Versioni attuali

Version	Lifecycle-Status	Patch-Level
OPENVAS SCAN 25.0	New	25.0.3 (2026-04-08)
OPENVAS SCAN 24.10	Mature	24.10.11 (2026-02-19)
OPENVAS REPORT 1.3	New	1.3.0 (2025-12-16)
OpenSight OS 1.0	New	1.0.7 (2026-02-04)

Panoramica

Quale Appliance funziona con quale versione OPENVAS SCAN?

OPENVAS SCAN soluzioni hardware
Versione OPENVAS SCAN	Modello Appliance
	6500	6400	5400	5300	650 Rev. 1	650 Rev. 2	600 Rev. 1	600 Rev. 2	450 Rev. 1	450 Rev. 2	400 Rev. 1	400 Rev. 2	150 Rev. 1	150 Rev. 2	35
OPENVAS SCAN 24.10	✔✔	✘	✔✔	✘	✘	✔✔	✘	✔✔	✘	✔✔	✘	✔✔	✘	✔✔	✔✔

OPENVAS SCAN soluzioni virtuali
Versione OPENVAS SCAN	Modello Appliance
	EXA	PETA	TERA	DECA	CENO	25V	ONE	BASIC	FREE
OPENVAS SCAN 24.10	✔✔	✔✔	✔✔	✔✔	✔✔	✔✔	✔✔	✔✔	◯

✔✔ consigliato | ✔ supportato | ✘ non supportato | ◯ Assistenza prevista

Fasi di vita delle versioni OPENSCAN SCAN

Periodi di assistenza delle versioni GOS

Definizione di Lifecycle System

Fasi del ciclo di vita di OPENVAS SCAN

Planning: definiamo le funzionalità della futura release. Durante la pianificazione, teniamo conto di richieste e suggerimenti dei nostri clienti per introdurre nuove funzioni o migliorare quelle esistenti. Quando una nuova release entra in questa fase, viene aggiunta alla nostra roadmap.
Development: il set di funzionalità previsto è stato definito e si apportano modifiche solo se strettamente necessarie. I nostri team di sviluppo si occupano di progettare e implementare le nuove funzionalità, mentre il QA e gli altri sistemi di supporto alla release sono in fase di preparazione.
Alpha: la nuova versione è disponibile internamente e comprende alcune delle nuove funzionalità previste. Lo sviluppo delle funzionalità rimanenti può proseguire, mentre iniziano la stesura della documentazione specifica per la release e le attività di QA.
Beta: il set di funzionalità è completo: tutte le nuove funzioni sono implementate e sottoposte a test. Il team di sviluppo si concentra ora sulla correzione dei bug e sull’ottimizzazione. La nuova versione è pronta per essere distribuita a un gruppo selezionato di tester esterni, tra cui partner e clienti.
New: la nuova release è disponibile per il pubblico per tutti i modelli di Appliance supportati. Sono disponibili la documentazione e il supporto necessari per l’implementazione. La nuova versione può presentare instabilità e spesso richiede patch per risolvere problemi emergenti. Per chi necessita di un ambiente operativo stabile, l’aggiornamento è consigliato in una fase successiva.
Mature: la versione è considerata stabile e la maggior parte dei problemi è stata risolta. Le patch vengono ora rilasciate a intervalli più lunghi. Si consiglia a tutti gli utenti di passare a questa versione.
End of Life: la versione si avvicina alla fine del proprio ciclo di vita. Sebbene sia ancora funzionante e supportata, riceverà un numero ridotto di patch, limitate alle correzioni critiche delle funzionalità principali e ai problemi di sicurezza, secondo le indicazioni di Greenbone. Si consiglia agli utenti di migrare alla successiva versione principale.
Retired: la release viene rimossa dall’elenco delle versioni correnti e archiviata. Le funzionalità possono essere limitate e non vengono più rilasciate patch. Le attività di QA e la documentazione vengono interrotte. Il supporto è limitato esclusivamente all’assistenza per l’aggiornamento a una versione supportata di OPENVAS SCAN.
Obsolete: la release non è più utilizzabile. Tutti i servizi di supporto e qualsiasi altra forma di assistenza vengono interrotti.

Livelli del ciclo di vita di OPENVAS SCAN

Release: le prime due cifre di una versione di OPENVAS SCAN rappresentano la data di rilascio, come nel caso di “21.04” in “21.04.3”.
Questo sistema di versioning è basato sul calendario (calendar versioning). Ad esempio, OPENVAS SCAN 20.08 è stato rilasciato nell’agosto 2020 e OPENVAS SCAN 21.04 nell’aprile 2021.
Ogni release introduce nuove funzionalità e migliora quelle esistenti, incluse modifiche al comportamento standard, al sistema, allo scanner, all’interfaccia web, al database, all’API e all’amministrazione di OPENVAS SCAN.
Poiché l’aggiornamento a una nuova release comporta modifiche significative e una migrazione del database, l’amministratore deve confermare esplicitamente l’aggiornamento. Dopo la conferma, l’update viene eseguito come un normale aggiornamento di patch, ma richiede più tempo.
Ogni release è supportata per un periodo definito. La fine del ciclo di vita avviene sempre almeno sei mesi dopo l’introduzione della release successiva. La newsletter di Greenbone e la Greenbone Community forniscono aggiornamenti costanti su queste date. Tutte le versioni e le date correnti sono disponibili nella pagina Roadmap & Lifecycle.
Patch-Level: l’ultima cifra di una versione di OPENVAS SCAN indica il livello di patch, ad esempio il “3” in “21.04.3”.
La numerazione dei livelli di patch inizia da “0” per il primo livello pubblicamente disponibile, ad esempio “21.04.0”.
All’interno di una release, solo l’ultimo livello di patch è completamente supportato. Per i livelli precedenti è supportato esclusivamente l’aggiornamento all’ultimo patch-level.
Le informazioni sui singoli livelli di patch sono disponibili tramite la newsletter di Greenbone, la Greenbone Community e la pagina Roadmap & Lifecycle nella sezione “Changelog”.
Gli aggiornamenti di patch servono a migliorare la sicurezza, correggere errori e apportare ottimizzazioni generali. Non introducono nuove funzionalità né modificano il comportamento standard o l’API, salvo casi strettamente necessari.
Gli aggiornamenti di patch sono rapidi e semplici da eseguire. Prima di aprire un ticket di supporto, verificare sempre se il problema persiste anche con l’ultimo livello di patch.

Calendario release delle versioni OPENVAS SCAN

19.12.2025
Release
OPENVAS SCAN 25.0
03.02.2025
Release
OPENVAS SCAN 24.10
05.05.2025
Release
OPENVAS REPORT 1.0
01.02.2026
Retirement
OPENVAS SCAN 22.04

Prec Succ

Rimani sempre un passo avanti con OPENVAS.

Ricevi le innovazioni, i miglioramenti e gli aggiornamenti più importanti di Greenbone direttamente nella tua casella di posta elettronica. Iscriviti alla nostra newsletter sui prodotti e seleziona semplicemente gli argomenti che ti interessano nel modulo.

Abbonati ora alla newsletter

Changelog

OPENVAS SCAN 25.0

2025-12-19: OPENVAS SCAN 25.0

Current Patch Level: 25.0.3 (2026-04-08)

Lifecycle Status: New

25.0.3 (2026-04-08):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the RAM limit of the appliance model OPENVAS FREE was increased from 4 GB to 12 GB (#GOS-2949).
- Improvement: the number of configurable network routes on the appliance models OPENVAS SCAN VIRTUAL and OPENVAS SCAN MSP has been increased from 8 to 1000 (#GOS-3017).
- Security fix: the write permissions for the file /usr/sbin/openvas were further restricted to prevent potential privilege escalation attacks (#GOS-2899).
- Security fix: the Linux kernel was upgraded from version 6.12.73-1 to version 6.12.74-2 for virtual appliances. Hardware appliances are not affected by the vulnerabilities (CVE-2025-71238, CVE-2026-23100, CVE-2026-23221, CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237, CVE-2026-23238).
- Bug fix: an error was fixed where the download of the OPENVAS COMMUNITY FEED failed (#GOS-2936).
- Bug fix: an error was fixed where the switch release to GOS 25.0 could fail, if it was reattempted after a previous failure had been fixed (#GOS-3029).
- Bug fix: an error was fixed where it was not possible to trigger upgrades on sensors via the GOS menu of the master (#GOS-3056).
- Bug fix: an error was fixed where the hostkey integrity check failed unexpectedly after a GOS upgrade (#GOS-2954, #GS-9788, #GS-10044).
- Bug fix: an error was fixed where closing the GOS menu in an unsupported way would cause the GOS menu to crash on the next login (#GOS-2983).
- Bug fix: an error was fixed where generating a support package could fail if no log messages existed (#GOS-3048, #GS-10044).
- Minor bug fix: an error was fixed where vulnerability scans erroneously showed that hardware appliances were affected by the “VMScape” vulnerability (#GOS-2948).
- Minor bug fix: an error was fixed where the logging of the gsad web server could stop (#GOS-3028).
- Minor bug fix: an error was fixed where the erroneous string “APPLIANCE_NAME” was displayed in the GOS selfcheck (#GOS-2964).
Vulnerability management:
- Improvement: the gvm-tools suite was updated to version 25.4.9 and the python-gvm library was updated to version 26.11.1 (#PR-1834).
- Minor improvement: the included appliance manual has been updated to the current version from 2026-04-02 (#PR-1819).
- Minor bug fix: an error was fixed where special characters were not displayed correctly in notifications and dialog titles in the web interface (#GEA-1440).
Vulnerability scanning:
- Bug fix: an issue was fixed where the version comparison of RPM packages could be incorrect (#SC-1572, #GS-9657).

25.0.2 (2026-03-05):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: it is now possible to define the content included in a support package. The three main options are “complete”, “moderate” (same as “complete” but without passwords”), and “strict” (same as “moderate” but without network information). The default is “strict”. In addition, it is now possible to select which system modules should be taken into account when generating a support package (#GOS-827).
- Improvement: the gsad option --http-only is now enabled and the gsad option --secure-cookie disabled when no HTTPS certificate exists. This makes it possible to use the web interface without an HTTPS certificate again. However, the use of an HTTPS certificate is still strongly recommended (#GOS-2880, #GOS-2959).
- Improvement: FTP airgap master mode was enabled for the appliance model OPENVAS SCAN VIRTUAL (#GOS-2883, #PP-622).
- Bug fix: an error was fixed where the dialog that is shown after upgrading from GOS 24.10 to GOS 25.0 still pointed to the GOS 24.10 user manual (#GOS-2927).
Vulnerability management:
- Major bug fix: an error was fixed where a change to certain time zones caused gvmd to crash and rendered most vulnerability management components unusable (#GEA-1600, #GEA-1568, #GS-9723).
- Major bug fix: an error was fixed where the dialog did not show any VTs when editing VT families in scan configurations (#GEA-1553, #GS-9707, #GS-9712, #GS-9753, #GS-9829).
- Improvement: a button for creating a container image target directly from the container image task dialog has been added (#GEA-1571).
- Improvement: the gvm-tools suite was updated to version 25.4.7 and the python-gvm library was updated to version 26.10.1 (#PR-1834).
- Bug fix: an error was fixed where the status of an import task was set to “Interrupted” after reports have been uploaded (#GEA-1521).
- Bug fix: an error was fixed where the start time set for a schedule was saved with a one-hour deduction (#GEA-1466, #GEA-1567).
- Bug fix: an error was fixed where host or operating system objects could not be exported (#GEA-1559, #GEA-1564, #GS-9584, #GS-9607).
- Bug fix: an error was fixed where filters for host objects could were not created as expected (#GEA-1526, #GS-9520, #GS-9729).
- Minor improvement: the included appliance manual has been updated to the current version from 2026-02-24 (#PR-1761).
Vulnerability scanning:
- Bug fix: an error was fixed where the openvas-scanner logs claimed that the response could not be processed, if a Notus scan did not return any results (#SC-1559).
- Security fix: several potential issues where the scanner’s NASL processing lacked integer overflow checks were fixed (#SC-1537).

25.0.1 (2026-02-02):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Bug fix: an error was fixed where the GOS administration menu crashed when trying to upload a beaming image (#GOS-2720).
- Bug fix: an error was fixed where no error message in the self-check was displayed when the remote backup server disk was full (#GOS-2651, #GS-9288).
Vulnerability management:
- Improvement: the option to exclude container images from a container image scan was added (#GEA-1515).
- Improvement: the option to pause and resume container image scans was added (#GEA-1504).
- Improvement: the target setting Order for target hosts was removed because it had no longer any effect. The order is always random (#GEA-1300, #SC-180).
- Improvement: the gvm-tools suite was updated to version 25.4.5 and the python-gvm library was updated to version 26.9.1 (#PR-1834).
- Security fix: a potential path traversal vulnerability when uploading custom report formats has been fixed (#GEA-1475).
- Bug fix: an error was fixed where the critical results count was missing in the Hosts tab of a report (#GEA-1453).
- Bug fix: an error was fixed where the error message “Given group_id was invalid” was displayed when trying to save the changes made in the Edit Group dialog (#GEA-1451, #GS-9335, #GS-9403, #GS-9525, #GS-9515).
- Bug fix: an error was fixed where, instead of the dashboard, an error message was displayed on the Vulnerabilities page (#GEA-1362).
- Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + SSH Key did not work (#GEA-1464, #GS-9359).
- Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + Password did not work (#GEA-1516).
- Bug fix: an error was fixed where the Port input box was incorrectly displayed in the dialog for creating or editing a scanner of the type Greenbone Sensor (#GEA-1473).
- Bug fix: an error was fixed where the file name of a report was not displayed in the dialog when uploading the report to an import task (#GEA-1490, #GEA-1491).
- Bug fix: an error was fixed where the pagination icons were missing on the Users page (#GEA-1323, #GS-9032, #GS-9195).
- Bug fix: an error was fixed where the the edit dialog for a regular scan task was opened when trying to edit an import task (#GEA-1401).
- Bug fix: an error was fixed where there was no default selection of a scanner type when creating a new scanner. The default type is now Greenbone Sensor (#GEA-1399).
- Bug fix: an error was fixed where the dashboard display Next Scheduled Tasks on the Tasks page did not have any content (#GEA-1478).
- Bug fix: an error was fixed where it was not possible to create tags for the resource types Host, Audit, Audit Report, Operating System, CERT-Bund Advisory, DFN-CERT Advisory, and Policy (#GEA-1425, #GS-9293).
- Bug fix: an error was fixed where a loading indicator was permanently displayed instead of an error message when the import of a report format failed (#GEA-1471).
- Bug fix: an error was fixed where no custom report formats could be imported (#GEA-1470).
- Bug fix: an error was fixed where already existing certificates were not displayed for credentials of the type Client Certificate when editing the credentials (#GEA-1314).
- Bug fix: an error was fixed where the installable packages of credentials of the types Username + Password and Username + SSH Key were not usable (#GEA-1495, #GS-9416, #GS-9604).
- Bug fix: an error was fixed where there was no error message displayed when no Key Distribution Center (KDC) was specified for credentials of the type SMB (Kerberos) (#GEA-1486).
- Bug fix: an error was fixed where critical results were not included in an exported delta report (#GEA-1492, #GS-9420).
- Bug fix: an error was fixed where the message “Feed is currently syncing. Please wait while the feed is syncing.” was displayed on the web interface, even if the feed was not actually synchronizing (#GEA-1445, #GS-7870, #GS-8105, #GS-9251, #GS-9332).
- Bug fix: an error was fixed where the input boxes for including and excluding hosts from a file where not visible when editing a target when a file was uploaded before (#GEA-1449).
- Bug fix: an error was fixed where reports could not be exported in the report formats Vulnerability Report HTML and Vulnerability Report PDF (#GEA-1592, #GOS-2751).
- Minor improvement: a new method of counting scanned assets has been introduced to support the new licensing model (#GEA-1438).
- Minor improvement: the VT family Arch Linux Local Security Checks is no longer editable when creating or editing a scan configuration (#GEA-1375).
- Minor improvement: the included appliance manual has been updated to the current version from 2026-01-21 (#PR-1688).
- Minor improvement: tool tips were added for date/time entries in tables on the web interface (#GEA-1459).
- Minor improvement: it is now possible to receive the private key’s fingerprint of credentials of the type Client Certificate via GMP (#GEA-1409).
- Minor bug fix: an error was fixed where the error message displayed when editing an import task failed still used the old naming (#GEA-1406, #GEA-1402).
- Minor bug fix: an error was fixed where the separators between alive tests methods on a target’s details page were missing (#GEA-1397).
- Minor bug fix: an error was fixed where the old naming “container task” for an import task was still in use (#GEA-1402).
- Minor bug fix: an spelling error was fixed in the dialog for creating or editing an alert (#GEA-1417).
- Minor bug fix: an error was fixed where the icons for the wizard and for creating a new task did not have tool tips (#GEA-1411).
- Minor bug fix: an error was fixed where the link to the audit on the details page of an audit report led to a wrong URL (#GEA-1389).
- Minor bug fix: an error was fixed where it was not possible to create credentials of the type Username + SSH Key without a passphrase for the SSH key (#GEA-1403).
- Minor bug fix: an error was fixed where the icons for resetting and removing the filter were missing in the filter bar of the Users page (#GEA-1463).
- Minor bug fix: an error was fixed where the table functionalities Apply to selected and Apply to all filtered were not working on the Users page (#GEA-1463).
- Minor bug fix: an error was fixed where gvmd could return an empty XML element (#GEA-1472).
Vulnerability scanning:
- Major bug fix: an error was fixed where a segmentation fault could occur, causing scans to be interrupted, when the Notus scanner was used, but did not return any results (#SC-1529).

25.0.0 (2025-12-19):

Product Portfolio and New License Model

The new appliance model OPENVAS SCAN VIRTUAL was added. With its use, a new licensing model will be supported. Licensing will be converted to an asset-based model in the future. This means that the scope of the license will no longer be based on fixed device limits, as was previously the case, but on the number of assets to be analyzed.

Container Image Scanning

A new functionality for scanning container images was added for selected appliance models. For this, containers are loaded from one or more container registries defined by the user, the packages used for the container are identified and checked for vulnerabilities, and a report thereof is provided to the user.

Base System

With GOS 25.0, the underlying Linux foundation of GOS was updated to the latest version. This includes the addition of post-quantum cryptography (PQC) cryptographic algorithms.

OPENVAS SCAN 24.10

2025-02-03: OPENVAS SCAN 24.10

Current Patch Level: 24.10.11 (2026-02-19)

Lifecycle Status: Mature

24.10.11 (2026-02-19):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Major bug fix: an error was fixed where the GOS menu dialog for upgrading to the next major GOS release – GOS 25.0 – displayed that no upgrade was available (#GOS-2865).
- Security fix: the Linux kernel has been upgraded from version 6.1.159-1 to version 6.1.162-1 for virtual appliances (CVE-2023-52658, CVE-2023-53421, CVE-2023-54285, CVE-2024-42079, CVE-2024-46786, CVE-2024-49968, CVE-2025-21946, CVE-2025-22022, CVE-2025-22083, CVE-2025-22090, CVE-2025-22107, CVE-2025-22111, CVE-2025-22121, CVE-2025-37926, CVE-2025-38022, CVE-2025-38104, CVE-2025-38125, CVE-2025-38129, CVE-2025-38232, CVE-2025-38361, CVE-2025-38408, CVE-2025-38591, CVE-2025-38718, CVE-2025-39721, CVE-2025-39871, CVE-2025-40039, CVE-2025-40110, CVE-2025-40149, CVE-2025-40164, CVE-2025-40215, CVE-2025-68211, CVE-2025-68223, CVE-2025-68254, CVE-2025-68255, CVE-2025-68256, CVE-2025-68257, CVE-2025-68258, CVE-2025-68259, CVE-2025-68261, CVE-2025-68263, CVE-2025-68264, CVE-2025-68266, CVE-2025-68291, CVE-2025-68325, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68340, CVE-2025-68344, CVE-2025-68345, CVE-2025-68346, CVE-2025-68347, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68363, CVE-2025-68364, CVE-2025-68365, CVE-2025-68366, CVE-2025-68367, CVE-2025-68369, CVE-2025-68371, CVE-2025-68372, CVE-2025-68380, CVE-2025-68724, CVE-2025-68725, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68740, CVE-2025-68742, CVE-2025-68746, CVE-2025-68753, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68765, CVE-2025-68766, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68772, CVE-2025-68773, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68778, CVE-2025-68780, CVE-2025-68781, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68786, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68798, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68806, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68817, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-71064, CVE-2025-71066, CVE-2025-71069, CVE-2025-71071, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71088, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71121, CVE-2025-71123, CVE-2025-71125, CVE-2025-71126, CVE-2025-71127, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71136, CVE-2025-71137, CVE-2025-71147, CVE-2025-71149, CVE-2025-71150, CVE-2025-71154, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180, CVE-2025-71182, CVE-2025-71183, CVE-2025-71185, CVE-2025-71186, CVE-2025-71189, CVE-2025-71190, CVE-2025-71191, CVE-2025-71192, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22994, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010, CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031, CVE-2026-23033, CVE-2026-23037, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23054, CVE-2026-23056, CVE-2026-23058, CVE-2026-23060, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23068, CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23074, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107, CVE-2026-23108, CVE-2026-23110).
- Security fix: the included package postgresql-15 was upgraded from version 15.15-0+deb12u1 to version 15.16-0+deb12u1 (CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006).
- Security fix: the included package gnutls was upgraded from version 3.7.9-2+deb12u5 to version 3.7.9-2+deb12u6 (CVE-2025-14831).
- Security fix: the included package nginx was upgraded from version 1.28.1-1~bookworm to version 1.28.2-1~bookworm (CVE-2026-1642).

24.10.10 (2026-02-16):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Extension: the upgrade path to the next major GOS release – GOS 25.0 – has been unlocked for all supported OPENVAS SCAN models (#GOS-2726).
- Security fix: the included package openssl was upgraded from version 3.0.17-1~deb12u3 to version 3.0.18-1~deb12u2 (CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796).
Vulnerability management:
- Improvement: the target setting Order for target hosts was removed because it had no longer any effect. The order is always random (#GEA-1300, #SC-180).
- Bug fix: an error was fixed where the critical results count was missing in the Hosts tab of a report (#GEA-1453).
- Bug fix: an error was fixed where the error message “Given group_id was invalid” was displayed when trying to save the changes made in the Edit Group dialog (#GEA-1451, #GS-9335, #GS-9403, #GS-9525, #GS-9515).
- Bug fix: an error was fixed where, instead of the dashboard, an error message was displayed on the Vulnerabilities page (#GEA-1362).
- Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + SSH Key did not work (#GEA-1464, #GS-9359).
- Bug fix: an error was fixed where the auto-generation feature for credentials of the type Username + Password did not work (#GEA-1516).
- Bug fix: an error was fixed where the Port input box was incorrectly displayed in the dialog for creating or editing a scanner of the type Greenbone Sensor (#GEA-1473).
- Bug fix: an error was fixed where the file name of a report was not displayed in the dialog when uploading the report to an import task (#GEA-1490, #GEA-1491).
- Bug fix: an error was fixed where the pagination icons were missing on the Users page (#GEA-1323, #GS-9032, #GS-9195).
- Bug fix: an error was fixed where the the edit dialog for a regular scan task was opened when trying to edit an import task (#GEA-1401).
- Bug fix: an error was fixed where there was no default selection of a scanner type when creating a new scanner. The default type is now Greenbone Sensor (#GEA-1399).
- Bug fix: an error was fixed where the dashboard display Next Scheduled Tasks on the Tasks page did not have any content (#GEA-1478).
- Bug fix: an error was fixed where it was not possible to create tags for the resource types Host, Audit, Audit Report, Operating System, CERT-Bund Advisory, DFN-CERT Advisory, and Policy (#GEA-1425, #GS-9293).
- Bug fix: an error was fixed where a loading indicator was permanently displayed instead of an error message when the import of a report format failed (#GEA-1471).
- Bug fix: an error was fixed where no custom report formats could be imported (#GEA-1470).
- Bug fix: an error was fixed where already existing certificates were not displayed for credentials of the type Client Certificate when editing the credentials (#GEA-1314).
- Bug fix: an error was fixed where the installable packages of credentials of the types Username + Password and Username + SSH Key were not usable (#GEA-1495, #GS-9416, #GS-9604).
- Bug fix: an error was fixed where there was no error message displayed when no Key Distribution Center (KDC) was specified for credentials of the type SMB (Kerberos) (#GEA-1486).
- Bug fix: an error was fixed where critical results were not included in an exported delta report (#GEA-1492, #GS-9420).
- Bug fix: an error was fixed where the message “Feed is currently syncing. Please wait while the feed is syncing.” was displayed on the web interface, even if the feed was not actually synchronizing (#GEA-1445, #GS-7870, #GS-8105, #GS-9251, #GS-9332).
- Bug fix: an error was fixed where the input boxes for including and excluding hosts from a file where not visible when editing a target when a file was uploaded before (#GEA-1449).
- Minor improvement: the VT family Arch Linux Local Security Checks is no longer editable when creating or editing a scan configuration (#GEA-1375).
- Minor improvement: the included appliance manual has been updated to the current version from 2026-01-26 (#PR-1710).
- Minor improvement: tool tips were added for date/time entries in tables on the web interface (#GEA-1459).
- Minor improvement: it is now possible to receive the private key’s fingerprint of credentials of the type Client Certificate via GMP (#GEA-1409).
- Minor bug fix: an error was fixed where the error message displayed when editing an import task failed still used the old naming (#GEA-1406, #GEA-1402).
- Minor bug fix: an error was fixed where the separators between alive tests methods on a target’s details page were missing (#GEA-1397).
- Minor bug fix: an error was fixed where the old naming “container task” for an import task was still in use (#GEA-1402).
- Minor bug fix: an spelling error was fixed in the dialog for creating or editing an alert (#GEA-1417).
- Minor bug fix: an error was fixed where the icons for the wizard and for creating a new task did not have tool tips (#GEA-1411).
- Minor bug fix: an error was fixed where the link to the audit on the details page of an audit report led to a wrong URL (#GEA-1389).
- Minor bug fix: an error was fixed where it was not possible to create credentials of the type Username + SSH Key without a passphrase for the SSH key (#GEA-1403).
- Minor bug fix: an error was fixed where the icons for resetting and removing the filter were missing in the filter bar of the Users page (#GEA-1463).
- Minor bug fix: an error was fixed where the table functionalities Apply to selected and Apply to all filtered were not working on the Users page (#GEA-1463).
- Minor bug fix: an error was fixed where gvmd could return an empty <login/> XML element (#GEA-1472).
Vulnerability scanning:
- Major bug fix: an error was fixed where a segmentation fault could occur, causing scans to be interrupted, when the Notus scanner was used, but did not return any results (#SC-1529).

24.10.9 (2025-12-16):

Vulnerability Management:
- Minor improvement: the included appliance manual has been updated to the current version from 2025-12-15 (#PR-1602).
Vulnerability Scanning:
- Major bug fix: an error was fixed where the OpenVAS scanner could over-utilize memory when executing the “host_details.nasl” script (#SC-1520, #GS-9358).

24.10.8 (2025-12-09):

Greenbone OS:
- Security fix: for the virtual appliance models OPENVAS SCAN EXA, PETA, TERA and DECA, the included package openvpn was upgraded from version 2.6.3-1+deb12u3 to version 2.6.3-1+deb12u4 (CVE-2025-13086).
- Bug fix: an error was fixed where, when the GOS system integrity check was executed under certain conditions, it could fail with a TypeError (#GOS-2575).
Vulnerability Management:
- Minor improvement: the included appliance manual has been updated to the current version from 2025-12-09 (#PR-1582).
Vulnerability Scanning:
- Improvement: support for handling AppStream modules for RPM packages has been added to the OpenVAS scanner (#SC-1299).
- Bug fix: an error was fixed where, when converting NASL files to UTF-8, it was not checked whether the file already was UTF-8 encoded, resulting in it being converted twice (#SC-737).

24.10.7 (2025-11-27):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the included package gvm-tools was updated to version 25.4.2 and the included package python-gvm was updated to version 26.7.1 (#PR-1478).
- Security fix: the included package openssl was upgraded from version 3.0.17-1~deb12u2 to version 3.0.17-1~deb12u3 (CVE-2025-9230, CVE-2025-9232).
- Security fix: the included package redis was upgraded from version 5:7.0.15-1~deb12u5 to version 5:7.0.15-1~deb12u6 (CVE-2025-49844, CVE-2025-46819, CVE-2025-46818, CVE-2025-46817).
- Security fix: the Linux kernel has been upgraded from version 6.6.92-greenbone1 to version 6.6.116-greenbone1 for hardware appliances and from version 6.1.148-1 to version 6.1.158-1 for virtual appliances (CVE-2024-47704, CVE-2024-57924, CVE-2024-58240, CVE-2025-23143, CVE-2025-23160, CVE-2025-37931, CVE-2025-37968, CVE-2025-38322, CVE-2025-38347, CVE-2025-38491, CVE-2025-38502, CVE-2025-38552, CVE-2025-38614, CVE-2025-38670, CVE-2025-38676, CVE-2025-38677, CVE-2025-38679, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38685, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38696, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38706, CVE-2025-38707, CVE-2025-38708, CVE-2025-38711, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38721, CVE-2025-38723, CVE-2025-38724, CVE-2025-38725, CVE-2025-38727, CVE-2025-38728, CVE-2025-38729, CVE-2025-38732, CVE-2025-38735, CVE-2025-38736, CVE-2025-39673, CVE-2025-39675, CVE-2025-39676, CVE-2025-39681, CVE-2025-39682, CVE-2025-39683, CVE-2025-39684, CVE-2025-39685, CVE-2025-39686, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39692, CVE-2025-39693, CVE-2025-39694, CVE-2025-39697, CVE-2025-39701, CVE-2025-39702, CVE-2025-39703, CVE-2025-39706, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39715, CVE-2025-39716, CVE-2025-39718, CVE-2025-39719, CVE-2025-39724, CVE-2025-39736, CVE-2025-39737, CVE-2025-39738, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39751, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39759, CVE-2025-39760, CVE-2025-39766, CVE-2025-39770, CVE-2025-39772, CVE-2025-39773, CVE-2025-39776, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39790, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39800, CVE-2025-39801, CVE-2025-39806, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39819, CVE-2025-39823, CVE-2025-39824, CVE-2025-39825, CVE-2025-39826, CVE-2025-39827, CVE-2025-39828, CVE-2025-39835, CVE-2025-39838, CVE-2025-39839, CVE-2025-39841, CVE-2025-39842, CVE-2025-39843, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39849, CVE-2025-39853, CVE-2025-39857, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-40300, CVE-2025-21861, CVE-2025-39929, CVE-2025-39931, CVE-2025-39934, CVE-2025-39937, CVE-2025-39938, CVE-2025-39942, CVE-2025-39943, CVE-2025-39944, CVE-2025-39945, CVE-2025-39946, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39957, CVE-2025-39964, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39977, CVE-2025-39978, CVE-2025-39980, CVE-2025-39982, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39993, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40008, CVE-2025-40010, CVE-2025-40011, CVE-2025-40013, CVE-2025-40018, CVE-2025-40019, CVE-2025-40020, CVE-2025-40021, CVE-2025-40022, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40032, CVE-2025-40035, CVE-2025-40036, CVE-2025-40040, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40051, CVE-2025-40053, CVE-2025-40055, CVE-2025-40056, CVE-2025-40060, CVE-2025-40062, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40080, CVE-2025-40081, CVE-2025-40084, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40093, CVE-2025-40094, CVE-2025-40095, CVE-2025-40096, CVE-2025-40099, CVE-2025-40100, CVE-2025-40103, CVE-2025-40104, CVE-2025-40105, CVE-2025-40106, CVE-2025-40107, CVE-2025-40109).
- Bug fix: an error was fixed where in rare cases it was not possible to generate a new HTTPS certificate (#GOS-2471, #GS-8892).
- Minor improvement: the description of the GOS menu dialog Add a new VPN has been extended to explain that an IPv4 address without a subnet mask or an IPv6 address without a prefix must be entered (#GOS-2462).
- Minor improvement: the missing logos for the OPENVAS SCAN MSP and OPENVAS SCAN ONE models have been added (#GOS-2435).
Vulnerability Management:
- Improvement: for both the web interface and downloadable reports, the Common Vulnerability Scoring System (CVSS) textual severity ratings are now always based on CVSSv3.0. The numerical scores and vectors still depend on whether CVSSv3 data is available. If CVSSv3 data is available, it is used, otherwise CVSSv2 data is used as a fallback (#GEA-7, #GEA-296, #GS-111, #GS-5173, #GS-5414, #GS-5887, #GS-8244).
- Improvement: the alive test selection for targets has been reworked to be modular, allowing the various alive test methods to be freely combined (#GEA-1346, #GS-7845).
- Bug fix: an error was fixed where for Exploit Prediction Scoring System (EPSS) scores the maximum severity was displayed instead of the maximum EPSS score (#GEA-1299).
- Bug fix: an error was fixed where processing CPE data that contained missing or empty “deprecatedBy” arrays failed during feed updates, also causing subsequent SCAP data updates to be aborted (#GEA-1388).
- Bug fix: an error was fixed where editing and saving scan configurations always saved the Trend setting as “→”, meaning that new vulnerability test families were not included automatically after a feed update (#GEA-1281, #GS-8529).
- Bug fix: an error was fixed where the gvmd service could sometimes crash due to PostgreSQL deadlocks while managing user authentication (#GEA-1262, #GS-8767).
- Bug fix: an error was fixed where accessing the Administration > Trashcan page could sometimes fail to load due to a TypeError (#GEA-1328, #GS-9056).
- Bug fix: an error was fixed where the Create a new credential icons in the New/Edit Target dialog were missing for several credential types (#GEA-1256).
- Bug fix: an error was fixed where exported delta reports did not contain any contents (#GEA-1287, #GS-9030).
- Bug fix: an error was fixed where it was not possible to configure a filter on the Users page (#GEA-1305, #GEA-1323, #GS-8979, #GS-9032, #GS-9195).
- Bug fix: an error was fixed where the host and location information was not shown for remediation tickets (#GEA-1265, #GS-8782).
- Bug fix: an error was fixed where additional Dashboard displays were added to the same row, exceeding the screen space and making them non-visible (#GEA-1327).
- Bug fix: the notification indicating that the Greenbone Community Feed is being used has been removed until further notice due to ongoing issues (#GEA-1355).
- Bug fix: an error was fixed where downloading a Greenbone Compliance Report from the Compliance Audits page resulted in an unusable file (#GEA-1345, #GS-9127).
- Bug fix: an error was fixed where the Task links on the Compliance Audit Reports page led to a non-existing location (#GEA-1356, #GS-9210).
- Bug fix: an error was fixed where it was not possible to return to a parent menu from a details menu by clicking on it (#GEA-1372).
- Bug fix: an error was fixed where the Scan Config Settings icon had to be clicked twice to open the corresponding dialog (#GEA-1271, #GS-8789, #GS-8816).
- Minor improvement: the Container Task feature has been renamed to Import Task to better describe its functionality (#GEA-1387).
- Minor improvement: the New Task icon has been changed to a clickable button instead of a hoverable menu (#GEA-1269).
- Minor improvement: an experimental configuration option for the gvmd service has been added to halve database partition usage during feed updates. However, with the option enabled, the CVE scanner will not work during feed updates and some report fields may not be populated during feed updates. The new option is disabled by default (#GEA-1286, #GS-8888, #GS-8893, #GS-8903, #GS-8909, #GS-8971, #GS-8975, #GS-9176).
- Minor improvement: the included appliance manual has been updated to the current version from 2025-11-25 (#PR-1538).
- Minor bug fix: an error was fixed where some Permission description fields referenced “Unknown” (#GEA-1360).
- Minor bug fix: an error was fixed where the deprecated string “openvasmd” could appear in generated XML reports (#GEA-650).

24.10.6 (2025-09-15):

Note: An upgrade to this version requires a reboot of the system for virtual appliances.

Greenbone OS:
- Improvement: a new Greenbone OS package signing key has been added to support upgrades to the upcoming new major version GOS 25.0. For upgrades to future GOS 24.10 patch-levels, the old package signing key will continue to be used (#GOS-2425).
- Security fix: the included package cjson was upgraded from version 1.7.15-1+deb12u2 to version 1.7.15-1+deb12u4 (CVE-2025-57052).
- Bug fix: an error was fixed where the deprecated GOS menu option Update all sensor protocols was shown unexpectedly (#GOS-2424).
Vulnerability Management:
- Improvement: the Greenbone Enterprise Appliance product has been renamed to OPENVAS SCAN. In addition, the Greenbone Enterprise Feed will be referred to as the OPENVAS ENTERPRISE FEED. For more information see https://www.greenbone.net/en/blog/openvas-the-new-name-for-proven-greenbone-security/. Please note that this is an ongoing process and that some occurrences of the old product names may still occur. For all intents and purposes, the new and old names can be used interchangeably (#GEA-1088, #GOS-2397).
- Improvement: the included package gvm-tools was updated to version 25.4.0 and the included package python-gvm was updated to version 26.6.0 (#GEA-1215, #GS-8660).
- Bug fix: an error was fixed where the Delete Report button was not functional (#GEA-1240, #GS-8757).
- Bug fix: an error was fixed where a duplicate key-value violation could occur when updating the scan configurations during a feed update (#GEA-1043, #GS-8117, #GS-8119).
- Minor improvement: the About page of the web interface has been removed. The version information can now always be found in the lower left corner of the web interface (#GEA-1267).
- Minor improvement: the included appliance manual has been updated to the current version from 2025-09-15 (#PR-1438).
- Minor improvement: the text characters indicating “Gone”, “New”, Same” and “Changed” states in delta reports have been replaced with similar, high-resolution icons (#GEA-1206).
- Minor improvement: the width of the user settings menu has been increased to accommodate longer text strings (#GEA-1202, #GEA-1268).
- Minor bug fix: an error was fixed where sorting port lists by count was not working correctly (#GEA-1218).
- Minor bug fix: an error was fixed where the default filter defined in the user settings was not applied on the Compliance Policies, Compliance Audits and Report Configs pages (#GEA-1167, #GEA-1168, #GEA-1169).
- Minor bug fix: an error was fixed where log messages of the gvmd service were not filtered correctly, which could result in, for example, unwanted debug messages (#GEA-1233).
- Minor bug fix: several wordings and translation in the web interface have been corrected (#GEA-1237).

24.10.5 (2025-09-02):

Greenbone OS:
- Extension: the new Greenbone Enterprise MSP appliance model was added (#GOS-2429).
- Security fix: the included package libxml2 was upgraded from version 2.9.14+dfsg-1.3~deb12u2 to version 2.9.14+dfsg-1.3~deb12u4 (CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-34459, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-32414, CVE-2025-32415, CVE-2025-7425).
- Security fix: the included package unbound was upgraded from version 1.17.1-2+deb12u2 to version 1.17.1-2+deb12u3 (CVE-2024-33655, CVE-2024-8508, CVE-2025-5994).
Vulnerability Management:
- Minor improvement: the included appliance manual has been updated to the current version from 2025-09-01 (#PR-1409).

24.10.4 (2025-08-26):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: IPv6 support has been added to the VPN functionality of GOS (#GOS-2331).
- Improvement: the metrics for network routes in GOS have been changed, so that routes from manually configured gateways as well as manually configured routes are now always preferred over routes transmitted by DHCP servers (#GOS-2153).
- Security fix: the included package systemd has been upgraded from version 252.36-1~deb12u1 to version 252.38-1~deb12u1 (CVE-2025-4598).
- Security fix: the included package open-vm-tools has been upgraded from version 2:12.2.0-1+deb12u2 to version 2:12.2.0-1+deb12u3 (CVE-2025-22247).
- Security fix: the Linux kernel has been upgraded from version 6.6.77-greenbone1 to version 6.6.92-greenbone1 for hardware appliances and from version 6.1.129-1 to version 6.1.147-1 for virtual appliances (CVE-2024-26618, CVE-2024-26783, CVE-2024-26807, CVE-2024-28956, CVE-2024-35790, CVE-2024-36903, CVE-2024-36927, CVE-2024-43840, CVE-2024-46751, CVE-2024-53203, CVE-2024-53209, CVE-2024-57945, CVE-2025-21645, CVE-2025-21839, CVE-2025-21931, CVE-2025-22062, CVE-2025-37819, CVE-2025-37890, CVE-2025-37897, CVE-2025-37901, CVE-2025-37902, CVE-2025-37903, CVE-2025-37905, CVE-2025-37909, CVE-2025-37911, CVE-2025-37912, CVE-2025-37913, CVE-2025-37914, CVE-2025-37915, CVE-2025-37917, CVE-2025-37921, CVE-2025-37923, CVE-2025-37924, CVE-2025-37927, CVE-2025-37928, CVE-2025-37929, CVE-2025-37930, CVE-2025-37932, CVE-2025-37936, CVE-2025-37947, CVE-2025-37948, CVE-2025-37949, CVE-2025-37951, CVE-2025-37953, CVE-2025-37959, CVE-2025-37961, CVE-2025-37962, CVE-2025-37963, CVE-2025-37964, CVE-2025-37967, CVE-2025-37969, CVE-2025-37970, CVE-2025-37972, CVE-2025-37990, CVE-2025-37991, CVE-2023-52857, CVE-2023-52927, CVE-2024-24855, CVE-2024-26656, CVE-2024-26767, CVE-2024-26982, CVE-2024-27056, CVE-2024-35866, CVE-2024-38611, CVE-2024-40973, CVE-2024-42129, CVE-2024-43831, CVE-2024-46772, CVE-2024-47753, CVE-2024-47754, CVE-2024-50056, CVE-2024-50246, CVE-2024-53166, CVE-2024-57977, CVE-2024-58002, CVE-2024-58005, CVE-2024-58079, CVE-2024-58090, CVE-2025-21702, CVE-2025-21712, CVE-2025-21721, CVE-2025-21756, CVE-2025-21838, CVE-2025-21844, CVE-2025-21846, CVE-2025-21848, CVE-2025-21855, CVE-2025-21858, CVE-2025-21859, CVE-2025-21862, CVE-2025-21864, CVE-2025-21865, CVE-2025-21866, CVE-2025-21867, CVE-2025-21871, CVE-2025-21875, CVE-2025-21877, CVE-2025-21878, CVE-2025-21881, CVE-2025-21887, CVE-2025-21891, CVE-2025-21898, CVE-2025-21899, CVE-2025-21904, CVE-2025-21905, CVE-2025-21909, CVE-2025-21910, CVE-2025-21912, CVE-2025-21913, CVE-2025-21914, CVE-2025-21916, CVE-2025-21917, CVE-2025-21918, CVE-2025-21919, CVE-2025-21920, CVE-2025-21922, CVE-2025-21924, CVE-2025-21925, CVE-2025-21926, CVE-2025-21928, CVE-2025-21934, CVE-2025-21935, CVE-2025-21936, CVE-2025-21937, CVE-2025-21938, CVE-2025-21941, CVE-2025-21943, CVE-2025-21944, CVE-2025-21945, CVE-2025-21947, CVE-2025-21948, CVE-2025-21950, CVE-2025-21951, CVE-2025-21956, CVE-2025-21957, CVE-2025-21959, CVE-2025-21960, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-21968, CVE-2025-21970, CVE-2025-21971, CVE-2025-21975, CVE-2025-21978, CVE-2025-21979, CVE-2025-21980, CVE-2025-21981, CVE-2025-21986, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993, CVE-2025-21994, CVE-2025-21996, CVE-2025-21997, CVE-2025-21999, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007, CVE-2025-22008, CVE-2025-22010, CVE-2025-22014, CVE-2025-22015, CVE-2023-53034, CVE-2024-36908, CVE-2024-46733, CVE-2024-46742, CVE-2024-46753, CVE-2024-46774, CVE-2024-46816, CVE-2024-46823, CVE-2024-50063, CVE-2025-21853, CVE-2025-22025, CVE-2025-22027, CVE-2025-22033, CVE-2025-22035, CVE-2025-22038, CVE-2025-22040, CVE-2025-22041, CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22049, CVE-2025-22050, CVE-2025-22054, CVE-2025-22055, CVE-2025-22056, CVE-2025-22058, CVE-2025-22060, CVE-2025-22063, CVE-2025-22066, CVE-2025-22071, CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079, CVE-2025-22081, CVE-2025-22086, CVE-2025-22088, CVE-2025-22089, CVE-2025-22093, CVE-2025-22095, CVE-2025-22097, CVE-2025-22126, CVE-2025-23136, CVE-2025-23138, CVE-2025-37785, CVE-2025-37838, CVE-2025-38152, CVE-2025-38575, CVE-2025-38637, CVE-2025-39728, CVE-2025-39735, CVE-2024-36350, CVE-2024-36357, CVE-2024-36913, CVE-2024-41013, CVE-2024-56758, CVE-2024-57883, CVE-2025-21816, CVE-2025-22119, CVE-2025-27558, CVE-2025-37958, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38040, CVE-2025-38043, CVE-2025-38044, CVE-2025-38048, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38062, CVE-2025-38063, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38068, CVE-2025-38071, CVE-2025-38072, CVE-2025-38074, CVE-2025-38075, CVE-2025-38077, CVE-2025-38078, CVE-2025-38079, CVE-2025-38083, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088, CVE-2025-38090, CVE-2025-38097, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113, CVE-2025-38115, CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122, CVE-2025-38124, CVE-2025-38126, CVE-2025-38131, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38142, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154, CVE-2025-38157, CVE-2025-38158, CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38165, CVE-2025-38166, CVE-2025-38167, CVE-2025-38170, CVE-2025-38173, CVE-2025-38174, CVE-2025-38180, CVE-2025-38181, CVE-2025-38183, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38191, CVE-2025-38193, CVE-2025-38194, CVE-2025-38197, CVE-2025-38198, CVE-2025-38200, CVE-2025-38202, CVE-2025-38211, CVE-2025-38212, CVE-2025-38214, CVE-2025-38215, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38225, CVE-2025-38226, CVE-2025-38227, CVE-2025-38229, CVE-2025-38230, CVE-2025-38231, CVE-2025-38236, CVE-2025-38239, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38259, CVE-2025-38260, CVE-2025-38262, CVE-2025-38263, CVE-2025-38273, CVE-2025-38275, CVE-2025-38277, CVE-2025-38280, CVE-2025-38282, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38300, CVE-2025-38304, CVE-2025-38305, CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38331, CVE-2025-38332, CVE-2025-38334, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348, CVE-2025-38350, CVE-2025-38352, CVE-2025-38354, CVE-2025-38362, CVE-2025-38363, CVE-2025-38364, CVE-2025-38365, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38382, CVE-2025-38384, CVE-2025-38385, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38396, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38409, CVE-2025-38410, CVE-2025-38412, CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420, CVE-2025-38422, CVE-2025-38424, CVE-2025-38425, CVE-2025-38428, CVE-2025-38430, CVE-2025-38437, CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38448, CVE-2025-38451, CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38470, CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38477, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38498, CVE-2025-38499).
- Security fix: the Intel microcode of the Greenbone Enterprise 6500 R2, 5400 R2, 650 R2, 600 R2, 450 R2, 400 R2 appliance models has been upgraded to the current version (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495).
- Security fix: the included package redis was upgraded from version 5:7.0.15-1~deb12u3 to version 5:6.0.16-1+deb11u5 (CVE-2025-27151, CVE-2025-32023, CVE-2025-48367).
- Security fix: the included package gnutls was upgraded from version 3.7.9-2+deb12u4 to version 3.7.9-2+deb12u5 (CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395).
- Security fix: the included package libxslt was upgraded from version 1.1.35-1+deb12u1 to version 1.1.35-1+deb12u2 (CVE-2023-40403, CVE-2025-7424).
- Bug fix: an error was fixed where the flash image could not be written to the flash partition on the appliance models Greenbone Enterprise 6500 R2 and Greenbone Enterprise 5400 R2 (#GOS-2346).
- Bug fix: an error was fixed where the password of a web user was displayed in clear text in the system logs when changing the password (#GOS-2407, #GS-8633).
- Bug fix: an error was fixed where trying to view the setting Setup > Network > IP in the GOS administration menu on an ARM-based appliance caused the GOS administration menu to crash (#GOS-2386).
- Bug fix: an error was fixed where installing gsm-debug on pure sensor appliances caused all components of the GVM stack to be installed as well (#GOS-2265).
- Bug fix: an error was fixed where a false-positive vulnerability “DNS Cache Snooping” was detected when scanning a network interface in the scan1 namespace (#GOS-2269, #GS-8077).
- Minor improvement: the system logs for the openvasd scanner were added to the support package (#GOS-2292).
- Minor bug fix: an error was fixed where the web interface login was not shown in the system logs (#GOS-2332).
Vulnerability Management:
- Major improvement: an alternate mode of querying scan results during scans has been added, potentially providing improvements in the use of system resources, especially when running many scans in parallel. The new mode is not enabled by default, but can be enabled via the GOS state variable scan_queue if desired. The GOS state variables max_active_scan_handlers and scan_handler_active_time provide further fine-tuning options, if scan_queue is enabled (#GEA-1069, #GEA-1106, GOS-2358).
- Major bug fix: an error was fixed where the information that the Greenbone Community Feed is used was displayed on the web interface, even though the Greenbone Enterprise Feed was used (#GEA-1119).
- Improvement: the language switch between English and German on the web interface has been improved and made smoother (#GEA-1034).
- Improvement: if not all entries of a drop-down menus can be displayed, a scroll bar is now shown when moving the cursor over the menu (#GEA-907).
- Improvement: when creating Kerberos credentials, it is now checked if the format of the KDC(s) matches the valid formats. Is is not possible to save Kerberos credentials if the KDC(s) have an invalid format. An appropriate error message is displayed in this case (#GEA-1128).
- Improvement: the way EPSS scores are displayed has been changed to comply with FIRST’s recommended display format. The score is now displayed as a percentage and the percentile is displayed as a whole-numbered ordinal number (#GEA-1132).
- Improvement: the colors of the severity classes have been adjusted to match those of OPENVAS REPORT and OPENVAS VIEW (#GEA-1052).
- Improvement: when signing in after a session timeout the last opened page is now displayed instead of the Dashboards page (#GEA-973).
- Bug fix: an error was fixed where the EPSS scores were not displayed in the report of a scan (#GEA-930, #GS-7696, #GS-8189, #GS-8306, #GS-8043).
- Bug fix: an error was fixed where the Performance page could not be opened and an error was displayed instead (#GEA-1055, #GEA-1064, GS-8169, #GS-8303, #GS-8601).
- Bug fix: an error was fixed where triggering a Sourcefire Connector alert that was missing the PKCS#12 certificate caused a backtrace error (#GEA-1087).
- Bug fix: an error was fixed where the Verify Scanner functionality in the web interface always returned an error for Greenbone Sensors, even if they were configured correctly (#GEA-1029, #GS-8204, #GS-8146).
- Bug fix: an error was fixed where creating a large number of tasks exhausted the available PostgreSQL connections, causing subsequent problems (#GEA-1025).
- Bug fix: an error was fixed where the menus Alerts and Schedules were incorrectly available on the web interface of the appliance model Greenbone Free (#GEA-1053).
- Bug fix: an error was fixed where the menu Remediation Tickets was incorrectly available on the web interface of all appliance models (#GEA-1008).
- Bug fix: an error was fixed where the information that the feed is currently being synchronized was repeatedly displayed on the web interface, even though the feed was not actually being synchronized (#GEA-1010, #GS-8105, #GS-7870).
- Bug fix: an error was fixed where using the method modify_filter in gvm-python caused a traceback error (#GEA-1077, #GS-8264).
- Bug fix: an error was fixed where the About page could not be opened and an error was displayed instead (#GEA-1112).
- Bug fix: an error was fixed where the NVT OID was not already filled out when creating a new note from a result or a VT (#GEA-1133).
- Bug fix: an error was fixed where it was not possible to create a new target from the Hosts page (#GEA-1120).
- Bug fix: an error was fixed where an error message could be displayed when opening the New Task dialog on the Tasks (#GEA-1063, #GS-7646).
- Bug fix: an error was fixed where it was not possible to create a filter for the resource type Vulnerability (#GEA-1164).
- Bug fix: an error was fixed where the Performance page did not contain any graphs, neither for the appliance itself nor for any connected sensors (#GEA-1197, #GEA-1221).
- Bug fix: an error was fixed where uploading a custom file containing credentials to be tested during a scan to a scan configuration was not possible (#GEA-1036, #GS-8094).
- Bug fix: an error was fixed where it was not possible to edit compliance policies and scan configurations or view their details pages (#GEA-1195).
- Bug fix: an error was fixed where the VT an override was created for was not correctly displayed when editing the override (#GEA-1198).
- Bug fix: an error was fixed where the Trashcan page could not be opened and an error was displayed instead (#GEA-1194).
- Bug fix: an error was fixed where custom report configurations were not used for reports sent with an alert (#GEA-1155).
- Bug fix: an error was fixed where it was not possible to create a new schedule (#GEA-1187).
- Bug fix: an error was fixed where the GMP function get_report returned an unexpected keyword (#GEA-1172).
- Bug fix: an error was fixed where saving the user settings was not possible due to invalid input (#GEA-1031).
- Bug fix: an error was fixed where sorting by EPSS score, EPSS percentile or solution type in delta reports did not work as expected (#GEA-1192).
- Bug fix: an error was fixed where changing the user interface language reset the sorting order of delta reports (#GEA-1207).
- Minor improvement: line breaks within words in report names have been removed (#GEA-1026).
- Minor improvement: the notification indicating that the Greenbone Community Feed is being used has been moved, so that it no longer overlaps with the top menu bar (#GEA-1028).
- Minor improvement: the included appliance manual has been updated to the current version from 2025-08-04 (#PR-1321).
- Minor improvement: all settings of Kerberos credentials (for example, realm and KDC(s)) are now shown on the credential’s details page (#GEA-1129).
- Minor improvement: on the Reports page, the icon for deleting a report has been replaced to better reflect that reports are deleted immediately without moving them to the trashcan (#GEA-1212).
- Minor bug fix: an error was fixed where the notification indicating that the Greenbone Community Feed is being used was shown too often (#GEA-1231).
- Minor bug fix: an error was fixed where it was not possible to enter a decimal divider for the new severity when creating an override (#GEA-1059).
- Minor bug fix: an error was fixed where the time zone was not correctly displayed after logging in (#GEA-1051).
- Minor bug fix: an error was fixed where the Users page could show an error message due to a missing translation function (#GEA-1056).
- Minor bug fix: an error was fixed where the Operating Systems by Vulnerability Score chart was not available on the Operating Systems page (#GEA-1067).
- Minor bug fix: an error was fixed where the error messages when creating Kerberos credentials where inconsistent (#GEA-1005).
- Minor bug fix: an error was fixed where in some cases the dialog with the user settings could not be closed by clicking Save if no changes were made (#GEA-1048).
- Minor bug fix: an error was fixed where attempting to delete the hour or minute entry of the start or end time of a schedule would cause the Schedules page to crash (#GEA-948).
- Minor bug fix: an error was fixed where Kerberos credentials were not always displayed on the target details page (#GEA-1066).
- Minor bug fix: an error was fixed where a CVSS base vector was shown as “(null)” if no vector existed (#GEA-888).
- Minor bug fix: an error was fixed where moving multiple objects to the trashcan did not show a progress indicator anymore (#GEA-1065).
- Minor bug fix: an error was fixed where the German column header “Falsch-Positiv” in a scan report was not readable (#GEA-1127).
- Minor bug fix: an error was fixed where various LDAP settings displayed “(null)” when uploading an invalid LDAP certificate (#GEA-1072).
- Minor bug fix: an error was fixed where it was not possible to add a tag to port lists using the Apply to selection function (#GEA-1118).
- Minor bug fix: an error was fixed where the menu item of the currently open page in the menu on the left was no longer selected when sub-items such as detail pages were opened (#GEA-1135).
- Minor bug fix: an error was fixed where dashboards on the Dashboards page could only be renamed if multiple dashboards existed (#GEA-1191).
- Minor bug fix: an error was fixed where filters created for tags were not displayed on the Tags page and therefore could not be applied (#GEA-1165).
- Minor bug fix: an error was fixed where the default filter defined in the user settings was not applied on the Port Lists page (#GEA-1166).
- Minor bug fix: an error was fixed where the name of an alert was deleted if the alert was modified via the GMP API and no alert name or comment were provided (#GEA-1082, #GS-7747).
Vulnerability Scanning:
- Improvement: support for Arch Linux has been added to the openvasd-based Notus scanner (#SC-1240).
- Improvement: an option to limit the memory usage of vulnerability test scripts has been added. It can be set via the GOS state variable max_mem_kb, which defines the maximum amount of memory in megabyte allowed to use for a single script. Per default no limit is set (#SC-1312, #GOS-2408).
- Bug fix: an error was fixed where a segmentation fault could sometimes occur when handling virtual hosts (#SC-1334).
- Bug fix: an error was fixed where a segmentation fault could sometimes occur when handling openvasd-based Notus checks (#SC-1300, #GS-8144).
- Minor improvement: for Known Exploited Vulnerabilities (KEV) of the Cybersecurity and Infrastructure Security Agency (CISA), metadata support has been added for vulnerability tests (#SC-1112).
- Minor bug fix: an error was fixed where the IP address was missing in the “too many timeouts. This port will be set to closed.” log message (#SC-1313).

