Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53091).
    • Improved visibility of upgrade process in system log files (#44607).
• 3.1.19 (2015-09-29):
  • Web-Interface and OMP:
    • Accelerated responses for task overview in case of high scan loads (#50860, #2015070610000037).
    • New: Extended configuration of email alerts. The title as well as the message body can now be specified individually. Some variables can be used to reference the task and to use text elements. The pre-configure settings reflect the title and content as was so far. So, there is not necessary to immediately change anything (#50859, #50572, #2015070810000042).
    • GSR Report: Under certain circumstances (triggered by an alert) wrong severity colors and classes could be applied that did not match the actual CVSS (#51820, #50171, #2015081810000058, #2015062310000015).
    • New: XML representation of tasks now includes the tags attached to the task (#52478).
    • Bugfix: Credentials shared via permissions were in some cases not accessible for the scan (#50363, #2015070110000028, #2015070810000051).
    • Bugfix: It could happen that a shared sub-object (for example a port list) was not readable (#51416, #2015080410000039).
    • Bugfix: Access of super admin via LDAP is not denied anymore (#48824, #2015042710000021).
    • Bugfix: When using dynamic severity, it could happen that timeout messages were displayed as a regular result instead of as an error (#50324, #2015070110000019).
    • Minor Bugfix: In scan configurations it could happen that the displayed number of selected NVTs for a family was wrong. The actual selection was handled correctly (#48250).
  • Web-Interface:
    • Bugfix for the export of larger data collections from ca. 100 objects, for example CPE resources (#52174).
    • New: When creating a new target, now the pre-set target is the source IP address of the user’s browser system (#47098, 51639, 51925).
    • New: When creating a new task, now it is possible to directly specify a tag for the new task (#35488, #2014022510000066).
    • Bugfix for host restrictions for a user: Ranges that were expressed using the hyphen syntax (from-to) were not accepted (#50915, #2015080710000015).
    • User names may now contain the dot character (“.”) (#51136).
    • Minor Bugfix: The Chinese translation is now identified as “zh_CN” instead of just “zh” (#51112).
    • Minor change: Die login page now has a CSS of its own (#50915).
    • New: The “Content-Security-Policy” settings are now used to limit the embedded access from within other sites (#51375).
  • GOS-Admin:
    • Accelerated Upgrade: Under certain circumstances a automatic update could take several hours because some internal data optimizations were executed. These are not enforced anymore for each upgrade (#51481, #2015081010000045).
    • Failed logins for the web interface are now logged by default including the source IP address (#51926).
    • Minor Bugfix: Applying changes of TLS Cipher is less delayed now (#43785).
    • Minor Bugfix: Lowered log noise about upgrades (#49956).
  • Scanner:
    • Accelerated scans by about 10%. The actual achievements depend on various circumstances and might be even better (#48799).
    • Improved integration of the web application scanner w3af, now also supporting the seed URL setting (#51266, #51334, #51412, #51283).
    • Improved integration of the IDS PaloAlto (#52600, #52579).
    • Improved error handling of OSP scanners (#51335).
    • Minor Bugfix: When creating a OSP scanner, expired certificates are immediately rejected (#50398).
    • OSP servers now refuse to launch with a certificate that expired anyway (#50397).
    • Bugfix: Dynamic severity will not display OSP scanner results as “0.0” anymore (#50738).
    • New: OSP connector for Fortinet which however is not yet supported for use (#49627, #52104).
    • OpenVAS Scanner: The option “max_sysload” was removed as a scan configuration option, because it is a system wide setting, not a scan-specific one (#51263).
    • Bugfix for OpenVAS Scanner: Improved SSH host key detection (#50588).
• 3.1.18 (2015-09-24):
  • Hardware:
    • Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52838, GBSA-2015-01).
• 3.1.17 (2015-08-03):
  • Web-Interface and OMP:
    • Improvement of filtering regarding QoD by extending the use of filter element “min_qod”. This helps for a consistent view for default settings (#46117).
