Versioni attuali

2021-04-30: Greenbone OS 21.04

Current Patch Level: 21.04.26 (2023-04-03)

Lifecycle Status: Obsolete

21.04.26 (2023-04-03):

21.04.25 (2023-03-06):

21.04.24 (2022-12-15):

21.04.23 (2022-10-06):

21.04.22 (2022-09-12):

21.04.21 (2022-08-19):

21.04.20 (2022-08-08):

• Greenbone OS:
  • Improvement: the switch release to Greenbone OS 22.04.0 was unlocked for all supported appliance models (#GOS-1027).
  • Bug fix: an error was fixed where abnormal remote syslog entries were created on the target remote syslog server due to erroneous line breaks (#GOS-888, #GS-2257).
  • Minor improvement: a GOS menu dialog to inform about the switch release to Greenbone OS 22.04.0 was added (#GOS-846).
• Vulnerability Management:
  • Minor improvement: the included appliance manual was updated to the current version from 2022-07-25 (#GOS-1024).

21.04.19 (2022-06-27):

21.04.18 (2022-05-25):

21.04.17 (2022-05-19):

• Greenbone OS:
  • Security fix: the package openssl included in GOS was upgraded from version 1.1.1n-0+deb10u1 to version 1.1.1n-0+deb10u2 (CVE-2022-1292).
  • Security fix: the package postgresql included in GOS was upgraded from version 11.14-0+deb10u1 to version 11.16-0+deb10u1 (CVE-2022-1552).
  • Bugfix: an error was fixed where a wrong check was used to determine whether a beaming image can be imported and the corresponding dialog in the GOS administration menu was changed to avoid confusions (#GOS-874).
• Vulnerability Management:
  • Minor improvement: the included appliance manual was updated to the current version from 2022-05-18 (#GOS-876).

21.04.16 (2022-05-12):

21.04.15 (2022-03-17):

21.04.14 (2022-03-11):

• Greenbone OS:
• • Security fix: for virtual appliances, the Linux kernel was upgraded to version 4.19.232-1 (CVE-2021-20322, CVE-2022-0492 and CVE-2022-0847).
  • Security fix: for hardware appliances, the Linux kernel was upgraded to version 5.10.103-1 (CVE-2022-0185, CVE-2022-0492 and CVE-2022-0847).
• Vulnerability Management:
  • Minor improvement: the included appliance manual was updated to the current version from 2022-03-11 (#PL-817).

21.04.13 (2022-02-25):

• Greenbone OS:
  • Security fix: the library Expat included in GOS was upgraded from version libexpat1:amd64 2.2.6-2+deb10u1 to version libexpat1:amd64 2.2.6-2+deb10u3 (CVE-2022-23852).
  • Security fix: the Redis server included in GOS was upgraded from version 5:5.0.14-1+deb10u1 to version 5:5.0.14-1+deb10u2 (CVE-2022-0543).
• Vulnerability Management:
  • Minor improvement: the included appliance manual was updated to the current version from 2022-02-25 (#PL-789).

21.04.12 (2022-01-31):

21.04.11 (2022-01-04):

21.04.10 (2021-12-02):

21.04.9 (2021-11-01):

21.04.8 (2021-10-13):

21.04.7 (2021-10-05):

21.04.6 (2021-09-08):

• Greenbone OS:
  • Improvement: The configuration of the GOS nginx server was revised for better default security (#PL-560, #PL-590).
  • Improvement: A new configuration option to enable HTTP Strict Transport Security (HSTS) was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
  • Improvement: A new configuration option to enable Online Certificate Status Protocol (OCSP) stapling was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
  • Improvement: The feed data objects are now rebuilt during GOS feed updates and when upgrading to GOS 21.04.6 or later, if a feed import owner is set. This will automatically fix problems with these objects if they were corrupted in the database previously (#PL-632, #AP-1645, #AP-1646).
  • Security fix: the package openssl included in GOS was upgraded form version 1.1.1d-0+deb10u6 to version 1.1.1d-0+deb10u7 (CVE-2021-3711 and CVE-2021-3712).
  • Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 21.04.6 or later, or when changing the “Feed Import Roles” setting (#PL-564).
  • Bugfix: A GSM master now pushes both APT feeds (for the current and previous GOS versions) to its sensors (#PL-594, #GS-271).
  • Bugfix: An error was fixed where sensors failed to get APT files via a feed push by the master (#PL-542, #GS-121).
  • Bugfix: An error was fixed where switching from a static IP address to an identical DHCP IP address removed the IP address until rebooting the GSM (#PL-590).
  • Bugfix: An error was fixed where a superfluous IPv6 address was assigned to a network interface, when using the new GOS network manager and IPv6 (#PL-578, #GS-182).
  • Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
  • Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
  • Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625).
  • Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
  • Bugfix: There were problems with the checksums of VTs when switching between GCF and GSF. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-605).
  • Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
  • Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
  • Bugfix: An error was fixed where empty performance graphs for deleted virtual interfaces in the management namespace were still shown on the web interface. After deleting a virtual interface, a reboot is required to remove the graphs (#PL-403, #2019032710000104).
  • Bugfix: An error was fixed where the HTTPS certificates of GSM TRIAL did not work (#PL-597).
  • Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
  • Minor improvement: The selfcheck menu texts for the GOS lifecycle states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
  • Minor improvement: The log /var/log/pheme/pheme.log is now included in the GOS Support Package (#PL-609).
• Vulnerability Management:
  • Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
  • Bugfix: An error was fixed where targets with invalid port lists caused the Trashcan page to break (#AP-1581, #GS-205).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-611).
• Vulnerability Scanning:
  • Improvement: A functionality was added to the scanner to initialize an FXP connection. Based on this functionality, vulnerability tests for SFTP detection can be implemented (#SC-376).
  • Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).
  • Bugfix: An error was fixed where the timeout preference for VTs could not be set with the gvm-tools included in GOS. Setting the timeout via the web interface was not affected by the bug (#SC-352).

21.04.5 (2021-08-02):

• Greenbone OS:
  • Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
  • Bugfix: Importing HTTPS certificates with weak encryption, e.g. 1024-bit RSA, caused an error. To prevent the error and to improve security, it is now no longer possible to import such weak certificates (#PL-574, #GS-160).
  • Bugfix: When using the new network manager, configuring a VLAN with the ID 4094 caused an error (#PL-579, #GS-201).
  • Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
  • Bugfix: The GOS ansible tasks when restarting the ospd-openvas service could be executed in the wrong order (#PL-488).
  • Bugfix: Configuring scanner settings, e.g. “log_whole_attack”, while a scan was running caused several errors (#PL-230).
  • Bugfix: The maximum number of simultaneous SSH connections for GSM master-sensor setups has been increased (#PL-543).
  • Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
  • Minor improvement: A warning dialog is now shown when configuring a management IP for a DHCP-enabled network interface (#PL-457).
  • Minor improvement: The readability of LCD info messages for airgap feed updates has been improved (#PL-263).
  • Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
  • Minor bugfix: The labels for the GSM models 5300 and 6400 had minor display issues (#PL-524).
• Vulnerability Management:
  • Improvement: The performance when managing tasks or audits with a large number of hosts has been improved (#AP-1432).
  • Improvement: The performance when adding a large number of results to reports has been improved (#AP-1495, #2021061710000033).
  • Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
  • Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
  • Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
  • Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
  • Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
  • Bugfix: In rare cases, the “Alerts” list page could not be displayed after upgrading to GOS 21.04 (#AP-1444, #2021052810000014).
  • Bugfix: When cloning an alterable task or audit, the clone is now also alterable (#AP-1425).
  • Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
  • Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
  • Bugfix: For VTs with a CVSS 3.1 severity, the CVSS origin and date information was not displayed in the web interface (#AP-1103).
  • Bugfix: For deprecated VTs, the deprecation information was not displayed in the web interface (#AP-1078).
  • Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
  • Minor improvement: The descriptions of charts in the web interface have been improved, and superfluous descriptions have been removed (#AP-1170).
  • Minor improvement: The placeholder text “GVM” in alerts has been replaced with “GSM” (#PL-494).
  • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-08-02 (#PL-568).
  • Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
  • Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
  • Minor bugfix: For VTs with references, the reference types were not displayed in the web interface (#AP-898).
• Vulnerability Scanning:
  • Extension: Added a new experimental feature that allows the configuration of a second set of SSH credentials to gain elevated privileges on a target system, e.g. root. For a detailed description please refer to the GSM manual (PP-87).

21.04.4 (2021-07-12):

• Greenbone OS:
  • Bugfix: Upgrading to GOS 21.04.3 on a GSM 400, 450, 600, 650, 5300, 5400, 6400 or 6500 showed a false positive integrity selfcheck problem (#PL-561).
  • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
  • Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
• Vulnerability Management:
  • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-09 (#PL-562).

21.04.3 (2021-07-08):

• Greenbone OS:
  • Bugfix: When using the new GOS network mode, user-defined routes are now created with the ‘onlink’ parameter as a fallback and only if the route creation fails without the parameter. This may solve some specific route creation errors (#PL-541).
  • Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
  • Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
• Vulnerability Management:
  • Bugfix: If the trend of VT families in scan configs was set to include and activate new VTs automatically after a feed update, preferences for VTs in these families were not applied correctly. This could prevent the disabling of the brute force and default login checks for the “Full and …” configs, for example (#AP-1490, #2021061510000153).
  • Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476).
  • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-07 (#PL-558).

21.04.2 (2021-06-08):

• Greenbone OS:
  • Bugfix: When using the new GOS network mode, the deletion of certain routes could fail (#PL-514, #2021052610000027).
  • Bugfix: When using the new GOS network mode, the configuration of a global gateway failed if it was located in another network and could only be reached via a user-defined route (#PL-529, #2021060410000012).
  • Bugfix: A false positive selfcheck warning could occur when switching to the new GOS network mode (#PL-445).
  • Bugfix: Beaming images could not be created if the network interface eth0 was not used (#PL-482, #2021051010000075).
  • Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
  • Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
  • Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, the file had the wrong permissions (#PL-476).
  • Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, it is now checked whether the file is a certificate file before processing it (#PL-475).
  • Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
  • Minor improvement: For the integrated web server, GZIP HTTP compression has been replaced by HTTP/2 compression (#PL-496, #2021051810000051).
  • Minor improvement: The postgres configuration file is now included in the GOS support package for debugging purposes (#PL-426).
• Vulnerability Management:
  • Improvement: The hash algorithm used for GVM user passwords has been updated from MD5 to SHA-512. Password hashes for new users will automatically use the new algorithm. Passwords hashes for existing users will be automatically updated using the new algorithm when a user logs in or when the password of a user is changed (#AP-1254).
  • Bugfix: The error “Whole-only families must include entire family and be growing” occured when editing and saving any “Full and …” scan config (#AP-1359, #2021052610000045).
  • Bugfix: Scans could get stuck if the target had a HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929).
  • Bugfix: In some cases reports could not be displayed in the web interface due to missing severity elements (#AP-1427, #AP-1434, #2021051010000011).
  • Bugfix: Overrides and notes could not be created directly from results (#AP-1353, #AP-1407, #2021052110000018).
  • Bugfix: When importing a GOS 20.08 backup with GMP scanners in GOS 21.04, the scanners would be migrated to OpenVAS scanners. They are now migrated to Greenbone Sensors as expected (#AP-1323).
  • Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
  • Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
  • Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
  • Minor bugfix: Saving schedules that had only a number as a name was not possible (#AP-933, #2021020210000087).
  • Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
  • Minor improvement: When creating a new scanner in the web interface, the default type is now “Greenbone Sensor” (#AP-1318).
  • Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
  • Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433, #2021051810000051).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-06-04 (#PL-528).
• Vulnerability Scanning:
  • Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215).
  • Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226, #2021051010000011).

21.04.1 (2021-05-19):

• Greenbone OS:
  • Bugfix: When using the new GOS network mode, DHCPv6 and a Global Gateway with an IPv6 address at the same time, an error occured (#PL-450).
  • Bugfix: When using the new GOS network mode and a network route containing ‘::/0’, an error occured (#PL-468, #GS-41, #2021050710000189).
  • Bugfix: When using the new GOS network mode and DHCPv6, if all DHCP requests timed out, the network manager entered a failed state (#PL-397).
  • Bugfix: When using the new GOS network mode and saving IPv6 configuration changes, “Getting system network status failed” messages could appear in the logs (#PL-469, #GS-39).
  • Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
  • Bugfix: When restoring a USB backup with the network mode ‘gnm’, the mode was sometimes set to ‘default’ (#PL-431).
  • Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
  • Bugfix: On some GSM 35 appliances, the ‘gsm-hardware’ package was erroneously removed when upgrading to GOS 21.04, causing the appliances not to boot (#PL-464, #GS-29, #GS-35, #2021050510000058).
  • Bugfix: On the GSM TRIAL appliance, the ‘texlive-fonts-recommended’ package was erroneously removed with GOS 21.04.0, causing missing text in PDF reports (#PL-470).
  • Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
  • Bugfix: For the VPN feature, the deprecated ‘comp-lzo’ option has been disabled to prevent a traceback when uploading certain PKCS#12 files (#PL-455).
  • Bugfix: The feed or upgrade push from a GSM master appliance to a GSM sensor appliance could show a false positive error in the logs (#PL-486).
  • Minor improvement: The PKCS#12 file required for the VPN feature no longer needs to contain a certificate authority (CA) file. PKCS#12 files that contain only a certificate and a key can now be uploaded. In addition, a new GOS menu option to upload a single certificate authority (CA) file has been added (#PL-455).
  • Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
  • Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
  • Minor improvement: The notifications for the new GOS network mode have been made more detailed as well as easier to understand (#PL-454, #PL-466).
  • Minor improvement: Subject alternative name fields have been added to the remote syslog certificate generation menu (#PL-418).
  • Minor improvement: A subject alternative name has been added to the default HTTPS certificate of the GSM TRIAL (#PL-443).
  • Minor improvement: The subject alternative name fields for E-Mail and URI are now checked for correct input (#PL-409, #PL-410).
  • Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
  • Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
  • Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
• Vulnerability Management:
  • Bugfix: For results of CVE scan reports, the result names were missing (#AP-1305).
  • Bugfix: Changing the result UUID of an existing note was not possible (#AP-1124).
  • Bugfix: Editing the RADIUS secret key in the web interface was not possible (#AP-1275).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-05-17 (#PL-484).
• Vulnerability Scanning:
  • Bugfix: When scanning targets with virtual hosts (vhosts), not all virtual host names were detected (#SC-194).

21.04.0 (2021-04-30):

• Reports With GOS 21.04, two new report format are introduced: Vulnerability Report PDF and Vulnerability Report HTML. The new report formats are modern and clear in appearance and structure. They contain information about all vulnerabilities found.

• CVSS With GOS 21.04, CVSS v3.0/v3.1 is supported. The extent of the CVSS v3.0/v3.1 support depends on the Greenbone Security Feed. However, VTs and CVEs may contain CVSS v2 and/or CVSS v3.0/v3.1 data. If a VT/CVE contains both CVSS v2 data and CVSS v3.0/v3.1 data, the CVSS v3.0/v3.1 data is always used and shown. The page CVSS Calculator now contains both a calculator for CVSS v2 and a calculator for CVSS v3.0/v3.1. The CVSS Base Vector shown in the details preview and on the details page of a VT can now be v2, v3.0 or v3.1. The table on the page CVEs now contains the entries Name, Description, Published, CVSS Base Vector and Severity. The CVSS Base Vector can be v2, v3.0 or v3.1. Clicking on the CVSS base vector opens the page CVSS Calculator. The input boxes of the corresponding calculator are already pre-filled.

• Boreas Alive Scanner The Boreas alive scanner is a host alive scanner that identifies the active hosts in a target network. It was introduced with GOS 20.08, but was still optional. With GOS 21.04, the Boreas alive scanner is made default. In comparison to the port scanner Nmap that was traditionally used, the Boreas alive scanner is not limited regarding the maximum number of concurrently performed alive status scans and thus, faster. It is especially suitable for large network ranges with only a small number of active hosts.

• Hardware Appliances With GOS 21.04, a new generation of Midrange hardware appliances is introduced. The new hardware now uses SSD-type hard drives instead of HDDs, which are 10 times faster and also quieter and lighter. There is also more hard drive space available. The RAM type is now DDR4 instead of DDR3, which makes the RAM much faster due to a higher clock rate (3200 MHz). There is also twice to four times as much RAM available. Additionally, a new, faster CPU of the latest generation has been installed. Additionally, the ports of the appliances changed from 6 ports GbE-Base-TX and 2 ports 1 GbE SFP to 8 ports GbE-Base-TX and 2 ports 10 GbE SFP+. The product names remain as they are.

• Virtual Appliances The officially supported hypervisors for the virtual appliances are changed with GOS 21.04. The GSM EXA/PETA/TERA/DECA and 25V can be used with Microsoft Hyper-V, VMware vSphere Hypervisor (ESXi) and Huawei FusionCompute. The GSM CENO can be used with Microsoft Hyper-V and VMware vSphere Hypervisor (ESXi). The GSM ONE can be used with Oracle VirtualBox, VMware Workstation Pro and VMware Workstation Player. Additionally, GOS 21.04 supports the ARM instruction set on Huawei FusionCompute.

• Scanning Through a VPN With GOS 21.04, OpenVPN is integrated in GOS to enable scanning through a Virtual Private Network (VPN). This feature is only available on virtual appliances of the Midrange Class. The VPN feature allows for targets that are reachable via the VPN tunnel to be scanned, but has no effect on other targets, network settings, or master-sensor connections. The VPN connection is configured and established via the GOS administration menu using the IP address of the VPN and a PKCS#12 file containing the necessary certificate authority, certificate, and private key files.

• HTTPS The menus under Setup > Services > HTTPS > Certificate > Generate and Setup > Services > HTTPS > Certificate > CSR allow the configuration of a Subject Alternative Name (SAN).

• Network Backend With GOS 21.04, the network configuration backend in GOS is improved. This prevents loss of connectivity in specific network setups as well as connection issues with SSH sessions. The GSM no longer needs to be restarted after specific network settings have been changed. The networking mode can be updated to the new mode gnm directly after upgrading to GOS 21.04. If the networking mode is not updated directly after upgrading, it can be changed in the new menu under Setup > Network > Switch Networking Mode.
• Simultaneous Scanning via Multiple IP Addresses Some devices – especially IoT devices – may crash when scanned via several IP addresses at the same time. For example, this can happen if the device is connected via IPv4 and IPv6. With GOS 21.04, it is possible to avoid scanning via several IP addresses at the same time using the new setting Allow simultaneous scanning via multiple IPs when creating a target. The default of this setting is Yes and reflects the behavior of previous GOS releases.

2020-08-31: Greenbone OS 20.08

Current Patch Level: 20.08.13 (2021-12-02)

Lifecycle Status: Obsolete

20.08.13 (2021-12-02):

20.08.12 (2021-09-08):

• Greenbone OS:
  • Status: The lifecycle status of GOS 20.08 was set to “end-of-life” (#PL-600).
  • Security fix: the package openssl included in GOS was upgraded from version 1.1.1d-0+deb10u6 to version 1.1.1d-0+deb10u7 (CVE-2021-3711 and CVE-2021-3712).
  • Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 20.08.12 or later, or when changing the “Feed Import Roles” setting (#PL-564).
  • Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
  • Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
  • Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625, #GS-409).
  • Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
  • Bugfix: An error was fixed where the greenbone_signing_key.py integrity check failed after a GOS upgrade (#PL-591).
  • Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
  • Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
  • Bugfix: An error was fixed where empty performance graphs for deleted VLAN interfaces were still shown on the web interface. After deleting a VLAN interface, a reboot is also required to remove the graphs (#PL-403, #2019032710000104).
  • Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
  • Minor improvement: The selfcheck menu texts for the states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-612).
• Vulnerability Management:
  • Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
• Vulnerability Scanning:
  • Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).

20.08.11 (2021-08-02):

• Greenbone OS:
  • Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
  • Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
  • Bugfix: To prevent errors and improve security, it is no longer possible to upgrade to GOS 21.04 if a HTTPS certificate with weak encryption, e.g. 1024-bit RSA, is used (#PL-574, #GS-160).
  • Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
  • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
  • Bugfix: The maximum number of simultaneous SSH connections for sensors has been increased (#PL-543).
  • Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
  • Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
  • Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
  • Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
  • Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-30 (#PL-578).
• Vulnerability Management:
  • Improvement: The performance when adding a large number of results to reports during scans has been improved (#AP-1495, #2021061710000033).
  • Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
  • Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
  • Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
  • Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476, #2020010310000016, #2021061810000022).
  • Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
  • Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
  • Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
  • Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
  • Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
  • Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
  • Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
  • Minor bugfix: For VTs with references, the reference type was not displayed in the web interface (#AP-898).

20.08.10 (2021-06-08):

• Greenbone OS:
  • Bugfix: When upgrading to GOS 21.04, recommended system packages are no longer removed (#PL-471).
  • Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
  • Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
  • Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
  • Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
  • Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
  • Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
  • Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
  • Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
  • Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
  • Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-06-04 (#PL-527).
• Vulnerability Management:
  • Improvement: The hashing algorithm used to hash GVM user passwords has been updated from MD5 to SHA-512. Passwords for new users will automatically use the new algorithm. Passwords for existing users will be changed automatically, if the user logs in, or if the password for the user is changed (#AP-1254).
  • Bugfix: Scans could get stuck if the target had an HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929, #2021020110000034).
  • Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
  • Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
  • Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
  • Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
  • Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
  • Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433).
• Vulnerability Scanning:
  • Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215, #2021042810000043).
  • Bugfix: If the Boreas alive scanner was enabled, scanning targets with virtual hosts (vhosts) did not detect all virtual hostnames (#SC-194).
  • Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226).

20.08.9 (2021-05-03):

• Greenbone OS:
  • Extension: The upgrade path to the next major GOS release, GOS 21.04, has been unlocked for all supported GSM models. Several requirements apply, for details see the GOS 21.04 manual (#PL-172, #PL-223, #PL-417).
  • Improvement: The data-objects (scan configs, report formats, port lists) of the next GOS version will now be automatically downloaded during feed updates. This improves useability when upgrading to the next major GOS release (#PL-388).
  • Bugfix: When restoring a GOS 6 backup in GOS 20.08, some GOS 20.08 database extensions were not installed correctly, which could cause subsequent SQL errors (#PL-356, #PL-381, #2021030910000036).
  • Bugfix: When restoring a backup, the GVM credential encryption key could be duplicated in some cases, making the credentials no longer accessible (#PL-343, #2021031810000055).
  • Bugfix: When restoring a backup, the incron service could fail in rare cases (#PL-366).
  • Bugfix: On GSM appliances with the network namespaces feature a segmentation fault for the collectd service occured, if network interfaces were moved to the scan namespace (#PL-400).
  • Bugfix: When importing a backup or beaming image with the network state ‘gnm’, the state was sometimes set to ‘default’ (#PL-275, #PL-431).
  • Bugfix: An issue with the collectd service has been fixed. Symptoms that could occur were missing performance data in the web interface for network interfaces in the scan namespace, and warning messages during the GOS boot process (#PL-196, #PL-216).
  • Bugfix: The GOS installer did not recognize flash cards with 16 GB capacity included in some newer GSM appliances (#PL-412).
  • Minor bugfix: The wording of some GOS menu dialogs has been changed so that failed GOS upgrades are no longer referred to as successful and a reboot is no longer recommended in such a situation (#PL-326).
  • Minor improvement: When importing a beaming image, a size check of the image is now done to see if there is enough hard disk space to process the image (#PL-322).
  • Minor improvement: The error messages for the beaming feature have been improved, making it easiert to understand why an error occured (#PL-404).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-05-03 (#PL-444).
  • Minor improvement: The error message when a NVT rebuild fails due to a hash value mismatch has been improved (#AP-1094).
• Vulnerability Management:
  • Improvement: A retry option has been added for master-sensor connections in case the connection is temporarily lost due to network problems. The master will attempt to reconnect 3 times before the scan task is set to “Stopped” (#AP-1126).
  • Bugfix: CVE scans could return no or less results for hosts that were also the target of an ongoing vulnerability scan (#AP-848, #2021010510000074).
  • Bugfix: The alert condition ‘Severity at least’ did not work (#AP-1053, #2021020210000096).
  • Minor bugfix: A case where the Greenbone Vulnerability manager could fail when no report formats were present on a system has been fixed (#PL-331).
  • Minor bugfix: A problem with the “NOT” operator of the powerfilter has been fixed (#AP-962).
  • Minor bugfix: A case where new lines were erroneously removed from the “Detection Method” section of a result has been fixed (#AP-1005).
  • Minor improvement: It is now possible to create targets with underscore characters (“_”) in their hostnames (#AP-1112).
• Vulnerability Scanning:
  • Bugfix: If excluded hosts were not part of the hosts to be scanned, the scan progress was calculated incorrectly, causing interrupted scans (#SC-33).
  • Bugfix: A case with the reverse_lookup_only preferences causing interrupted scans has been fixed (#SC-183, #2021031710000048).
  • Bugfix: A problem with the logging of the scanner that could cause interrupted scans has been fixed (#SC-23).
  • Minor improvement: Some miscellaneous improvements against interrupted scans have been added (#SC-27, #2021022410000054).
  • Minor improvement: The log messages have been improved for the case that a scan was started via a network source interface that has no IP configured and failed (#SC-22).

20.08.8 (2021-03-18):

• Greenbone OS:
  • Improvement: The RAM limits for the GSM ONE and 25V appliances have been increased to 6 GB (#GPE-67).
  • Improvement: The gvm-tools included in GOS were updated to version 21.1.0 (#GPE-45).
  • Improvement: A GOS menu option to migrate all GMP sensors to OSP sensors has been added. The option will migrate the sensor configuration in GOS as well as in the web interface (#GPE-70).
  • Bugfix: If the Remote Syslog service was enabled, upgrades from GOS 6.0 to GOS 20.08.7 failed (#GPE-49, #2021021910000028, #2021021810000075, #2021021810000084).
  • Bugfix: If the HTTP Strict Transport Security (HSTS) functionality was enabled, upgrades from GOS 6.0 to any version of GOS 20.08 failed (#GPE-66, #2020121610000052).
  • Bugfix: Testing the configuration of a remote backup server added the public SSH key of its IP address without a new line to the SSH known hosts, causing subsequent connections to fail (#GPE-48, #202102221000002).
  • Bugfix: The logging of airgap feed updates on airgap sensor appliances failed partially (#GPE-69).
  • Bugfix: When importing a beaming image from a different GOS version, the migration of the SCAP database could fail (#GPE-71).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-03-18 (#GPE-44).
  • Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
• Vulnerability Management:
  • Bugfix: Invalid references in NVTs could cause database errors, resulting in missing NVT reference data. All NVT references are now validated before they are processed (#GPE-57).
  • Bugfix: Clicking hyperlinks to operating system assets in the web interface could cause an error in some cases (#GPE-34, #2021020210000069).
  • Bugfix: Scan tasks on GMP sensors failed if the same task was started multiple times on the master, or if they were not properly removed from the sensor after completion and then started again on the master. Timestamps are now added to GMP sensor task names to prevent this issue (#GPE-59, #2020101410000051).
  • Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used. The web interface has been adjusted to always show port 22 now (#GPE-51, #2021022610000014).
  • Minor improvement: The error messages when requesting invalid SecInfo items via the GMP API were improved (#GPE-58).
• Vulnerability Scanning:
  • Bugfix: Scanning a target with an underscore character (“_”) in its hostname resulted in an interrupted scan (#GPE-32, #2021011110000035).
  • Bugfix: Scanning a single, unreachable target resulted in an interrupted scan (#GPE-65).
  • Minor improvement: The logging of interrupted scans was improved for debugging purposes (#GPE-25).