24.10.3 (2025-07-07):

Greenbone OS:
- Major security fix: the included package sudo was upgraded from version 1.9.13p3-1+deb12u1 to version 1.9.13p3-1+deb12u2 (CVE-2025-32462, CVE-2025-32463, #GS-8463).
- Bug fix: a new scanner version was introduced with GOS 22.04.28 which was not included in GOS 24.10.2. Due to that, no switch release from GOS 22.04 to GOS 24.10 was possible. The scanner version was now updated from version 23.16.1-gos2410~1 to version 23.20.1-gos2410~1 to fix this issue (#GOS-2364, #GS-8453, #GS-8468).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2025-07-03 (#PR-1318).

24.10.2 (2025-04-14):

Note: An upgrade to this version requires a reboot of the system for virtual appliances.

Greenbone OS:
- Extension: the new Greenbone Enterprise 150 R2 appliance model was added (#GOS-2200).
- Improvement: importing a beaming image from a newer GOS patch level in an older GOS patch level could result in problems. The import of such beaming images is now no longer allowed (#GOS-2241).
- Improvement: the size of the database, valuable, backup and log partitions was increased for new installations of the appliance models Greenbone Enterprise 5400 R1 and Greenbone Enterprise 6500 R1. The partition sizes now match those of the corresponding R2 models (#GOS-2170, #GS-7628, #GS-7900).
- Improvement: the included package gvm-tools was updated to version 25.3.0 and the included package python-gvm was updated to version 26.1.1 (#PR-1226).
- Security fix: the included package libxslt was upgraded from version 1.1.35-1 to version 1.1.35-1+deb12u1 (CVE-2024-55549, CVE-2025-24855).
- Bug fix: if the appliance model Greenbone Enterprise 35 has been installed with GOS 21.04 or earlier, the fstrim service was not enabled. It has been enabled for these cases also to resolve various disk issues (#GOS-2224, #GOS-2208, #GS-7777).
- Bug fix: an error was fixed where the console start screen of a Greenbone Enterprise 25V claimed that a web interface was available (#GOS-2092).
- Bug fix: an error was fixed where the optional package gsm-debug could not be installed (#GOS-2234).
- Minor improvement: for all hardware appliance models except the Greenbone Enterprise 35 the /tmp directory has been moved to its own partition (#GOS-108).
- Minor bug fix: an error was fixed where support packages did not include all expected Postgres debug information (#GOS-2190).
- Minor bug fix: an error was fixed where the self-check for other logged in admins was always shown as failed in support packages, even if the self-check was actually successful (#GOS-2222).
Vulnerability Management:
- Improvement: dynamic notifications were added to the web interface. For various types of actions, such as starting, stopping or resuming a scan task or audit, deleting, cloning or exporting any object, and for some informational messages from Greenbone a message appears in the upper right corner (#GEA-934, #GEA-1017).
- Bug fix: an error was fixed where various dialogs in the web interface displayed an error if they contained user-defined objects that consisted only of numbers (#GEA-917, #GEA-922, #GS-7646, #GS-7749, #GS-7824).
- Bug fix: an error was fixed where the selection of which VT families to include in a scan configuration or compliance policy was revoked when other settings were changed in the same step (#GEA-952).
- Bug fix: an error was fixed where input boxes of the dialog for editing a scan configuration reacted very slowly (#GEA-884).
- Bug fix: an error was fixed where no warning message was displayed if a password for a web user was not complex enough, even though the password complexity was enabled via the GOS menu (#GEA-782).
- Bug fix: an error was fixed where changes to the timeout values within a scan configuration or compliance policy were not applied when scanning (#GEA-799, #GS-7032, #GS-7520, #GS-7776).
- Bug fix: an error was fixed where too many results were displayed for “Network Vulnerability Test Preferences” when using the search function in a scan configuration or compliance policy (#GEA-950).
- Bug fix: an error was fixed where the dates of overrides were not correct in the dashboard diagrams of the Overrides page (#GEA-945, #GS-7738).
- Minor improvement: the design of multi-line entries in drop-down lists was improved, so that the entries do not get cropped anymore (#GEA-831, #GS-7756).
- Minor improvement: the included appliance manual was updated to the current version from 2025-04-10 (#PR-1252).
- Minor improvement: the link to the user manual in the web interface was moved to the upper right menu bar and is now opened in a separate browser tab (#GEA-951).
- Minor improvement: the link to the Greenbone website in the footer of the web interface now leads to the English website if the language of the web interface is set to English (#GEA-944).
- Minor bug fix: an error was fixed where the dark screen overlay used with dialog boxes became darker when multiple nested dialogs were opened (#GEA-962).
Vulnerability Scanning:
- Extension: a new credential type for Kerberos authentication on Microsoft Windows systems was added. Authenticated scans via Kerberos will still be done with the help of the SMB protocol. The already existing SMB credentials, which use NT (New Technology) LAN Manager (NTLM) for authentication, were renamed to SMB (NTLM) on the web interface to avoid confusion. In order to enable authentication via Kerberos on a target, the appliance must use a DNS server that is capable of doing a reverse lookup of the target and the target must be part of a functioning Microsoft Windows domain with a working domain controller, DNS infrastructure, and network. If the authentication via Kerberos fails, NTLM authentication will be tried as a fallback (#SC-1131, #GEA-894, #GS-6331).

24.10.1 (2025-03-12):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Major bug fix: an error was fixed where the Redis service saved unplanned dataset snapshots on the hard disk and thus filled up the root volume of the disk. All such existing dataset snapshots will also be removed when upgrading to GOS 24.10.1 or later (#GOS-2183, #GOS-2194, #GS-7687, #GS-7690, #GS-7697, #GS-7794).
- Improvement: the included package gvm-tools was updated to version 25.2.0 and the included package python-gvm was updated to version 26.1.0. These versions are required to ensure compatibility with GMP 22.6 and GOS 24.10 (#PR-1149).
- Improvement: self-signed certificates and certificate signing requests (CSRs) for HTTPS now use a RSA key size of 4096 bit. This change does not apply to already created certificates and CSRs. Only newly generated self-signed certificates and CSRs with GOS 24.10.1 or later will use 4096 bit (#GOS-2078, #GS-7235).
- Security fix: the Linux kernel was upgraded from version 6.6.64-greenbone1 to version 6.6.77-greenbone1 for hardware appliances and from version 6.1.124-1 to version 6.1.128-1 for virtual appliances (CVE-2024-36899, CVE-2024-49994, CVE-2024-50014, CVE-2024-50047, CVE-2024-50164, CVE-2024-50304, CVE-2024-53124, CVE-2024-53128, CVE-2024-53170, CVE-2024-53229, CVE-2024-53234, CVE-2024-53685, CVE-2024-56551, CVE-2024-56599, CVE-2024-56608, CVE-2024-56631, CVE-2024-56664, CVE-2024-56703, CVE-2024-57887, CVE-2024-57892, CVE-2024-57904, CVE-2024-57906, CVE-2024-57907, CVE-2024-57908, CVE-2024-57910, CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2024-57915, CVE-2024-57916, CVE-2024-57917, CVE-2024-57922, CVE-2024-57925, CVE-2024-57929, CVE-2024-57939, CVE-2024-57940, CVE-2024-57948, CVE-2025-21631, CVE-2025-21636, CVE-2025-21637, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640, CVE-2025-21646, CVE-2025-21647, CVE-2025-21648, CVE-2025-21653, CVE-2025-21655, CVE-2025-21660, CVE-2025-21662, CVE-2025-21664, CVE-2025-21665, CVE-2025-21666, CVE-2025-21667, CVE-2025-21668, CVE-2025-21669, CVE-2025-21671, CVE-2025-21675, CVE-2025-21678, CVE-2025-21680, CVE-2025-21681, CVE-2025-21683).
- Security fix: the included package openssh was upgraded from version 1:9.2p1-shredder+2 (1:9.2p1-2+deb12u2) to version 1:9.2p1-2+deb12u5 (CVE-2025-26465, CVE-2024-6387).
- Security fix: the included package libgnutls was upgraded from version 3.7.9-2+deb12u3 to version 3.7.9-2+deb12u4 (CVE-2024-12243).
- Security fix: the included package libtasn was upgraded from version 4.19.0-2 to version 4.19.0-2+deb12u1 (CVE-2024-12133).
- Bug fix: an error was fixed where VLAN IDs in network namespaces could conflict, causing subsequent networking problems (#GOS-2169, #GOS-2180, #GS-7575, #GS-7633, #GS-7678, #GS-7691).
- Bug fix: an error was fixed where the kernel did not allow port binding to an IPv6 address in a tentative state. This could lead to subsequent problems, for example system services not starting. A waiting period is now used to ensure the address is in the expected state (#GOS-2187, #GS-7708).
- Bug fix: an error was fixed where GOS upgrades from GOS 22.04 to the new major version GOS 24.10 were not possible on Huawei FusionCompute x86-64 (#GOS-2080, #GS-7566).
- Bug fix: an error was fixed where GOS 24.10 did not correctly identify itself as GOS 24.10 when acting as an SSH client or server (#GOS-2138).
Vulnerability Management:
- Major improvement: the performance of SCAP feed updates was considerably improved (#GEA-886, #GEA-899, #GEA-928).
- Improvement: a search bar was added to the dialog for creating or editing a scan configuration or compliance policy. It can be used to search for VT families, scanner preferences and VT preferences (#GEA-880).
- Improvement: an action icon for accessing the general settings of a scan configuration was added to the page Scan Configs. Clicking on it directly opens the VT Familiy Settings (#GEA-879).
- Improvement: for the export of scan reports and audit reports, only those report formats that are compatible with the corresponding report type are now available (#GEA-873).
- Bug fix: an error was fixed where CVEs for which no CPEs have been assigned were not updated correctly during feed updates (#GEA-981).
- Bug fix: an error was fixed where the link to the user manual under Help > User Manual did not work (#GEA-892).
- Bug fix: an error was fixed where cloning a compliance policy from a details page resulted in a “Page Not Found” error, although the policy was successfully cloned (#GEA-874).
- Bug fix: an error was fixed where selecting the same item from any drop-down list removed the entry entirely (#GEA-861).
- Bug fix: an error was fixed where the selected report format was not displayed in the dialog for creating a new report configuration (#GEA-838).
- Bug fix: an error was fixed where the results of a CVE scan showed no detection methods (#GEA-887).
- Bug fix: an error was fixed where reports exported in the report formats Verinice ISM and Verinice ISM all results did not contain any attached report (#GEA-840).
- Bug fix: an error was fixed where SQL error messages could occur when loading results that included Windows Local Security Checks.
- Minor improvement: the font size on the web interface was made consistent (#GEA-830).
- Minor improvement: the links to the user manual were updated for new pages of the web interface that were introduced with GOS 24.10 (#GEA-869).
- Minor improvement: the design of the badges that show the number of a resource on a details page, for example the number of reports for a task, was improved to make the underlying icons more visible (#GEA-860).
- Minor improvement: required input boxes when creating or editing a ticket are now marked with an asterisk, as the previous labels could be interpreted as error messages even though there was no error (#GEA-874).
- Minor improvement: a log message was added to indicate when the gvmd service is ready to accept GMP connections.
- Minor improvement: the included appliance manual was updated to the current version from 2025-03-04 (#PR-1196).
- Minor security fix: the link in the footer that leads to the Greenbone website now uses HTTPS (#GEA-860).
- Minor bug fix: an error was fixed where it was possible to create tags of the wrong sub-type for reports, tasks, audits, scan configurations and policies via the GMP API (#GEA-871).
Vulnerability Scanning:
- Bug fix: an error was fixed where the OpenVAS scanner tried to allocate very large amounts of memory when running vulnerability tests that use and store files on target systems (#SC-745, #GS-3371).

24.10.0 (2025-02-03):

Note: Please follow the instructions in the user manual to upgrade to this major version. After the upgrade, a reboot of the system is required.

Product Portfolio

The appliance models Greenbone Enterprise 400/450/600/650 R1, Greenbone Enterprise 5300/6400 and Greenbone Enterprise 150 do not support GOS 24.10.

Secure Boot

GOS 24.10 supports Secure Boot for virtual appliances.

On Huawei FusionCompute, GOS 24.10 does not yet support Secure Boot.
On appliances that are shipped with GOS 24.10, Secure Boot is enabled by default, with the exception of appliances for Oracle VirtualBox.
On appliances that were upgraded from GOS 22.04 to GOS 24.10 and on new appliances for Oracle VirtualBox, Secure Boot has to be activated in the settings of the used hypervisor.

To enable Secure Boot for appliances on which it is not enabled by default, the following must be considered:

At least the hypervisor versions specified in the sub-chapters of Chapter 4.1 of the manual must be used.
The following settings must be made on the respective hypervisor:
- VMware vSphere Hypervisor (ESXi):
  - Guest OS Family must be set to Linux.
  - Guest OS Version must be set to at least Debian GNU/Linux 11 (64-bit).
- VMware Workstation Pro and Workstation Player:
  - Guest operating system must be set to Linux.
  - Guest operating system Version must be set to at least Debian GNU/Linux 11 (64-bit).
- Microsoft Hyper-V:
  - The virtual machine must be a generation 2 virtual machine.
  - Secure Boot Template must be set to Microsoft UEFI Certificate Authority.
- Oracle VirtualBox:
  - After enabling Secure Boot the first time, the Reset Keys to Default button must be pressed and the subsequent dialog must be confirmed.
To enable Secure Boot itself, refer to the technical documentation of the used hypervisor.

Encrypted Airgap FTP

GOS 24.10 introduces the option to encrypt Airgap FTP. Encryption is done via SSH-based SFTP.

When adding a server for Airgap, it is now possible to specify whether FTP or SFTP should be used. The menu options offered in the Airgap menu then depend on this selection.

sshd Configuration Options

With GOS 24.10, the algorithms and ciphers used by the SSH daemon can be configured via the GOS administration menu. The following settings are available:

Ciphers
Host key signature algorithms
Key exchange algorithms
MAC algorithms
Public key signature algorithms

Networking Mode

The old networking mode that was superseded by the networking mode gnm (GOS Network Manager) with GOS 21.04 has been removed. Upgrading from GOS 22.04 to GOS 24.10 is not possible if the old networking mode is still in use with GOS 22.04.

Superuser Password

With GOS 24.10, the method of setting the superuser password is changed. It is also no longer restored when restoring a beaming image or a backup, but remains unchanged from its previous value before the import or restore.

The superuser password can be changed as described in Chapter 6.4.2.1 of the manual.

Web Interface

New Design of the Web Interface

GOS 24.10 introduces a new design for the web interface. The main navigation bar has been moved to a vertical menu on the left side of the screen, and the layout and color of all pages and dialogs has been improved to enhance clarity and usability. In addition, several new functionalities have been added (see below).

Configurable Report Formats

GOS 24.10 adds the feature Report Configs to customize report formats. The following report formats can be customized:

Customizable CSV Results: customization of included columns and formula handling
Topology SVG: customization of graph type and node distance
Verinice ISM: customization of attached report formats and the sent message
Verinice ISM all results: customization of attached report formats and the sent message

For the supported report formats, the report configuration can be selected when exporting a report or using an alert that includes the sending of a report.

EPSS Support

With GOS 24.10, EPSS (Exploit Prediction Scoring System) scores are added to CVEs and vulnerability tests. EPSS is a measure of a vulnerability’s likelihood of exploitation.

CVEs and VTs are now assigned a score and a percentile. The score indicates the probability of attempts to exploit a vulnerability being observed in the next 30 days and is a number between 0 and 1. The higher the value, the greater the probability that a vulnerability will actually be exploited. The percentile indicates the proportion of vulnerabilities that were rated the same or lower than the vulnerability. This helps putting the score into context.

CVSS v4.0 Support

With GOS 24.10, CVSS v4.0 will be supported. However, since CVSS v4.0 is still in the early stages of industry-wide adoption, CVSS v4.0 data is not yet available in the feed.

Dedicated Page for Audit Reports

GOS 24.10 adds a new sub-page to the Resilience menu of the web interface: Compliance Audit Reports.

This page contains the reports of compliance audits, equivalent to the Reports page, which contains the reports for scan tasks. The table on the page displays an overall compliance assessment of the target system, as well as the number of results per compliance level Yes, No and Incomplete.

The details view of a report is also equivalent to that of a scan task. It contains all detected results together with an assessment of whether the requirement has been met, not met or only partially met.

Filters and tags were adjusted and are not separate between audit and scan reports. Additionally, tag types for compliance policies and audits were added.

Notus Scanner Replaced by openvasd

With GOS 24.10, the Notus Scanner is replaced by openvasd. Implemented in the Rust programming language, openvasd offers a more secure and robust experience. It is the first step towards implementing all OpenVAS scanner functionalities in Rust in the future.

The local security check (LSC) functionality itself is now handled via the /notus endpoint of openvasd. In order to speed up LSCs, the OpenVAS scanner sends the collected packages to openvasd. The transmission is done via HTTP and the openvasd listener is bound to localhost.

Greenbone Management Protocol (GMP)

The Greenbone Management Protocol (GMP) has been updated to version 22.6 and the API has been adjusted slightly. The usage of some commands has changed and several commands, elements and attributes have been deprecated. The complete reference guide and the list of changes are available here.

If gvm-tools and/or python-gvm are to be used with GMP 22.6 and GOS 24.10, the following versions are required:

gvm-tools: 25.1.1 or higher
python-gvm: 26.0.0 or higher

OPENVAS SCAN 22.04

2022-08-08: OPENVAS SCAN 22.04

Current Patch Level: 22.04.29 (2025-07-07)

Lifecycle Status: End-of-Life

22.04.29 (2025-07-07):

Greenbone OS:
- Major security fix: the included package sudo was upgraded from version 1.9.5p2-3+deb11u1 to version 1.9.5p2-3+deb11u2 (CVE-2025-32462, CVE-2025-32463, #GS-8463).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2025-07-03 (#PR-1319).

22.04.28 (2025-06-18):

Greenbone OS:
- Status: the lifecycle status of GOS 22.04 was set to “end-of-life”. This means that while GOS 22.04 will remain functional and supported, it will receive a reduced number of patches that will be limited to critical fixes to core functionality and security issues. Note: GOS 22.04 will reach the final end of its lifecycle and be retired on 2026-02-01 (#GOS-2315).
- Bug fix: if the appliance models Greenbone Enterprise 150 or 35 have been installed with GOS 21.04 or earlier, the fstrim service was not enabled. It has been enabled for these cases also to resolve various disk issues (#GOS-2224).
- Security fix: the Intel microcode of the Greenbone Enterprise 6500 R2, 5400 R2, 650 R2, 600 R2, 450 R2, 400 R2 appliance models was upgraded to the current version (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495).
- Security fix: the Linux kernel was upgraded from version 5.10.230-greenbone1 to version 5.10.237-greenbone1 for hardware appliances and from version 5.10.226-1 to version 5.10.237-1 for virtual appliances (CVE-2021-47469, CVE-2023-52530, CVE-2023-52917, CVE-2024-26921, CVE-2024-27017, CVE-2024-27072, CVE-2024-35965, CVE-2024-35966, CVE-2024-36476, CVE-2024-36899, CVE-2024-38538, CVE-2024-38544, CVE-2024-38588, CVE-2024-38591, CVE-2024-39497, CVE-2024-40953, CVE-2024-41016, CVE-2024-41060, CVE-2024-41080, CVE-2024-42315, CVE-2024-43098, CVE-2024-44931, CVE-2024-44940, CVE-2024-46695, CVE-2024-46809, CVE-2024-46841, CVE-2024-46849, CVE-2024-46853, CVE-2024-46854, CVE-2024-46858, CVE-2024-46865, CVE-2024-47143, CVE-2024-47670, CVE-2024-47671, CVE-2024-47672, CVE-2024-47674, CVE-2024-47679, CVE-2024-47684, CVE-2024-47685, CVE-2024-47692, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47705, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47710, CVE-2024-47712, CVE-2024-47713, CVE-2024-47718, CVE-2024-47723, CVE-2024-47735, CVE-2024-47737, CVE-2024-47739, CVE-2024-47740, CVE-2024-47742, CVE-2024-47748, CVE-2024-47749, CVE-2024-47756, CVE-2024-47757, CVE-2024-48881, CVE-2024-49851, CVE-2024-49858, CVE-2024-49860, CVE-2024-49863, CVE-2024-49867, CVE-2024-49868, CVE-2024-49875, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49889, CVE-2024-49890, CVE-2024-49892, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49900, CVE-2024-49902, CVE-2024-49903, CVE-2024-49907, CVE-2024-49913, CVE-2024-49930, CVE-2024-49933, CVE-2024-49936, CVE-2024-49938, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949, CVE-2024-49952, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49969, CVE-2024-49973, CVE-2024-49974, CVE-2024-49975, CVE-2024-49977, CVE-2024-49981, CVE-2024-49982, CVE-2024-49983, CVE-2024-49985, CVE-2024-49995, CVE-2024-49996, CVE-2024-50001, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50010, CVE-2024-50013, CVE-2024-50015, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50036, CVE-2024-50039, CVE-2024-50040, CVE-2024-50044, CVE-2024-50045, CVE-2024-50046, CVE-2024-50049, CVE-2024-50055, CVE-2024-50058, CVE-2024-50059, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50095, CVE-2024-50096, CVE-2024-50099, CVE-2024-50103, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50121, CVE-2024-50127, CVE-2024-50131, CVE-2024-50134, CVE-2024-50142, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50153, CVE-2024-50167, CVE-2024-50171, CVE-2024-50179, CVE-2024-50180, CVE-2024-50181, CVE-2024-50184, CVE-2024-50185, CVE-2024-50188, CVE-2024-50192, CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50210, CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50233, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50251, CVE-2024-50262, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296, CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-50304, CVE-2024-52332, CVE-2024-53042, CVE-2024-53052, CVE-2024-53057, CVE-2024-53059, CVE-2024-53060, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53096, CVE-2024-53097, CVE-2024-53099, CVE-2024-53101, CVE-2024-53103, CVE-2024-53104, CVE-2024-53112, CVE-2024-53119, CVE-2024-53121, CVE-2024-53124, CVE-2024-53125, CVE-2024-53127, CVE-2024-53130, CVE-2024-53131, CVE-2024-53135, CVE-2024-53136, CVE-2024-53138, CVE-2024-53140, CVE-2024-53141, CVE-2024-53142, CVE-2024-53145, CVE-2024-53146, CVE-2024-53148, CVE-2024-53150, CVE-2024-53155, CVE-2024-53156, CVE-2024-53157, CVE-2024-53158, CVE-2024-53161, CVE-2024-53164, CVE-2024-53171, CVE-2024-53172, CVE-2024-53173, CVE-2024-53174, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184, CVE-2024-53194, CVE-2024-53197, CVE-2024-53198, CVE-2024-53214, CVE-2024-53217, CVE-2024-53226, CVE-2024-53227, CVE-2024-53237, CVE-2024-53239, CVE-2024-53240, CVE-2024-53241, CVE-2024-53680, CVE-2024-53685, CVE-2024-53690, CVE-2024-54031, CVE-2024-55916, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533, CVE-2024-56539, CVE-2024-56548, CVE-2024-56558, CVE-2024-56562, CVE-2024-56567, CVE-2024-56568, CVE-2024-56569, CVE-2024-56570, CVE-2024-56574, CVE-2024-56576, CVE-2024-56581, CVE-2024-56586, CVE-2024-56587, CVE-2024-56589, CVE-2024-56593, CVE-2024-56594, CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56603, CVE-2024-56605, CVE-2024-56606, CVE-2024-56610, CVE-2024-56615, CVE-2024-56616, CVE-2024-56619, CVE-2024-56623, CVE-2024-56629, CVE-2024-56630, CVE-2024-56631, CVE-2024-56633, CVE-2024-56634, CVE-2024-56636, CVE-2024-56637, CVE-2024-56642, CVE-2024-56643, CVE-2024-56644, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56659, CVE-2024-56661, CVE-2024-56662, CVE-2024-56670, CVE-2024-56672, CVE-2024-56681, CVE-2024-56688, CVE-2024-56690, CVE-2024-56691, CVE-2024-56694, CVE-2024-56698, CVE-2024-56700, CVE-2024-56704, CVE-2024-56705, CVE-2024-56716, CVE-2024-56720, CVE-2024-56723, CVE-2024-56724, CVE-2024-56728, CVE-2024-56739, CVE-2024-56741, CVE-2024-56747, CVE-2024-56748, CVE-2024-56754, CVE-2024-56756, CVE-2024-56759, CVE-2024-56763, CVE-2024-56766, CVE-2024-56767, CVE-2024-56769, CVE-2024-56770, CVE-2024-56779, CVE-2024-56780, CVE-2024-57791, CVE-2024-57792, CVE-2024-57802, CVE-2024-57807, CVE-2024-57850, CVE-2024-57874, CVE-2024-57884, CVE-2024-57887, CVE-2024-57889, CVE-2024-57890, CVE-2024-57892, CVE-2024-57896, CVE-2024-57900, CVE-2024-57901, CVE-2024-57902, CVE-2024-57904, CVE-2024-57906, CVE-2024-57907, CVE-2024-57908, CVE-2024-57910, CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2024-57922, CVE-2024-57929, CVE-2024-57931, CVE-2024-57938, CVE-2024-57940, CVE-2024-57946, CVE-2024-57948, CVE-2024-57951, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640, CVE-2025-21646, CVE-2025-21648, CVE-2025-21653, CVE-2025-21664, CVE-2025-21666, CVE-2025-21669, CVE-2025-21678, CVE-2025-21683, CVE-2025-21687, CVE-2025-21688, CVE-2025-21689, CVE-2025-21692, CVE-2025-21694, CVE-2025-21697, CVE-2025-21699).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+4 to version 1:8.4p1-abomination+5 (CVE-2025-26465, CVE-2025-32728).
- Security fix: the included package libgnutls was upgraded from version 3.7.1-5+deb11u6 to version 3.7.1-5+deb11u7 (CVE-2024-12243).
- Security fix: the included package nginx was upgraded from version 1.20.2-1~buster to version 1.26.3-1~bullseye (CVE-2024-7347, CVE-2025-23419).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u5 to version 5:6.0.16-1+deb11u6 (CVE-2025-21605).
- Security fix: the included package postgresql-13 was upgraded from version 13.18-0+deb11u1 to version 13.21-0+deb11u1 (CVE-2025-4207, CVE-2025-1094).
- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u5 to version 2.9.10+dfsg-6.7+deb11u7 (CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-32414, CVE-2025-32415).
- Security fix: the included package libcap2 was upgraded from version 1:2.44-1 to version 1:2.44-1+deb11u1 (CVE-2023-2602, CVE-2023-2603, CVE-2025-1390).
- Security fix: the included package python3.9 was upgraded from version 3.9.2-1+deb11u2 to version 3.9.2-1+deb11u3 (CVE-2022-0391, CVE-2025-0938, CVE-2025-1795).
- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u1 to version 1.1.34-4+deb11u2 (CVE-2024-55549, CVE-2025-24855).
- Security fix: the included package mosquitto was upgraded from version 2.0.11-1+deb11u1 to version 2.0.11-1+deb11u2 (CVE-2024-8376, CVE-2024-3935, CVE-2024-10525).
- Security fix: the included package krb5 was upgraded from version 1.18.3-6+deb11u5 to version 1.18.3-6+deb11u7 (CVE-2025-24528).
- Security fix: the included package libtasn was upgraded from version 4.16.0-2+deb11u1 to version 4.16.0-2+deb11u2 (CVE-2024-12133).
- Security fix: the included package open-vm-tools was upgraded from version 4.16.0-2+deb11u1 to version 4.16.0-2+deb11u2 (CVE-2024-12133).
- Security fix: for virtual appliances, the included package open-vm-tools was upgraded from version 2:11.2.5-2+deb11u3 to version 2:11.2.5-2+deb11u4 (CVE-2025-22247).
- Security fix: for the virtual appliance models Greenbone Enterprise EXA, PETA, TERA and DECA, the included package openvpn was upgraded from version 2.5.1-3 to version 2.5.1-3+deb11u1 (CVE-2022-0547, CVE-2024-5594).
- Minor bug fix: an error was fixed where support packages did not include all expected Postgres debug information (#GOS-2190).
- Minor bug fix: an error was fixed where the console start screen of a Greenbone Enterprise 25V claimed that a web interface was available, even though this model does not have a web interface (#GOS-2092).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2025-05-27 (#PR-1271).
Vulnerability Scanning:
- Minor bug fix: an error was fixed where the IP address was missing in open_sock_tcp log messages of the scanner (#SC-1313).

22.04.27 (2025-02-03):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Extension: the upgrade path to the next major GOS release – GOS 24.10 – has been unlocked for all supported Greenbone Enterprise Appliance models. Several requirements apply, for details see the GOS 24.10 release notes and user manual (#GOS-1803).
- Status: the models Greenbone Enterprise 150, 400 R1, 450 R1, 600 R1, 650 R1, 5300 and 6400 were set to “end-of-life”. They will be retired in the future together with GOS 22.04 and the upgrade path to GOS 24.10 is not supported on these models. Please check which Greenbone Enterprise Appliance models are supported with future GOS versions on https://www.greenbone.net/en/roadmap-lifecycle/ or contact our Sales Team directly to inquire about upgrade possibilities: sales@greenbone.net | +49-541-760278-20 (#GOS-2052).
- Status: the former “Greenbone Enterprise TRIAL” virtual appliance has been renamed to “Greenbone Free” in the web interface (#GOS-2019).
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 25.1.0 (#PR-1089).
- Security fix: the included package rsync was upgraded from version 3.2.3-4+deb11u1 to version 3.2.3-4+deb11u3 (CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u4 to version 5:6.0.16-1+deb11u5 (CVE-2023-28856, CVE-2024-46981).
- Minor improvement: the log message for a failed master-sensor feed push was refined (#GOS-2012).
Vulnerability Management:
- Improvement: the configurable reports feature has been added to GOS 22.04 (#GOS-2008).
- Minor improvement: the included appliance manual was updated to the current version from 2025-01-27 (#PR-1087).

22.04.26 (2024-12-05):

Note: An upgrade to this version requires a reboot of the system for hardware appliances.

Greenbone OS:
- Improvement: the included package gvm-tools was updated to version 24.12.0 and the included package python-gvm was updated to version 24.11.0 (#PR-992).
- Improvement: the feed cache volume group size has been increased to 24 GB for the Greenbone Enterprise 6500 R1/5400 R1 appliance models (#GOS-2022).
- Improvement: the GOS state variables sshd_ciphers, sshd_hostkey_algorithms, sshd_kex_algorithms, sshd_macs and sshd_pubkey_accepted_keytypes were added, allowing the persistent customization of the algorithms and ciphers used by the sshd server included in GOS via the GOS shell (#PP-381, #GOS-2004, #GS-6814).
- Improvement: the GOS state variable max_concurrent_scan_updates was added, controlling the number of scan updates that can run at the same time. Per default the number is not limited, matching the behavior of previous GOS versions. The value may be adjusted via the GOS shell for performance tuning reasons (#GOS-1954).
- Improvement: the GOS state variable min_mem_feed_update was added, controlling the minimum memory in Mebibyte (MiB) that must be available for feed updates. Feed updates are skipped if less physical memory is available. Per default no limit is set and feed updates are never skipped, matching the behavior of previous GOS versions. The number may be adjusted via the GOS shell for performance tuning reasons (#GOS-1917).
- Security fix: the included package openssl was upgraded from version 1.1.1w-0+deb11u1 to version 1.1.1w-0+deb11u2 (CVE-2023-5678, CVE-2024-0727, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143).
- Security fix: the included package postgresql-13 was upgraded from version 13.16-0+deb11u1 to version 13.17-0+deb11u1 (CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979).
- Security fix: the included package libarchive was upgraded from version 3.4.3-2+deb11u1 to version 3.4.3-2+deb11u2 (CVE-2021-36976, CVE-2022-26280, CVE-2022-36227, CVE-2024-20696).
- Security fix: the included package glib2.0 was upgraded from version 2.66.8-1+deb11u4 to version 2.66.8-1+deb11u5 (CVE-2024-52533).
- Security fix: the included package python3.9 was upgraded from version 3.9.2-1 to version 3.9.2-1+deb11u2 (CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, CVE-2021-29921, CVE-2021-3426, CVE-2021-3733, CVE-2021-3737, CVE-2021-4189, CVE-2022-42919, CVE-2022-45061, CVE-2023-24329, CVE-2023-27043, CVE-2023-40217, CVE-2023-6597, CVE-2024-0397, CVE-2024-0450, CVE-2024-11168, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088, CVE-2024-9287).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u2 to version 5:6.0.16-1+deb11u4 (CVE-2022-35977, CVE-2024-31228).
- Security fix: the included package dnsmasq was upgraded from version 2.85-1 to version 2.85-1+deb11u1 (CVE-2022-0934, CVE-2023-28450, CVE-2023-50387, CVE-2023-50868).
- Security fix: the included package ansible was upgraded from version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 to version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2 (CVE-2024-8775, CVE-2024-9902).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u13 to version 7.74.0-1.3+deb11u14 (CVE-2024-8096).
- Minor improvement: the configuration files and system logs of the Postfix mail server used by GOS are now included when generating a GOS support package (#GOS-2045).
- Minor improvement: SMTP and GMP passwords could erroneously be present in GOS support packages. Both are now explicitly excluded when generating a GOS support package (#GOS-2042).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-12-03 (#PR-993).

22.04.25 (2024-11-05):

Greenbone OS:
- Bug fix: an error was fixed where trying to open the Maintenance menu on the appliance models Greenbone Enterprise 5400 R1/6500 R1 caused the menu to crash (#GOS-1993, #GS-6924, #GS-6939).
- Bug fix: an error was fixed where uploading a beaming image sometimes caused the GOS administration menu to crash instead of showing an appropriate message (#GOS-1976, #GOS-1992, #GS-6914).
- Bug fix: an error was fixed where an unreachable sensor in a master-sensor setup with multiple sensors stopped the feed push to subsequent sensors as well (#GOS-1978, #GS-6802).
- Bug fix: an error was fixed where deselecting all SSL protocols for the HTTPS connection of the web interface caused the GOS administration menu to crash (#GOS-1952).
- Bug fix: an error was fixed where the switch release from GOS 21.04 to GOS 22.04 failed during the installation of the package libopenvas-misc23 (#GOS-1990).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-10-29 (#PR-972).

22.04.24 (2024-10-09):

Greenbone OS:
- Major bug fix: an error was fixed where an upgrade to the previous GOS version 22.04.23 changed the apt configuration, which removed packages marked as optional/recommended. Since the package cryptsetup-initramfs, which is responsible for unlocking the CryptDisk during the boot process, has only been changed to be manually installed during installation of GOS 22.04, it was just “recommended” on every hardware appliance installed before GOS 22.04, and thus removed with GOS 22.04.23. For some appliances, the removal of the package could lead to the appliance not booting correctly anymore after the upgrade to GOS 22.04.23 (#GOS-1981, #GS-6596, #GS-6851, #GS-6853, #GS-6865, #GS-6866, #GS-6868, #GS-6869, #GS-6825, #GS-6862, #GS-6857).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-10-09 (#PR-965).

22.04.23 (2024-10-07):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the RAM limit was increased to 24 GB for the appliance model 5400 R2, 14 GB for the appliance models DECA and TERA, 12 GB for the appliance models CENO and ONE, and 8 GB for the appliance models 25V and 35 (#GOS-1916).
  Note: For virtual appliances, manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the disk size for all virtual appliances was extended to 500 GB (#GOS-1788).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the size of the feed partition was increased to 24 GB for the appliance models CENO, DECA, TERA, PETA, EXA, ONE, 25V, 400 R1/450 R1/600 R1/650 R1 and 5400 R1/6500 R1 (#GOS-1793).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the size of the root partition was increased to 55 GB for the appliance models 150 and 35 (#GOS-1793).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 24.8.0 (#PR-949).
- Security fix: the Linux kernel was upgraded from version 5.10.222-greenbone1 to version 5.10.225-greenbone1 for hardware appliances and from version 5.10.221-1 to version 5.10.223-1 for virtual appliances (CVE-2022-48666, CVE-2024-36484, CVE-2024-36901, CVE-2024-36938, CVE-2024-39487, CVE-2024-40947, CVE-2024-41007, CVE-2024-41009, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020, CVE-2024-41022, CVE-2024-41034, CVE-2024-41035, CVE-2024-41040, CVE-2024-41041, CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41055, CVE-2024-41059, CVE-2024-41063, CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41072, CVE-2024-41077, CVE-2024-41078, CVE-2024-41081, CVE-2024-41090, CVE-2024-41091, CVE-2024-42101, CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121, CVE-2024-42124, CVE-2024-42127, CVE-2024-42131, CVE-2024-42137, CVE-2024-42143, CVE-2024-42145, CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42244, CVE-2024-42247).
- Security fix: the included package libexpat1 was upgraded from version 2.2.10-2+deb11u5 to version 2.2.10-2+deb11u6 (CVE-2023-52425, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492).
- Security fix: the included package postgresql-13 was upgraded from version 13.15-0+deb11u1 to version 13.16-0+deb11u1 (CVE-2024-7348).
- Security fix: the Intel microcode of the Greenbone Enterprise 650 R2/600 R2/450 R2/400 R2 appliance models was upgraded to the current version from 2024-08-19 (#GOS-1935).
- Bug fix: during GOS upgrades, system services are regularly stopped and restarted. This led to situations where the Postgres database was shut down before the gvmd service. Since the gvmd service depends on a working connection to Postgres, this could cause SQL error messages. gvmd is now stopped before Postgres during GOS upgrades (#GOS-1923).
- Bug fix: an error was fixed where feed updates permanently took up SWAP storage space, which could result in a performance decrease in the long run (#GOS-1911, #GS-3661, #GS-5113).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-09-24 (#PR-948).
- Bug fix: an error was fixed where date and time information was displayed in an incorrect format on the web interface when the language was set to German (#GEA-667).
- Bug fix: an error was fixed where too many simultaneous user logins to the web interface could result in database deadlocks (#GEA-655).
- Bug fix: an error was fixed where indexes for VTs could be missing after feed updates (#GEA-579).
- Bug fix: an error was fixed where the HTML hexadecimal code of the special character in a TLS certificate resulted in report exports to fail (#GEA-607, #GS-6328).
- Bug fix: an error was fixed where the custom SSH port set in the Advanced Task Wizard was ignored (#GEA-668, #GS-6609).
- Minor bug fix: an error was fixed where some texts on the page CVSS Calculator were not translated into German (#GEA-654).
Vulnerability Scanning:
- Bug fix: an error was fixed where the versions of Debian packages were parsed incorrectly, leading to false-positive results for the MariaDB Server product for example (#SC-1121).

22.04.22 (2024-07-31):

Greenbone OS:
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 24.7.0 (#PR-881).
- Change: the Greenbone Community Feed can no longer be downloaded on the Greenbone Basic Appliance (#GOS-1899).
- Change: the setup wizard dialog for adding a Greenbone Enterprise subscription key was updated for the Greenbone Basic Appliance (#GOS-1919).
- Change: the dialog for deleting a Greenbone Enterprise Feed subscription key was changed on the Greenbone Basic Appliance to reflect the change that the Greenbone Community Feed can no longer be downloaded (#GOS-1920).
- Security fix: the Linux kernel was upgraded from version 5.10.216-greenbone1 to version 5.10.222-greenbone1 for hardware appliances and from version 5.10.216-1 to version 5.10.221-1 for virtual appliances (CVE-2021-4440, CVE-2022-48655, CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36919, CVE-2024-36929, CVE-2024-36933, CVE-2024-36934, CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946, CVE-2024-36950, CVE-2024-36953, CVE-2024-36954, CVE-2024-36957, CVE-2024-36959, CVE-2022-43945, CVE-2022-48772, CVE-2024-25741, CVE-2024-26629, CVE-2024-27019, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847, CVE-2024-34027, CVE-2024-35247, CVE-2024-36014, CVE-2024-36015, CVE-2024-36016, CVE-2024-36270, CVE-2024-36286, CVE-2024-36288, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-37353, CVE-2024-37356, CVE-2024-38381, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38552, CVE-2024-38555, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583, CVE-2024-38586, CVE-2024-38587, CVE-2024-38589, CVE-2024-38590, CVE-2024-38596, CVE-2024-38597, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38605, CVE-2024-38607, CVE-2024-38612, CVE-2024-38613, CVE-2024-38615, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38637, CVE-2024-38659, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39276, CVE-2024-39292, CVE-2024-39301, CVE-2024-39467, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471, CVE-2024-39475, CVE-2024-39476, CVE-2024-39480, CVE-2024-39482, CVE-2024-39484, CVE-2024-39488, CVE-2024-39489, CVE-2024-39493, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501, CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904, CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40929, CVE-2024-40931, CVE-2024-40932, CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40983, CVE-2024-40984, CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40993, CVE-2024-40995, CVE-2024-41000, CVE-2024-41004, CVE-2024-41005, CVE-2024-41006).
- Minor improvement: mere recommended packages are now uninstalled if the GOS upgrade action removes packages that were automatically installed to satisfy dependencies for other packages, but are now no longer needed (#GOS-1806, #GOS-1807).
- Minor improvement: on the About page on the web interface, the copyright year was updated to 2024 (#GOS-1832).
Vulnerability Management:
- Improvement: an in-progress indicator was added to the (“Delete”) action on the pages Reports, Hosts, Operating Systems and TLS Certificates (#GEA-327).
- Improvement: the page CVSS Calculator now contains a calculator for CVSS v4 in addition to the calculators for CVSS v2 and CVSS v3 (#GEA-532).
- Improvement: the performance of CVE feed updates was improved (#GEA-557).
- Bug fix: an error was fixed where duplicate results generated during scans were not filtered out before adding them to a report (#GEA-525, #GS-5962).
- Bug fix: an error was fixed where using the “&” character in the comment field of a target resulted in an internal error and in the target not being created (#GEA-562, #GS-6211).
- Bug fix: an error was fixed where schedules with a fixed end date could sometimes not be created (#GEA-523).
- Bug fix: an error was fixed where the dates selected for a schedule were sometimes not correctly applied (#GEA-610).
- Bug fix: an error was fixed where searching for specific strings on the NVT list page resulted in an error (#GEA-448).
- Minor improvement: the performance of the Trashcan page was improved (#GEA-457).
- Minor improvement: various small changes, from memory leak fixes to code cleanups and improvements were implemented for the gvmd service (#GEA-585).
- Minor improvement: the included appliance manual was updated to the current version from 2024-07-29 (#PR-918).
Vulnerability Scanning:
- Minor improvement: the compatibility of the ICMP Ping alive test with target systems not following the RFC 792 specification was improved (#SC-1064).

22.04.21 (2024-06-03):

Greenbone OS:
- Extension: the new Greenbone Enterprise 6500 R2 and Greenbone Enterprise 5400 R2 appliance models were added (#GOS-1625).
- Security fix: the included package glib2.0 was upgraded from version 2.66.8-1+deb11u1 to version 2.66.8-1+deb11u3 (CVE-2024-34397).
- Bug fix: an error was fixed where the ospd-openvas service could not connect to the mosquitto service after moving network interfaces from the Management namespace to the Scan1 namespace (#GOS-1863).
- Minor improvement: an anonymized count of the number of hosts that were scanned within the last 90 days has been added to the GOS support package for statistical evaluations (#GOS-1839).
- Minor bug fix: an error was fixed where the most current run of the GOS selfcheck was not logged in the GOS support package (#GOS-1854).
- Minor bug fix: an error was fixed where the raid-rebuild script showed a syntax warning (#GOS-1744).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-05-29 (#PR-875).

22.04.20 (2024-05-13):

Greenbone OS:
- Security fix: the Linux kernel was upgraded from version 5.10.209-greenbone1 to version 5.10.216-greenbone1 for hardware appliances and from version 5.10.209-2 to version 5.10.216-1 for virtual appliances (CVE-2023-28746, CVE-2023-47233, CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52447, CVE-2023-52458, CVE-2023-52482, CVE-2023-52486, CVE-2023-52488, CVE-2023-52489, CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52587, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52614, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623, CVE-2023-52627, CVE-2023-52635, CVE-2023-52637, CVE-2023-52642, CVE-2023-52644, CVE-2023-52650, CVE-2023-6270, CVE-2023-7042, CVE-2024-0340, CVE-2024-0565, CVE-2024-0607, CVE-2024-0841, CVE-2024-1151, CVE-2024-22099, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-24857, CVE-2024-24858, CVE-2024-24861, CVE-2024-26581, CVE-2024-26593, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26606, CVE-2024-26610, CVE-2024-26614, CVE-2024-26615, CVE-2024-26622, CVE-2024-26625, CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640, CVE-2024-26641, CVE-2024-26642, CVE-2024-26643, CVE-2024-26644, CVE-2024-26645, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26663, CVE-2024-26664, CVE-2024-26665, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26695, CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702, CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26720, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26748, CVE-2024-26749, CVE-2024-26751, CVE-2024-26752, CVE-2024-26753, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26776, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26781, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26791, CVE-2024-26793, CVE-2024-26795, CVE-2024-26801, CVE-2024-26804, CVE-2024-26805, CVE-2024-26808, CVE-2024-26809, CVE-2024-26810, CVE-2024-26812, CVE-2024-26813, CVE-2024-26814, CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26825, CVE-2024-26833, CVE-2024-26835, CVE-2024-26839, CVE-2024-26840, CVE-2024-26843, CVE-2024-26845, CVE-2024-26846, CVE-2024-26848, CVE-2024-26851, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26861, CVE-2024-26862, CVE-2024-26863, CVE-2024-26870, CVE-2024-26872, CVE-2024-26874, CVE-2024-26875, CVE-2024-26877, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26889, CVE-2024-26891, CVE-2024-26894, CVE-2024-26895, CVE-2024-26897, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26906, CVE-2024-26907, CVE-2024-26910, CVE-2024-26917, CVE-2024-26920, CVE-2024-26922, CVE-2024-26923, CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26931, CVE-2024-26934, CVE-2024-26935, CVE-2024-26937, CVE-2024-26950, CVE-2024-26951, CVE-2024-26955, CVE-2024-26956, CVE-2024-26957, CVE-2024-26958, CVE-2024-26960, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969, CVE-2024-26970, CVE-2024-26973, CVE-2024-26974, CVE-2024-26976, CVE-2024-26978, CVE-2024-26979, CVE-2024-26981, CVE-2024-26984, CVE-2024-26988, CVE-2024-26993, CVE-2024-26994, CVE-2024-26997, CVE-2024-26999, CVE-2024-27000, CVE-2024-27001, CVE-2024-27004, CVE-2024-27008, CVE-2024-27013, CVE-2024-27020, CVE-2024-27024, CVE-2024-27025, CVE-2024-27028, CVE-2024-27030, CVE-2024-27038, CVE-2024-27043, CVE-2024-27044, CVE-2024-27045, CVE-2024-27046, CVE-2024-27047, CVE-2024-27051, CVE-2024-27052, CVE-2024-27053, CVE-2024-27059, CVE-2024-27065, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076, CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27437).
- Security fix: the included package glibc was upgraded from version 2.31-13+deb11u8 to version 2.31-13+deb11u10 (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602).
- Security fix: the included package util-linux was upgraded from version 2.36.1-8+deb11u1 to version 2.36.1-8+deb11u2 (CVE-2024-28085).
- Security fix: the included package less was upgraded from version 551-2 to version 551-2+deb11u2 (CVE-2022-48624, CVE-2024-32487).
Vulnerability Management:
- Major bug fix: an error was fixed where, if an alert with compose data but with no filter selected was added to a task, the task would be interrupted when the alert was triggered (#GEA-526, #GS-5859, #GS-6002, #GS-6022, #GS-6023, #GS-6025, #GS-6046, #GS-6055, #GS-6064, #GS-6067, #GS-6078, #GS-6103, #GS-6112, #GS-6113, #GS-6116, #GS-6118, #GS-6120, #GS-6123, #GS-6130, #GS-6137, #GS-6138, #GS-6147, #GS-6148, #GS-6159, #GS-6166, #GS-6170, #GS-6178, #GS-6197).
- Bug fix: an error was fixed where the appliance could sometimes become unresponsive when filtering results or refreshing the authentication (#GEA-505, #GS-5903).
- Bug fix: an error was fixed where it was not possible to delete a user without selecting an inheriting user (#GEA-542).
- Bug fix: an error was fixed where the location “package” was not accepted for the configuration of overrides and notes (#GEA-534, #GS-6039).
- Minor improvement: the info messages used to identify duplicate results and duplicate host details were changed to debug messages (#GEA-509).
- Minor improvement: the included appliance manual was updated to the current version from 2024-05-07 (#PR-867).

22.04.19 (2024-04-03):

Greenbone OS:
- Extension: the new Greenbone BASIC Appliance model was added (#GOS-1727).
- Improvement: the package gvm-tools included in GOS was updated to version 24.3.0 (#PR-834).
- Security fix: as a hardening measure, the MAC algorithms “umac-64@openssh.com” and “hmac-sha1” have been deactivated for the sshd server used by GOS. One of the following MAC algorithms now has to be used to connect to GOS via the SSH protocol: “hmac-sha2-512-etm@openssh.com”, “hmac-sha2-256-etm@openssh.com”, “hmac-sha2-512” or “hmac-sha2-256” (#GOS-1786, #GS-5677, #GS-5845).
- Security fix: the included package samba was upgraded from version 2:4.13.13+dfsg-1~deb11u5 to version 2:4.13.13+dfsg-1~deb11u6 (CVE-2022-2127, CVE-2022-3437, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968, CVE-2023-4091).
Vulnerability Management:
- Improvement: the included appliance manual was updated to the current version from 2024-03-25. The design and layout of the manual was improved through clearer tables of contents on the side and a light-dark-theme option (#PR-847).
- Improvement: the XML parser used by the gvmd service to process CPE data was improved, reducing the amount of memory used during feed updates (#GEA-488).
- Improvement: the XML parser used by the gvmd service to process CVE data was improved, reducing the amount of memory used during feed updates (#GEA-498).
- Bug fix: a memory leak was fixed for the processing of CPE and CVE data by the gvmd service, significantly reducing peak memory usage during feed updates (#GEA-490).
- Bug fix: an error was fixed where the gvmd service could potentially be stuck in a loop during feed updates because of malformed CPE data (#GEA-419).
- Bug fix: an error was fixed where the gvmd service could potentially be stuck in a loop during feed updates because of malformed CVE data (#GEA-512).
- Bug fix: an error was fixed where delta reports were broken if one of the reports had multiple results that were the same except for the description (#GEA-471).
- Bug fix: an error was fixed where delta reports could not be exported in the formats “GSR HTML”, “GSR PDF”, “PDF”, “TXT”, “Vulnerability Report HTML” and “Vulnerability Report PDF” (#GEA-442, #GS-5575).
- Bug fix: an error was fixed where configuring a vulnerability scan to check for file checksum patterns did not work as expected (#GEA-450).
- Bug fix: an error was fixed where the Exclude Hosts setting in a CVE scan was ignored (#GEA-463, #GS-5674).
- Bug fix: an error was fixed where, if an alert with compose data but with no filter selected was added to a task, reports sent via the alert would be incomplete (#GEA-504).
- Bug fix: an error was fixed where alerts using the method TippingPoint SMS were not triggered after the scan was finished (#GEA-472, #GS-5706).
Vulnerability Scanning:
- Improvement: support for the Network Configuration Protocol (NETCONF) over SSH was added (#SC-1019).
- Bug fix: an error was fixed where using the Exclude Hosts setting while scanning vhosts could cause the scan to be interrupted (#SC-964).
- Minor improvement: the parsing of “$Date” strings in vulnerability tests was deprecated, and a warning will be logged if such vulnerability tests are loaded. The vulnerability tests in the current versions of the Greenbone Enterprise Feed and the Greenbone Community Feed have been updated accordingly (#SC-903).