    • Extended powerfilter for results: All results for a task across all reports can be selected for a certain CVE (for example “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
    • Bugfix for the powerfilter when searching for parts of an IP address (#49497, #2015052910000015).
    • Resolved inconsistencies (None vs. Log) when handling PCIDSS severity classes and corrected ranges (#49080, #49075).
    • GSR PDF reports: Size limitation extended (#49655, #2015040810000021).
    • GSR/GXR PDF Reports: With more than 100 hosts the topology graph will not be included anymore since details can not be identified anymore anyway. With this, the creation of the larger reports is also accelerated (#49269, #2015051810000018).
    • Bugfix: QoD for “general_note” is now displayed with 1% and not anymore with the default of 75% (#50325).
    • Bugfix: The installation routine for automatically created credentials now also works for Windows 2012 R2 and Windows 10 (#47269, #2015030210000033).
    • Bugfix: Improved error handling for invalid user input for the powerfilter (#49412).
    • Bugfix: Global users were missing in the selection box for permission dialogs (#49381, #50497, #2015070610000046).
    • Minor bugfix: Less process overhead for the creation of report documents (#48977).
  • Web-Interface:
    • Improved support for user interface languages. By restructuring the handling it is now easier to add more languages. In this context, German and Chinese was updated and a partial translation for Russian was added (#44479, #50723).
    • Extended bulk actions: It is now allowed to handle a larger number of objects with a single action, for example to delete a larger number of reports (#50584, #2015070610000028).
    • Details dialog for tasks: Added the information about the total number of single results related to this task across all reports. This includes a direct link into the results table (#49628).
    • Improved: New User dialog now does not allow to enter a password in case LDAP is used because it was and is ignored anyway (#49271).
    • Bugfix for permissions: In some special cases the action icons were greyed out although the actions were allowed (#49583).
    • Bugfix for the Powerfilter: In some cases the combination of keywords did not establish the right selection, for example the combination of the keywords “task_id” and “cve”. (#49675).
    • Bugfix for the creation of a schedule: The comments was not stored (#49595).
    • Extended the set of allowed characters for comments by “:” (#49494, #2015052810000026).
  • GOS-Admin:
    • User-data backups can now be created even when the database exceeds the size of 4 GByte (#48109).
    • Extended the set of allowed characters for the SNMPv3 password by “$#?!” (#49312, #2014100110000023).
    • The SNMP setting are now also available via GOS-Admin-Menu for the GSM 25 (#49448, #2015052710000019).
    • Bugfix for the import of reports: The detection details were not imported (#49660, #2015060410000033).
    • Bugfix for the SNMP trap setting (#46321, #50323, #2015013010000029, #2015063010000083).
    • Bugfix to prevent non-functional internal processes. However, there was no impact on performance (#48109).
    • Minor bugfix for the scanner for rare special cases (#49593).
    • The setting “proxy_update” was not used since a very long time and now is finally removed. Instead, the setting “proxy_feed” is used (#49593).
    • Improved internal error messages in case of database problems (#48876).
  • Scanner:
    • Bugfix: Under certain conditions single checks were aborted too early (#48906).
    • Bugfix: For Linux systems with large package databases (ca. more than 8000 packages) it could happen that the list was truncated and thus not all packages were analyzed (#49727).
    • OSP: Extended to handle ports as host details and to handle timestamps (#48800, 49584).
    • New: Beta version of Palo-Alto OSP scanner for selected pilot customers (#48538, #51194, #50912, #50858).
    • New: Beta version of w3af OSP Scanner for selected pilot customers (#50912, #43436, #49673).
• 3.1.16 (2015-07-03):
  • Web-Interface and OMP:
    • Bugfix: A scheduled start of a task will now only be done for the owner of the task (#50140, #2015020210000026).