20.08.7 (2021-01-25):

• Greenbone OS:
  • Improvement: A 8 GB SWAP partition was added for the virtual midrange appliances GSM DECA, TERA, PETA, and EXA (#GPE-3).
  • Bugfix: The GOS menu option “Setup > Master > Sensor > Test all sensor connections” caused a traceback in GOS 20.08.6 (#GPE-6, #2020120310000059).
  • Bugfix: The GOS menu option “Setup > Feed > Synchronization” caused a traceback in GOS 20.08.6 (#GPE-24, #2021010810000014, #2021011210000088).
  • Bugfix: Upgrading to GOS 20.08.6 showed a false-positive warning for the hostkey integrity check (#GPE-20, #2020120110000071).
  • Minor improvement: The output of the GSM integrity check is now included in the GOS support package for debugging purposes (#GPE-10).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-01-21 (#GPE-28).
  • Minor bugfix: The GOS CPU and RAM limits for the GSM ONE and 25V appliances have been corrected to match the VM specifications (#GPE-22).
  • Minor bugfix: The GOS state variable “report_results_threshold” was missing in GOS 20.08 (#GPE-27).
• Vulnerability Management:
  • Bugfix: If an attempt was made to delete the “Feed Import Owner” user and the deletion failed, all “data-objects-via-feed” report formats became unusable (#GPE-4, #2020111110000027).
  • Bugfix: A memory leak in the manager service when handling the scan progress was fixed (#GPE-7).
  • Bugfix: A problem where data-objects-via-feed scan configs could not be created due to vulnerability tests not having a family was fixed. Scan configs are now created in all cases and updated once the vulnerability test family information becomes available (#GPE-14).
  • Bugfix: It was not possible for super admin users to save changes to their own user settings. Most settings can now be changed and saved, with the exception of the user name (#GPE-15).
  • Minor improvement: For host assets with TLS certificates a direct link to the certificate was added on the host detail page. The link can be found in the upper left menu bar (#GPE-12).
  • Minor bugfix: The alert condition “Condition: Severity level changed” was erroneously displayed as “Severity level increased” on the alert list page (#GPE-11).
  • Minor bugfix: Creating permissions for an object without related resources displayed an erroneous menu option (#GPE-13).
  • Minor bugfix: German “Umlaut” characters are now supported in the Business Process Map (#GPE-8).
• Vulnerability Scanning:
  • Bugfix: Modifying the mtime of a vulnerability test plugin file could bypass the signature check when the scanner loaded the file. With the fix, an error is now logged and the file is not loaded (#GPE-1, ##2020100610000011).
  • Bugfix: When running SNMP-related vulnerability tests, the scanner could return unexpected strings or an incomplete response (#GPE-5).
  • Minor improvement: The SSH timeout can now be configured by vulnerability tests. If no configuration is provided, the default of 10 seconds will be used (#GPE-17).

20.08.6 (2020-11-30):

• Greenbone OS:
  • Extension: Alerts and Schedules are now available on the GSM ONE (#152653).
  • Improvement: The gvm-tools included in GOS were updated to version 20.10.1 (#150912).
  • Improvement: To prevent problems, major GOS upgrades are no longer possible if there is not enough storage space left for the database migration (#147578).
  • Improvement: If the Greenbone Feed Signing Key, which is required for the validation of GOS upgrades, is expired, upgrades are no longer possible instead of failing. For a solution, contact Greenbone Support (#93687, #148007).
  • Bugfix: During a master-sensor feed update, not all NVTs were updated on the sensor in some cases (#150662, #2020101910000051).
  • Bugfix: The GOS system integrity check could report a false positive warning after a GOS backup was restored (#147070).
  • Bugfix: The LCD display service could sometimes fail on GSM models 5300 und 6400 (#136798, #2020032710000049).
  • Bugfix: During the first time setup wizard, the feed server is no longer contacted twice in rapid succession. This could cause problems in combination with the Greenbone Community Feed server. Users of the Greenbone Security Feed Server were not affected (#120005).
  • Bugfix: SSH keys of the types ‘rsa-sha2-256’ and ‘rsa-sha2-512’ are now supported (#150121, #2020101910000069).
  • Minor bugfix: The spelling and usability of the GOS administration menu have been improved (#101818, #103537, #123181, #144657, #150664, #2019062610000057).
  • Minor bugfix: Uninstalling the gsm-debug meta-package did not uninstall all contained packages (#147286).
  • Minor bugfix: The collected service could generate excessive, but harmless log messages (#68977).
  • Minor improvement: The full GOS version including the current patch level is now shown on the GOS login screen (#116817).
  • Minor improvement: If no SSH host keys exist, they will now be re-created when enabling the SSH service (#149548).
  • Minor improvement: A command line setting to configure the timeout of SCP alerts has been added (#144727).
  • Minor improvement: Help texts have been added for running the GOS integrity check via the command line (#146804).
  • Minor improvement: All files included in the Greenbone Support Package are now non-hidden by default (#81612).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-11-30 (#152775).
• Vulnerability Management:
  • Improvement: The alert condition ‘[Filter] matches at least [x] result(s) NVT(s)’ has been added (#148607, #2020092310000036).
  • Improvement: When editing a ‘Username + SSH Key’ credential, the correctness of the password is now verified (#112159).
  • Bugfix: Deleting and then re-downloading a scan config that had all NVTs of a family selected, e.g. ‘Full and very deep’, caused that family to have no NVTs selected (#150579, #2020102210000053, #2020102610000019)
  • Bugfix: If a IP addresses of target hosts were configured with a leading zero in an octet, e.g. ‘192.168.50.010’, the maximum number of hosts was calculated incorrectly, and vulnerability scans could fail (#151801, #2020111010000029).
  • Bugfix: If a target credential cannot be decrypted, an unauthenticated vulnerability scan without a credential will now be run against the target. Previously, the scan would remain in the status ‘Requested’ indefinitely (#149549).
  • Bugfix: For SCP alerts the handling of usernames and destination paths has been improved in combination with Windows systems. In addition, a configurable timeout has been introduced for the SCP alert to prevent it from running indefinitely in some situations (#144727, #2020071610000044).
  • Bugfix: It was not possible to delete a web user, if the user owned TLS certificates, and no inheriting user was provided (#149652, #2020101410000078).
  • Bugfix: When deleting a web user, web interface settings will no longer be inherited. This will prevent settings of the inheriting user from being overwritten (#149652, #2020101410000078).
  • Bugfix: It was not possible to delete orphaned permissions in all cases (#150186, #2020102110000019).
  • Bugfix: The verification of ports and port ranges when editing a port list has been improved (#149776).
  • Bugfix: The ‘scan_nvt_version’ XML tag in XML reports was empty erroneously (#150569, #2020102210000071).
  • Bugfix: Moving a data object via feed scan config or policy to the trashcan generated excessive, but harmless log warnings (#149299, #2020100710000046).
  • Bugfix: Two SQL errors that could occur when rebuilding the SCAP or CERT databases have been fixed (#151175).
• Vulnerability Scanning:
  • Bugfix: If a host name in a list of target hosts could not be resolved, scans could fail with the status ‘Interrupted’ (#150988, #2020102810000033).
  • Bugfix: When configuring a target IP with a subnet mask of less than /24, addresses ending in ‘.0’ are now supported (#150990).
  • Bugfix: When the host name resolution of a target resolved it to more than one IP address, the scan progress bar percentage could show ‘100%’ even though the scan was still in progress (#149349).
  • Bugfix: For scans with a SNMP credential, the SNMP community ‘None’ was erroneously used when configuring no community. An empty string is now used to assure that no community will be used (#149649).

20.08.5 (2020-10-15):

• Greenbone OS:
  • Bugfix: Activating DHCPv6 could cause an error (#149180).
  • Bugfix: GOS upgrades did not stop as expected, if the packages to be upgraded could not be verified. An empty upgrade was applied in this case (#149212).
  • Bugfix: Vulnerability scans could erroneously show missing ‘iTLB multihit’ Linux kernel mitigations for GOS. Since no virtualization is in use, the system was and is always protected by the kernel unconditionally (#146845).
  • Minor bugfix: During feed updates, cosmetic known hosts warnings for the IP address ‘172.30.2.22’ appeared (#146729, #2020100210000028)
  • Minor improvement: The postgres database migration during GOS upgrades has been improved (#148526).
  • Minor improvement: To prevent problems, major GOS upgrades are no longer possible if a global gateway is used, but no global gateway interface is configured (#147418).
  • Minor improvement: The warning text displayed if a GOS upgrade is blocked has been updated (#148006).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-10-15 (#149706).
• Vulnerability Management:
  • Bugfix: The Scans > Vulnerabilities page in the web interface could fail to load due to an error (#143484).
  • Bugfix: A database deadlock could occur if changing the feed import owner and browsing scan results at the same time (#146803).
  • Bugfix: The ‘Auto Delete Reports’ functionality did not work on GSM models that do not support schedules (#133136, #2020020310000041).
  • Bugfix: The advanced task wizard in the web interface no longer offers to create a schedule on GSM models that do not support schedules (#147660, #2020091010000122).
  • Bugfix: The number of hosts shown per operating system on the Assets > Operating Systems page included operating systems for which the user did not have permissions to view (#140467).
  • Bugfix: When changing the name or comment of a scan configuration or a policy that was in use, an erroneous warning was displayed (#120605, #147669).
  • Bugfix: Filters attached to SecInfo alerts could not be edited and saved (#109311, #2020081710000022, #202008171000002).
  • Bugfix: The placeholder ‘$U’ did not work for e-mail alerts (#148533, #2020092310000036).
  • Bugfix: Saving invalid values for the ‘Rows Per Page’ setting in the ‘My Settings’ menu is now prohibited, and corresponding tooltips have been implemented (#148529).
  • Bugfix: The deprecated ‘SecInfo’ filter setting has been removed from the ‘My Settings’ menu (#149179, #2020100510000031).
  • Bugfix: TLS certificates from container tasks, or belonging to other users, could not be downloaded even with permissions (#148892, #2020092810000081).
  • Bugfix: TLS certificates downloaded via the web interface could not be re-uploaded via the API (#125191).
  • Minor improvement: The tooltip for override indicators on result details pages in the web interface has been improved (#146799).
• Vulnerability Scanning:
  • Bugfix: SNMPv3 authentication for vulnerability scans failed, if no SNMP community was configured, even though the SNMP community is not relevant for SNMPv3 (#148611).
  • Bugfix: Vulnerability scans failed, if a scan configuration or policy without any NVT preferences was used (#148894).
  • Minor improvement: The error handling for WMI queries has been improved. Previously the logging was too verbose and included events that were not errors, but expected behaviour (#125438).

20.08.4 (2020-09-23):

• Greenbone OS:
  • Extension: The former ‘Greenbone Community Edition’ virtual appliance has been updated to GOS 20.08 and renamed to ‘GSM TRIAL’ (#148403).
  • Bugfix: Virtual GSM appliances with EFI/UEFI boot mode could fail to boot after being exported or cloned (#148262).
  • Bugfix: The ‘GSM Installation and Rescue’ GRUB option did not boot the GOS installer as expected (#148530).
  • Bugfix: The USB power management on GSM hardware appliances could consume excessive CPU time (#147583).
  • Bugfix: The verification of a downloaded flash image would always fail (#147878).
  • Bugfix: Sensor scans via a proxy could fail for OSP sensors (#147582).
  • Minor bugfix: The GOS version was not displayed correctly in the GOS installer (#147658).
  • Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148266).
  • Minor improvement: The description of the ‘Setup > Services > SNMP’ menu has been extended, it now includes a warning that saving SNMP configuration changes will stop all running scans (#148479).
  • Minor improvement: A warning has been added when using the command ‘su’ incorrectly in the Greenbone OS command line administration (#147666).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-22 (#147872).
• Vulnerability Management:
  • Improvement: For Compliance Audits, the base colouring of all non-compliant audit status has been adjusted to red. This way, non-compliant audits can be identified much quicker, for example, a 0% compliant audit status will now be always shown in red (#147577).
  • Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147870).
  • Minor bugfix: On Schedule and Report Format details pages in the web interface, the ‘Move to trashcan’ button was incorrectly shown as a ‘Delete’ button (#147936).
• Vulnerability Scanning:
  • Improvement: Experimental TLS 1.3 support has been enabled for the OpenVAS vulnerability scanner (#145963).
  • Improvement: Experimental SNMPv3 support has been enabled for the OpenVAS vulnerability scanner (#57662).
  • Bugfix: Stopping a vulnerability scan could fail in some cases (#147124).

20.08.3 (2020-09-10):

• Greenbone OS:
  • Bugfix: GOS could not be installed with EFI/UEFI boot mode on VirtualBox 6.1.14 or later (#147300).
  • Bugfix: If no network interface as assigned to the global gateway, upgrades from GOS 6.0 failed (#147215, #2020090410000018, #2020090710000012, #2020090710000067, #2020090710000101).
  • Bugfix: The package ncat was erroneously removed when upgrading to GOS 20.08 (#147574).
  • Bugfix: Feed updates via proxy could fail on GSM models 35 and 25V (#147437).
  • Bugfix: Removed an unnecessary menu option to configure the sensor protocol for GSM modes 35 and 25V. These appliances will always use the OSP protocol (#147301).
  • Minor bugfix: Reduced the amount of error messages when the feed import owner had been set, but no feed was present on the system. These error messages were expected and are harmless (#147303).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-10 (#147570).
• Vulnerability Scanning:
  • Bugfix: Only the default alive test method was applied (#147302, #2020090810000038).

20.08.2 (2020-09-07):

• Greenbone OS:
  • Extension: EFI/UEFI boot mode has been implemented for all virtual GSM appliances shipped with GOS 20.08.2 or later (#147079).
  • Improvement: The GOS upgrade functionality has received several internal improvements and fixes (#147130).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-07 (#147129).

20.08.1 (2020-09-03):

• Greenbone OS:
  • Bugfix: The settings ‘Management IP (v4)’ and ‘Management IP (v6)’ were not applied (#147079).
  • Bugfix: GOS upgrades no longer fail if the system integrity is compromised. However, after the upgrade, a system integrity warning will be displayed (#147125).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-03 (#146861).
• Vulnerability Management:
  • Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#146855).
• Vulnerability Scanning:
  • Bugfix: In rare cases stopping a scan task could cause system instability (#146802).

20.08.0 (2020-08-31):

• Scan Queueing: To prevent scans from overloading the system and from starting at an inappropriate time (e.g., during a feed update), a scan queue management has been introduced. Scan tasks are only started if sufficient system resources are available. The available resources depend on the GSM model, the GOS version used, and the current workload of the system. If too many tasks are started and running at the same time and not enough resources are available, scans are added to a waiting queue. A new status bar “Queued” has been introduced.

• Performance Improvements: Due to scan queueing as well as other architecture improvements, the number of scans that can be run simultaneously has been increased in GOS 20.08 when compared to GOS 6.0. On a GSM 400 we measured more than twice the capacity with GOS 20.08 in comparison to GOS 6.0.
• Data Objects via Feed: With GOS 20.08, scan configurations, compliance policies, report formats, and port lists by Greenbone will be distributed via the Greenbone Security Feed. This allows for direct updates of existing objects, and for the publication of new scan configurations, compliance policies, etc. for current, hot NVTs. In addition, users will not need to manually download additional files from the Greenbone website anymore.
• Beaming: Beaming makes it possible to copy the current state of a GSM to another GSM. The data may be transferred directly and securely from one GSM to another, or it may be saved for a later transfer. The data includes all user data (e.g., tasks, reports, results) and – optionally – system settings, i.e., the GOS configuration. Beaming makes it much easier to upgrade from one GSM model to another while still keeping all previous data.
• Business Process Map:The Business Process Map (BPM) can be used to illustrate the impact of collected scan results on a business. Each process has assigned hosts and will be highlighted based on the highest severity of these hosts. This way, it is possible to see the vulnerability of processes and their impact on any linked processes at a glance, determining the risk to the company based on the location of a host within the process chain.
• Updated Feed Status Page: The feed status page of the web interface has received several improvements. The status of the objects that are distributed via the feed (scan configurations, compliance policies, port lists and report formats) is now included in the table. In addition, the feed status page now shows if a feed update is in progress.
• Start Task via “New SecInfo” Alert: Starting a task automatically after a feed update is now possible. This feature unlocks the combination of a “New NVTs/CVEs/CPEs…” alert event and the “Start Task” alert method in the web interface.
• GOS Backup Compatibility Checks: The Greenbone Operating System (GOS) now checks whether a backup is suitable before restoring the backup. Unsuitable backups cannot be restored, and warnings may be displayed. This feature prevents errors when restoring backups.
• Comprehensive Update of the Base System: For GOS 20.08, the underlying Linux foundation of GOS was updated to the latest version.

2019-10-31: Greenbone OS 6.0

Current Patch Level: 6.0.15 (22.02.2021)

Lifecycle Status: Obsolete

6.0.15 (2021-02-22):

• Greenbone OS:
  • Status: Set the release status to “retired” for all GSM types with GOS 6.0. An upgrade notification will be displayed in the GOS selfcheck (#157074).
  • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157073).

6.0.14 (2020-09-23):

• Greenbone OS:
  • Improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if there is not enough storage space left for the database migration (#147423).
  • Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148265).
  • Minor improvement: The warning text displayed if an upgrade to GOS 20.08 is blocked has been updated (#148005).

6.0.13 (2020-09-16):

• Vulnerability Management:
  • Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#147938).
  • Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147938).

6.0.12 (2020-09-03):

• Greenbone OS:
  • Bugfix: The upgrade to GOS 20.08 caused an error for hardware GSM appliances with active settings ‘Management IP (v4)’ or ‘Management IP (v6)’ (#146930, #2020090210000012, #2020090210000058, #2020090210000031).

6.0.11 (2020-08-31):

• Greenbone OS:
  • Extension: The upgrade path to GOS 20.08 has been unlocked for all GSM models (#131625).
  • Bugfix: The GOS upgrade functionality has received several fixes and improvements (#143826, #144927).
  • Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, now require a reboot before being started, if another upgrade, such as the upgrade to GOS 6.0.11, was run immediately before (#146857).
  • Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if the the ‘gsm-debug’ package is installed (#144929).

6.0.10 (2020-07-30):

• Greenbone OS:
  • Bugfix: The ‘Max email size’ setting in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143124).
  • Minor improvement: The installation history of all installed GOS versions, starting with version 6.0.10, is now included in the GOS support package (#134537).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#143155).
• Vulnerability Management:
  • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
  • Bugfix: The ‘Solution’, ‘Summary’, ‘Insight’, ‘Affected Software/OS’, ‘Impact’, and ‘Detection Method’ NVT details could not be filtered (#143748, #2020071010000055).
  • Bugfix: The ‘Vulnerable Products’ could disappear from CVE detail pages during loading (#142986).
  • Bugfix: Reference identifiers on CVE detail pages were missing (#142987).
  • Bugfix: The ‘Published’, ‘Last updated’, ‘Modified’, and ‘ID’ information on CVE detail pages was missing (#143743).
  • Bugfix: ‘GCR PDF’ reports did not include compliance details (#143858, #2020071410000011).
  • Bugfix: The ‘Dashboards’ page could fail to load in rare cases (#131921, #2020013110000035, #2020070110000116).
  • Minor bugfix: The ‘XML’ and ‘Anonymous XML’ report formats had a interchanged description (#143812).
  • Minor improvement: The NVT rebuild of the manager now also rebuilds the NVT preferences. This removes any deprecated NVT preferences (#143852).
• Vulnerability Scanning:
  • Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143315).

6.0.9 (2020-06-29):

• Greenbone OS:
  • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#134852, #142326, #2020030410000065, #2020031810000039).
  • Bugfix: The GOS setup could fail in rare cases (#142487).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-06-27 (#143122).
• Vulnerability Management:
  • Bugfix: CVEs that were removed during a feed update were not removed from the database in some cases, resulting in an incorrect number of CVEs and incorrect CVE <-> CPE references. The corresponding database is now rebuilt during each GOS 6.0 upgrade to ensure the correct data (#140008).
  • Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140464, #2020051910000015).
  • Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129752).
  • Bugfix: GSR HTML reports sometimes failed to load (#129078, #2020011410000095, #2020011710000026, #2020020510000038, #2020021710000033, #2020021710000168).
  • Bugfix: GSR HTML reports generated with GOS 6.0 did not include CVE nor CPE references (#137200, #2020040110000051).
  • Bugfix: Filtering a GSR HTML report using IPv4 addresses did not work correctly (#140620).
  • Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#129221).
  • Bugfix: The ‘Auto Cache Rebuild’ setting can cause a duplicate entry in the database. This could cause scans to freeze. Scans now work correctly even if this duplicate entry is present (#140255, #2020050810000045).
  • Bugfix: Tasks with an ampersand character (‘&’) in the task name caused an error if they were run on a GSM sensor (#141858).
  • Bugfix: ‘All SecInfo’ page contents could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#141867).
  • Minor bugfix: The number of hosts in the ‘Vulnerabilities’ section of GSR HTML reports was always ‘1’ (#131036).
  • Minor bugfix: Long result texts in GSR HTML reports were missing line breaks (#131689, #2019041710000041).
  • Minor improvement: GSR HTML reports now include notes (#107465, #2019011010000023)
• Vulnerability Scanning:
  • Improvement: Scans can now be started at all times irregardless of feed updates. Since scans and feed updates may not occur at the same time, the feed update will now be postponed until all scans are finished. Scans that are started while a feed update is pending will use the older feed version. A warning message will be added to the scan reports and system logs, if a scan uses such an outdated feed version (#140411, #2020043010000031, #2020060910000112).
  • Minor bugfix: The CIDR address validation of target hosts has been improved further (#141308).
  • Minor improvement: The handling of scan preferences in Redis has been improved (#141193).

6.0.8 (2020-05-25):

• Greenbone OS:
  • Bugfix: The available system memory (RAM) was lower than expected due to a ‘PCI hole’ problem, this has been corrected for all affected GSM appliances (#137862, #2020042410000016, #2020042810000027, #2020042910000043, #2020010210000018, #2020050710000038).
  • Bugfix: The upgrade path from GOS 4.2 to GOS 6.0.7 failed on GSM master appliances that had sensors configured (#140182, #2020051310000017).
  • Bugfix: A timeout for the feed update lockfile functionality from GOS 6.0.7 has been added to prevent processes potentially waiting infinitely to aquire the lockfile (#139495).
  • Bugfix: Airgap feed updates in progress now also take the feed update lockfile functionality from GOS 6.0.7 into account (#137870).
  • Bugfix: The keyboard layout selection was not applied sporadically (#139724).
  • Minor improvement: Added the dmidecode package to GOS, and added the dmidecode output to the Greenbone Support Package (#138961).
  • Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898).
  • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129755).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-18 (#138576).
• Vulnerability Management:
  • Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132428).
  • Bugfix: The Quality of Detection (QoD) was set to 75% for Results gathered by a GSM sensor (#138692, #2020051510000068).
  • Bugfix: The ‘Deny all and allow’ hosts setting for a user had no effect (#132302).
  • Bugfix: The ‘Scanner’ setting was not available when configuring an Audit (#135118, #2020031010000035).
  • Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#134697).
  • Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132655).
  • Bugfix: The hyperlink to the NVT family ‘Windows : Microsoft Bulletins’ was always incorrect (#132577).
  • Bugfix: The ‘Audit visible to’ indicator was not shown in all expected cases (#136111).
  • Bugfix: OVAL definitions were duplicated in rare cases (#128163).
  • Bugfix: The placeholder ‘%F’ did not work in the Report Export Filename setting (#134768).
  • Minor bugfix: The counters on a Report details page switched between zero and the actual value when a scan is running (#131731, #131096)
  • Minor bugfix: The warning when triggering an Alert for a Report that is above the results threshold did not include the results threshold (#138573).
  • Minor bugfix: If the New/Edit Credential dialog was opened from another dialog, credential error messages were not shown as expected (#128599).
  • Minor bugfix: The Errors tab in Report details was missing information (#134698, #2020022710000121, #2020022810000031).
  • Minor improvement: The memory usage of the gvmd service has been improved (#140183).
  • Minor improvement: The ‘get_vts’ command will no longer return NVTs if the NVTs are being updated to prevent subsequent errors (#138759).
  • Minor improvement: When the same TLS Certificate was found multiple times for the same Host, the Host was displayed multiple times in the TLS Certificate details (#125193).
  • Minor improvement: The naming of the TLS Certificate content columns has been streamlined (#132009).
• Vulnerability Scanning:
  • Bugfix: The CIDR format validation for targets has been improved (#135027).
  • Minor bugfix: The false positive warning ‘Invalid VT oid for a result’ was logged when scanning a dead host (#134693, #2020030410000065).
  • Minor bugfix: A missing ‘id’ function parameter in script_get_preference has been added (#131686).

6.0.7 (2020-04-15):

• Greenbone OS:
  • Improvement: The system memory limits have been increased to 6 GB for the GSM types 400, 150 and 35 and to 5 GB for the GSM types ONE, MAVEN, 25V and CE (#137202).
  • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696).
  • Bugfix: The upgrade of GSM master-sensor setups to GOS 6.0.6 could fail if they were migrated from GOS 4.3 (#135389, #2020031210000013, #2020031210000022).
  • Minor improvement: The Greenbone Vulnerability Manager NVT cache rebuild during a GOS upgrades is now part of the GOS upgrade system operation (#136112).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-04-09 (#137204).
  • Minor improvement: The full GOS version and the installation date are now recorded in the installation log (#134536).
• Vulnerability Management:
  • Improvement: For the Greenbone Vulnerability Manager the ‘–rebuild’ option was reintroduced, allowing to fully rebuild the NVT database in a clean state (#133336, #134667).
  • Bugfix: A lockfile is now created when either openvas or ospd-openvas update their respective NVT caches. Only one process will now be able to update its cache at a time, this should prevent potentially corrupted caches (#129077, #134666, #136113).
  • Bugfix: Reports from previous GOS versions which contain unescaped, invalid control characters will be cleaned when upgrading to GOS 6.0.7 (#134573, #2020022810000012, #2020030210000069, #2020030310000094, #2020030310000138, #2020030410000011, #2020030210000096, #2020012210000061, #2020021310000031, #2020022810000021, #2020032710000031, #2020030410000029).
• Vulnerability Scanning:
  • Improvement: The memory usage of ospd-openvas has been improved (#137201, #2020010210000018, #2019122310000041, #2020011310000024, #2020030210000096, #2020012810000014).
  • Bugfix: For scan results, control characters that are not supported in XML are now properly escaped (#134573).

6.0.6 (2020-03-05):

• Greenbone OS:
  • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132588).
  • Bugfix: The feed directories in GOS could have had erroneous permissions. The permissions are now corrected during every feed update (#130351, #132578).
  • Bugfix: GSM master appliances copied their flash images to all connected GSM sensors during a feed push. The images will no longer be copied, existing erroneous images on the sensors will be cleaned when using the ‘Maintenance/Flash/Download’ option in the GOS menu (#134524).
  • Bugfix: SCP Alerts caused a path error in GOS (#132433, #2020012810000032).
  • Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#132431, #2020012810000032).
  • Bugfix: An unsupported email attachment size setting could be used in rare cases, causing an error when a truncation warning should have been sent via email (#131574).
  • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134331).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-03-05 (#134851).
  • Minor improvement: The current NVT count of the GSM is now included in the Greenbone Support Package (#134413).
• Vulnerability Management:
  • Bugfix: XML exports of Reports could produce corrupt XML files (#130561. #2020011510000066, #2020020610000027, #2020021310000031).
  • Bugfix: Invalid host details could cause a JavaScript error on the ‘Assets/Hosts’ page, preventing it from being displayed (#133624, #2020021110000053, #2020022710000103).
  • Bugfix: The Scan Config ‘scanner_plugins_timeout’ preference was not correctly migrated from GOS 5.0 in all cases, which led to subsequent errors when scanning (#130349).
  • Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
  • Bugfix: Verinice ISM exports of Reports could contain identical links, preventing the import in verinice. (#132592).
  • Bugfix: Erroneous ‘sync_scap’ and ‘Skipping CPEs’ messages could sometimes repeatedly appear after a feed update (#130352).
  • Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131629).
  • Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128686).
  • Bugfix: The ‘Add tag to page contents’, ‘Add tag to selection’ and ‘Add tag to all filtered’ buttons did not add the tag to the resources (#132814).
  • Bugfix: Vulnerabilities could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#125741).
  • Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131916).
  • Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#129700).
  • Bugfix: For Tasks created via the Task Wizard, the ‘Auto Delete Reports’ count could be out of range, causing an error (#131918, #2020020510000074).
  • Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130028).
  • Minor bugfix: Invalid SecInfo URLs did not display an error page in all cases (#112794).
  • Minor improvement: The wording for unavailable SecInfo item error pages, for example for CVEs, has been improved (#112794).
  • Minor improvement: The wording for unavailable results in delta reports has been improved (#125848).