22.04.18 (2024-02-20):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the RAM limit of the appliance model Greenbone Enterprise 400 (revision 1) was increased from 6 GB to 8 GB. A reboot after the upgrade is required for this change to take effect (#GOS-1762).
- Improvement: the expiration dates for the feed signing and support package encryption keys used by GOS have been extended until 2026-12-31 (#GOS-1756, #GOS-1757).
- Security fix: the included package postgresql-13 was upgraded from version 13.13-0+deb11u1 to version 13.14-0+deb11u1 (CVE-2024-0985).
- Security fix: the Linux kernel was upgraded from version 5.10.208-greenbone1 to version 5.10.209-greenbone1 for hardware appliances and from version 5.10.205-2 to version 5.10.209-2 for virtual appliances (CVE-2024-1086).
- Bug fix: NTLM has been deactivated for the use of all e-mail functionality in GOS to prevent problems with some Microsoft Exchange servers (#GOS-1715, #GS-5533).
Vulnerability Management:
- Major bug fix: an error was fixed where granting read or write permissions for objects to other users did not work as expected (#GEA-477, #GS-5720, #GS-5781).
- Bug fix: an error was fixed where Vulnerability Report PDF and Vulnerability Report HTML reports that were attached to or included in e-mail alerts and for which overrides were active had no contents (#GEA-408, #GEA-482, #GS-5431, #GS-5447, #GS-5530).
- Minor improvement: the included appliance manual was updated to the current version from 2024-02-15 (#PR-823).

22.04.17 (2024-02-01):

Greenbone OS:
- Major bug fix: an error was fixed where pushing the feed from the master appliance to the sensor appliance in a master-sensor setup resulted in sensor feed synchronization issues (#GOS-1705).
- Improvement: the package gvm-tools and python-gvm included in GOS were updated to version 24.1.0. Note: Due to API changes at least these versions are required to access the GMP API of GOS 22.04.17. (#PR-792).
- Improvement: the processes of creating and importing a beaming image are now system operations. While a system operation is in progress, no other system operation can be started. This is to ensure the integrity and stability of the system (#GOS-1677).
- Security fix: the included package libssh was upgraded from version 0.9.7-0+deb11u1 to version 0.9.8-0+deb11u1 (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u10 to version 7.74.0-1.3+deb11u11 (CVE-2023-46218).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+3 to version 1:8.4p1-5+deb11u3 (CVE-2021-41617, CVE-2023-28531, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385).
- Security fix: the Linux kernel was upgraded from version 5.10.197-1 to version 5.10.205-2 for virtual appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
- Security fix: the Linux kernel was upgraded from version 5.10.201-greenbone1 to version 5.10.208-greenbone1 for hardware appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
- Bug fix: an error was fixed where formatting a GOS USB backup stick did not work in several cases (#GOS-1714).
- Bug fix: an error was fixed where some links in the feed had the wrong permissions which could lead to pushing the feed from a master appliance to a sensor appliance in a master-sensor setup to fail (#GOS-1708).
Vulnerability Management:
- Improvement: an option to filter for the compliance status was added to the Results page and to the Results tab of a report. The filter keyword is compliance_levels and the possible values are y (yes/compliant), n (no/not compliant), i (incomplete) and u (undefined) (#GEA-391).
- Improvement: in addition to the IP address, the host name is now displayed in the header of each host section, in the list at the host section beginning, and in the details of the results in the report formats Vulnerability Report PDF and Vulnerability Report HTML (#GEA-378, #GS-3372)
- Improvement: due to improvements the GMP API version has been increased to 22.5. When accessing the GMP API of GOS 22.04.17 via clients, up-to-date, compatible versions have to be used, for example gvm-tools 24.1.0 (#GEA-407).
- Improvement: the performance of loading of a large number of tag resource has been significantly improved (#GEA-380).
- Improvement: the performance of the Results and Vulnerabilities pages was improved for setups with multiple users and large amounts of results (#GEA-385).
- Security fix: the strength of the encryption key for credentials stored in the database has been increased from 2048-bit RSA to 3072-bit RSA. Existing credentials are automatically re-encrypted with the new key when upgrading to GOS 22.04.17 or later (#GOS-1678, #GEA-193).
- Bug fix: an error was fixed where – when deleting a user via the web interface, the command line or the GOS administration menu – no users who inherit the objects of the deleted user could be selected (#GEA-381).
- Bug fix: an error was fixed where the table on the page Vulnerabilities showed the date and time of the newest result instead of the oldest result in the column Oldest Result (#GEA-414).
- Bug fix: an error was fixed where editing VT families of custom compliance policies was not possible (#GEA-415).
- Bug fix: an error was fixed where reports in the report formats CPE and TLS Map where empty when sent via the Test Alert functionality using the method E-mail (#GEA-358).
- Minor improvement: the included appliance manual was updated to the current version from 2024-01-15 (#PR-793).
- Minor improvement: the credential type Client Certificate was retired because it was not used for any type of target, alert or scanner anymore. Existing credentials of this type will not be affected or removed. They can still be accessed, but they are of no use anymore, and can be deleted manually (#GEA-333).
- Minor improvement: the VT families AlmaLinux Local Security Checks and Amazon Linux Local Security Checks are no longer editable when creating or editing a scan configuration (#GEA-387).
- Minor bug fix: an error was fixed where the tool tips showed and linked false filters when hovering over the columns for N/A and 1 in a “by CVSS” diagram (#GEA-370).

22.04.16 (2023-12-04):

Greenbone OS:
- Improvement: support for limiting the number of simultaneous web sessions for web users was added. The configuration can be found in the GOS menu under Setup > Users > Users > User sessions. By default, no limit is applied, which reflects the behavior of GOS 22.04.15 and earlier (#GOS-1621, #GEA-288, #GS-4982).
- Improvement: the package gvm-tools included in GOS was updated to version 23.11.0 (#PR-753).
- Improvement: the package python-gvm included in GOS was updated to version 23.11.0 (#PR-753).
- Bug fix: an error was fixed where SNMP passphrases containing the character “!” were not working in GOS (#GOS-1623, #GS-4924).
- Security fix: SSL 3.0, TLS 1.0 and TLS 1.1 have been disabled for the remote logging feature of GOS. TLS 1.2 or TLS 1.3 must be used now (#GOS-1613, RFC 7568, RFC 8996).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+2 to version 1:8.4p1-abomination+3 (CVE-2023-38408).
- Security fix: the included package postgresql-13 was upgraded from version 13.11-0+deb11u1 to version 13.13-0+deb11u1 (CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417).
- Security fix: for virtual appliances, the included package open-vm-tools was upgraded from version 2:11.2.5-2+deb11u2 to version 2:11.2.5-2+deb11u3 (CVE-2023-34058, CVE-2023-34059).
- Minor improvement: an outdated “gsm” reference in the GOS administration menu has been corrected (#GOS-1650).
Vulnerability Management:
- Major improvement: the delta report functionality was overhauled. Delta reports are no longer dependent on the sorting order of the results, providing a much more intuitive user experience, tool tips have been added to delta reports to show exactly what has changed, e.g., the severity or the quality of detection (QoD), and the performance of generating delta reports was considerably improved (#GEA-271).
- Improvement: scan configurations, report formats, port lists, and compliance policies can now be marked deprecated on the web interface. If a report is exported in a deprecated report format, the downloaded file may be empty or otherwise not suitable for use (#GEA-6).
- Improvement: when viewing TLS certificates of a scan report, the certificates’ Subject DN can now be clicked to show more information about the certificate (#GEA-308).
- Improvement: the new task status Processing is now also supported for container tasks. It is displayed there after the report upload is completed, indicating that the appliance is busy processing data in the backend (#GEA-353).
- Improvement: the performance when editing scan configurations or compliance policies in the web interface was further improved (#GEA-341).
- Improvement: the performance when paging through list pages with “Created” or “Modified” dates on the web interface, e.g., the “SecInfo > NVTs” page, was improved (#GEA-362).
- Bug fix: an error was fixed where CVE scans did not detect the expected CVEs due to incorrect case sensitivity for CPEs (#GEA-8, #GS-2451).
- Bug fix: an error was fixed where it was not possible to link a large number of tags to an object because the corresponding menu became unusable. Note that the menu is still limited to a maximum of 200 tags. If more tags are to be linked to an object, the “Apply to …” functionality on list pages can be used (#GEA-251, #GS-908).
- Bug fix: incorrectly encoded TLS certificate data in the database, which could cause errors when viewing certificates on the web interface, is now cleaned up when upgrading to GOS 22.04.16 or later. Note that with the current GOS versions, the recurrence of such incorrectly encoded data should no longer occur (#GEA-3, #GOS-1648, #GS-2337).
- Minor improvement: the included appliance manual was updated to the current version from 2023-11-28 (#PR-780).
- Minor improvement: the drop-down menu used in various dialogs on the web interface can now also be oriented upwards, if there is not enough free space at the bottom to display the entire content (#GEA-303).
- Minor improvement: the Start button () for scan tasks on the web interface is now inactive if a schedule with an end date is configured for the task. Trying to start such tasks was never supported, and tasks would stop at 0 % progress in this case (#GEA-379, #GS-699).
- Minor improvement: the informational message “The reports database is currently busy, please try again later” was added for cases where scan reports could not be deleted due to an ongoing database lock (#GEA-327, #GS-2073).
- Minor improvement: when editing scan configurations or compliance policies, it is no longer possible to edit individual vulnerability tests for various vulnerability test families that should only be selected as a whole (#GEA-331).
- Minor improvement: the report format ITG was deprecated (#GEA-6, #GS-586, #GS-4121).
- Minor improvement: the CVSS ranges for dashboard diagrams were improved (#GEA-266).
- Minor improvement: the error message shown when trying to create an invalid credential was improved to be more specific (#GEA-341).
- Minor improvement: the error message shown when the gvmd database cannot be migrated was improved to be more specific (#GEA-362).
- Minor improvement: when using the GMP API, “creation_time” and “modification_time” information is now returned in the user’s local time zone instead of UTC (#GEA-362).
- Minor bug fix: an error was fixed where duplicate “Timeout” NVT preferences could appear when editing scan configurations or compliance policies (#GEA-362).
- Minor bug fix: an error was fixed where two German translations – in the “Compose” dialog when creating or editing an alert, and on the “TLS Certificates” list page – were missing (#GEA-332, #GEA-334).
Vulnerability Scanning:
- Bug fix: an error was fixed where vulnerability scans were interrupted when the target setting “Reverse Lookup Only” was set to “Yes” and a host was excluded from the target (#SC-929, #GS-5146).
- Bug fix: an error was fixed where the Boreas alive scanner performed alive tests even if the alive test option “Consider Alive” was used (#SC-934).

22.04.15 (2023-10-17):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.9.0 (#PR-740).
- Bug fix: an error was fixed where monitoring the HDD via SNMPv3 sometimes failed (#GOS-1612, #GS-4243).
- Bug fix: an error was fixed where enabling the SSH service on a Greenbone Enterprise TRIAL sometimes failed (#GOS-1564).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u5 to version 1.1.1w-0+deb11u1 (CVE-2023-3446, CVE-2023-3817).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u7 to version 7.74.0-1.3+deb11u10 (CVE-2023-38545, CVE-2023-38546, CVE-2023-27533, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538).
- Security fix: the included package libwebp was upgraded from version 0.6.1-2.1+deb11u1 to version 0.6.1-2.1+deb11u2 (CVE-2023-4863, #GS-5145).
- Security fix: the included package mosquitto was upgraded from version 2.0.11-1 to version 2.0.11-1+deb11u1 (CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-3592, #GS-5082).
Vulnerability Management:
- Major bug fix: an error was fixed where scan tasks sometimes got stuck at 100 % when a large number of host details needed to be processed (#GEA-273).
- Improvement: the new task status Processing was added. It is displayed after 100 % scan progress, indicating that the appliance is busy processing data in the backend, while any scan activity is completed as expected (#GEA-274).
- Improvement: for CVEs for which a severity score is not yet available, “N/A” is now displayed instead of the misleading severity “0.0” (#GEA-224, #GS-1160, #GS-4648, #GS-1118, #GS-1144).
- Improvement: override texts of up to 300 characters are now also included in the report formats GSR PDF, GXR PDF, Vulnerability Report HTML, and Vulnerability Report PDF (#GEA-85).
- Improvement: the limit for override texts included in the report formats Anonymous XML, XML and TXT was increased from 60 to 300 characters (#GEA-86).
- Improvement: the Assets > TLS Certificates list page now lists the TLS certificates by their subject distinguished name (“Subject DN”) instead of their issuer (#GEA-202).
- Improvement: it is now possible to specify the port used for an SCP alert. A corresponding input box was added to the dialog (#GEA-280, #GS-1555).
- Improvement: an option to ignore pagination was added to the report content composer for alerts (#GEA-124, #GS-3911, #GS-4271).
- Improvement: when changing the user password for the web interface, an error message is now displayed if the old password is incorrect or missing (#GEA-175).
- Bug fix: an error was fixed where downloading a report in the report formats Vulnerability Report HTML and Vulnerability Report PDF sometimes resulted in empty files (#GEA-209, #GS-1308).
- Bug fix: an error was fixed where scheduled tasks sometimes did not run at the correct time when the time zone PST/PDT was used (#GEA-114).
- Bug fix: an error was fixed where delta reports contained results that could not be accessed (#GEA-247, #GS-958).
- Bug fix: an error was fixed where e-mail alerts with the condition “Severity Level changed”, “Severity Level increased” or “Severity Level decreased” caused an SQL error in the logs if the task had no previous reports (#GEA-246).
- Bug fix: an incomplete sub-page that should not have been available but could be accessed by entering a URL directly has been removed (#GEA-177, #GS-4392)
- Minor improvement: the included appliance manual was updated to the current version from 2023-10-09 (#PR-746).
- Minor bug fix: an error was fixed where dashboard diagrams showing a resource “by CVSS” (e.g., “Hosts by CVSS”) displayed 10.9 as the highest severity when hovering over the associated column (#GEA-265).
- Minor bug fix: an error was fixed where the process title of gvmd displayed a duplicated “gvmd: gvmd:” (#GEA-240).
Vulnerability Scanning:
- Minor improvement: the system log message indicating when the Notus scanner is running has been simplified and is now only displayed when the requirements for Notus scanner operation are met (#SC-902).

22.04.14 (2023-08-31):

Greenbone OS:
- Improvement: the the company name displayed in the GOS administration menu and the SNMP MIBs was updated to show the new company name „Greenbone AG“ (#GOS-1494).
- Improvement: the RAM limit of the appliance model Greenbone Enterprise 150 was increased from 6 GB to 8 GB (#GOS-1584).
- Bug fix: on the sensor appliances, Greenbone Enterprise 35 and Greenbone Enterprise 25V, an error was fixed where gos-grub was missing a dependency to e2fsprogs which resulted in an error message when starting the appliance (#GOS-1576).
- Security fix: the microcode included in the hardware kernels of the appliance models Greenbone Enterprise 6500/5400/650 R2/600 R2/450 R2/400 R2 were upgraded to the state of the release microcode-20230808 (CVE-2022-40982).
- Security fix: the Linux kernel was upgraded from version 5.10.179-1 to version 5.10.191-1 for virtual appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
- Security fix: the Linux kernel was upgraded from version 5.10.186-greenbone1 to version 5.10.192-greenbone-1 for hardware appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
- Minor bug fix: an error was fixed where setting the GOS state variable max_ips_per_target to 0 in the GOS shell caused the gvmd service to fail. The minimum input value for max_ips_per_target is now 1 (#GOS-1539).
- Minor bug fix: a superfluous GnuPG key ring file for the OpenVAS scanner was removed from GOS (#GOS-1572).
- Minor security fix: a missing kernel-side mitigation for the ‘Processor MMIO Stale Data’ and ‘SRBDS – Special Register Buffer Data Sampling’ hardware appliance vulnerabilities was added for the appliance models Greenbone Enterprise 650 R2/600 R2/450 R2/400 R2 (#GOS-1541).
Vulnerability Management:
- Improvement: the product logo on the web interface was replaced to show the correct product name “Greenbone Enterprise Appliance” (#GOS-1538).
- Improvement: the error message displayed when clicking a CPE name that does not have a linked CPE entry was reworded to clarify the reasons for a missing CPE entry (#GEA-207, #GS-43).
- Improvement: the performance when editing scan configurations or policies on the web interface has been improved (#GEA-235).
- Improvement: the performance of gvmd rebuilds has been further improved (#GEA-235).
- Bug fix: an error was fixed where the setting Use workaround default certificate for an alert with the TippingPoint SMS method was not saved (#GEA-181, #GEA-230, #GS-4209).
- Bug fix: an error was fixed where uploading an unsupported certificate file format for an alert with the TippingPoint SMS method did not show a warning but silently corrupted the alert data used by gmvd (#GEA-254).
- Bug fix: an error was fixed where IP addresses were cropped in the Top 10 Hosts overview of the report formats Vulnerability Report PDF and Vulnerability Report HTML (#GEA-46, #GS-3693).
- Bug fix: an error was fixed where in rare cases scan reports could not be deleted (#GEA-2, #GS-2073).
- Bug fix: an error was fixed where in rare cases only a partial response would be received via the GMP API (#GEA-235).
- Minor bug fix: an error was fixed where the “?” icon on the page SecInfo > NVTs did not lead to the correct user manual section (#GEA-262).
- Minor bug fix: an error was fixed where the browser tab of the web interface showed incorrect and changing text when logging in and out of the web interface (#GEA-1543).
- Minor improvement: when a user with the Super Admin role changes their own user settings, a warning is now displayed explaining that saving the changes will log the user out immediately (#GEA-37).
- Minor improvement: the included appliance manual was updated to the current version from 2023-08-14 (#PR-718).
Vulnerability Scanning:
- Bug fix: an additional error was fixed where not every JSON string was parsed correctly during inter-process communication (#SC-886).

22.04.13 (2023-07-17):

Vulnerability Management:
- Major bug fix: another error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when both error messages (e.g., from VT timeouts) and duplicated scan results occurred at the same time during a scan (#GEA-250, #GS-4727, #GS-4734, #GS-4780).
- Bug fix: an error was fixed where a gvmd rebuild could cause a segmentation fault when VT preference names in old scan configurations were updated (#GEA-245).
- Minor improvement: the included appliance manual was updated to the current version from 2023-07-14 (#PR-696).

22.04.12 (2023-07-10):

Greenbone OS:
- Improvement: the package python-gvm included in GOS was updated to version 23.5.1 (#PR-644).
- Security fix: the Linux kernel was upgraded from version 5.10.180-greenbone1 to version 5.10.186-greenbone1 for hardware appliances (CVE-2023-35788).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u4 to version 1.1.1n-0+deb11u5 (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650).
Vulnerability Management:
- Major bug fix: an error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when unexpected characters were contained in the scan results (#GEA-223, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
- Major bug fix: an error was fixed where a gvmd rebuild, which can occur due to hash value mismatches during feed updates, caused failed scan task requests, and missing VT and result names in the SecInfo menu and in scan reports (#GEA-49, #GEA-50, #GS-3459, #GS-3346, #GS-2947, #GS-3367).
- Security fix: an issue was fixed where scan tasks could cause an SQL error due to missing SQL quoting, potentially allowing a denial of service (DoS) attack against the scan task that triggered the error via SQL-Injection, causing the task to be interrupted (#GEA-226, #GS-4596, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
- Improvement: the performance of gvmd rebuilds, which can occur due to hash value mismatches during feed updates, has been improved, and rebuilds should now finish noticeably faster (#GEA-49, #GEA-50).
- Improvement: the performance of the GMP command get_targets has been improved, which should noticeably speed up the use of menus and dialogs with links to a large number of targets (#GEA-241).
- Improvement: the usability of the dialog for creating permissions was improved by making it clearer which object the permission refers to and which the related resources are (#GEA-74, #GS-50, #GS-2948).
- Bug fix: an error was fixed where scan tasks were interrupted at 100 %, if the scan used an alert with the “Filter … matches at least … results more than previous scan” condition (#GEA-146, #GS-4112).
- Bug fix: an error was fixed where running a CVE scan could sometimes cause subsequent OpenVAS scans to fail (#GEA-211).
- Bug fix: an error was fixed where the details of TippingPoint alerts did not show any information about the saved TLS certificate (#GEA-180, #GS-4209).
- Bug fix: an error was fixed where the usage_type element contained the value “(null)” instead of “policy” or “config” when using the GMP command get_configs, which could, for example, cause scan configurations and policies to appear under the wrong menus when manually imported or when moved to the trashcan (#GEA-204, #GEA-225, #GS-4653).
- Minor improvement: the placeholder subject for an e-mail alert now shows the new, correct product name “Greenbone Enterprise Appliance” instead of the formerly used abbreviation “GSM” (#GOS-1491).
- Minor improvement: a log message has been added explaining the reason why scans will not run when no feed has been synced on the appliance yet (#GEA-49).
- Minor improvement: the included appliance manual was updated to the current version from 2023-07-03 (#PR-681).
- Minor bug fix: an error was fixed where two German translations – in the LDAP authentication dialog and in the SMB alert drop-down menu – were missing (#GEA-163).
Vulnerability Scanning:
- Bug fix: an error was fixed where scans were interrupted if a host was reached for which scanner access had been denied via the user settings, so that further, allowed hosts were not scanned (#SC-837).

22.04.11 (2023-05-31):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.4.0 (#PR-615).
- Improvement: the package python-gvm included in GOS was updated to version 23.4.2 (#PR-615).
- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u3 to version 2.9.10+dfsg-6.7+deb11u4 (CVE-2023-28484, CVE-2023-29469).
- Security fix: the included package libssh was upgraded from version 0.9.5-1+deb11u1 to version 0.9.7-0+deb11u1 (CVE-2023-1667, CVE-2023-2283).
- Security fix: the included package postgresql-13 was upgraded from version 13.10-0+deb11u1 to version 13.11-0+deb11u1 (CVE-2023-2454, CVE-2023-2455).
- Security fix: the Linux kernel was upgraded from version 5.10.162-1 to version 5.10.179-1 for virtual appliances (CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
- Security fix: the Linux kernel was upgraded from version 5.10.155-greenbone1 to version 5.10.180-greenbone1 for hardware appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455, CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
Vulnerability Management:
- Major bug fix: an error was fixed where new CPEs could not be processed during feed updates, causing the gvmd service to be stuck in a loop (#GEA-208).
- Improvement: the company name displayed in the footer of the web interface was updated to show the new company name “Greenbone AG” (#GEA-147).
- Improvement: the Operating Systems list page now shows two columns for Hosts: All and Best OS, making it possible to differentiate between hosts for which the operating system was found at all and hosts for which the operating system is the most suitable operating system (#GEA-117).
- Bug fix: an error was fixed where subsequent scans against the same scan target sometimes resulted in duplicated scan results (#GEA-51, #GS-169. #GS-3697, #GS-3739).
- Bug fix: an error was fixed where tasks were set from the scan status “Requested” to “Stopped” when starting a scheduled task manually, but the scanner started the scan nonetheless (#GEA-12, #GS-173, #GS-2919).
- Bug fix: an error was fixed where the “Product Detection Result” section was missing for results of reports that were imported into a container task (#GEA-135).
- Bug fix: an error was fixed where false-positive result counts were not shown in the reports overview (#GEA-79).
- Bug fix: an error was fixed where TippingPoint SMS alerts did not save the specified credentials and used the alphabetically first credentials instead (#GEA-158, #GS-4209).
- Bug fix: an error was fixed where the line chart on the web interface (e.g., on the CVE page) did not show any lines (#GEA-143, #GS-4105, #GS-4390).
- Bug fix: an error was fixed where using an alert for the event New CVEs did not work and resulted in SQL errors in the logs (#GEA-129).
- Bug fix: an error was fixed where an operating system asset was shown to be “in use” and therefore could not be deleted even though no hosts for the operating system were shown in the counter (#GEA-117, #GS-837).
- Bug fix: an error was fixed where setting the correct permissions for data-objects during feed updates failed for custom roles (#GEA-116, #GS-3860).
- Bug fix: an error was fixed where successful SNMP authentication was shown as unsuccessful on the web interface if the authentication was successful with one protocol version (e.g., SNMPv3) but unsuccessful with another protocol version (e.g., SNMPv1) (#GEA-131, #GS-3967).
- Bug fix: an error was fixed where the authentication type LDAP was not correctly displayed in the details preview of a user and on the details page of a user (#GEA-27, #GS-625).
- Minor improvement: a new info message to identify duplicate host details was added for the gvmd service (#GEA-182).
- Minor improvement: when creating an SMB alert, the menu option for using the latest supported SMB version is now called “Default” to avoid confusion (#GEA-161).
- Minor improvement: the included appliance manual was updated to the current version from 2023-05-15 (#PR-627).

22.04.10 (2023-04-19):

Greenbone OS:
- Bug fix: an error was fixed where after adding a temporary upgrade key, GOS upgrades did not work as expected (#GOS-1082).
- Bug fix: an error was fixed where GOS upgrades would fail when remote syslog was enabled (#GEA-148, #GS-4153, #GS-4120).
- Improvement: the package gvm-tools included in GOS was updated to version 23.3.0 (#PR-596).
- Improvement: the package python-gvm included in GOS was updated to version 23.4.0 (#PR-596).
Vulnerability Management:
- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs caused all RAM and swap to be occupied, leading to gvmd and the web interface being unresponsive (#GEA-138, #GS-4088, #GS-4044, #GS-4115).
- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs would fail with the error “e.entry.cvss is undefined” or “Cannot read properties of undefined (reading ‘base_metrics’)” (#GEA-157, #GS-4088, #GS-4044, #GS-4115).
- Bug fix: an error was fixed where reports from CVE scans, both on the web interface and in downloaded reports, only displayed the IP addresses of the scanned hosts and not the host names (#GEA-4, #GS-2458).
- Improvement: an option to set the maximum SMB version used for an SMB alert was added (#GEA-38, #GS-1588).
- Improvement: an option to enforce LDAPS for the LDAP authentication was added (#GEA-82, #GS-3777).
- Minor improvement: the included appliance manual was updated to the current version from 2023-04-14 (#PR-598).
Vulnerability Scanning:
- Minor bug fix: an error was fixed where a traceback occurred if the ospd-openvas service could not locate the scanner binary (#SC-789).
- Minor improvement: the detection of unreachable (dead) hosts in the end_denial function of the scanner has been improved (#SC-772).
- Minor improvement: the option sign is now set as a default for the wmi_connect function of the scanner (#SC-779, #GS-1771, #GS-3756, #GS-3628).
- Minor improvement: support for epoch in RPM package version comparison was added (#SC-795, #GS-3272).

22.04.9 (2023-03-08):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.2.0 (#PR-568).
- Improvement: the package python-gvm included in GOS was updated to version 23.2.0 (#PR-568).
- Security fix: the included package syslog-ng was upgraded from version 3.28.1-2 to version 3.28.1-2+deb11u1 (CVE-2022-38725).
- Minor improvement: if a custom value for the maximum number of concurrent connections to the PostgreSQL database has been configured, it is now included in the GOS support package for debugging purposes (#GEA-25).
Vulnerability Management:
- Bug fix: an error was fixed where creating a downloadable Debian (.deb) credential package was not possible (#GEA-45, #GS-1253, #GS-1628).
- Bug fix: an error was fixed where the appliance caused re-authentications with RADIUS-2FA every 5 minutes (#GEA-36, #GS-224).
- Bug fix: an error was fixed where the performance graphs could sometimes not be created (#GEA-28, #GS-3507).
- Security fix: an issue was fixed where the shared key for RADIUS authentication was stored in plain text (without encryption) in the database and included in the GMP responses (#GEA-41).
- Security fix: for the included package gsm-greenbone-security-assistant, multiple vulnerabilities in the build dependencies were fixed (#GEA-53).
- Minor improvement: the included appliance manual was updated to the current version from 2023-02-28 (#PR-581).
Vulnerability Scanning:
- Bug fix: an error was fixed where simultaneously started scans erroneously had the same position in the scan queue (#SC-755, #GS-3450).
- Bug fix: two potential memory leaks in the misc/bpf_share.c and nasl/nasl_packet_forgery.c functions were fixed (#SC-769).

22.04.8 (2023-02-15):

Greenbone OS:
- Extension: the SNMP service (GOS menu Setup > Services > SNMP) and the automatic time synchronization via NTP (GOS menu Setup > Timesync) are made available for the appliance model Greenbone Enterprise CENO. To access the newly enabled features it is required to log out and then log back in to the GOS menu (#GEA-31, #GS-3658).
- Bug fix: an error was fixed where the airgap FTP functionality did not work and the folder /tmp was filled with unwanted data, potentially causing the file system to run out of free space (#GEA-23, #GS-3032).
- Bug fix: an error was fixed where the optional package gsm-debug could not be installed due to a broken dependency (#GEA-81).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u3 to version 1.1.1n-0+deb11u4 (CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286).
- Security fix: the Linux kernel was upgraded from version 5.10.158-2 to version 5.10.162-1 for virtual appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2023-02-14 (#PR-572).

22.04.7 (2023-01-26):

Greenbone OS:
- Bug fix: an error was fixed where formatting a USB drive to serve as a GOS backup device was not possible (#GOS-1287, #GS-3610).
- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3+deb11u1 to version 1.5.0-3+deb11u2 (CVE-2022-47629).
- Minor improvement: the gos-network-manager self-check now fails only when an error occurs for the corresponding service. Previously, it failed if an error or warning occurred for the service. Warnings are still logged in the system log for debugging purposes, however (#GOS-1266, #GS-3437).
Vulnerability Management:
- Bug fix: an error was fixed where many special characters were not accepted in the names and comments of multiple web interface objects (#DEVOPS-475, #DEVOPS-477, #GS-3509, #GS-3549, #GS-3608, #GS-3629, #GS-3649).
- Bug fix: an error was fixed where reports sent via alerts did not contain all results they were supposed to contain according to the configured filter (#T4-420, #GS-3458).
- Bug fix: an error was fixed where manually triggering an alert for a report always sent the report for the latest scan run of that task and not for the triggered one (#T4-411).
- Bug fix: an error was fixed where the LDAP version could get wrongly set to 2 instead of 3 when STARTTLS was disabled, resulting in the LDAPS connection not being possible (#T4-398).
- Security fix: the attribute “SameSite=Strict” was set for the cookies used by the web interface (#T3-509).
- Minor improvement: the included appliance manual was updated to the current version from 2023-01-16 (#PR-557).
Vulnerability Scanning:
- Bug fix: an error was fixed where the OpenVAS scanner was still processing vulnerability tests after the corresponding scan task was stopped (#SC-744).
- Bug fix: an error was fixed where the Notus package comparison was not working correctly for packages containing a “~” in the version, causing false-positive results (#SC-752, #SC-754, #GS-3051, #GS-3499).
- Bug fix: an error was fixed where the ospd-openvas service could not start normally when a corresponding empty .pid file existed (#SC-746).
- Bug fix: an error was fixed where the Notus scanner could not start normally when a corresponding empty .pid file existed (#SC-748).
- Bug fix: an error was fixed where not every JSON string was parsed correctly during inter-process communication, potentially causing interrupted scan tasks (#SC-747).
- Minor improvement: the openvas-wmiclient library was updated to provide better Windows Management Instrumentation (WMI) support when scanning Windows Server 2022 targets (#SC-645).

22.04.6 (2022-12-15):

Vulnerability Management:
- Major improvement: the new WID-SEC format of the CERT-Bund advisories which has been available since June 2022, is now also supported. Numerous new WID-SEC advisories have been added to the feed and are visible on the web interface under SecInfo > CERT-Bund Advisories (#DEVOPS-355).
- Minor improvement: the included appliance manual was updated to the current version from 2022-12-13 (#PR-541).
Vulnerability Scanning:
- Improvement: if a database inconsistency is detected while performing a vulnerability test, the vulnerability test is now aborted immediately, since the result is lost anyway. In addition, the method for detecting such inconsistencies has been improved (#SC-647).
- Bug fix: an error was fixed where JSON strings were not parsed correctly during inter-process communication, causing interrupted scan tasks (#SC-738).

22.04.5 (2022-12-01):

Greenbone OS:
- Status: The lifecycle status of GOS 22.04 was set to “mature”. (#GOS-1267).
- Bug fix: an error was fixed where copying files via SCP to or from the appliance was not possible as the openssh server configuration of GOS was not compatible with newer openssh versions (#GOS-883).
- Security fix: the Linux kernel was upgraded from version 5.10.140-1 to version 5.10.155-greenbone1 for hardware appliances and to version 5.10.149-2 for virtual appliances (CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-20421, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722).
- Security fix: the included package libxml2:amd64 was upgraded from version 2.9.10+dfsg-6.7+deb11u2 to version 2.9.10+dfsg-6.7+deb11u3 (CVE-2022-40303, CVE-2022-40304).
- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u4 to version 2.2.10-2+deb11u5 (CVE-2022-43680).
- Security fix: the included package isc-dhcp-client was upgraded from version 4.4.1-gos2110+1 to version 4.4.1-2.3+deb11u1 (CVE-2022-2928, CVE-2022-2929).
- Security fix: the included packages libkrb5-3:amd64, libkrb5support0:amd64 and libgssapi-krb5-2:amd64 were upgraded from version 1.18.3-6+deb11u2 to version 1.18.3-6+deb11u3 (CVE-2022-42898).
Vulnerability Management:
- Bug fix: an error was fixed where selecting the permission scope, i.e., whether it should be created only for the resource, for related resources as well or only for related resources, was not possible when creating a permission via the object’s details page (#T4-276).
- Minor improvement: the included appliance manual was updated to the current version from 2022-11-25 (#PR-536).
Vulnerability Scanning:
- Major bug fix: an error was fixed where scans would get stuck for no apparent reason (#SC-741).
- Bug fix: an error was fixed where RPM packages for Mageia were not detected correctly, causing false-negative results (#SC-722).

22.04.4 (2022-11-01):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 22.9.0 (#PR-499).
- Improvement: the package python-gvm included in GOS was updated to version 22.9.1 (#PR-499).
- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3 to version 1.5.0-3+deb11u1 (CVE-2022-3515).
- Security fix: the included package python3-django was upgraded from version 2:2.2.28-1 to version 2:2.2.28-1~deb11u1 (CVE-2022-22818, CVE-2022-23833, CVE-2022-28346, CVE-2022-28347, CVE-2022-34265, CVE-2022-36359, CVE-2022-41323).
- Security fix: the included package libdbus-1-3:amd64 was upgraded from version 1.12.20-2 to version 1.12.24-0+deb11u1 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012).
- Bug fix: an error was fixed where the switch release from GOS 21.04 to GOS 22.04 would fail if the PostgreSQL package was updated to version 13.8.0 or later (#GOS-1143).
Vulnerability Management:
- Bug fix: an error was fixed where the migration of the gvmd database would fail if the PostgreSQL package was updated to version 13.8.0 or later (#T3-364).
- Minor improvement: the included appliance manual was updated to the current version from 2022-10-24 (#PR-506).
Vulnerability Scanning:
- Improvement: support for Slackware Linux packages was added to the Notus scanner (#SC-637).
- Improvement: the list of default TCP ports which the Boreas Alive Scanner uses for the alive test was improved and now contains the Nmap top 20 ports (#SC-663).
- Improvement: the new scanner preference alive_test_ports was added to configure the TCP ports used by the Boreas Alive Scanner for the alive test. The setting only has an effect on the alive tests TCP-ACK Service Ping and TCP-SYN Service Ping (#SC-689).
- Improvement: the new scanner preference test_alive_wait_timeout was added to configure the timeout of the Boreas Alive Scanner (#SC-680).
- Improvement: the Redis caches for OpenVAS and Notus were separated, the nvticache module now only handles OpenVAS VTs and the Notus cache module now only handles Notus advisories (#SC-692).
- Improvement: a fork observing mechanism was added which makes it possible to track every fork within a parent process, to manage forked children and to set limits to the number of possible forks (#SC-565).
- Bug fix: an error was fixed where the values set for Maximum concurrently scanned hosts and Maximum concurrently executed NVTs per host were limited to 15 and 10 respectively, even if the appliance model supported larger values (#SC-696).
- Bug fix: an error was fixed where the Quality of Detection (QoD) was incorrectly displayed on the web interface and in scan reports for Notus VTs (#SC-683).
- Bug fix: an error was fixed where tasks were interrupted when the severity_vector tag of a VT contained additional metrics other than the base score metrics (#SC-706).
- Bug fix: an error was fixed where version ranges defined for a lower version bound were ignored by the Notus scanner leading to a broken version range comparison for RPM packages (#SC-694).
- Bug fix: an error was fixed where comparing the two RPM packages for Oracle Linux did not work correctly due to “1.1.1c” being parsed as “1.1.1rc0”, leading to false-positive results (#SC-691, #GS-3085).
- Bug fix: an error was fixed where comparing RPM packages for Oracle Linux that contain fips or ksplice did not work correctly and led to false-positive results (#SC-690, #GS-3085).
- Bug fix: an error was fixed where Debian packages containing a “-” were parsed incorrectly, leading to false-positive results (#SC-682, #SC-684, #GS-3034, #GS-3051, #GS-3188, #GS-3189).
- Bug fix: an error was fixed where the comparison for Debian packages was not correct, as the single parts of the version were not compared part by part, but as a whole, leading to false-positive results (#SC-677).
- Minor improvement: the error message issued when chdir fails has been reworded from “Not able to open nor to locate it in include paths” to “Not able to change working directory to” to avoid confusion (#PR-500).

22.04.3 (2022-10-06):

Greenbone OS:
- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u3 to version 2.2.10-2+deb11u4 (CVE-2022-40674).
- Security fix: the included packages libgdk-pixbuf-2.0-0:amd64 and libgdk-pixbuf2.0-common were upgraded from version 2.42.2+dfsg-1 to version 2.42.2+dfsg-1+deb11u1 (CVE-2021-44648, CVE-2021-46829).
- Minor improvement: if it exists, the superfluous file /var/lib/redis/dump.rdb is removed automatically when upgrading to GOS 22.04.3 or later (#GOS-1141).
Vulnerability Management:
- Improvement: a problem was fixed where the filter keyword first was used twice for different filter functions and thus, filtering for tasks having a first report within a certain period of time was not possible. To filter for the time of the first or last report respectively, the new filter keywords first_report_created and last_report_created have been added. These replace the previously documented keywords first and last, which are thereby deprecated for this use case (#T3-226).
- Minor improvement: the included appliance manual was updated to the current version from 2022-10-05 (#PR-482).
Vulnerability Scanning:
- Major bugfix: an error was fixed where Redis occupied an increasing amount of RAM and disk space after every reboot or VT reload, which could negatively affect system stability and scan performance (#SC-675, #SC-679, #GS-2809, #GS-2836, #GS-3000, #GS-3021).
- Bugfix: an error was fixed where Notus used the Redis namespace 0 for the advisories and not an own namespace (#SC-678).

22.04.2 (2022-09-12):

Greenbone OS:
- Major bug fix: an error was fixed where activating the SNMP service was not possible and thus, no SNMP connection to the appliance could be established (#GOS-1081).
- Improvement: a file system check is now run by default when booting a virtual appliance (#GOS-880, #GS-2111, #GS-1986, #GS-2170, #GS-2324).
- Security fix: the kernel of the hardware appliances was upgraded from version 5.10.127 to version 5.10.136 (CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879 and CVE-2022-36946).
- Improvement: the included package python-gvm was upgraded from version 22.6.1 to version 22.8.0 to assure full compatibility with GOS 22.04/GVM 22.4 (#GOS-1084).
- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u1 to version 1.1.34-4+deb11u1 (CVE-2021-30560).
- Security fix: the included package open-vm-tools was upgraded from version 2:11.2.5-2 to version 2:11.2.5-2+deb11u1 (CVE-2022-31676).
- Security fix: the included package zlib was upgraded from version 1:1.2.11.dfsg-2+deb11u1 to version 1:1.2.11.dfsg-2+deb11u2 (CVE-2022-37434).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-30 (#GOS-1084).
Vulnerability Scanning:
- Improvement: ospd-openvas now tries to connect to the MQTT broker every 10 seconds if the last attempt failed to ensure that there is a broker connection even if ospd-openvas was started without a broker running (#SC-651).
- Bug fix: an error was fixed where duplicate results or results of other scans appeared in the scan report (#SC-378, #SC-34, #GS-403).
- Bug fix: an error was fixed where scans were continued in the background although they were stopped by the user (#SC-624, #GS-1864).
- Bug fix: an error was fixed where nmap continued scanning although the scan was stopped by the user (#SC-626, #GS-1654).
- Bug fix: an error was fixed where, in case no MQTT broker was running, notus-scanner ended with a ConnectionRefuseError as an exception (#SC-650).
- Bug fix: an error was fixed where ospd-openvas data-pickle-files were not cleaned up properly, causing the root volume to fill up (#SC-643, #GS-2457).
- Bug fix: an error was fixed where ospd-openvas stopped working instead of showing an error message when the sha256sums files were missing (#SC-646, #DEVOPS-314).
- Bug fix: an error was fixed where Notus-based VTs did not include references in the vulnerability and result detail overviews (#SC-648).
- Bug fix: an error was fixed where ospd-openvas got stuck when starting the appliance (#SC-662).
- Bug fix: an error was fixed where SSL/TLS enabled services were not detected correctly (#SC-659, #GS-2774, #GS-2803, #GS-2836).
- Minor improvement: a case where a missing scan_id threw an error with stacktrace in the logs was changed to a warning message, as this does not block the execution of ospd-openvas (#SC-285, #GS-156).
- Minor improvement: the socket_negotiate_ssl called() logs now also show the target host’s IP addresses (#SC-625).

22.04.1 (2022-08-19):

Greenbone OS:
- Major bugfix: an error was fixed where the checksum file signature verification of the Greenbone Enterprise Feed failed, which also impeded the scanning functionality (#GOS-1079).
- Security fix: the RPC library libtirpc that is included in GOS was upgraded from version 3_1.3.1-1 to version 1.3.1-1+deb11u1 (CVE-2021-46828).
- Security fix: the library GnuTLS was upgraded from version 3.7.1-5+deb11u1 to version 3.7.1-5+deb11u2 (CVE-2022-2509).
- Security fix: the included InfoZIP’s unzip program version was upgraded from version 6.0-26 to version 6.0-26+deb11u1 (CVE-2022-0529 and CVE-2022-0530).
- Security fix: the package samba that is included in GOS was upgraded from version 2:4.13.13+dfsg-1~deb11u4 to version 2:4.13.13+dfsg-1~deb11u5 (CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746).
- Security fix: the packages libldb and python3-ldb were upgraded from version 2:2.2.3-2~deb11u1 to version 2:2.2.3-2~deb11u2 (CVE-2022-32745).
- Security fix: the included package openssl was upgraded from version openssl_1.1.1n-0+deb11u2 to version openssl_1.1.1n-0+deb11u3 (CVE-2022-2068).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-18 (#GOS-1065).

22.04.0 (2022-08-08):

Notus Scanner

With GOS 22.04, the new Notus Scanner is implemented. It scans after every regular scan, so no user interaction is necessary.

The Notus Scanner offers better performance due to less system resource consumption and thus, faster scanning.

When creating a scan configuration manually and the Notus Scanner is supposed to work, the VT Determine OS and list of installed packages via SSH login (OID: 1.3.6.1.4.1.25623.1.0.50282) must be activated.

The Notus Scanner replaces the logic of potentially all NASL-based local security checks (LSCs). A comparison of installed software on a host against a list of known vulnerable software is done instead of running a VT script for each LSC.

The regular OpenVAS Scanner loads each NASL LSC individually and executes it one by one for every host. A single known vulnerability is then compared to the installed software. This is repeated for all LSCs.

With the Notus Scanner, the list of installed software determined during a scan is directly compared to all known vulnerabilities. This eliminates the need to run the LSCs because the information about the known vulnerable software is collected in one single list and not distributed in individual NASL scripts.

Currently, Notus data exists for the following LSC VT families:

AlmaLinux Local Security Checks
Amazon Linux Local Security Checks
Debian Local Security Checks
EulerOS Local Security Checks
Mageia Linux Local Security Checks
Oracle Linux Local Security Checks
Red Hat Linux Local Security Checks
Rocky Linux Local Security Checks
Slackware Local Security Checks
SuSE Local Security Checks
Ubuntu Local Security Checks

The setting Report vulnerabilities of inactive Linux kernel(s) separately in the VT Options for Local Security Checks is deprecated. However, the setting is still visible, but no longer functional.

Appliance Feature Set

With GOS 22.04, the feature set for some appliances is extended:

The SNMP service (GOS menu Setup > Services > SNMP) is made available for the appliance models Greenbone Enterprise 150, Greenbone Enterprise 35 and Greenbone Enterprise 25V.
The automatic time synchronization via NTP (GOS menu Setup > Timesync) is made available for the appliance model Greenbone Enterprise 25V.
The remote and local backup functionality (GOS menus Setup > Backup, Maintenance > Backup > Incremental Backup and Maintenance > Backup > List) is made available for the appliance model Greenbone Enterprise CENO.

Virtual Appliances

With GOS 22.04, the virtual hard disk sizes for virtual appliances are changed.

The new sizes are:

Greenbone Enterprise EXA: 225 GB
Greenbone Enterprise DECA/PETA/EXA: 220 GB
Greenbone Enterprise CENO: 135 GB
Greenbone Enterprise ONE: 130 GB
Greenbone Enterprise 25V: 70 GB

The new sizes are only relevant for newly installed virtual appliances. Upgraded appliances keep their partition layout and thus, their required disk size.

HTTP Web Interface Access

With GOS 22.04, unencrypted HTTP access for the web interface is not supported anymore. HTTPS must be used instead.

A valid HTTPS certificate (either self-signed, or signed by a CA) must now be configured on the appliance to use the web interface.

Backups

Password for Remote Backup Repository

With GOS 22.04, it is possible to change the password of the remote backup repository. For this, the menu option Setup > Backup > Backup Password is added to the GOS administration menu. The menu option is only visible if the backup location is configured as remote.

Changing the backup password is recommended.

If multiple appliances use the same remote backup repository, it is recommended that each appliance uses its own unique backup password.

obnam

With GOS 20.08, the backend for managing backups in GOS was changed from obnam to restic. However, obnam remained available in GOS 20.08 and 21.04 as did the backups created with obnam in GOS 6 or earlier.

With GOS 22.04, obnam and all backups created with obnam are removed. Incremental backups created with GOS 6 and earlier will be removed due to incompatibility and to reclaim disk space.

If these old backups should be kept, a copy of the files must be made before upgrading to GOS 22.04. If there are any questions, contact the Greenbone Enterprise Support.

Mailhub

With GOS 22.04, a new option for enforcing the usage of SMTPS for e-mails sent by a Greenbone Enterprise Appliance is added.

For this, the GOS administration menu contains the new menu Setup > Mail > SMTP Enforce TLS.

Web Interface

Business Process Map

With GOS 22.04, the Business Process Map (BPM) functionality is removed from the web interface. Existing Business Process Maps will be deleted and will not be recoverable. If the information contained in a Business Process Map is to be saved, this must be done in GOS 21.04.

Task Setting Network Source Interface

With GOS 22.04, the task setting Network Source Interface is removed. If this setting was previously configured for a task, it will be ignored.

User Setting Interface Access

As the task setting Network Source Interface is removed with GOS 22.04, the user setting Interface Access is removed as well. If this setting was previously configured for a user, it will be ignored.

OVAL Definitions

With GOS 22.04, the OVAL definitions are removed from the SecInfo management in the web interface. The previous OVAL definitions were outdated and no longer served any purpose.

OSP Scanners

With GOS 22.04, the scanner type OSP Scanner is removed. It is no longer possible to create OSP scanners and select them to run scans.

This only affects the scanner type OSP Scanner, not the OSP protocol in general. The scanner type Greenbone Sensor will continue to use OSP.

The credential type Client Certificate that was used for (custom) OSP scanners was removed as well. Existing credentials of this type will not be affected or removed. They can still be accessed, but they are of no use anymore, and can be deleted manually.

Quality of Detection (QoD)

With GOS 22.04, the new quality of detection (QoD) level package_unreliable is implemented with a QoD of 30 %. It is used for authenticated package-based checks which are not always fully reliable for, e.g., Linux(oid) systems.

Vulnerability References

With GOS 22.04, the tag script_bugtraq_id(); which references a BID of Bugtraq is no longer supported. For VTs with such tag, the BID was displayed under References on the web interface. Since bugtraq.securityfocus.com is not maintained anymore, the reference only led to confusion.

All existing BID references were migrated to Other references and will appear there as URLs on the web interface. To access the contents of the URLs, common services such as archive.org can be used.

Greenbone Management Protocol (GMP)

The Greenbone Management Protocol (GMP) has been updated to version 22.04 and the API has been adjusted slightly. The usage of some commands has changed and several commands, elements and attributes have been deprecated. The complete reference guide and the list of changes are available here.

OPENVAS REPORT 1.3

2025-12-15: OPENVAS REPORT 1.3

Current patch level: 1.3.0 (2025-12-16)

Lifecycle status: New

1.3.0 (2025-12-16):

Enhancement: A new notification component provides an overview of system messages for important events in OPENVAS REPORT. These can be success messages as well as warnings or error messages. (#AT-2600, #AT-2597, #AT-2469)
Improvement: From the list of assets affected by a vulnerability, you can now switch directly to the asset details view (#AT-1189).
Change: The menu item for adding appliances has been renamed to “Sources” (#AT-2805).
Bug fix: When exporting asset details, the progress dialog could not be closed (#AT-2734).
Bug fix: When using filter criteria in the dashboard view, a PDF report could not be created in some filter constellations (#AT-2723).
Bug fix: An incorrect error message was displayed when creating an appliance for import whose name already existed (#AT-2828).
Bug fix: When changing the IP address of an OPENVAS REPORT installation, it was no longer possible to log in to the application (#AT-2794). IMPORTANT NOTE: After changing the IP address, please run the command “opensight-os-cli container-management configure-product asset” in OpenSight OS to update the configuration.

2025-10-30: OPENVAS REPORT 1.2.4

Current patch level: 1.2.4 (2025-10-30)

Lifecycle status: New

1.2.4 (2025-10-30):

Bug fix: Fixed an error that could occur when importing duplicate data from OPENVAS SCAN (#AT-2796)

2025-10-23: OPENVAS REPORT 1.2.2

Current patch level: 1.2.2 (2025-10-23)

Lifecycle status: New

1.2.2 (2025-10-23):

Updated Keycloak to enable Microsoft Entra configuration (#AT-2791)

2025-10-13: OPENVAS REPORT 1.2

Current patch level: 1.2.1 (2025-10-13)

Lifecycle status: New

1.2.1 (2025-10-13):

Extension: You now receive additional information about the port and protocol on which a vulnerability was detected. You can also use the filter bar to search specifically for these parameters. In addition, you will also find this information in the CSV export (#AT-2533, #AT-2535, #AT-2539)
Extension: EPSS metrics are now included in the PDF report (#AT-2215)
Improvement: Adaptation of the logo and colors used to the revised corporate design of Greenbone AG
Improvement: Error notifications must now be actively closed by the user; information and success messages are automatically closed after 5 seconds (#AT-2390)
Bug fix: Changed the alignment of characters on the Y-scale in the trend line so that the characters do not overlap with the graph (#AT-2485)

2025-07-14: OPENVAS REPORT 1.1

Current patch level: 1.1.0 (2025-07-14)

Lifecycle status: New

1.1.0 (2025-07-14):

Extension: EPSS metrics (EPSS score and EPSS percentile) were integrated into OPENVAS REPORT. These allow you to make more informed remediation decisions and better assess the criticality of vulnerabilities (#AT-2273).
Extension: The option to automatically delete assets that have not been scanned for a long time has been added. This setting can be configured by an admin user (#AT-2092).
Bug fix: an error was fixed where where asset data could not be exported if a filter containing “exists” as a comparison operator was applied (#AT-2489).
Bug fix: an error was fixed where an SQL injection in the filter could possibly lead to remote code execution in the PostgreSQL container (#AT-2612).

2025-05-05: OPENVAS REPORT 1.0

Current patch level: 1.0.2 (2025-05-20)

Lifecycle status: New

1.0.2 (2025-05-20):

Bug fix: An error in the deployment process of OPENVAS REPORT under OpenSight OS has been fixed (#AT-2473)

1.0.1 (2025-05-07):

Bug fix: Fixed a bug where an incorrect version of the manual was linked (#AT-2487)
Bug fix: Fixed a translation error in the appliance dialog (#AT-2481)

1.0.0 (2025-05-05):

We are thrilled to announce the very first release of OPENVAS REPORT.

This initial version lays the foundation for an innovative platform that transforms how you turn security insights into action. We focus on delivering a robust and intuitive user experience that helps you quickly bridge the gap between security knowledge and the ability to act.

What you can expect in this first version:

Core Features:
- Import your assets and vulnerabilities from one or more Greenbone Enterprise Appliances and make them available in one place
- Search and inspect your assets and vulnerabilities to make efficient mitigation decisions
- Use a clearly structured, interactive dashboard that makes complex vulnerability information understandable at a glance
- Integrate datas into existing workflows via export- or API options
- Effectively segment large datasets into smaller, more manageable subsets based on shared characteristics by utilizing tags . This makes it easier to analyze specific groups of data and draw meaningful conclusions.
- Make use of powerful filter functions to focus specifically on the information that is relevant to you. This saves you valuable time and effort in your analysis
- Use the usermanagement to create additional users and give them access to OPENVAS REPORT
User Experience:
- Intuitive Navigation: We’ve placed great emphasis on simple and clear navigation so you can find your way around immediately.
- Modern Design: Enjoy an appealing and well-organized user interface.
- Responsive Layout: The application adapts seamlessly to various screen sizes.
Future-Proof and opensource:
- OPENVAS REPORT is based on a modern dockerized micro-service architecture
- It uses popular and common opensource software like OpenSearch, Keycloak and PostgreSQL
- The entire application is developed by using modern and performant languages and frameworks (Go, TypeScript, ReactJS)

We value your feedback!