    • Bugfix: A scheduled start of a task will now only be done once per given time window (#50314, #2015063010000065).
• 3.1.15 (2015-06-19):
  • Web-Interface and OMP:
    • Bugfix: When stopping a scan task it could happen that the status of the task hangs at “Stop requested”. Only a reboot did set back the status to “Stopped” (#49496, #2015052810000017).
    • Bugfix: A report creation triggered by an alert could block the database for the duration of the report creation (#49975).
• 3.1.14 (2015-06-16):
  • Web-Interface and OMP:
    • Bugfix: A combination of scans with a configured time window and automatically coupled creation of reports could lead to a blocked database in case the Scan was comprehensive or the time window short (#49861, #2015061110000011).
• 3.1.13 (2015-05-21):
  • Web-Interface and OMP:
    • Permissions: Extended dialog for setting new permissions. It is now possible to create multiple permissions in one step. For example it is now possible when changing a target object, to apply the same permissions automatically to the related port list and credentials. Concurrently a unified permission dialog for all object types is introduced. It is available on the respective details pages. And it offers a direct link into the permission creation dialog and automatically configures all related objects for it.In total this increases the comfort for creating, reviewing and modifying permissions. (#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
    • QoD: Some inconsistent default filtering (min_qod) is now unified and the current min_qod selection will be kept when entering into a report (#46989, #47891).
    • Bugfix: The deleting of Report Format Plugins failed under certain conditions (#48961).
    • Bugfix: Accessing the trashcan failed under certain, rare conditions (#49058, #2015050710000021).
    • Bugfix: It was possible that by removing an override the severity did not follow the change (#47789).
    • Passwords for web and OMP users: Now it is also allowed to use whitespace and part of a password (#48712, #2015042210000021).
    • The Report Format Plugin “Verinice-ITG” is now a pre-configured plugin and it is not required anymore to import it explicitly (#41765).
    • Bugfix: The name of a NVT and its last tag are now considered for filtering (#48891, #2015041610000023).
    • Bugfix: The sorting by “Last” report in the task list did not work properly (#48823, #2015042710000011).
    • Bugfix for slave tasks: In case the sensor or slave was not reachable, it was problematic to stop a started scan as long as the start was still was not established (#48877, #2015040110000024).
    • Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strictly (#47710, #48890, #2015040210000041).
    • Bugfix: Filter directives for delta reports were executed properly, but in the new view the filter was lost (#48063).
    • Bugfix: Individual port lists that were used for a scan via a slave or sensor where not automatically deleted after the scan finished (#47889).
    • Bugfix about displaying the trust status of Report Format Plugins (#47721, #2015022310000013).
    • Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example “80/tcp” (#48715, #2015031810000031).
    • Bugfix: Under certain conditions it could happen that expanding the results view did not show the actual details in case the results are owned by another user (#47411).
  • Web-Interface:
    • Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#48981).
    • Bugfix: The version info about GSR and GXR did wrongly not show the actual version 3 (#48115).
    • Bugfix: The counter for notes and overrides in the NVT details dialog showed always 0 (#48247, #2015040810000048).
    • Minor extensions of the online help texts (#47708, #47858).
  • GOS-Admin:
    • Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#48788).
    • OMP via IPv6: In case OMP is enabled, this protocol can now be accessed also via IPv6 (#13592).
    • User-Data backups: In GOS-Admin-Menu there is a new function that shows all local user data backups (#47787).
    • User-Data backups: In GOS-Admin-Menu there is a new function that allows to remove single local user data backups (#44852).
    • Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#48523).
    • Backup Management: The structure in GOS-Admin-Menu was re-organized with a better separation of backup types and backup settings (#44769).
    • Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#48442).
    • Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#47055, #2015022010000019).
  • Scanner:
    • Bugfix: By stopping and then resuming a task it could happen that in the overlapping range some results were doubled (#48538, #48974, #2015041710000031).