6.0.5 (2020-02-19):

• Vulnerability Management:
  • Bugfix: Result details generated via NVTs with the new NVT OID scheme were incomplete (#134029).

6.0.4 (2020-02-13):

• Greenbone OS:
  • Bugfix: The Greenbone Vulnerability Manager NVT cache is now rebuilt during a GOS upgrade (#132582, #133623).
  • Minor improvement: Log messages from ospd-openvas are now included in the GOS menu ‘Advanced/Logs/Scanner’ (#130353).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-02-11 (#133341).
• Vulnerability Management:
  • Bugfix: Reports sent via the ‘Trigger Alert’ functionality on Report details pages did not contain any vulnerability details (#132585, #2020010710000036).
  • Bugfix: Reports sent via an Alert, if the event of the Alert was triggered, did not use the ‘Report Export Filename’ user setting (#132586).
  • Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102).
  • Bugfix: Anonymous XML reports had an incorrect XML declaration, which could cause an error when retrieving them via the command line (#131561, #2020011510000066).
• Vulnerability Scanning:
  • Bugfix: The Scan Config Scanner preferences ‘expand_vhosts’, ‘max_sysload’, ‘min_free_mem’ and ‘test_empty_vhosts’ were missing (#131833).
  • Bugfix: The deprecated Scan Config Scanner preferences ‘debug_mode’, ‘dry_run’, ‘vhosts’ and ‘vhosts_ip’ were removed. These preferences may still appear in the web interface, but will not be functional. They should not be considered and may be hidden in a future GOS patch level (#131833).
  • Bugfix: The Target options ‘reverse_lookup_only’ and ‘reverse_lookup_unify’ were not sent to the Scanner (#132289).
  • Bugfix: The error handling for NVTs that are missing from the ospd dictionary was improved. They should now be skipped during a scan instead of causing a process failure (#130350).
  • Bugfix: The names of NVTs are now escaped before they are sent as a part of a Result (#132004).
  • Bugfix: SNMP credential preferences were missing delimiters when sent at the start of a scan (#132002).

6.0.3 (2020-01-23):

• Greenbone OS:
  • Improvement: Significantly reduced the time required to upgrade from GOS 5 to GOS 6 for appliances with large databases (#128835).
  • Improvement: Added a GOS selfcheck to warn users about changes of default behaviour and necessary sensor adjustments after upgrading to GOS 6 (#128406).
  • Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#128479).
  • Bugfix: A sqlite database could still be generated on the file system of a GSM 150, even though sqlite usage was removed from GOS 6 (#130812).
  • Bugfix: A sudo prompt could be erroneously shown when uploading a GSF key. After upgrading to GOS 6.0.3, a reboot is required to fully remedy the situation (#129222).
  • Bugfix: The system integrity could be uncertain for new installations and after a factory reset due to a race condition (#131037).
  • Minor bugfix: Logs from the OpenVAS scanner were missing from the GOS support package (#129697).
  • Minor improvement: Updated the integrated version of the GSM manual (#131044).
• Vulnerability Management:
  • Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128398).
  • Improvement: Improved the memory allocation management of the gsad webserver (#128981).
  • Improvement: The Verify Scanner action in the web interface now also checks whether the credential of the GMP scanner is correct (#89510).
  • Bugfix: The connection of a GSM master appliance to GMP scanners could fail (#131623, #131709, ##2020011610000037).
  • Bugfix: The Summary, Insight, Affected Software/OS and Detection Method paragraphs on Result details pages could show no or incomplete information (#129621).
  • Bugfix: In the New Override dialog, the Severity: Other input field did not accept valid inputs (#130795).
  • Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#131693).
  • Bugfix: Changing the Results filter for a Report that is loading did not apply the new filter (#131695).
  • Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#131694).
  • Bugfix: Permissions linked to Resources showed ‘Orphan’ instead of the link to the Resource (#129696).
  • Minor bugfix: Comments for Permissions could not be deleted as expected (#128145).
  • Minor bugfix: Dashboards on the Tasks page included Audits in the total number of Tasks (#128332).
• Vulnerability Scanning:
  • Bugfix: The Alive Test setting of a Target did not overwrite the Scan Config default, if it was set to a custom value (#130722).

6.0.2 (2019-12-19):

• Greenbone OS:
  • Bugfix: The system integrity check did not recognize all valid GSF keys as valid. This could cause ansible to fail (#129624, #2019121810000168, #2019121910000077).
  • Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to the system integrity check is now included (#129622).

6.0.1 (2019-12-17):

• Greenbone OS:
  • Improvement: The time required for a synchronization of the Greenbone Security Feed has been reduced significantly (#126323).
  • Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#128984).
  • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#128597).
  • Bugfix: IPv6 routes were not shown correctly in the GOS menu (#128331).
  • Bugfix: The ‘Scanner’ and ‘Upgrade’ log options in the GOS menu did not work (#128112).
  • Minor improvement: Updated the integrated version of the GSM manual (#128691).
• Vulnerability Management:
  • Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126498).
  • Improvement: Redesigned the ‘Edit Scan Config Family’ dialog for better performance and usability (#111530).
  • Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#128565).
  • Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#128334).
  • Bugfix: Resuming a Scan Task caused a new report to be generated. The Results from the resumed Scan will now be added to the current report as expected (#125046).
  • Bugfix: Icon tooltips in the web interface were not functional (#126250).
  • Bugfix: Sorting TLS Certificate Assets in the web interface did not work as expected (#128167).
  • Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128338).
  • Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#125744).
  • Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128066).
  • Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128404).
  • Bugfix: When editing a Scan Config in the web interface any selected checkboxes would be unselected after some time (#125747).
  • Bugfix: Fixed a resource error that could occur when editing a Permission (#118348).
  • Minor bugfix: When linking directly to a CVSS calculator calculation, the settings were not configured as expected (#127661).
  • Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128143).
  • Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used, and the web interface display has been adjusted (#124591).
  • Minor bugfix: Adjusted the mouse cursor icon used when hovering the mouse pointer over various icons (#127556).
  • Minor improvement: Added a basic Scan Config template with the minimum set of NVTs required to start a Scan (#56665).
  • Minor improvement: Added the currently configured timezone to the user/session menu (#126251).
  • Minor improvement: Added loading indicators for the contents of dropdown menus in the web interface (#126246).
• Vulnerability Scanning:
  • Bugfix: Improved a case where the Scanner process could get stuck (#127759).

6.0.0 (2019-11-05):

• Explicit Compliance:
  Compliance audits are featured prominently and independently of vulnerability scans. The compliance status is now visible at a glance and managing compliance policies is easier than ever. In addition, the new Greenbone Compliance Report format is available for reporting the results (FS-180926-0105).
• Lean Sensors:
  GSM SENSOR appliances now implement the Open Scanner Protocol (OSP). This means much lighter appliances that use less resources and can offer better performance, for example substantially decreased feed synchronization times (FS-171122-5830).
• Updated GSA web interface:
  The new ‘Resilience’ category is introduced, offering central access to Compliance checks and Remediation tickets. In general the menu is reordered to provide a cleaner structure (FS-190124-5645).
• New explicit asset type “TLS Certificates”:
  Detected TLS certificates are copied into the asset managemenet. This allows a overview on TLS certitifcate status independent of actual scan tasks (FS-171121-4722).
• Self integrity checks for the Greenbone Security Manager:
  This feature extends the GOS with special integrity checks that try to identify unauthorized or unintended changes of key elements such as signing keys or disk encryption (FS-180823-5946).
• Restart after upgrade option:
  A GSM may now be configured to restart automatically after an important system upgrade that would require a reboot. This alleviates the GOS upgrade management of sensors while still offering full control over each system (FS-171220-2932).
• Configurable fail-over proxy:
  It is now possible to configure more than one proxy in GOS. If the feed synchronisation with the first proxy is not possible, the second proxy will act as a fallback (FS-180823-2319).
• Internal hardening:
  The GOS Linux kernel has been updated to version 4.19.81, offering better hardening and support for future hardware upgrades. The ssh service is tailored as well (FS-190429-3226, FS-180918-4743).
• Streamlining of the GMP API protocol:
  Several redundant or deprecated GMP elements were removed. Apart from a cleaner and leaner API these changes have a positive effect on performance (FS-181230-4813, FS-180927-1120, FS-181109-3633, FS-181116-4311, FS-181219-3932).
• Prepared internal advanced NVT preference naming and identifier scheme:
  The previous preference identification scheme depended on the name of the NVT and preference while the new one uses independent identifiers like the NVT OID. This will allow NVT and preference names to be changed once GOS versions using the old scheme are retired (FS-180109-1807).
• Consolidation Database Management System:
  The same database management system (DBMS) is now used for all GSM models. Essentially only GSM 150 now pgrades to a full DBMS while the SENSORs do not use a DBMS anymore. Further, a GOS migration is limited to upgrade to the direct successor, which also needs to be considered for activation of backups. The consolidation towards a single DBMS allows to simplify data management and gain performance improvements apart from a consistent behavior of all GSM models simplifying support cases (FS-180925-1323, FS-190227-3318).

2019-04-30: Greenbone OS 5.0

Current Patch Level: 5.0.20 (2021-02-22)

Lifecycle Status: Obsolete

5.0.20 (2021-02-22):

• Greenbone OS:
  • Status: Set the release status to “retired” for all GSM types with GOS 5.0. An upgrade recommendation will be displayed in the GOS selfcheck (#146929, #157072).
  • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157071).

5.0.19 (2020-07-30):

• Greenbone OS:
  • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143643).
  • Bugfix: The GOS setup could fail in rare cases (#142488).
  • Bugfix: The setting ‘Max email size’ in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143123).
  • Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#144474).
• Vulnerability Management:
  • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
  • Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140469).
  • Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129751, #2019122310000023).
  • Bugfix: SSH private keys of the ‘ed25519’ key type were not accepted for credentials (#142242).
  • Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#114448, #114449, #2019090410000011).
  • Bugfix: Tasks with an ampersand character (‘&’) in the ask name caused an error if they were run on a GSM sensor (#141859).
  • Bugfix: Migrating sqlite user data from GOS 4.3 to GOS 5.0 manually could fail in some cases (#142144).
• Vulnerability Scanning:
  • Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143798).

5.0.18 (2020-05-25):

• Greenbone OS:
  • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132589).
  • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134695).
  • Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#134772).
  • Bugfix: SCP Alerts caused a path error in GOS (#134804).
  • Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#125050).
  • Bugfix: The keyboard layout selection was not applied sporadically (#139723).
  • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134332).
  • Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898, #2019111210000064).
  • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129754).
  • Minor improvement: Added a selfcheck if the given remote backup server is misconfigured or unreachable (#125752)
  • Minor improvement: Removed the selfcheck alerting the user about a pending switch release (#138967).
  • Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137537).
  • Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-14 (#131710).
• Vulnerability Management:
  • Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132426, #117784, #2019011610000021, #2019082010000037, #2019091110000061).
  • Bugfix: The ‘Deny all and allow’ hosts setting for a user did not deny host access if the input field for ‘allow’ was empty (#132301, #2019032810000013, #2020040210000031).
  • Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131628, #2019042610000033).
  • Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#127466).
  • Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
  • Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128685).
  • Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131912, #2020012410000021).
  • Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102, #131837, #2018083010000029).
  • Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132654).
  • Bugfix: OVAL definitions were duplicated in rare cases (#128163).
  • Bugfix: Verinice ISM and Verinice ITG reports were no longer importable in Verinice (#128330, #2019120410000014, #2019121310000015)
  • Bugfix: Downloading a credential as a RPM package could result in an unuseable package (#131207, #2020040310000038).
  • Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130027).

5.0.17 (2020-01-20):

• Greenbone OS:
  • Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#129688, #131103).
• Vulnerability Management:
  • Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128397).
  • Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#128600).
  • Bugfix: Changing the Report filter for a Report that is loading did not apply the new filter (#129127).
  • Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#129073).
  • Minor bugfix: Comments for Permissions could not be deleted as expected (#128144).

5.0.16 (2019-12-17)

• Greenbone OS:
  • Improvement: Unlocked the switch releases to Greenbone OS 6.0.1 for all supported GSM types (#129123, #128405).
  • Bugfix: In rare cases, switch release upgrades could get triggered on GSM sensors unintentionally when upgrading the GSM master (#121478).
  • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#98371).
  • Bugfix: IPv6 routes were not shown correctly in the GOS menu (#127560).
  • Minor improvement: Updated the integrated version of the GSM manual (#128690).
• Vulnerability Management:
  • Improvement: Improved the memory allocation management of the gsad webserver (#128399).
  • Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126497).
  • Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#124690).
  • Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#127760).
  • Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128336).
  • Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#124447).
  • Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128065).
  • Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128394).
  • Bugfix: The web interface tab ‘General Command Permissions’ listed duplicate permissions for default items (#118680).
  • Bugfix: ‘sort’ and ‘sort-reverse’ filters were not shown in the web interface Scan Report Content Composer (#121752).
  • Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128142).
• Vulnerability Scanning:
  • Bugfix: Improved a case where the Scanner process could get stuck (#124695).

5.0.15 (2019-11-26):

• Vulnerability Scanning:
  • Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127751).

5.0.14 (2019-11-01):

• Vulnerability Management:
  • Bugfix: Results did not show up for downloaded reports (#126018).
  • Bugfix: Viewing a delta report in the web interface could show a constant loading indicator (#126022).
  • Bugfix: The number of high results was not shown in the ‘Hosts’ tab of the report details page (#126020).

5.0.13 (2019-10-29):

• Greenbone OS:
  • Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123416).
  • Improvement: Added a check and an info dialogue to prevent GOS upgrades if deprecated settings are configured (#119699, #121980).
  • Bugfix: Added support for restoring old backups created with GOS 4 (#123292, #125198).
  • Bugfix: For airgap setups, the airgap master will now provide the airgap sensors with upgrade packages for the current and previous GOS versions, similar to normal master-sensor setups. This should improve switch releases between major GOS versions for airgap setups (#123183).
  • Bugfix: Incremental backups were only listed if at least one backup had been created locally. Incremental backups are now always listed, even if all backups are stored remotely (#122908, #2019091910000029).
  • Bugfix: The configuration of Remote Syslog settings did not become active until after reboot. They are now active when saving the settings in the corresponding menu (#122260, #2019091010000063).
  • Minor bugfix: Added proper system operation names for creating and restoring an USB backup (#123140, #125500).
  • Minor improvement: When sending emails, a GSM will now use its fully-qualified domain name as the hostname (#72221, #2019021410000014).
  • Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125234).
  • Minor improvement: Updated the integrated version of the GSM manual (#125754).
• Vulnerability Management:
  • Improvement: Simplified the verification process for custom report formats: Custom report formats are no longer verified manually, only automatically. The ‘Verify Report Format’ button was removed in this scope (#111692).
  • Improvement: The report details page now opens at the ‘Information’ tab by default (#125850).
  • Bugfix: After encountering an error page in the web interface, the error is no longer displayed when trying to view another page (#124342).
  • Bugfix: The ‘Reset to Default Filter’ button on Report details pages set an erroneous filter, causing no Results to be displayed (#120979).
  • Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#119765).
  • Bugfix: When creating objects in the web interface, no preselections were shown even if suitable elements existed, for example when creating a Permission, no User would be preselected. The first element alphabetically is now preselected, if an element exists (#119932, #2019080810000015).
  • Bugfix: The icons identifying an operating system on the Assets pages would sometimes show up as “?” only, even if detailed information on the operating system is available (#125194).
  • Bugfix: It was not possible to delete comments for Users (#125448, #2019100910000054).
  • Bugfix: Saving a space character as a User comment caused an error (#124339, #2019100910000054).
  • Bugfix: Deleting a user with objects in the Trashcan could cause a sql error (#124694).
  • Bugfix: The dashboard display “Next Scheduled Task” was missing timezone information (#122387, #2019091110000016).
  • Minor bugfix: Verifying a Scanner on the corresponding scanner details page was missing a feedback dialog (#112039).
  • Minor bugfix: Increased the number of characters allowed in the ‘Filter’ input field of the ‘Update Filter’ dialogue (#121747).
  • Minor bugfix: On the dashboard display “Chart: Operating Systems by Vulnerability Score” CPE values could be truncated at the end, omitting operation system details. Such cases are truncated at the beginning now, allowing for easier identification of the operating systems in question (#122146, #2019090910000039).
  • Minor bugfix: Corrected a special character encoding issue on the User list page (#123139, #2019092310000066).
  • Minor bugfix: Corrected an error message that could occur when saving a Role (#121746).
  • Minor improvement: Improved the error message in case the web server does not respond (#113218).
  • Minor improvement: Removed the ‘Clone Report Format’ button since it had no use case (#111692).
  • Minor improvement: Improved the default name and password hints on the web interface login page (#124117).

5.0.12 (2019-10-08):

• Greenbone OS:
  • Bugfix: GSM appliances without Alert functionality that were installed via a GOS 5.0.4 or newer image were exposing a SMTP port erroneously. The related service has been disabled for these appliances (#123978).
  • Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121977).
  • Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121977).

5.0.11 (2019-09-24):

• Greenbone OS:
  • Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121983).
  • Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121478).
  • Bugfix: Added the missing ‘gpgsm’ package for S/MIME certificate support to GOS (#121985).
  • Bugfix: Fixed frequent, cosmetic redis error messages that were shown after a GOS upgrade (#118683).
  • Minor bugfix: Fixed scanner logs during a feed update sometimes not showing the correct progress when loading NVTs (#81956).
  • Minor improvement: Added warnings regarding the usage of ECDSA/DSA remote backup server host keys (#120115).
  • Minor improvement: Added a name for the ‘Flash Write’ system operation in the ‘About’ menu (#119046).
  • Minor improvement: Updated the integrated version of the GSM manual (#123087).
• Vulnerability Management:
  • Improvement: On Report details pages, only ‘high’, ‘medium’ and ‘low’ severity Results will now be displayed by default. ‘Log’ Results are no longer displayed by default, but may still be shown via a Filter. This may improve the performance of displaying Reports with a very large number of Results (#121641).
  • Improvement: Changed the default sorting of Results on Report details pages. Results are now sorted from highest to lowest severity (#121641, #2019082910000057).
  • Improvement: Added the columns ‘Ports’, ‘Apps’, ‘Distance’ and ‘Auth’ to the ‘CSV Hosts’ report format (#120739, #2019082010000028).
  • Improvement: Added an animation and a lock to the ‘OK’ buttons of the report composer and trigger alert dialogues in the web interface to indicate that they been clicked, and to prevent further clicks until the original operation is finished (#120695, #2019081910000021).
  • Improvement: Added a short animation to the ‘Empty Trash’ button in the web interface to indicate that it has been clicked (#121341).
  • Improvement: Improved the ‘Edit User Settings’ dialog part for changing the current password. The description and error handling have been improved (#121974).
  • Improvement: Enhanced the Alert details pages to show more information regarding the configured Alert type and settings (#119766).
  • Improvement: Added tooltips to the ‘Edit Task’ dialog to indicate which settings cannot be edited for non-alterable tasks (#119840).
  • Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#108616, #2019011510000041).
  • Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122907, #2019091810000067).
  • Bugfix: Filtering Remediation Tickets by status was not working correctly. Remediation Tickets can now be filtered via ‘Open’, ‘Fixed’, ‘Fix Verified’ and ‘Closed’ as expected (#117783).
  • Bugfix: Remediation Tickets linked to a Task that is in the Trashcan or deleted had several display and useability issues (#116253).
  • Bugfix: Fixed a further issue with the CVSS calculator, if “Authorization” was set to “Single” (#118415).
  • Bugfix: Fixed the ‘Download CSV’ chart button causing an error (#121745).
  • Bugfix: Fixed long note texts breaking the boundaries of the text box on Notes details pages (#120981).
  • Bugfix: It was not possible to request individual vulnerabilities when using the GMP command ‘get_vulns’ with the ‘vuln_id’ attribute (#116532).
  • Minor improvement: Updated the man page of gsad (#112036).

5.0.10 (2019-09-03):

• Greenbone OS:
  • Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
  • Minor improvement: Updated the integrated version of the GSM manual (#121640, #121753).
• Vulnerability Management:
  • Bugfix: Fixed a reflected XSS vulnerability in the web interface (#121870).
  • Bugfix: Sensor scans could erroneously show the status ‘Interrupted’ on the master in some cases (#121106).
  • Bugfix: Permissions could not be edited in the Administration/Roles/Edit Role dialog (#120601, #121343).
  • Bugfix: Disabled the ‘Trigger Alert’ button on Report details pages for GSM types that do not support Alerts and for users that have no permission to use Alerts (#120598, #120600).
  • Bugfix: Disabled the ‘Edit My Settings’ button on the Extras/My Settings page for users that have no permission to modify Settings (#120598).
  • Bugfix: Removed the ‘Clone Host’ button from all Assets/Hosts pages since it had no use case and caused an error (#121242).
  • Bugfix: The ‘sort-reverse’ filter was not applied in the GSR-PDF report (#119483).

5.0.9 (2019-08-26):

• Greenbone OS:
  • Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120973).
• Vulnerability Management:
  • Bugfix: On the Assets/Hosts page, creating a new target via a bulk action caused an error (#120185, #2019081310000032).
  • Bugfix: In the power filter, quotation marks in keywords starting with the character ‘~’ where not handled correctly, causing subsequent errors during bulk actions (#115293).

5.0.8 (2019-08-14):

• Greenbone OS:
  • Extension: The “Greenbone Security Manager with Greenbone OS 5” user manual is now included in GOS for offline use. It can be accessed via the web interface menu Help/Contents (#119292, #119764).
  • Improvement: Added an experimental “SQL chunking” setting for sensor scans. It is activated via the GOS command line and may improve the scan performance (#117778).
  • Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#116440).
  • Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
  • Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119829, #2019080510000021, #2019072410000022).
  • Bugfix: The database file of a user data backup was not renamed correctly when upgrading from GOS 4 to GOS 5, causing a redundant copy to be present (#118354).
  • Bugfix: Uploading a remote backup server host key could add a newline character, causing the host key to be invalid (#109875).
  • Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118338).
  • Minor bugfix: The Maintenance/Flash menu was erroneously shown for the virtual appliances GSM DECA, TERA, PETA and EXA. It was not functional and has been removed (#119052).
• Vulnerability Management:
  • Improvement: Single select dropdown menus in the web interface are now completely clickable (#118178, #2019071510000101).
  • Improvement: The Edit/New Schedule dialog has been extended to make picking Schedule times easier: The new “Now” button will always set the current time, the date picker has had a year picker added (#118251).
  • Bugfix: Schedules could be erroneously removed from Tasks, since the new iCalendar format was not used for all checks (#117775, #2019070910000033).
  • Bugfix: Schedule “Next Run” times were wrong if the Schedule was non-recurring or for certain timezone constellations (#119045, #119482, #2019072910000013).
  • Bugfix: Schedules migrated from GOS 4 were always using the UTC timezone (#118054, #2019071510000012).
  • Bugfix: Schedule times are once again shown in the timezone that the Schedule was configured for, not the general user settings timezone, restoring the behaviour from GOS 4 (#118873).
  • Bugfix: On the Report details page, the columns Ports, Apps, Distance, Auth, Start and End were missing in the Hosts tab (#115647).
  • Bugfix: The Export File Name settings in the web interface were not applied (#118181, #2019071610000029).
  • Bugfix: The Task setting “Once” for Schedules was not saved correctly (#118237, #118238, #2019071610000127).
  • Bugfix: Emails sent via the an Email Alert had a wrong “Return-path”, “envelope-from” respectively “X-MailRelay-From” (#119942, #2019080810000024).
  • Bugfix: If any default Permissions are missing, they will now be re-created when the Greenbone Vulnerability Manager starts (#117410, #2019062010000013).
  • Bugfix: Resuming a Task configured to run on a Sensor could lead to duplicate results (#113271).
  • Bugfix: Verifying a Report Format in the web interface was missing a feedback dialog (#115104).
  • Bugfix: Verifying a Scanner in the web interface was missing a feedback dialog (#112039).
  • Bugfix: Alerts with the deprecated Report Format “HTML” were not migrated to use the Report Format “TXT” correctly (#110772, #2019071510000085).
  • Bugfix: Opening the web interface login page in a new window or tab while a login was active in another window or tab could log the user out (#114452).
  • Bugfix: If two web users are configured with different user interface languages, switching between the two users required two login attempts (#118559, #2019072310000015).
  • Bugfix: On the Performance page, the performance graphs for Sensors were not working correctly (#119210, #2019073110000045).
  • Bugfix: On the Performance page, changes made via the date picker were not saved correctly (#118055).
  • Bugfix: An error in the CVSS calculator occured, if “Authorization” was set to “Single” (#118415).
  • Bugfix: Clicking the operating system icon on any Host details page caused an error, it now links to the corresponding operating system details (#117780).
  • Bugfix: Creating a valid, but incomplete Alert via GMP and then trying to view it in the web interface caused an error (#114775).
  • Bugfix: Exporting a NVT with an apostrophe in the name caused an error (#120071).
  • Minor bugfix: When creating new Permissions for a Task, the default, pre-selected Permissions were different than in GOS 4 (#114791).
  • Minor bugfix: The “Filter” field in the Scan Report Content Composer was not automatically resized to fit the filter string, causing the text to overflow (#118182, #2019071510000111).
  • Minor bugfix: On the Tasks page, the indicator icon for Tasks configured to run on a Sensor was missing (#119767).
  • Minor bugfix: In the Delta Report view, the indicator for changed items, (+) and (-), was missing colorization (#112862).
  • Minor bugfix: The Task settings “Maximum concurrently executed NVTs per host” and “Maximum concurrently scanned hosts” were not shown on the Task details view (#110104).
  • Minor bugfix: Viewing any Report Format details page as a user with the role “Observer” would show XML parsing errors (#118560).
  • Minor bugfix: The “rows” Filter allowed for invalid values and relations. Invalid values are now converted to “1”, invalid relations are converted to “=” (#111336).
  • Minor bugfix: The response for the GMP command “delete_ticket” has been adjusted to lowercase (#116531).
  • Minor improvement: Removed the preview icon for Delta Report result differences, since the preview can not support all relevant details. Delta Report result differences may still be clicked to view their full details (#113514).
  • Minor improvement: Lists of objects in the web interface, for example “Tasks using this Alert” on the Alert details page, have been improved to make individual objects easier to discern (#118179, #2019071510000067).
  • Minor improvement: The Edit/New Task dialog has been adjusted, allowing the display of longer Scan Target and Schedule names (#118178, #2019071510000101).
  • Minor improvement: The CVSS calculator now states that CVSS V2.0 is used (#113527).
  • Minor improvement: The “details” attribute of the GMP command “get_reports” was undocumented (#114702).
• Vulnerability Scanning:
  • Bugfix: The get_ssh_port() function of the scanner could fall back to port 22 when a custom port was configured (#114986).

5.0.7 (2019-07-25):

• Vulnerability Scanning:
  • Bugfix: Fixed an issue causing scans to abort early due to the scanner not being able to fork new processes. This could lead to less detection results and host details being reported (#116389, #116533, #116866, #2019062510000059, #2019071610000011).
  • Bugfix: Added missing libopenvas build dependencies to openvas-smb (#118501).

5.0.6 (2019-07-11):

• Vulnerability Management:
  • Bugfix: The HTTP timeout setting for the web interface was using an erroneous internal value, this has been corrected (#117889, #2019070810000071).