Your opinion is incredibly important to us in making OPENVAS REPORT the product you truly need. Please feel free to share your thoughts, suggestions, and any bugs you encounter with us at https://support.greenbone.net

What’s next?

We are already working on exciting new features and improvements for the next version, including:

the integration of “Exploit Prediction Scoring System (EPSS)” metrics in addition to CVSS help you to better assess the criticality of vulnerabilities
a notification component allows you to be informed about system events by e-mail or instant messenger
a centralized way for user with administrative permissions to make global settings that affect the entire system

You can find the documentation for OPENVAS REPORT here.

Thank you for being with us from the beginning! We are excited about your first experiences with OPENVAS REPORT.

OpenSight OS 1.0

2025-04-30: OpenSight OS 1.0

Current patch level: 1.0.7 (2026-02-04)

Lifecycle status: New

1.0.7 (2026-02-04):

Minor improvement: the package qemu-guest-agent is now installed per default to support improved integration when using Proxmox Virtual Environment (GOS-2621).
Minor improvement: the available product list has been updated in order to add a new product which combines and replaces existing ones (GOS-2840, GOS-2847).

1.0.6 (2025-12-10):

Bug fix: an error was fixed where an applied proxy server configuration was not utilized by all parts of the OpenSight container management, leading to a failed product deployment (#GOS-2469).

1.0.5 (2025-09-11):

Bug fix: an error was fixed where the opensight-os install failed due to a corrupt profile (#GOS-2439).
Minor improvement: the ASCII art of the CLI’s login banner was updated to show the new Greenbone logo (#GOS-2413).

1.0.4 (2025-07-22):

Bug fix: an error in the OpenSight network module was fixed which could cause a malfunction of the network service when configuring a route in a network without static routes (#GOS-2384).

1.0.3 (2025-07-15):

Improvement: when creating or modifying a proxy configuration, the changes are now automatically propagated to the respective OPENVAS product (#GOS-2311).
Minor improvement: dynamically acquired DNS information retrieved by DHCP are displayed when querying interface information (#GOS-2334).
Minor improvement: the stability and reliability for OpenSight OS upgrades was increased by adding a lock file handling (#GOS-2339).
Bug fix: a bug in the the OpenSight Container Management was fixed where the compose file was not updated correctly when an OPENVAS product was updated (#GOS-2322).

1.0.2 (2025-05-28):

Bug fix: an issue was fixed where network configuration errors occurred when the MAC address changed during the OVA file import (#GOS-2232).

1.0.1 (2025-05-20):

Bug fix: an error was fixed where the verification of deployment artifacts was prevented resulting in deployment failures (#GOS-2302).
Bug fix: an error was fixed where the scheme defined within the proxy configuration replaced the protocol of the proxy URL (#GOS-2303).

Old Releases

2022-08-08: OPENVAS SCAN 22.04

Current Patch Level: 22.04.30 (2026-03-09)

Lifecycle Status: Retired

22.04.30 (2026-03-09):

Greenbone OS:
- Status: the lifecycle status of GOS 22.04 was set to „retired“ for all Greenbone Enterprise Appliance models. The release is removed from the list of current releases and archived. The functionality of a retired release may be limited and no more patches are provided. Support, QA and documentation are discontinued (#GOS-2744).
- Security fix: the Linux kernel was upgraded from version 5.10.237-greenbone1 to version 5.10.247-greenbone1 for hardware appliances (CVE-2021-46987, CVE-2021-47037, CVE-2021-47070, CVE-2021-47076, CVE-2021-47183, CVE-2021-47193, CVE-2021-47412, CVE-2021-47421, CVE-2021-47455, CVE-2021-47498, CVE-2022-21546, CVE-2022-49063, CVE-2022-50327, CVE-2023-52935, CVE-2023-53259, CVE-2024-26739, CVE-2024-28956, CVE-2024-35790, CVE-2024-36350, CVE-2024-36357, CVE-2024-38541, CVE-2024-43863, CVE-2024-46751, CVE-2024-46855, CVE-2024-49935, CVE-2024-53203, CVE-2024-57883, CVE-2024-57996, CVE-2025-21912, CVE-2025-37798, CVE-2025-37819, CVE-2025-37890, CVE-2025-37909, CVE-2025-37913, CVE-2025-37914, CVE-2025-37915, CVE-2025-37923, CVE-2025-37927, CVE-2025-37930, CVE-2025-37932, CVE-2025-37948, CVE-2025-37949, CVE-2025-37958, CVE-2025-37963, CVE-2025-37968, CVE-2025-37969, CVE-2025-37970, CVE-2025-37990, CVE-2025-37992, CVE-2025-37994, CVE-2025-37995, CVE-2025-37997, CVE-2025-37998, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38005, CVE-2025-38009, CVE-2025-38023, CVE-2025-38024, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38044, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38072, CVE-2025-38074, CVE-2025-38075, CVE-2025-38078, CVE-2025-38079, CVE-2025-38083, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38090, CVE-2025-38094, CVE-2025-38095, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38115, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153, CVE-2025-38157, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38173, CVE-2025-38174, CVE-2025-38177, CVE-2025-38180, CVE-2025-38181, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38193, CVE-2025-38194, CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204, CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38214, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38226, CVE-2025-38227, CVE-2025-38229, CVE-2025-38230, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38263, CVE-2025-38273, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38312, CVE-2025-38313, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38347, CVE-2025-38348, CVE-2025-38350, CVE-2025-38352, CVE-2025-38363, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38415, CVE-2025-38416, CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430, CVE-2025-38439, CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38477, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38498, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540, CVE-2025-38542, CVE-2025-38546, CVE-2025-38548, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38577, CVE-2025-38578, CVE-2025-38581, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38612, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38635, CVE-2025-38639, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38708, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38727, CVE-2025-38729, CVE-2025-38732, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39697, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39736, CVE-2025-39737, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39891, CVE-2025-39898, CVE-2025-39902, CVE-2025-39920, CVE-2025-40300, CVE-2023-53498, CVE-2024-47666, CVE-2024-50143, CVE-2024-57947, CVE-2025-21861, CVE-2025-21887, CVE-2025-22058, CVE-2025-23143, CVE-2025-38678, CVE-2025-39866, CVE-2025-39869, CVE-2025-39876, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39937, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39964, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39993, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40018, CVE-2025-40019, CVE-2025-40020, CVE-2025-40021, CVE-2025-40022, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40083, CVE-2025-40087, CVE-2025-40088, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40121, CVE-2025-40125, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40173, CVE-2025-40178, CVE-2025-40183, CVE-2025-40186, CVE-2025-40187, CVE-2025-40188, CVE-2025-40190, CVE-2025-40194, CVE-2025-40197, CVE-2025-40198, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40211, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40248, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342).
- Security fix: the Linux kernel was upgraded from version 5.10.237-1 to version 5.10.249-1 for virtual appliances (CVE-2021-46987, CVE-2021-47037, CVE-2021-47070, CVE-2021-47076, CVE-2021-47183, CVE-2021-47193, CVE-2021-47412, CVE-2021-47421, CVE-2021-47455, CVE-2021-47498, CVE-2022-21546, CVE-2022-49063, CVE-2022-50327, CVE-2023-52935, CVE-2023-53259, CVE-2024-26739, CVE-2024-28956, CVE-2024-35790, CVE-2024-36350, CVE-2024-36357, CVE-2024-38541, CVE-2024-43863, CVE-2024-46751, CVE-2024-46855, CVE-2024-49935, CVE-2024-53203, CVE-2024-57883, CVE-2024-57996, CVE-2025-21912, CVE-2025-37798, CVE-2025-37819, CVE-2025-37890, CVE-2025-37909, CVE-2025-37913, CVE-2025-37914, CVE-2025-37915, CVE-2025-37923, CVE-2025-37927, CVE-2025-37930, CVE-2025-37932, CVE-2025-37948, CVE-2025-37949, CVE-2025-37958, CVE-2025-37963, CVE-2025-37968, CVE-2025-37969, CVE-2025-37970, CVE-2025-37990, CVE-2025-37992, CVE-2025-37994, CVE-2025-37995, CVE-2025-37997, CVE-2025-37998, CVE-2025-38000, CVE-2025-38001, CVE-2025-38003, CVE-2025-38004, CVE-2025-38005, CVE-2025-38009, CVE-2025-38023, CVE-2025-38024, CVE-2025-38031, CVE-2025-38034, CVE-2025-38035, CVE-2025-38037, CVE-2025-38044, CVE-2025-38051, CVE-2025-38052, CVE-2025-38058, CVE-2025-38061, CVE-2025-38065, CVE-2025-38066, CVE-2025-38067, CVE-2025-38072, CVE-2025-38074, CVE-2025-38075, CVE-2025-38078, CVE-2025-38079, CVE-2025-38083, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38090, CVE-2025-38094, CVE-2025-38095, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103, CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112, CVE-2025-38115, CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143, CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153, CVE-2025-38157, CVE-2025-38160, CVE-2025-38161, CVE-2025-38163, CVE-2025-38173, CVE-2025-38174, CVE-2025-38177, CVE-2025-38180, CVE-2025-38181, CVE-2025-38184, CVE-2025-38185, CVE-2025-38190, CVE-2025-38193, CVE-2025-38194, CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204, CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38214, CVE-2025-38218, CVE-2025-38219, CVE-2025-38222, CVE-2025-38226, CVE-2025-38227, CVE-2025-38229, CVE-2025-38230, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245, CVE-2025-38249, CVE-2025-38251, CVE-2025-38263, CVE-2025-38273, CVE-2025-38285, CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38312, CVE-2025-38313, CVE-2025-38320, CVE-2025-38323, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328, CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342, CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38347, CVE-2025-38348, CVE-2025-38350, CVE-2025-38352, CVE-2025-38363, CVE-2025-38371, CVE-2025-38375, CVE-2025-38377, CVE-2025-38386, CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393, CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401, CVE-2025-38403, CVE-2025-38404, CVE-2025-38406, CVE-2025-38415, CVE-2025-38416, CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430, CVE-2025-38439, CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467, CVE-2025-38468, CVE-2025-38470, CVE-2025-38473, CVE-2025-38474, CVE-2025-38476, CVE-2025-38477, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38487, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38497, CVE-2025-38498, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515, CVE-2025-38516, CVE-2025-38529, CVE-2025-38530, CVE-2025-38535, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540, CVE-2025-38542, CVE-2025-38546, CVE-2025-38548, CVE-2025-38553, CVE-2025-38555, CVE-2025-38563, CVE-2025-38565, CVE-2025-38569, CVE-2025-38572, CVE-2025-38574, CVE-2025-38577, CVE-2025-38578, CVE-2025-38581, CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38608, CVE-2025-38612, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38635, CVE-2025-38639, CVE-2025-38650, CVE-2025-38652, CVE-2025-38663, CVE-2025-38664, CVE-2025-38666, CVE-2025-38668, CVE-2025-38671, CVE-2025-38676, CVE-2025-38677, CVE-2025-38680, CVE-2025-38681, CVE-2025-38683, CVE-2025-38684, CVE-2025-38687, CVE-2025-38691, CVE-2025-38693, CVE-2025-38694, CVE-2025-38695, CVE-2025-38697, CVE-2025-38698, CVE-2025-38699, CVE-2025-38700, CVE-2025-38701, CVE-2025-38706, CVE-2025-38708, CVE-2025-38712, CVE-2025-38713, CVE-2025-38714, CVE-2025-38715, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38727, CVE-2025-38729, CVE-2025-38732, CVE-2025-39676, CVE-2025-39681, CVE-2025-39683, CVE-2025-39687, CVE-2025-39689, CVE-2025-39691, CVE-2025-39697, CVE-2025-39703, CVE-2025-39709, CVE-2025-39710, CVE-2025-39713, CVE-2025-39714, CVE-2025-39724, CVE-2025-39730, CVE-2025-39736, CVE-2025-39737, CVE-2025-39742, CVE-2025-39743, CVE-2025-39749, CVE-2025-39752, CVE-2025-39756, CVE-2025-39757, CVE-2025-39760, CVE-2025-39766, CVE-2025-39782, CVE-2025-39783, CVE-2025-39787, CVE-2025-39788, CVE-2025-39794, CVE-2025-39795, CVE-2025-39798, CVE-2025-39808, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39828, CVE-2025-39835, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-39891, CVE-2025-39898, CVE-2025-39902, CVE-2025-39920, CVE-2025-40300, CVE-2023-53498, CVE-2024-47666, CVE-2024-50143, CVE-2024-57947, CVE-2025-21861, CVE-2025-21887, CVE-2025-22058, CVE-2025-23143, CVE-2025-38678, CVE-2025-39866, CVE-2025-39869, CVE-2025-39876, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39937, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39964, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39993, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40018, CVE-2025-40019, CVE-2025-40020, CVE-2025-40021, CVE-2025-40022, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40083, CVE-2025-40087, CVE-2025-40088, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40121, CVE-2025-40125, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40173, CVE-2025-40178, CVE-2025-40183, CVE-2025-40186, CVE-2025-40187, CVE-2025-40188, CVE-2025-40190, CVE-2025-40194, CVE-2025-40197, CVE-2025-40198, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40211, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40248, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2022-48744, CVE-2022-49168, CVE-2022-49465, CVE-2022-49711, CVE-2022-49743, CVE-2023-52975, CVE-2023-54207, CVE-2023-54321, CVE-2024-36903, CVE-2024-36927, CVE-2025-22022, CVE-2025-22121, CVE-2025-37830, CVE-2025-38022, CVE-2025-38119, CVE-2025-38556, CVE-2025-38591, CVE-2025-39702, CVE-2025-40110, CVE-2025-40215, CVE-2025-68211, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68325, CVE-2025-68332, CVE-2025-68336, CVE-2025-68337, CVE-2025-68344, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68725, CVE-2025-68733, CVE-2025-68740, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68773, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-71064, CVE-2025-71066, CVE-2025-71069, CVE-2025-71075, CVE-2025-71077, CVE-2025-71079, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71123, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71136, CVE-2025-71137, CVE-2025-71154, CVE-2025-71162, CVE-2025-71182, CVE-2025-71185, CVE-2025-71186, CVE-2025-71190, CVE-2025-71191, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22990, CVE-2026-22991, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23020, CVE-2026-23021, CVE-2026-23033, CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23056, CVE-2026-23058, CVE-2026-23060, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23071, CVE-2026-23073, CVE-2026-23074, CVE-2026-23075, CVE-2026-23076, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23108, CVE-2026-23110).
- Security fix: the included package libssh was upgraded from version 0.9.8-0+deb11u1 to version 0.9.8-0+deb11u2 (CVE-2025-4877, CVE-2025-4878, CVE-2025-5318, CVE-2025-5372, CVE-2025-8114, CVE-2025-8277).
- Security fix: the included package openssl was upgraded from version 1.1.1w-0+deb11u3 to version 1.1.1w-0+deb11u5 (CVE-2025-9230, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u6 to version 5:6.0.16-1+deb11u8 (CVE-2025-49844, CVE-2025-46819, CVE-2025-46818, CVE-2025-46817, CVE-2025-32023, CVE-2025-48367).
- Security fix: the included package postgresql-13 was upgraded from version 13.21-0+deb11u1 to version 13.22-0+deb11u1 (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715).
- Security fix: the included package libgnutls was upgraded from version 3.7.1-5+deb11u7 to version 3.7.1-5+deb11u9 (CVE-2025-32988, CVE-2025-32990, CVE-2025-6395, CVE-2025-14831, CVE-2025-9820).
- Security fix: the included package systemd was upgraded from version 247.3-7+deb11u6 to version 247.3-7+deb11u7 (CVE-2025-4598).
- Security fix: the included package sudo was upgraded from version 1.9.5p2-3+deb11u2 to version 1.9.5p2-3+deb11u3 (CVE-2023-28486, CVE-2023-28487).
- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u7 to version 2.9.10+dfsg-6.7+deb11u9 (CVE-2025-9714, CVE-2024-34459, CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-6170).
- Security fix: the included package open-vm-tools was upgraded from version 2:11.2.5-2+deb11u4 to version 2:11.2.5-2+deb11u5 (CVE-2025-41244).
- Security fix: the included package pam was upgraded from version 1.4.0-9+deb11u1 to version 1.4.0-9+deb11u2 (CVE-2024-22365, CVE-2025-6020).
- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u2 to version 1.1.34-4+deb11u3 (CVE-2023-40403, CVE-2025-7424).
- Security fix: the included package libcjson was upgraded from version 1.7.14-1+deb11u2 to version 1.7.14-1+deb11u3 (CVE-2025-57052).
- Security fix: the included package unbound was upgraded from version 1.13.1-1+deb11u4 to version 1.13.1-1+deb11u5 (CVE-2024-33655, CVE-2025-5994).
- Security fix: the included package paramiko was upgraded from version 2.7.2-1 to version 2.7.2-1+deb11u1 (CVE-2022-24302).
- Security fix: the included package gnupg2 was upgraded from version 2.2.27-2+deb11u2 to version 2.2.27-2+deb11u3 (CVE-2024-52533).
- Security fix: the included package glib2.0 was upgraded from version 2.66.8-1+deb11u6 to version 2.66.8-1+deb11u8 (CVE-2026-0988, CVE-2026-1484, CVE-2026-1485, CVE-2026-1489).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2026-02-03 (#PR-1680).

22.04.29 (2025-07-07):

Greenbone OS:
- Major security fix: the included package sudo was upgraded from version 1.9.5p2-3+deb11u1 to version 1.9.5p2-3+deb11u2 (CVE-2025-32462, CVE-2025-32463, #GS-8463).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2025-07-03 (#PR-1319).

22.04.28 (2025-06-18):

Greenbone OS:
- Status: the lifecycle status of GOS 22.04 was set to “end-of-life”. This means that while GOS 22.04 will remain functional and supported, it will receive a reduced number of patches that will be limited to critical fixes to core functionality and security issues. Note: GOS 22.04 will reach the final end of its lifecycle and be retired on 2026-02-01 (#GOS-2315).
- Bug fix: if the appliance models Greenbone Enterprise 150 or 35 have been installed with GOS 21.04 or earlier, the fstrim service was not enabled. It has been enabled for these cases also to resolve various disk issues (#GOS-2224).
- Security fix: the Intel microcode of the Greenbone Enterprise 6500 R2, 5400 R2, 650 R2, 600 R2, 450 R2, 400 R2 appliance models was upgraded to the current version (CVE-2024-28956, CVE-2024-43420, CVE-2024-45332, CVE-2025-20012, CVE-2025-20054, CVE-2025-20103, CVE-2025-20623, CVE-2025-24495).
- Security fix: the Linux kernel was upgraded from version 5.10.230-greenbone1 to version 5.10.237-greenbone1 for hardware appliances and from version 5.10.226-1 to version 5.10.237-1 for virtual appliances (CVE-2021-47469, CVE-2023-52530, CVE-2023-52917, CVE-2024-26921, CVE-2024-27017, CVE-2024-27072, CVE-2024-35965, CVE-2024-35966, CVE-2024-36476, CVE-2024-36899, CVE-2024-38538, CVE-2024-38544, CVE-2024-38588, CVE-2024-38591, CVE-2024-39497, CVE-2024-40953, CVE-2024-41016, CVE-2024-41060, CVE-2024-41080, CVE-2024-42315, CVE-2024-43098, CVE-2024-44931, CVE-2024-44940, CVE-2024-46695, CVE-2024-46809, CVE-2024-46841, CVE-2024-46849, CVE-2024-46853, CVE-2024-46854, CVE-2024-46858, CVE-2024-46865, CVE-2024-47143, CVE-2024-47670, CVE-2024-47671, CVE-2024-47672, CVE-2024-47674, CVE-2024-47679, CVE-2024-47684, CVE-2024-47685, CVE-2024-47692, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47705, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47710, CVE-2024-47712, CVE-2024-47713, CVE-2024-47718, CVE-2024-47723, CVE-2024-47735, CVE-2024-47737, CVE-2024-47739, CVE-2024-47740, CVE-2024-47742, CVE-2024-47748, CVE-2024-47749, CVE-2024-47756, CVE-2024-47757, CVE-2024-48881, CVE-2024-49851, CVE-2024-49858, CVE-2024-49860, CVE-2024-49863, CVE-2024-49867, CVE-2024-49868, CVE-2024-49875, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49889, CVE-2024-49890, CVE-2024-49892, CVE-2024-49894, CVE-2024-49895, CVE-2024-49896, CVE-2024-49900, CVE-2024-49902, CVE-2024-49903, CVE-2024-49907, CVE-2024-49913, CVE-2024-49930, CVE-2024-49933, CVE-2024-49936, CVE-2024-49938, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949, CVE-2024-49952, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49969, CVE-2024-49973, CVE-2024-49974, CVE-2024-49975, CVE-2024-49977, CVE-2024-49981, CVE-2024-49982, CVE-2024-49983, CVE-2024-49985, CVE-2024-49995, CVE-2024-49996, CVE-2024-50001, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50010, CVE-2024-50013, CVE-2024-50015, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50036, CVE-2024-50039, CVE-2024-50040, CVE-2024-50044, CVE-2024-50045, CVE-2024-50046, CVE-2024-50049, CVE-2024-50055, CVE-2024-50058, CVE-2024-50059, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50095, CVE-2024-50096, CVE-2024-50099, CVE-2024-50103, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50121, CVE-2024-50127, CVE-2024-50131, CVE-2024-50134, CVE-2024-50142, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50153, CVE-2024-50167, CVE-2024-50171, CVE-2024-50179, CVE-2024-50180, CVE-2024-50181, CVE-2024-50184, CVE-2024-50185, CVE-2024-50188, CVE-2024-50192, CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50210, CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50233, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50251, CVE-2024-50262, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296, CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-50304, CVE-2024-52332, CVE-2024-53042, CVE-2024-53052, CVE-2024-53057, CVE-2024-53059, CVE-2024-53060, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53096, CVE-2024-53097, CVE-2024-53099, CVE-2024-53101, CVE-2024-53103, CVE-2024-53104, CVE-2024-53112, CVE-2024-53119, CVE-2024-53121, CVE-2024-53124, CVE-2024-53125, CVE-2024-53127, CVE-2024-53130, CVE-2024-53131, CVE-2024-53135, CVE-2024-53136, CVE-2024-53138, CVE-2024-53140, CVE-2024-53141, CVE-2024-53142, CVE-2024-53145, CVE-2024-53146, CVE-2024-53148, CVE-2024-53150, CVE-2024-53155, CVE-2024-53156, CVE-2024-53157, CVE-2024-53158, CVE-2024-53161, CVE-2024-53164, CVE-2024-53171, CVE-2024-53172, CVE-2024-53173, CVE-2024-53174, CVE-2024-53181, CVE-2024-53183, CVE-2024-53184, CVE-2024-53194, CVE-2024-53197, CVE-2024-53198, CVE-2024-53214, CVE-2024-53217, CVE-2024-53226, CVE-2024-53227, CVE-2024-53237, CVE-2024-53239, CVE-2024-53240, CVE-2024-53241, CVE-2024-53680, CVE-2024-53685, CVE-2024-53690, CVE-2024-54031, CVE-2024-55916, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533, CVE-2024-56539, CVE-2024-56548, CVE-2024-56558, CVE-2024-56562, CVE-2024-56567, CVE-2024-56568, CVE-2024-56569, CVE-2024-56570, CVE-2024-56574, CVE-2024-56576, CVE-2024-56581, CVE-2024-56586, CVE-2024-56587, CVE-2024-56589, CVE-2024-56593, CVE-2024-56594, CVE-2024-56595, CVE-2024-56596, CVE-2024-56597, CVE-2024-56598, CVE-2024-56600, CVE-2024-56601, CVE-2024-56602, CVE-2024-56603, CVE-2024-56605, CVE-2024-56606, CVE-2024-56610, CVE-2024-56615, CVE-2024-56616, CVE-2024-56619, CVE-2024-56623, CVE-2024-56629, CVE-2024-56630, CVE-2024-56631, CVE-2024-56633, CVE-2024-56634, CVE-2024-56636, CVE-2024-56637, CVE-2024-56642, CVE-2024-56643, CVE-2024-56644, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56659, CVE-2024-56661, CVE-2024-56662, CVE-2024-56670, CVE-2024-56672, CVE-2024-56681, CVE-2024-56688, CVE-2024-56690, CVE-2024-56691, CVE-2024-56694, CVE-2024-56698, CVE-2024-56700, CVE-2024-56704, CVE-2024-56705, CVE-2024-56716, CVE-2024-56720, CVE-2024-56723, CVE-2024-56724, CVE-2024-56728, CVE-2024-56739, CVE-2024-56741, CVE-2024-56747, CVE-2024-56748, CVE-2024-56754, CVE-2024-56756, CVE-2024-56759, CVE-2024-56763, CVE-2024-56766, CVE-2024-56767, CVE-2024-56769, CVE-2024-56770, CVE-2024-56779, CVE-2024-56780, CVE-2024-57791, CVE-2024-57792, CVE-2024-57802, CVE-2024-57807, CVE-2024-57850, CVE-2024-57874, CVE-2024-57884, CVE-2024-57887, CVE-2024-57889, CVE-2024-57890, CVE-2024-57892, CVE-2024-57896, CVE-2024-57900, CVE-2024-57901, CVE-2024-57902, CVE-2024-57904, CVE-2024-57906, CVE-2024-57907, CVE-2024-57908, CVE-2024-57910, CVE-2024-57911, CVE-2024-57912, CVE-2024-57913, CVE-2024-57922, CVE-2024-57929, CVE-2024-57931, CVE-2024-57938, CVE-2024-57940, CVE-2024-57946, CVE-2024-57948, CVE-2024-57951, CVE-2025-21638, CVE-2025-21639, CVE-2025-21640, CVE-2025-21646, CVE-2025-21648, CVE-2025-21653, CVE-2025-21664, CVE-2025-21666, CVE-2025-21669, CVE-2025-21678, CVE-2025-21683, CVE-2025-21687, CVE-2025-21688, CVE-2025-21689, CVE-2025-21692, CVE-2025-21694, CVE-2025-21697, CVE-2025-21699).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+4 to version 1:8.4p1-abomination+5 (CVE-2025-26465, CVE-2025-32728).
- Security fix: the included package libgnutls was upgraded from version 3.7.1-5+deb11u6 to version 3.7.1-5+deb11u7 (CVE-2024-12243).
- Security fix: the included package nginx was upgraded from version 1.20.2-1~buster to version 1.26.3-1~bullseye (CVE-2024-7347, CVE-2025-23419).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u5 to version 5:6.0.16-1+deb11u6 (CVE-2025-21605).
- Security fix: the included package postgresql-13 was upgraded from version 13.18-0+deb11u1 to version 13.21-0+deb11u1 (CVE-2025-4207, CVE-2025-1094).
- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u5 to version 2.9.10+dfsg-6.7+deb11u7 (CVE-2022-49043, CVE-2023-39615, CVE-2023-45322, CVE-2024-25062, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113, CVE-2025-32414, CVE-2025-32415).
- Security fix: the included package libcap2 was upgraded from version 1:2.44-1 to version 1:2.44-1+deb11u1 (CVE-2023-2602, CVE-2023-2603, CVE-2025-1390).
- Security fix: the included package python3.9 was upgraded from version 3.9.2-1+deb11u2 to version 3.9.2-1+deb11u3 (CVE-2022-0391, CVE-2025-0938, CVE-2025-1795).
- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u1 to version 1.1.34-4+deb11u2 (CVE-2024-55549, CVE-2025-24855).
- Security fix: the included package mosquitto was upgraded from version 2.0.11-1+deb11u1 to version 2.0.11-1+deb11u2 (CVE-2024-8376, CVE-2024-3935, CVE-2024-10525).
- Security fix: the included package krb5 was upgraded from version 1.18.3-6+deb11u5 to version 1.18.3-6+deb11u7 (CVE-2025-24528).
- Security fix: the included package libtasn was upgraded from version 4.16.0-2+deb11u1 to version 4.16.0-2+deb11u2 (CVE-2024-12133).
- Security fix: the included package open-vm-tools was upgraded from version 4.16.0-2+deb11u1 to version 4.16.0-2+deb11u2 (CVE-2024-12133).
- Security fix: for virtual appliances, the included package open-vm-tools was upgraded from version 2:11.2.5-2+deb11u3 to version 2:11.2.5-2+deb11u4 (CVE-2025-22247).
- Security fix: for the virtual appliance models Greenbone Enterprise EXA, PETA, TERA and DECA, the included package openvpn was upgraded from version 2.5.1-3 to version 2.5.1-3+deb11u1 (CVE-2022-0547, CVE-2024-5594).
- Minor bug fix: an error was fixed where support packages did not include all expected Postgres debug information (#GOS-2190).
- Minor bug fix: an error was fixed where the console start screen of a Greenbone Enterprise 25V claimed that a web interface was available, even though this model does not have a web interface (#GOS-2092).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2025-05-27 (#PR-1271).
Vulnerability Scanning:
- Minor bug fix: an error was fixed where the IP address was missing in open_sock_tcp log messages of the scanner (#SC-1313).

22.04.27 (2025-02-03):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Extension: the upgrade path to the next major GOS release – GOS 24.10 – has been unlocked for all supported Greenbone Enterprise Appliance models. Several requirements apply, for details see the GOS 24.10 release notes and user manual (#GOS-1803).
- Status: the models Greenbone Enterprise 150, 400 R1, 450 R1, 600 R1, 650 R1, 5300 and 6400 were set to “end-of-life”. They will be retired in the future together with GOS 22.04 and the upgrade path to GOS 24.10 is not supported on these models. Please check which Greenbone Enterprise Appliance models are supported with future GOS versions on https://www.greenbone.net/en/roadmap-lifecycle/ or contact our Sales Team directly to inquire about upgrade possibilities: sales@greenbone.net | +49-541-760278-20 (#GOS-2052).
- Status: the former “Greenbone Enterprise TRIAL” virtual appliance has been renamed to “Greenbone Free” in the web interface (#GOS-2019).
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 25.1.0 (#PR-1089).
- Security fix: the included package rsync was upgraded from version 3.2.3-4+deb11u1 to version 3.2.3-4+deb11u3 (CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u4 to version 5:6.0.16-1+deb11u5 (CVE-2023-28856, CVE-2024-46981).
- Minor improvement: the log message for a failed master-sensor feed push was refined (#GOS-2012).
Vulnerability Management:
- Improvement: the configurable reports feature has been added to GOS 22.04 (#GOS-2008).
- Minor improvement: the included appliance manual was updated to the current version from 2025-01-27 (#PR-1087).

22.04.26 (2024-12-05):

Note: An upgrade to this version requires a reboot of the system for hardware appliances.

Greenbone OS:
- Improvement: the included package gvm-tools was updated to version 24.12.0 and the included package python-gvm was updated to version 24.11.0 (#PR-992).
- Improvement: the feed cache volume group size has been increased to 24 GB for the Greenbone Enterprise 6500 R1/5400 R1 appliance models (#GOS-2022).
- Improvement: the GOS state variables sshd_ciphers, sshd_hostkey_algorithms, sshd_kex_algorithms, sshd_macs and sshd_pubkey_accepted_keytypes were added, allowing the persistent customization of the algorithms and ciphers used by the sshd server included in GOS via the GOS shell (#PP-381, #GOS-2004, #GS-6814).
- Improvement: the GOS state variable max_concurrent_scan_updates was added, controlling the number of scan updates that can run at the same time. Per default the number is not limited, matching the behavior of previous GOS versions. The value may be adjusted via the GOS shell for performance tuning reasons (#GOS-1954).
- Improvement: the GOS state variable min_mem_feed_update was added, controlling the minimum memory in Mebibyte (MiB) that must be available for feed updates. Feed updates are skipped if less physical memory is available. Per default no limit is set and feed updates are never skipped, matching the behavior of previous GOS versions. The number may be adjusted via the GOS shell for performance tuning reasons (#GOS-1917).
- Security fix: the included package openssl was upgraded from version 1.1.1w-0+deb11u1 to version 1.1.1w-0+deb11u2 (CVE-2023-5678, CVE-2024-0727, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535, CVE-2024-9143).
- Security fix: the included package postgresql-13 was upgraded from version 13.16-0+deb11u1 to version 13.17-0+deb11u1 (CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979).
- Security fix: the included package libarchive was upgraded from version 3.4.3-2+deb11u1 to version 3.4.3-2+deb11u2 (CVE-2021-36976, CVE-2022-26280, CVE-2022-36227, CVE-2024-20696).
- Security fix: the included package glib2.0 was upgraded from version 2.66.8-1+deb11u4 to version 2.66.8-1+deb11u5 (CVE-2024-52533).
- Security fix: the included package python3.9 was upgraded from version 3.9.2-1 to version 3.9.2-1+deb11u2 (CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, CVE-2021-29921, CVE-2021-3426, CVE-2021-3733, CVE-2021-3737, CVE-2021-4189, CVE-2022-42919, CVE-2022-45061, CVE-2023-24329, CVE-2023-27043, CVE-2023-40217, CVE-2023-6597, CVE-2024-0397, CVE-2024-0450, CVE-2024-11168, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088, CVE-2024-9287).
- Security fix: the included package redis was upgraded from version 5:6.0.16-1+deb11u2 to version 5:6.0.16-1+deb11u4 (CVE-2022-35977, CVE-2024-31228).
- Security fix: the included package dnsmasq was upgraded from version 2.85-1 to version 2.85-1+deb11u1 (CVE-2022-0934, CVE-2023-28450, CVE-2023-50387, CVE-2023-50868).
- Security fix: the included package ansible was upgraded from version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u1 to version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2 (CVE-2024-8775, CVE-2024-9902).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u13 to version 7.74.0-1.3+deb11u14 (CVE-2024-8096).
- Minor improvement: the configuration files and system logs of the Postfix mail server used by GOS are now included when generating a GOS support package (#GOS-2045).
- Minor improvement: SMTP and GMP passwords could erroneously be present in GOS support packages. Both are now explicitly excluded when generating a GOS support package (#GOS-2042).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-12-03 (#PR-993).

22.04.25 (2024-11-05):

Greenbone OS:
- Bug fix: an error was fixed where trying to open the Maintenance menu on the appliance models Greenbone Enterprise 5400 R1/6500 R1 caused the menu to crash (#GOS-1993, #GS-6924, #GS-6939).
- Bug fix: an error was fixed where uploading a beaming image sometimes caused the GOS administration menu to crash instead of showing an appropriate message (#GOS-1976, #GOS-1992, #GS-6914).
- Bug fix: an error was fixed where an unreachable sensor in a master-sensor setup with multiple sensors stopped the feed push to subsequent sensors as well (#GOS-1978, #GS-6802).
- Bug fix: an error was fixed where deselecting all SSL protocols for the HTTPS connection of the web interface caused the GOS administration menu to crash (#GOS-1952).
- Bug fix: an error was fixed where the switch release from GOS 21.04 to GOS 22.04 failed during the installation of the package libopenvas-misc23 (#GOS-1990).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-10-29 (#PR-972).

22.04.24 (2024-10-09):

Greenbone OS:
- Major bug fix: an error was fixed where an upgrade to the previous GOS version 22.04.23 changed the apt configuration, which removed packages marked as optional/recommended. Since the package cryptsetup-initramfs, which is responsible for unlocking the CryptDisk during the boot process, has only been changed to be manually installed during installation of GOS 22.04, it was just “recommended” on every hardware appliance installed before GOS 22.04, and thus removed with GOS 22.04.23. For some appliances, the removal of the package could lead to the appliance not booting correctly anymore after the upgrade to GOS 22.04.23 (#GOS-1981, #GS-6596, #GS-6851, #GS-6853, #GS-6865, #GS-6866, #GS-6868, #GS-6869, #GS-6825, #GS-6862, #GS-6857).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-10-09 (#PR-965).

22.04.23 (2024-10-07):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the RAM limit was increased to 24 GB for the appliance model 5400 R2, 14 GB for the appliance models DECA and TERA, 12 GB for the appliance models CENO and ONE, and 8 GB for the appliance models 25V and 35 (#GOS-1916).
  Note: For virtual appliances, manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the disk size for all virtual appliances was extended to 500 GB (#GOS-1788).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the size of the feed partition was increased to 24 GB for the appliance models CENO, DECA, TERA, PETA, EXA, ONE, 25V, 400 R1/450 R1/600 R1/650 R1 and 5400 R1/6500 R1 (#GOS-1793).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the size of the root partition was increased to 55 GB for the appliance models 150 and 35 (#GOS-1793).
  Note: Manual adjustments are required for the change to take effect. Further information and instructions can be found here.
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 24.8.0 (#PR-949).
- Security fix: the Linux kernel was upgraded from version 5.10.222-greenbone1 to version 5.10.225-greenbone1 for hardware appliances and from version 5.10.221-1 to version 5.10.223-1 for virtual appliances (CVE-2022-48666, CVE-2024-36484, CVE-2024-36901, CVE-2024-36938, CVE-2024-39487, CVE-2024-40947, CVE-2024-41007, CVE-2024-41009, CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020, CVE-2024-41022, CVE-2024-41034, CVE-2024-41035, CVE-2024-41040, CVE-2024-41041, CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41055, CVE-2024-41059, CVE-2024-41063, CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070, CVE-2024-41072, CVE-2024-41077, CVE-2024-41078, CVE-2024-41081, CVE-2024-41090, CVE-2024-41091, CVE-2024-42101, CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120, CVE-2024-42121, CVE-2024-42124, CVE-2024-42127, CVE-2024-42131, CVE-2024-42137, CVE-2024-42143, CVE-2024-42145, CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42244, CVE-2024-42247).
- Security fix: the included package libexpat1 was upgraded from version 2.2.10-2+deb11u5 to version 2.2.10-2+deb11u6 (CVE-2023-52425, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492).
- Security fix: the included package postgresql-13 was upgraded from version 13.15-0+deb11u1 to version 13.16-0+deb11u1 (CVE-2024-7348).
- Security fix: the Intel microcode of the Greenbone Enterprise 650 R2/600 R2/450 R2/400 R2 appliance models was upgraded to the current version from 2024-08-19 (#GOS-1935).
- Bug fix: during GOS upgrades, system services are regularly stopped and restarted. This led to situations where the Postgres database was shut down before the gvmd service. Since the gvmd service depends on a working connection to Postgres, this could cause SQL error messages. gvmd is now stopped before Postgres during GOS upgrades (#GOS-1923).
- Bug fix: an error was fixed where feed updates permanently took up SWAP storage space, which could result in a performance decrease in the long run (#GOS-1911, #GS-3661, #GS-5113).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-09-24 (#PR-948).
- Bug fix: an error was fixed where date and time information was displayed in an incorrect format on the web interface when the language was set to German (#GEA-667).
- Bug fix: an error was fixed where too many simultaneous user logins to the web interface could result in database deadlocks (#GEA-655).
- Bug fix: an error was fixed where indexes for VTs could be missing after feed updates (#GEA-579).
- Bug fix: an error was fixed where the HTML hexadecimal code of the special character in a TLS certificate resulted in report exports to fail (#GEA-607, #GS-6328).
- Bug fix: an error was fixed where the custom SSH port set in the Advanced Task Wizard was ignored (#GEA-668, #GS-6609).
- Minor bug fix: an error was fixed where some texts on the page CVSS Calculator were not translated into German (#GEA-654).
Vulnerability Scanning:
- Bug fix: an error was fixed where the versions of Debian packages were parsed incorrectly, leading to false-positive results for the MariaDB Server product for example (#SC-1121).

22.04.22 (2024-07-31):

Greenbone OS:
- Improvement: the packages gvm-tools and python-gvm included in GOS were updated to version 24.7.0 (#PR-881).
- Change: the Greenbone Community Feed can no longer be downloaded on the Greenbone Basic Appliance (#GOS-1899).
- Change: the setup wizard dialog for adding a Greenbone Enterprise subscription key was updated for the Greenbone Basic Appliance (#GOS-1919).
- Change: the dialog for deleting a Greenbone Enterprise Feed subscription key was changed on the Greenbone Basic Appliance to reflect the change that the Greenbone Community Feed can no longer be downloaded (#GOS-1920).
- Security fix: the Linux kernel was upgraded from version 5.10.216-greenbone1 to version 5.10.222-greenbone1 for hardware appliances and from version 5.10.216-1 to version 5.10.221-1 for virtual appliances (CVE-2021-4440, CVE-2022-48655, CVE-2023-52585, CVE-2023-52882, CVE-2024-26900, CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-35848, CVE-2024-35947, CVE-2024-36017, CVE-2024-36031, CVE-2024-36883, CVE-2024-36886, CVE-2024-36889, CVE-2024-36902, CVE-2024-36904, CVE-2024-36905, CVE-2024-36916, CVE-2024-36919, CVE-2024-36929, CVE-2024-36933, CVE-2024-36934, CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946, CVE-2024-36950, CVE-2024-36953, CVE-2024-36954, CVE-2024-36957, CVE-2024-36959, CVE-2022-43945, CVE-2022-48772, CVE-2024-25741, CVE-2024-26629, CVE-2024-27019, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847, CVE-2024-34027, CVE-2024-35247, CVE-2024-36014, CVE-2024-36015, CVE-2024-36016, CVE-2024-36270, CVE-2024-36286, CVE-2024-36288, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078, CVE-2024-37353, CVE-2024-37356, CVE-2024-38381, CVE-2024-38546, CVE-2024-38547, CVE-2024-38548, CVE-2024-38549, CVE-2024-38552, CVE-2024-38555, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567, CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583, CVE-2024-38586, CVE-2024-38587, CVE-2024-38589, CVE-2024-38590, CVE-2024-38596, CVE-2024-38597, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601, CVE-2024-38605, CVE-2024-38607, CVE-2024-38612, CVE-2024-38613, CVE-2024-38615, CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38637, CVE-2024-38659, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780, CVE-2024-39276, CVE-2024-39292, CVE-2024-39301, CVE-2024-39467, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471, CVE-2024-39475, CVE-2024-39476, CVE-2024-39480, CVE-2024-39482, CVE-2024-39484, CVE-2024-39488, CVE-2024-39489, CVE-2024-39493, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501, CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904, CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40929, CVE-2024-40931, CVE-2024-40932, CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943, CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40983, CVE-2024-40984, CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40993, CVE-2024-40995, CVE-2024-41000, CVE-2024-41004, CVE-2024-41005, CVE-2024-41006).
- Minor improvement: mere recommended packages are now uninstalled if the GOS upgrade action removes packages that were automatically installed to satisfy dependencies for other packages, but are now no longer needed (#GOS-1806, #GOS-1807).
- Minor improvement: on the About page on the web interface, the copyright year was updated to 2024 (#GOS-1832).
Vulnerability Management:
- Improvement: an in-progress indicator was added to the (“Delete”) action on the pages Reports, Hosts, Operating Systems and TLS Certificates (#GEA-327).
- Improvement: the page CVSS Calculator now contains a calculator for CVSS v4 in addition to the calculators for CVSS v2 and CVSS v3 (#GEA-532).
- Improvement: the performance of CVE feed updates was improved (#GEA-557).
- Bug fix: an error was fixed where duplicate results generated during scans were not filtered out before adding them to a report (#GEA-525, #GS-5962).
- Bug fix: an error was fixed where using the “&” character in the comment field of a target resulted in an internal error and in the target not being created (#GEA-562, #GS-6211).
- Bug fix: an error was fixed where schedules with a fixed end date could sometimes not be created (#GEA-523).
- Bug fix: an error was fixed where the dates selected for a schedule were sometimes not correctly applied (#GEA-610).
- Bug fix: an error was fixed where searching for specific strings on the NVT list page resulted in an error (#GEA-448).
- Minor improvement: the performance of the Trashcan page was improved (#GEA-457).
- Minor improvement: various small changes, from memory leak fixes to code cleanups and improvements were implemented for the gvmd service (#GEA-585).
- Minor improvement: the included appliance manual was updated to the current version from 2024-07-29 (#PR-918).
Vulnerability Scanning:
- Minor improvement: the compatibility of the ICMP Ping alive test with target systems not following the RFC 792 specification was improved (#SC-1064).

22.04.21 (2024-06-03):

Greenbone OS:
- Extension: the new Greenbone Enterprise 6500 R2 and Greenbone Enterprise 5400 R2 appliance models were added (#GOS-1625).
- Security fix: the included package glib2.0 was upgraded from version 2.66.8-1+deb11u1 to version 2.66.8-1+deb11u3 (CVE-2024-34397).
- Bug fix: an error was fixed where the ospd-openvas service could not connect to the mosquitto service after moving network interfaces from the Management namespace to the Scan1 namespace (#GOS-1863).
- Minor improvement: an anonymized count of the number of hosts that were scanned within the last 90 days has been added to the GOS support package for statistical evaluations (#GOS-1839).
- Minor bug fix: an error was fixed where the most current run of the GOS selfcheck was not logged in the GOS support package (#GOS-1854).
- Minor bug fix: an error was fixed where the raid-rebuild script showed a syntax warning (#GOS-1744).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2024-05-29 (#PR-875).

22.04.20 (2024-05-13):

Greenbone OS:
- Security fix: the Linux kernel was upgraded from version 5.10.209-greenbone1 to version 5.10.216-greenbone1 for hardware appliances and from version 5.10.209-2 to version 5.10.216-1 for virtual appliances (CVE-2023-28746, CVE-2023-47233, CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52447, CVE-2023-52458, CVE-2023-52482, CVE-2023-52486, CVE-2023-52488, CVE-2023-52489, CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52587, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52614, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623, CVE-2023-52627, CVE-2023-52635, CVE-2023-52637, CVE-2023-52642, CVE-2023-52644, CVE-2023-52650, CVE-2023-6270, CVE-2023-7042, CVE-2024-0340, CVE-2024-0565, CVE-2024-0607, CVE-2024-0841, CVE-2024-1151, CVE-2024-22099, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-24857, CVE-2024-24858, CVE-2024-24861, CVE-2024-26581, CVE-2024-26593, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26606, CVE-2024-26610, CVE-2024-26614, CVE-2024-26615, CVE-2024-26622, CVE-2024-26625, CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640, CVE-2024-26641, CVE-2024-26642, CVE-2024-26643, CVE-2024-26644, CVE-2024-26645, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26663, CVE-2024-26664, CVE-2024-26665, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26687, CVE-2024-26688, CVE-2024-26689, CVE-2024-26695, CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702, CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26720, CVE-2024-26722, CVE-2024-26727, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26748, CVE-2024-26749, CVE-2024-26751, CVE-2024-26752, CVE-2024-26753, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26776, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26781, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26791, CVE-2024-26793, CVE-2024-26795, CVE-2024-26801, CVE-2024-26804, CVE-2024-26805, CVE-2024-26808, CVE-2024-26809, CVE-2024-26810, CVE-2024-26812, CVE-2024-26813, CVE-2024-26814, CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26825, CVE-2024-26833, CVE-2024-26835, CVE-2024-26839, CVE-2024-26840, CVE-2024-26843, CVE-2024-26845, CVE-2024-26846, CVE-2024-26848, CVE-2024-26851, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857, CVE-2024-26859, CVE-2024-26861, CVE-2024-26862, CVE-2024-26863, CVE-2024-26870, CVE-2024-26872, CVE-2024-26874, CVE-2024-26875, CVE-2024-26877, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26889, CVE-2024-26891, CVE-2024-26894, CVE-2024-26895, CVE-2024-26897, CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26906, CVE-2024-26907, CVE-2024-26910, CVE-2024-26917, CVE-2024-26920, CVE-2024-26922, CVE-2024-26923, CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26931, CVE-2024-26934, CVE-2024-26935, CVE-2024-26937, CVE-2024-26950, CVE-2024-26951, CVE-2024-26955, CVE-2024-26956, CVE-2024-26957, CVE-2024-26958, CVE-2024-26960, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969, CVE-2024-26970, CVE-2024-26973, CVE-2024-26974, CVE-2024-26976, CVE-2024-26978, CVE-2024-26979, CVE-2024-26981, CVE-2024-26984, CVE-2024-26988, CVE-2024-26993, CVE-2024-26994, CVE-2024-26997, CVE-2024-26999, CVE-2024-27000, CVE-2024-27001, CVE-2024-27004, CVE-2024-27008, CVE-2024-27013, CVE-2024-27020, CVE-2024-27024, CVE-2024-27025, CVE-2024-27028, CVE-2024-27030, CVE-2024-27038, CVE-2024-27043, CVE-2024-27044, CVE-2024-27045, CVE-2024-27046, CVE-2024-27047, CVE-2024-27051, CVE-2024-27052, CVE-2024-27053, CVE-2024-27059, CVE-2024-27065, CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076, CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27437).
- Security fix: the included package glibc was upgraded from version 2.31-13+deb11u8 to version 2.31-13+deb11u10 (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602).
- Security fix: the included package util-linux was upgraded from version 2.36.1-8+deb11u1 to version 2.36.1-8+deb11u2 (CVE-2024-28085).
- Security fix: the included package less was upgraded from version 551-2 to version 551-2+deb11u2 (CVE-2022-48624, CVE-2024-32487).
Vulnerability Management:
- Major bug fix: an error was fixed where, if an alert with compose data but with no filter selected was added to a task, the task would be interrupted when the alert was triggered (#GEA-526, #GS-5859, #GS-6002, #GS-6022, #GS-6023, #GS-6025, #GS-6046, #GS-6055, #GS-6064, #GS-6067, #GS-6078, #GS-6103, #GS-6112, #GS-6113, #GS-6116, #GS-6118, #GS-6120, #GS-6123, #GS-6130, #GS-6137, #GS-6138, #GS-6147, #GS-6148, #GS-6159, #GS-6166, #GS-6170, #GS-6178, #GS-6197).
- Bug fix: an error was fixed where the appliance could sometimes become unresponsive when filtering results or refreshing the authentication (#GEA-505, #GS-5903).
- Bug fix: an error was fixed where it was not possible to delete a user without selecting an inheriting user (#GEA-542).
- Bug fix: an error was fixed where the location “package” was not accepted for the configuration of overrides and notes (#GEA-534, #GS-6039).
- Minor improvement: the info messages used to identify duplicate results and duplicate host details were changed to debug messages (#GEA-509).
- Minor improvement: the included appliance manual was updated to the current version from 2024-05-07 (#PR-867).

22.04.19 (2024-04-03):

Greenbone OS:
- Extension: the new Greenbone BASIC Appliance model was added (#GOS-1727).
- Improvement: the package gvm-tools included in GOS was updated to version 24.3.0 (#PR-834).
- Security fix: as a hardening measure, the MAC algorithms “umac-64@openssh.com” and “hmac-sha1” have been deactivated for the sshd server used by GOS. One of the following MAC algorithms now has to be used to connect to GOS via the SSH protocol: “hmac-sha2-512-etm@openssh.com”, “hmac-sha2-256-etm@openssh.com”, “hmac-sha2-512” or “hmac-sha2-256” (#GOS-1786, #GS-5677, #GS-5845).
- Security fix: the included package samba was upgraded from version 2:4.13.13+dfsg-1~deb11u5 to version 2:4.13.13+dfsg-1~deb11u6 (CVE-2022-2127, CVE-2022-3437, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968, CVE-2023-4091).
Vulnerability Management:
- Improvement: the included appliance manual was updated to the current version from 2024-03-25. The design and layout of the manual was improved through clearer tables of contents on the side and a light-dark-theme option (#PR-847).
- Improvement: the XML parser used by the gvmd service to process CPE data was improved, reducing the amount of memory used during feed updates (#GEA-488).
- Improvement: the XML parser used by the gvmd service to process CVE data was improved, reducing the amount of memory used during feed updates (#GEA-498).
- Bug fix: a memory leak was fixed for the processing of CPE and CVE data by the gvmd service, significantly reducing peak memory usage during feed updates (#GEA-490).
- Bug fix: an error was fixed where the gvmd service could potentially be stuck in a loop during feed updates because of malformed CPE data (#GEA-419).
- Bug fix: an error was fixed where the gvmd service could potentially be stuck in a loop during feed updates because of malformed CVE data (#GEA-512).
- Bug fix: an error was fixed where delta reports were broken if one of the reports had multiple results that were the same except for the description (#GEA-471).
- Bug fix: an error was fixed where delta reports could not be exported in the formats “GSR HTML”, “GSR PDF”, “PDF”, “TXT”, “Vulnerability Report HTML” and “Vulnerability Report PDF” (#GEA-442, #GS-5575).
- Bug fix: an error was fixed where configuring a vulnerability scan to check for file checksum patterns did not work as expected (#GEA-450).
- Bug fix: an error was fixed where the Exclude Hosts setting in a CVE scan was ignored (#GEA-463, #GS-5674).
- Bug fix: an error was fixed where, if an alert with compose data but with no filter selected was added to a task, reports sent via the alert would be incomplete (#GEA-504).
- Bug fix: an error was fixed where alerts using the method TippingPoint SMS were not triggered after the scan was finished (#GEA-472, #GS-5706).
Vulnerability Scanning:
- Improvement: support for the Network Configuration Protocol (NETCONF) over SSH was added (#SC-1019).
- Bug fix: an error was fixed where using the Exclude Hosts setting while scanning vhosts could cause the scan to be interrupted (#SC-964).
- Minor improvement: the parsing of “$Date” strings in vulnerability tests was deprecated, and a warning will be logged if such vulnerability tests are loaded. The vulnerability tests in the current versions of the Greenbone Enterprise Feed and the Greenbone Community Feed have been updated accordingly (#SC-903).

22.04.18 (2024-02-20):

Note: An upgrade to this version requires a reboot of the system.

Greenbone OS:
- Improvement: the RAM limit of the appliance model Greenbone Enterprise 400 (revision 1) was increased from 6 GB to 8 GB. A reboot after the upgrade is required for this change to take effect (#GOS-1762).
- Improvement: the expiration dates for the feed signing and support package encryption keys used by GOS have been extended until 2026-12-31 (#GOS-1756, #GOS-1757).
- Security fix: the included package postgresql-13 was upgraded from version 13.13-0+deb11u1 to version 13.14-0+deb11u1 (CVE-2024-0985).
- Security fix: the Linux kernel was upgraded from version 5.10.208-greenbone1 to version 5.10.209-greenbone1 for hardware appliances and from version 5.10.205-2 to version 5.10.209-2 for virtual appliances (CVE-2024-1086).
- Bug fix: NTLM has been deactivated for the use of all e-mail functionality in GOS to prevent problems with some Microsoft Exchange servers (#GOS-1715, #GS-5533).
Vulnerability Management:
- Major bug fix: an error was fixed where granting read or write permissions for objects to other users did not work as expected (#GEA-477, #GS-5720, #GS-5781).
- Bug fix: an error was fixed where Vulnerability Report PDF and Vulnerability Report HTML reports that were attached to or included in e-mail alerts and for which overrides were active had no contents (#GEA-408, #GEA-482, #GS-5431, #GS-5447, #GS-5530).
- Minor improvement: the included appliance manual was updated to the current version from 2024-02-15 (#PR-823).