    • Bugfix: In some cases the hostname for a scanned IP was missing in the results (#44904).

• 3.1.12 (2015-04-23):
  • Scanner:
    • Bugfix for the scanner which did not reliably executed some tests for some Windows systems. This lead to a lower number of detected vulnerabilities compared to GOS 3.0 (#46115, #48521).
• 3.1.11 (2015-04-08):
  • Web-Oberfläche und OMP:
    • Bugfix for the NVT details: The CVSS vector was missing in GOS 3.1.10. After the next feed update the vectors will be visible again (#48062).
• 3.1.10 (2015-04-01):
  • Web-Interface and OMP:
    • Comprehensive update of the Report Format Plugins GXR and GSR. The representation of is more compact now. Especially the GSR will now get created faster and will have less pages. Apart from that, several new functions are support now like solution type and QoD (#46216).
    • The Report Format Plugins GXR and GSR now offer a tabular overview about the success of target host authentications (SMB, SSH and ESXi) (#45700, #2015011510000021).
    • Bugfix for GSR Report Plugin: The text entry about overrides was missing (#47212).
    • New Report Format Plugin “Anonymous XML”: Like XML, but IP addresses get pseudonyms and other potential hints about the origin of the scan are removed as well (#38250).
    • Comprehensive update of the permissions management regarding visibility of objects by Users, Groups and Roles. Now, several dependencies will be considered by the permissions management (#47310, #2015030410000011).
    • Bugfix for automatically created Debian credential packages (#46996).
    • Fully automized update of CERT-Bund now activated (#45364, #47176, #2015022610000062).
    • Bugfix for the keyword “owner” when used in the powerfilter (#46915).
    • Bugfix regarding transfer of task properties to scan slaves (#46721).
    • Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#46897).
    • Bugfix to prevent piling up of lost scanner processes that slow down a GSM over time (#47854).
    • Bugfix regarding changing the “Host-Alive” method (#47989).
  • Web-Interface:
    • Charts: Tooltips extended with percentages and added tooltips for the legend (#47358).
    • Bugfix: Overrides were applied in the Report-Browser, but False Positives were not displayed (#47096).
    • Improved usability of powerfilters: The text entry now contains only specific elements. All others are displayed below, but could be set anytime as well (#45912).
    • Minor bugfix for Task Details Dialog: The Slave name is not displayed anymore if no slave is used anyway (#46819).
    • Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#15343).
    • Improved online help for Scanner Details (#47282).
    • Added download option for certificates of OSP scanners (#47281, #47283).
    • SecInfo for NVTs was internally changed to now use the OMP command GET_INFO (#39910).
    • Minor bugfix: Graphical bug in Charts regarding too many percentage characters (#47357).
    • Minor bugfix: Graphical bug for IT-Schwachstellenampel regarding URLs (#46969).
    • Minor Bugfix for status info of OpenVAS Scanner: It was wrongly displayed that the scanner is offline (#47280).
  • GOS-Admin:
    • Extended SNMP monitoring parameters and MIB: The MIB for the Greenbone Security Managers as well as the newly supported standard properties are now documented at the Greenbone website about SNMP (#44239, #29960, #2013052810000039).
    • Internal improvement for self-check after an upgrade to identify incomplete upgrades (#47579).
    • Internal improvement of management of OSP Ovaldi: Certificate update via GOS-Admin-Menu (#47219).
    • Minor bugfix of NTP configuration to avoid error messages in the log (#46726, #2015021110000027).
    • Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47264).
    • For GSM ONE the menu “Advanced Management” is now back in GOS-Admin-menu (#47724).
    • Improved Boot-Check log (#43682).
    • Minor bugfix for a problem that produced many log entries (parse_ctime) (#46815).
  • Scanner:
    • Internal improvement: For NVTs of the OpenVAS Scanner it is not mandatory anymore to deliver a CVSS Base if they already offer a CVSS Base Vector (#41456).