5.0.5 (2019-07-09):

• Greenbone OS:
  • Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117589).
  • Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#117030).
  • Bugfix: Support for importing old GOS 3.1 or 2.0 userdata backups has been improved (#117135).
  • Bugfix: Starting a GOS upgrade after importing an old GOS 3.1 or 2.0 userdata backup could cause a postgres error (#117412).
  • Minor bugfix: The system operation ‘Update Feed’ in the GOS menu ‘About’ was not named correctly in all cases (#117411).
  • Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117591).
  • Minor improvement: All occurences of ‘Airgap Slave’ have been renamed to ‘Airgap Sensor’ (#117282).
• Vulnerability Management:
  • Bugfix: Configuring a custom HTTP timeout setting for the web interface was not applied in all cases (#117640, #2019070810000071).

5.0.4 (2019-07-01):

• Greenbone OS:
  • Extension: Introduced new GSM types 450, CENO, DECA, TERA, PETA and EXA (#114981, #114992).
  • Improvement: Activated support for SMTPS encryption of emails sent by a GSM (#83277).
  • Improvement: Added a shell script to fix oversized postgres databases (#86497).
  • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#93050, #116252).
  • Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
  • Minor improvement: Added warnings regarding the usage of ECDSA SSH keys (#116303).
  • Bugfix: The flash drive of GSM hardware appliances was sometimes not detected correctly (#115837).
  • Bugfix: No network traffic performance graph data was shown for interfaces in the ‘scan1’ namespace (#110755).
  • Bugfix: The network route 0.0.0.0/0 can now be set (#115609).
  • Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876).
  • Minor bugfix: Improved the formating of the GOS sensor test results (#113219).
• Vulnerability Management:
  • Improvement: The Greenbone Vulnerability Manager now automatically adds a “login failed” host detail when a target has a credential configured and the login fails (#106677).
  • Improvement: Updated the manpage of gvmd (#112086).
  • Bugfix: Notes and overrides for results were not shown (#112702).
  • Bugfix: Not all result pages for delta reports could be viewed (#116392).
  • Bugfix: Task names were not visible in the reports view (#110527, #2019051010000034).
  • Bugfix: The ‘Edit’ dialogue for LDAP and RADIUS settings did not work in some cases (#115426).
• Vulnerability Scanning:
  • Bugfix: If there is no redis database available, the scanner will no longer wait forever, but resume operation as soon as a database becomes available again (#115613).

5.0.3 (2019-06-19):

• Greenbone OS:
  • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116440).

5.0.2 (2019-06-03)

• Greenbone OS:
  • Improvement: The GOS menu ‘About’ will now show the exact type of system operation that is in progress (#98619).
  • Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#115335).
  • Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113830).
  • Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#115285).
• Vulnerability Management:
  • Improvement: Greatly improved the performance of the ‘Edit Scan Config’ dialog (#112699).
  • Minor improvement: File upload buttons and text input fields are now inactive if their corresponding radio button is not selected (#113530).
  • Minor improvement: Added documentation of NVT categories in a GMP response (#109616).
  • Bugfix: The Task page could show an internal error in some circumstances (#114037, #2019051010000034).
  • Bugfix: When switching from the reports list page to the report details page, the page could get stuck while loading (#114040, #2019051010000034).
  • Bugfix: Giving write permissions for a task to another user still did not allow that user to start the task (#114793).
  • Bugfix: It was not possible to bulk-tag filtered resources, like port lists (#113729).
  • Bugfix: Vulnerabilities were not supposed to be tagged, the bulk-tag icon has been removed from the Vulnerabilities page (#115294).
  • Bugfix: Using the ‘Test Alert’ functionality for an alert with the method ‘Start Task’ did not start the task (#110778).
  • Bugfix: Verifying default report formats caused an error. Since they are always verified, the corresponding verification has been disabled (#110105).
  • Minor bugfix: Task details pages were not refreshed correctly (#113931).
  • Minor bugfix: The scheduled task icon tooltip did not list the next due date (#113203).
  • Minor bugfix: In the Results view the host IP column could display ‘null’ (#110583).
  • Minor bugfix: Email alerts could be configured with a syntactically invalid email address (#112103).
  • Minor bugfix: For email alerts with an attached report, the content type of the attachment was set to ‘null’ erroneously (#112155).
  • Minor bugfix: Changed the ‘Solution Type’ checkboxes in the Results power filter dialog to radio buttons, since only one selection is allowed at a time (#114039)
  • Minor bugfix: In the ‘Import Report’ dialog all available containers are now always shown (#112616).
  • Minor bugfix: The ‘NVTs by Family’ chart did not show the message ‘Applied filter…’ if a filter is used (#114094).
  • Minor bugfix: In report details, error messages could contain erroneous entities (#113516).
  • Minor bugfix: In scan config details, ‘Tasks using this Scan Config’ was missing linebreaks (#113871).
  • Minor bugfix: The delete icon was shown as active for scan configs which are in use, it now shows as inactive as intended in this case (#111525).
  • Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035).
  • Minor bugfix: The ‘Anonymous XML’ and ‘XML’ report format details were incorrectly describing both as ‘OpenVAS Manager XML format’ (#113873).
  • Minor bugfix: The ‘Common Platform Enumeration’ report format details were incorrectly referring to it as ‘Common Product Enumeration’ (#113874).
  • Minor bugfix: Fixed the parsing of CVSS single instance authentication in CVE details (#115277).
  • Minor bugfix: Creating a tag with an empty ‘id’ attribute via a GMP API call could lead to a duplicate response (#113815).
  • Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#115284).
  • Minor bugfix: The ‘get_vulns’ GMP command now returns a valid response when used without a filter (#113817).
  • Minor bugfix: Removed unneeded PostgreSQL error log messages when a lock was not available (#109087).
  • Minor bugfix: Fixed a possible race condition in the ‘Edit My Settings’ dialog (#113930).
  • Minor bugfix: Added German translations for error, date and status information (#114030, #114031, #114193).
• Vulnerability Scanning:
  • Bugfix: Each scan plugin process is now separated into its own process group, preventing defunct processes and NVTs being executed at a wrong time (#109743, #113267).

5.0.1 (2019-05-05):

• Greenbone OS:
  • Improvement: The default system maintenance time is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. The system maintenance time can still be adjusted manually (#113695).
• Vulnerability Management:
  • Improvement: Only fully translated user interface languages are now available to choose from in the My Settings menu. Incomplete translations are hidden until implementation (#113517).
  • Bugfix: The tasks page was not refreshed correctly when a task was in the status ‘Requested’ (#113515).
  • Bugfix: Viewing the TLS certificate details in a report view could lead to an error page (#113520).
  • Bugfix: The hosts topology graph was not displayed correctly if there was a host with no severity present (#113521).
  • Bugfix: Powerfilter dropdown menus were erroneously limited by the Rows per page / max_rows setting (#113528).
  • Minor bugfix: Some login page elements were offset for Microsoft Edge and Microsoft Internet Explorer (#113725).
  • Minor bugfix: The list of excluded hosts in the target details was missing a linewrap (#113204).
  • Minor bugfix: The download icons for credentials were missing tooltips (#112161).
  • Bugfix: The Integrated Remediation Workflow feature was erroneously available for the product families SME and ENTRY. It has been disabled for these families (#113723).

5.0.0 (2019-04-30)

• Transform Web-GUI into a single page application: Transforming the web user interface into a single page application which is loaded once and then only updates the in-browser data from the server. This accelerates user interactions and unloads the server. The design bascially remains as in GOS 4, but the interaction with the user interface will be much more direct and responsive (FS-171117-1741).
• New view on scan results by vulnerability: The new view “Vulnerabilities” additional to Results and Reports summarizes identical vulnerabilities across all scans and of course arbitrary filters can be applied (FS-171117-1729).
• Increase speed of feed updates: SCAP/CERT updates consume less CPU and less RAM (FS-171117-4518).
• Transition from global objects to ownerless-predefined objects: In GOS 4 it was not possible to assign static global objects (Port lists, Scan configs, Scanner and Report Formats) to roles as a specific permission. With the transition to ownerless-prefefined objects it is now possible to configure Users, Roles, and Groups in a way, which permits them only restricted usage of only a few, just one or even none of the predefined objects (FS-171117-4531).
• Add columns “Hosts” and “Location” to the overview for Notes and Overrides: This makes sorting and filtering for Hosts and Locations easier (FS-171117-1839).
• Extended edit dialog for overrides and notes: The edit dialog for Notes and Overrides now allows editing the NVT, Host, Location, Severity, Task and Result even if already set to “Any” or specified in other ways (FS-171117-5915).
• New option to upload a file for “exluded hosts” for a Target: This removes the limit of the previous text entry field (FS-171117-3759).
• Merge of Web-GUI built-in help and GSM Manual: The web version of the GSM manual is directly connected with the help buttons and placed into the appliance. This steamlines the documentation (FS-171116-1819).
• Remove menu item “Assets->Hosts (Classic)”: The key functionality “prognosis” is already available since GOS 4.0 as the “CVE-Scanner” (FS-171117-2431).
• Remove overrides indicator switch (web interface): The indicator/switch icon for overrides in the header of the severity columns in the tasks overview, reports overview, results overview and report-results overview is removed (FS-171117-1503).
• Link to Scan Configs from the OSP Scanner details page (web interface): This makes navigation between Scanners and Scan Configs more consistent (FS-171117-3656).
• Improved log files for scanner (internal): The scanner now follows the very same logging scheme as all other internal modules. This helps for support case about scanner (FS-171117-3025).
• Renamed internal vulnerability management service to “gvmd”: This is a follow-up change of renaming the protocol from OMP to GMP in GOS 4. This establishes an advanced consistency in internal terminology reaching even into the database. However there is no impact for the user interface or to GMP: Neither GUI nor the API is changed (FS-171117-3251).
• Automated internal database updates with feed content: This is a plain internal design change to avoid delayed data updates due to network problems or other issues (FS-171117-5003).
• Advanced internal process activity information scheme for vulnerability management service: This is a plain internal change which makes it easier for support cases to analyse the activity status of a GSM (FS-171117-5336).
• Removed Report Format Plugin “HTML”: The alternative GSR HTML is more advanced in any aspect. Alerts that were configured to use HTML will automatically fall back to use the lightweight “TXT”. Please change to GSR HTML where considered appropriate (FS-171127-5042).
• Multiple user-configured main dashboards: The current single main dashboard under menu “Dashboard” is extended to have up-to 10 user-configured named dashboards. This allows for example to configure “Europe”, “Asia”, “Last Week”, “Windows” or “Printers” by applying respective powerfilters to a individual chart selection. (FS-171116-0537).
• From the list of pre-defined severity classification schemes, “OpenVAS Classic” is removed: It was kept for a transitional phase. Since a long time the NVD classification is the default. During migration, “OpenVAS Classic” is replaced by the NVD classification in case a user configured it as a personal setting (FS-180116-0845).
• Task status “Internal Error” is renamed to “Interrupted”: Scans that stopped for any other reason than the user pressing the stop button will have the status “Interrupted at X%” which is shown in red color in the GUI and and thus replace the status “Internal Error”. After a reboot of the manager, running tasks are set to “Interrupted at X%” instead of “Stopped at X%”. The “Stopped” status remains reserved for user-intentional stopping of a task. Both types can be resumed. This all allows to resume tasks that failed for example due to a network connection problem during a sensor scan. Also it allows to distinguish between user-intended stop and system-driven stop. This changes the status types as handled by the GMP commands get_tasks and get_reports (FS-180108-3217).
• Drop “version” element for NVTs and update version format for Results: The version information is actually redundant since the “last modification” element specifies the version even more meaningful. Thus, the “version” element is removed from the NVT meta data. This also means a minor change to the GMP protocol. Results are still given a version number of the respective NVT, but the format changes from for example “$Revision: 1244$” to “2017-12-20T08:01:27Z” (FS-171208-4740).
• Extend Schedules to allow more refined schedules: The internal task scheduling system was extended to allow more refined schedules. The dialog for editing alerts was extended with more options like “16:00 every monday and wednesday” (FS-171116-3106).
• Drop elements “host_start” and “host_end” from report element of GMP response from “get_reports”: The information in the elements “host_start” and “host_end”are already available in the “host” element. So, this changeis about dropping the redundant part (FS-180104-2357).
• Bulk tagging: This feature introduces the opportunity to assign the same tag to many objects with just a single action rather than adding the tag to each object one by one. For example you can easily assign 100 arbitrarily filtered hosts in the host asset management with the tag “Responsible:AdminTeam1” or “AssetGroup:Printers” (FS-171227-1841).
• Extended vhosts support: The scanner becomes much smarter about finding all hostnames:IPs relationships without need of extra user input. The previously used per-scan-config vhosts/vhosts_ip preferences are simply dropped. Whatever was configured here will now be done automatically and reliably. In environments with virtual hosts, the scan results will haveless results because duplicates are avoided now. The hostname is now a field of its own in the Web-UI as well as in GMP. (FS-171212-5724).
• Removed report type “prognostic”: This report type was available only at GMP level for GET_REPORTS. This removal is the last step of the transition from “Prognosis” reports to the “CVE-Scanner” (FS-180927-0546).
• Extended storage of results (internal): This is a plain internal change (no UI nor API change) to improve performance for some use cases. Technically speaking this reduces the size of the results table by introducing a separate results trash table (FS-180910-0459).
• Drop redundant information from NVT meta data: This is an internal change to reduce the copyright notice to a single occurance in the NVTs. This has a minor positive effect on performance for feed updates (FS-181022-5813).
• Encrypted alert emails: The alert method “Email” now allows to encrypt to a S/MIME certificate or to a PGP key, owned by the recipient. This way a secure end-to-end encryption is established. The encryption keys can be uploaded as a new Credential type in the Configuration section (FS-171122-0309).
• Scan Report Content Composer: This new dialog appears when a report download is requested, an alert execution is requested and is available when an alert is created/edited. The dialog offers to compose the content of the XML that is then passed on to the Report Format Plugin, and perhaps then to the Alert. Initially it allows to configure whether notes and/or overrides should be included into the report. Not all report plugins can handle all types of content. The content composer allows to reduce/extend the scope handled by the report plugin and is designed to be extend with further data groups in the future (FS-180924-3251).
• Integrated Remediation Workflow: For the product families MIDRANGE and ENTERPRISE, a integrated remediation workflow is introduced. It is a ticket management focussed on resolving the finding of vulnerabilities. Compared to a generic ticket management system it is much simpler and has less options. On the other hand, it is capable to automatically consider re-scans in order to verify that an assignee has indeed fixed a security problem. Additionally, all valuable information to understand and resolve a problem is directly cross-linked and thus directly available for an assignee (FS-180103-0646).

2018-08-31: Greenbone OS 4.3

Current Patch Level: 4.3.22 (2021-02-22)

Lifecycle Status: Obsolete

4.3.22 (2021-02-22):

• Greenbone OS:
  • Status: Set the release status to “retired” for all GSM types with GOS 4.3. An upgrade notification will be displayed in the GOS selfcheck (#157070).
  • Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157069).

4.3.21 (2020-07-30):

• Greenbone OS:
  • Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143745).
• Vulnerability Management:
  • Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. Only IPv4 or IPv6 addresses are accepted as a name now (#143733).

4.3.20 (2020-05-25):

• Greenbone OS:
  • Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132590).
  • Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696, #125755, #2019102910000016).
  • Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#102470).
  • Bugfix: The keyboard layout selection was not applied sporadically (#1398861).
  • Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#125586, #2018072410000079).
  • Bugfix: IPv6 routes where not shown in the corresponding administration menu (#127559, #2019112110000029).
  • Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134333).
  • Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#134341).
  • Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137538).
  • Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125235).

4.3.19 (2019-11-26):

• Greenbone OS:
  • Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123417).
• Vulnerability Scanning:
  • Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127752).

4.3.18 (2019-10-08)

• Greenbone OS:
  • Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121978).
  • Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121978).

4.3.17 (2019-09-24)

• This release is planned to be the LTS release of generation 4.
• Update of the base system and of the database management system. This modernizes the basement but leaves the application stack untouched. The user interface, the APIs etc. will remain the same (FS-180108-2522).
• Generator routine for auto-credentials for Debian and RPM based systems updated: In fact, the entire generator was implemented anew, making it much easier to maintain (FS-180514-3416).
• Improved usability of GOS menu: Updated structure and item sequences, consistent spelling, grammar and terms throughout the menu, introduce check boxes and radio buttons for state of settings (FS-180723-4923).
• Substitute ExpertNet functionality by network namespace management: The GOS menu “Network” is extended with settings for assigning network interfaces to namespaces. This covers the standard cases of using the ExpertNet functionality. In particular, this allows for an esier way to assign specific interfaces for scanning and management.Note: This feature is only available for GSM Midrange and Enterprise series (FS-180626-0915).

In case you are using the ExpertNet functionality in GOS 4.2, please follow these steps: 1. Save the ExpertNet Configuration separate from the GSM. 2. Optional: Consult Greenbone Support about possible challenges for the substitution of your ExpertNet configuration. Some advanced ways might not directly be transferable to the new scheme. 3. Deactivate ExpertNet. 4. Migrate to GOS 4.3 5. Configure the network with the new opportunities based on the details in the preserved ExpertNet configuration.

4.3.17 (2019-09-24):

• Greenbone OS:
  • Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121982).
  • Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#121337).
  • Bugfix: The switch release from GOS 4.2 to GOS 4.3 could fail in some cases, if an IPv6 management IP was configured (#118949).
  • Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121479).
  • Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120972).
  • Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
  • Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119838).
  • Bugfix: Uploading a remote backup server host key could add a newline character or new lines, causing the host key to be invalid (#109875, #119485).
  • Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118184).
  • Minor bugfix: Improved the spelling in the GOS self check (#112714).
  • Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
• Vulnerability Management:
  • Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#121333, #2019011510000041).
  • Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122909, #2019091810000067).

4.3.16 (2019-07-09):

• Greenbone OS:
  • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117635).
  • Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117132, #2019070110000011, #2019070410000051).

4.3.15 (2019-07-01):

• Greenbone OS:
  • Bugfix: Switch releases from GOS 4.2 could fail due to a networking error (#116250, #2019061110000021, #2019061110000012, #2019060610000059).
  • Bugfix: The network route 0.0.0.0/0 can now be set (#115609, #2019060310000028).
  • Bugfix: Network interfaces were sometimes be erroneously named on the new GSM type 5400 (#116814, #2019062510000041).
  • Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876, #2019042910000046).
  • Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
  • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#116640).
  • Minor improvement: Improved the error logging for the TippingPoint alert (#114090, #2019041610000098).
  • Minor improvement: Updated the info dialogue when upgrading to GOS 5.0 (#116910).

4.3.14 (2019-06-19):

• Greenbone OS:
  • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116439).

4.3.13 (2019-06-03)

• Greenbone OS:
  • Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#114780, #2019040110000026).
  • Improvement: The default system maintenance time for new Greenbone OS installations is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. Existing setups are not changed, and the system maintenance time can still be adjusted manually (#113697).
  • Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113829).
  • Bugfix: Opening the IPv6 global gateway menu lead to a traceback (#114746, #2019051610000032).
  • Bugfix: Manually deactivating the deprecated expert networking feature on namespace appliances could cause issues when configuring the scan namespace (#113816).
  • Bugfix: The migration from GOS 4.2 to GOS 4.3 could fail for non-namespace appliances (#114750).
  • Bugfix: On namespace appliances, the OpenVAS scanner was sometimes started in the wrong namespace (#113823, #2019050610000015).
  • Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#109142, #2019021210000027).
  • Minor bugfix: The Greenbone OS upgrade info dialogue and selfcheck could display the version information ‘None’ in some cases (#113531).
• Vulnerability Management:
  • Bugfix: In some cases the default quality of detection for all vulnerabilities was set to 75% due to the OpenVAS manager not correctly generating its internal metadata database (#108670).
  • Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#114035, #2019050910000064).
  • Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035, #2019050910000064).

4.3.12 (2019-05-01):

• Greenbone OS:
  • Improvement: Added info dialogues to explain why a GOS upgrade might not be possible due to a range of issues, as well as how to solve them (#109524).
  • Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to redis is now included (#113457).
  • Bugfix: The internal GOS configuration management did not generate a correct return code in some cases, leading to subsequent problems (#112707, #112712).
  • Minor bugfix: A file path in the Support Package pointed to the wrong location (#112526).
• Vulnerability Management:
  • Improvement: Added a configurable setting to control the interval at which a GSM master appliance requests scan results from a GSM sensor appliance. Different values may be used for performance optimization (#112620).
  • Bugfix: For some default scan configs the current value of “Mark unrechable Hosts as dead” in “Ping Host” was set to “No”, leading to significantly increased scan times. It has been set to “Yes” for all default scan configs (#91358).
  • Bugfix: Resuming a scan task on a GSM sensor appliance could lead to duplicate scan results (#113339).
  • Bugfix: Adjusted the SMB alert to provide better compatibility with non Microsoft Windows SMB shares (#110811, #2019040110000026).
  • Bugfix: Fixed a traceback that could occur for the TippingPoint SMS alert (#112681, #2019041610000098).
  • Bugfix: Deleting assets selected with “Apply to all filtered” was not working (#99285).
• Vulnerability Scanning:
  • Improvement: Adjusted the redis ‘databases’ setting to improve high-load situations (#113216, #2019042410000037).

4.3.11 (2019-04-03):

• Vulnerability Management:
  • Improvement: Added a command line setting to control the chunk size of the data that is transfered between master and sensor appliances (#111446).

4.3.10 (2019-04-02):

• Greenbone OS:
  • Bugfix: Configuring a static IP address on non-namespace appliances could lead to a traceback (#111326).

4.3.9 (2019-03-26)

• Greenbone OS:
  • Extension: Global gateways can now be assigned to a specific network interface via the GOS menu (#108189, #2018110810000047).
  • Extension: A script to manually verify the integrity of the USB Airgap APT feed has been added to GOS (#100162, #2018082910000041).
  • Improvement: Debug information for the scan namespace is now included in the GOS support package (#110536).
  • Bugfix: Setting a route for the scan namespace could sometimes fail, this has been fixed for all cases (#109811, #2019021510000076).
  • Bugfix: It was possible to assign the same IP address to different interfaces in the management namespace, leading to subsequent problems. IP addresses in the management namespace must be unique now (#095757).
  • Bugfix: In some cases the SSH service could fail when no IP was configured (#110806, #109821, #2019022710000026, #2019032110000026).
  • Bugfix: Search domains were not forwarded from the management namespace to the scan namespace. They are now shared between all namespaces (#109752, #2019022510000021).
  • Bugfix: The internal GOS configuration management now handles multi dimensional arrays correctly (#110597).
  • Minor bugfix: The GOS self check did not display the correct check in progress if this check involved a network timeout (#109819).
  • Minor bugfix: In some cases the GOS menu could warn about no network being available if an interface other than eth0/mgmt0 was configured for management (#104990).
  • Minor bugfix: The LDAP and Radius configuration files on appliances that do not support these features were incorrect (#109826).
• Vulnerability Management:
  • Improvement: The TCP-SYN and TCP-ACK settings for “Alive Test” method have been updated (#110452).
  • Bugfix: GMP users were able to lock themselves out of their account via the modify_config command (#109746).
  • Minor bugfix: For email alerts, the lines preceding the first blank line were omitted on some email clients like Microsoft Outlook and The Bat! (#100158, #2018080210000019).
  • Minor bugfix: Improved the German translation of the web interface (#109751, #2019030710000071).
• Vulnerability Scanning:
  • Improvement: The performance of handling large sets of hosts during the start of a scan has been improved (#110795, #110809).

4.3.8 (2019-02-25):

• Greenbone OS:
  • Improvement: The scanner will now be started in the scan namespace only if at least one interface has been switched to the scan namespace (#0109576).
  • Bugfix: The second out of band management port on GSM 6500 could not be configured correctly (#0109623).

4.3.7 (2019-02-14):

• Greenbone OS:
  • Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#108957, #109013, #109313).
  • Improvement: Added a selfcheck warning if Expert Mode networking is active. Expert Mode networking is deprecated in GOS 4.3 (#109147).
  • Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108963).
  • Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109097, #2019011410000016).
  • Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#109007).
  • Bugfix: The remote backup server configuration is now always migrated correctly during a switch release (#109303, #2019021310000034, #2019021310000043).
  • Bugfix: Fixed host key fingerprint checks during feed synchronisation to work with all supported ports (#108901, #2019021310000043, #2019021310000061, #2019021410000087).
  • Bugfix: The scanner was sometimes started in the wrong namespaces after specific configuration steps. The scanner is always started in the scan namespace now (#109318).
  • Bugfix: Due to a race condition, hostname resolution for scans could sometimes fail on appliances with network namespaces, this has been fixed (#099349).

4.3.6 (2019-02-02):

• Greenbone OS:
  • Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108672).

4.3.5 (2019-02-01):

• Vulnerability Management:
  • Extension: SMB alerts capabilities are extended, especially with regard to how the target filenames are determined. Among the changes, the default report filename changes and depending on how you configured this alert, the behaviour might change. In essence it could happen that the target filename is now “report.xml.xml” instead of just “report.xml”, which can be adjusted easily in the Alert configuration. Please contact the Greenbone Support if you are using SMB alerts and are unsure whether you might be affected by this change. A primary extension is that the SMB alert can consider special tagging of scan tasks to assemble the file path dynamically (FS-180110-4337, #79989, #79987, #105198, #2018041710000043, #2019010910000026, #79986).
  • Extension: The new alert type “Alemba vFire” (minimum vFire version 9.7) allows to transfer scan reports to the vFire ticket system (FS-180917-5139, #67013).
  • Extension: Overrides are now capable to consider IP ranges and the entry field size is increased from 80 to 200 characters (#103028, #2018040610000037).
  • Improvement: The UI and reports can now also inform about success or failure regarding SNMP credentials, analog to what is already imformed about SSH and SMB credentials (#108310).
  • Bugfix/Improvement: The alert method for the Sourcefire Defence Center, meanwhile known as FirePower Threat Defense, was fixed and improved (#2018051410000011, #99769).
  • Bugfixes: A couple of problems with the Windows Autocredential Installer were fixed. Among this were special characters in passwords and special behaviour of Windows Server 2008 R2 (#99466, #2018081410000041, #2018121310000017, #63874).
  • Bugfix: It was possible that a scan executed on a sensor hangs in “Requested” in case some types of SNMP credentials were configured for this scan (#103073, #2018091310000032).
  • Bugfix: In a few cases, URLs provided as a cross reference of a NVT were wrongly assembled in the UI (#102293).
  • Bugfix: Under certain conditions it was possible that the scanner falls back to its default settings (#107824).
  • Bugfix: The performance overview showed charts for unavailable components (#108079).
  • Bugfix: The robustness of the scanner against rare race conditions for the NVT cache management was improved. This is about observations where a scan stops on its own shortly after it was started (#104878).
  • Minor bugfix: The Icon “Edit Filter” was missing a tooltip (#104990).
• Vulnerability Scanning:
  • Bugfix: Credentials for SSH with ecdsa256 were causing an error when uploaded (#106266, #2018121410000015).
• Greenbone OS:
  • Extension: The GOS administration allows to activate a limit of subsequent failed logins as GOS administration user. If the limit is reached, access via SSH is locked. To unlock it, it is necessary to login at the console and enter the administration menu for the SSH service. The selfcheck is extended to consider and inform about the status. Note that activating this feature means to add brute-force-login protection on the one hand, but also expose a denial of service attack vector on the other hand. The choice is subject to individual policy and security consideration. They mutually excluded each other, so you can not have both at the same time (FS-180823-3404, #105677).
  • Bugfix: For imported TLS certificates to be used for the web user interface, two problems were solved regarding longer certificate chains (with intermediate CA certificates) and regarding PKCS12 import (#93042, #107737, #2018092410000039).
  • Bugfix: In a few cases, restoring a userdata backup was causing problems (#102534).
  • Bugfix: For the USB backup, the GOS administration offers to format a USB stick in case it is not formatted properly yet. This formatting failed (#107301, #2019010710000075).
  • Bugfix: Some configurations of the Remote Syslog feature could cause the related service to fail (#106306, #2018112810000018).
  • Bugfix: Reintroduced the next version number when listing available GOS upgrades (#105589, #2018120410000016).
  • Improvement: Improved the GOS upgrade management of sensors via the GSM master appliance (#104452).
  • Improvement: Several internal improvements for MSSP setups (#105889, #103380, #105887).
  • Improvement: Added / updated support for SSH access with regard to supported algorithms/ciphers, for example curve25519 (#97126).
  • Improvement: The host key fingerprint checks during feed synchronisation have been configured to be stricter by default (#104258).
  • Improvement: The internal state management for the GOS configuration is improved to better handle roles affected by a configuration change (#106595).
  • Minor bugfix: When uploading a GSF access key but using no key file, now a proper error message is displayed instead of an internal error message (#108321).