22.04.17 (2024-02-01):

Greenbone OS:
- Major bug fix: an error was fixed where pushing the feed from the master appliance to the sensor appliance in a master-sensor setup resulted in sensor feed synchronization issues (#GOS-1705).
- Improvement: the package gvm-tools and python-gvm included in GOS were updated to version 24.1.0. Note: Due to API changes at least these versions are required to access the GMP API of GOS 22.04.17. (#PR-792).
- Improvement: the processes of creating and importing a beaming image are now system operations. While a system operation is in progress, no other system operation can be started. This is to ensure the integrity and stability of the system (#GOS-1677).
- Security fix: the included package libssh was upgraded from version 0.9.7-0+deb11u1 to version 0.9.8-0+deb11u1 (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u10 to version 7.74.0-1.3+deb11u11 (CVE-2023-46218).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+3 to version 1:8.4p1-5+deb11u3 (CVE-2021-41617, CVE-2023-28531, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385).
- Security fix: the Linux kernel was upgraded from version 5.10.197-1 to version 5.10.205-2 for virtual appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
- Security fix: the Linux kernel was upgraded from version 5.10.201-greenbone1 to version 5.10.208-greenbone1 for hardware appliances (CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5717, CVE-2023-6121, CVE-2023-6531, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2023-25775, CVE-2023-34324, CVE-2023-35827, CVE-2023-45863, CVE-2023-46813, CVE-2023-46862, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782).
- Bug fix: an error was fixed where formatting a GOS USB backup stick did not work in several cases (#GOS-1714).
- Bug fix: an error was fixed where some links in the feed had the wrong permissions which could lead to pushing the feed from a master appliance to a sensor appliance in a master-sensor setup to fail (#GOS-1708).
Vulnerability Management:
- Improvement: an option to filter for the compliance status was added to the Results page and to the Results tab of a report. The filter keyword is compliance_levels and the possible values are y (yes/compliant), n (no/not compliant), i (incomplete) and u (undefined) (#GEA-391).
- Improvement: in addition to the IP address, the host name is now displayed in the header of each host section, in the list at the host section beginning, and in the details of the results in the report formats Vulnerability Report PDF and Vulnerability Report HTML (#GEA-378, #GS-3372)
- Improvement: due to improvements the GMP API version has been increased to 22.5. When accessing the GMP API of GOS 22.04.17 via clients, up-to-date, compatible versions have to be used, for example gvm-tools 24.1.0 (#GEA-407).
- Improvement: the performance of loading of a large number of tag resource has been significantly improved (#GEA-380).
- Improvement: the performance of the Results and Vulnerabilities pages was improved for setups with multiple users and large amounts of results (#GEA-385).
- Security fix: the strength of the encryption key for credentials stored in the database has been increased from 2048-bit RSA to 3072-bit RSA. Existing credentials are automatically re-encrypted with the new key when upgrading to GOS 22.04.17 or later (#GOS-1678, #GEA-193).
- Bug fix: an error was fixed where – when deleting a user via the web interface, the command line or the GOS administration menu – no users who inherit the objects of the deleted user could be selected (#GEA-381).
- Bug fix: an error was fixed where the table on the page Vulnerabilities showed the date and time of the newest result instead of the oldest result in the column Oldest Result (#GEA-414).
- Bug fix: an error was fixed where editing VT families of custom compliance policies was not possible (#GEA-415).
- Bug fix: an error was fixed where reports in the report formats CPE and TLS Map where empty when sent via the Test Alert functionality using the method E-mail (#GEA-358).
- Minor improvement: the included appliance manual was updated to the current version from 2024-01-15 (#PR-793).
- Minor improvement: the credential type Client Certificate was retired because it was not used for any type of target, alert or scanner anymore. Existing credentials of this type will not be affected or removed. They can still be accessed, but they are of no use anymore, and can be deleted manually (#GEA-333).
- Minor improvement: the VT families AlmaLinux Local Security Checks and Amazon Linux Local Security Checks are no longer editable when creating or editing a scan configuration (#GEA-387).
- Minor bug fix: an error was fixed where the tool tips showed and linked false filters when hovering over the columns for N/A and 1 in a “by CVSS” diagram (#GEA-370).

22.04.16 (2023-12-04):

Greenbone OS:
- Improvement: support for limiting the number of simultaneous web sessions for web users was added. The configuration can be found in the GOS menu under Setup > Users > Users > User sessions. By default, no limit is applied, which reflects the behavior of GOS 22.04.15 and earlier (#GOS-1621, #GEA-288, #GS-4982).
- Improvement: the package gvm-tools included in GOS was updated to version 23.11.0 (#PR-753).
- Improvement: the package python-gvm included in GOS was updated to version 23.11.0 (#PR-753).
- Bug fix: an error was fixed where SNMP passphrases containing the character “!” were not working in GOS (#GOS-1623, #GS-4924).
- Security fix: SSL 3.0, TLS 1.0 and TLS 1.1 have been disabled for the remote logging feature of GOS. TLS 1.2 or TLS 1.3 must be used now (#GOS-1613, RFC 7568, RFC 8996).
- Security fix: the included package openssh was upgraded from version 1:8.4p1-abomination+2 to version 1:8.4p1-abomination+3 (CVE-2023-38408).
- Security fix: the included package postgresql-13 was upgraded from version 13.11-0+deb11u1 to version 13.13-0+deb11u1 (CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417).
- Security fix: for virtual appliances, the included package open-vm-tools was upgraded from version 2:11.2.5-2+deb11u2 to version 2:11.2.5-2+deb11u3 (CVE-2023-34058, CVE-2023-34059).
- Minor improvement: an outdated “gsm” reference in the GOS administration menu has been corrected (#GOS-1650).
Vulnerability Management:
- Major improvement: the delta report functionality was overhauled. Delta reports are no longer dependent on the sorting order of the results, providing a much more intuitive user experience, tool tips have been added to delta reports to show exactly what has changed, e.g., the severity or the quality of detection (QoD), and the performance of generating delta reports was considerably improved (#GEA-271).
- Improvement: scan configurations, report formats, port lists, and compliance policies can now be marked deprecated on the web interface. If a report is exported in a deprecated report format, the downloaded file may be empty or otherwise not suitable for use (#GEA-6).
- Improvement: when viewing TLS certificates of a scan report, the certificates’ Subject DN can now be clicked to show more information about the certificate (#GEA-308).
- Improvement: the new task status Processing is now also supported for container tasks. It is displayed there after the report upload is completed, indicating that the appliance is busy processing data in the backend (#GEA-353).
- Improvement: the performance when editing scan configurations or compliance policies in the web interface was further improved (#GEA-341).
- Improvement: the performance when paging through list pages with “Created” or “Modified” dates on the web interface, e.g., the “SecInfo > NVTs” page, was improved (#GEA-362).
- Bug fix: an error was fixed where CVE scans did not detect the expected CVEs due to incorrect case sensitivity for CPEs (#GEA-8, #GS-2451).
- Bug fix: an error was fixed where it was not possible to link a large number of tags to an object because the corresponding menu became unusable. Note that the menu is still limited to a maximum of 200 tags. If more tags are to be linked to an object, the “Apply to …” functionality on list pages can be used (#GEA-251, #GS-908).
- Bug fix: incorrectly encoded TLS certificate data in the database, which could cause errors when viewing certificates on the web interface, is now cleaned up when upgrading to GOS 22.04.16 or later. Note that with the current GOS versions, the recurrence of such incorrectly encoded data should no longer occur (#GEA-3, #GOS-1648, #GS-2337).
- Minor improvement: the included appliance manual was updated to the current version from 2023-11-28 (#PR-780).
- Minor improvement: the drop-down menu used in various dialogs on the web interface can now also be oriented upwards, if there is not enough free space at the bottom to display the entire content (#GEA-303).
- Minor improvement: the Start button () for scan tasks on the web interface is now inactive if a schedule with an end date is configured for the task. Trying to start such tasks was never supported, and tasks would stop at 0 % progress in this case (#GEA-379, #GS-699).
- Minor improvement: the informational message “The reports database is currently busy, please try again later” was added for cases where scan reports could not be deleted due to an ongoing database lock (#GEA-327, #GS-2073).
- Minor improvement: when editing scan configurations or compliance policies, it is no longer possible to edit individual vulnerability tests for various vulnerability test families that should only be selected as a whole (#GEA-331).
- Minor improvement: the report format ITG was deprecated (#GEA-6, #GS-586, #GS-4121).
- Minor improvement: the CVSS ranges for dashboard diagrams were improved (#GEA-266).
- Minor improvement: the error message shown when trying to create an invalid credential was improved to be more specific (#GEA-341).
- Minor improvement: the error message shown when the gvmd database cannot be migrated was improved to be more specific (#GEA-362).
- Minor improvement: when using the GMP API, “creation_time” and “modification_time” information is now returned in the user’s local time zone instead of UTC (#GEA-362).
- Minor bug fix: an error was fixed where duplicate “Timeout” NVT preferences could appear when editing scan configurations or compliance policies (#GEA-362).
- Minor bug fix: an error was fixed where two German translations – in the “Compose” dialog when creating or editing an alert, and on the “TLS Certificates” list page – were missing (#GEA-332, #GEA-334).
Vulnerability Scanning:
- Bug fix: an error was fixed where vulnerability scans were interrupted when the target setting “Reverse Lookup Only” was set to “Yes” and a host was excluded from the target (#SC-929, #GS-5146).
- Bug fix: an error was fixed where the Boreas alive scanner performed alive tests even if the alive test option “Consider Alive” was used (#SC-934).

22.04.15 (2023-10-17):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.9.0 (#PR-740).
- Bug fix: an error was fixed where monitoring the HDD via SNMPv3 sometimes failed (#GOS-1612, #GS-4243).
- Bug fix: an error was fixed where enabling the SSH service on a Greenbone Enterprise TRIAL sometimes failed (#GOS-1564).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u5 to version 1.1.1w-0+deb11u1 (CVE-2023-3446, CVE-2023-3817).
- Security fix: the included package curl was upgraded from version 7.74.0-1.3+deb11u7 to version 7.74.0-1.3+deb11u10 (CVE-2023-38545, CVE-2023-38546, CVE-2023-27533, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538).
- Security fix: the included package libwebp was upgraded from version 0.6.1-2.1+deb11u1 to version 0.6.1-2.1+deb11u2 (CVE-2023-4863, #GS-5145).
- Security fix: the included package mosquitto was upgraded from version 2.0.11-1 to version 2.0.11-1+deb11u1 (CVE-2021-34434, CVE-2021-41039, CVE-2023-0809, CVE-2023-3592, #GS-5082).
Vulnerability Management:
- Major bug fix: an error was fixed where scan tasks sometimes got stuck at 100 % when a large number of host details needed to be processed (#GEA-273).
- Improvement: the new task status Processing was added. It is displayed after 100 % scan progress, indicating that the appliance is busy processing data in the backend, while any scan activity is completed as expected (#GEA-274).
- Improvement: for CVEs for which a severity score is not yet available, “N/A” is now displayed instead of the misleading severity “0.0” (#GEA-224, #GS-1160, #GS-4648, #GS-1118, #GS-1144).
- Improvement: override texts of up to 300 characters are now also included in the report formats GSR PDF, GXR PDF, Vulnerability Report HTML, and Vulnerability Report PDF (#GEA-85).
- Improvement: the limit for override texts included in the report formats Anonymous XML, XML and TXT was increased from 60 to 300 characters (#GEA-86).
- Improvement: the Assets > TLS Certificates list page now lists the TLS certificates by their subject distinguished name (“Subject DN”) instead of their issuer (#GEA-202).
- Improvement: it is now possible to specify the port used for an SCP alert. A corresponding input box was added to the dialog (#GEA-280, #GS-1555).
- Improvement: an option to ignore pagination was added to the report content composer for alerts (#GEA-124, #GS-3911, #GS-4271).
- Improvement: when changing the user password for the web interface, an error message is now displayed if the old password is incorrect or missing (#GEA-175).
- Bug fix: an error was fixed where downloading a report in the report formats Vulnerability Report HTML and Vulnerability Report PDF sometimes resulted in empty files (#GEA-209, #GS-1308).
- Bug fix: an error was fixed where scheduled tasks sometimes did not run at the correct time when the time zone PST/PDT was used (#GEA-114).
- Bug fix: an error was fixed where delta reports contained results that could not be accessed (#GEA-247, #GS-958).
- Bug fix: an error was fixed where e-mail alerts with the condition “Severity Level changed”, “Severity Level increased” or “Severity Level decreased” caused an SQL error in the logs if the task had no previous reports (#GEA-246).
- Bug fix: an incomplete sub-page that should not have been available but could be accessed by entering a URL directly has been removed (#GEA-177, #GS-4392)
- Minor improvement: the included appliance manual was updated to the current version from 2023-10-09 (#PR-746).
- Minor bug fix: an error was fixed where dashboard diagrams showing a resource “by CVSS” (e.g., “Hosts by CVSS”) displayed 10.9 as the highest severity when hovering over the associated column (#GEA-265).
- Minor bug fix: an error was fixed where the process title of gvmd displayed a duplicated “gvmd: gvmd:” (#GEA-240).
Vulnerability Scanning:
- Minor improvement: the system log message indicating when the Notus scanner is running has been simplified and is now only displayed when the requirements for Notus scanner operation are met (#SC-902).

22.04.14 (2023-08-31):

Greenbone OS:
- Improvement: the the company name displayed in the GOS administration menu and the SNMP MIBs was updated to show the new company name „Greenbone AG“ (#GOS-1494).
- Improvement: the RAM limit of the appliance model Greenbone Enterprise 150 was increased from 6 GB to 8 GB (#GOS-1584).
- Bug fix: on the sensor appliances, Greenbone Enterprise 35 and Greenbone Enterprise 25V, an error was fixed where gos-grub was missing a dependency to e2fsprogs which resulted in an error message when starting the appliance (#GOS-1576).
- Security fix: the microcode included in the hardware kernels of the appliance models Greenbone Enterprise 6500/5400/650 R2/600 R2/450 R2/400 R2 were upgraded to the state of the release microcode-20230808 (CVE-2022-40982).
- Security fix: the Linux kernel was upgraded from version 5.10.179-1 to version 5.10.191-1 for virtual appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
- Security fix: the Linux kernel was upgraded from version 5.10.186-greenbone1 to version 5.10.192-greenbone-1 for hardware appliances (CVE-2022-4269, CVE-2022-39189, CVE-2022-40982, CVE-2023-1206, CVE-2023-1380, CVE-2023-2002, CVE-2023-2007, CVE-2023-2124, CVE-2023-2156, CVE-2023-2269, CVE-2023-2898, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3268, CVE-2023-3269, CVE-2023-3338, CVE-2023-3389, CVE-2023-3390, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3863, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194, CVE-2023-4273, CVE-2023-20588, CVE-2023-20593, CVE-2023-21255, CVE-2023-21400, CVE-2023-31084, CVE-2023-31248, CVE-2023-32250, CVE-2023-32254, CVE-2023-34319, CVE-2023-35001, CVE-2023-35788, CVE-2023-40283).
- Minor bug fix: an error was fixed where setting the GOS state variable max_ips_per_target to 0 in the GOS shell caused the gvmd service to fail. The minimum input value for max_ips_per_target is now 1 (#GOS-1539).
- Minor bug fix: a superfluous GnuPG key ring file for the OpenVAS scanner was removed from GOS (#GOS-1572).
- Minor security fix: a missing kernel-side mitigation for the ‘Processor MMIO Stale Data’ and ‘SRBDS – Special Register Buffer Data Sampling’ hardware appliance vulnerabilities was added for the appliance models Greenbone Enterprise 650 R2/600 R2/450 R2/400 R2 (#GOS-1541).
Vulnerability Management:
- Improvement: the product logo on the web interface was replaced to show the correct product name “Greenbone Enterprise Appliance” (#GOS-1538).
- Improvement: the error message displayed when clicking a CPE name that does not have a linked CPE entry was reworded to clarify the reasons for a missing CPE entry (#GEA-207, #GS-43).
- Improvement: the performance when editing scan configurations or policies on the web interface has been improved (#GEA-235).
- Improvement: the performance of gvmd rebuilds has been further improved (#GEA-235).
- Bug fix: an error was fixed where the setting Use workaround default certificate for an alert with the TippingPoint SMS method was not saved (#GEA-181, #GEA-230, #GS-4209).
- Bug fix: an error was fixed where uploading an unsupported certificate file format for an alert with the TippingPoint SMS method did not show a warning but silently corrupted the alert data used by gmvd (#GEA-254).
- Bug fix: an error was fixed where IP addresses were cropped in the Top 10 Hosts overview of the report formats Vulnerability Report PDF and Vulnerability Report HTML (#GEA-46, #GS-3693).
- Bug fix: an error was fixed where in rare cases scan reports could not be deleted (#GEA-2, #GS-2073).
- Bug fix: an error was fixed where in rare cases only a partial response would be received via the GMP API (#GEA-235).
- Minor bug fix: an error was fixed where the “?” icon on the page SecInfo > NVTs did not lead to the correct user manual section (#GEA-262).
- Minor bug fix: an error was fixed where the browser tab of the web interface showed incorrect and changing text when logging in and out of the web interface (#GEA-1543).
- Minor improvement: when a user with the Super Admin role changes their own user settings, a warning is now displayed explaining that saving the changes will log the user out immediately (#GEA-37).
- Minor improvement: the included appliance manual was updated to the current version from 2023-08-14 (#PR-718).
Vulnerability Scanning:
- Bug fix: an additional error was fixed where not every JSON string was parsed correctly during inter-process communication (#SC-886).

22.04.13 (2023-07-17):

Vulnerability Management:
- Major bug fix: another error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when both error messages (e.g., from VT timeouts) and duplicated scan results occurred at the same time during a scan (#GEA-250, #GS-4727, #GS-4734, #GS-4780).
- Bug fix: an error was fixed where a gvmd rebuild could cause a segmentation fault when VT preference names in old scan configurations were updated (#GEA-245).
- Minor improvement: the included appliance manual was updated to the current version from 2023-07-14 (#PR-696).

22.04.12 (2023-07-10):

Greenbone OS:
- Improvement: the package python-gvm included in GOS was updated to version 23.5.1 (#PR-644).
- Security fix: the Linux kernel was upgraded from version 5.10.180-greenbone1 to version 5.10.186-greenbone1 for hardware appliances (CVE-2023-35788).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u4 to version 1.1.1n-0+deb11u5 (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650).
Vulnerability Management:
- Major bug fix: an error was fixed where scan tasks appeared to be frozen on gvmd side/the web interface, while they were actually progressing or even finishing on ospd/ospd-openvas side. This problem could occur when unexpected characters were contained in the scan results (#GEA-223, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
- Major bug fix: an error was fixed where a gvmd rebuild, which can occur due to hash value mismatches during feed updates, caused failed scan task requests, and missing VT and result names in the SecInfo menu and in scan reports (#GEA-49, #GEA-50, #GS-3459, #GS-3346, #GS-2947, #GS-3367).
- Security fix: an issue was fixed where scan tasks could cause an SQL error due to missing SQL quoting, potentially allowing a denial of service (DoS) attack against the scan task that triggered the error via SQL-Injection, causing the task to be interrupted (#GEA-226, #GS-4596, #GS-4639, #GS-4672, #GS-4679, #GS-4727, #GS-4706, #GS-4698, #GS-4712, #GS-4721).
- Improvement: the performance of gvmd rebuilds, which can occur due to hash value mismatches during feed updates, has been improved, and rebuilds should now finish noticeably faster (#GEA-49, #GEA-50).
- Improvement: the performance of the GMP command get_targets has been improved, which should noticeably speed up the use of menus and dialogs with links to a large number of targets (#GEA-241).
- Improvement: the usability of the dialog for creating permissions was improved by making it clearer which object the permission refers to and which the related resources are (#GEA-74, #GS-50, #GS-2948).
- Bug fix: an error was fixed where scan tasks were interrupted at 100 %, if the scan used an alert with the “Filter … matches at least … results more than previous scan” condition (#GEA-146, #GS-4112).
- Bug fix: an error was fixed where running a CVE scan could sometimes cause subsequent OpenVAS scans to fail (#GEA-211).
- Bug fix: an error was fixed where the details of TippingPoint alerts did not show any information about the saved TLS certificate (#GEA-180, #GS-4209).
- Bug fix: an error was fixed where the usage_type element contained the value “(null)” instead of “policy” or “config” when using the GMP command get_configs, which could, for example, cause scan configurations and policies to appear under the wrong menus when manually imported or when moved to the trashcan (#GEA-204, #GEA-225, #GS-4653).
- Minor improvement: the placeholder subject for an e-mail alert now shows the new, correct product name “Greenbone Enterprise Appliance” instead of the formerly used abbreviation “GSM” (#GOS-1491).
- Minor improvement: a log message has been added explaining the reason why scans will not run when no feed has been synced on the appliance yet (#GEA-49).
- Minor improvement: the included appliance manual was updated to the current version from 2023-07-03 (#PR-681).
- Minor bug fix: an error was fixed where two German translations – in the LDAP authentication dialog and in the SMB alert drop-down menu – were missing (#GEA-163).
Vulnerability Scanning:
- Bug fix: an error was fixed where scans were interrupted if a host was reached for which scanner access had been denied via the user settings, so that further, allowed hosts were not scanned (#SC-837).

22.04.11 (2023-05-31):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.4.0 (#PR-615).
- Improvement: the package python-gvm included in GOS was updated to version 23.4.2 (#PR-615).
- Security fix: the included package libxml2 was upgraded from version 2.9.10+dfsg-6.7+deb11u3 to version 2.9.10+dfsg-6.7+deb11u4 (CVE-2023-28484, CVE-2023-29469).
- Security fix: the included package libssh was upgraded from version 0.9.5-1+deb11u1 to version 0.9.7-0+deb11u1 (CVE-2023-1667, CVE-2023-2283).
- Security fix: the included package postgresql-13 was upgraded from version 13.10-0+deb11u1 to version 13.11-0+deb11u1 (CVE-2023-2454, CVE-2023-2455).
- Security fix: the Linux kernel was upgraded from version 5.10.162-1 to version 5.10.179-1 for virtual appliances (CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
- Security fix: the Linux kernel was upgraded from version 5.10.155-greenbone1 to version 5.10.180-greenbone1 for hardware appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455, CVE-2022-2196, CVE-2022-3424, CVE-2022-3707, CVE-2022-4129, CVE-2022-4379, CVE-2023-0045, CVE-2023-0458, CVE-2023-0459, CVE-2023-0461, CVE-2023-1073, CVE-2023-1074, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1513, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1859, CVE-2023-1872, CVE-2023-1989, CVE-2023-1990, CVE-2023-1998, CVE-2023-2162, CVE-2023-2194, CVE-2023-22998, CVE-2023-23004, CVE-2023-23559, CVE-2023-25012, CVE-2023-26545, CVE-2023-28328, CVE-2023-28466, CVE-2023-30456, CVE-2023-0386, CVE-2023-31436, CVE-2023-32233).
Vulnerability Management:
- Major bug fix: an error was fixed where new CPEs could not be processed during feed updates, causing the gvmd service to be stuck in a loop (#GEA-208).
- Improvement: the company name displayed in the footer of the web interface was updated to show the new company name “Greenbone AG” (#GEA-147).
- Improvement: the Operating Systems list page now shows two columns for Hosts: All and Best OS, making it possible to differentiate between hosts for which the operating system was found at all and hosts for which the operating system is the most suitable operating system (#GEA-117).
- Bug fix: an error was fixed where subsequent scans against the same scan target sometimes resulted in duplicated scan results (#GEA-51, #GS-169. #GS-3697, #GS-3739).
- Bug fix: an error was fixed where tasks were set from the scan status “Requested” to “Stopped” when starting a scheduled task manually, but the scanner started the scan nonetheless (#GEA-12, #GS-173, #GS-2919).
- Bug fix: an error was fixed where the “Product Detection Result” section was missing for results of reports that were imported into a container task (#GEA-135).
- Bug fix: an error was fixed where false-positive result counts were not shown in the reports overview (#GEA-79).
- Bug fix: an error was fixed where TippingPoint SMS alerts did not save the specified credentials and used the alphabetically first credentials instead (#GEA-158, #GS-4209).
- Bug fix: an error was fixed where the line chart on the web interface (e.g., on the CVE page) did not show any lines (#GEA-143, #GS-4105, #GS-4390).
- Bug fix: an error was fixed where using an alert for the event New CVEs did not work and resulted in SQL errors in the logs (#GEA-129).
- Bug fix: an error was fixed where an operating system asset was shown to be “in use” and therefore could not be deleted even though no hosts for the operating system were shown in the counter (#GEA-117, #GS-837).
- Bug fix: an error was fixed where setting the correct permissions for data-objects during feed updates failed for custom roles (#GEA-116, #GS-3860).
- Bug fix: an error was fixed where successful SNMP authentication was shown as unsuccessful on the web interface if the authentication was successful with one protocol version (e.g., SNMPv3) but unsuccessful with another protocol version (e.g., SNMPv1) (#GEA-131, #GS-3967).
- Bug fix: an error was fixed where the authentication type LDAP was not correctly displayed in the details preview of a user and on the details page of a user (#GEA-27, #GS-625).
- Minor improvement: a new info message to identify duplicate host details was added for the gvmd service (#GEA-182).
- Minor improvement: when creating an SMB alert, the menu option for using the latest supported SMB version is now called “Default” to avoid confusion (#GEA-161).
- Minor improvement: the included appliance manual was updated to the current version from 2023-05-15 (#PR-627).

22.04.10 (2023-04-19):

Greenbone OS:
- Bug fix: an error was fixed where after adding a temporary upgrade key, GOS upgrades did not work as expected (#GOS-1082).
- Bug fix: an error was fixed where GOS upgrades would fail when remote syslog was enabled (#GEA-148, #GS-4153, #GS-4120).
- Improvement: the package gvm-tools included in GOS was updated to version 23.3.0 (#PR-596).
- Improvement: the package python-gvm included in GOS was updated to version 23.4.0 (#PR-596).
Vulnerability Management:
- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs caused all RAM and swap to be occupied, leading to gvmd and the web interface being unresponsive (#GEA-138, #GS-4088, #GS-4044, #GS-4115).
- Major bug fix: an error was fixed where opening the details page of a CPE that has associated CVEs would fail with the error “e.entry.cvss is undefined” or “Cannot read properties of undefined (reading ‘base_metrics’)” (#GEA-157, #GS-4088, #GS-4044, #GS-4115).
- Bug fix: an error was fixed where reports from CVE scans, both on the web interface and in downloaded reports, only displayed the IP addresses of the scanned hosts and not the host names (#GEA-4, #GS-2458).
- Improvement: an option to set the maximum SMB version used for an SMB alert was added (#GEA-38, #GS-1588).
- Improvement: an option to enforce LDAPS for the LDAP authentication was added (#GEA-82, #GS-3777).
- Minor improvement: the included appliance manual was updated to the current version from 2023-04-14 (#PR-598).
Vulnerability Scanning:
- Minor bug fix: an error was fixed where a traceback occurred if the ospd-openvas service could not locate the scanner binary (#SC-789).
- Minor improvement: the detection of unreachable (dead) hosts in the end_denial function of the scanner has been improved (#SC-772).
- Minor improvement: the option sign is now set as a default for the wmi_connect function of the scanner (#SC-779, #GS-1771, #GS-3756, #GS-3628).
- Minor improvement: support for epoch in RPM package version comparison was added (#SC-795, #GS-3272).

22.04.9 (2023-03-08):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 23.2.0 (#PR-568).
- Improvement: the package python-gvm included in GOS was updated to version 23.2.0 (#PR-568).
- Security fix: the included package syslog-ng was upgraded from version 3.28.1-2 to version 3.28.1-2+deb11u1 (CVE-2022-38725).
- Minor improvement: if a custom value for the maximum number of concurrent connections to the PostgreSQL database has been configured, it is now included in the GOS support package for debugging purposes (#GEA-25).
Vulnerability Management:
- Bug fix: an error was fixed where creating a downloadable Debian (.deb) credential package was not possible (#GEA-45, #GS-1253, #GS-1628).
- Bug fix: an error was fixed where the appliance caused re-authentications with RADIUS-2FA every 5 minutes (#GEA-36, #GS-224).
- Bug fix: an error was fixed where the performance graphs could sometimes not be created (#GEA-28, #GS-3507).
- Security fix: an issue was fixed where the shared key for RADIUS authentication was stored in plain text (without encryption) in the database and included in the GMP responses (#GEA-41).
- Security fix: for the included package gsm-greenbone-security-assistant, multiple vulnerabilities in the build dependencies were fixed (#GEA-53).
- Minor improvement: the included appliance manual was updated to the current version from 2023-02-28 (#PR-581).
Vulnerability Scanning:
- Bug fix: an error was fixed where simultaneously started scans erroneously had the same position in the scan queue (#SC-755, #GS-3450).
- Bug fix: two potential memory leaks in the misc/bpf_share.c and nasl/nasl_packet_forgery.c functions were fixed (#SC-769).

22.04.8 (2023-02-15):

Greenbone OS:
- Extension: the SNMP service (GOS menu Setup > Services > SNMP) and the automatic time synchronization via NTP (GOS menu Setup > Timesync) are made available for the appliance model Greenbone Enterprise CENO. To access the newly enabled features it is required to log out and then log back in to the GOS menu (#GEA-31, #GS-3658).
- Bug fix: an error was fixed where the airgap FTP functionality did not work and the folder /tmp was filled with unwanted data, potentially causing the file system to run out of free space (#GEA-23, #GS-3032).
- Bug fix: an error was fixed where the optional package gsm-debug could not be installed due to a broken dependency (#GEA-81).
- Security fix: the included package openssl was upgraded from version 1.1.1n-0+deb11u3 to version 1.1.1n-0+deb11u4 (CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286).
- Security fix: the Linux kernel was upgraded from version 5.10.158-2 to version 5.10.162-1 for virtual appliances (CVE-2022-2873, CVE-2022-3545, CVE-2022-3623, CVE-2022-4696, CVE-2022-36280, CVE-2022-41218, CVE-2022-45934, CVE-2022-47929, CVE-2023-0179, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2023-02-14 (#PR-572).

22.04.7 (2023-01-26):

Greenbone OS:
- Bug fix: an error was fixed where formatting a USB drive to serve as a GOS backup device was not possible (#GOS-1287, #GS-3610).
- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3+deb11u1 to version 1.5.0-3+deb11u2 (CVE-2022-47629).
- Minor improvement: the gos-network-manager self-check now fails only when an error occurs for the corresponding service. Previously, it failed if an error or warning occurred for the service. Warnings are still logged in the system log for debugging purposes, however (#GOS-1266, #GS-3437).
Vulnerability Management:
- Bug fix: an error was fixed where many special characters were not accepted in the names and comments of multiple web interface objects (#DEVOPS-475, #DEVOPS-477, #GS-3509, #GS-3549, #GS-3608, #GS-3629, #GS-3649).
- Bug fix: an error was fixed where reports sent via alerts did not contain all results they were supposed to contain according to the configured filter (#T4-420, #GS-3458).
- Bug fix: an error was fixed where manually triggering an alert for a report always sent the report for the latest scan run of that task and not for the triggered one (#T4-411).
- Bug fix: an error was fixed where the LDAP version could get wrongly set to 2 instead of 3 when STARTTLS was disabled, resulting in the LDAPS connection not being possible (#T4-398).
- Security fix: the attribute “SameSite=Strict” was set for the cookies used by the web interface (#T3-509).
- Minor improvement: the included appliance manual was updated to the current version from 2023-01-16 (#PR-557).
Vulnerability Scanning:
- Bug fix: an error was fixed where the OpenVAS scanner was still processing vulnerability tests after the corresponding scan task was stopped (#SC-744).
- Bug fix: an error was fixed where the Notus package comparison was not working correctly for packages containing a “~” in the version, causing false-positive results (#SC-752, #SC-754, #GS-3051, #GS-3499).
- Bug fix: an error was fixed where the ospd-openvas service could not start normally when a corresponding empty .pid file existed (#SC-746).
- Bug fix: an error was fixed where the Notus scanner could not start normally when a corresponding empty .pid file existed (#SC-748).
- Bug fix: an error was fixed where not every JSON string was parsed correctly during inter-process communication, potentially causing interrupted scan tasks (#SC-747).
- Minor improvement: the openvas-wmiclient library was updated to provide better Windows Management Instrumentation (WMI) support when scanning Windows Server 2022 targets (#SC-645).

22.04.6 (2022-12-15):

Vulnerability Management:
- Major improvement: the new WID-SEC format of the CERT-Bund advisories which has been available since June 2022, is now also supported. Numerous new WID-SEC advisories have been added to the feed and are visible on the web interface under SecInfo > CERT-Bund Advisories (#DEVOPS-355).
- Minor improvement: the included appliance manual was updated to the current version from 2022-12-13 (#PR-541).
Vulnerability Scanning:
- Improvement: if a database inconsistency is detected while performing a vulnerability test, the vulnerability test is now aborted immediately, since the result is lost anyway. In addition, the method for detecting such inconsistencies has been improved (#SC-647).
- Bug fix: an error was fixed where JSON strings were not parsed correctly during inter-process communication, causing interrupted scan tasks (#SC-738).

22.04.5 (2022-12-01):

Greenbone OS:
- Status: The lifecycle status of GOS 22.04 was set to “mature”. (#GOS-1267).
- Bug fix: an error was fixed where copying files via SCP to or from the appliance was not possible as the openssh server configuration of GOS was not compatible with newer openssh versions (#GOS-883).
- Security fix: the Linux kernel was upgraded from version 5.10.140-1 to version 5.10.155-greenbone1 for hardware appliances and to version 5.10.149-2 for virtual appliances (CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-20421, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722).
- Security fix: the included package libxml2:amd64 was upgraded from version 2.9.10+dfsg-6.7+deb11u2 to version 2.9.10+dfsg-6.7+deb11u3 (CVE-2022-40303, CVE-2022-40304).
- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u4 to version 2.2.10-2+deb11u5 (CVE-2022-43680).
- Security fix: the included package isc-dhcp-client was upgraded from version 4.4.1-gos2110+1 to version 4.4.1-2.3+deb11u1 (CVE-2022-2928, CVE-2022-2929).
- Security fix: the included packages libkrb5-3:amd64, libkrb5support0:amd64 and libgssapi-krb5-2:amd64 were upgraded from version 1.18.3-6+deb11u2 to version 1.18.3-6+deb11u3 (CVE-2022-42898).
Vulnerability Management:
- Bug fix: an error was fixed where selecting the permission scope, i.e., whether it should be created only for the resource, for related resources as well or only for related resources, was not possible when creating a permission via the object’s details page (#T4-276).
- Minor improvement: the included appliance manual was updated to the current version from 2022-11-25 (#PR-536).
Vulnerability Scanning:
- Major bug fix: an error was fixed where scans would get stuck for no apparent reason (#SC-741).
- Bug fix: an error was fixed where RPM packages for Mageia were not detected correctly, causing false-negative results (#SC-722).

22.04.4 (2022-11-01):

Greenbone OS:
- Improvement: the package gvm-tools included in GOS was updated to version 22.9.0 (#PR-499).
- Improvement: the package python-gvm included in GOS was updated to version 22.9.1 (#PR-499).
- Security fix: the included package libksba8:amd64 was upgraded from version 1.5.0-3 to version 1.5.0-3+deb11u1 (CVE-2022-3515).
- Security fix: the included package python3-django was upgraded from version 2:2.2.28-1 to version 2:2.2.28-1~deb11u1 (CVE-2022-22818, CVE-2022-23833, CVE-2022-28346, CVE-2022-28347, CVE-2022-34265, CVE-2022-36359, CVE-2022-41323).
- Security fix: the included package libdbus-1-3:amd64 was upgraded from version 1.12.20-2 to version 1.12.24-0+deb11u1 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012).
- Bug fix: an error was fixed where the switch release from GOS 21.04 to GOS 22.04 would fail if the PostgreSQL package was updated to version 13.8.0 or later (#GOS-1143).
Vulnerability Management:
- Bug fix: an error was fixed where the migration of the gvmd database would fail if the PostgreSQL package was updated to version 13.8.0 or later (#T3-364).
- Minor improvement: the included appliance manual was updated to the current version from 2022-10-24 (#PR-506).
Vulnerability Scanning:
- Improvement: support for Slackware Linux packages was added to the Notus scanner (#SC-637).
- Improvement: the list of default TCP ports which the Boreas Alive Scanner uses for the alive test was improved and now contains the Nmap top 20 ports (#SC-663).
- Improvement: the new scanner preference alive_test_ports was added to configure the TCP ports used by the Boreas Alive Scanner for the alive test. The setting only has an effect on the alive tests TCP-ACK Service Ping and TCP-SYN Service Ping (#SC-689).
- Improvement: the new scanner preference test_alive_wait_timeout was added to configure the timeout of the Boreas Alive Scanner (#SC-680).
- Improvement: the Redis caches for OpenVAS and Notus were separated, the nvticache module now only handles OpenVAS VTs and the Notus cache module now only handles Notus advisories (#SC-692).
- Improvement: a fork observing mechanism was added which makes it possible to track every fork within a parent process, to manage forked children and to set limits to the number of possible forks (#SC-565).
- Bug fix: an error was fixed where the values set for Maximum concurrently scanned hosts and Maximum concurrently executed NVTs per host were limited to 15 and 10 respectively, even if the appliance model supported larger values (#SC-696).
- Bug fix: an error was fixed where the Quality of Detection (QoD) was incorrectly displayed on the web interface and in scan reports for Notus VTs (#SC-683).
- Bug fix: an error was fixed where tasks were interrupted when the severity_vector tag of a VT contained additional metrics other than the base score metrics (#SC-706).
- Bug fix: an error was fixed where version ranges defined for a lower version bound were ignored by the Notus scanner leading to a broken version range comparison for RPM packages (#SC-694).
- Bug fix: an error was fixed where comparing the two RPM packages for Oracle Linux did not work correctly due to “1.1.1c” being parsed as “1.1.1rc0”, leading to false-positive results (#SC-691, #GS-3085).
- Bug fix: an error was fixed where comparing RPM packages for Oracle Linux that contain fips or ksplice did not work correctly and led to false-positive results (#SC-690, #GS-3085).
- Bug fix: an error was fixed where Debian packages containing a “-” were parsed incorrectly, leading to false-positive results (#SC-682, #SC-684, #GS-3034, #GS-3051, #GS-3188, #GS-3189).
- Bug fix: an error was fixed where the comparison for Debian packages was not correct, as the single parts of the version were not compared part by part, but as a whole, leading to false-positive results (#SC-677).
- Minor improvement: the error message issued when chdir fails has been reworded from “Not able to open nor to locate it in include paths” to “Not able to change working directory to” to avoid confusion (#PR-500).

22.04.3 (2022-10-06):

Greenbone OS:
- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.10-2+deb11u3 to version 2.2.10-2+deb11u4 (CVE-2022-40674).
- Security fix: the included packages libgdk-pixbuf-2.0-0:amd64 and libgdk-pixbuf2.0-common were upgraded from version 2.42.2+dfsg-1 to version 2.42.2+dfsg-1+deb11u1 (CVE-2021-44648, CVE-2021-46829).
- Minor improvement: if it exists, the superfluous file /var/lib/redis/dump.rdb is removed automatically when upgrading to GOS 22.04.3 or later (#GOS-1141).
Vulnerability Management:
- Improvement: a problem was fixed where the filter keyword first was used twice for different filter functions and thus, filtering for tasks having a first report within a certain period of time was not possible. To filter for the time of the first or last report respectively, the new filter keywords first_report_created and last_report_created have been added. These replace the previously documented keywords first and last, which are thereby deprecated for this use case (#T3-226).
- Minor improvement: the included appliance manual was updated to the current version from 2022-10-05 (#PR-482).
Vulnerability Scanning:
- Major bugfix: an error was fixed where Redis occupied an increasing amount of RAM and disk space after every reboot or VT reload, which could negatively affect system stability and scan performance (#SC-675, #SC-679, #GS-2809, #GS-2836, #GS-3000, #GS-3021).
- Bugfix: an error was fixed where Notus used the Redis namespace 0 for the advisories and not an own namespace (#SC-678).

22.04.2 (2022-09-12):

Greenbone OS:
- Major bug fix: an error was fixed where activating the SNMP service was not possible and thus, no SNMP connection to the appliance could be established (#GOS-1081).
- Improvement: a file system check is now run by default when booting a virtual appliance (#GOS-880, #GS-2111, #GS-1986, #GS-2170, #GS-2324).
- Security fix: the kernel of the hardware appliances was upgraded from version 5.10.127 to version 5.10.136 (CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879 and CVE-2022-36946).
- Improvement: the included package python-gvm was upgraded from version 22.6.1 to version 22.8.0 to assure full compatibility with GOS 22.04/GVM 22.4 (#GOS-1084).
- Security fix: the included package libxslt was upgraded from version 1.1.34-4+deb11u1 to version 1.1.34-4+deb11u1 (CVE-2021-30560).
- Security fix: the included package open-vm-tools was upgraded from version 2:11.2.5-2 to version 2:11.2.5-2+deb11u1 (CVE-2022-31676).
- Security fix: the included package zlib was upgraded from version 1:1.2.11.dfsg-2+deb11u1 to version 1:1.2.11.dfsg-2+deb11u2 (CVE-2022-37434).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-30 (#GOS-1084).
Vulnerability Scanning:
- Improvement: ospd-openvas now tries to connect to the MQTT broker every 10 seconds if the last attempt failed to ensure that there is a broker connection even if ospd-openvas was started without a broker running (#SC-651).
- Bug fix: an error was fixed where duplicate results or results of other scans appeared in the scan report (#SC-378, #SC-34, #GS-403).
- Bug fix: an error was fixed where scans were continued in the background although they were stopped by the user (#SC-624, #GS-1864).
- Bug fix: an error was fixed where nmap continued scanning although the scan was stopped by the user (#SC-626, #GS-1654).
- Bug fix: an error was fixed where, in case no MQTT broker was running, notus-scanner ended with a ConnectionRefuseError as an exception (#SC-650).
- Bug fix: an error was fixed where ospd-openvas data-pickle-files were not cleaned up properly, causing the root volume to fill up (#SC-643, #GS-2457).
- Bug fix: an error was fixed where ospd-openvas stopped working instead of showing an error message when the sha256sums files were missing (#SC-646, #DEVOPS-314).
- Bug fix: an error was fixed where Notus-based VTs did not include references in the vulnerability and result detail overviews (#SC-648).
- Bug fix: an error was fixed where ospd-openvas got stuck when starting the appliance (#SC-662).
- Bug fix: an error was fixed where SSL/TLS enabled services were not detected correctly (#SC-659, #GS-2774, #GS-2803, #GS-2836).
- Minor improvement: a case where a missing scan_id threw an error with stacktrace in the logs was changed to a warning message, as this does not block the execution of ospd-openvas (#SC-285, #GS-156).
- Minor improvement: the socket_negotiate_ssl called() logs now also show the target host’s IP addresses (#SC-625).

22.04.1 (2022-08-19):

Greenbone OS:
- Major bugfix: an error was fixed where the checksum file signature verification of the Greenbone Enterprise Feed failed, which also impeded the scanning functionality (#GOS-1079).
- Security fix: the RPC library libtirpc that is included in GOS was upgraded from version 3_1.3.1-1 to version 1.3.1-1+deb11u1 (CVE-2021-46828).
- Security fix: the library GnuTLS was upgraded from version 3.7.1-5+deb11u1 to version 3.7.1-5+deb11u2 (CVE-2022-2509).
- Security fix: the included InfoZIP’s unzip program version was upgraded from version 6.0-26 to version 6.0-26+deb11u1 (CVE-2022-0529 and CVE-2022-0530).
- Security fix: the package samba that is included in GOS was upgraded from version 2:4.13.13+dfsg-1~deb11u4 to version 2:4.13.13+dfsg-1~deb11u5 (CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746).
- Security fix: the packages libldb and python3-ldb were upgraded from version 2:2.2.3-2~deb11u1 to version 2:2.2.3-2~deb11u2 (CVE-2022-32745).
- Security fix: the included package openssl was upgraded from version openssl_1.1.1n-0+deb11u2 to version openssl_1.1.1n-0+deb11u3 (CVE-2022-2068).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-18 (#GOS-1065).

22.04.0 (2022-08-08):

Notus Scanner

With GOS 22.04, the new Notus Scanner is implemented. It scans after every regular scan, so no user interaction is necessary.

The Notus Scanner offers better performance due to less system resource consumption and thus, faster scanning.

Currently, Notus data exists for the following LSC VT families:

AlmaLinux Local Security Checks
Amazon Linux Local Security Checks
Debian Local Security Checks
EulerOS Local Security Checks
Mageia Linux Local Security Checks
Oracle Linux Local Security Checks
Red Hat Linux Local Security Checks
Rocky Linux Local Security Checks
Slackware Local Security Checks
SuSE Local Security Checks
Ubuntu Local Security Checks

Appliance Feature Set

With GOS 22.04, the feature set for some appliances is extended:

The SNMP service (GOS menu Setup > Services > SNMP) is made available for the appliance models Greenbone Enterprise 150, Greenbone Enterprise 35 and Greenbone Enterprise 25V.
The automatic time synchronization via NTP (GOS menu Setup > Timesync) is made available for the appliance model Greenbone Enterprise 25V.
The remote and local backup functionality (GOS menus Setup > Backup, Maintenance > Backup > Incremental Backup and Maintenance > Backup > List) is made available for the appliance model Greenbone Enterprise CENO.

Virtual Appliances

With GOS 22.04, the virtual hard disk sizes for virtual appliances are changed.

The new sizes are:

Greenbone Enterprise EXA: 225 GB
Greenbone Enterprise DECA/PETA/EXA: 220 GB
Greenbone Enterprise CENO: 135 GB
Greenbone Enterprise ONE: 130 GB
Greenbone Enterprise 25V: 70 GB

The new sizes are only relevant for newly installed virtual appliances. Upgraded appliances keep their partition layout and thus, their required disk size.

HTTP Web Interface Access

With GOS 22.04, unencrypted HTTP access for the web interface is not supported anymore. HTTPS must be used instead.

A valid HTTPS certificate (either self-signed, or signed by a CA) must now be configured on the appliance to use the web interface.

Backups

Password for Remote Backup Repository

Changing the backup password is recommended.

If multiple appliances use the same remote backup repository, it is recommended that each appliance uses its own unique backup password.

obnam

With GOS 22.04, obnam and all backups created with obnam are removed. Incremental backups created with GOS 6 and earlier will be removed due to incompatibility and to reclaim disk space.

If these old backups should be kept, a copy of the files must be made before upgrading to GOS 22.04. If there are any questions, contact the Greenbone Enterprise Support.

Mailhub

With GOS 22.04, a new option for enforcing the usage of SMTPS for e-mails sent by a Greenbone Enterprise Appliance is added.

For this, the GOS administration menu contains the new menu Setup > Mail > SMTP Enforce TLS.

Web Interface

Business Process Map

Task Setting Network Source Interface

With GOS 22.04, the task setting Network Source Interface is removed. If this setting was previously configured for a task, it will be ignored.

User Setting Interface Access

OVAL Definitions

With GOS 22.04, the OVAL definitions are removed from the SecInfo management in the web interface. The previous OVAL definitions were outdated and no longer served any purpose.

OSP Scanners

With GOS 22.04, the scanner type OSP Scanner is removed. It is no longer possible to create OSP scanners and select them to run scans.

This only affects the scanner type OSP Scanner, not the OSP protocol in general. The scanner type Greenbone Sensor will continue to use OSP.

Quality of Detection (QoD)

Vulnerability References

Greenbone Management Protocol (GMP)

2021-04-30: Greenbone OS 21.04

Current Patch Level: 21.04.26 (2023-04-03)

Lifecycle Status: Obsolete

21.04.26 (2023-04-03):

Greenbone OS:
- Status: the lifecycle status of GOS 21.04 was set to „retired“ for all Greenbone Enterprise Appliance models. The release is removed from the list of current releases and archived. The functionality of a retired release may be limited and no more patches are provided. Support, QA and documentation are discontinued (#PR-597).
- Bug fix: an error was fixed where after adding a temporary upgrade key, GOS upgrades did not work as expected (#GOS-1082).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2023-03-28 (#PR-599).

21.04.25 (2023-03-06):

Greenbone OS:
- Major bug fix: an error was fixed where the Greenbone feed signing key used by the appliance to verify the authenticity of various data expired unexpectedly. As a consequence, vulnerability scans and GOS upgrades were restricted, and the GOS integrity check could fail. As a fix, the expiration dates for the feed signing and support package encryption keys have been extended until 2024-12-31, and workarounds to upgrade affected appliances to a fixed version were facilitated (#GEA-123, #GS-3942, #GS-3946).
- Bug fix: an error was fixed where the upgrade from GOS 21.04 to GOS 22.04 failed when the SSH login protection feature was enabled. To prevent the error, the SSH login protection is disabled automatically during the upgrade to GOS 22.04, it will be automatically re-enabled after the upgrade is complete (#GEA-32, #GS-2620, #GS-2886, #GS-2894, #GS-2897).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2023-02-28 (#PR-582).

21.04.24 (2022-12-15):

Greenbone OS
- Security fix: the included package libksba8:amd64 was upgraded from version 1.3.5-2 to version 1.3.5-2+deb10u1 (CVE-2022-3515).
- Security fix: the included package python3.7 was upgraded from version 3.7.3-2+deb10u3 to version 3.7.3-2+deb10u4 (CVE-2022-37454).
- Security fix: the included package libxml2:amd64 was upgraded from version 2.9.4+dfsg1-7+deb10u4 to version 2.9.4+dfsg1-7+deb10u5 (CVE-2022-40303, CVE-2022-40304).
- Security fix: the included package isc-dhcp-client was upgraded from version 4.4.1-gos2008+2 to version 4.4.1-gos2008+4 (CVE-2022-2928, CVE-2022-2929).
- Security fix: the included package libdbus-1-3:amd64 was upgraded from version 1.12.20-0+deb10u1 to version 1.12.24-0+deb10u1 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012).
- Security fix: the included package libpixman-1-0:amd64 was upgraded from version 0.36.0-1 to version 0.36.0-1+deb10u1 (CVE-2022-44638).
- Security fix: the included package gdal was upgraded from version 2.4.0+dfsg-1 to version 2.4.0+dfsg-1+deb10u1 (CVE-2019-17545, CVE-2021-45943).
- Security fix: the included package vim was upgraded from version 2:8.1.0875-5+deb10u2 to version 2:8.1.0875-5+deb10u4 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2021-4193, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1619, CVE-2022-1621, CVE-2022-1720, CVE-2022-1785, CVE-2022-1851, CVE-2022-1897, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2000, CVE-2022-2129, CVE-2022-2285, CVE-2022-2304, CVE-2022-2598, CVE-2022-2946, CVE-2022-3099, CVE-2022-3134, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705).
- Minor security fix: if the optional package gsm-debug has been installed on the appliance, the included packages bind9-host and libbind9-161:amd64 are upgraded from version 1:9.11.5.P4+dfsg-5.1+deb10u7 to version 1:9.11.5.P4+dfsg-5.1+deb10u8 (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178).
- Minor security fix: if the optional package gsm-debug has been installed on the appliance, the included package sysstat is upgraded from version 12.0.3-2 to version 12.0.3-2+deb10u1 (CVE-2019-16167, CVE-2019-19725, CVE-2022-39377).
Vulnerability Management:
- Major improvement: the new WID-SEC format of the CERT-Bund advisories which has been available since June 2022, is now also supported. Numerous new WID-SEC advisories have been added to the feed and are visible on the web interface under SecInfo > CERT-Bund Advisories (#DEVOPS-355).
- Minor improvement: the included appliance manual was updated to the current version from 2022-12-13 (#PR-542).

21.04.23 (2022-10-06):

Greenbone OS:
- Status: The lifecycle status of GOS 21.04 was set to “end-of-life”. This means that while GOS 21.04 will remain functional and supported, it will receive a reduced number of patches that will be limited to critical fixes to core functionality and security issues. Note: GOS 21.04 will reach the final end of its lifecycle and be retired on 2023-03-30 (#PR-483).
- Security fix: the included package libxslt1.1:amd64 was upgraded from version 1.1.32-2.2~deb10u1 to version 1.1.32-2.2~deb10u2 (CVE-2019-5815, CVE-2021-30560).
- Security fix: the included package zlib1g:amd64 was upgraded from version 1:1.2.11.dfsg-1+deb10u1 to version 1:1.2.11.dfsg-1+deb10u2 (CVE-2022-37434).
- Security fix: the included package python3-paramiko was upgraded from version 2.4.2-0.1 to version 2.4.2-0.1+deb10u1 (CVE-2022-24302).
- Security fix: the included package libsqlite3-0:amd64 was upgraded from version 3.27.2-3+deb10u1 to version 3.27.2-3+deb10u2 (CVE-2020-35525, CVE-2020-35527, CVE-2021-20223).
- Security fix: the included package libglib2.0-0:amd64 was upgraded from version 2.58.3-2+deb10u3 to version 2.58.3-2+deb10u4 (CVE-2021-3800).
- Security fix: the included package unzip was upgraded from version 6.0-23+deb10u2 to version 6.0-23+deb10u3 (CVE-2022-0529, CVE-2022-0530).
- Security fix: the included package libexpat1:amd64 was upgraded from version 2.2.6-2+deb10u4 to version 2.2.6-2+deb10u5 (CVE-2022-40674).
- Security fix: the included package libpoppler82:amd64 was upgraded from version 0.71.0-5 to version 0.71.0-5+deb10u1 (CVE-2018-18897, CVE-2018-19058, CVE-2018-20650, CVE-2019-9903, CVE-2019-9959, CVE-2019-14494, CVE-2020-27778, CVE-2022-27337, CVE-2022-38784).
Vulnerability Management:
- Improvement: a problem was fixed where the filter keyword first was used twice for different filter functions and thus, filtering for tasks having a first report within a certain period of time was not possible. To filter for the time of the first or last report respectively, the new filter keywords first_report_created and last_report_created have been added. These replace the previously documented keywords first and last, which are thereby deprecated for this use case (#T3-226).
- Minor improvement: the included appliance manual was updated to the current version from 2022-10-05 (#PR-481).