    • Improvement of authenticated scans for target systems with specific SSH services and key types (#47304, #47278, #29613).
    • OSP-ovaldi now also delivers its own CPE as a host detail (#45909).
    • New Parameter “debug_mode” for all OSP scanners (#45906).
• 3.1.9 (2015-03-13):
  • Bugfix for internal GOS upgrade handling (#47513).
• 3.1.8 (2015-03-05):
  • Bugfix regarding TLS certificates of the pre-configured scanner. Under certain conditions it could happen that no scans are executed anymore and a manual update of the certificates was necessary. This has now been automated (#47279).
• 3.1.7 (2015-03-03):
  • Quality of Detection (QoD): This concept for the reliability of successful detections of vulnerabilities now arrived also in the web interface. New NVTs were already equipped with specific QoD values (between 0% and 100%) for some time. The QoD is now visible for NVTs as well as for the scan results. Of course, it is now possible to use the QoD to filter. The defaults are chosen to match the previous behaviour. This means, the same number of results are filtered which corresponds to a QoD of 70%.
    With this new feature, the parameter “paranoid” in the scan configurations is dropped, because now even those tests with a low reliability are always executed. The results are present in the database and can be reviewed if needed. A separate scan for detecting so-called “potential vulnerabilities” is not necessary anymore. (#46396, #38193, #46118).
  • Extension of the permissions dialog for tasks: When granting permissions to a task, now the same permission is automatically granted for the depending objects like schedules or alerts. (#39459, #2014072210000017).
  • Reduction of DNS Reverse Lookups of the GSM for NTP servers (#46965, #2015012110000037).
  • Bugfix for executing scans via slaves: Now the configured port list is applied and not just the default port list (#46632).
  • Bugfix for the use of SSH keys for SSH credentials (#46474).
  • Bugfix for the Restore function of the user-data backup on GSM 100 when migrating to GOS 3.1 (#46813, 46835, 46241, 46515).
  • Bugfix for drop-down dialog elements for timestamp in task wizards (#46125).
  • Bugfix for scan progress bar: The progress is now reflected more adequately (#18591, #46694, #2015020210000053).
  • New functions via gos-admin-menu (section “Advanced”) to manage the database (vacuum, analyze) (#41097, #43688).
  • Bugfix for sensor upgrades, specifically for airgap (#46836).
  • Bugfix for individual timeout configuration of NVTs when executed via a slave system (#44857, #2014121110000019).
  • Bugfix for missing transfer of ESXi credentials to slave systems (#46691).
  • Creating web users with the same name is not allowed anymore (#46214).
  • Alterable tasks: If all reports are removed, the task does not anymore automatically turn into a regular tasks. It rather remains to be an alterable task (#42226, #2014101310000028).
  • Extension for creating a new task: It is now possible to assign a schedule and configure to execute the schedule only once. After this schedule is executed, it will automatically be removed from the task (#46184, #2015012610000028).
  • Tasks with schedules that define only a single execution: After the scan was started, the schedule object is removed from the task object because it won’t be ever executed anymore anyway. This means that now any task in the task overview that has a schedule symbol will definitely be executed in the future at least once. (#45943, #46185, #2015012610000046).
  • Extension of the selfcheck in gos-admin-menu to check availability of internal OMP service (#46397).
  • Update of an external link inside the Online Help system (#46390, #2015013010000047).
  • Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46542).
  • Bugfix for sorting the numerical column “IPs” of targets (#39267, #2014071710000018).
  • Bugfix for Superadmin: Icons for cloning are not greyed anymore (#45888).
  • Bugfix for Superadmin: Access to notes and overrides is now possible (#45889).
  • Bugfix for auto-credentials (#45729, #45730).
  • Improved WMI RSOP support for the OpenVAS Scanner (#40407).
• 3.1.6 (2015-01-26):
  • Last release of Beta phase. First release of 3.1.