4.3.4 (2018-12-03):

• Vulnerability Management:
  • Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in an empty file (#104970).
  • Bugfix: In some special cases, deleting a user was causing an error message (#104883).
  • New: The Web Interface was extended with a Japanese translation (#104813).
  • Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied (#103819).
  • Minor Bugfix: Export Topology SVG file now names the source (the host from where scans are execute) “Greenbone” (#104882, #2018111610000013).
• Greenbone OS:
  • Improvement: In GOS Administration Menu a range check was added for MTU (#101622, #102975).
  • Improvement: Configuration changes in GOS Administration Menu on a GSM 100 will now be processed faster (about half the time) (#102464).
  • Bugfix: Upon a VLAN configuration change in GOS Administration Menu, errors could occur and only after a reboot the changes came into efect (#104037, #2018110110000023).
  • Bugfix: The network interface was shutdown upon activating IPv6 DHCP (#101743).
  • Bugfix: Configuring a route for a VLAN caused an error (#100100, #201810241000001).
  • Minor Bugfix: In GOS Administration Menu, some minor improvements and minor fixes were done (#105071, #102469, #102973).

4.3.3 (2018-10-26):

• Vulnerability Management:
  • Bugfix: Using quotation marks in filter triggered error in bulk action (#103032, #2018072710000037).
  • Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102295, #2018100510000063).
  • Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103072, #2018091310000032).
  • Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100315, #2018090310000024).
  • Minor bugfix: It was not possible to create tags for scanners (#100318, #2018090310000079).
  • Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102251, #2018100410000056).
  • Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102456, #2018100510000036).
• Greenbone OS:
  • Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102831).
  • Bugfix: Configuring a VLAN interface without configuring the parent LAN interface caused an error (#103653, #2018102310000011).
  • Bugfix: Once a the network configuration ended up in an error, further configuration was not possible (#103654, #2018102310000011).
  • Minor bugfix: During upgrade a uneeded additional information dialog appeared (#103076).
  • Minor bugfix: During upgrade the GOS version was not always shown properly in the about-box (#103544).
  • Minor bugfix: Routes menu dialog was missing a title (#102654).
• Vulnerability Scanning:
  • Improved consideration of UDP services (#103074, #2017090110000021).

4.3.2 (2018-10-15):

• Vulnerability Management:
  • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones (#101365).
  • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102648, #2018101010000026).
  • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#98416).
  • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101657).
  • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers (#101654, #2018072710000037).
• Greenbone OS:
  • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#102467, #2017112310000029).
  • Bugfix: Custom gateway configurations were not properky migrated from GOS 4.2 to GOS 4.3 (#102468).
  • Improvement: GOS settings are now type-aware and also extended with range/content checking. Various settings outside sensible ranges are not rejected now (#59806, #95326, #95811, #101624).
  • Improvement: When using DHCP but some network trouble causes that no IP is provided by DHCP, GOS now tries to cope with the situation better. For example, it offers to retry or skip (#99467).
  • Bugfix: VLAN addresses were not poperly shown in GOS menu (#100099).
  • Minor bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102836).
  • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102828).
  • Minor bugfix: disallow reserved IPv6 addresses during IPv6 type check (#101279).
  • Minor improvements on boot/kernel, getting rid of useless warnings (#102010).

2017-09-30: Greenbone OS 4.2

Current Patch Level: 4.2.30 (2019-07-31)

Lifecycle Status: Obsolete

• Changeover: Slaves become scanners. This simplifies the handling of the scan sensors. Among other things, this means that access authorization management for slaves is now regulated via the uniform path.
• Approval of sensors now required via GOS administration: Users can only configure sensors that have received a general release by the administrator of the appliance.
• Advanced menu of the GOS Administration.

4.2.30 (2019-07-31):

• Greenbone OS:
  • Set the release status to “retired” for all GSM types with GOS 4.2. An upgrade recommendation will be displayed in the GOS selfcheck (#118948).

4.2.29 (2019-06-19):

• Greenbone OS:
  • Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116441).

4.2.28 (2019-02-20):

• Greenbone OS:
  • Bugfix: It was possible that a scan executed on a sensor hangs in „Requested“ in case some types of SNMP credentials were configured for this scan (#0103031, #2018091310000032).

4.2.27 (2019-02-14):

• Greenbone OS:
  • Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#109009, #109314).
  • Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108960).
  • Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109095).
  • Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#108961).

4.2.26 (2019-02-02):

• Greenbone OS:
  • Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108671).

4.2.25 (2019-02-01):

• Greenbone OS:
  • Improvement: A red-dialog warning was added to the release upgrade to GOS 4.3 to explain that 4.3 introduces a mandatory distinction of the mangement interface and the scan interface. This distinction make it necessary for GSM 400 and above to physically attach a second network cable to the appliance. (#108615).

4.2.24 (2018-11-20):

• Vulnerability Management:
  • Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in a empty file (#91951, #2018041710000043).
  • Bugfix: In some special cases, deleting a user was causing an error message (#103651, #2018081610000011).
  • Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied (#103818).
• Greenbone OS:
  • Bugfix: In very special cases, upon configuration changes the boot menu showed multiple entries (#103822).
• Vulnerability Scanning:
  • Bugfix: The scanner log showed error messages when using WMI to scan Windows systems. We have not observed impact on scan results though (#104645).

4.2.23 (2018-10-26):

• Vulnerability Management:
  • Bugfix: Using quotation marks in filter triggered error in bulk action (#98690, #2018072710000037).
  • Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102296, #2018100510000063).
  • Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103070, #2018091310000032).
  • Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100314, #2018090310000024).
  • Minor bugfix: It was not possible to create tags for scanners (#100317, #2018090310000079).
  • Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102252, #2018100410000056).
  • Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102457, #2018100510000036).
• Greenbone OS:
  • Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102832).
  • Minor bugfix: During upgrade a uneeded additional information dialog appeared (#102833).
• Vulnerability Scanning:
  • Improved consideration of UDP services (80572, #2017090110000021).

4.2.22 (2018-10-15):

• Vulnerability Management:
  • Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones (#101817).
  • Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102649, #2018101010000026).
  • Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#101276).
  • Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101658).
  • Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers (#101653, #2018072710000037).
• Greenbone OS:
  • Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#83793, #2017112310000029).
  • Bugfix: Adding a custom IPv4 route caused a problem. Previously configured custom routes were not affected (#102289, #2018100510000054).
  • Minor Bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102837).
  • Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102829).

4.2.21 (2018-10-04):

• Greenbone OS:
  • Release switch to GOS 4.3 opened for GSM ONE. Please first upgrade to GOS 4.2.21 before switching to GOS 4.3 (#101440).
  • Maintenance update of base system. This especially includes a maintanance update of the database management system (#102250).
  • Minor bugfix: For hardware appliances, the boot-loader was updated only after first patch level update (#95566).

4.2.20 (2018-09-14):

• Vulnerability Management:
  • Extensions: New option to add delta reports to alerts. The configuration of an alert is extended with the option to create a delta report first and then apply the actual alert method. This essentially means, not the report of the task is used for subsequent processing but rather the delta report (#95423, #22348, #45442, #2014121610000019, FS-180523-4304).
  • Improvement: The database cache was optimized for scan reports. This improves the performance for some scenarios with master-sensor setup and big scan reports (#88902, #2018030710000019).
  • Bugfix: In rare situations it was possible that the database management system starts to become very busy and consumes all of the RAM. It is regarded a database bug because with GOS 4.3 (which includes a DBMS update) this is not reproducable. The bugfix solves the problem for GOS 4.2 for the lab test cases (#99585).
  • Bugfix: The scan configuration “System Discovery” was not reporting details on operating systems, now it does (#94398, #2018060710000031).
  • Bugfix: extreme large content of reports triggered a XSL transformation error when generating a report (#92618, #2018050810000022).
  • Bugfix: The operations “Apply to selection/filter” for creating a target from host assets were creating empty targets (#98482, #2018072710000037).
  • Bugfix: For tags the filter element “orphan” caused an error (#97694, #2018071810000045).
  • Minor bugfix: It was possible to delete a report format plugin although it is configured for a vernice.pro alert (#98054, #2018071910000034).
  • Minor Bugfix: Web-based creation of external scanners failed for some types (#95812).
• Greenbone OS:
  • Minor bugfix: Invalid guest user account caused traceback message (#100916).
  • Minor bugfix: When uploading a non-certificate file when a certificate is expected, a traceback message occured (#95694).

4.2.19 (2018-08-24):

• Vulnerability Scanning:
  • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#91015, #2018061410000036, #2018082210000035, #2018082010000011, #2018081710000036, #2018081710000018, #2018053110000023)

4.2.18 (2018-06-14):

• Vulnerability Management:
  • Bugfix: The Web-UI service, if running for a longer time at a short refresh interval (30s) for special pages and possibly in multiple browsers tabs, could sum up to a low memory problem on the appliance which in turn might have caused other problems such as repsonsiveness and availability (#93126).
  • Bugfix: In the Web-UI in detached charts, the sorting was not copied over to the filter and thus the charts looked different compared to the embedded ones (#91416).
  • Bugfix: The asset IDs for host assets in the results were not correct and thus the links to the asset management pointed to the same asset for an entire report (#94285, #2018060510000044).
  • Bugfix: Adding user tags to SecInfo objects caused an internal error during saving (#91176, #2018041210000061).
  • Bugfix: IPv6 addresses were not accepted in the host entries in the edit user dialog (#92887, #2018042710000051).
  • Minor improvement: The target details were not abbreviating the target which could lead to very long entries if for example 1000 single IPs were imported. The Web-UI view is now abbreviating the content, the XML export of course still contains all data (#88918).
  • Minor Bugfix: In the PDF report summary section some special characters were not escaped properly (#92022).
  • Minor Bugfix: The GMP command get_reports, when applied for delta reports, did not work with empty filters (#88462).
  • Minor Bugfix: After uploading a LDAP certificate, the Web-UI redirected to task overview instead of remaining on LDAP configuration page (#88900).
  • Minor Bugfix: Improvements to the german online help of the Web-UI (#88411).
• Greenbone OS:
  • Extension: The support package is extended with more system status information about the GSM to allow for a better analysis. The technical specification of the Greenbone Support Package (GSP) was updated accordingly to the status of 2018-06-04, see here for GSP specification (#88046, #93047, #93051).
  • Extension: New option to configure a web proxy for each connected scan sensor. This allows a master GSM to control its sensors through a http proxy instead of a direct connection (#93128, FS-180530-4837)
  • Extension: When accessing the Web-UI via a reverse proxy which defines a high number of keep-alive requests, this could exceed the default maximum number of concurrent connections of the Web-UI and thus lead to HTTP error code 503. To cope with such a situation where the proxy can not be re-configured, the GSM now allows to change the per-ip connection limit via internal GOS setting ‘per_ip_connection_imit’ (#84890, #2017122210000029).
  • Bugfix: When downloading a support package from the GSM, and in case more than one interface was configured, the information dialogs showed the wrong URL for the download (wrong IP address) (#90788, #2018040610000019).
  • Bugfix: The interface configuration naming for GSM 5300/6400 was for some cases inconsistently enumerated (#91287, #2018041110000045).
  • Minor Extension: Sudden power outage could lead to orphaned temporary database tables. This has no negative effect, but it will cause log messages until the orphaned tables are removed. An advanced opportunity was added to allow the removal of the orphaned tables in coordination with the Greenbone Support team (#88047).
  • Minor improvement: Moving NVT files inside the feed caused warning messages in the log. Since this is actually a normal thing to happen, it will not show up anymore as a warning (#89502).

4.2.17 (2018-05-12):

• Vulnerability Management:
  • Bugfix: In case of comprehensive use of permissions and overrides the “Add Override” function triggered a significant amount of cache operations which slows down the system. This is avoided/optimized now (#92616, #2018050710000024).
• Greenbone OS:
  • Bugfix: Upgrading sensors via master automatically can be faulty with 4.2.16 (new brainpool signing key). This fixes the problem for automatic update and also the manual update trigger (#92722).
  • Extension: The magic SysRq keys are now active for the unlikely event of a system panic situation. This can help for example to shut down the system cleanly and protect filesystem integrity (#91726).
  • Extension: In case of filesystem damages (for example due to a sudden power outage) the filesystem repair system at boot time will now propose to reboot always after repairs happened. We highly recommend to not cancel the recommended procedure of the system (#91005).

4.2.16 (2018-05-03):

• Greenbone OS:
  • Bugfix: Expirey of signature key: The new brainpool key so far was only activated for NVTs, but not yet for GOS updates and new flash images. The old key expires on May 15th 2018. You must update to 4.2.16 prior to this date. Once beyond this date, GOS updates will not be possible anymore until a manual import of the new key is done (#92019, #92273, #92274, #92336, #76935).
  • Extension: Next to the already available http upload option, it is now optionally possible to paste a new signing key via clipboard into a text entry (#92409).

4.2.15 (2018-04-13):

• Vulnerability Management:
  • Bugfix: Combining alerts with severity-based conditions could set a task connected with such an alert to Internal Error (#91095)
  • Improved dialog for new password (#89444, #2018031510000031)

4.2.14 (2018-04-10):

• Vulnerability Management:
  • Extension: Search functionality for LDAP-based authentication by extending to use not only the DN, but also the uid attribute in the LDAP schema, and performing an LDAP search to get the DN (#57286, #75012, FS 171117-0939-UID-attribute-for-LDAP-Login).
  • Extension: A new alert method was added to send scan reports to a Tipping Point SMS (#82703, FS-171117-0551-alert-for-tipping-point).
  • Improvement: The response time for opening the details dialog for a single scan result was significantly shortened. We measured factors of up-to 100 times faster response (#86913).
  • Improvement: Extended coverage of chinese translation of Web UI (#86876).
  • Bugfix: Auto-generated credentials of type ssh-key were not working properly when scanning via sensors (#89728, #2018030810000026).
  • Bugfix: Under certain conditions it was possible that starting a scan while the feed update is running led to a task hanging in status “Requested” (#83713, #88787, #2018030610000021).
  • Bugfix: On some GSM models importing of Scan Reports could fail and raise an Internal Error dialog (#86914).
  • Bugfix for SMB alert: The placeholder “%F” is now replaced by the chosen filetype (#85434, #2018010810000021).
  • Bugfix: When deleting a user who distributed permissions, there was no warning and no option to let objects be inherited. The objects were simply deleted and not available anymore or the other users (#88321).
  • Minor bugfix: In certain situation with distributed read permissions, clicking on the hosts for a report resulted in an empty page instead of a permission denial message (#55350).
  • Minor bugfix: For schedules, the calendar editor did not allowto shift months backwards (#86730, #2018012910000017).
  • Minor bugfix: When leaving one of the password entry fields empty in the dialog “My Settings”, an internal error was raised. Now a helpful message explains the input error (#86736).
  • Minor bugfix: The report format “LaTeX” was missing some newlines around “rowcolor” (#86785).
  • Minor bugfix: For plain new databases, re-order the sequence of creating database functions to avoid undefined situations. This bug had no effect for any regular shipped GSM, thus minor (#88876).

• Greenbone OS:
  • Extension: Custom routing can now be configured explicitly via GOS menu for non-virtual GSM models. The new menu “Routes” under “Setup”/”Network” allows the configuration of IPv4 and IPv6 routes. The configuration is not per interface, rather the system will automatically pick the best route if any interface can reach the target network. There is also a warning about trying to configure a route to unreachable network. Some advanced routing still has to be done via Expert Mode, but the most common cases can now be configured via menu. Expert Mode and new Routes configuration cannot be applied concurrently (#89505).
  • Minor extension: The support package now also collect log information about user data import and system data import (#84847).
  • Bugfix: The configuration of VLANs in combination with DHCP was not consistent in all cases (#85213).
  • Bugfix: The configuration of DNS via menu after activating Network Expert Mode did not become active (#86503).
  • Minor improvement: In some migration scenarios a headless setup is desirable and this improvement makes a headless setup more flexible (#82206, #81119).
  • Minor bugfix: A non-relevant log message (“assertion” warning) when accessing a task was fixed. It occured only under certain conditions (#71011).
  • Minor bugfix: Removed a misleading entry from the internal boot menu (#86379).
  • Minor bugfix: Fixed a typo in the menu (#88911).

• Vulnerability Scanning:
  • Extension: Introduce a “wait between requests/probe” option for scanning. Scanning “critical infrastructures” components have shown the need for waiting time between network probes. Such devices can have a quite fragile TCP/IP stack and can’t handle parallel and/or multiple subsequent network requests. Outages of the network communication with other connected devices can be the result. This change does not affect any defaults. It is an additional option for the Scan Config and a new Scan Config should be created when desired to apply this setting. However, note that acivating this naturally makes the scan take longer (#86582, FS-180125-3444-wait-between-probes-in-scanner).
  • Extension: The internal scan scheduler was extended with the ability to consider regular expressions for pre-conditions to launch NVTs. This enables the GSF development team to make NVTs smarter. It is planned to apply this feature in the feed very soon and improve performance for some scan scenarios, mainly authenticated scans of Linux systems will benefit (#88402, FS-180111-2416-NASL_mandatory_keys_with_re).
  • Bugfix: It was possible that some NVTs were launched for situations where they did not match the situation (presumed open ports). The fix has a slight positive effect for the scan performance (#89733).
  • Bugfix: In some situations many unneeded internal signature verifications were executed and could slow down scanning. This is a regression that was introduced in 4.2.13 (#89294).

4.2.13 (2018-03-14):

• Scanner:
  • Bugfix: Randomly some NVTs were not accepted during feed update or during startup at the first attempt. In many cases the Scanner was able to overcome the situation on its own, but in a few cases the problem becomes severe. This bugfix resolves the problem at its root (#88860).
  • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88187).

4.2.12 (2018-03-03):

• Greenbone OS:
  • Bugfix: The comprehensive changes of 4.2.11 introduced a bug for the feed update for updated NVTs leading to invalid hash sums. (#88630).

4.2.11 (2018-03-01):

• Greenbone OS:
  • Performance: The duration of starting up the scanner and the duration for updating the NVT feed was accelerated significantly. We measured up-to a factor of 30. This comprehensive change became necessary for the migration of the GSM 500/510/550 models to GOS 4.2. All other models were able to cope with the demands of the modern GOS 4.2 before, but will benefit from this acceleration. (#86323).
  • Feature: The menu for log vview was added for the models GSM 25, GSM 25V and GSM ONE. (#83489, #2017112410000018, FS-171220-0411-logging-menu).
  • Robustness: In case the scanner runs into a severe problem that prevents to continue his job for whatever reason, the scanner is restarted after one minute. (#86734).

4.2.10 (20108-01-19):

• Vulnerability Management:
  • Updated GSR HTML: The new version 0.4 adds the new section “TLS certificates”, sort indicators in table header, expand/collapse for all details of a table and total/average summary to some of the tables. Apart from some further smaller improvements, the resulting size of a report file is reduced. The level of reduction depends very much on the actual content. The best value we measured was a reduction by 70% (#84502, #75109, #2017063010000043).
  • Change in power filter for performance improvement and consistency: The power filter will now search only for text columns for terms that do not refer to a specific column. This means that filters with a plain generic keyword that could be interpreted as a number (for example “6.4” or “212.10”) can produce less results (actually being more adequate). If for example explicitely a severity of 6.4 should be filterd, use “severity=6.4” (#82377, FS-171129-1004).
  • Extension: The Web-UI offers an updated German translation and and also a new and complete Arabic translation. (#81116).
  • Improved GSR PDF: In special situations, inconsistent fonts were applied for results. Also long CPE names are better treated in the section “Top 10 Applications” (#83830, #2017120510000016, #82546, #2017111010000026).
  • Improvement for Web-UI consistency: The refresh drop down menu is no longer displayed on pages where it was non-interactive before (#80470).
  • Extension: The details dialog for a CERT-Bund advisory now displays the advisory version if available. (#83965).
  • Bugfix: The feedback button for Greenbone Support in the details dialog for results was missing and is now re-added (#84564).
  • Bugfix: When creating a Credential, for special types this caused an error and the credential was not created (#84509).
  • Bugfix: In case a schedule was configured in a special way, it caused an internal error and schedules for tasks were reset (#84889, #2017122210000011).
  • Minor bugfix: Typo in task wizard dialog. (#80048)
• Greenbone OS:
  • Security bugfix: Although Greenbone OS did not expose an attack vector for Meltdown, the respective kernel updates are now adopted. These kernel changes affect performance in general. Our tests have shown little, but in some cases with high I/O a performance reduction of a few percent. We found no scenario with severe impact but we ask our customers to report about them to our support team in case it happens. We apologize for the Meltdown impacts, but we share this problem with virtually any other vendor (#85433, #85701).
  • Improved robustness of setup wizard regarding upload of a subscription key: It becomes easier to retry again after uploading wrong files or in other way invalid keys (#81615).
  • Extension: It is now optionally possible to activate encryption for the SysLog configuration (#65388, #2016121610000015).
  • Bugfix: For certain values for the VLAN configuration it was possible that an internal error occurred (#84334).
  • Bugfix: The log view for scanner modules stopped working after a log rotation (#85432, #2018010510000053).
  • Minor bugfix: Window title for VLAN configuration (#84335).
• Vulnerability Scanning:
  • Bugfix: With each feed update the scanner consumed more memory due to a memory leak. Over time this resulted in performance reduction and subsequent effects. A reboot of the system solved the problem for a while. The memory leak is now resolved (#85977, #85073).
  • Change: The scanner preference “log_whole_attack” is not available anymore in Scan Configurations. This is actually a debugging feature and (unintended) massive use can cause unwanted side-effects. The debug feature can now be activated via GOS CLI and GOS will warn about the use during selfchecks (#83199, #83171, #2017111710000031).
  • Minor bugfix: A bug in the internal programming language for NVTs was fixed (#84584).

4.2.9 (2017-12-19):

• Web-Oberfläche und GMP:
  • Bugfix: Unter seltenen Umständen ist die Web-Oberfläche und GMP nach eine Migration von GOS 3.1 nicht verfügbar. Eine manuelle Reaktivierung ist möglich, aber dieser Bugfix automatisiert es (#84586, #2017111510000026).

4.2.8 (2017-12-15):

• Web-Oberfläche und GMP:
  • Performanz-Verbesserung: Bei sehr großen Host- und OS-Zahlen sind die Abfragen im Asset-Management nun schneller (#82376).
  • Bugfix: Falls eine Aufgabe ein spezielles Zeichen im Titel enthielt so konnten dazu keine Ergebnis-Abfragen mehr erfolgen (#83717, #82474, #2017112710000076).
  • Erweiterung: Für den Alarmierungs-Typ “EMail” kann der Titel nun 160 Zeichen anstatt 80 enthalten und die Textvorlage voreingestellt 2048 anstatt 1024 (#83170, #2017102510000018).
• Web-Oberfläche:
  • Bugfix: Beim Bearbeiten einer Aufgabe konnte es vorkommen, dass Änderungen mit Schließen des Dialogs nicht übernommen wurden (#83827, #2017111410000073).
• Scanner:
  • Bugfix: Bei intensiven Scans konnte es nach einige Zeit dazu kommen, dass der Scanner zu viel Hauptspeicher verbraucht hat und ein Neustart des GSM notwendig war(#83892).

4.2.7 (2017-12-04):

• Web-Oberfläche und GMP:
  • Bugfix: Die Gesamtzahl bei den Scan-Ergebnissen hatte die Fehlermeldungen beinhaltet. Diese werden nun nicht mehr mitgezählt (#83476, 2017112310000056).
  • Migration von Report Format Plugins: Bei der Migration von GOS 3.1 nach GOS 4.2 werden alle Report Format Plugins deaktiviert die nicht zum Systemstandard gehören. Bitte beachten Sie die Hinweise zur Migration bevor sie diese wieder aktivieren (#75449).
  • Bugfix: Der Fortschrittbalken für Scans konnte negative Werte annehmen falls zuvor spezielle Einstellungen auf GOS-Ebene gemacht und wieder zurückgestellt wurden (#80284).
  • Bugfix: Unter speziellen Umständen konnte das Zurücksetzen des Powerfilters im klassischen Asset Management zu einer Fehlermeldung führen (#80291).
  • Bugfix: Für den Abschnitt Ports des Report Browsers wurde die Filter-Einstellungen für Übersteuerungen und QoD nicht beachtet (#81947).
  • Bugfix: Es kam zu einem Internal Error wenn bei bestimmten Umständen ein fehlerhafte Powerfilter verwendet wurde (#78351, #2017082910000033).
  • Bugfix: Die automatisch erstellten Credential-Installationspakete für Windows haben für Windows 10 nicht funktioniert (#81894, #2017101810000013).
  • Kleine Verbesserung: Bei der Verwendnung nicht existierender UUIDs für Reports via GMP gab es eine irreführende Fehlermeldung (#82301).
  • Kleine Verbesserung: Sollte ein Sensor während einer Performanzanfrage nicht verfügbar sein, ist die Fehlermeldung nun passender definiert (#78870).
  • Bugfix: GSR konnte bei bestimmten Inhalten der Scan-Ergenisse kein Dokument erstellen (#82601, #80179, #2017111310000057).
  • Verbesserung: Der GMP Dienst wurde für besonders schnelle Zugriffe verbessert (#66155).
  • Bugfix: Das Filterelement “sort-reversed” konnte nicht mit Delta-Reports kombiniert werden (#80472).
  • Bugfix: In sehr seltenen Fällen konnte aufgrund spezieller Scan-Resultate Probleme mit der Datenbank entstehen (#82215, #2017110110000016).
• Web-Oberfläche:
  • Bugfix: Bei der Zuordnung von Gruppen zu Benutzern wurde unter bestimmten Umständen die Aktion fälschlicherweise verweigert (#76830, #2017072810000046).
  • Bugfix: Bei bestimmten Click-Abfolgen konnte es vorkommen, dass das Powerfilter-Elemente “rows” fälschlicherweise auf “-1” gesetzt wurde (#80192).
  • Verbesserung: Die fortgeschrittenen Task-Wizards stellen nicht mehr das das Refresh-Inverall um (#65521, #2016122110000014). * Verbesserung: Einige deutsche Üersetzungen wurden verbesserte bzw. nachgeholt (#80990, #2017101310000013).
• GOS-Admin:
  • Verbesserungen für die Migration der Anwenderdaten von GOS 3.1 nach GOS 4 (#83008, #80131, #82543).
  • Bugfix: Bei der Master-Sensor-Konfiguration kam es unter bestimmten Umständen zu Fehlern wenn mindestens ein Sensor für Port 9390 konfiguriert wurde (#81607, #2017102310000058).
  • Verbesserung: Beim Management der Logdaten wurden diese zu lange aufbewahrt (#83234).
  • Verbesserung: Im Falle von erheblichen System-Fehlern ermöglicht ein sog. Failsafe-Modus in einen Minimalzustand zu gehen um das System zu analysieren oder zu reparieren (#81798).
  • Verbesserung: Der Selfcheck von GOS-Admin-Menu prüft nun auch auf RAID-Fehler (GSM 5300/6400) (#82208).
  • Kleiner Bugfix: Es tauchten einige unnötige Fehlermeldungen für “gsad” im log auf (#80050).
  • Kleiner Bugfix: Fehlermeldungen beim starten des LCD-Anzeige Moduls (#81298).
• Scanner:
  • Bugfix: Es konnte unter bestimmten Umständen vorkommen, dass bei einem authentifizierten Scan via ssh auf dem Zielsystem Scan-Prozesse nicht abgebrochen wurden auch wenn der Scan gestoppt wurde. (#38015, #82704, #2017111410000019).
  • Verbesserung: Diverse Log-Meldungen des Scanners wurden für eine bessere Problemanalyse erweitert (#73002).