21.04.22 (2022-09-12):

Greenbone OS:
- Improvement: a file system check is now run by default when booting a virtual appliance (#GOS-880, #GS-2111, #GS-1986, #GS-2170, #GS-2324).
- Security fix: the package open-vm-tools that is included in GOS was upgraded from version 2:10.3.10-1+deb10u2 to version 2:10.3.10-1+deb10u3 (CVE-2022-31676).
- Security fix: the package curl that is included in GOS was upgraded from version 7.64.0-4+deb10u2 to version 7.64.0-4+deb10u3 (CVE-2021-22898, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206 and CVE-2022-32208).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-30 (#GOS-1084).
Vulnerability Scanning:
- Bugfix: an error was fixed where running openvas-nasl could produce a segmentation fault when an incorrect domain was provided for a domain-joined target (#SC-639).

21.04.21 (2022-08-19):

Greenbone OS:
- Major bugfix: an error was fixed where the checksum file signature verification of the Greenbone Enterprise Feed failed, which also impeded the scanning functionality (#GOS-1079).
- Security fix: the library GnuTLS included in GOS was upgraded from version 3.6.7-4+deb10u7 to version 3.6.7-4+deb10u9 (CVE-2022-2509).
- Security fix: the version of the PostgreSQL database system was upgraded from package 11.16-0+deb10u1 to version 11.17-0+deb10u1 (CVE-2022-2625).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-08-18 (#GOS-1066).

21.04.20 (2022-08-08):

Greenbone OS:
- Improvement: the switch release to Greenbone OS 22.04.0 was unlocked for all supported appliance models (#GOS-1027).
- Bug fix: an error was fixed where abnormal remote syslog entries were created on the target remote syslog server due to erroneous line breaks (#GOS-888, #GS-2257).
- Minor improvement: a GOS menu dialog to inform about the switch release to Greenbone OS 22.04.0 was added (#GOS-846).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-07-25 (#GOS-1024).

21.04.19 (2022-06-27):

Greenbone OS:
- Security fix: the kernel of the hardware appliances was upgraded from version 5.10.113 to version 5.10.122 (CVE-2022-0494, CVE-2022-0854, CVE-2022-1012, CVE-2022-1729, CVE-2022-1786, CVE-2022-1789, CVE-2022-1852, CVE-2022-1966, CVE-2022-1972, CVE-2022-1974, CVE-2022-1975, CVE-2022-21499 and CVE-2022-28893).
- Security fix: the package openssl included in GOS was upgraded from version 1.1.1n-0+deb10u2 to version 1.1.1n-0+deb10u3 (CVE-2022-2068).
Vulnerability Management:
- Bugfix: an error was fixed where a scheduled task was started twice in a row (#AP-1991).
- Bugfix: an error was fixed where editing credentials of the type Username + SSH Key did not change the SSH key (#AP-1990).
- Minor improvement: the included appliance manual was updated to the current version from 2022-06-27 (#GOS-955).

21.04.18 (2022-05-25):

Greenbone OS:
- Security fix: the package libxml2 included in GOS was upgraded from version 2.9.4+dfsg1-7+deb10u3 to version 2.9.4+dfsg1-7+deb10u4 (CVE-2022-29824).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-05-24 (#GOS-884).

21.04.17 (2022-05-19):

Greenbone OS:
- Security fix: the package openssl included in GOS was upgraded from version 1.1.1n-0+deb10u1 to version 1.1.1n-0+deb10u2 (CVE-2022-1292).
- Security fix: the package postgresql included in GOS was upgraded from version 11.14-0+deb10u1 to version 11.16-0+deb10u1 (CVE-2022-1552).
- Bugfix: an error was fixed where a wrong check was used to determine whether a beaming image can be imported and the corresponding dialog in the GOS administration menu was changed to avoid confusions (#GOS-874).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-05-18 (#GOS-876).

21.04.16 (2022-05-12):

Greenbone OS:
- Improvement: a function was implemented that will remove old incremental backups created with GOS 6 or earlier locally and remotely when upgrading to the next major GOS version since the backups are incompatible with all currently supported GOS versions and in order to reclaim hard disk space (#PL-835).
- Improvement: the GOS kernel of hardware appliances was updated to include fixes for CVE-2021-4197, CVE-2022-0168, CVE-2022-1016, CVE-2022-1048, CVE-2022-1158, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1353, CVE-2022-1516, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390 and CVE-2022-29582 (#PL-864).
- Improvement: the GOS kernel of virtual appliances was updated to include fixes for CVE-2022-0168, CVE-2022-1158, CVE-2022-1195, CVE-2022-1199 and CVE-2022-29582 (#PL-86).
- Security fix: the packages gzip and xz-utils were upgraded to versions 1.9-3+deb10u1 and 5.2.4-1+deb10u1 respectively (CVE-2022-1271).
- Security fix: the package zlib was upgraded to version 1:1.2.11.dfsg-1+deb10u1 (CVE-2018-25032).
- Bugfix: an error was fixed for master-sensor setups where unnecessary checks for osp resulted in the (previously correctly configured) file /var/lib/gvm/sensor_ports.tsv being overwritten with an empty file (#PL-719).
- Bugfix: an error was fixed where a VLAN’s IP address was not recognized by the self-check if only a VLAN was configured as the network connection resulting in a self-check warning and several GOS upload menu dialogs, e.g., Setup > Feed > Key(HTTP), not working correctly (#PL-821).
- Minor improvement: the list of valid feed servers was updated (#PL-839).
- Minor improvement: a function was implemented to create an override for the feed server used. However, the overwritten feed server must still be part of the list of valid feed servers (#PL-837, #PL-840).
- Minor improvement: the URL for feed_home in the feed.xml files was updated to https://www.greenbone.net/en/feed-comparison/ (#PL-862).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-05-12 (#PL-870).
Vulnerability Scanning:
- Bugfix: an error was fixed where openvas-nasl-lint was not able to detect issues in several vulnerability tests (#SC-584).
- Improvement: the functions of wmic were extended to make it possible to add an optional ‘options’ parameter (#SC-568).
- Minor improvement: the nasl linter count error message was modified to reflect that the number of scripts with errors is counted and not the total amount of errors (#SC-561).
- Minor improvement: the unnecessary variable ${LIBNET_LDFLAGS} in target_link_libraries was removed from the file nasl/CMakeLists.txt (#SC-551).
- Minor bugfix: a SIGSEGV handle that may cause a process not to terminate has been fixed (#SC-552).

21.04.15 (2022-03-17):

Greenbone OS:
- Improvement: pam_tally2 that was used to protect the system from brute force attacks over SSH was replaced by pam_faillock as the former is deprecated (#PL-774).
- Security fix: the package openssl included in GOS was upgraded from version 1.1.1d-0+deb10u7 to version 1.1.1d-0+deb10u8 (CVE-2021-4160 and CVE-2022-0778).
- Security fix: the package cyrus-sasl2 included in GOS was upgraded from version 2.1.27+dfsg-1+deb10u1 to version 2.1.27+dfsg-1+deb10u2 (CVE-2022-24407).
- Improvement: the menu option Advanced > Copyright and Licenses has been redesigned to a dialog-like menu (#PL-766).
- Bugfix: an error was fixed where TLS 1.3 cipher suites could not be configured in the gos-state-manager (#PL-793).
- Bugfix: an error was fixed where explicitly configured routes were ignored by the scanner (#PL-736, #SC-499 #GS-1278).
- Bugfix: a configuration error on master-sensor setups was fixed that occured when the DNS server was misconfigured or not reachable (#PL-768).
- Minor improvement: for master-sensor setups the standard SSH “REMOTE HOST IDENTIFICATION HAS CHANGED” warning message was changed to be more user-friendly (#PL-104).
- Minor improvement: the dialog that is displayed when no backups for restoring are found was improved (#PL-770).
- Minor improvement: the menu option Advanced > Copyright and Licenses in the GOS administration menu was updated to show the new license information for the Greenbone Enterprise Feed (#PL-766).
- Minor bugfix: an error was fixed were upgrading to a GOS version with a newer postgres package resulted in an unwanted and misleading log message (#PL-744).
Vulnerability Management:
- Major bugfix: an error was fixed where tasks resumed at 0 % had the status “Requested” forever and, after rebooting the appliance, the status “Interrupted at 0 %” (#AP-1893).
- Bugfix: an error was fixed where executing the script create-consolidated-report.gmp.py resulted in an error message (#AP-1819).
- Bugfix: the logging was fixed to show a certain backtrace error that was only shown in development environments before (#AP-1871, #GS-849).
- Bugfix: an error was fixed where gvm-tools failed to execute commands if the known_host file did not exist for a user (#AP-1582).
- Minor improvement: the copyright on the “About” page of the appliance’s web interface was updated to “2009-2022” (#PL-780).
- Minor improvement: the included appliance manual was updated to the current version from 2022-03-17 (#PL-823).
Vulnerability Scanning:
- Improvement: the scanner has been extended to detect and report SSL/TLS services requiring a client certificate (#SC-474).
- Improvement: the scanner has been extended to detect and connect to SSL/TLS services using short diffie-hellman (DH) primes (< 1008 bits) (#SC-441).
- Bugfix: an error was fixed where the sequence of starting and stopping a task and then starting (not resuming) the same task – one immediately after the other – led to the scanner running unmonitored in the background (#SC-505).
- Minor improvement: some SSL/TLS failure log messages have been extended with the hostname of the affected scan target for debugging purposes (#SC-486, #GS-843).
- Minor improvement: where possible, g_memdup() was replaced by g_memdup2() and otherwise by memcpy (#SC-502).
- Minor bugfix: an error was fixed where the host name was not recognized by the scanner from time to time (#SC-528, #GS-1302).

21.04.14 (2022-03-11):

Greenbone OS:
- Security fix: for virtual appliances, the Linux kernel was upgraded to version 4.19.232-1 (CVE-2021-20322, CVE-2022-0492 and CVE-2022-0847).
- Security fix: for hardware appliances, the Linux kernel was upgraded to version 5.10.103-1 (CVE-2022-0185, CVE-2022-0492 and CVE-2022-0847).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-03-11 (#PL-817).

21.04.13 (2022-02-25):

Greenbone OS:
- Security fix: the library Expat included in GOS was upgraded from version libexpat1:amd64 2.2.6-2+deb10u1 to version libexpat1:amd64 2.2.6-2+deb10u3 (CVE-2022-23852).
- Security fix: the Redis server included in GOS was upgraded from version 5:5.0.14-1+deb10u1 to version 5:5.0.14-1+deb10u2 (CVE-2022-0543).
Vulnerability Management:
- Minor improvement: the included appliance manual was updated to the current version from 2022-02-25 (#PL-789).

21.04.12 (2022-01-31):

Greenbone OS:
- Improvement: nginx was updated to version 1.20.2 to support configuring TLSv1.3 (#PL-735).
- Minor improvement: the GOS administration menus Setup > Timesync, Setup > Remote Syslog and Setup > Time have been revised regarding the appliance time zone to avoid confusion (#PL-753).
- Minor bugfix: an error was fixed where configuring a global gateway for a network interface that did not have an IP address assigned caused an errors in the logs (#PL-682).
- Minor bugfix: for master-sensor setups, an error was fixed where the ED25519 host key could not be added for the IP address if a host name was chosen as the sensor’s address (#PL-740).
Vulnerability Management:
- Minor improvement: the log messages “databases are already at the supported version” and “OSPd OpenVAS is still starting” have been changed from warnings to info messages (#AP-1864).
- Minor improvement: the included GSM manual was updated to the current version from 2022-01-31 (#PL-763).
Vulnerability Scanning:
- Bugfix: an error was fixed where tasks were not completed but were pending indefinitely (#SC-490).

21.04.11 (2022-01-04):

Greenbone OS:
- Security fix: the Diffie-Hellman Ephemeral (DHE) key exchange algorithms were disabled for the default settings of the nginx web server (CVE-2002-20001).
- Security fix: the Diffie-Hellman Ephemeral (DHE) key exchange algorithms were disabled in all cases for the SSH service (CVE-2002-20001).
- Major bugfix: an error was fixed where running scans were either stopped or interrupted when changing the HTTPS timeout setting via the GOS administration menu (#PL-707).
- Bugfix: an error was fixed where the command gvmd –rebuild did not finish, or ran in the background and was not caught by the upgrade system operation during a GOS upgrade (#PL-722).
- Bugfix: an error was fixed where the GOS network manager failed to reload during a GOS upgrade (#PL-706, #GS-914).
- Bugfix: an error was fixed where changing the HTTPS ciphers/protocols without using the setup wizard after upgrading to GOS 21.04 did not remove the self-check warning about ciphers/protocols (#PL-699).
- Bugfix: an error was fixed where moving one or more network interfaces with a static IPv6 address from the management namespace to the scan1 namespace, or vice versa, did not work as intended (#PL-681).
- Bugfix: an error was fixed where a vulnerability scan of GOS 21.04 reported “Missing Linux Kernel mitigations for ‘TAA – TSX Asynchronous Abort’ hardware vulnerabilities” (OID: 1.3.6.1.4.1.25623.1.0.108846) as a result (#PL-716).
- Bugfix: an error was fixed where a vulnerability scan of GOS 21.04 reported “Missing Linux Kernel mitigations for ‘MDS – Microarchitectural Data Sampling’ hardware vulnerabilities” (OID: 1.3.6.1.4.1.25623.1.0.108840) as a result (#PL-717).
- Minor bugfix: an error was fixed where the connection to the GSM was ended and a traceback error message appeared after uploading an HTTPS certificate that uses an unsupported Elliptic Curve Crypthography (ECC) algorithm (#PL-700).
Vulnerability Management:
- Minor improvement: when a segmentation fault occurs in the gvmd service, a backtrace can now be written to the log file if the appropriate log levels are set (#AP-1820, #GS-849).
- Minor improvement: the deprecated user setting Default Report Format was removed (#AP-1714).
- Minor improvement: the included GSM manual was updated to the current version from 2021-12-30 (#PL-734).
Vulnerability Scanning
- Bugfix: an error was fixed where a segmentation fault occured if openvas updated the VT info into the redis store from the VT files and no openvas_log.conf file existed (#SC-468).
- Bugfix: an error was fixed where HTTPS certificates using Elliptic Curve Cryptography (ECC) were detected as using RSA cryptography (#SC-473).
- Minor improvement: the function ssh_shell_read() was reworked for improved data retrieval. Previously, the function read the received data until a fixed buffer of 4096 was reached and then returned the data. Now the function receives the parameter “timeout” (#SC-452).

21.04.10 (2021-12-02):

Greenbone OS:
- Improvement: for hardware appliances, the GOS kernel was updated to include a fix for CVE-2021-20322 (#PL-704).
- Improvement: the Redis version was updated to include the DSA-5001-1 redis — security update (#PL-691).
- Bugfix: an error was fixed where domains for SNMPD names containing hyphens were not accepted (#PL-695, #GS-747).
- Bugfix: an error was fixed where data including rn instead of n used for line breaks caused wrong logging in the GOS log files (#PL-680, #GS-741).
- Bugfix: an error was fixed where some verinice alert logs were ASCII encoded (#PL-685).
- Minor improvement: to prepare for the next major release, the greenbone-security-assistant package was split into the packages greenbone-security-assistant and greenbone-security-assistant-daemon (#PL-698, #AP-1680).
- Minor improvement: to prepare for the next major release, the ospd and ospd-openvas packages were merged into the ospd-openvas package (#SC-433).
Vulnerability Management:
- Bugfix: an error was fixed where CVE scans got interrupted at 0 % (#AP-1727, #GS-661).
- Bugfix: an error was fixed where reports with the report formats “Vulnerability Report PDF” and “Vulnerability Report HTML” were returned as empty files if a management IP address was set (#AP-1651, #PL-696, #GS-704, #GS-395, #GS-721)
- Bugfix: an error was fixed where a PostgreSQL deadlock could occur when deleting or cloning a task (#AP-1506, #GS-149, #GS-163, #2021061710000033).
- Minor bugfix: an error was fixed where the OSP parameters of ospd-openvas were passed on to other OSP scanners instead of their own parameters (#AP-1726).
- Minor bugfix: an error was fixed where the texts under “Insight” and “Detection Method” in the result details on the web interface were not formatted correctly (#AP-1696, #AP-1005, #AP-1009).
- Minor improvement: the process ID (PID) runtime directories of the gvmd and gsad services were separated, e.g., /run/gvmd for gvmd and /run/gsad for gsad (#AP-1789).
- Minor improvement: if performance graphs are missing, an error message is now displayed (#AP-1478, #PL-537, #2021061010000046).
- Minor improvement: the included GSM manual was updated to the current version from 2021-11-26 (#PL-709).
Vulnerability Scanning:
- Extension: a functionality for getting the local and the remote MAC address of a target was added (#SC-382).
- Extension: a functionality for forging frames on the local link layer (modifying the source and destination MAC addresses) was added (#SC-383).
- Improvement: SSL/TLS failures are now only logged once per vulnerability test in order not to clutter the log messages (#SC-454, #GS-843).
- Bugfix: two errors were fixed where the function isotime_add() did not work and returned an empty string/NULL, and where the function did not fill up missing seconds/minutes with zeros in the time format given to string2isotime() (#SC-455).
- Minor bugfix: an error was fixed where the ENCAPS_TLSv13 definition was missing in nasl_init.c (#SC-453).

21.04.9 (2021-11-01):

Greenbone OS:
- Improvement: the gvm-tools included in GOS have been updated to version 21.10.0 (#PL-684).
- Minor improvement: information about the time synchronization (gsm-timesync) is now included in the Greenbone Support Package (#PL-672).
- Minor improvement: the GOS copyright and licensing (“Advanced > Copyright and Licenses” GOS menu) was updated (#PL-656).
- Minor improvement: the plug-in “NSIS Simple Service Plugin” was updated to version 1.30 and the plug-in “NSIS Simple Firewall Plugin” was updated to version 1.20 (#PL-242).
- Major bugfix: an error was fixed where feed update were not possible on sensor appliances (GSM 35 and GSM 25V) if triggered directly on the sensor (#PL-668).
- Bugfix: to prevent errors, major GOS upgrade are now prevented if an invalid route 0.0.0.0/0 is configured (#PL-659, #GS-643).
- Minor bugfix: an error was fixed where lcdproc.service exited abnormally with a non-zero return code when stopped during a shutdown/reboot (#PL-677).
- Minor bugfix: an error was fixed where GOS upgrades from a retired to an end-of-life GOS version were not possible (#PL-664).
- Minor bugfix: an error was fixed where it was possible to have multiple sensors with the same IP address or host name in the sensor list (#PL-125).
Vulnerability Management:
- Minor improvement: the included GSM manual was updated to the current version from 2021-10-26 (#PL-679).
Vulnerability Scanning:
- Improvement: the two functions nasl_socket_ssl_do_handshake() (allows to do a re-handshake over an already established TLS/SSL session) and nasl_socket_check_ssl_safe_renegotiation() (do a status check over an already established TLS/SSL session to know if secure/safe renegotiation is supported or not) were added to the scanner (#SC-394).
- Minor improvement: for TLS algorithms in scan results, the mapping of the detected algorithm IDs to their corresponding names was improved (#SC-417).
- Bugfix: an error was fixed where scans of targets with subnet mask /16 and with multiple excluded networks were interrupted (#SC-350, #GS-280).
- Bugfix: an error was fixed where scans of 32256 hosts caused “free(): invalid pointer” and were interrupted or stuck afterwards (#SC-229).
- Bugfix: an error was fixed where the ospd scanner wrapper failed with a traceback, causing interrupted scans (#SC-369).

21.04.8 (2021-10-13):

Greenbone OS:
- Major bugfix: an error for appliances with network namespaces was fixed where the listen address for the scan1 namespace was not added to /etc/dnsmasq.conf as expected resulting in the domain name resolution not working (#PL-661, #GS-645, #GS-651, #GS-655, #GS-657, #GS-659).
- Bugfix: an error was fixed where the lock files /var/lib/openvas/feed-update.lock and /var/lib/gvm/feed-update.lock could only be opened with root permissions, resulting in subsequent errors (#PL-654, #PL-623, #SC-418, #GS-541).
- Bugfix: an error was fixed where more VLANs than allowed could be created on appliances with more physical interfaces than expected (#PL-14, #PL-448).
Vulnerability Management
- Minor improvement: the included GSM manual was updated to the current version from 2021-10-13 (#PL-665).

21.04.7 (2021-10-05):

Greenbone OS
- Improvement: the self-check now also warns when there are problems with the services greenbone-security-assistant.service, greenbone-vulnerability-manager.service, gsm-pheme.service, ospd-openvas.service (#PL-115, #2020022610000025).
- Improvement: a new configuration option to select between two Diffie-Hellman (DH) parameter options (2048 and 4096) was added to the „Setup > Services > HTTPS“ GOS menu (#PL-619).
- Minor improvement: the sudo rule was expanded to allow ping commands in the scan1 namespace (#PL-641).
- Minor improvement: a man page was created and added to gos-network-manager.service (#PL-286).
- Bugfix: an error was fixed where the nginx self-check for a management IPv6 address failed (#PL-648).
- Bugfix: an error was fixed where some keyboards of older generations were not recognized by the GSM 6400 (#PL-644).
- Bugfix: an error was fixed where management IPv6 addresses were not displayed in nginx’s default file and the [::] address was used instead (#PL-638).
- Bugfix: an error was fixed where GOS upgrades failed when a route was created for an interface, but no static IP address was set up. Routes are now only added if an IP address is set up for the same interface (#PL-573, #GS-178).
- Bugfix: an error was fixed where GOS upgrades could fail if an IPv6 address was configured for the DNS server (#PL-635, #GS-487).
- Bugfix: an error was fixed where global gateways could be entered as interface routes which caused errors in the network backend (#PL-588).
- Bugfix: an error was fixed where dnsmasq failed to create a listening socket if IPv6 was enabled (#PL-81, #2019112110000011).
- Bugfix: an error was fixed where dnsmasq failed to create a listening socket on GSM models without the network namespaces feature (#PL-589).
- Bugfix: an error was fixed where interfaces where DHCPDISCOVER was active caused networking service, ansible and upgrade failures (#PL-79).
- Bugfix: an error was fixed where the package apt-utils was missing during upgrades (#PL-394).
Vulnerability Management
- Improvement: if a scan does not return any results, possible reasons for the missing results are now displayed on the report page (#AP-1032).
- Minor improvement: The included GSM manual was updated to the current version from 2021-10-01 (#PL-650).
- Bugfix: an error was fixed where some reports could not be imported into a container task (#AP-1641, #AP-1654, #GS-473, #GS-419).
- Bugfix: an error was fixed where a user with minimal global permissions could create a ticket that could not be saved (#AP-1474, #GS-125).
Vulnerability Scanning
- Improvement: the NASL function eregmatch() now returns all matches if the option find_all: TRUE is passed to the function (#SC-395).

21.04.6 (2021-09-08):

Greenbone OS:
- Improvement: The configuration of the GOS nginx server was revised for better default security (#PL-560, #PL-590).
- Improvement: A new configuration option to enable HTTP Strict Transport Security (HSTS) was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
- Improvement: A new configuration option to enable Online Certificate Status Protocol (OCSP) stapling was added to the “Setup > Services > HTTPS” GOS menu (#PL-560).
- Improvement: The feed data objects are now rebuilt during GOS feed updates and when upgrading to GOS 21.04.6 or later, if a feed import owner is set. This will automatically fix problems with these objects if they were corrupted in the database previously (#PL-632, #AP-1645, #AP-1646).
- Security fix: the package openssl included in GOS was upgraded form version 1.1.1d-0+deb10u6 to version 1.1.1d-0+deb10u7 (CVE-2021-3711 and CVE-2021-3712).
- Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 21.04.6 or later, or when changing the “Feed Import Roles” setting (#PL-564).
- Bugfix: A GSM master now pushes both APT feeds (for the current and previous GOS versions) to its sensors (#PL-594, #GS-271).
- Bugfix: An error was fixed where sensors failed to get APT files via a feed push by the master (#PL-542, #GS-121).
- Bugfix: An error was fixed where switching from a static IP address to an identical DHCP IP address removed the IP address until rebooting the GSM (#PL-590).
- Bugfix: An error was fixed where a superfluous IPv6 address was assigned to a network interface, when using the new GOS network manager and IPv6 (#PL-578, #GS-182).
- Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
- Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
- Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625).
- Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
- Bugfix: There were problems with the checksums of VTs when switching between GCF and GSF. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-605).
- Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
- Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
- Bugfix: An error was fixed where empty performance graphs for deleted virtual interfaces in the management namespace were still shown on the web interface. After deleting a virtual interface, a reboot is required to remove the graphs (#PL-403, #2019032710000104).
- Bugfix: An error was fixed where the HTTPS certificates of GSM TRIAL did not work (#PL-597).
- Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
- Minor improvement: The selfcheck menu texts for the GOS lifecycle states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
- Minor improvement: The log /var/log/pheme/pheme.log is now included in the GOS Support Package (#PL-609).
Vulnerability Management:
- Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
- Bugfix: An error was fixed where targets with invalid port lists caused the Trashcan page to break (#AP-1581, #GS-205).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-611).
Vulnerability Scanning:
- Improvement: A functionality was added to the scanner to initialize an FXP connection. Based on this functionality, vulnerability tests for SFTP detection can be implemented (#SC-376).
- Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).
- Bugfix: An error was fixed where the timeout preference for VTs could not be set with the gvm-tools included in GOS. Setting the timeout via the web interface was not affected by the bug (#SC-352).

21.04.5 (2021-08-02):

Greenbone OS:
- Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
- Bugfix: Importing HTTPS certificates with weak encryption, e.g. 1024-bit RSA, caused an error. To prevent the error and to improve security, it is now no longer possible to import such weak certificates (#PL-574, #GS-160).
- Bugfix: When using the new network manager, configuring a VLAN with the ID 4094 caused an error (#PL-579, #GS-201).
- Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
- Bugfix: The GOS ansible tasks when restarting the ospd-openvas service could be executed in the wrong order (#PL-488).
- Bugfix: Configuring scanner settings, e.g. “log_whole_attack”, while a scan was running caused several errors (#PL-230).
- Bugfix: The maximum number of simultaneous SSH connections for GSM master-sensor setups has been increased (#PL-543).
- Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
- Minor improvement: A warning dialog is now shown when configuring a management IP for a DHCP-enabled network interface (#PL-457).
- Minor improvement: The readability of LCD info messages for airgap feed updates has been improved (#PL-263).
- Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
- Minor bugfix: The labels for the GSM models 5300 and 6400 had minor display issues (#PL-524).
Vulnerability Management:
- Improvement: The performance when managing tasks or audits with a large number of hosts has been improved (#AP-1432).
- Improvement: The performance when adding a large number of results to reports has been improved (#AP-1495, #2021061710000033).
- Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
- Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
- Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
- Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
- Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
- Bugfix: In rare cases, the “Alerts” list page could not be displayed after upgrading to GOS 21.04 (#AP-1444, #2021052810000014).
- Bugfix: When cloning an alterable task or audit, the clone is now also alterable (#AP-1425).
- Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
- Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
- Bugfix: For VTs with a CVSS 3.1 severity, the CVSS origin and date information was not displayed in the web interface (#AP-1103).
- Bugfix: For deprecated VTs, the deprecation information was not displayed in the web interface (#AP-1078).
- Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
- Minor improvement: The descriptions of charts in the web interface have been improved, and superfluous descriptions have been removed (#AP-1170).
- Minor improvement: The placeholder text “GVM” in alerts has been replaced with “GSM” (#PL-494).
- Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-08-02 (#PL-568).
- Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
- Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
- Minor bugfix: For VTs with references, the reference types were not displayed in the web interface (#AP-898).
Vulnerability Scanning:
- Extension: Added a new experimental feature that allows the configuration of a second set of SSH credentials to gain elevated privileges on a target system, e.g. root. For a detailed description please refer to the GSM manual (PP-87).

21.04.4 (2021-07-12):

Greenbone OS:
- Bugfix: Upgrading to GOS 21.04.3 on a GSM 400, 450, 600, 650, 5300, 5400, 6400 or 6500 showed a false positive integrity selfcheck problem (#PL-561).
- Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
- Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
Vulnerability Management:
- Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-09 (#PL-562).

21.04.3 (2021-07-08):

Greenbone OS:
- Bugfix: When using the new GOS network mode, user-defined routes are now created with the ‘onlink’ parameter as a fallback and only if the route creation fails without the parameter. This may solve some specific route creation errors (#PL-541).
- Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
- Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
Vulnerability Management:
- Bugfix: If the trend of VT families in scan configs was set to include and activate new VTs automatically after a feed update, preferences for VTs in these families were not applied correctly. This could prevent the disabling of the brute force and default login checks for the “Full and …” configs, for example (#AP-1490, #2021061510000153).
- Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476).
- Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-07 (#PL-558).

21.04.2 (2021-06-08):

Greenbone OS:
- Bugfix: When using the new GOS network mode, the deletion of certain routes could fail (#PL-514, #2021052610000027).
- Bugfix: When using the new GOS network mode, the configuration of a global gateway failed if it was located in another network and could only be reached via a user-defined route (#PL-529, #2021060410000012).
- Bugfix: A false positive selfcheck warning could occur when switching to the new GOS network mode (#PL-445).
- Bugfix: Beaming images could not be created if the network interface eth0 was not used (#PL-482, #2021051010000075).
- Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
- Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
- Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, the file had the wrong permissions (#PL-476).
- Minor bugfix: When importing a certificate authority (CA) file for the VPN feature, it is now checked whether the file is a certificate file before processing it (#PL-475).
- Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
- Minor improvement: For the integrated web server, GZIP HTTP compression has been replaced by HTTP/2 compression (#PL-496, #2021051810000051).
- Minor improvement: The postgres configuration file is now included in the GOS support package for debugging purposes (#PL-426).
Vulnerability Management:
- Improvement: The hash algorithm used for GVM user passwords has been updated from MD5 to SHA-512. Password hashes for new users will automatically use the new algorithm. Passwords hashes for existing users will be automatically updated using the new algorithm when a user logs in or when the password of a user is changed (#AP-1254).
- Bugfix: The error “Whole-only families must include entire family and be growing” occured when editing and saving any “Full and …” scan config (#AP-1359, #2021052610000045).
- Bugfix: Scans could get stuck if the target had a HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929).
- Bugfix: In some cases reports could not be displayed in the web interface due to missing severity elements (#AP-1427, #AP-1434, #2021051010000011).
- Bugfix: Overrides and notes could not be created directly from results (#AP-1353, #AP-1407, #2021052110000018).
- Bugfix: When importing a GOS 20.08 backup with GMP scanners in GOS 21.04, the scanners would be migrated to OpenVAS scanners. They are now migrated to Greenbone Sensors as expected (#AP-1323).
- Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
- Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
- Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
- Minor bugfix: Saving schedules that had only a number as a name was not possible (#AP-933, #2021020210000087).
- Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
- Minor improvement: When creating a new scanner in the web interface, the default type is now “Greenbone Sensor” (#AP-1318).
- Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
- Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433, #2021051810000051).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-06-04 (#PL-528).
Vulnerability Scanning:
- Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215).
- Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226, #2021051010000011).

21.04.1 (2021-05-19):

Greenbone OS:
- Bugfix: When using the new GOS network mode, DHCPv6 and a Global Gateway with an IPv6 address at the same time, an error occured (#PL-450).
- Bugfix: When using the new GOS network mode and a network route containing ‘::/0’, an error occured (#PL-468, #GS-41, #2021050710000189).
- Bugfix: When using the new GOS network mode and DHCPv6, if all DHCP requests timed out, the network manager entered a failed state (#PL-397).
- Bugfix: When using the new GOS network mode and saving IPv6 configuration changes, “Getting system network status failed” messages could appear in the logs (#PL-469, #GS-39).
- Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
- Bugfix: When restoring a USB backup with the network mode ‘gnm’, the mode was sometimes set to ‘default’ (#PL-431).
- Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
- Bugfix: On some GSM 35 appliances, the ‘gsm-hardware’ package was erroneously removed when upgrading to GOS 21.04, causing the appliances not to boot (#PL-464, #GS-29, #GS-35, #2021050510000058).
- Bugfix: On the GSM TRIAL appliance, the ‘texlive-fonts-recommended’ package was erroneously removed with GOS 21.04.0, causing missing text in PDF reports (#PL-470).
- Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
- Bugfix: For the VPN feature, the deprecated ‘comp-lzo’ option has been disabled to prevent a traceback when uploading certain PKCS#12 files (#PL-455).
- Bugfix: The feed or upgrade push from a GSM master appliance to a GSM sensor appliance could show a false positive error in the logs (#PL-486).
- Minor improvement: The PKCS#12 file required for the VPN feature no longer needs to contain a certificate authority (CA) file. PKCS#12 files that contain only a certificate and a key can now be uploaded. In addition, a new GOS menu option to upload a single certificate authority (CA) file has been added (#PL-455).
- Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
- Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
- Minor improvement: The notifications for the new GOS network mode have been made more detailed as well as easier to understand (#PL-454, #PL-466).
- Minor improvement: Subject alternative name fields have been added to the remote syslog certificate generation menu (#PL-418).
- Minor improvement: A subject alternative name has been added to the default HTTPS certificate of the GSM TRIAL (#PL-443).
- Minor improvement: The subject alternative name fields for E-Mail and URI are now checked for correct input (#PL-409, #PL-410).
- Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
- Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
- Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
Vulnerability Management:
- Bugfix: For results of CVE scan reports, the result names were missing (#AP-1305).
- Bugfix: Changing the result UUID of an existing note was not possible (#AP-1124).
- Bugfix: Editing the RADIUS secret key in the web interface was not possible (#AP-1275).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-05-17 (#PL-484).
Vulnerability Scanning:
- Bugfix: When scanning targets with virtual hosts (vhosts), not all virtual host names were detected (#SC-194).

21.04.0 (2021-04-30):

Reports With GOS 21.04, two new report format are introduced: Vulnerability Report PDF and Vulnerability Report HTML. The new report formats are modern and clear in appearance and structure. They contain information about all vulnerabilities found.

CVSS With GOS 21.04, CVSS v3.0/v3.1 is supported. The extent of the CVSS v3.0/v3.1 support depends on the Greenbone Security Feed. However, VTs and CVEs may contain CVSS v2 and/or CVSS v3.0/v3.1 data. If a VT/CVE contains both CVSS v2 data and CVSS v3.0/v3.1 data, the CVSS v3.0/v3.1 data is always used and shown. The page CVSS Calculator now contains both a calculator for CVSS v2 and a calculator for CVSS v3.0/v3.1. The CVSS Base Vector shown in the details preview and on the details page of a VT can now be v2, v3.0 or v3.1. The table on the page CVEs now contains the entries Name, Description, Published, CVSS Base Vector and Severity. The CVSS Base Vector can be v2, v3.0 or v3.1. Clicking on the CVSS base vector opens the page CVSS Calculator. The input boxes of the corresponding calculator are already pre-filled.

Boreas Alive Scanner The Boreas alive scanner is a host alive scanner that identifies the active hosts in a target network. It was introduced with GOS 20.08, but was still optional. With GOS 21.04, the Boreas alive scanner is made default. In comparison to the port scanner Nmap that was traditionally used, the Boreas alive scanner is not limited regarding the maximum number of concurrently performed alive status scans and thus, faster. It is especially suitable for large network ranges with only a small number of active hosts.

Hardware Appliances With GOS 21.04, a new generation of Midrange hardware appliances is introduced. The new hardware now uses SSD-type hard drives instead of HDDs, which are 10 times faster and also quieter and lighter. There is also more hard drive space available. The RAM type is now DDR4 instead of DDR3, which makes the RAM much faster due to a higher clock rate (3200 MHz). There is also twice to four times as much RAM available. Additionally, a new, faster CPU of the latest generation has been installed. Additionally, the ports of the appliances changed from 6 ports GbE-Base-TX and 2 ports 1 GbE SFP to 8 ports GbE-Base-TX and 2 ports 10 GbE SFP+. The product names remain as they are.

Virtual Appliances The officially supported hypervisors for the virtual appliances are changed with GOS 21.04. The GSM EXA/PETA/TERA/DECA and 25V can be used with Microsoft Hyper-V, VMware vSphere Hypervisor (ESXi) and Huawei FusionCompute. The GSM CENO can be used with Microsoft Hyper-V and VMware vSphere Hypervisor (ESXi). The GSM ONE can be used with Oracle VirtualBox, VMware Workstation Pro and VMware Workstation Player. Additionally, GOS 21.04 supports the ARM instruction set on Huawei FusionCompute.

Scanning Through a VPN With GOS 21.04, OpenVPN is integrated in GOS to enable scanning through a Virtual Private Network (VPN). This feature is only available on virtual appliances of the Midrange Class. The VPN feature allows for targets that are reachable via the VPN tunnel to be scanned, but has no effect on other targets, network settings, or master-sensor connections. The VPN connection is configured and established via the GOS administration menu using the IP address of the VPN and a PKCS#12 file containing the necessary certificate authority, certificate, and private key files.

HTTPS The menus under Setup > Services > HTTPS > Certificate > Generate and Setup > Services > HTTPS > Certificate > CSR allow the configuration of a Subject Alternative Name (SAN).

Network Backend With GOS 21.04, the network configuration backend in GOS is improved. This prevents loss of connectivity in specific network setups as well as connection issues with SSH sessions. The GSM no longer needs to be restarted after specific network settings have been changed. The networking mode can be updated to the new mode gnm directly after upgrading to GOS 21.04. If the networking mode is not updated directly after upgrading, it can be changed in the new menu under Setup > Network > Switch Networking Mode.
Simultaneous Scanning via Multiple IP Addresses Some devices – especially IoT devices – may crash when scanned via several IP addresses at the same time. For example, this can happen if the device is connected via IPv4 and IPv6. With GOS 21.04, it is possible to avoid scanning via several IP addresses at the same time using the new setting Allow simultaneous scanning via multiple IPs when creating a target. The default of this setting is Yes and reflects the behavior of previous GOS releases.

2020-08-31: Greenbone OS 20.08

Current Patch Level: 20.08.13 (2021-12-02)

Lifecycle Status: Obsolete

20.08.13 (2021-12-02):

Greenbone OS:
- Status: the lifecycle status of GOS 20.08 was set to “retired” for all GSM models. An upgrade notification will be displayed in the GOS self-check (#PL-710).
- Minor bugfix: an error was fixed where it was not possible to upgrade from a retired to an end-of-life GOS version (#PL-664).
Vulnerability Management:
- Minor improvement: the included GSM manual was updated to the current version from 2021-11-26 (#PL-713).

20.08.12 (2021-09-08):

Greenbone OS:
- Status: The lifecycle status of GOS 20.08 was set to “end-of-life” (#PL-600).
- Security fix: the package openssl included in GOS was upgraded from version 1.1.1d-0+deb10u6 to version 1.1.1d-0+deb10u7 (CVE-2021-3711 and CVE-2021-3712).
- Bugfix: Erroneous user permissions for the feed data objects are now automatically fixed when upgrading to GOS 20.08.12 or later, or when changing the “Feed Import Roles” setting (#PL-564).
- Bugfix: An error was fixed where only a maximum of 12 sensors could be configured for a GSM 650. 20 sensors can now be configured as intended (#PL-580, #GS-202).
- Bugfix: An error was fixed where the flash image was written to the hard disk if no CompactFlash (CF) card was installed (#PL-608).
- Bugfix: An error was fixed where an airgap sensor fetched a feed update via FTP but did not install it (#PL-625, #GS-409).
- Bugfix: In master-sensor setups with different feeds (GCF/GSF), the sensor could get mixed feed information. To prevent this problem, the existing GCF metadata and cache are now deleted when importing a GSF key (#PL-577).
- Bugfix: An error was fixed where the greenbone_signing_key.py integrity check failed after a GOS upgrade (#PL-591).
- Bugfix: An error was fixed where the authorized_key.sh integrity check failed after a GOS upgrade if SSH keys had been added to the system previously (#PL-596).
- Bugfix: An error was fixed that caused system integrity checks to fail when they were being updated during a system upgrade (#PL-313).
- Bugfix: An error was fixed where empty performance graphs for deleted VLAN interfaces were still shown on the web interface. After deleting a VLAN interface, a reboot is also required to remove the graphs (#PL-403, #2019032710000104).
- Minor improvement: The IPv6 addresses for HTTP upload dialog menus are now enclosed in brackets to facilitate copy and paste in web browsers (#PL-545, #GS-141).
- Minor improvement: The selfcheck menu texts for the states “end-of-life”, “retired” and “obsolete” were improved to provide better guidance for upgrading (#PL-572).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2021-08-30 (#PL-612).
Vulnerability Management:
- Bugfix: An error was fixed where the verification of sensors in the web interface for IPv6 master-sensor setups was not possible (#PL-556, #GS-146).
Vulnerability Scanning:
- Bugfix: An error was fixed that caused scans to be interrupted when the maximum number of running scanner processes was reached or exceeded (#SC-177, #GS-105).

20.08.11 (2021-08-02):

Greenbone OS:
- Improvement: The gvm-tools included in GOS have been updated to version 21.6.1 (#PL-540).
- Bugfix: The download of beaming images failed on GSM models ONE and TRIAL (#PL-547).
- Bugfix: To prevent errors and improve security, it is no longer possible to upgrade to GOS 21.04 if a HTTPS certificate with weak encryption, e.g. 1024-bit RSA, is used (#PL-574, #GS-160).
- Bugfix: When uploading no file or an empty file via GOS menu upload dialogs, an internal error occured (#PL-279).
- Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#PL-536).
- Bugfix: The maximum number of simultaneous SSH connections for sensors has been increased (#PL-543).
- Minor improvement: Added a dedicated method to require a reboot after a GOS upgrade (#PL-531).
- Minor improvement: The maximum number of database connections has been increased for GSM enterprise class appliances (#PL-563).
- Minor improvement: The expiration dates for the feed signing and support package encryption keys have been extended until 2023-02-28 (#PL-460, #PL-461).
- Minor improvement: The GOS copyright menu has been updated and now includes license information for the Greenbone Community Feed (#PL-586).
- Minor improvement: The GSM manual included in GOS has been updated to the current version from 2021-07-30 (#PL-578).
Vulnerability Management:
- Improvement: The performance when adding a large number of results to reports during scans has been improved (#AP-1495, #2021061710000033).
- Improvement: The performance when viewing targets or target list pages with a large number of hosts has been improved (#AP-1368, #GS-31).
- Improvement: The performance when filtering results by tags has been improved (#AP-1459, #AP-1463, #GS-101, #2021060210000052).
- Improvement: The content security policy for the web interface has been improved (#AP-1507, #AP-1613).
- Bugfix: When resuming a scan task with multiple target hosts, scan results for hosts scanned before resuming the task were duplicated (#AP-1476, #2020010310000016, #2021061810000022).
- Bugfix: VT rebuilds could sometimes fail because the SHA-256 hash of the VTs in the database differed from the one of the scanner (#AP-1498).
- Bugfix: Editing and saving the “Timeout” setting of the “Ping Host” VT more than once caused an error (#AP-1004).
- Bugfix: The filters “Severity is greater than 0” and “Severity is less than 0” did not work (#AP-1355, #GS-19).
- Bugfix: Sorting remediation tickets by assigned user did not work (#AP-1385, #2021021210000077).
- Minor improvement: Added new command line options to clean up data-objects-via-feed permissions (#AP-1467, #AP-1489, #GS-53).
- Minor bugfix: Some IPv4 addresses were sorted incorrectly in the “IP” column on report detail pages (#AP-1354).
- Minor bugfix: The “Roles” column on the “Users” list page now supports line breaks to maintain formatting for large number of roles (#AP-1384, #2021020410000029).
- Minor bugfix: For VTs with references, the reference type was not displayed in the web interface (#AP-898).

20.08.10 (2021-06-08):

Greenbone OS:
- Bugfix: When upgrading to GOS 21.04, recommended system packages are no longer removed (#PL-471).
- Bugfix: When restoring an incremental backup, the system state was not restored completely (#PL-483).
- Bugfix: When importing a beaming image, the authorized host keys integrity check could fail afterwards (#PL-408).
- Bugfix: If the restoration of a backup failed due to an error, the incron service would also fail (#PL-493).
- Bugfix: If the restoration of a backup failed due to an error, the system integrity check could fail (#PL-489).
- Bugfix: On appliances that received their feed via the USB airgap feature, and had no prior feed present, starting system upgrades failed (#PL-435).
- Minor improvement: The maximum password length for the GOS mail settings has been increased to 128 characters (#PL-436).
- Minor improvement: A selfcheck has been added to show possible inconsistencies of the GOS network state (#PL-299).
- Minor improvement: The Greenbone Vulnerability Manager permission cache is now rebuilt during each GOS upgrade. This can prevent some permission problems which cause incomplete information to be shown in the web interface (#PL-421).
- Minor improvement: The GOS state variable ‘scanner_connection_retry’ has been added. With this variable it is possible to control the number of retries that are made when the master-sensor connection fails during a scan (#PL-446).
- Minor improvement: The log files for the beaming feature are now included in the GOS support package for debugging purposes (#PL-426).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-06-04 (#PL-527).
Vulnerability Management:
- Improvement: The hashing algorithm used to hash GVM user passwords has been updated from MD5 to SHA-512. Passwords for new users will automatically use the new algorithm. Passwords for existing users will be changed automatically, if the user logs in, or if the password for the user is changed (#AP-1254).
- Bugfix: Scans could get stuck if the target had an HTTPS certificate with a subject DN containing invalid UTF-8 characters (#AP-929, #2021020110000034).
- Bugfix: When saving changes to multiple schedules at once, a double free error occured (#AP-1424).
- Bugfix: The time of day was ignored in the filter term “created” in the web interface (#AP-1162).
- Bugfix: In the “Create Multiple Permissions” dialog in the web interface, the drop-down menu for selecting the affected resources did not work (#AP-1379, #2021051110000073).
- Minor bugfix: When sorting SecInfo items by severity in the web interface, the severity “N/A” is now sorted below “0.0” (#AP-1267).
- Minor improvement: The Vulnerabilities page in the web interface is now sorted in descending order of severity by default (#AP-1296).
- Minor improvement: The cookie used by the web interface now has the attribute “SameSite=Strict” set (#AP-1433).
Vulnerability Scanning:
- Improvement: Scans in the queue are now started at an interval of one minute to avoid overloading the system by starting too many scans at once (#SC-215, #2021042810000043).
- Bugfix: If the Boreas alive scanner was enabled, scanning targets with virtual hosts (vhosts) did not detect all virtual hostnames (#SC-194).
- Bugfix: If the scanner process was terminated unexpectedly, it was not restarted automatically when required (#SC-226).

20.08.9 (2021-05-03):

Greenbone OS:
- Extension: The upgrade path to the next major GOS release, GOS 21.04, has been unlocked for all supported GSM models. Several requirements apply, for details see the GOS 21.04 manual (#PL-172, #PL-223, #PL-417).
- Improvement: The data-objects (scan configs, report formats, port lists) of the next GOS version will now be automatically downloaded during feed updates. This improves useability when upgrading to the next major GOS release (#PL-388).
- Bugfix: When restoring a GOS 6 backup in GOS 20.08, some GOS 20.08 database extensions were not installed correctly, which could cause subsequent SQL errors (#PL-356, #PL-381, #2021030910000036).
- Bugfix: When restoring a backup, the GVM credential encryption key could be duplicated in some cases, making the credentials no longer accessible (#PL-343, #2021031810000055).
- Bugfix: When restoring a backup, the incron service could fail in rare cases (#PL-366).
- Bugfix: On GSM appliances with the network namespaces feature a segmentation fault for the collectd service occured, if network interfaces were moved to the scan namespace (#PL-400).
- Bugfix: When importing a backup or beaming image with the network state ‘gnm’, the state was sometimes set to ‘default’ (#PL-275, #PL-431).
- Bugfix: An issue with the collectd service has been fixed. Symptoms that could occur were missing performance data in the web interface for network interfaces in the scan namespace, and warning messages during the GOS boot process (#PL-196, #PL-216).
- Bugfix: The GOS installer did not recognize flash cards with 16 GB capacity included in some newer GSM appliances (#PL-412).
- Minor bugfix: The wording of some GOS menu dialogs has been changed so that failed GOS upgrades are no longer referred to as successful and a reboot is no longer recommended in such a situation (#PL-326).
- Minor improvement: When importing a beaming image, a size check of the image is now done to see if there is enough hard disk space to process the image (#PL-322).
- Minor improvement: The error messages for the beaming feature have been improved, making it easiert to understand why an error occured (#PL-404).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-05-03 (#PL-444).
- Minor improvement: The error message when a NVT rebuild fails due to a hash value mismatch has been improved (#AP-1094).
Vulnerability Management:
- Improvement: A retry option has been added for master-sensor connections in case the connection is temporarily lost due to network problems. The master will attempt to reconnect 3 times before the scan task is set to “Stopped” (#AP-1126).
- Bugfix: CVE scans could return no or less results for hosts that were also the target of an ongoing vulnerability scan (#AP-848, #2021010510000074).
- Bugfix: The alert condition ‘Severity at least’ did not work (#AP-1053, #2021020210000096).
- Minor bugfix: A case where the Greenbone Vulnerability manager could fail when no report formats were present on a system has been fixed (#PL-331).
- Minor bugfix: A problem with the “NOT” operator of the powerfilter has been fixed (#AP-962).
- Minor bugfix: A case where new lines were erroneously removed from the “Detection Method” section of a result has been fixed (#AP-1005).
- Minor improvement: It is now possible to create targets with underscore characters (“_”) in their hostnames (#AP-1112).
Vulnerability Scanning:
- Bugfix: If excluded hosts were not part of the hosts to be scanned, the scan progress was calculated incorrectly, causing interrupted scans (#SC-33).
- Bugfix: A case with the reverse_lookup_only preferences causing interrupted scans has been fixed (#SC-183, #2021031710000048).
- Bugfix: A problem with the logging of the scanner that could cause interrupted scans has been fixed (#SC-23).
- Minor improvement: Some miscellaneous improvements against interrupted scans have been added (#SC-27, #2021022410000054).
- Minor improvement: The log messages have been improved for the case that a scan was started via a network source interface that has no IP configured and failed (#SC-22).

20.08.8 (2021-03-18):

Greenbone OS:
- Improvement: The RAM limits for the GSM ONE and 25V appliances have been increased to 6 GB (#GPE-67).
- Improvement: The gvm-tools included in GOS were updated to version 21.1.0 (#GPE-45).
- Improvement: A GOS menu option to migrate all GMP sensors to OSP sensors has been added. The option will migrate the sensor configuration in GOS as well as in the web interface (#GPE-70).
- Bugfix: If the Remote Syslog service was enabled, upgrades from GOS 6.0 to GOS 20.08.7 failed (#GPE-49, #2021021910000028, #2021021810000075, #2021021810000084).
- Bugfix: If the HTTP Strict Transport Security (HSTS) functionality was enabled, upgrades from GOS 6.0 to any version of GOS 20.08 failed (#GPE-66, #2020121610000052).
- Bugfix: Testing the configuration of a remote backup server added the public SSH key of its IP address without a new line to the SSH known hosts, causing subsequent connections to fail (#GPE-48, #202102221000002).
- Bugfix: The logging of airgap feed updates on airgap sensor appliances failed partially (#GPE-69).
- Bugfix: When importing a beaming image from a different GOS version, the migration of the SCAP database could fail (#GPE-71).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-03-18 (#GPE-44).
- Minor improvement: The GOS superuser password may now contain all printable ASCII characters (#PL-169).
Vulnerability Management:
- Bugfix: Invalid references in NVTs could cause database errors, resulting in missing NVT reference data. All NVT references are now validated before they are processed (#GPE-57).
- Bugfix: Clicking hyperlinks to operating system assets in the web interface could cause an error in some cases (#GPE-34, #2021020210000069).
- Bugfix: Scan tasks on GMP sensors failed if the same task was started multiple times on the master, or if they were not properly removed from the sensor after completion and then started again on the master. Timestamps are now added to GMP sensor task names to prevent this issue (#GPE-59, #2020101410000051).
- Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used. The web interface has been adjusted to always show port 22 now (#GPE-51, #2021022610000014).
- Minor improvement: The error messages when requesting invalid SecInfo items via the GMP API were improved (#GPE-58).
Vulnerability Scanning:
- Bugfix: Scanning a target with an underscore character (“_”) in its hostname resulted in an interrupted scan (#GPE-32, #2021011110000035).
- Bugfix: Scanning a single, unreachable target resulted in an interrupted scan (#GPE-65).
- Minor improvement: The logging of interrupted scans was improved for debugging purposes (#GPE-25).

20.08.7 (2021-01-25):

Greenbone OS:
- Improvement: A 8 GB SWAP partition was added for the virtual midrange appliances GSM DECA, TERA, PETA, and EXA (#GPE-3).
- Bugfix: The GOS menu option “Setup > Master > Sensor > Test all sensor connections” caused a traceback in GOS 20.08.6 (#GPE-6, #2020120310000059).
- Bugfix: The GOS menu option “Setup > Feed > Synchronization” caused a traceback in GOS 20.08.6 (#GPE-24, #2021010810000014, #2021011210000088).
- Bugfix: Upgrading to GOS 20.08.6 showed a false-positive warning for the hostkey integrity check (#GPE-20, #2020120110000071).
- Minor improvement: The output of the GSM integrity check is now included in the GOS support package for debugging purposes (#GPE-10).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-01-21 (#GPE-28).
- Minor bugfix: The GOS CPU and RAM limits for the GSM ONE and 25V appliances have been corrected to match the VM specifications (#GPE-22).
- Minor bugfix: The GOS state variable “report_results_threshold” was missing in GOS 20.08 (#GPE-27).
Vulnerability Management:
- Bugfix: If an attempt was made to delete the “Feed Import Owner” user and the deletion failed, all “data-objects-via-feed” report formats became unusable (#GPE-4, #2020111110000027).
- Bugfix: A memory leak in the manager service when handling the scan progress was fixed (#GPE-7).
- Bugfix: A problem where data-objects-via-feed scan configs could not be created due to vulnerability tests not having a family was fixed. Scan configs are now created in all cases and updated once the vulnerability test family information becomes available (#GPE-14).
- Bugfix: It was not possible for super admin users to save changes to their own user settings. Most settings can now be changed and saved, with the exception of the user name (#GPE-15).
- Minor improvement: For host assets with TLS certificates a direct link to the certificate was added on the host detail page. The link can be found in the upper left menu bar (#GPE-12).
- Minor bugfix: The alert condition “Condition: Severity level changed” was erroneously displayed as “Severity level increased” on the alert list page (#GPE-11).
- Minor bugfix: Creating permissions for an object without related resources displayed an erroneous menu option (#GPE-13).
- Minor bugfix: German “Umlaut” characters are now supported in the Business Process Map (#GPE-8).
Vulnerability Scanning:
- Bugfix: Modifying the mtime of a vulnerability test plugin file could bypass the signature check when the scanner loaded the file. With the fix, an error is now logged and the file is not loaded (#GPE-1, ##2020100610000011).
- Bugfix: When running SNMP-related vulnerability tests, the scanner could return unexpected strings or an incomplete response (#GPE-5).
- Minor improvement: The SSH timeout can now be configured by vulnerability tests. If no configuration is provided, the default of 10 seconds will be used (#GPE-17).

20.08.6 (2020-11-30):

Greenbone OS:
- Extension: Alerts and Schedules are now available on the GSM ONE (#152653).
- Improvement: The gvm-tools included in GOS were updated to version 20.10.1 (#150912).
- Improvement: To prevent problems, major GOS upgrades are no longer possible if there is not enough storage space left for the database migration (#147578).
- Improvement: If the Greenbone Feed Signing Key, which is required for the validation of GOS upgrades, is expired, upgrades are no longer possible instead of failing. For a solution, contact Greenbone Support (#93687, #148007).
- Bugfix: During a master-sensor feed update, not all NVTs were updated on the sensor in some cases (#150662, #2020101910000051).
- Bugfix: The GOS system integrity check could report a false positive warning after a GOS backup was restored (#147070).
- Bugfix: The LCD display service could sometimes fail on GSM models 5300 und 6400 (#136798, #2020032710000049).
- Bugfix: During the first time setup wizard, the feed server is no longer contacted twice in rapid succession. This could cause problems in combination with the Greenbone Community Feed server. Users of the Greenbone Security Feed Server were not affected (#120005).
- Bugfix: SSH keys of the types ‘rsa-sha2-256’ and ‘rsa-sha2-512’ are now supported (#150121, #2020101910000069).
- Minor bugfix: The spelling and usability of the GOS administration menu have been improved (#101818, #103537, #123181, #144657, #150664, #2019062610000057).
- Minor bugfix: Uninstalling the gsm-debug meta-package did not uninstall all contained packages (#147286).
- Minor bugfix: The collected service could generate excessive, but harmless log messages (#68977).
- Minor improvement: The full GOS version including the current patch level is now shown on the GOS login screen (#116817).
- Minor improvement: If no SSH host keys exist, they will now be re-created when enabling the SSH service (#149548).
- Minor improvement: A command line setting to configure the timeout of SCP alerts has been added (#144727).
- Minor improvement: Help texts have been added for running the GOS integrity check via the command line (#146804).
- Minor improvement: All files included in the Greenbone Support Package are now non-hidden by default (#81612).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-11-30 (#152775).
Vulnerability Management:
- Improvement: The alert condition ‘[Filter] matches at least [x] result(s) NVT(s)’ has been added (#148607, #2020092310000036).
- Improvement: When editing a ‘Username + SSH Key’ credential, the correctness of the password is now verified (#112159).
- Bugfix: Deleting and then re-downloading a scan config that had all NVTs of a family selected, e.g. ‘Full and very deep’, caused that family to have no NVTs selected (#150579, #2020102210000053, #2020102610000019)
- Bugfix: If a IP addresses of target hosts were configured with a leading zero in an octet, e.g. ‘192.168.50.010’, the maximum number of hosts was calculated incorrectly, and vulnerability scans could fail (#151801, #2020111010000029).
- Bugfix: If a target credential cannot be decrypted, an unauthenticated vulnerability scan without a credential will now be run against the target. Previously, the scan would remain in the status ‘Requested’ indefinitely (#149549).
- Bugfix: For SCP alerts the handling of usernames and destination paths has been improved in combination with Windows systems. In addition, a configurable timeout has been introduced for the SCP alert to prevent it from running indefinitely in some situations (#144727, #2020071610000044).
- Bugfix: It was not possible to delete a web user, if the user owned TLS certificates, and no inheriting user was provided (#149652, #2020101410000078).
- Bugfix: When deleting a web user, web interface settings will no longer be inherited. This will prevent settings of the inheriting user from being overwritten (#149652, #2020101410000078).
- Bugfix: It was not possible to delete orphaned permissions in all cases (#150186, #2020102110000019).
- Bugfix: The verification of ports and port ranges when editing a port list has been improved (#149776).
- Bugfix: The ‘scan_nvt_version’ XML tag in XML reports was empty erroneously (#150569, #2020102210000071).
- Bugfix: Moving a data object via feed scan config or policy to the trashcan generated excessive, but harmless log warnings (#149299, #2020100710000046).
- Bugfix: Two SQL errors that could occur when rebuilding the SCAP or CERT databases have been fixed (#151175).
Vulnerability Scanning:
- Bugfix: If a host name in a list of target hosts could not be resolved, scans could fail with the status ‘Interrupted’ (#150988, #2020102810000033).
- Bugfix: When configuring a target IP with a subnet mask of less than /24, addresses ending in ‘.0’ are now supported (#150990).
- Bugfix: When the host name resolution of a target resolved it to more than one IP address, the scan progress bar percentage could show ‘100%’ even though the scan was still in progress (#149349).
- Bugfix: For scans with a SNMP credential, the SNMP community ‘None’ was erroneously used when configuring no community. An empty string is now used to assure that no community will be used (#149649).

20.08.5 (2020-10-15):

Greenbone OS:
- Bugfix: Activating DHCPv6 could cause an error (#149180).
- Bugfix: GOS upgrades did not stop as expected, if the packages to be upgraded could not be verified. An empty upgrade was applied in this case (#149212).
- Bugfix: Vulnerability scans could erroneously show missing ‘iTLB multihit’ Linux kernel mitigations for GOS. Since no virtualization is in use, the system was and is always protected by the kernel unconditionally (#146845).
- Minor bugfix: During feed updates, cosmetic known hosts warnings for the IP address ‘172.30.2.22’ appeared (#146729, #2020100210000028)
- Minor improvement: The postgres database migration during GOS upgrades has been improved (#148526).
- Minor improvement: To prevent problems, major GOS upgrades are no longer possible if a global gateway is used, but no global gateway interface is configured (#147418).
- Minor improvement: The warning text displayed if a GOS upgrade is blocked has been updated (#148006).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-10-15 (#149706).
Vulnerability Management:
- Bugfix: The Scans > Vulnerabilities page in the web interface could fail to load due to an error (#143484).
- Bugfix: A database deadlock could occur if changing the feed import owner and browsing scan results at the same time (#146803).
- Bugfix: The ‘Auto Delete Reports’ functionality did not work on GSM models that do not support schedules (#133136, #2020020310000041).
- Bugfix: The advanced task wizard in the web interface no longer offers to create a schedule on GSM models that do not support schedules (#147660, #2020091010000122).
- Bugfix: The number of hosts shown per operating system on the Assets > Operating Systems page included operating systems for which the user did not have permissions to view (#140467).
- Bugfix: When changing the name or comment of a scan configuration or a policy that was in use, an erroneous warning was displayed (#120605, #147669).
- Bugfix: Filters attached to SecInfo alerts could not be edited and saved (#109311, #2020081710000022, #202008171000002).
- Bugfix: The placeholder ‘$U’ did not work for e-mail alerts (#148533, #2020092310000036).
- Bugfix: Saving invalid values for the ‘Rows Per Page’ setting in the ‘My Settings’ menu is now prohibited, and corresponding tooltips have been implemented (#148529).
- Bugfix: The deprecated ‘SecInfo’ filter setting has been removed from the ‘My Settings’ menu (#149179, #2020100510000031).
- Bugfix: TLS certificates from container tasks, or belonging to other users, could not be downloaded even with permissions (#148892, #2020092810000081).
- Bugfix: TLS certificates downloaded via the web interface could not be re-uploaded via the API (#125191).
- Minor improvement: The tooltip for override indicators on result details pages in the web interface has been improved (#146799).
Vulnerability Scanning:
- Bugfix: SNMPv3 authentication for vulnerability scans failed, if no SNMP community was configured, even though the SNMP community is not relevant for SNMPv3 (#148611).
- Bugfix: Vulnerability scans failed, if a scan configuration or policy without any NVT preferences was used (#148894).
- Minor improvement: The error handling for WMI queries has been improved. Previously the logging was too verbose and included events that were not errors, but expected behaviour (#125438).

20.08.4 (2020-09-23):

Greenbone OS:
- Extension: The former ‘Greenbone Community Edition’ virtual appliance has been updated to GOS 20.08 and renamed to ‘GSM TRIAL’ (#148403).
- Bugfix: Virtual GSM appliances with EFI/UEFI boot mode could fail to boot after being exported or cloned (#148262).
- Bugfix: The ‘GSM Installation and Rescue’ GRUB option did not boot the GOS installer as expected (#148530).
- Bugfix: The USB power management on GSM hardware appliances could consume excessive CPU time (#147583).
- Bugfix: The verification of a downloaded flash image would always fail (#147878).
- Bugfix: Sensor scans via a proxy could fail for OSP sensors (#147582).
- Minor bugfix: The GOS version was not displayed correctly in the GOS installer (#147658).
- Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148266).
- Minor improvement: The description of the ‘Setup > Services > SNMP’ menu has been extended, it now includes a warning that saving SNMP configuration changes will stop all running scans (#148479).
- Minor improvement: A warning has been added when using the command ‘su’ incorrectly in the Greenbone OS command line administration (#147666).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-22 (#147872).
Vulnerability Management:
- Improvement: For Compliance Audits, the base colouring of all non-compliant audit status has been adjusted to red. This way, non-compliant audits can be identified much quicker, for example, a 0% compliant audit status will now be always shown in red (#147577).
- Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147870).
- Minor bugfix: On Schedule and Report Format details pages in the web interface, the ‘Move to trashcan’ button was incorrectly shown as a ‘Delete’ button (#147936).
Vulnerability Scanning:
- Improvement: Experimental TLS 1.3 support has been enabled for the OpenVAS vulnerability scanner (#145963).
- Improvement: Experimental SNMPv3 support has been enabled for the OpenVAS vulnerability scanner (#57662).
- Bugfix: Stopping a vulnerability scan could fail in some cases (#147124).

20.08.3 (2020-09-10):

Greenbone OS:
- Bugfix: GOS could not be installed with EFI/UEFI boot mode on VirtualBox 6.1.14 or later (#147300).
- Bugfix: If no network interface as assigned to the global gateway, upgrades from GOS 6.0 failed (#147215, #2020090410000018, #2020090710000012, #2020090710000067, #2020090710000101).
- Bugfix: The package ncat was erroneously removed when upgrading to GOS 20.08 (#147574).
- Bugfix: Feed updates via proxy could fail on GSM models 35 and 25V (#147437).
- Bugfix: Removed an unnecessary menu option to configure the sensor protocol for GSM modes 35 and 25V. These appliances will always use the OSP protocol (#147301).
- Minor bugfix: Reduced the amount of error messages when the feed import owner had been set, but no feed was present on the system. These error messages were expected and are harmless (#147303).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-10 (#147570).
Vulnerability Scanning:
- Bugfix: Only the default alive test method was applied (#147302, #2020090810000038).

20.08.2 (2020-09-07):

Greenbone OS:
- Extension: EFI/UEFI boot mode has been implemented for all virtual GSM appliances shipped with GOS 20.08.2 or later (#147079).
- Improvement: The GOS upgrade functionality has received several internal improvements and fixes (#147130).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-07 (#147129).

20.08.1 (2020-09-03):

Greenbone OS:
- Bugfix: The settings ‘Management IP (v4)’ and ‘Management IP (v6)’ were not applied (#147079).
- Bugfix: GOS upgrades no longer fail if the system integrity is compromised. However, after the upgrade, a system integrity warning will be displayed (#147125).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-09-03 (#146861).
Vulnerability Management:
- Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#146855).
Vulnerability Scanning:
- Bugfix: In rare cases stopping a scan task could cause system instability (#146802).

20.08.0 (2020-08-31):

Scan Queueing: To prevent scans from overloading the system and from starting at an inappropriate time (e.g., during a feed update), a scan queue management has been introduced. Scan tasks are only started if sufficient system resources are available. The available resources depend on the GSM model, the GOS version used, and the current workload of the system. If too many tasks are started and running at the same time and not enough resources are available, scans are added to a waiting queue. A new status bar “Queued” has been introduced.

Performance Improvements: Due to scan queueing as well as other architecture improvements, the number of scans that can be run simultaneously has been increased in GOS 20.08 when compared to GOS 6.0. On a GSM 400 we measured more than twice the capacity with GOS 20.08 in comparison to GOS 6.0.
Data Objects via Feed: With GOS 20.08, scan configurations, compliance policies, report formats, and port lists by Greenbone will be distributed via the Greenbone Security Feed. This allows for direct updates of existing objects, and for the publication of new scan configurations, compliance policies, etc. for current, hot NVTs. In addition, users will not need to manually download additional files from the Greenbone website anymore.
Beaming: Beaming makes it possible to copy the current state of a GSM to another GSM. The data may be transferred directly and securely from one GSM to another, or it may be saved for a later transfer. The data includes all user data (e.g., tasks, reports, results) and – optionally – system settings, i.e., the GOS configuration. Beaming makes it much easier to upgrade from one GSM model to another while still keeping all previous data.
Business Process Map:The Business Process Map (BPM) can be used to illustrate the impact of collected scan results on a business. Each process has assigned hosts and will be highlighted based on the highest severity of these hosts. This way, it is possible to see the vulnerability of processes and their impact on any linked processes at a glance, determining the risk to the company based on the location of a host within the process chain.
Updated Feed Status Page: The feed status page of the web interface has received several improvements. The status of the objects that are distributed via the feed (scan configurations, compliance policies, port lists and report formats) is now included in the table. In addition, the feed status page now shows if a feed update is in progress.
Start Task via “New SecInfo” Alert: Starting a task automatically after a feed update is now possible. This feature unlocks the combination of a “New NVTs/CVEs/CPEs…” alert event and the “Start Task” alert method in the web interface.
GOS Backup Compatibility Checks: The Greenbone Operating System (GOS) now checks whether a backup is suitable before restoring the backup. Unsuitable backups cannot be restored, and warnings may be displayed. This feature prevents errors when restoring backups.
Comprehensive Update of the Base System: For GOS 20.08, the underlying Linux foundation of GOS was updated to the latest version.

2019-10-31: Greenbone OS 6.0

Current Patch Level: 6.0.15 (22.02.2021)

Lifecycle Status: Obsolete

6.0.15 (2021-02-22):

Greenbone OS:
- Status: Set the release status to “retired” for all GSM types with GOS 6.0. An upgrade notification will be displayed in the GOS selfcheck (#157074).
- Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157073).

6.0.14 (2020-09-23):

Greenbone OS:
- Improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if there is not enough storage space left for the database migration (#147423).
- Minor improvement: The database-vacuum script that is used to reclaim storage space has been updated (#148265).
- Minor improvement: The warning text displayed if an upgrade to GOS 20.08 is blocked has been updated (#148005).

6.0.13 (2020-09-16):

Vulnerability Management:
- Bugfix: When importing scan configurations or compliance policies, the included NVT preferences were not imported correctly in all cases (#147938).
- Bugfix: When editing and saving scan configurations or compliance policies, the names of some included NVT preference options were not saved correctly (#147938).

6.0.12 (2020-09-03):

Greenbone OS:
- Bugfix: The upgrade to GOS 20.08 caused an error for hardware GSM appliances with active settings ‘Management IP (v4)’ or ‘Management IP (v6)’ (#146930, #2020090210000012, #2020090210000058, #2020090210000031).

6.0.11 (2020-08-31):

Greenbone OS:
- Extension: The upgrade path to GOS 20.08 has been unlocked for all GSM models (#131625).
- Bugfix: The GOS upgrade functionality has received several fixes and improvements (#143826, #144927).
- Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, now require a reboot before being started, if another upgrade, such as the upgrade to GOS 6.0.11, was run immediately before (#146857).
- Minor improvement: To prevent problems, major GOS upgrades, such as the upgrade to GOS 20.08, are no longer possible if the the ‘gsm-debug’ package is installed (#144929).

6.0.10 (2020-07-30):

Greenbone OS:
- Bugfix: The ‘Max email size’ setting in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143124).
- Minor improvement: The installation history of all installed GOS versions, starting with version 6.0.10, is now included in the GOS support package (#134537).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#143155).
Vulnerability Management:
- Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
- Bugfix: The ‘Solution’, ‘Summary’, ‘Insight’, ‘Affected Software/OS’, ‘Impact’, and ‘Detection Method’ NVT details could not be filtered (#143748, #2020071010000055).
- Bugfix: The ‘Vulnerable Products’ could disappear from CVE detail pages during loading (#142986).
- Bugfix: Reference identifiers on CVE detail pages were missing (#142987).
- Bugfix: The ‘Published’, ‘Last updated’, ‘Modified’, and ‘ID’ information on CVE detail pages was missing (#143743).
- Bugfix: ‘GCR PDF’ reports did not include compliance details (#143858, #2020071410000011).
- Bugfix: The ‘Dashboards’ page could fail to load in rare cases (#131921, #2020013110000035, #2020070110000116).
- Minor bugfix: The ‘XML’ and ‘Anonymous XML’ report formats had a interchanged description (#143812).
- Minor improvement: The NVT rebuild of the manager now also rebuilds the NVT preferences. This removes any deprecated NVT preferences (#143852).
Vulnerability Scanning:
- Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143315).

6.0.9 (2020-06-29):

Greenbone OS:
- Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#134852, #142326, #2020030410000065, #2020031810000039).
- Bugfix: The GOS setup could fail in rare cases (#142487).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-06-27 (#143122).
Vulnerability Management:
- Bugfix: CVEs that were removed during a feed update were not removed from the database in some cases, resulting in an incorrect number of CVEs and incorrect CVE <-> CPE references. The corresponding database is now rebuilt during each GOS 6.0 upgrade to ensure the correct data (#140008).
- Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140464, #2020051910000015).
- Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129752).
- Bugfix: GSR HTML reports sometimes failed to load (#129078, #2020011410000095, #2020011710000026, #2020020510000038, #2020021710000033, #2020021710000168).
- Bugfix: GSR HTML reports generated with GOS 6.0 did not include CVE nor CPE references (#137200, #2020040110000051).
- Bugfix: Filtering a GSR HTML report using IPv4 addresses did not work correctly (#140620).
- Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#129221).
- Bugfix: The ‘Auto Cache Rebuild’ setting can cause a duplicate entry in the database. This could cause scans to freeze. Scans now work correctly even if this duplicate entry is present (#140255, #2020050810000045).
- Bugfix: Tasks with an ampersand character (‘&’) in the task name caused an error if they were run on a GSM sensor (#141858).
- Bugfix: ‘All SecInfo’ page contents could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#141867).
- Minor bugfix: The number of hosts in the ‘Vulnerabilities’ section of GSR HTML reports was always ‘1’ (#131036).
- Minor bugfix: Long result texts in GSR HTML reports were missing line breaks (#131689, #2019041710000041).
- Minor improvement: GSR HTML reports now include notes (#107465, #2019011010000023)
Vulnerability Scanning:
- Improvement: Scans can now be started at all times irregardless of feed updates. Since scans and feed updates may not occur at the same time, the feed update will now be postponed until all scans are finished. Scans that are started while a feed update is pending will use the older feed version. A warning message will be added to the scan reports and system logs, if a scan uses such an outdated feed version (#140411, #2020043010000031, #2020060910000112).
- Minor bugfix: The CIDR address validation of target hosts has been improved further (#141308).
- Minor improvement: The handling of scan preferences in Redis has been improved (#141193).

6.0.8 (2020-05-25):

Greenbone OS:
- Bugfix: The available system memory (RAM) was lower than expected due to a ‘PCI hole’ problem, this has been corrected for all affected GSM appliances (#137862, #2020042410000016, #2020042810000027, #2020042910000043, #2020010210000018, #2020050710000038).
- Bugfix: The upgrade path from GOS 4.2 to GOS 6.0.7 failed on GSM master appliances that had sensors configured (#140182, #2020051310000017).
- Bugfix: A timeout for the feed update lockfile functionality from GOS 6.0.7 has been added to prevent processes potentially waiting infinitely to aquire the lockfile (#139495).
- Bugfix: Airgap feed updates in progress now also take the feed update lockfile functionality from GOS 6.0.7 into account (#137870).
- Bugfix: The keyboard layout selection was not applied sporadically (#139724).
- Minor improvement: Added the dmidecode package to GOS, and added the dmidecode output to the Greenbone Support Package (#138961).
- Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898).
- Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129755).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-18 (#138576).
Vulnerability Management:
- Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132428).
- Bugfix: The Quality of Detection (QoD) was set to 75% for Results gathered by a GSM sensor (#138692, #2020051510000068).
- Bugfix: The ‘Deny all and allow’ hosts setting for a user had no effect (#132302).
- Bugfix: The ‘Scanner’ setting was not available when configuring an Audit (#135118, #2020031010000035).
- Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#134697).
- Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132655).
- Bugfix: The hyperlink to the NVT family ‘Windows : Microsoft Bulletins’ was always incorrect (#132577).
- Bugfix: The ‘Audit visible to’ indicator was not shown in all expected cases (#136111).
- Bugfix: OVAL definitions were duplicated in rare cases (#128163).
- Bugfix: The placeholder ‘%F’ did not work in the Report Export Filename setting (#134768).
- Minor bugfix: The counters on a Report details page switched between zero and the actual value when a scan is running (#131731, #131096)
- Minor bugfix: The warning when triggering an Alert for a Report that is above the results threshold did not include the results threshold (#138573).
- Minor bugfix: If the New/Edit Credential dialog was opened from another dialog, credential error messages were not shown as expected (#128599).
- Minor bugfix: The Errors tab in Report details was missing information (#134698, #2020022710000121, #2020022810000031).
- Minor improvement: The memory usage of the gvmd service has been improved (#140183).
- Minor improvement: The ‘get_vts’ command will no longer return NVTs if the NVTs are being updated to prevent subsequent errors (#138759).
- Minor improvement: When the same TLS Certificate was found multiple times for the same Host, the Host was displayed multiple times in the TLS Certificate details (#125193).
- Minor improvement: The naming of the TLS Certificate content columns has been streamlined (#132009).
Vulnerability Scanning:
- Bugfix: The CIDR format validation for targets has been improved (#135027).
- Minor bugfix: The false positive warning ‘Invalid VT oid for a result’ was logged when scanning a dead host (#134693, #2020030410000065).
- Minor bugfix: A missing ‘id’ function parameter in script_get_preference has been added (#131686).

6.0.7 (2020-04-15):

Greenbone OS:
- Improvement: The system memory limits have been increased to 6 GB for the GSM types 400, 150 and 35 and to 5 GB for the GSM types ONE, MAVEN, 25V and CE (#137202).
- Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696).
- Bugfix: The upgrade of GSM master-sensor setups to GOS 6.0.6 could fail if they were migrated from GOS 4.3 (#135389, #2020031210000013, #2020031210000022).
- Minor improvement: The Greenbone Vulnerability Manager NVT cache rebuild during a GOS upgrades is now part of the GOS upgrade system operation (#136112).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-04-09 (#137204).
- Minor improvement: The full GOS version and the installation date are now recorded in the installation log (#134536).
Vulnerability Management:
- Improvement: For the Greenbone Vulnerability Manager the ‘–rebuild’ option was reintroduced, allowing to fully rebuild the NVT database in a clean state (#133336, #134667).
- Bugfix: A lockfile is now created when either openvas or ospd-openvas update their respective NVT caches. Only one process will now be able to update its cache at a time, this should prevent potentially corrupted caches (#129077, #134666, #136113).
- Bugfix: Reports from previous GOS versions which contain unescaped, invalid control characters will be cleaned when upgrading to GOS 6.0.7 (#134573, #2020022810000012, #2020030210000069, #2020030310000094, #2020030310000138, #2020030410000011, #2020030210000096, #2020012210000061, #2020021310000031, #2020022810000021, #2020032710000031, #2020030410000029).
Vulnerability Scanning:
- Improvement: The memory usage of ospd-openvas has been improved (#137201, #2020010210000018, #2019122310000041, #2020011310000024, #2020030210000096, #2020012810000014).
- Bugfix: For scan results, control characters that are not supported in XML are now properly escaped (#134573).

6.0.6 (2020-03-05):

Greenbone OS:
- Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132588).
- Bugfix: The feed directories in GOS could have had erroneous permissions. The permissions are now corrected during every feed update (#130351, #132578).
- Bugfix: GSM master appliances copied their flash images to all connected GSM sensors during a feed push. The images will no longer be copied, existing erroneous images on the sensors will be cleaned when using the ‘Maintenance/Flash/Download’ option in the GOS menu (#134524).
- Bugfix: SCP Alerts caused a path error in GOS (#132433, #2020012810000032).
- Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#132431, #2020012810000032).
- Bugfix: An unsupported email attachment size setting could be used in rare cases, causing an error when a truncation warning should have been sent via email (#131574).
- Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134331).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-03-05 (#134851).
- Minor improvement: The current NVT count of the GSM is now included in the Greenbone Support Package (#134413).
Vulnerability Management:
- Bugfix: XML exports of Reports could produce corrupt XML files (#130561. #2020011510000066, #2020020610000027, #2020021310000031).
- Bugfix: Invalid host details could cause a JavaScript error on the ‘Assets/Hosts’ page, preventing it from being displayed (#133624, #2020021110000053, #2020022710000103).
- Bugfix: The Scan Config ‘scanner_plugins_timeout’ preference was not correctly migrated from GOS 5.0 in all cases, which led to subsequent errors when scanning (#130349).
- Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
- Bugfix: Verinice ISM exports of Reports could contain identical links, preventing the import in verinice. (#132592).
- Bugfix: Erroneous ‘sync_scap’ and ‘Skipping CPEs’ messages could sometimes repeatedly appear after a feed update (#130352).
- Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131629).
- Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128686).
- Bugfix: The ‘Add tag to page contents’, ‘Add tag to selection’ and ‘Add tag to all filtered’ buttons did not add the tag to the resources (#132814).
- Bugfix: Vulnerabilities could not be exported via the ‘Export page contents’, ‘Export selection’ or ‘Export all filtered’ buttons (#125741).
- Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131916).
- Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#129700).
- Bugfix: For Tasks created via the Task Wizard, the ‘Auto Delete Reports’ count could be out of range, causing an error (#131918, #2020020510000074).
- Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130028).
- Minor bugfix: Invalid SecInfo URLs did not display an error page in all cases (#112794).
- Minor improvement: The wording for unavailable SecInfo item error pages, for example for CVEs, has been improved (#112794).
- Minor improvement: The wording for unavailable results in delta reports has been improved (#125848).

6.0.5 (2020-02-19):

Vulnerability Management:
- Bugfix: Result details generated via NVTs with the new NVT OID scheme were incomplete (#134029).

6.0.4 (2020-02-13):

Greenbone OS:
- Bugfix: The Greenbone Vulnerability Manager NVT cache is now rebuilt during a GOS upgrade (#132582, #133623).
- Minor improvement: Log messages from ospd-openvas are now included in the GOS menu ‘Advanced/Logs/Scanner’ (#130353).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-02-11 (#133341).
Vulnerability Management:
- Bugfix: Reports sent via the ‘Trigger Alert’ functionality on Report details pages did not contain any vulnerability details (#132585, #2020010710000036).
- Bugfix: Reports sent via an Alert, if the event of the Alert was triggered, did not use the ‘Report Export Filename’ user setting (#132586).
- Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102).
- Bugfix: Anonymous XML reports had an incorrect XML declaration, which could cause an error when retrieving them via the command line (#131561, #2020011510000066).
Vulnerability Scanning:
- Bugfix: The Scan Config Scanner preferences ‘expand_vhosts’, ‘max_sysload’, ‘min_free_mem’ and ‘test_empty_vhosts’ were missing (#131833).
- Bugfix: The deprecated Scan Config Scanner preferences ‘debug_mode’, ‘dry_run’, ‘vhosts’ and ‘vhosts_ip’ were removed. These preferences may still appear in the web interface, but will not be functional. They should not be considered and may be hidden in a future GOS patch level (#131833).
- Bugfix: The Target options ‘reverse_lookup_only’ and ‘reverse_lookup_unify’ were not sent to the Scanner (#132289).
- Bugfix: The error handling for NVTs that are missing from the ospd dictionary was improved. They should now be skipped during a scan instead of causing a process failure (#130350).
- Bugfix: The names of NVTs are now escaped before they are sent as a part of a Result (#132004).
- Bugfix: SNMP credential preferences were missing delimiters when sent at the start of a scan (#132002).

6.0.3 (2020-01-23):

Greenbone OS:
- Improvement: Significantly reduced the time required to upgrade from GOS 5 to GOS 6 for appliances with large databases (#128835).
- Improvement: Added a GOS selfcheck to warn users about changes of default behaviour and necessary sensor adjustments after upgrading to GOS 6 (#128406).
- Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#128479).
- Bugfix: A sqlite database could still be generated on the file system of a GSM 150, even though sqlite usage was removed from GOS 6 (#130812).
- Bugfix: A sudo prompt could be erroneously shown when uploading a GSF key. After upgrading to GOS 6.0.3, a reboot is required to fully remedy the situation (#129222).
- Bugfix: The system integrity could be uncertain for new installations and after a factory reset due to a race condition (#131037).
- Minor bugfix: Logs from the OpenVAS scanner were missing from the GOS support package (#129697).
- Minor improvement: Updated the integrated version of the GSM manual (#131044).
Vulnerability Management:
- Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128398).
- Improvement: Improved the memory allocation management of the gsad webserver (#128981).
- Improvement: The Verify Scanner action in the web interface now also checks whether the credential of the GMP scanner is correct (#89510).
- Bugfix: The connection of a GSM master appliance to GMP scanners could fail (#131623, #131709, ##2020011610000037).
- Bugfix: The Summary, Insight, Affected Software/OS and Detection Method paragraphs on Result details pages could show no or incomplete information (#129621).
- Bugfix: In the New Override dialog, the Severity: Other input field did not accept valid inputs (#130795).
- Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#131693).
- Bugfix: Changing the Results filter for a Report that is loading did not apply the new filter (#131695).
- Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#131694).
- Bugfix: Permissions linked to Resources showed ‘Orphan’ instead of the link to the Resource (#129696).
- Minor bugfix: Comments for Permissions could not be deleted as expected (#128145).
- Minor bugfix: Dashboards on the Tasks page included Audits in the total number of Tasks (#128332).
Vulnerability Scanning:
- Bugfix: The Alive Test setting of a Target did not overwrite the Scan Config default, if it was set to a custom value (#130722).

6.0.2 (2019-12-19):

Greenbone OS:
- Bugfix: The system integrity check did not recognize all valid GSF keys as valid. This could cause ansible to fail (#129624, #2019121810000168, #2019121910000077).
- Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to the system integrity check is now included (#129622).

6.0.1 (2019-12-17):

Greenbone OS:
- Improvement: The time required for a synchronization of the Greenbone Security Feed has been reduced significantly (#126323).
- Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#128984).
- Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#128597).
- Bugfix: IPv6 routes were not shown correctly in the GOS menu (#128331).
- Bugfix: The ‘Scanner’ and ‘Upgrade’ log options in the GOS menu did not work (#128112).
- Minor improvement: Updated the integrated version of the GSM manual (#128691).
Vulnerability Management:
- Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126498).
- Improvement: Redesigned the ‘Edit Scan Config Family’ dialog for better performance and usability (#111530).
- Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#128565).
- Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#128334).
- Bugfix: Resuming a Scan Task caused a new report to be generated. The Results from the resumed Scan will now be added to the current report as expected (#125046).
- Bugfix: Icon tooltips in the web interface were not functional (#126250).
- Bugfix: Sorting TLS Certificate Assets in the web interface did not work as expected (#128167).
- Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128338).
- Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#125744).
- Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128066).
- Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128404).
- Bugfix: When editing a Scan Config in the web interface any selected checkboxes would be unselected after some time (#125747).
- Bugfix: Fixed a resource error that could occur when editing a Permission (#118348).
- Minor bugfix: When linking directly to a CVSS calculator calculation, the settings were not configured as expected (#127661).
- Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128143).
- Minor bugfix: GMP and Greenbone Sensors were displayed with port 9391 in the web interface. This was a cosmetic issue since port 22 is always used, and the web interface display has been adjusted (#124591).
- Minor bugfix: Adjusted the mouse cursor icon used when hovering the mouse pointer over various icons (#127556).
- Minor improvement: Added a basic Scan Config template with the minimum set of NVTs required to start a Scan (#56665).
- Minor improvement: Added the currently configured timezone to the user/session menu (#126251).
- Minor improvement: Added loading indicators for the contents of dropdown menus in the web interface (#126246).
Vulnerability Scanning:
- Bugfix: Improved a case where the Scanner process could get stuck (#127759).

6.0.0 (2019-11-05):

Explicit Compliance:
Compliance audits are featured prominently and independently of vulnerability scans. The compliance status is now visible at a glance and managing compliance policies is easier than ever. In addition, the new Greenbone Compliance Report format is available for reporting the results (FS-180926-0105).
Lean Sensors:
GSM SENSOR appliances now implement the Open Scanner Protocol (OSP). This means much lighter appliances that use less resources and can offer better performance, for example substantially decreased feed synchronization times (FS-171122-5830).
Updated GSA web interface:
The new ‘Resilience’ category is introduced, offering central access to Compliance checks and Remediation tickets. In general the menu is reordered to provide a cleaner structure (FS-190124-5645).
New explicit asset type “TLS Certificates”:
Detected TLS certificates are copied into the asset managemenet. This allows a overview on TLS certitifcate status independent of actual scan tasks (FS-171121-4722).
Self integrity checks for the Greenbone Security Manager:
This feature extends the GOS with special integrity checks that try to identify unauthorized or unintended changes of key elements such as signing keys or disk encryption (FS-180823-5946).
Restart after upgrade option:
A GSM may now be configured to restart automatically after an important system upgrade that would require a reboot. This alleviates the GOS upgrade management of sensors while still offering full control over each system (FS-171220-2932).
Configurable fail-over proxy:
It is now possible to configure more than one proxy in GOS. If the feed synchronisation with the first proxy is not possible, the second proxy will act as a fallback (FS-180823-2319).
Internal hardening:
The GOS Linux kernel has been updated to version 4.19.81, offering better hardening and support for future hardware upgrades. The ssh service is tailored as well (FS-190429-3226, FS-180918-4743).
Streamlining of the GMP API protocol:
Several redundant or deprecated GMP elements were removed. Apart from a cleaner and leaner API these changes have a positive effect on performance (FS-181230-4813, FS-180927-1120, FS-181109-3633, FS-181116-4311, FS-181219-3932).
Prepared internal advanced NVT preference naming and identifier scheme:
The previous preference identification scheme depended on the name of the NVT and preference while the new one uses independent identifiers like the NVT OID. This will allow NVT and preference names to be changed once GOS versions using the old scheme are retired (FS-180109-1807).
Consolidation Database Management System:
The same database management system (DBMS) is now used for all GSM models. Essentially only GSM 150 now pgrades to a full DBMS while the SENSORs do not use a DBMS anymore. Further, a GOS migration is limited to upgrade to the direct successor, which also needs to be considered for activation of backups. The consolidation towards a single DBMS allows to simplify data management and gain performance improvements apart from a consistent behavior of all GSM models simplifying support cases (FS-180925-1323, FS-190227-3318).

2019-04-30: Greenbone OS 5.0

Current Patch Level: 5.0.20 (2021-02-22)

Lifecycle Status: Obsolete

5.0.20 (2021-02-22):

Greenbone OS:
- Status: Set the release status to “retired” for all GSM types with GOS 5.0. An upgrade recommendation will be displayed in the GOS selfcheck (#146929, #157072).
- Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157071).

5.0.19 (2020-07-30):

Greenbone OS:
- Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143643).
- Bugfix: The GOS setup could fail in rare cases (#142488).
- Bugfix: The setting ‘Max email size’ in the ‘Setup/Mail’ menu has been split into the settings ‘Max attachment’ and ‘Max include’ to prevent mail truncation issues (#143123).
- Minor improvement: The GSM manual included in GOS was updated to the current version from 2020-07-29 (#144474).
Vulnerability Management:
- Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. The field has been renamed to ‘IP Address’, and it only allows IPv4 or IPv6 addresses now (#143731, #143737).
- Bugfix: The ‘NVTs addressing this CVE’ section on CVE details pages could show inaccurate NVT references, e.g., CVE-2019-12345 was also displayed when CVE-2019-1234 was displayed (#140469).
- Bugfix: The ‘Reported Vulnerabilities’ section on CPE details pages could fail to load in some cases (#129751, #2019122310000023).
- Bugfix: SSH private keys of the ‘ed25519’ key type were not accepted for credentials (#142242).
- Bugfix: GPG or S/MIME encrypted e-mail alerts could fail, resulting in no e-mail being sent (#114448, #114449, #2019090410000011).
- Bugfix: Tasks with an ampersand character (‘&’) in the ask name caused an error if they were run on a GSM sensor (#141859).
- Bugfix: Migrating sqlite user data from GOS 4.3 to GOS 5.0 manually could fail in some cases (#142144).
Vulnerability Scanning:
- Bugfix: The scanner generated incorrect checksums for ICMPv6 packets. This could cause failed alive detections of IPv6 targets when using specific, non-default scan configurations. In addition, it could cause less detection results for some IPv6 targets (#143798).

5.0.18 (2020-05-25):

Greenbone OS:
- Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132589).
- Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134695).
- Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#134772).
- Bugfix: SCP Alerts caused a path error in GOS (#134804).
- Bugfix: Error messages from SCP Alerts in the Manager journal were shown as ASCII character codes or blob data (#125050).
- Bugfix: The keyboard layout selection was not applied sporadically (#139723).
- Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134332).
- Minor improvement: Adjusted the snmpd configuration to prevent excessive log messages (#126898, #2019111210000064).
- Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#129754).
- Minor improvement: Added a selfcheck if the given remote backup server is misconfigured or unreachable (#125752)
- Minor improvement: Removed the selfcheck alerting the user about a pending switch release (#138967).
- Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137537).
- Minor improvement: The GSM manual included in GOS was updated to the most current version from 2020-05-14 (#131710).
Vulnerability Management:
- Improvement: The ‘Hosts’ counter of the Operating Systems page now only counts hosts for which the operating system was detected as the primary / best-matching operating system (#132426, #117784, #2019011610000021, #2019082010000037, #2019091110000061).
- Bugfix: The ‘Deny all and allow’ hosts setting for a user did not deny host access if the input field for ‘allow’ was empty (#132301, #2019032810000013, #2020040210000031).
- Bugfix: For host identifiers, the ‘Delete Identifier’ button was missing (#131628, #2019042610000033).
- Bugfix: A passphrase input field was missing when creating or editing credentials of the type ‘Client Certificate’ (#127466).
- Bugfix: Private key authentication was missing for SCP Alerts (#125050, #2019101810000019).
- Bugfix: The ‘Stop’ button for Tasks was useable for users who had only been granted ‘Read’ permissions on the task (#128685).
- Bugfix: The ‘Task visible to’ indicator was not shown in all expected cases (#131912, #2020012410000021).
- Bugfix: Hyperlinks to Report Formats, Scan Configs, Port Lists and Operating Systems from Permission objects were incorrect (#131102, #131837, #2018083010000029).
- Bugfix: Hyperlinks on the NVTs list page to the NVT families were not functional when opened in the same tab (#132654).
- Bugfix: OVAL definitions were duplicated in rare cases (#128163).
- Bugfix: Verinice ISM and Verinice ITG reports were no longer importable in Verinice (#128330, #2019120410000014, #2019121310000015)
- Bugfix: Downloading a credential as a RPM package could result in an unuseable package (#131207, #2020040310000038).
- Minor bugfix: The sort order for hosts without a host name has been improved in the ‘Hosts’, ‘TLS Certificates’ and ‘Error Messages’ tabs for Report details (#130027).

5.0.17 (2020-01-20):

Greenbone OS:
- Improvement: Added a GOS selfcheck to warn users about an ongoing, major release upgrade, e.g. from GOS 5 to GOS 6 (#129688, #131103).
Vulnerability Management:
- Improvement: Added a check for the web interface when trying to view the Report details of a Report with a large number of Results. If this Results threshold is reached, the Report details will no longer be loaded. By adjusting the Report filter term the number of Results can be reduced, making it possible to view the Report details again. The default threshold is 25.000 Results per Report, this threshold can be adjusted via GOS at the responsibility of the user (#128397).
- Bugfix: Sorting the columns in several Report details tabs, e.g. Closed CVEs, did not work correctly (#128600).
- Bugfix: Changing the Report filter for a Report that is loading did not apply the new filter (#129127).
- Bugfix: Unsetting all Severity (Class) levels via the Update Filter dialog lead to a wrong filter term (#129073).
- Minor bugfix: Comments for Permissions could not be deleted as expected (#128144).

5.0.16 (2019-12-17)

Greenbone OS:
- Improvement: Unlocked the switch releases to Greenbone OS 6.0.1 for all supported GSM types (#129123, #128405).
- Bugfix: In rare cases, switch release upgrades could get triggered on GSM sensors unintentionally when upgrading the GSM master (#121478).
- Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#98371).
- Bugfix: IPv6 routes were not shown correctly in the GOS menu (#127560).
- Minor improvement: Updated the integrated version of the GSM manual (#128690).
Vulnerability Management:
- Improvement: Improved the memory allocation management of the gsad webserver (#128399).
- Improvement: Increased the automatic reload timer for web interface pages to 60 seconds for hidden windows and tabs. This may have a beneficial impact on performance (#126497).
- Bugfix: Introduced a fallback when requesting an unlimited number of rows in the Power Filter. Unlimited rows should now only be applied when the user explicitly requests it, in all other cases the ‘Rows Per Page’ setting should be used (#124690).
- Bugfix: The ‘Special Groups’ setting did not work correctly when configuring it for a Group with existing members. This could result in missing Permissions for some Group members (#127760).
- Bugfix: Long Result descriptions in the web interface Report view were missing linebreaks (#128336).
- Bugfix: When creating an Override for a Result in the web interface, the default selections did not create the Override for all Results in the Report. This was an unintended change of default behaviour (#124447).
- Bugfix: When creating an Override for a NVT in the web interface, the respective NVT was not pre-selected in the Create Override dialog. This was an unintended change of default behaviour (#128065).
- Bugfix: The help icon hyperlinks for the web interface tabs ‘User Tags’ and ‘Permissions’ were incorrect (#128394).
- Bugfix: The web interface tab ‘General Command Permissions’ listed duplicate permissions for default items (#118680).
- Bugfix: ‘sort’ and ‘sort-reverse’ filters were not shown in the web interface Scan Report Content Composer (#121752).
- Minor bugfix: When creating a new Permission in the web interface, the radio button for ‘Group’ is now unselectable if there are no groups that can be selected (#128142).
Vulnerability Scanning:
- Bugfix: Improved a case where the Scanner process could get stuck (#124695).

5.0.15 (2019-11-26):

Vulnerability Scanning:
- Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127751).

5.0.14 (2019-11-01):

Vulnerability Management:
- Bugfix: Results did not show up for downloaded reports (#126018).
- Bugfix: Viewing a delta report in the web interface could show a constant loading indicator (#126022).
- Bugfix: The number of high results was not shown in the ‘Hosts’ tab of the report details page (#126020).

5.0.13 (2019-10-29):

Greenbone OS:
- Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123416).
- Improvement: Added a check and an info dialogue to prevent GOS upgrades if deprecated settings are configured (#119699, #121980).
- Bugfix: Added support for restoring old backups created with GOS 4 (#123292, #125198).
- Bugfix: For airgap setups, the airgap master will now provide the airgap sensors with upgrade packages for the current and previous GOS versions, similar to normal master-sensor setups. This should improve switch releases between major GOS versions for airgap setups (#123183).
- Bugfix: Incremental backups were only listed if at least one backup had been created locally. Incremental backups are now always listed, even if all backups are stored remotely (#122908, #2019091910000029).
- Bugfix: The configuration of Remote Syslog settings did not become active until after reboot. They are now active when saving the settings in the corresponding menu (#122260, #2019091010000063).
- Minor bugfix: Added proper system operation names for creating and restoring an USB backup (#123140, #125500).
- Minor improvement: When sending emails, a GSM will now use its fully-qualified domain name as the hostname (#72221, #2019021410000014).
- Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125234).
- Minor improvement: Updated the integrated version of the GSM manual (#125754).
Vulnerability Management:
- Improvement: Simplified the verification process for custom report formats: Custom report formats are no longer verified manually, only automatically. The ‘Verify Report Format’ button was removed in this scope (#111692).
- Improvement: The report details page now opens at the ‘Information’ tab by default (#125850).
- Bugfix: After encountering an error page in the web interface, the error is no longer displayed when trying to view another page (#124342).
- Bugfix: The ‘Reset to Default Filter’ button on Report details pages set an erroneous filter, causing no Results to be displayed (#120979).
- Bugfix: When editing a LDAP or RADIUS configured User, the authentication method preselection would be set to ‘Password’. The preselection is now saved correctly according to the authentication method (#119765).
- Bugfix: When creating objects in the web interface, no preselections were shown even if suitable elements existed, for example when creating a Permission, no User would be preselected. The first element alphabetically is now preselected, if an element exists (#119932, #2019080810000015).
- Bugfix: The icons identifying an operating system on the Assets pages would sometimes show up as “?” only, even if detailed information on the operating system is available (#125194).
- Bugfix: It was not possible to delete comments for Users (#125448, #2019100910000054).
- Bugfix: Saving a space character as a User comment caused an error (#124339, #2019100910000054).
- Bugfix: Deleting a user with objects in the Trashcan could cause a sql error (#124694).
- Bugfix: The dashboard display “Next Scheduled Task” was missing timezone information (#122387, #2019091110000016).
- Minor bugfix: Verifying a Scanner on the corresponding scanner details page was missing a feedback dialog (#112039).
- Minor bugfix: Increased the number of characters allowed in the ‘Filter’ input field of the ‘Update Filter’ dialogue (#121747).
- Minor bugfix: On the dashboard display “Chart: Operating Systems by Vulnerability Score” CPE values could be truncated at the end, omitting operation system details. Such cases are truncated at the beginning now, allowing for easier identification of the operating systems in question (#122146, #2019090910000039).
- Minor bugfix: Corrected a special character encoding issue on the User list page (#123139, #2019092310000066).
- Minor bugfix: Corrected an error message that could occur when saving a Role (#121746).
- Minor improvement: Improved the error message in case the web server does not respond (#113218).
- Minor improvement: Removed the ‘Clone Report Format’ button since it had no use case (#111692).
- Minor improvement: Improved the default name and password hints on the web interface login page (#124117).

5.0.12 (2019-10-08):

Greenbone OS:
- Bugfix: GSM appliances without Alert functionality that were installed via a GOS 5.0.4 or newer image were exposing a SMTP port erroneously. The related service has been disabled for these appliances (#123978).
- Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121977).
- Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121977).

5.0.11 (2019-09-24):

Greenbone OS:
- Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121983).
- Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121478).
- Bugfix: Added the missing ‘gpgsm’ package for S/MIME certificate support to GOS (#121985).
- Bugfix: Fixed frequent, cosmetic redis error messages that were shown after a GOS upgrade (#118683).
- Minor bugfix: Fixed scanner logs during a feed update sometimes not showing the correct progress when loading NVTs (#81956).
- Minor improvement: Added warnings regarding the usage of ECDSA/DSA remote backup server host keys (#120115).
- Minor improvement: Added a name for the ‘Flash Write’ system operation in the ‘About’ menu (#119046).
- Minor improvement: Updated the integrated version of the GSM manual (#123087).
Vulnerability Management:
- Improvement: On Report details pages, only ‘high’, ‘medium’ and ‘low’ severity Results will now be displayed by default. ‘Log’ Results are no longer displayed by default, but may still be shown via a Filter. This may improve the performance of displaying Reports with a very large number of Results (#121641).
- Improvement: Changed the default sorting of Results on Report details pages. Results are now sorted from highest to lowest severity (#121641, #2019082910000057).
- Improvement: Added the columns ‘Ports’, ‘Apps’, ‘Distance’ and ‘Auth’ to the ‘CSV Hosts’ report format (#120739, #2019082010000028).
- Improvement: Added an animation and a lock to the ‘OK’ buttons of the report composer and trigger alert dialogues in the web interface to indicate that they been clicked, and to prevent further clicks until the original operation is finished (#120695, #2019081910000021).
- Improvement: Added a short animation to the ‘Empty Trash’ button in the web interface to indicate that it has been clicked (#121341).
- Improvement: Improved the ‘Edit User Settings’ dialog part for changing the current password. The description and error handling have been improved (#121974).
- Improvement: Enhanced the Alert details pages to show more information regarding the configured Alert type and settings (#119766).
- Improvement: Added tooltips to the ‘Edit Task’ dialog to indicate which settings cannot be edited for non-alterable tasks (#119840).
- Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#108616, #2019011510000041).
- Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122907, #2019091810000067).
- Bugfix: Filtering Remediation Tickets by status was not working correctly. Remediation Tickets can now be filtered via ‘Open’, ‘Fixed’, ‘Fix Verified’ and ‘Closed’ as expected (#117783).
- Bugfix: Remediation Tickets linked to a Task that is in the Trashcan or deleted had several display and useability issues (#116253).
- Bugfix: Fixed a further issue with the CVSS calculator, if “Authorization” was set to “Single” (#118415).
- Bugfix: Fixed the ‘Download CSV’ chart button causing an error (#121745).
- Bugfix: Fixed long note texts breaking the boundaries of the text box on Notes details pages (#120981).
- Bugfix: It was not possible to request individual vulnerabilities when using the GMP command ‘get_vulns’ with the ‘vuln_id’ attribute (#116532).
- Minor improvement: Updated the man page of gsad (#112036).

5.0.10 (2019-09-03):

Greenbone OS:
- Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
- Minor improvement: Updated the integrated version of the GSM manual (#121640, #121753).
Vulnerability Management:
- Bugfix: Fixed a reflected XSS vulnerability in the web interface (#121870).
- Bugfix: Sensor scans could erroneously show the status ‘Interrupted’ on the master in some cases (#121106).
- Bugfix: Permissions could not be edited in the Administration/Roles/Edit Role dialog (#120601, #121343).
- Bugfix: Disabled the ‘Trigger Alert’ button on Report details pages for GSM types that do not support Alerts and for users that have no permission to use Alerts (#120598, #120600).
- Bugfix: Disabled the ‘Edit My Settings’ button on the Extras/My Settings page for users that have no permission to modify Settings (#120598).
- Bugfix: Removed the ‘Clone Host’ button from all Assets/Hosts pages since it had no use case and caused an error (#121242).
- Bugfix: The ‘sort-reverse’ filter was not applied in the GSR-PDF report (#119483).

5.0.9 (2019-08-26):

Greenbone OS:
- Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120973).
Vulnerability Management:
- Bugfix: On the Assets/Hosts page, creating a new target via a bulk action caused an error (#120185, #2019081310000032).
- Bugfix: In the power filter, quotation marks in keywords starting with the character ‘~’ where not handled correctly, causing subsequent errors during bulk actions (#115293).

5.0.8 (2019-08-14):

Greenbone OS:
- Extension: The “Greenbone Security Manager with Greenbone OS 5” user manual is now included in GOS for offline use. It can be accessed via the web interface menu Help/Contents (#119292, #119764).
- Improvement: Added an experimental “SQL chunking” setting for sensor scans. It is activated via the GOS command line and may improve the scan performance (#117778).
- Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#116440).
- Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
- Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119829, #2019080510000021, #2019072410000022).
- Bugfix: The database file of a user data backup was not renamed correctly when upgrading from GOS 4 to GOS 5, causing a redundant copy to be present (#118354).
- Bugfix: Uploading a remote backup server host key could add a newline character, causing the host key to be invalid (#109875).
- Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118338).
- Minor bugfix: The Maintenance/Flash menu was erroneously shown for the virtual appliances GSM DECA, TERA, PETA and EXA. It was not functional and has been removed (#119052).
Vulnerability Management:
- Improvement: Single select dropdown menus in the web interface are now completely clickable (#118178, #2019071510000101).
- Improvement: The Edit/New Schedule dialog has been extended to make picking Schedule times easier: The new “Now” button will always set the current time, the date picker has had a year picker added (#118251).
- Bugfix: Schedules could be erroneously removed from Tasks, since the new iCalendar format was not used for all checks (#117775, #2019070910000033).
- Bugfix: Schedule “Next Run” times were wrong if the Schedule was non-recurring or for certain timezone constellations (#119045, #119482, #2019072910000013).
- Bugfix: Schedules migrated from GOS 4 were always using the UTC timezone (#118054, #2019071510000012).
- Bugfix: Schedule times are once again shown in the timezone that the Schedule was configured for, not the general user settings timezone, restoring the behaviour from GOS 4 (#118873).
- Bugfix: On the Report details page, the columns Ports, Apps, Distance, Auth, Start and End were missing in the Hosts tab (#115647).
- Bugfix: The Export File Name settings in the web interface were not applied (#118181, #2019071610000029).
- Bugfix: The Task setting “Once” for Schedules was not saved correctly (#118237, #118238, #2019071610000127).
- Bugfix: Emails sent via the an Email Alert had a wrong “Return-path”, “envelope-from” respectively “X-MailRelay-From” (#119942, #2019080810000024).
- Bugfix: If any default Permissions are missing, they will now be re-created when the Greenbone Vulnerability Manager starts (#117410, #2019062010000013).
- Bugfix: Resuming a Task configured to run on a Sensor could lead to duplicate results (#113271).
- Bugfix: Verifying a Report Format in the web interface was missing a feedback dialog (#115104).
- Bugfix: Verifying a Scanner in the web interface was missing a feedback dialog (#112039).
- Bugfix: Alerts with the deprecated Report Format “HTML” were not migrated to use the Report Format “TXT” correctly (#110772, #2019071510000085).
- Bugfix: Opening the web interface login page in a new window or tab while a login was active in another window or tab could log the user out (#114452).
- Bugfix: If two web users are configured with different user interface languages, switching between the two users required two login attempts (#118559, #2019072310000015).
- Bugfix: On the Performance page, the performance graphs for Sensors were not working correctly (#119210, #2019073110000045).
- Bugfix: On the Performance page, changes made via the date picker were not saved correctly (#118055).
- Bugfix: An error in the CVSS calculator occured, if “Authorization” was set to “Single” (#118415).
- Bugfix: Clicking the operating system icon on any Host details page caused an error, it now links to the corresponding operating system details (#117780).
- Bugfix: Creating a valid, but incomplete Alert via GMP and then trying to view it in the web interface caused an error (#114775).
- Bugfix: Exporting a NVT with an apostrophe in the name caused an error (#120071).
- Minor bugfix: When creating new Permissions for a Task, the default, pre-selected Permissions were different than in GOS 4 (#114791).
- Minor bugfix: The “Filter” field in the Scan Report Content Composer was not automatically resized to fit the filter string, causing the text to overflow (#118182, #2019071510000111).
- Minor bugfix: On the Tasks page, the indicator icon for Tasks configured to run on a Sensor was missing (#119767).
- Minor bugfix: In the Delta Report view, the indicator for changed items, (+) and (-), was missing colorization (#112862).
- Minor bugfix: The Task settings “Maximum concurrently executed NVTs per host” and “Maximum concurrently scanned hosts” were not shown on the Task details view (#110104).
- Minor bugfix: Viewing any Report Format details page as a user with the role “Observer” would show XML parsing errors (#118560).
- Minor bugfix: The “rows” Filter allowed for invalid values and relations. Invalid values are now converted to “1”, invalid relations are converted to “=” (#111336).
- Minor bugfix: The response for the GMP command “delete_ticket” has been adjusted to lowercase (#116531).
- Minor improvement: Removed the preview icon for Delta Report result differences, since the preview can not support all relevant details. Delta Report result differences may still be clicked to view their full details (#113514).
- Minor improvement: Lists of objects in the web interface, for example “Tasks using this Alert” on the Alert details page, have been improved to make individual objects easier to discern (#118179, #2019071510000067).
- Minor improvement: The Edit/New Task dialog has been adjusted, allowing the display of longer Scan Target and Schedule names (#118178, #2019071510000101).
- Minor improvement: The CVSS calculator now states that CVSS V2.0 is used (#113527).
- Minor improvement: The “details” attribute of the GMP command “get_reports” was undocumented (#114702).
Vulnerability Scanning:
- Bugfix: The get_ssh_port() function of the scanner could fall back to port 22 when a custom port was configured (#114986).