4.2.6 (2017-11-03):

• Web-Oberfläche und OMP:
  • Bugfix: Tags auf die andere Anwender Lese-Recht hatten wurden nicht dargestellt. Das galt sogar auch für den superadmin (#80132, #2017092810000033).
  • Bugfix für GSR/GXR: Die Summen zum Schweregrad von Hosts im PDF Bericht waren nicht immer konsistent (#80951, #2017101110000017, #80466, #2017100410000085).
  • Bugfix für GSR HTML: Der HTML Bericht hat eine leere Seite angezeigt wenn man ihn mit dem Web-Browser IE geöffnet hat (#79585).
  • Verbesserung zum Import von Scan-Reports: Der Import-Vorgang läuft nun im Hintergrund und blockiert dadurch nicht mehr die Datenbank (#80988).
  • Verbesserung: Die Performance der Tabelle Scans->Results wurde verbessert (#80124, #80115).
  • Kleinerer Bugfix für GSR: In seltenen Fällen hatte der Text zu Scan-Details einen falschen Font im PDF verwendet und konnte nicht alle Sonderzeichen korrekt darstellen (#65007, #2016120810000012, #67100, #2017020110000015).
• Web-Oberfläche:
  • Bugfix: Bei Verwendung des Web-Browsers Chrome waren Schaltflächen für Bulk-Aktionen nicht sichtbar (81301, #2017101710000033).
  • Bugfix: Bei Verwendung des Web-Browsers IE haben einige Schaltflächen nicht auf einen Mausklick reagiert (#80418, #2017100410000067).
• GOS-Admin:
  • Geändertes Verhalten von Zeitplänen: Wird ein GSM nach längerer Ruhe-Phase wieder eingeschaltet, dann werden nur noch diejenigen Aufgaben gestartet welche in den letzten 60 Minuten verpasst wurden. Alle Zeitpläne die vor mehr als einer Stunde verpasst wurden, werden nicht mehr ausgeführt. In den Versionen vor 4.2.6 wurden beim Einschalten eines GSM alle verpassten Aufgaben gestartet, bei eingestelltem Intervall aber natürlich nur einmal (#81839).
  • Neues Menü zur Anzeige des HTTPS Zertifikats und Fingerprints: Die Menüpunkte “Fingerprints” und “Show” wurden zum Menü Setup/Services/HTTPS hinzugefügt (#78214).
  • Bugfix für SysLog: Bei Verwendung von Sonderzeichen in der Konfiguration des SysLog Dienstes konnte diesen Dienst deaktivieren (#81163).
  • Interne Erweiterungen zur Kontrolle des Verhaltens von Zeitplänen um ungestört Wartungsarbeiten durchführen zu können (#81801).
  • Interne Erweiterung zur Kontrolle von Abbrüchen von Web- und SQL-Anfragen um die Performance entsprechend zu beeinflussen (#70226, #81895).
  • Interne Erweiterung zur Kontrolle des Hauptspeicherverbrauchs um die Auslagerung auf die Festplatte (swap memory) zu vermeiden (#81837).
  • Bugfix: Im Falle eines plötzlichen Stromausfalls laufen beim nächsten Systemstart einige Rekonstuktions-Routinen um mit möglichen Schäden am Dateisystem umzugehen. Unter bestimmten Bedingungen hat das dazu geführt, dass man Fehler-Meldungen bei der Anmeldung erhielt, weil das Log-System schon benutzt wird bevor es wiederhergestellt werden kann (#81208, #2017101610000062).
  • Bugfix: Im Falle eines plötzlichen Stopps der Datenbank wird der GMP Dienst nun nicht mehr automatisch ebenfalls wegfallen (#80566, #2017100610000027).
  • Verbesserungen des Support-Pakets (#73641, #81306, #81307, #81308).
  • Verbesserung: Für GSM Modelle 5300/6400 zeigt das LCD-Display nun auch den RAID Sync-Status (#80051).
  • Kleinere interne Verbesserungen zur Vermeidung missverständlicher Log-Meldungen zu “redis” (#76132).
  • Kleinere Verbesserungen: Verschiedene Begriffe, Namen und Erklärungen im GOS-Admin-Menu wurden verbessert bzw. konsistenter gestaltet (#80052, #78620, #79216, #80185, #79521, #80114, #80414, #80570).
  • Interne Verbesserungen (neuer Signtur-Schlüssel, EFI, Kernel) (#73818, #78139, #80112, #81117, #72047, #81003, #73487).
• Scanner:
  • Performance-Verbesserung: Für einige Scan-Szenarien (wenige NVTs, viele Zielsysteme, reverse lookup) sind die Scans nun spürbar schneller (#77776).
  • Verbesserung bei der Authentifizierung beim Scannen von Windows-Systemen (#78621, #81111, #201709051000003).
  • Bugfix: Bei speziellen temporären Ressourcen-Problemen kann sich der Scanner nun selbst wieder in einen funktionalen Zustand versetzen (#78711).
  • Anpassung von Performance-Einstellungen bei den GSM Modellen 400, 500, 510 und 550 um Situationen mit sehr hoher Last besser zu handhaben (#81614).

2015-01-26: Greenbone OS 3.1

Current Patch Level: 3.1.48 (2018-09-05)

Lifecycle Status: Obsolete

• Vulnerability Scanning:
  • Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#100238, #2018082010000021)

3.1.47 (2018-03-13):

• Greenbone OS:
  • Improvement for Migration to GOS 4 to allow a headless reboot (#88557).
  • Add public part of new upcoming Brainpool ECC feed signing key (#78138).
• Scanner:
  • Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88919).
  • Improvement: Prepare for handling upcoming Brainpool ECC feed signing key (#77601).

3.1.46 (2018-01-06):

• GOS-Admin:
  • Bugfix: Download von GOS 4.2 Image nun immer korrekt bei GSM 5300 (#85212).
  • Verbesserung: Letzte Vorbereitungen für die Migration der Modelle GSM 500/510/550 (#84855).

3.1.45 (2017-12-29)

• Web-Oberfläche:
  • Bugfix: Es war nicht möglich neue Zeitpläne anzulegen die im Jahr 2018 starten (#85036, #2017122810000018).

3.1.44 (2017-12-15)

• GOS-Admin:
  • Verbesserung für Migration von GSM 25 und 100 auf GOS 4.2: Je nach BIOS/EFI/Firmware-Status kann es sein, dass eine Migration manuelle Schritte erfordert. Diese Verbesserung behebt einige Fälle davon. (#83790, #83964).
  • Verbesserungen für Migration von GOS 3.1 auf GOS 4.2 von Midrange und Enterprise-Modellen (#83894, #83788, #80288).

3.1.43 (2017-11-30):

• GOS-Admin:
  • Verbesserung: Während des Upgrades von GOS 3.1 auf 4.2 beim GSM 100 bootet das System nach dem Flash-Update nun automatisch in das GSM Installations System. Damit entfällt ein manueller Schritt der Migration (#83619).
  • Erweiterung: Für die anstehende Freigabe der Migration von GSM 25 auf GOS 4.2 wurde die automatische Übernahme der System-Konfiguration hinzugefügt (#81118).

3.1.42 (2017-11-17):

• GOS-Admin:
  • Aktivierung des Upgrade-Menüs für GOS 4 im GOS-Admin-Menu. Das eigentliche Upgrade kann erst dann erfolgen wenn für das betreffende GSM Modell ein Flash-Image auf dem Greenbone Feed Server bereit steht. Den Anfang macht der GSM 100 am 20. November. Die Verfügbarkeit eines jeden Modells wird über den Greenbone Newsletter bekannt gegeben (#80049).

3.1.41 (2017-09-05):

• Web-Oberfläche und OMP:
  • Bugfix: Bei den zeitgesteuerten Scan-Aufgaben konnte es passieren, dass die Aufgaben nicht entsprechend des eingestellten Zeitplans ausgeführt wurden oder mehrfach ausgeführt wurden (#77726, #2017062610000015, #78080, #2017071810000038).
• Scanner:
  • Änderung des Scan-Verfahren für authentifiziertes Scannen von Windows-Systemen: Eine ausgetauschte Protokoll-Ebene erlaubt nun das Scannen für sämtliche Konfigurations-Kombinationen von SMBv1 und SMBv2. Es gibt zudem keine Situationen mehr bei denen der Scanner auf volatile Agenten zurückgreifen muss um den Registry-Dienst ansprechen zu können (#61498, #77109).

3.1.40 (2017-08-05):

• Web-Oberfläche und OMP:
  • Workaround: Bei intensiver Kombination von Berechtigungen und Übersteuerungen kann das Bearbeiten oder Löschen zu einem längeren Cache-Aufbau führen. Dies kann sich durch multiple Aktionen aufsummieren. Mit der neu hinzugefügte persönliche Einstellung “Auto Cache Rebuild” kann der Cache-Aufbau temporär abgeschaltet werden um viele Aktionen schnell hintereinander ausführen zu können (#76403, #2017071810000038).

3.1.39 (2017-07-03):

• Web-Oberfläche und OMP:
  • Bugfix für das Bearbeiten eines Ziel-Objektes mit vielen Host-Einträgen oder mit Syntaxfehlern. Damit wird auch in der Web-Oberfläche die Limitierung auf 2000 Zeichen aufgehoben (#73059, #64285, #2017051910000049, #2016110210000061).
  • Verbesserung für Slave-Passworte: Einige spezielle Sonderzeichen dürfen nun verwendet werden (#72910, #2017050810000079).
  • BugFix für Super-Admin: Dieser hatte keine Schreib-Berechtigung für Notizen und Übersteuerungen von anderen Benutzern (#65028).
  • Bugfix: Unter bestimmten Bedingungen konnte es vorkommen, dass während eines Feed-Updates Scan-Aufgaben nicht gestoppt werden konnten (#63837, #2016101710000044).
  • Performanz-Verbesserung: In der Kombination von Notizen/Übersteuerungen und Aufgaben-Berechtigungen an andere Anwender wurde das Erstellen und das Bearbeiten beschleunigt (#73961).
  • Bugfix: Beim gleichzeitigen Start einer großen Anzahl an Scans konnte es dazu kommen, dass einige Scans blockiert wurden (#74876, #2017061910000047).
• GOS-Admin:
  • Weitere Vorbereitungen für das Upgrade von GOS 3.1 auf GOS 4 (#74401, #73429).
• Scanner:
  • Performanz-Verbesserung: Speziell für große Scans konnte es zu Latenz-Effekten kommen, inbesondere wenn sehr viele HTTP-Seiten gleichzeitig gescannt wurden. Durch Optimierungen laufen solche Scans nun um ca. 3% schneller und verbauchen dabei um ca. 20% weniger CPU-Zeit. Auch Latenz-Effekte sind damit reduziert (#71135).

3.1.38 (2017-06-20)

• Web-Oberfläche und OMP:
  • Sicherheits-Bugfix: Es war möglich mit einem angemeldeten Benutzer die Netzwerkinterface-Einstellung von den Aufgaben anderer Benutzer zu löschen. Die Modelle GSM ONE und 25V waren nicht betroffen (#74682).
  • Performance-Verbesserung: In der Kombination von Übersteuerungen und Aufgaben-Berechtigungen an andere Anwender wurde das Caching der Übersichten zu Aufgaben/Ergebnissen optimiert. Anstatt den Cache erst bei Bedarf zu erstellen wird er nun automatisch beim Anlegen neuer Berichte und vor allem beim Anlegen neuer Übersteuerungen aktualisiert. Damit ist die erste Anmeldung nach Änderungen von Übersteuerungen oder Berichten nun wesentlich schneller. Das Problem trat nur bei Benutzerkonten auf die nicht Eigentümer der Scandaten sind (#73961, #72048, #68483, #2017042710000044).
  • Bugfix: Bei Zugangsdaten die für authentifizierte Scans für Windows verwendet wurden, konnte das Euro-Symbol nicht im Passwort verwendet werden (#47080, #2015022010000055).
  • Bugfix: Wenn man einen HTML Report in MS Word importiert, konnte es zu Font-Problemen kommen (#67606).
  • Bugfix: Zeitpläne wurden mehrfach ausgeführt wenn sie in eine Zeitumstellung (Sommer/Winter-Zeit) fielen (#70613, #2017040510000022, ##2017040310000017, #2017041010000058, #2017041210000018,#2017041310000061).
  • Bugfix: Unter bestimmten Umständen konnte es beim Bearbeiten eines Powerfilters zu einer Fehlermeldung bzgl. “saver_filter_omp” kommen (#70093, #2017032910000024)
  • Änderung der Auto-Delete Einstellung für Reports bei den Aufgaben: Das bisher erlaubte Minimum wurde von 5 auf 2 reduziert (#66470, #2017012310000011).
• GOS-Admin:
  • Weitere Vorbereitungen für das Upgrade von GOS 3.1 auf GOS 4 (#67409, #66266, #65983, #66348, #65984, #66267, #66268, #73642).
• Scanner:
  • Bugfix: In einigen Fällen hat ein einzelner Test das definierte Timeout überschritten und konnte bis zu 60 Minuten laufen (#67838).
  • Kleiner Bugfix: In sehr seltenen Fällen konnte bei der Ausführung eines NVTs ein interner Fehler im Scanner auftauchen (“invalid next size”) (#48814).

3.1.37 (2017-02-21):

• Web-Oberfläche und OMP:
  • Performanz-Verbesserung für die Kombination von vielen Übersteuerungen mit Rollen-basierter Rechtevergabe (#67958).
  • Performanz-Verbesserung bei großer Anzahl von LDAP-authentifizierten Benutzern (#67318).
  • Verbesserungen: Dokumentation, Logging und Funktionsweise für den Benachrichtigungstyp “SCP” (#64696).
  • Bugfix: Die Auswahl der Report Format Plugins für die Benachrichtigung “SCP” wird nun korrekt berücksichtigt (#64862, #2016112410000065).
  • Bugfix: Zeitpläne mit einem Invervall größer als ein Monat wurden maximal monatlich ausgeführt (#65010, #2016120810000021).
  • Bugfix: Ein Zeitplan mit monatlichem Interval wurde nach dem Lauf von der Aufgabe entfernt falls keine Laufzeit angegeben wurde (#64362, #2016100610000065).
  • Verbesserung: Das Report Format Plugin “CSV” schützt nun zusätzlich Anführungszeichen innerhalb von Zeichenketten (#64678).
  • Kleiner Bugfix: In sehr seltenen Fällen wurde intern der Zeitstempel eines Feed-Status nicht korrekt verarbeitet (#66146).
• GOS-Admin:
  • Verbesserung: Es ist nun möglich jederzeit via Master ein Zertifikat eines Sensors zu aktualisieren. Dies ist nun Teil von “Reset all sensor certificates” (#51245, #51242, #2015072710000015).
  • Kleiner Bugfix für seltene Fälle bei der Migration zu GOS 4 (#67094).
• Scanner:
  • Verbesserung: Erkennung von speziellen Host-Namen in TLS-Zertifkaten (#64997).

3.1.36 (2016-12-23):

• Web-Oberfläche und OMP:
  • Erweiterung: Neues Verince-Tag “gsm_system_Windows_Embedded” (#63875, #2016102010000074).
  • Verbesserung: Das Stoppen von Scans wird nun stärker durchgesetzt. Zugunsten eines schnelleren Abbruchs erhaten die Scan-Jobs weniger Zeit ihre aktuelle Aktivität zu beenden. Diese werden dann erst wieder aufgenommen sollte der Scan die Anweisung erhalten fortzufahren (#63832, #63830).
• GOS-Admin:
  • Bugfix für GSM 5300/6400: Bei einem System-Backup wurden keine dazu passenden Meldungen ausgegeben (#60020).
  • Verbesserung: Für das USB-Airgap Verfahren wurden die Meldungen auf dem LCD-Display angepasst (#64635).
  • Kleiner Bugfix: Interne Log-Rotation für Scanner-Logs wurde so angepasst, dass sie auch bei Feed-Updates durchgeführt wird (#60130).
  • Interne Vorbereitungen für eine Migration auf GOS 4 (#64848).
• Scanner:
  • Erweiterung um Unterstützung von TLS-SNI (#61661, #64588. #2016080410000019).

3.1.35 (2016-10-27):

• Web-Oberfläche und OMP:
  • Performanz-Verbesserungen: Die Ergebnis-Ansicht bei großen Datenmengen wurde beschleunigt, darunter auch für das Anlegen von Notizen und Übersteuerungen. Ebenso wurde die Host-Ansicht beschleunigt (#63767, #62927).
  • Erweiterung des Limits für Ergebnisse des voreingestellten Email Filters von 1000 auf 2000. Ab GOS 4 fällt eine Limitierung weg (#62290, #2016070510000019).
  • Bugfix: Verinice GSM Tags für verschiedene Windows-Versionen wurden korrigiert (#63044, #2016092610000021).
  • Bugfix: Beseitigung kleiner Fehler bei den automatisch generierten Credential-Paketen für Windows (#59700, #2016053110000018).
  • Bugfix: Fehlermeldungen tauchen nicht mehr zusätzlich unter den regulären Ergebnissen auf, sondern nur noch im Abschnitt “Fehlermeldungen” (#62937).
  • Kleiner BugFix: NVTs dürfen nun auch das Zeichen “&” im Namen haben (#63643).
  • Kleine Verbesserungen GSR: Formatierungen bei den Ergebnis-Details kommen nun mit mehr Sonderfällen zurecht (#57213, 2016022610000024).
  • Kleine Verbesserung: Scan-Config Parameter “unscanned_closed” und “unscanned_closed_udp” verwenden nun das gleiche Eingabeelement im Dialog (#62929).
• Web-Oberfläche:
  • Bugfix: Einige Verweise hatten inkonsistente Filter bzgl. Diagrammen und Tabellen zur Folge. Die Berücksichtigung des QoD wurde nun vereinheitlicht (#63340).
  • BugFix: Die Variable SCANNER_NVT_TIMEOUT wird in der GUI nun auch aufgelöst (#62931).
  • Kleiner Bugfix: Ein Darstellungsfehler durch Zeilenumbruch auf der Ergebnis-Ansicht wurde beseitigt (#62273, #2016082910000044).
  • Kleine Verbesserung der Online-Hilfe zur “SCP” Alarmierung (#62274, #2015031210000014).
• GOS-Admin:
  • Erweiterung: Die Fingerprints der SSL Zertifikate werden nun über das GOS-Menu angezeigt und können so leichter verifiziert werden (#53378).
  • Bugfix: Nach dem Anlegen eines Userdata-Backups werden nun umittelbar die nicht mehr benötigten Dateien gelöscht (#57904).
  • Kleiner Bugfix: Falsche Fehlermeldung im Log zu rsyncd wurde beseitigt (#62374).
• Scanner:
  • Verbesserte Detektion von “rsnyc”-Diensten (#63766).
  • Bugfix: Bei zirkuläre Abhängigkeiten innerhalb von NVTs bleibt der Scan nicht mehr hängen und es wird eine Meldung im Log hinterlassen (#62797).

3.1.34 (2016-09-21):

• Web-Oberfläche und OMP:
  • Aktualisierung von GXR/GSR: Diagramme die aufgrund der Scan-Ergebnisse oder des Filters leer sind werden nicht mehr aufgenommen. Ausserdem wurden die NVT OIDs zur besseren Lesbarkeit gekürzt. Auch wurde ein Darstellungsfehler bei Hostnamen die einen Unterstrich enthalten behoben (#61602, #62598, #2016091310000045).
  • Verbesserung: Für den Start von Scans werden nun nicht mehr pauschal alle NVTs aktiviert die möglicherweise Einstellungen vornehmen. Nur noch diejenigen, für die es offensichtlich ist, werden aktiviert wie beispielsweise das Setzen der Credentials nur dann überhaupt erst zu versuchen wenn auch wirklich welche verknüpft wurden. Es handelte sich um eine Übergangslösung für Anwender von GOS 2 die nunmehr endgültig entfernt wurde. Bei großen Scans mit wenig NVTs kann dies zu leichten Performanz-Steigerungen führen (#62267).
  • BugFix: GSM Tag für Windows Server 2012 wird beim Verinice ISM Report Format Plugin nun korrekt gesetzt (#60486, #2016062810000059).
  • BugFix: In der Task-Übersicht zu Scanner-Details wurden Objekte angezeigt auf die man mangels Zugriffsberechtigung nicht durchgreifen konnte. Diese Objekte werden nun nicht mehr angezeigt (#57759).
• Web-Oberfläche:
  • Bugfix: Unter bestimmten Umständen war die voreingestellte Sortierung von Berichten nicht nach Datum (#62509).
  • Kleiner Tippfehler in englischer Version beseitigt (#62509).
• Scanner:
  • Erweiterung: Der Scanner bietet den NVTs mehr Möglichkeiten zur Analyse von TLS-Zertifikaten an (#62139).
  • Bugfix: Unter sehr seltenen und sehr besonderen Umständen konnte der Scanner bei der Ausführung eines NVT in ein Problem laufen und die Bearbeitung des betreffenden NVT abbrechen (#62465).

3.1.33 (2016-09-02):

• Scanner:
  • Bugfix: Unter bestimmten Umständen konnte es dazu kommen, dass einzelne Scans hängen blieben oder frühzeitig endeten (#62049).
  • Bugfix: Fehlermeldungen zu Scans enthielten unter bestimmten Umständen nicht die korrekte Bezeichnung des jeweiligen Zielsystems (#62268).
  • Bugfix: Bei unterschiedlichen Host-Limits auf Master und Slave konnte es dazu kommen, dass der Scan unter bestimmten Umständen im Status ‘Requested’ hängen blieb (#54755).
  • Bugfix: Unter bestimmten Umständen konnte es dazu kommen, dass einzelne Schwachstellentests frühzeitig endeten (#60387).
• Web-Oberfläche und OMP:
  • Bugfix: Unter bestimmten Umständen wurde bei der Bearbeitung eines Tasks eine inkorrekt Fehlermeldung gezeigt (#60442).
  • Bugfix: Beim Klonen eines Target wurde die ‘Alive Check’-Eigenschaft ignoriert (#60634, #2016070410000021).
  • Verbesserung: Der bei Auto-Alerts verwendete Filter sortiert Ergebnisse nun nach Schweregrad vor um den maximalen Schweregrad bei sehr vielen Ergebnissen besser darzustellen (#60712, #2016070510000019).
  • Verbesserung: Die maximal erlaubte Eingabelänge für das Feld ‘Target Host’ im Advanced Task Wizard wurde erhöht (#56513, #2016012810000013).
  • Verbesserung: Die englischsprachige Hilfe zur ‘New Credential’-Funktion wurde verbessert (#56663, #2016020410000021).
  • Verbesserung: Der Report-Format ‘Anonymous XML’ entfernt nun noch mehr Datenelemente die unter Umständen Rückschlüsse auf den Ursprung der Daten erlauben könnten (#56793, #2016021010000027).
• GOS-Admin:
  • Verbesserung: Zur Authentifizierung zwischen Master und Sensor kann nun auch der RSA-Algorithmus verwendet werden (#62059).

3.1.32 (2016-08-13)

Die mit (*) gekennzeichneten Einträge ändern voreingestelltes Verhalten.

• Neu: Dynamische Diagramme “bar-chart”, “donut”, “lines” und “bubbles” für das SecInfo Management in der Web-Oberfläche. Für jede Objekt-Kategorie können jeweils zwei Diagramme gewählt werden. Jedes Diagramm kann auch als eigenes Fenster geöffnet. Die zugrunde liegenden Daten können als CSV Tabelle exportiert oder als HTML Tabelle geöffnet werden. Die SVG Vektor-Grafik kann ebenfalls exportiert oder direkt im Browser geöffnet werden.
• Neu: Dashboard Übersicht für das SecInfo Management der Web-Oberfläche. Diese besteht aus 4 Diagrammen die individuell bzgl. Typ konfiguriert und mit Powerfilter kombiniert werden können. Die Konfiguration ist persistent für jeden Anwender.
• Neu: Dynamische Diagramme für Aufgaben analog zu SecInfo Management.
• Neuer Abschnitt “Ergebnisse” im Menu “Scan Management”. Dieser bietet ein Objekt-Management für sämtliche Scan-Ergebnisse in der Datenbank für die der Anwender Lese-Rechte besitzt. Damit ist es nun möglich Suche und Filterung von Ergebnissen vollkommen unabhängig von den eigentlichen Scan-Berichten durchzuführen.
• Neu: SecInfo Objekt-Kategorie “CERT-Bund”. Hierbei handelt es sich um die deutschsprachigen Sicherheits-Meldungen des CERT der deutschen Bundesverwaltung.
• Neu: Attribut “Solution Type” für NVTs und Ergebnisse.
• Neu: Block-Aktionen um beispielsweise viele Objects mit einer einzelnen Aktion zu löschen oder herunterzuladen.
• Neu: Der Konfiguration-Typ “Scanner” erlaubt die Konfiguration zusätzlicher Scanner des Typs OpenVAS (der bisherige und weiterhin voreingestellte Scanner) sowie von OSP-basierten Scannern. OSP steht für OpenVAS Scanner Protocol und ist eine generische Abstraktion für beliebige Scanner um diese dann auch generisch in das Schwachstellen-Management einzubinden.Das Aufgaben-Management wurde ebenfalls um scannertyp-abhängigen Elemente erweitert.Diese Funktionalitäten bereiten die Integration von OSP Scannern vor. Sämtliche Voreinstellungen sind so belassen, dass sich das Verhalten der vorhergehenden Greenbone OS Version nicht ändert. OSP ist also komplett optional.
• Neu: Option für anonymen Gast-Zugang. Neben der neuen Rolle “Guest” die ähnlich der Rolle “Info” nur Zugang zum Abschnitt “SecInfo” erlaubt kann nun über gos-admin-menu ein Gast-Zugang für anonymen Zugriff freigeschaltet werden. Es lassen sich dann auch statische allgemeine URLs in den SecInfo Bereich verwenden.
• Neu: Rolle “Monitor” die den Zugang zu den Performancedaten des GSM erlaubt.
• Neu: Rolle “Super Admin” die den vollen Zugang zu allen Objekten aller Anwender erlaubt.
• Neu: Berechtigung “Super” beispielsweise für das Anlegen von Gruppen-Administratoren.
• Neu: Die Dateinamen für Downloads können nun via “Eigene Einstellungen” konfiguriert werden.
• GXR/GSR: Diese Report Format Plugins wurden überarbeitet. Insbesondere wurde GSR bzgl. Seitenanzahl und Erstellungsdauer verbessert.
• Neu: Wizard für das modifizieren von Aufgaben.
• Aufgaben: Der Dialog zu den Berechtigungen wurde überarbeitet.
• Zeitzonen: Die Konfiguration von Zeitzonen wurde so geändert, dass nunmehr eine Auswahlliste verfügbar ist.
• (*) Anwender können nun mehrere Sitzungen gleichzeitig betreiben so lange diese in verschiedenen Browsern laufen. Bis GOS 3.0 hat eine neue Sitzung unabhängig von welchem Browser sie ausgeführt wurde die alte Sitzung unmittelbar beendet.
• Auf jeder Seite der Weboberfläche wird nur nun in der Fusszeile die Dauer der jeweiligen Operation angezeigt.
• (*) Anmeldedaten: Der öffentliche Schlüssel von Anmeldedaten für SSH ist nicht mehr explizit benötigt, da er nun aus dem privaten Schlüssel extrahiert wird.
• Anmeldedaten/Ziele: Zugangsdaten für ESXi Zielsysteme können nun direkt beim Ziel angegeben werden anstatt in der Scan Konfiguration.
• Neu: Statistik-Modul auf OMP-Ebene repräsentiert durch das Kommando “GET_AGGREGATES” welches auch die Basis für die Digramme bildet.
• (*) Wird eine Aufgabe gestopped, so wird der Scanner nun angewiesen, die Abschlussphase trotzdem durchzuführen anstatt unmittelbar abzubrechen. Somit gehen die bis dahin gesammelten allgemeinen Informationen über Zielsystemen nicht mehr verloren.
• Neue interne Inter-Prozess Kommunikation des Scanners.
• Hauptspeicher-Verbrauch des Scanners um 50% reduziert.
• (*) Keine weitere Unterstützung für das pausieren von Aufgaben (OMP).
• (*) Keine weitere Unterstützung des veralteten “openvasrc” Format (OMP).

3.1.32 (2016-08-13):

• GOS-Admin:
  • Kritischer Bugfix: Leider enthielt 3.1.31 einen kritischen Fehler für das Sensor-Management. Sensoren die auf 3.1.31 stehen, können durch ihren Master nicht mehr mit Feed-Updates (weder NVTs noch neue GOS-Versionen) versorgt werden.Wird von einer Version 3.1.30 oder älter auf 3.1.32 aktualisiert, dann bestehen keine Probleme. Sobald jedoch ein Master auf 3.1.31 aktualisiert wurde, liegt das Problem für seine Sensoren vor die automatisch auch auf 3.1.31 aktualisiert wurden.Liegt das Problem vor, so ist leider zwingend eine manuelle Änderung auf den Sensoren notwendig. Der Greenbone Support hält für Sie ein Rezept für diese manuelle Änderung bereit. Wie bitten vielmals für diese Unannehmlichkeiten um Entschuldigung (#62030).

3.1.31 (2016-08-08):

• Web-Oberfläche und OMP:
  • Erweiterung: Automatisches Löschen alter Berichte. Für Aufgaben gibt es nun eine weitere Einstellung die es erlaubt eine maximale Anzahl von Berichten für diese Aufgabe festzulegen. Wird ein weiterer Bericht durch einen Scan erstellt, so wird der älteste Bericht automatisch gelöscht. Man kann also einstellen, dass zum Beispiel genau die 10 letzten Bericht aufbewahrt werden. Voreingestellt ist jedoch das bisherige Verhalten, also keine Berichte selbsttätig zu löschen (#38210).
  • Verbesserung: Schlägt der Scan eines Scan-Slaves fehl weil ein falsches Passwort oder Zugangskonto für den Slave verwendet wurde, so wird nun eine Fehler-Nachricht im Bericht mit einem entsprechenden Hinweis angelegt (#59154).
  • Erweiterung: Die neue Alarmierungsmethode “SCP” erlaubt es einen Scan-Bericht als XML per SCP-Protokoll zu versenden. Dies wird beispielsweise von einigen SIEM-Systemen unterstützt (#53932).
  • Erweiterung: Die Alarmierungsmethode “SNMP” wurde aus der Methode “SysLog” als nunmehr eigenständige Methode ausgegliedert. Eine bislang zusätzliche Konfiguration in GOS-Admin-Menu ist nicht mehr notwendig (#58742).
  • Erweiterung: Unter “My Settings” gibt es nun die “Default Severity”. Das ist der voreingestellte Schweregrad der angewendet werden soll wenn ein NVT keinen eigenen bietet. Dies kann bisher nur passieren wenn CVE-basierte OSP-Scanner eingesetzt werden und für die CVE noch keine CVSS Einstufung existiert. Voreingestellt ist der konservative Maximal-Wert 10.0 (#49729).
  • Erweiterung: An das Verinice ISM Report Format Plugin kann nun auch das GSR und GXR Format angehängt werden (#41074, #60444, #54603, #2015111910000013).
  • Kleine Erweiterung: Der Powerfilter für die Berechtigungen wurde um das Schlüsselwort “orphan” erweitert. Mit “orphan=1” können verwaiste Berechtigungen gefiltert werden deren Ressourcen bereits nicht mehr existieren (#55906, #2016010410000022).
  • GXR/GSR: Der Topologie-Graph wird nur noch für maximal 50 Hosts erstellt (#56108, #2016011810000014).
  • Kleine Verbesserung: Im Kommentar und Wert von Tags ist nun das “@”-Zeichen erlaubt (#57395).
  • Bugfix: Haben Benutzernamen einige besondere Zeichen verwendet, konnten sie nicht in Gruppen oder Rollen hinzugefügt werden (#58879).
  • Bugfix: Beim Import von speziellen Scan-Konfigurationen kam es zu Fehlern die den Import verhindert hatten (#59629).
  • Verbesserung: Schlägt der Scan eines Scan-Slaves fehl weil ein falsches Passwort oder Zugangskonto für den Slave verwendet wurde, so wird nun eine Fehler-Nachricht im Bericht mit einem entsprechenden Hinweis angelegt (#59154).
  • Bugfix: Unter bestimmten Situationen konnte es dazu kommen, dass Aufgaben auf Scan-Slaves im Status “Stop Requested” hängen geblieben sind (#59726, #2016050310000017, #2016052310000024).
  • Bugfix: Geklonte vordefinierte Report-Formate sind nun automatisch auch vertrauenswürdig da ja nur die allgemeine Beschreibung geändert wird, nicht aber die interne Logik (#56990).
  • Bugfix: Ein Formatierungs-Problem für spezielle NVT-Beschreibungen wurde für das GSR PDF Report Format gelöst (#56150, #2016012010000037).
  • Bugfix: In sehr speziellen Fällen war es nicht möglich ein importiertes Report Format positiv zu verifizieren (#59287, #59756).
  • Bugfix: Bei Delta-Berichten kam es unter bestimmten Umständen zu unnötigen Einträgen (#56952, #2016020910000011).
  • Bugfix: Bei der Erstellung von z.B. GSR PDF-Berichten wurde direkt in der Web-Oberfläche gemachte Filtereinstellungen für den Host nicht beachtet während sie in der Ansicht durchaus angewendet wurden (#57256, #2016022910000055).
  • Bugfix: In der Port-Listen Übersicht wurden UUIDs zu Zielen aufgelistet die diese Port-Liste verwendet haben, aber für das aktuelle Benutzerkonto nicht lesbar waren. Die Querverweise hatten dementsprechend aucn nicht funktioniert (#58885).
  • Kleinere Korrekturen in der OMP Dokumentation (#56666).
• Web-Oberfläche:
  • Formatierungsverbesserung bei Host-Tabellen im Report Ergebnis-Browser: Spalten-Inhalte werden nun besser umgebrochen und vermeiden Tabellen mit Überbreite (#55406).
  • Bugfix: Bestimmte händische Veränderungen der HTTP-Anfragen an die Web-Oberfläche führen nun unmittelbar zu einer leeren Antwort anstatt mit einer Verzögerung (#57986).
  • Ergänzung der Icon-Liste für Betriebssysteme (#57183).
  • Bugfix: Bei der Verwendung von Auto-Refresh konnte es nach dem Anlegen einer multiplen Zugriffs-Berechtigung zu einer Fehlermeldung kommen (#56795).
  • Kleine Verbesserung: Die Benennung der Filter-Regeln im Report Ergebnis Browser wurde geändert um Mißverständnissen besser vorzubeugen auf was genau sich die Ansicht (z.B. Hosts) bezieht (#39535, #2014072410000121).
  • Kleine Verbesserung: Der “once”-Status einer Aufgabe ist nun auch im Tooltip sichtbar (#48265, #2015040910000028).
  • Bugfix: Der Bearbeitungs-Dialog für Benutzerkonten hatte die die LDAP-Flagge nicht automatisch gesetzt wenn es sich um ein LDAP-Konto handelte (#56469, #2016012610000017).
  • Verbesserung: Unter hoher Last der Web-Oberfläche (viele gleichzeitige Anwender) kann es passieren, dass eine neue Verbindung für den Augenblick verweigert wird. Die Grenze hierfür wurde nun angehoben (#58167, #2016040710000039).
• GOS-Admin:
  • Menü für SNMP Trap Konfiguration entfällt. Diese ist nun in der Web-Oberfläche verfügbar (#58743, #58745).
  • Die Cipher-Einstellungen des SSH-Dienstes wurden auf eine höhere Sicherheits-Stufe angehoben (#58450).
  • Verbessung des internen Loggings: UUIDs von Objekten sind nun um den Objekt-Namen ergänzt und jeder “Internal Error” wird explizit aufgeführt (#58005, #58721, #59683).
  • Erweiterung: Für eine Detail-Analyse eines GSM in Zusammenarbeit mit dem Greenbone Support kann nun via GOS-Admin-Menu ein verschlüsseltes Paket mit allen relevanten System-Daten erstellt werden (#44900, #60301).
  • Erweiterung: Interne Aufräum-Methode für das Zurücksetzen von Scan-Sensoren (#28277).
  • Verbesserung: Die internen Journal-Größen für die Datenbank wurden begrenzt (#57888).
  • Bugfix: Ein Factory Reset konnte je nachdem um welches GSM-Modell es sich handelte eine Fehler auftreten. Dieser trat nur selten auf, konnte umgangen weden und ist nun beseitgt (#60488, #55414).
• Scanner:
  • Verbesserung: Der OpenVAS Scanner wurde robuster im Umgang mit Timeouts gemacht macht. War ein Port bereits einmal als offen festgestellt so wird bei einem Timeout mehrmals, mit zeitlichem Versatz, ein Aufbau versucht (#48537).
  • Verbesserung: Ist auf dem Zielsystem SMBv1 ausgeschaltet und SMBv2 eingeschaltet, so werden nun mehr Scan-Ergebnisse bei einem authentifizierten Scan erzielt. Die Menge hängt jedoch wesentlich davon ab ob der Remote Registry Service zur Verfügung steht (#50757, #2015071510000029).
  • Bugfix: Unter extrem hoher Last konnten Scan-Aufgaben auf Sensoren stecken bleiben. In Verbindung mit limitierten Zeitplänen blieben dann Aufgaben im Status “Stop Requested” zurück. Der Entstehung sog. “Scanner-Zombies” wird nun vorgebeugt (#56688, #2016020310000022).
  • Bugfix: Unter bestimmten Umständen konnten SSH-Scans “hängen” bleiben. Bei Schwierigkeiten mit dem gescannten SSH-Dienst wird nun schneller abgebrochen (#54059).
  • Verbesserung: Beim Scannen von SNMP Diensten wurden unter bestimmten Umständen (fehlende MIBs) unnötig viel interne Log-Informationen geschrieben (#59857).

3.1.30 (2016-05-30):

• Web-Oberfläche und OMP:
  • Bugfix: Bei zeitgesteuerten Scans mit limitierter Laufzeit im Master-Slave-Betrieb konnte es vorkommen, dass die Scan-Aufgabe auf dem Master gestoppt wurde, aber auf dem Slave bis zum Ende durchlief. Bei der Wiederaufnahme wurde dann ein neuer Scan gestartet anstatt den alten Scan zu Ende zu führen (#59433, #59431).
• Scanner:
  • Bugfix: Häufiges uns schnell hintereinander ausgeführte Stopps und Starts von Aufgaben im Master-Slave-Betrieb konnte dazu führen, dass eine Aufgabe im Status “Stop Requested” hängen geblieben ist. Verantwortlich war ein blockierender Scanner (#59642).

3.1.29 (2016-04-21):

• Web-Oberfläche:
  • Bugfix: Die Aktion eine gestoppte Aufgabe wieder aufzunehmen bei gleichzeitig angeschaltetem Refresh könnte zum Verlust des Session-Tickets führen (#58356).
  • Bugfix: Durch Verwendung spezieller UTF-8 Zeichen im Filter konnte das Session-Ticket verloren gehen (#57961).
• GOS-Admin:
  • Update eines internen CA-Zertifikats mit einer neuen Gültigkeitsdauer. Dieses Update ist zwingend notwendig für die korrekte Funktion des Schwachstellen-Scannings und Schwachstellen-Managements. Es ist besonders dringend für den GSM ONE für den das Update noch innerhalb des April 2016 erfolgen muss (#57946).
• Scanner:
  • Für authentifizierte Scans via SSH können nun auch ECDSA Schlüssel verwendet werden (#57091, #29613).

3.1.28 (2016-02-23):

• Web-Oberfläche und OMP:
  • Performanz-Verbesserungen: Auf verschiedene Anwendungsszenarien hin wurde die Performanz bei Aufgaben, Berichten und Ergebnissen optimiert (#50862, #54971).
  • Für verschiedene Situationen werden Aktionen nicht mehr blockiert, so dass der Anwender mit seinen Aktionen parallel zu den Hintergrundprozessen (z.B. SCAP-Update) arbeiten kann. Ebenfalls verringert wurde die CPU-Last (#44104, #56004, #56127).
  • Bugfix für den Mülleimer. Es konnte dazu kommen, dass beim leeren des Mülleimers auch andere Objekte gelöscht wurden (#55296).
  • Erweiterte Möglichkeiten bei der Bedingung für Benachrichtigungen: Es ist nun möglich die Treffer-Anzahl eines Powerfilters als Kriterium zu verwenden (#45430, #2015010710000019).
  • Bugfix: Einige Graphen aus dem Menüpunkt Extras/Leistung wurden beim GSM ONE sowie bei GSM 500/510/550 nicht korrekt angezeigt (#55648, #2014050510000017, #54799).
  • Das Report Format Plugin “Verinice ISM” wurde für eine Verallgemeinerung vorbereitet (#43295).
  • Nur GSM 100: Bugfix der Aufgaben-Zeitsteuerung. Es wurden nicht immer alle zeitgesteuerten Aufgaben ausgeführt (#55259, #56466, #2016012510000028).
• Web-Oberfläche:
  • Die regulären Ausdrücke für die erlaubten Eingaben wurden geprüft, und zum Teil enger gefasst. Fehlerhafte Eingaben werden dadurch nun schon früher abgefangen (#55933).
  • Kleine Verbesserung: Die Icons für das Löschen von Notizen und Übersteuerungen sind nur dann verfügbar wenn die Berechtigungen des Benutzers diese Aktion auch erlauben (#55384).
  • Bugfix: Bei der Verwendung von Auto-Refresh konnte es nach dem Anlegen einer Zugriffs-Berechtigung für Aufgaben zu einer Fehlermeldung kommen. Die Aufgabe oder angelegten Berechtigungen sind aber nicht betroffen (#55298).
  • Bugfix: Bei Verwendung von IPv6 funktionierte die Umleitung von http auf https nicht für alle IPv6 Adressen (#54839).
• GOS-Admin:
  • Neu: Für das Backup der Benutzerdaten steht nun neben USB und SCP zusätzlich die Methode SFTP zur Verfügung (#51195, #2015072310000013).
  • Kleine Verbesserung bei der Unterstützung der TLS Cipher von OMP/HTTPS bzgl. der Einstellungen SECURE und NORMAL (#55940).
  • Für die Proxy-Zugangsdaten wurden die Einschränkungen für die erlaubten Zeichen reduziert (#49453, #2015052710000055).
  • In GOS-Admin-Menu wurden einige Passworte im Klartext angezeigt. Dies wurde nun abgeändert, so dass in GOS-Admin-Menu keinerlei Passworte mehr angezeigt werden (#56599, #2016020110000035).
  • Im GOS-Admin-Menu wurde eine Option zum Löschen von Quelltexten hinzugefügt. Diese kann verwendet werden falls manuell Quelltexte installiert wurden (#54020).
  • Kleine Verbesserung für Upgrades: Die neue Versionsnummer wurde im Verlauf des Upgrades etwas zu früh angezeigt (#47727).
  • Zur Vorbereitung der kommenden Unterstützungs-Funktion für Support-Pakete wurde der PGP-Schlüssel des Greenbone Support integriert um eine Verschlüsselung von Daten zu ermöglichen die an den Support gehen (#56126).
• Scanner:
  • Durch die Aktualisierung einer Basis-Bibliothek für das SSH-Protokoll werden sowohl die Detektions-Fähigkeiten des Scanners erweitert als auch die Unterstützung für die SSH-Credentials für authentifizierte Scans (#52479).
  • Verbesserte Robustheit des Scanners gegen unvollständige NVT-Metadaten (#55264).
  • Bugfix bzgl. SSH-Verbindungen: Bei massiven Scans konnte es zur Verlangsamung oder Abbrüchen von einzelnen SSH-Verbindungen kommen (#54661).

3.1.27 (2016-02-18):

• GOS Basis-System:
  • Sicherheits-Bugfix, der eine schwerwiegende Schwachstelle in der allgemeinen Basis-Bibliothek “glibc” behebt. Nach vollständig beendetem Upgrade ist ein Neustart empfehlenswert (CVE-2015-7547).

3.1.26 (2016-02-02):

• Web-Oberfläche:
  • Sicherheits-Bugfix, der einen DoS-Angriffsvektor beseitigt. Es war möglich die Web-Session-Tickets anderer Benutzer ungültig werden zu lassen. Weder die Integrität noch die Verfügbarkeit von OMP oder SSH sind davon betroffen (#56541, GBSA-2016-02).

3.1.25 (2016-01-12):

• Web-Oberfläche:
  • Kleinerer Sicherheits-Bugfix, der ein offenes Redirect schließt welches nur bei Freischaltung des Gast-Modus vorlag (#55720).

3.1.24 (2016-01-09):

• Web-Oberfläche:
  • Sicherheits-Bugfix, der eine Cross-Site-Scripting Schwachstelle beseitigt. Sie kann nur mit einem gültigen Session-Token ausgenutzt werden. Falls der Gast-Zugang aktiviert ist, so kann das allgemeine Gast-Token verwendet werden. Allerdings verfügt der Gast-Zugang über keinerlei Schreibberechtigung für den GSM (#55720, GBSA-2016-01).

3.1.23 (2015-12-15):

• Web-Oberfläche und OMP:
  • Performanz-Verbesserungen: Auf verschiedene Anwendungsszenarien hin wurde die Performanz bei Aufgaben, Berichten und Ergebnissen optimiert (#51923).
  • Neue Benachrichtigungsmethode “Send to host”: Diese Methode erlaubt es, das Scan-Ergebnis in verschiedenen Formaten an eine konfigurierbare Adresse als einfachen TCP Upload zu senden wie es von verschiedenen SIEM-Systemen angeboten wird (#53931, #54296).
  • Bugfix für verinice ISM Report Plugin: Es kann nun ein HTML-Bericht optional angehängt werden (#54602, #2015111810000015).
  • Änderung für verinice ISM Report Plugin: Das Tag “Verinice Source ID” wird nun verwendet anstatt des bisherigen Work-Arounds af Basis des Aufgaben-Kommentares (#54687).
  • Neue Authentifizierungsmethode für GSM Anwender via Radius (#54696, #54060).
  • Änderung: Die “Once” (“Einmal”) Checkbox für zeitgesteuerte Aufgaben bleibt aktiv nachdem der Scan gestartet wurde. Bisher wurde sie deaktiviert was aber den üblichen Arbeitsablauf behindert (#48228, #2015040710000013).
  • Verbesserung: Wurden bei einem Scan keine Resultate erhoben, so werden dem Anwender hinweise gegen woran dies liegen könnte (#51462).
  • Bugfix zu Übersteuerungen und CSV Export: Die Übersteuerungen werden nun auch für die CSV Exports angewendet (#52768, #2015092110000041).
  • Verbesserungen zu Slave-Scans: durch einen Neustart des Master-GSM werden die Slave-Scans nicht mehr gestoppt sondern der Scan kann vom Master an gestoppter Stelle wiederaufgenommen werden (#45074, #45073).
  • Verbesserung in der Schwachstellen-Ansicht im Report Browser: Notizen und Übersteuerungen werden nun angezeigt (#52187, #2015090110000024).
  • Bugfix bei Übersteuerungen: Im Bearbeitungsdialog fehlte ein expliziter Knopf für die Auswahl “ja” bei der Einstellung “aktiv” (#52996).
  • Verbesserung für OSP Scan-Konfigurationen: Sinnvollere Voreinstellungen bei Auswahllisten (#52572, #52376).
  • Bugfix für Zähler bzgl. NVT-Familien in Scan-Konfigurationen: In einigen Fällen wird die falsche Anzahl an NVTs in der Übersicht dargestellt. Die Detail-Ansicht war hingegen korrekt (#53645, #2015091010000043).
  • Bugfix für das Löschen von ESXI Zugangsdaten aus dem Mülleimer: Das Löschen ist nicht mehr erlaubt wenn die Zugangsdaten an anderer Stelle verwendet werden. (#54332).
  • Bugfix für zeitgesteuerter Scans mit begrenzter Laufzeit: Beim Erreichen der erlaubten Zeit wird die Aufgabe nun ohne Fehlermeldung auf “Gestoppt” gestellt (#53049, #2015093010000041).
  • Bugfix für das importieren von OSP Scan-Konfigurationen (#53088, #2015100210000083).
  • Bugfix für LSC-Installer für Windows: Die bei der Installation entstehenden temporären Dateien werden nun alle nach der Installation unmittelbar gelöscht (#53680, #2015102210000036).
  • Bugfix bei den Performanz-Graphen: Für nicht verfügbare Daten werden keine leeren Graphen mehr angezeigt und einige leere Graphen zeigen wieder die zugehörigen Daten an (#22336, #22856, #36565).
  • Bugfix für Prognose-Berichte: Das Format NBE wird nun auch unterstützt (#52897).
  • Kleiner Bugfix der eine interne Log-Meldung auf Slave-GSMs vermeidet falls ohne Zugangsdaten gescannt wurde (#54526).
• Web-Oberfläche:
  • Kleine Verbesserung: Für den Gast-Zugang bleibt die Seitenauswahl erhalten falls das Session-Ticket ausgelaufen ist und neu ausgestellt wird (#52165).
  • Kleiner Bugfix: In einigen Fällen waren Verweise zu Objekten die im Mülleimer liegen nicht funktional (#54336).
  • Session Tokens sind nun mit der IP-Adresse des Browsers verknüpft. Wird nun versucht ein Session Token von einem anderen System aus als für welches es ausgestellt wurde zu benutzen, so wird es nicht anerkannt (#52008).
  • Kleine Verbesserung falls man versucht sich als Benutzer mit ungültigen Zeichen im Namen anzumelden: Bisher wurde eine Fehlerdialog geöffnet, nun wird einfach nur eine erneuter Login-Versuch angeboten (#20082).
  • Bugfix: Fehlendes Icon für Lösungs-Typ “Mitigation” (#52596).
  • Kleiner Bugfix: Schaltet man Block-Aktionen ein, so blieben Icons ohne Funktion sichtbar (#54335).
• GOS-Admin:
  • Fehlgeschlagene Login-Versuche werden nun voreingestellt im Logbuch festgehalten, inklusive der Herkunfts-Adresse (#51158, #51927).
  • Interne Verbesserung: Nicht mehr benötigte Daten die nach einer Migration aus GOS 3.0 übrig geblieben sind, werden gelöscht. Es handelt sich um System-Daten, keine Anwender-Daten (#54019).
  • Kleine Verbesserung: Bei Eingabe von Proxy-Credentials wird ein zusätzlicher Hinweis zur Syntax bei ADS-Umgebungen gegeben (#53684).
  • Bugfix: Airgap Menü von gos-admin reflektiert nun sämtliche Airgap-Kombinationen (#54058, #51272).
• Scanner:
  • Berücksichtigung des Host-Alive Status bei OSP-Scannern (#51924).
  • Bugfix für die Auflösung von Rechnernamen in Umgebungen die ausschließlich IPv6 unterstützen (#54216).
  • Bugfix: Bei einigen OSP-Scans wurden Ziele in CIDR-Notation nicht korrekt aufgelöst (#52373).
  • Interne Verbesserung des OpenVAS Scanners bzgl. Datenstrom-Block-Längen (#53023, #52146).
  • Verbesserte Status-Meldung bei fehlerhaften OSP-Scannern (#52240).

3.1.22 (2015-10-30):

• GOS-Admin:
  • Verbesserte Robustheit des zentralen Daten-Managers gegen spezielle Last- bzw. Stress-Situationen (#53834, #53825, #53832, #53646, #2015100710000047).

3.1.21 (2015-10-20):

• Web-Oberfläche und OMP:
  • Kleiner Bugfix: Titel für Email-Alarmierungen nun ein “GSM” vorangestellt (#53282).
• GOS-Admin:
  • Bei hoher Last konnte es vorkommen, dass parallel mehr als ein Feed-Update durchgeführt wird und das System dadurch weitgehend blockiert werden konnte (#53356, #53360, #2015100710000047).
  • Die Aktualisierung aus einem Factory Reset heraus konnte aufgrund einer Unstimmigkeit in den Datenmodell-Migrationsroutinen zu Fehlermeldungen bei einem Feed-Update führen. (#53358, #2015100610000031).

3.1.20 (2015-10-07):

• GOS-Admin:
  • Bugfix: Unter bestimmten Umständen konnte es zu einem Abbruch des Upgrade-Vorgangs kommen. Dieses Verhalten wurde behoben (#53089, #2015100210000065).
  • Die Erkennung von und Benachrichtigung über einen inkonsistenten internen Zustand durch das gos-admin-menu wurde verbessert (#53091).
  • Die Sichtbarkeit des Upgrade-Vorgangs in den Log-Dateien des Systems wurde verbessert (#44607).

3.1.19 (2015-09-29):

• Web-Oberfläche und OMP:
  • Beschleunigtes Antwortverhalten der Aufgaben-Übersicht bei hoher Scan-Last (#50860, #2015070610000037).
  • Neu: Erweiterte Konfigurierbarkeit von Email-Alarmierungen. Sowohl der Titel als auch der Inhalt können nun individuell angegeben werden. Durch entsprechende Variablen kann Bezug auf die Aufgabe genommen und auch die bisherigen Textbausteine abgerufen werden. Die Voreinstellung entspricht den bisherigen Inhalten, es besteht also keine unmittelbare Anpassungs-Notwendigkeit (#50859, #50572, #2015070810000042).
  • GSR Report: Unter bestimmten Umständen (getriggert durch eine Alarmierung) konnten die falsche Schweregrad-Farbe und Klassen-Benennung verwendet werden die nicht zum CVSS passten (#51820, #50171, #2015081810000058, #2015062310000015).
  • Neu: XML-Repräsentation von Aufgaben enthält nun auch die Tags die an die Aufgabe angehängt sind (#52478).
  • Bugfix: Über Berechtigungen geteilte Zugangsdaten konnten unter bestimmten Umständen nicht genutzt werden (#50363, #2015070110000028, #2015070810000051).
  • Bugfix: Es konnte vorkommen, dass ein über eine Gruppe geteiltes Unterobjekt (z.B. eine Port-Liste) nicht lesbar war (#51416, #2015080410000039).
  • Bugfix: Die Zugriffsverweigerung für einen Super-Admin via LDAP wurde behoben (#48824, #2015042710000021).
  • Bugfix: Bei Verwendung des dynamischen Schweregrades wurden Timeout-Meldungen als normales Ergebnis dargestellt anstatt als Fehler (#50324, #2015070110000019).
  • Kleinerer Bugfix: In Scan Konfigurationen konnte für einige Familien in der Übersicht eine falsche Anzahl der selektierten NVTs angezeigt werden. Defekt war nur die Anzeige dieser Zahl, die Selektionen waren korrekt (#48250).
• Web-Oberfläche:
  • Bugfix für den Export von größeren Datenmengen ab ca. 100 Objekte z.B. für CPE-Objekte (#52174).
  • Neu: Bei der Erstellung eines neuen Zieles wird nun die Herkunfts-IP-Adresse des Anwenders als Vorbelegung eingetragen. (#47098, 51639, 51925).
  • Neu: Bei der Erstellung einer neuen Ausgabe kann unmittelbar ein Tag angefügt werden (#35488, #2014022510000066).
  • Bugfix bei Host-Zugangseinschränkung für einen Benutzer: Bereiche die in der Bindestrich-Syntax angegeben wurden (von-bis) wurden als Eingabe nicht akzeptiert (#50915, #2015080710000015).
  • Benutzernamen dürfen nun auch einen Punkt (“.”) als Zeichen enthalten (#51136).
  • Kleiner Bugfix: Die chinesische Übersetzung hat nun die Kennung “zh_CN” anstatt “zh” (#51112).
  • Kleine Änderung: Die Login-Seite hat nun ein eigenes CSS (#50915).
  • Neu: Über die “Content-Security-Policy” Einstellungen wird nun die Verwendung der Web-Oberfläche in anderen Oberflächen eingeschränkt (#51375).
• GOS-Admin:
  • Beschleunigtes Upgrade: Unter bestimmten Umständen konnte ein automatisches Upgrade einige Stunden dauern, da interne Datenoptimierungen ausgeführt werden. Diese werden nun nicht mehr zwingend bei jedem Upgrade ausgeführt (#51481, #2015081010000045).
  • Nicht erfolgreiche Anmeldeversuche an der Web-Oberfläche werden nun inklusive der Herkunfts-IP per Voreinstellung gelogged (#51926).
  • Kleiner Bugfix: Die Übernahme von TLS Cipher Änderungen erfolgt nun mit weniger Verzögerung (#43785).
  • Kleiner Bugfix: Verminderung des Log-Aufkommens für ein Upgrade (#49956).
• Scanner:
  • Beschleunigung von Scans um ca. 10%. Die tatsächliche realisierte Beschleunigung hängt von vielen Faktoren ab und könnte durchaus höher liegen (#48799).
  • Verbesserte Anbindung und Integration des Web-Anwendungs-Scanners w3af, darunter auch die bisher fehlende Seed-URL (#51266, #51334, #51412, #51283).
  • Verbesserte Anbindung des IDS PaloAlto (#52600, #52579).
  • Verbesserte Fehlerbehandlung bei OSP-Scannern (#51335).
  • Kleiner Bugfix: Bei Anlegen eines neuen OSP-Scanners wird ein bereits abgelaufenes Zertifikat nun unmittelbar abgelehnt (#50398).
  • OSP-Server verweigern nun den Start wenn das Zertifikat abgelaufen ist (#50397).
  • Bugfix: Dynamischer Schweregrad stellt OSP-Scanner Ergebnisse nicht mehr als “0.0” dar (#50738).
  • Neu: OSP-Anbindung für Fortinet, allerdings noch nicht zur Verwendung freigegeben (#49627, #52104).
  • OpenVAS Scanner: Die Option “max_sysload” wurde aus der Scan Konfiguration entfernt, da es eine Systemweite Einstellung ist, kein scan-spezifische (#51263).
  • Bugfix bei OpenVAS Scanner: Verbesserte SSH Host-Key Ermittlung (#50588).

3.1.18 (2015-09-24):

• Hardware:
  • Sicherheitsupdate für GSM 600 und GSM 650 welches unkonfigurierte Werkseinstellungen des BMC (Baseboard Management Controller) aus sichere Werte zurücksetzt. Ein Reboot ist nach Upgrade nicht erforderlich. Laufende Scans werden nicht beeinträchtigt. Ein Angreifer aus dem selben Netzsegment könnte den Geräte-Status auslesen, das Gerät abschalten oder einen Neustart auslösen. (#52838, GBSA-2015-01).

3.1.17 (2015-08-03):

• Web-Oberfläche und OMP:
  • Verbesserungen bei der Filterung bzgl. QoD durch erweiterte Verwendung des Filterelements “min_qod”. Dadurch wird für die Voreinstellungen ein konsistentere Darstellung erreicht (#46117).
  • Erweiterung des Powerfilter für Ergebnisse, so dass alle Ergebnisse einer bestimmten Aufgabe über alle Berichte hinweg und zu einer bestimmten CVE selektiert werden können (z.B.: “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
  • Bugfix für den Powerfilter wenn nach Teil-Elementen von IP-Adressen gesucht wird (#49497, #2015052910000015).
  • Inkonsistenzen (None vs. Log) bei der Behandlung der PCIDSS Schweregrad-Klasse beseitigt sowie Korrektur der Bereiche (#49080, #49075).
  • GSR PDF Berichte: Größenbegrenzung erweitert (#49655, #2015040810000021).
  • Bugfix: Bei Scans via Slaves wurden die Host-Details (z.B. das Betriebssystem) erst nach Ende des Scans in der Oberfläche sichtbar und nicht wie bei Scans ohne Slave schon während des Scans (#49655, #2015040810000021).
  • GSR/GXR PDF Berichte: Ab 100 Hosts wird der Topologie-Graph ausgelassen da die Details dann ohnehin nicht mehr erkennbar sind und es die Berichtserstellung beschleunigt (#49269, #2015051810000018).
  • Bugfix: QoD für “general_note” wird nun mit 1% und nicht mehr mit der Voreinstellung 75% angezeigt (#50325).
  • Bugfix: Die Installationsroutine für automatisch erzeugte Zugangs-Daten funktionieren nun auch für Windows 2012 R2 und Windows 10 (#47269, #2015030210000033).
  • Bugfix: Verbesserte Fehlerbehandlung bei ungültigen Benutzereingaben im Powerfilter (#49412).
  • Bugfix: Globale Benutzer fehlten in den Auswahlboxen bei den Zugangsberechtigungen (#49381, #50497, #2015070610000046).
  • Kleiner Bugfix: Weniger Prozess-Overhead u.a. bei der Erstellung von Berichten (#48977).
• Web-Oberfläche:
  • Verbesserung der Unterstützung der Sprachen in der Oberfläche. Durch eine Umstrukturierung ist es nun wesentlicher einfacher, die Web-Oberfläche für weitere Sprachen anzupassen. In diesem Zusammenhang wurde auch Deutsch und Chinesisch aktualisiert sowie eine Teilübersetzung für Russisch verfügbar gemacht (#44479, #50723).
  • Erweiterte Block-Aktionen: Es ist nun erlaubt, eine wesentlich größere Anzahl an Objekten mit einer einzigen Aktion zu verarbeiten, beispielsweise eine große Anzahl alter Berichte auf einmal löschen (#50584, #2015070610000028).
  • Details-Dialog für Aufgaben: Erweitert um die Information wieviele Einzelergebnisse insgesamt über alle Berichte für diese Aufgabe vorliegen und direkter Einsprung in die Ergebnis-Übersicht (#49628).
  • Verbesserung: Der Dialog für die Erstellung eines neuen Anwenderkontos erlaubt nun nicht mehr die Eingabe eines Passworts, da es ohnehin für das Anlegen des Kontos ignoriert wurde (#49271).
  • Bugfix bei Zugangsberechtigungen: Für ein paar Sonderfälle waren Aktions-Icons ausgegraut obwohl die Aktionen durchaus zulässig waren (#49583).
  • Bugfix für den Powerfilter wo bei der Verknüpfung von bestimmten Schlüsselworten keine passende Filterung erfolgte, beispielsweise die Kombination von “task_id” und “cve”. (#49675).
  • Bugfix für den Erstellungs-Dialog von Zeitplänen: Der Kommentar wurde nicht berücksichtigt (#49595).
  • Erweiterung der erlaubten Zeichen in Kommentarfelder um “:” (#49494, #2015052810000026).
• GOS-Admin:
  • User-Data Backups können nun auch angelegt werden wenn die Datenbank größer als 4 GByte ist (#48109).
  • Erweiterung der erlaubten Zeichen für das SNMPv3 Passwort um “$#?!” (#49312, #2014100110000023).
  • Die SNMP Einstellung sind jetzt auch im GOS-Admin-Menu des GSM 25 enthalten (#49448, #2015052710000019).
  • Bugfix für den Import von Berichten: Die Details der Detektion wurden nicht importiert (#49660, #2015060410000033).
  • Bugfix für die SNMP Trap Einstellung (#46321, #50323, #2015013010000029, #2015063010000083).
  • Bugfix zur Vermeidung von nicht mehr in Funktion befindlichen internen Prozessen. Dies hatte aber keinen Einfluss auf die Performanz (#48109).
  • Kleiner Bugfix für den Scanner für sehr seltene Sonderfälle (#49593).
  • Die schon seit langem nicht mehr verwendete CLI-Admin Einstellung “proxy_update” wurde nun endgültig entfernt. Es wird stattdessen die Einstellung “proxy_feed” verwendet. (#49593).
  • Verbesserte interne Fehlermeldungen bei Datenbank-Problemen (#48876).
• Scanner:
  • Bugfix: Unter bestimmten Umständen wurde der Scan-Versuch einzelner Prüfungen vorzeitig abgebrochen (#48906).
  • Bugfix: Bei Linux-Systemen mit sehr umfangreichen Paket-Datenbanken (mit ca. über 8000 Paketen) konnte es dazu kommen, dass nur ein Teil übertragen und analysiert wurde (#49727).
  • OSP: Um Verarbeitung von Ports als Host Details sowie für Zeitstempel erweitert (#48800, #49584).
  • OSP: Verbesserte Handhabung leerer OSP-Scanner-Parameter (#50548).
  • Neu: Beta-Version des Paolo-Alto OSP Scanners für ausgewählte Pilot-Anwender (#48538, #51194, #50912, #50858).
  • Neu: Beta-Version des w3af OSP Scanners für ausgewählte Pilot-Anwender (#50912, #43436, #49673).

3.1.16 (2015-07-03):

• Web-Oberfläche und OMP:
  • Bugfix: Automatische Ausführung einer Aufgabe wird jetzt nur noch für den Besitzer ausgeführt (#50140, #2015020210000026).
  • Bugfix: Automatische Ausführung von Aufgaben wird nun nur noch einmal pro angegebenes Zeitfenster ausgeführt (#50314, #2015063010000065).

3.1.15 (2015-06-19):

• Web-Oberfläche und OMP:
  • Bugfix: Beim Stoppen von Scan-Aufgaben konnte es passieren, dass die Aufgabe im Status “Stopp angefragt” verbleibt. Erst ein Neustart hatte den Status auf “Gestoppt” zurückgesetzt (#49496, #2015052810000017).
  • Bugfix: Durch eine Alarmierung ausgelöste Berichtserstellung konnte die Datenbank für die Phase der Erstellung blockieren (#49975).

3.1.14 (2015-06-16):

• Web-Oberfläche und OMP:
  • Bugfix: Eine Kombination aus Scans mit vorgegebener zeitlicher Begrenzung und automatisch angekoppelter Erzeugung von Berichten konnte bei umfangreichen Scans bzw. engen Zeitfenstern zu einer Blockierung der Datenbank führen (#49861, #2015061110000011).

3.1.13 (2015-05-21):

• Web-Oberfläche und OMP:
  • Zugriffsberechtigungen: Erweiterter Dialog für die Erstellung von neuen Zugriffsberechtigungen. Es ist nun möglich Multiple Zugriffsberechtigungen in einem Schritt anzulegen. Beispielsweise kann bei der Rechtevergabe für ein Ziel-Objekt automatisch auch die verknüpfte Port-Liste und Zugangsberechtigung berücksichtigt werden. Gleichzeitig wurde nun ein vereinheitlichter Dialog für die Rechteübersicht für alle Objekt-Typen eingeführt. Dieser findet sich auf der jeweiligen Details-Seite des Objekt-Typs. Er bietet einen Einsprung in den neuen Erstellungsdialog für Zugriffsberechtigungen und setzt automatisch alle verknüpften Objekte. Insgesamt entsteht damit ein wesentlich verbesserter Komfort für die Einrichtung, Prüfung und Bearbeitung von Zugriffsberechtigungen.(#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
  • QoD: Inkonsistente voreingestellte Filterung (min_qod) ist nun vereinheitlicht und die aktuelle min_qod Wahl bleibt beim Sprung in einen Bericht erhalten. (#46989, #47891).
  • Bugfix: Das Löschen von Report Format Plugins konnte unter bestimmten Umständen fehlschlagen (#48961).
  • Bugfix: Der Zugriff auf den Mülleimer konnte unter bestimmten, seltenen Umständen fehlschlagen (#49058, #2015050710000021).
  • Bugfix: Durch das Entfernen eine Schweregrad-Übersteuerung konnte es passieren, dass der Schweregrad nicht nachkorrigiert wurde (#47789).
  • Passworte für Web- und OMP-Anwender: Es sind ist nun auch das Leerzeichen als Bestandteil des Passwortes erlaubt (#48712, #2015042210000021).
  • Das Report Format Plugin “Verinice-ITG” ist nun ein vorkonfiguriertes Plugin und muss nicht mehr explizit importiert werden. (#41765).
  • Bugfix: Der Name eines NVTs und sein letztes Tag werden nun auch beim Filtern berücksichtigt (#48891, #2015041610000023).
  • Bugfix: Die Sortierung nach “Letztem” Bericht in der Aufgabenübersicht funktionierte nicht korrekt (#48823, #2015042710000011).
  • Bugfix zu Slave-Aufgaben: War der Sensor oder Slave nicht erreichbar, konnte ein gestartet Scan nicht abgebrochen werden solange er noch nicht starten konnte (#48877, #2015040110000024).
  • Bugfix für das Filtern von Scan-Ergebnissen wenn auf eine IP-Adresse eingeschränkt wird. Der Filter wurde nicht scharf angewendet und hat unter bestimmten Umständen mehr Ergebnisse geliefert als der Anwender erwartet hätte (#47710, #48890, #2015040210000041).
  • Bugfix: Filter-Anweisungen bei Delta-Berichten wurden zwar korrekt ausgeführt, aber in der neuen Ansicht ging der Filter verloren. (#48063).
  • Bugfix: Individuelle Port-Listen die auf einem Slave oder Sensor für einen Scan benutzt wurden, wurden dort nach Beendigung des Scans nicht automatisch gelöscht (#47889).
  • Bugfix bzgl. der Anzeige des Trust-Status von Report Format Plugins (#47721, #2015022310000013).
  • Bugfix für das manuelle Erstellen eines Overrides, so dass nun auch das Port-Protokoll angegeben werden kann, z.B. “80/tcp” (#48715, #2015031810000031).
  • Bugfix: Unter bestimmten Umständen konnte es vorkommen, dass im Ergebnis-Browser beim ausklappen der Details diese nicht zu sehen waren wenn der Report einem anderen Anwender gehörte (#47411).
• Web-Oberfläche:
  • Bugfix: Verweise aus dem Asset Management in einen Report hatten nicht auf die exakte IP gefiltert, sondern diese als Substring verwendet (#48981).
  • Bugfix: Die Versionsangabe zu GSR und GXR hatte fälschlicherweise noch nicht Version 3 angegeben (#48115).
  • Bugfix: Die Zähler für Notizen und Übersteuerungen im NVT Details Dialog zeigten immer 0 an (#48247, #2015040810000048).
  • Kleinere Erweiterungen in den Online-Hilfe-Texten (#47708, #47858).
• GOS-Admin:
  • Via GOS-Admin können nun von einem Master aus die angeschlossenen Sensoren angewiesen werden ein neues selbstsigniertes Zertifikat zu erstellen falls das bisherige Zertifikat ausgelaufen ist (#48788).
  • OMP via IPv6: Falls OMP freigeschaltet wird, so kann dieses Protokoll nun auch via IPv6 angesprochen werden (#13592).
  • User-Data Backups: Im GOS-Admin-Menu ist eine Funktion hinzugekommen eine Liste aller vorliegenden lokalen Backups der Benutzerdaten anzeigt (#47787).
  • User-Data Backups: Im GOS-Admin-Menu ist eine Funktion hinzugekommen die das Löschen einzelner lokaler Backups der Benutzerdaten erlaubt (#44852).
  • Bugfix für GOS-Admin: Für verschiedene IP-Adress-Einstellungen wie NTP oder die Sensoren konnten keine IPv6-Adressen angeben werden (#48523).
  • Backup Management: Die Struktur im GOS-Admin-Menu wurde neu organisiert. Es liegt nun eine klarere Trennung der Backup-Typen sowie der Backup-Konfiguration vor (#44769).
  • Kleiner Bugfix für den Selfcheck in GOS-Admin-Menu: Für GSM-Modelle die keine Sensoren managen können, wird kein Sensor-Check mehr angezeigt (#48442).
  • Bugfix für GOS-Admin-Menu, so dass nun beim Sensor Check nun ein Scroll-Balken zur Verfügung steht um bei längeren Berichten alle Informationen einzusehen (#47055, #2015022010000019).
• Scanner:
  • Bugfix: Durch stoppen und wieder starten von Aufgaben konnten es im Überschneidungsbereich zu verdoppelten Ergebnissen kommen. (#48538, #48974, #2015041710000031).
  • Bugfix: In einigen Fällen fehlte in den Ergebnissen der Hostname zu einer gescannten IP (#44904).

3.1.12 (2015-04-23):

• Scanner:
  • Bugfix im Scanner der bei bestimmten Windows-Zielsystemen bestimmte Tests nicht zuverlässig ausführen konnte. Das führte zu geringerer Anzahl detektierter Schwachstellen im Vergleich zu GOS 3.0 (#46115, #48521).

3.1.11 (2015-04-08):

• Web-Oberfläche und OMP:
  • Bugfix für die NVT Details: Der CVSS-Vektor war bei GOS 3.1.10 nicht mehr verfügbar. Nach dem nächsten Feed-Update sind die Vektoren wieder sichtbar (#48062).

3.1.10 (2015-04-01):

• Web-Oberfläche und OMP:
  • Umfassende Überarbeitung der Report Format Plugins GXR und GSR. Die Darstellungsform ist kompakter geworden. Besonders der GSR wird dadurch schneller erzeugt und umfasst weniger Seiten. Außerdem werden nun diverse aktuelle Funktionen, darunter Solution Type und QoD (#46216).
  • Die Report Format Plugins GXR und GSR bieten nun eine tabellarische Übersicht über den Erfolg von Authentifizierungen an den Zielsystemen (SMB, SSH und ESXi) (#45700, #2015011510000021).
  • Bugfix im GSR Report Plugin: Der Text-Eintrag zu Overrides fehlte (#47212).
  • Neues Report Format Plugin “Anonymous XML”: Wie XML, es werden aber IP-Adressen pseudonymisiert und sonstige Hinweise auf die Herkunft des Scan entfernt (#38250).
  • Umfassende Überarbeitung der Rechteverwaltung bezüglich Sichtbarkeit von Objekten durch User, Groups und Roles. Es werden nun zahlreiche Abhängigkeiten automatisch bei der Rechtevergabe berücksichtigt (#47310, #2015030410000011).
  • Bugfix für automatisch erstellte Debian Credential Pakete (#46996).
  • Vollautomatische Aktualisierung von CERT-Bund nun aktiviert (#45364, #47176, #2015022610000062).
  • Bugfix beim Schlüsselwort “owner” im Powerfilter (#46915).
  • Bugfix bzgl. Weiterleitung von Task-Eigenschaften an Scan-Slaves (#46721).
  • Änderung zu Schedules: Ein geplanter Task wurde nicht ausgeführt wenn 3 Minuten lang nach Start keine Scanner-Ressourcen zur Verfügung waren. Diese Begrenzung ist nun aufgehoben (#46897).
  • Bugfix der eine anhäufen von verloren gegangenen Scanner-Prozessen verhindert die sonst den GSM mit der Zeit ausbremsen (#47854).
  • Bugfix bzgl. wechseln der “Host-Alive” Methode (#47989).
• Web-Oberfläche:
  • Charts: Tooltips mit Prozent-Angaben erweitert und auf die Legenden ausgedehnt (#47358).
  • Bugfix: Overrides wurden im Report-Browser angewendet, aber False Positives nicht angezeigt (#47096).
  • Verbesserte Benutzerfreundlichkeit des Powerfilters: Das Eingabefeld enthält nur noch die besonderen Filtereinstellungen. Alle anderen werden darunter angezeigt, können aber jederzeit ebenfalls angegeben und damit geändert werden (#45912).
  • Kleiner Bugfix bei Task Details Dialog: Slave-Info wird nicht mehr angezeigt wenn ohnehin kein Slave verwendet wird (#46819).
  • Kleiner Bugfix um sehr spezielle HTTP Anfragen an den GSA nun korrekt zu beantworten (content-length headers) (#15343).
  • Verbesserte Online-Hilfe zu Scanner Details (#47282).
  • Download-Option für Zertifikate von OSP Scannern hinzugefügt (#47281, #47283).
  • SecInfo zu NVTs wurde in der Oberfläche intern auf das OMP Kommando GET_INFO umgestellt (#39910).
  • Kleiner Bugfix: Graphischer Darstellungsfehler bei Charts bzgl. vieler Prozent-Zeichen (#47357).
  • Kleiner Bugfix: Graphischer Darstellungsfehler bei IT-Schwachstellenampel bzgl. URLs (#46969).
  • Kleiner Bugfix zur Status-Anzeige des OpenVAS Scanner: Hier stand fälschlicherweise, dass er nicht online sei (#47280).
• GOS-Admin:
  • Erweiterung SNMP Monitoring Parameter und MIB: Die MIB für die Greenbone Security Manager sowie weitere neu unterstützte Standard-Eigenschaften sind nun auf der Greenbone Website über SNMP dokumentiert (#44239, #29960, #2013052810000039).
  • Interne Verbesserung zur Selbst-Prüfung nach Upgrades um unvollständige Upgrades zu identifizieren (#47579).
  • Interne Verbesserung zum Management des OSP Ovaldi: Zertifikatsaktualisierung via GOS-Admin-Menu (#47219).
  • Kleiner Bugfix der NTP-Konfiguration so dass nun keine Fehlermeldungen im Log mehr auftauchen (#46726, #2015021110000027).
  • Kleiner Bugfix für CLI Admin: Für einige nicht mehr benötigte Kommandos (z.B. nosystemupgrade) lag noch ein Alias vor. Diese wurde nun entfernt (#47264).
  • Auf GSM ONE ist nun das “Advanced Management” Menü in GOS-Admin-menu wieder verfügbar (#47724).
  • Verbessertes Boot-Check Log (#43682).
  • Bugfix für einen kleinen Fehler der aber viele Meldungen im Log verursachte (parse_ctime) (#46815).
• Scanner:
  • Interne Verbesserung: NVTs des OpenVAS Scanner müssen nicht mehr zwingend einen CVSS Base liefern wenn sie bereits einen CVSS Base Vector liefern (#41456).
  • Verbesserung von authentifizierten Scans auf Systeme mit bestimmten aktuellen SSH-Diensten und Schlüsseltypen (#47304, #47278, #29613).
  • OSP-ovaldi liefert nun auch eigene CPE als Host Detail (#45909).
  • Neuer Parameter “debug_mode” für alle OSP-Scanner (#45906).

3.1.9 (2015-03-13):

• Bugfix für den internen Ablauf eines GOS Upgrades (#47513).

3.1.8 (2015-03-05):

• Bugfix zu TLS-Zertifikaten des voreingestellten Scanners. Unter bestimmten Umständen konnte es vorkommen, dass der Scanner keine Scans mehr ausgeführt hat und eine manuelle Zertifikats-Aktualisierung notwendig gemacht hat. Dies ist nun automatisiert (#47279).

3.1.7 (2015-03-03):

• Quality of Detection (QoD): Das Konzept zur Verlässlichkeit der erfolgreichen Detektion von Schwachstellen hat nun auch in der Web-Oberfläche Einzug gehalten. Neue NVTs wurden schon seit einiger Zeit mit spezifischen QoD Werten (zwischen 0% und 100%) ausgestattet. Die QoD ist nun sowohl für NVTs als auch für Scan-Ergebnisse sichtbar. Natürlich kann nun auch bzgl. QoD gefiltert werden. Die Voreinstellungen sind so gesetzt, dass die gleiche Anzahl Ergebnisse wie bisher angezeigt wird, was einem QoD von 70% entspricht. Damit fällt nun der Parameter “paranoia” in den Scan-Konfigurationen weg, denn auch alle Tests mit geringer Trefferwahrscheinlichkeit werden nun immer ausgeführt und die Ergebnisse sind bei Bedarf jederzeit einsehbar. Ein separater Scan für sogenannte “potentielle Schwachstellen” ist nun nicht mehr nötig (#46396, #38193, #46118).
• Erweiterung des Rechte-Management Dialogs für Tasks: Mit der Rechtevergabe für einen Task im Task-Details Dialog werden nun automatisch auch die Rechte für zugehörige Objekte gesetzt, beispielsweise für Alarmierung oder Schedule. (#39459, #2014072210000017).
• Reduzierung der DNS Revers Lookups des GSM für die NTP-Server (#46965, #2015012110000037).
• Bugfix für Ausführung von Scans via Slaves: Nun wird die die ausgewählte Port-Liste verwendet und nicht immer die Voreingestellte (#46632).
• Bugfix bei der Verwendung von SSH-Schlüsseln für SSH-Credentials (#46474).
• Bugfix für die Restore-Funktion des Userdata-Backup auf GSM 100 bei Migration auf GOS 3.1 (#46813, 46835, 46241, 46515).
• Bugfix für Drop-Down Dialog-Elemente für Zeiten in Task Wizards (#46125).
• Bugfix für Scan Fortschrittsbalken: Der Fortschritt wird nun besser wiedergegeben (#18591, #46694, #2015020210000053).
• Neue Funktionen via gos-admin-menu (Abschnitt “Advanced”) für das Management der Datenbank (vacuum, analyze) (#41097, #43688).
• Bugfix für Sensor-Upgrades, speziell bei Airgap (#46836).
• Bugfix für individuelle Timeout-Konfiguration von NVTs bei Ausführung auf einem Slave-System (#44857, #2014121110000019).
• Bugfix für fehlenden Transfer von ESXi Credentials auf Slave-Systeme (#46691).
• Das erzeugen von Web-Anwendern mit gleichem Namen ist nicht mehr erlaubt (#46214).
• Änderbare Aufgaben: Werden alle Berichte gelöscht, so wechselt die Aufgabe nun nicht mehr automatisch in den Status einer nicht-änderbaren Aufgabe (#42226, #2014101310000028).
• Erweiterung bei Erstellung neuer Aufgaben: Es ist nun möglich bei Angabe eines Schedules festzulegen, dass dieser Schedule nur genau einmal angewendet wird. Danach wird der Schedule automatisch wieder von der Aufgabe getrennt (#46184, #2015012610000028).
• Aufgaben mit Schedules die nur eine einzige Ausführung vorsehen: Nach Start des Scans wird der Schedule automatisch von der Aufgabe getrennt, da keine weitere Auslösung mehr stattfinden kann. Das bedeutet, dass nun alle Tasks in der Task-Übersicht die ein Schedule-Icon haben definitiv mindestens einmal in der Zukunft ausgeführt werden (#45943, #46185, #2015012610000046).
• Erweiterung des Selfcheck von gos-admin-menu um Erreichbarkeit des internen OMP Dienstes (#46397).
• Update eines externen Verweises im Online-Hilfe-System (#46390, #2015013010000047).
• Aktualisierung der SSH-Bibliothek des OpenVAS Scanners, so dass authentifizierte Scans auch bei neuesten SSH-Servern funktionieren (#46542).
• Bugfix für Sortierung der numerischen Spalte “IPs” bei Targets (#39267, #2014071710000018).
• Bugfix für Superadmin: Icons für das Klonen sind nun nicht mehr ausgegraut (#45888).
• Bugfix für Superadmin: Der Zugriff auf Notizen und Übersteuerungen ist nun möglich (#45889).
• Bugfix für Auto-Credentials (#45729, #45730).
• Verbesserte WMI RSOP Unterstützung für den OpenVAS Scanner (#40407).

3.1.6 (2015-01-26):

• Letztes Release der Beta-Phase. Erstes Release von 3.1.