5.0.7 (2019-07-25):

Vulnerability Scanning:
- Bugfix: Fixed an issue causing scans to abort early due to the scanner not being able to fork new processes. This could lead to less detection results and host details being reported (#116389, #116533, #116866, #2019062510000059, #2019071610000011).
- Bugfix: Added missing libopenvas build dependencies to openvas-smb (#118501).

5.0.6 (2019-07-11):

Vulnerability Management:
- Bugfix: The HTTP timeout setting for the web interface was using an erroneous internal value, this has been corrected (#117889, #2019070810000071).

5.0.5 (2019-07-09):

Greenbone OS:
- Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117589).
- Bugfix: During the initial feed update after the setup of a GSM, postgres could rarely fail due to a race condition (#117030).
- Bugfix: Support for importing old GOS 3.1 or 2.0 userdata backups has been improved (#117135).
- Bugfix: Starting a GOS upgrade after importing an old GOS 3.1 or 2.0 userdata backup could cause a postgres error (#117412).
- Minor bugfix: The system operation ‘Update Feed’ in the GOS menu ‘About’ was not named correctly in all cases (#117411).
- Minor improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117591).
- Minor improvement: All occurences of ‘Airgap Slave’ have been renamed to ‘Airgap Sensor’ (#117282).
Vulnerability Management:
- Bugfix: Configuring a custom HTTP timeout setting for the web interface was not applied in all cases (#117640, #2019070810000071).

5.0.4 (2019-07-01):

Greenbone OS:
- Extension: Introduced new GSM types 450, CENO, DECA, TERA, PETA and EXA (#114981, #114992).
- Improvement: Activated support for SMTPS encryption of emails sent by a GSM (#83277).
- Improvement: Added a shell script to fix oversized postgres databases (#86497).
- Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#93050, #116252).
- Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
- Minor improvement: Added warnings regarding the usage of ECDSA SSH keys (#116303).
- Bugfix: The flash drive of GSM hardware appliances was sometimes not detected correctly (#115837).
- Bugfix: No network traffic performance graph data was shown for interfaces in the ‘scan1’ namespace (#110755).
- Bugfix: The network route 0.0.0.0/0 can now be set (#115609).
- Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876).
- Minor bugfix: Improved the formating of the GOS sensor test results (#113219).
Vulnerability Management:
- Improvement: The Greenbone Vulnerability Manager now automatically adds a “login failed” host detail when a target has a credential configured and the login fails (#106677).
- Improvement: Updated the manpage of gvmd (#112086).
- Bugfix: Notes and overrides for results were not shown (#112702).
- Bugfix: Not all result pages for delta reports could be viewed (#116392).
- Bugfix: Task names were not visible in the reports view (#110527, #2019051010000034).
- Bugfix: The ‘Edit’ dialogue for LDAP and RADIUS settings did not work in some cases (#115426).
Vulnerability Scanning:
- Bugfix: If there is no redis database available, the scanner will no longer wait forever, but resume operation as soon as a database becomes available again (#115613).

5.0.3 (2019-06-19):

Greenbone OS:
- Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116440).

5.0.2 (2019-06-03)

Greenbone OS:
- Improvement: The GOS menu ‘About’ will now show the exact type of system operation that is in progress (#98619).
- Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#115335).
- Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113830).
- Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#115285).
Vulnerability Management:
- Improvement: Greatly improved the performance of the ‘Edit Scan Config’ dialog (#112699).
- Minor improvement: File upload buttons and text input fields are now inactive if their corresponding radio button is not selected (#113530).
- Minor improvement: Added documentation of NVT categories in a GMP response (#109616).
- Bugfix: The Task page could show an internal error in some circumstances (#114037, #2019051010000034).
- Bugfix: When switching from the reports list page to the report details page, the page could get stuck while loading (#114040, #2019051010000034).
- Bugfix: Giving write permissions for a task to another user still did not allow that user to start the task (#114793).
- Bugfix: It was not possible to bulk-tag filtered resources, like port lists (#113729).
- Bugfix: Vulnerabilities were not supposed to be tagged, the bulk-tag icon has been removed from the Vulnerabilities page (#115294).
- Bugfix: Using the ‘Test Alert’ functionality for an alert with the method ‘Start Task’ did not start the task (#110778).
- Bugfix: Verifying default report formats caused an error. Since they are always verified, the corresponding verification has been disabled (#110105).
- Minor bugfix: Task details pages were not refreshed correctly (#113931).
- Minor bugfix: The scheduled task icon tooltip did not list the next due date (#113203).
- Minor bugfix: In the Results view the host IP column could display ‘null’ (#110583).
- Minor bugfix: Email alerts could be configured with a syntactically invalid email address (#112103).
- Minor bugfix: For email alerts with an attached report, the content type of the attachment was set to ‘null’ erroneously (#112155).
- Minor bugfix: Changed the ‘Solution Type’ checkboxes in the Results power filter dialog to radio buttons, since only one selection is allowed at a time (#114039)
- Minor bugfix: In the ‘Import Report’ dialog all available containers are now always shown (#112616).
- Minor bugfix: The ‘NVTs by Family’ chart did not show the message ‘Applied filter…’ if a filter is used (#114094).
- Minor bugfix: In report details, error messages could contain erroneous entities (#113516).
- Minor bugfix: In scan config details, ‘Tasks using this Scan Config’ was missing linebreaks (#113871).
- Minor bugfix: The delete icon was shown as active for scan configs which are in use, it now shows as inactive as intended in this case (#111525).
- Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035).
- Minor bugfix: The ‘Anonymous XML’ and ‘XML’ report format details were incorrectly describing both as ‘OpenVAS Manager XML format’ (#113873).
- Minor bugfix: The ‘Common Platform Enumeration’ report format details were incorrectly referring to it as ‘Common Product Enumeration’ (#113874).
- Minor bugfix: Fixed the parsing of CVSS single instance authentication in CVE details (#115277).
- Minor bugfix: Creating a tag with an empty ‘id’ attribute via a GMP API call could lead to a duplicate response (#113815).
- Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#115284).
- Minor bugfix: The ‘get_vulns’ GMP command now returns a valid response when used without a filter (#113817).
- Minor bugfix: Removed unneeded PostgreSQL error log messages when a lock was not available (#109087).
- Minor bugfix: Fixed a possible race condition in the ‘Edit My Settings’ dialog (#113930).
- Minor bugfix: Added German translations for error, date and status information (#114030, #114031, #114193).
Vulnerability Scanning:
- Bugfix: Each scan plugin process is now separated into its own process group, preventing defunct processes and NVTs being executed at a wrong time (#109743, #113267).

5.0.1 (2019-05-05):

Greenbone OS:
- Improvement: The default system maintenance time is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. The system maintenance time can still be adjusted manually (#113695).
Vulnerability Management:
- Improvement: Only fully translated user interface languages are now available to choose from in the My Settings menu. Incomplete translations are hidden until implementation (#113517).
- Bugfix: The tasks page was not refreshed correctly when a task was in the status ‘Requested’ (#113515).
- Bugfix: Viewing the TLS certificate details in a report view could lead to an error page (#113520).
- Bugfix: The hosts topology graph was not displayed correctly if there was a host with no severity present (#113521).
- Bugfix: Powerfilter dropdown menus were erroneously limited by the Rows per page / max_rows setting (#113528).
- Minor bugfix: Some login page elements were offset for Microsoft Edge and Microsoft Internet Explorer (#113725).
- Minor bugfix: The list of excluded hosts in the target details was missing a linewrap (#113204).
- Minor bugfix: The download icons for credentials were missing tooltips (#112161).
- Bugfix: The Integrated Remediation Workflow feature was erroneously available for the product families SME and ENTRY. It has been disabled for these families (#113723).

5.0.0 (2019-04-30)

Transform Web-GUI into a single page application: Transforming the web user interface into a single page application which is loaded once and then only updates the in-browser data from the server. This accelerates user interactions and unloads the server. The design bascially remains as in GOS 4, but the interaction with the user interface will be much more direct and responsive (FS-171117-1741).
New view on scan results by vulnerability: The new view “Vulnerabilities” additional to Results and Reports summarizes identical vulnerabilities across all scans and of course arbitrary filters can be applied (FS-171117-1729).
Increase speed of feed updates: SCAP/CERT updates consume less CPU and less RAM (FS-171117-4518).
Transition from global objects to ownerless-predefined objects: In GOS 4 it was not possible to assign static global objects (Port lists, Scan configs, Scanner and Report Formats) to roles as a specific permission. With the transition to ownerless-prefefined objects it is now possible to configure Users, Roles, and Groups in a way, which permits them only restricted usage of only a few, just one or even none of the predefined objects (FS-171117-4531).
Add columns “Hosts” and “Location” to the overview for Notes and Overrides: This makes sorting and filtering for Hosts and Locations easier (FS-171117-1839).
Extended edit dialog for overrides and notes: The edit dialog for Notes and Overrides now allows editing the NVT, Host, Location, Severity, Task and Result even if already set to “Any” or specified in other ways (FS-171117-5915).
New option to upload a file for “exluded hosts” for a Target: This removes the limit of the previous text entry field (FS-171117-3759).
Merge of Web-GUI built-in help and GSM Manual: The web version of the GSM manual is directly connected with the help buttons and placed into the appliance. This steamlines the documentation (FS-171116-1819).
Remove menu item “Assets->Hosts (Classic)”: The key functionality “prognosis” is already available since GOS 4.0 as the “CVE-Scanner” (FS-171117-2431).
Remove overrides indicator switch (web interface): The indicator/switch icon for overrides in the header of the severity columns in the tasks overview, reports overview, results overview and report-results overview is removed (FS-171117-1503).
Link to Scan Configs from the OSP Scanner details page (web interface): This makes navigation between Scanners and Scan Configs more consistent (FS-171117-3656).
Improved log files for scanner (internal): The scanner now follows the very same logging scheme as all other internal modules. This helps for support case about scanner (FS-171117-3025).
Renamed internal vulnerability management service to “gvmd”: This is a follow-up change of renaming the protocol from OMP to GMP in GOS 4. This establishes an advanced consistency in internal terminology reaching even into the database. However there is no impact for the user interface or to GMP: Neither GUI nor the API is changed (FS-171117-3251).
Automated internal database updates with feed content: This is a plain internal design change to avoid delayed data updates due to network problems or other issues (FS-171117-5003).
Advanced internal process activity information scheme for vulnerability management service: This is a plain internal change which makes it easier for support cases to analyse the activity status of a GSM (FS-171117-5336).
Removed Report Format Plugin “HTML”: The alternative GSR HTML is more advanced in any aspect. Alerts that were configured to use HTML will automatically fall back to use the lightweight “TXT”. Please change to GSR HTML where considered appropriate (FS-171127-5042).
Multiple user-configured main dashboards: The current single main dashboard under menu “Dashboard” is extended to have up-to 10 user-configured named dashboards. This allows for example to configure “Europe”, “Asia”, “Last Week”, “Windows” or “Printers” by applying respective powerfilters to a individual chart selection. (FS-171116-0537).
From the list of pre-defined severity classification schemes, “OpenVAS Classic” is removed: It was kept for a transitional phase. Since a long time the NVD classification is the default. During migration, “OpenVAS Classic” is replaced by the NVD classification in case a user configured it as a personal setting (FS-180116-0845).
Task status “Internal Error” is renamed to “Interrupted”: Scans that stopped for any other reason than the user pressing the stop button will have the status “Interrupted at X%” which is shown in red color in the GUI and and thus replace the status “Internal Error”. After a reboot of the manager, running tasks are set to “Interrupted at X%” instead of “Stopped at X%”. The “Stopped” status remains reserved for user-intentional stopping of a task. Both types can be resumed. This all allows to resume tasks that failed for example due to a network connection problem during a sensor scan. Also it allows to distinguish between user-intended stop and system-driven stop. This changes the status types as handled by the GMP commands get_tasks and get_reports (FS-180108-3217).
Drop “version” element for NVTs and update version format for Results: The version information is actually redundant since the “last modification” element specifies the version even more meaningful. Thus, the “version” element is removed from the NVT meta data. This also means a minor change to the GMP protocol. Results are still given a version number of the respective NVT, but the format changes from for example “$Revision: 1244$” to “2017-12-20T08:01:27Z” (FS-171208-4740).
Extend Schedules to allow more refined schedules: The internal task scheduling system was extended to allow more refined schedules. The dialog for editing alerts was extended with more options like “16:00 every monday and wednesday” (FS-171116-3106).
Drop elements “host_start” and “host_end” from report element of GMP response from “get_reports”: The information in the elements “host_start” and “host_end”are already available in the “host” element. So, this changeis about dropping the redundant part (FS-180104-2357).
Bulk tagging: This feature introduces the opportunity to assign the same tag to many objects with just a single action rather than adding the tag to each object one by one. For example you can easily assign 100 arbitrarily filtered hosts in the host asset management with the tag “Responsible:AdminTeam1” or “AssetGroup:Printers” (FS-171227-1841).
Extended vhosts support: The scanner becomes much smarter about finding all hostnames:IPs relationships without need of extra user input. The previously used per-scan-config vhosts/vhosts_ip preferences are simply dropped. Whatever was configured here will now be done automatically and reliably. In environments with virtual hosts, the scan results will haveless results because duplicates are avoided now. The hostname is now a field of its own in the Web-UI as well as in GMP. (FS-171212-5724).
Removed report type “prognostic”: This report type was available only at GMP level for GET_REPORTS. This removal is the last step of the transition from “Prognosis” reports to the “CVE-Scanner” (FS-180927-0546).
Extended storage of results (internal): This is a plain internal change (no UI nor API change) to improve performance for some use cases. Technically speaking this reduces the size of the results table by introducing a separate results trash table (FS-180910-0459).
Drop redundant information from NVT meta data: This is an internal change to reduce the copyright notice to a single occurance in the NVTs. This has a minor positive effect on performance for feed updates (FS-181022-5813).
Encrypted alert emails: The alert method “Email” now allows to encrypt to a S/MIME certificate or to a PGP key, owned by the recipient. This way a secure end-to-end encryption is established. The encryption keys can be uploaded as a new Credential type in the Configuration section (FS-171122-0309).
Scan Report Content Composer: This new dialog appears when a report download is requested, an alert execution is requested and is available when an alert is created/edited. The dialog offers to compose the content of the XML that is then passed on to the Report Format Plugin, and perhaps then to the Alert. Initially it allows to configure whether notes and/or overrides should be included into the report. Not all report plugins can handle all types of content. The content composer allows to reduce/extend the scope handled by the report plugin and is designed to be extend with further data groups in the future (FS-180924-3251).
Integrated Remediation Workflow: For the product families MIDRANGE and ENTERPRISE, a integrated remediation workflow is introduced. It is a ticket management focussed on resolving the finding of vulnerabilities. Compared to a generic ticket management system it is much simpler and has less options. On the other hand, it is capable to automatically consider re-scans in order to verify that an assignee has indeed fixed a security problem. Additionally, all valuable information to understand and resolve a problem is directly cross-linked and thus directly available for an assignee (FS-180103-0646).

2018-08-31: Greenbone OS 4.3

Current Patch Level: 4.3.22 (2021-02-22)

Lifecycle Status: Obsolete

4.3.22 (2021-02-22):

Greenbone OS:
- Status: Set the release status to “retired” for all GSM types with GOS 4.3. An upgrade notification will be displayed in the GOS selfcheck (#157070).
- Bugfix: Enabled the GOS upgrade functionality, if GOS is in the status “retired” or “end-of-life” (#157069).

4.3.21 (2020-07-30):

Greenbone OS:
- Bugfix: The Intel June 2020 microcode update is included, addressing the ‘CROSSTalk’, ‘CacheOut’ and ‘SGAxe’ vulnerabilities of Intel processors (#143745).
Vulnerability Management:
- Bugfix: The ‘Add new host’ dialog on the ‘Assets/Hosts’ page allowed unsanitized input in the ‘Name’ field. Only IPv4 or IPv6 addresses are accepted as a name now (#143733).

4.3.20 (2020-05-25):

Greenbone OS:
- Improvement: An incremental backup is now automatically attempted before every GOS upgrade (#132590).
- Improvement: The available disk space is now checked before creating a backup. If the disk space is not sufficient, no backup will be attempted (#134696, #125755, #2019102910000016).
- Bugfix: The restoration of sqlite backups from an external USB device could fail sporadically (#102470).
- Bugfix: The keyboard layout selection was not applied sporadically (#1398861).
- Bugfix: SNMPv2 was still active even when a user name and an authentication passphrase were configured (#125586, #2018072410000079).
- Bugfix: IPv6 routes where not shown in the corresponding administration menu (#127559, #2019112110000029).
- Minor Bugfix: The GOS copyright has been updated to reflect the correct LICENSE for the Greenbone Security Feed (#134333).
- Minor improvement: If the networking service is in a failed state, a switch release can no longer be started, preventing subsequent errors (#134341).
- Minor improvement: Changed the community feed URL ‘feed.openvas.org’ to ‘feed.community.greenbone.net’ (#137538).
- Minor improvement: Changed the internal variables used to differ between the Greenbone Security Feed and the Greenbone Community Feed (#125235).

4.3.19 (2019-11-26):

Greenbone OS:
- Improvement: Included the latest major release of gvm-tools, version 2.0.0. See https://github.com/greenbone/gvm-tools for more information (#123417).
Vulnerability Scanning:
- Bugfix: Increased the maximum number of NVTs supported by the openvas-scanner (#127752).

4.3.18 (2019-10-08)

Greenbone OS:
- Bugfix: Security update for the CVE-2019-15902 “Spectre” related regression in the Linux kernel (#121978).
- Bugfix: Security updates for the openssl and expat libraries, covering CVE-2018-20843 and CVE-2019-1543 (#121978).

4.3.17 (2019-09-24)

This release is planned to be the LTS release of generation 4.
Update of the base system and of the database management system. This modernizes the basement but leaves the application stack untouched. The user interface, the APIs etc. will remain the same (FS-180108-2522).
Generator routine for auto-credentials for Debian and RPM based systems updated: In fact, the entire generator was implemented anew, making it much easier to maintain (FS-180514-3416).
Improved usability of GOS menu: Updated structure and item sequences, consistent spelling, grammar and terms throughout the menu, introduce check boxes and radio buttons for state of settings (FS-180723-4923).
Substitute ExpertNet functionality by network namespace management: The GOS menu “Network” is extended with settings for assigning network interfaces to namespaces. This covers the standard cases of using the ExpertNet functionality. In particular, this allows for an esier way to assign specific interfaces for scanning and management.Note: This feature is only available for GSM Midrange and Enterprise series (FS-180626-0915).

In case you are using the ExpertNet functionality in GOS 4.2, please follow these steps: 1. Save the ExpertNet Configuration separate from the GSM. 2. Optional: Consult Greenbone Support about possible challenges for the substitution of your ExpertNet configuration. Some advanced ways might not directly be transferable to the new scheme. 3. Deactivate ExpertNet. 4. Migrate to GOS 4.3 5. Configure the network with the new opportunities based on the details in the preserved ExpertNet configuration.

4.3.17 (2019-09-24):

Greenbone OS:
- Improvement: In case of filesystem corruption (for example due to a sudden power outage), an automatic reboot is now carried out after the filesystem repair at boot time as a precautionary measure (#121982).
- Bugfix: Security update for the CVE-2019-1125 “Spectre SWAPGS” gadget vulnerability (#121337).
- Bugfix: The switch release from GOS 4.2 to GOS 4.3 could fail in some cases, if an IPv6 management IP was configured (#118949).
- Bugfix: In rare cases, switch release upgrades could get triggered on sensors unintentionally when upgrading the master (#121479).
- Bugfix: Testing the sensor connections could cause a traceback when a sensor had an invalid remote host identifier configured (#120972).
- Bugfix: It was possible to configure invalid domain names, leading to subsequent errors. All domain names now have to comply to RFC952 and RFC1123 (#118556).
- Bugfix: The disk usage of journalctl could exceed safe limits, affecting system stability. It has been hard limited to use a maximum of 1.5 GB (#119838).
- Bugfix: Uploading a remote backup server host key could add a newline character or new lines, causing the host key to be invalid (#109875, #119485).
- Bugfix: The Maintenance/Upgrade/Sensors menu on a GSM master could display the sensor status “Update Feed” erroneously in some cases. These cases were fixed to display “Upgrade manually”. “Update Feed” will still be shown when relevant (#118184).
- Minor bugfix: Improved the spelling in the GOS self check (#112714).
- Minor improvement: Added and improved the GOS menu descriptions for restoring backups and setting the GSM hostname, since backups are dependent on the hostname (#119837).
Vulnerability Management:
- Bugfix: Sensor scans would add all hosts in a target network to the Assets, even if the hosts were offline and “Mark unreachable Hosts as dead (not scanning) = yes” was set. Only active hosts will get added to the Assets in this case (#121333, #2019011510000041).
- Bugfix: The downloadable Windows LSC installer for Credentials did not add the user to the administrator group on all supported versions of Microsoft Windows (#122909, #2019091810000067).

4.3.16 (2019-07-09):

Greenbone OS:
- Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to ansible is now included (#117635).
- Bugfix: Uploading the remote backup server host key did not add it to the known hosts list correctly (#117132, #2019070110000011, #2019070410000051).

4.3.15 (2019-07-01):

Greenbone OS:
- Bugfix: Switch releases from GOS 4.2 could fail due to a networking error (#116250, #2019061110000021, #2019061110000012, #2019060610000059).
- Bugfix: The network route 0.0.0.0/0 can now be set (#115609, #2019060310000028).
- Bugfix: Network interfaces were sometimes be erroneously named on the new GSM type 5400 (#116814, #2019062510000041).
- Bugfix: Patched libssh to resolve possible issues with Cisco devices (#113876, #2019042910000046).
- Improvement: The ‘Management IP’ menu option is now always shown, even when only one interface is present in a namespace (#115904).
- Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to postgres is now included (#116640).
- Minor improvement: Improved the error logging for the TippingPoint alert (#114090, #2019041610000098).
- Minor improvement: Updated the info dialogue when upgrading to GOS 5.0 (#116910).

4.3.14 (2019-06-19):

Greenbone OS:
- Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116439).

4.3.13 (2019-06-03)

Greenbone OS:
- Improvement: The client min and max protocol versions for SMB clients can now be configured via the Greenbone OS command line (#114780, #2019040110000026).
- Improvement: The default system maintenance time for new Greenbone OS installations is now randomized between 03:00 and 05:00 UTC to distribute load for the Greenbone Security Feed server more evenly. Existing setups are not changed, and the system maintenance time can still be adjusted manually (#113697).
- Minor improvement: The expiry date of the Greenbone Support Team GPG key, used for the encryption of support packages, has been extended to 2020-10-31 (#113829).
- Bugfix: Opening the IPv6 global gateway menu lead to a traceback (#114746, #2019051610000032).
- Bugfix: Manually deactivating the deprecated expert networking feature on namespace appliances could cause issues when configuring the scan namespace (#113816).
- Bugfix: The migration from GOS 4.2 to GOS 4.3 could fail for non-namespace appliances (#114750).
- Bugfix: On namespace appliances, the OpenVAS scanner was sometimes started in the wrong namespace (#113823, #2019050610000015).
- Minor bugfix: Port 53/TCP, used for dnsmasq, now only listens on localhost (#109142, #2019021210000027).
- Minor bugfix: The Greenbone OS upgrade info dialogue and selfcheck could display the version information ‘None’ in some cases (#113531).
Vulnerability Management:
- Bugfix: In some cases the default quality of detection for all vulnerabilities was set to 75% due to the OpenVAS manager not correctly generating its internal metadata database (#108670).
- Minor bugfix: For tags, the deprecated type ‘slave’ was still checked in GMP API calls, leading to subsequent problems (#114035, #2019050910000064).
- Minor bugfix: For the GSR PDF report format, the colour coding of medium CVSS vulnerabilities was red in some cases, this has been corrected to yellow (#114035, #2019050910000064).

4.3.12 (2019-05-01):

Greenbone OS:
- Improvement: Added info dialogues to explain why a GOS upgrade might not be possible due to a range of issues, as well as how to solve them (#109524).
- Improvement: Enhanced the contents of the Greenbone Support Package. More debugging information related to redis is now included (#113457).
- Bugfix: The internal GOS configuration management did not generate a correct return code in some cases, leading to subsequent problems (#112707, #112712).
- Minor bugfix: A file path in the Support Package pointed to the wrong location (#112526).
Vulnerability Management:
- Improvement: Added a configurable setting to control the interval at which a GSM master appliance requests scan results from a GSM sensor appliance. Different values may be used for performance optimization (#112620).
- Bugfix: For some default scan configs the current value of “Mark unrechable Hosts as dead” in “Ping Host” was set to “No”, leading to significantly increased scan times. It has been set to “Yes” for all default scan configs (#91358).
- Bugfix: Resuming a scan task on a GSM sensor appliance could lead to duplicate scan results (#113339).
- Bugfix: Adjusted the SMB alert to provide better compatibility with non Microsoft Windows SMB shares (#110811, #2019040110000026).
- Bugfix: Fixed a traceback that could occur for the TippingPoint SMS alert (#112681, #2019041610000098).
- Bugfix: Deleting assets selected with “Apply to all filtered” was not working (#99285).
Vulnerability Scanning:
- Improvement: Adjusted the redis ‘databases’ setting to improve high-load situations (#113216, #2019042410000037).

4.3.11 (2019-04-03):

Vulnerability Management:
- Improvement: Added a command line setting to control the chunk size of the data that is transfered between master and sensor appliances (#111446).

4.3.10 (2019-04-02):

Greenbone OS:
- Bugfix: Configuring a static IP address on non-namespace appliances could lead to a traceback (#111326).

4.3.9 (2019-03-26)

Greenbone OS:
- Extension: Global gateways can now be assigned to a specific network interface via the GOS menu (#108189, #2018110810000047).
- Extension: A script to manually verify the integrity of the USB Airgap APT feed has been added to GOS (#100162, #2018082910000041).
- Improvement: Debug information for the scan namespace is now included in the GOS support package (#110536).
- Bugfix: Setting a route for the scan namespace could sometimes fail, this has been fixed for all cases (#109811, #2019021510000076).
- Bugfix: It was possible to assign the same IP address to different interfaces in the management namespace, leading to subsequent problems. IP addresses in the management namespace must be unique now (#095757).
- Bugfix: In some cases the SSH service could fail when no IP was configured (#110806, #109821, #2019022710000026, #2019032110000026).
- Bugfix: Search domains were not forwarded from the management namespace to the scan namespace. They are now shared between all namespaces (#109752, #2019022510000021).
- Bugfix: The internal GOS configuration management now handles multi dimensional arrays correctly (#110597).
- Minor bugfix: The GOS self check did not display the correct check in progress if this check involved a network timeout (#109819).
- Minor bugfix: In some cases the GOS menu could warn about no network being available if an interface other than eth0/mgmt0 was configured for management (#104990).
- Minor bugfix: The LDAP and Radius configuration files on appliances that do not support these features were incorrect (#109826).
Vulnerability Management:
- Improvement: The TCP-SYN and TCP-ACK settings for “Alive Test” method have been updated (#110452).
- Bugfix: GMP users were able to lock themselves out of their account via the modify_config command (#109746).
- Minor bugfix: For email alerts, the lines preceding the first blank line were omitted on some email clients like Microsoft Outlook and The Bat! (#100158, #2018080210000019).
- Minor bugfix: Improved the German translation of the web interface (#109751, #2019030710000071).
Vulnerability Scanning:
- Improvement: The performance of handling large sets of hosts during the start of a scan has been improved (#110795, #110809).

4.3.8 (2019-02-25):

Greenbone OS:
- Improvement: The scanner will now be started in the scan namespace only if at least one interface has been switched to the scan namespace (#0109576).
- Bugfix: The second out of band management port on GSM 6500 could not be configured correctly (#0109623).

4.3.7 (2019-02-14):

Greenbone OS:
- Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#108957, #109013, #109313).
- Improvement: Added a selfcheck warning if Expert Mode networking is active. Expert Mode networking is deprecated in GOS 4.3 (#109147).
- Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108963).
- Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109097, #2019011410000016).
- Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#109007).
- Bugfix: The remote backup server configuration is now always migrated correctly during a switch release (#109303, #2019021310000034, #2019021310000043).
- Bugfix: Fixed host key fingerprint checks during feed synchronisation to work with all supported ports (#108901, #2019021310000043, #2019021310000061, #2019021410000087).
- Bugfix: The scanner was sometimes started in the wrong namespaces after specific configuration steps. The scanner is always started in the scan namespace now (#109318).
- Bugfix: Due to a race condition, hostname resolution for scans could sometimes fail on appliances with network namespaces, this has been fixed (#099349).

4.3.6 (2019-02-02):

Greenbone OS:
- Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108672).

4.3.5 (2019-02-01):

Vulnerability Management:
- Extension: SMB alerts capabilities are extended, especially with regard to how the target filenames are determined. Among the changes, the default report filename changes and depending on how you configured this alert, the behaviour might change. In essence it could happen that the target filename is now “report.xml.xml” instead of just “report.xml”, which can be adjusted easily in the Alert configuration. Please contact the Greenbone Support if you are using SMB alerts and are unsure whether you might be affected by this change. A primary extension is that the SMB alert can consider special tagging of scan tasks to assemble the file path dynamically (FS-180110-4337, #79989, #79987, #105198, #2018041710000043, #2019010910000026, #79986).
- Extension: The new alert type “Alemba vFire” (minimum vFire version 9.7) allows to transfer scan reports to the vFire ticket system (FS-180917-5139, #67013).
- Extension: Overrides are now capable to consider IP ranges and the entry field size is increased from 80 to 200 characters (#103028, #2018040610000037).
- Improvement: The UI and reports can now also inform about success or failure regarding SNMP credentials, analog to what is already imformed about SSH and SMB credentials (#108310).
- Bugfix/Improvement: The alert method for the Sourcefire Defence Center, meanwhile known as FirePower Threat Defense, was fixed and improved (#2018051410000011, #99769).
- Bugfixes: A couple of problems with the Windows Autocredential Installer were fixed. Among this were special characters in passwords and special behaviour of Windows Server 2008 R2 (#99466, #2018081410000041, #2018121310000017, #63874).
- Bugfix: It was possible that a scan executed on a sensor hangs in “Requested” in case some types of SNMP credentials were configured for this scan (#103073, #2018091310000032).
- Bugfix: In a few cases, URLs provided as a cross reference of a NVT were wrongly assembled in the UI (#102293).
- Bugfix: Under certain conditions it was possible that the scanner falls back to its default settings (#107824).
- Bugfix: The performance overview showed charts for unavailable components (#108079).
- Bugfix: The robustness of the scanner against rare race conditions for the NVT cache management was improved. This is about observations where a scan stops on its own shortly after it was started (#104878).
- Minor bugfix: The Icon “Edit Filter” was missing a tooltip (#104990).
Vulnerability Scanning:
- Bugfix: Credentials for SSH with ecdsa256 were causing an error when uploaded (#106266, #2018121410000015).
Greenbone OS:
- Extension: The GOS administration allows to activate a limit of subsequent failed logins as GOS administration user. If the limit is reached, access via SSH is locked. To unlock it, it is necessary to login at the console and enter the administration menu for the SSH service. The selfcheck is extended to consider and inform about the status. Note that activating this feature means to add brute-force-login protection on the one hand, but also expose a denial of service attack vector on the other hand. The choice is subject to individual policy and security consideration. They mutually excluded each other, so you can not have both at the same time (FS-180823-3404, #105677).
- Bugfix: For imported TLS certificates to be used for the web user interface, two problems were solved regarding longer certificate chains (with intermediate CA certificates) and regarding PKCS12 import (#93042, #107737, #2018092410000039).
- Bugfix: In a few cases, restoring a userdata backup was causing problems (#102534).
- Bugfix: For the USB backup, the GOS administration offers to format a USB stick in case it is not formatted properly yet. This formatting failed (#107301, #2019010710000075).
- Bugfix: Some configurations of the Remote Syslog feature could cause the related service to fail (#106306, #2018112810000018).
- Bugfix: Reintroduced the next version number when listing available GOS upgrades (#105589, #2018120410000016).
- Improvement: Improved the GOS upgrade management of sensors via the GSM master appliance (#104452).
- Improvement: Several internal improvements for MSSP setups (#105889, #103380, #105887).
- Improvement: Added / updated support for SSH access with regard to supported algorithms/ciphers, for example curve25519 (#97126).
- Improvement: The host key fingerprint checks during feed synchronisation have been configured to be stricter by default (#104258).
- Improvement: The internal state management for the GOS configuration is improved to better handle roles affected by a configuration change (#106595).
- Minor bugfix: When uploading a GSF access key but using no key file, now a proper error message is displayed instead of an internal error message (#108321).

4.3.4 (2018-12-03):

Vulnerability Management:
- Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in an empty file (#104970).
- Bugfix: In some special cases, deleting a user was causing an error message (#104883).
- New: The Web Interface was extended with a Japanese translation (#104813).
- Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied (#103819).
- Minor Bugfix: Export Topology SVG file now names the source (the host from where scans are execute) “Greenbone” (#104882, #2018111610000013).
Greenbone OS:
- Improvement: In GOS Administration Menu a range check was added for MTU (#101622, #102975).
- Improvement: Configuration changes in GOS Administration Menu on a GSM 100 will now be processed faster (about half the time) (#102464).
- Bugfix: Upon a VLAN configuration change in GOS Administration Menu, errors could occur and only after a reboot the changes came into efect (#104037, #2018110110000023).
- Bugfix: The network interface was shutdown upon activating IPv6 DHCP (#101743).
- Bugfix: Configuring a route for a VLAN caused an error (#100100, #201810241000001).
- Minor Bugfix: In GOS Administration Menu, some minor improvements and minor fixes were done (#105071, #102469, #102973).

4.3.3 (2018-10-26):

Vulnerability Management:
- Bugfix: Using quotation marks in filter triggered error in bulk action (#103032, #2018072710000037).
- Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102295, #2018100510000063).
- Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103072, #2018091310000032).
- Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100315, #2018090310000024).
- Minor bugfix: It was not possible to create tags for scanners (#100318, #2018090310000079).
- Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102251, #2018100410000056).
- Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102456, #2018100510000036).
Greenbone OS:
- Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102831).
- Bugfix: Configuring a VLAN interface without configuring the parent LAN interface caused an error (#103653, #2018102310000011).
- Bugfix: Once a the network configuration ended up in an error, further configuration was not possible (#103654, #2018102310000011).
- Minor bugfix: During upgrade a uneeded additional information dialog appeared (#103076).
- Minor bugfix: During upgrade the GOS version was not always shown properly in the about-box (#103544).
- Minor bugfix: Routes menu dialog was missing a title (#102654).
Vulnerability Scanning:
- Improved consideration of UDP services (#103074, #2017090110000021).

4.3.2 (2018-10-15):

Vulnerability Management:
- Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones (#101365).
- Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102648, #2018101010000026).
- Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#98416).
- Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101657).
- Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers (#101654, #2018072710000037).
Greenbone OS:
- Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#102467, #2017112310000029).
- Bugfix: Custom gateway configurations were not properky migrated from GOS 4.2 to GOS 4.3 (#102468).
- Improvement: GOS settings are now type-aware and also extended with range/content checking. Various settings outside sensible ranges are not rejected now (#59806, #95326, #95811, #101624).
- Improvement: When using DHCP but some network trouble causes that no IP is provided by DHCP, GOS now tries to cope with the situation better. For example, it offers to retry or skip (#99467).
- Bugfix: VLAN addresses were not poperly shown in GOS menu (#100099).
- Minor bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102836).
- Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102828).
- Minor bugfix: disallow reserved IPv6 addresses during IPv6 type check (#101279).
- Minor improvements on boot/kernel, getting rid of useless warnings (#102010).

2017-09-30: Greenbone OS 4.2

Current Patch Level: 4.2.30 (2019-07-31)

Lifecycle Status: Obsolete

Changeover: Slaves become scanners. This simplifies the handling of the scan sensors. Among other things, this means that access authorization management for slaves is now regulated via the uniform path.
Approval of sensors now required via GOS administration: Users can only configure sensors that have received a general release by the administrator of the appliance.
Advanced menu of the GOS Administration.

4.2.30 (2019-07-31):

Greenbone OS:
- Set the release status to “retired” for all GSM types with GOS 4.2. An upgrade recommendation will be displayed in the GOS selfcheck (#118948).

4.2.29 (2019-06-19):

Greenbone OS:
- Bugfix: Security update for CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 “SACK Panic” TCP remote denial of service attacks (#116441).

4.2.28 (2019-02-20):

Greenbone OS:
- Bugfix: It was possible that a scan executed on a sensor hangs in „Requested“ in case some types of SNMP credentials were configured for this scan (#0103031, #2018091310000032).

4.2.27 (2019-02-14):

Greenbone OS:
- Improvement: Improved the contents of the Greenbone Support Package. More debugging information related to the system state, system upgrades and the scanner is now included (#109009, #109314).
- Improvement: The system lock during a switch release is now much stricter, preempting more user errors (#108960).
- Bugfix: If a GSM was configured as a sensor, switch releases were not offered locally on the sensor. They could still be triggered from the master. Switch releases are offered in all cases now (#109095).
- Bugfix: Made it possible to retry a switch release or upgrade if the corresponding download was cancelled while in progress (#108961).

4.2.26 (2019-02-02):

Greenbone OS:
- Bugfix: Pre-condition test for upgrade had a bug about feed age. Only very few setups should be affected. Our Support Team can provide a trick how to overcome this situation in case the system does not allow you to upgrade (#108671).

4.2.25 (2019-02-01):

Greenbone OS:
- Improvement: A red-dialog warning was added to the release upgrade to GOS 4.3 to explain that 4.3 introduces a mandatory distinction of the mangement interface and the scan interface. This distinction make it necessary for GSM 400 and above to physically attach a second network cable to the appliance. (#108615).

4.2.24 (2018-11-20):

Vulnerability Management:
- Bugfix: Alerts configured to store a report via SMB failed for some SMB services resulting in a empty file (#91951, #2018041710000043).
- Bugfix: In some special cases, deleting a user was causing an error message (#103651, #2018081610000011).
- Bugfix: In some special cases, editing the settings of a NVT in the web interface caused an error message and the changes were not applied (#103818).
Greenbone OS:
- Bugfix: In very special cases, upon configuration changes the boot menu showed multiple entries (#103822).
Vulnerability Scanning:
- Bugfix: The scanner log showed error messages when using WMI to scan Windows systems. We have not observed impact on scan results though (#104645).

4.2.23 (2018-10-26):

Vulnerability Management:
- Bugfix: Using quotation marks in filter triggered error in bulk action (#98690, #2018072710000037).
- Bugfix: When using tag filtering in filters, numerical values were not always properly considered as text (#102296, #2018100510000063).
- Bugfix: Editing a SNMP credential via Web-UI failed with an error message about privacy_algorithm (#103070, #2018091310000032).
- Minor bugfix: When deleting a tag from some resources, a blank page was shown afterwards. The action was properly done though (#100314, #2018090310000024).
- Minor bugfix: It was not possible to create tags for scanners (#100317, #2018090310000079).
- Minor bugfix: The chart “NVTs by solution time” was not available in all NVT contexts (#102252, #2018100410000056).
- Minor bugfix: Axis labels of some charts were showing wrong units in some cases (#102457, #2018100510000036).
Greenbone OS:
- Maintenance: The encryption key for the Greenbone Support Package is updated. The previous key is a RSA 2048 key and expires November 23 2018. The new one is a 4069 RSA key and will expire November 23 2019 (#102832).
- Minor bugfix: During upgrade a uneeded additional information dialog appeared (#102833).
Vulnerability Scanning:
- Improved consideration of UDP services (80572, #2017090110000021).

4.2.22 (2018-10-15):

Vulnerability Management:
- Change for CSV Report Format Plugin: When special characters are the first ones in a column, these are escaped by a apostrophe. This prevents that a spreadsheet executes the respective cell. It is a convenience change. Actually, users should configure and use their spreadsheets in a secure way – which is also the default for most common ones (#101817).
- Bugfix: A tag to a host now gets properly orphaned in case the host is being deleted (#102649, #2018101010000026).
- Bugfix: When using GMP to upload reports, the service stopped accepting the reports after a couple of thousands of reports uploaded in a single session (#101276).
- Minor bugfix: In some special situations the resetting of filter settings to the default caused an error (#101658).
- Minor bugfix: In the assets management the functionality “Apply to selection” was not working in Chrome browsers (#101653, #2018072710000037).
Greenbone OS:
- Bugfix: Under special circumstances with master and multiple sensors (and high load on sensors), a feed update from master led to a update deadlock on the sensor and it was necessary to reboot the sensor (#83793, #2017112310000029).
- Bugfix: Adding a custom IPv4 route caused a problem. Previously configured custom routes were not affected (#102289, #2018100510000054).
- Minor Bugfix: The size for an IPv6 custom route was extended to cover full length IPv6 addresses (#102837).
- Minor bugfix: Removed some internal functionalities for GSM 100 and GSM 25 that were designed to work with a LCD (25/100 have no LCD) (#102829).

4.2.21 (2018-10-04):

Greenbone OS:
- Release switch to GOS 4.3 opened for GSM ONE. Please first upgrade to GOS 4.2.21 before switching to GOS 4.3 (#101440).
- Maintenance update of base system. This especially includes a maintanance update of the database management system (#102250).
- Minor bugfix: For hardware appliances, the boot-loader was updated only after first patch level update (#95566).

4.2.20 (2018-09-14):

Vulnerability Management:
- Extensions: New option to add delta reports to alerts. The configuration of an alert is extended with the option to create a delta report first and then apply the actual alert method. This essentially means, not the report of the task is used for subsequent processing but rather the delta report (#95423, #22348, #45442, #2014121610000019, FS-180523-4304).
- Improvement: The database cache was optimized for scan reports. This improves the performance for some scenarios with master-sensor setup and big scan reports (#88902, #2018030710000019).
- Bugfix: In rare situations it was possible that the database management system starts to become very busy and consumes all of the RAM. It is regarded a database bug because with GOS 4.3 (which includes a DBMS update) this is not reproducable. The bugfix solves the problem for GOS 4.2 for the lab test cases (#99585).
- Bugfix: The scan configuration “System Discovery” was not reporting details on operating systems, now it does (#94398, #2018060710000031).
- Bugfix: extreme large content of reports triggered a XSL transformation error when generating a report (#92618, #2018050810000022).
- Bugfix: The operations “Apply to selection/filter” for creating a target from host assets were creating empty targets (#98482, #2018072710000037).
- Bugfix: For tags the filter element “orphan” caused an error (#97694, #2018071810000045).
- Minor bugfix: It was possible to delete a report format plugin although it is configured for a vernice.pro alert (#98054, #2018071910000034).
- Minor Bugfix: Web-based creation of external scanners failed for some types (#95812).
Greenbone OS:
- Minor bugfix: Invalid guest user account caused traceback message (#100916).
- Minor bugfix: When uploading a non-certificate file when a certificate is expected, a traceback message occured (#95694).

4.2.19 (2018-08-24):

Vulnerability Scanning:
- Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#91015, #2018061410000036, #2018082210000035, #2018082010000011, #2018081710000036, #2018081710000018, #2018053110000023)

4.2.18 (2018-06-14):

Vulnerability Management:
- Bugfix: The Web-UI service, if running for a longer time at a short refresh interval (30s) for special pages and possibly in multiple browsers tabs, could sum up to a low memory problem on the appliance which in turn might have caused other problems such as repsonsiveness and availability (#93126).
- Bugfix: In the Web-UI in detached charts, the sorting was not copied over to the filter and thus the charts looked different compared to the embedded ones (#91416).
- Bugfix: The asset IDs for host assets in the results were not correct and thus the links to the asset management pointed to the same asset for an entire report (#94285, #2018060510000044).
- Bugfix: Adding user tags to SecInfo objects caused an internal error during saving (#91176, #2018041210000061).
- Bugfix: IPv6 addresses were not accepted in the host entries in the edit user dialog (#92887, #2018042710000051).
- Minor improvement: The target details were not abbreviating the target which could lead to very long entries if for example 1000 single IPs were imported. The Web-UI view is now abbreviating the content, the XML export of course still contains all data (#88918).
- Minor Bugfix: In the PDF report summary section some special characters were not escaped properly (#92022).
- Minor Bugfix: The GMP command get_reports, when applied for delta reports, did not work with empty filters (#88462).
- Minor Bugfix: After uploading a LDAP certificate, the Web-UI redirected to task overview instead of remaining on LDAP configuration page (#88900).
- Minor Bugfix: Improvements to the german online help of the Web-UI (#88411).
Greenbone OS:
- Extension: The support package is extended with more system status information about the GSM to allow for a better analysis. The technical specification of the Greenbone Support Package (GSP) was updated accordingly to the status of 2018-06-04, see here for GSP specification (#88046, #93047, #93051).
- Extension: New option to configure a web proxy for each connected scan sensor. This allows a master GSM to control its sensors through a http proxy instead of a direct connection (#93128, FS-180530-4837)
- Extension: When accessing the Web-UI via a reverse proxy which defines a high number of keep-alive requests, this could exceed the default maximum number of concurrent connections of the Web-UI and thus lead to HTTP error code 503. To cope with such a situation where the proxy can not be re-configured, the GSM now allows to change the per-ip connection limit via internal GOS setting ‘per_ip_connection_imit’ (#84890, #2017122210000029).
- Bugfix: When downloading a support package from the GSM, and in case more than one interface was configured, the information dialogs showed the wrong URL for the download (wrong IP address) (#90788, #2018040610000019).
- Bugfix: The interface configuration naming for GSM 5300/6400 was for some cases inconsistently enumerated (#91287, #2018041110000045).
- Minor Extension: Sudden power outage could lead to orphaned temporary database tables. This has no negative effect, but it will cause log messages until the orphaned tables are removed. An advanced opportunity was added to allow the removal of the orphaned tables in coordination with the Greenbone Support team (#88047).
- Minor improvement: Moving NVT files inside the feed caused warning messages in the log. Since this is actually a normal thing to happen, it will not show up anymore as a warning (#89502).

4.2.17 (2018-05-12):

Vulnerability Management:
- Bugfix: In case of comprehensive use of permissions and overrides the “Add Override” function triggered a significant amount of cache operations which slows down the system. This is avoided/optimized now (#92616, #2018050710000024).
Greenbone OS:
- Bugfix: Upgrading sensors via master automatically can be faulty with 4.2.16 (new brainpool signing key). This fixes the problem for automatic update and also the manual update trigger (#92722).
- Extension: The magic SysRq keys are now active for the unlikely event of a system panic situation. This can help for example to shut down the system cleanly and protect filesystem integrity (#91726).
- Extension: In case of filesystem damages (for example due to a sudden power outage) the filesystem repair system at boot time will now propose to reboot always after repairs happened. We highly recommend to not cancel the recommended procedure of the system (#91005).

4.2.16 (2018-05-03):

Greenbone OS:
- Bugfix: Expirey of signature key: The new brainpool key so far was only activated for NVTs, but not yet for GOS updates and new flash images. The old key expires on May 15th 2018. You must update to 4.2.16 prior to this date. Once beyond this date, GOS updates will not be possible anymore until a manual import of the new key is done (#92019, #92273, #92274, #92336, #76935).
- Extension: Next to the already available http upload option, it is now optionally possible to paste a new signing key via clipboard into a text entry (#92409).

4.2.15 (2018-04-13):

Vulnerability Management:
- Bugfix: Combining alerts with severity-based conditions could set a task connected with such an alert to Internal Error (#91095)
- Improved dialog for new password (#89444, #2018031510000031)

4.2.14 (2018-04-10):

Vulnerability Management:
- Extension: Search functionality for LDAP-based authentication by extending to use not only the DN, but also the uid attribute in the LDAP schema, and performing an LDAP search to get the DN (#57286, #75012, FS 171117-0939-UID-attribute-for-LDAP-Login).
- Extension: A new alert method was added to send scan reports to a Tipping Point SMS (#82703, FS-171117-0551-alert-for-tipping-point).
- Improvement: The response time for opening the details dialog for a single scan result was significantly shortened. We measured factors of up-to 100 times faster response (#86913).
- Improvement: Extended coverage of chinese translation of Web UI (#86876).
- Bugfix: Auto-generated credentials of type ssh-key were not working properly when scanning via sensors (#89728, #2018030810000026).
- Bugfix: Under certain conditions it was possible that starting a scan while the feed update is running led to a task hanging in status “Requested” (#83713, #88787, #2018030610000021).
- Bugfix: On some GSM models importing of Scan Reports could fail and raise an Internal Error dialog (#86914).
- Bugfix for SMB alert: The placeholder “%F” is now replaced by the chosen filetype (#85434, #2018010810000021).
- Bugfix: When deleting a user who distributed permissions, there was no warning and no option to let objects be inherited. The objects were simply deleted and not available anymore or the other users (#88321).
- Minor bugfix: In certain situation with distributed read permissions, clicking on the hosts for a report resulted in an empty page instead of a permission denial message (#55350).
- Minor bugfix: For schedules, the calendar editor did not allowto shift months backwards (#86730, #2018012910000017).
- Minor bugfix: When leaving one of the password entry fields empty in the dialog “My Settings”, an internal error was raised. Now a helpful message explains the input error (#86736).
- Minor bugfix: The report format “LaTeX” was missing some newlines around “rowcolor” (#86785).
- Minor bugfix: For plain new databases, re-order the sequence of creating database functions to avoid undefined situations. This bug had no effect for any regular shipped GSM, thus minor (#88876).

Greenbone OS:
- Extension: Custom routing can now be configured explicitly via GOS menu for non-virtual GSM models. The new menu “Routes” under “Setup”/”Network” allows the configuration of IPv4 and IPv6 routes. The configuration is not per interface, rather the system will automatically pick the best route if any interface can reach the target network. There is also a warning about trying to configure a route to unreachable network. Some advanced routing still has to be done via Expert Mode, but the most common cases can now be configured via menu. Expert Mode and new Routes configuration cannot be applied concurrently (#89505).
- Minor extension: The support package now also collect log information about user data import and system data import (#84847).
- Bugfix: The configuration of VLANs in combination with DHCP was not consistent in all cases (#85213).
- Bugfix: The configuration of DNS via menu after activating Network Expert Mode did not become active (#86503).
- Minor improvement: In some migration scenarios a headless setup is desirable and this improvement makes a headless setup more flexible (#82206, #81119).
- Minor bugfix: A non-relevant log message (“assertion” warning) when accessing a task was fixed. It occured only under certain conditions (#71011).
- Minor bugfix: Removed a misleading entry from the internal boot menu (#86379).
- Minor bugfix: Fixed a typo in the menu (#88911).

Vulnerability Scanning:
- Extension: Introduce a “wait between requests/probe” option for scanning. Scanning “critical infrastructures” components have shown the need for waiting time between network probes. Such devices can have a quite fragile TCP/IP stack and can’t handle parallel and/or multiple subsequent network requests. Outages of the network communication with other connected devices can be the result. This change does not affect any defaults. It is an additional option for the Scan Config and a new Scan Config should be created when desired to apply this setting. However, note that acivating this naturally makes the scan take longer (#86582, FS-180125-3444-wait-between-probes-in-scanner).
- Extension: The internal scan scheduler was extended with the ability to consider regular expressions for pre-conditions to launch NVTs. This enables the GSF development team to make NVTs smarter. It is planned to apply this feature in the feed very soon and improve performance for some scan scenarios, mainly authenticated scans of Linux systems will benefit (#88402, FS-180111-2416-NASL_mandatory_keys_with_re).
- Bugfix: It was possible that some NVTs were launched for situations where they did not match the situation (presumed open ports). The fix has a slight positive effect for the scan performance (#89733).
- Bugfix: In some situations many unneeded internal signature verifications were executed and could slow down scanning. This is a regression that was introduced in 4.2.13 (#89294).

4.2.13 (2018-03-14):

Scanner:
- Bugfix: Randomly some NVTs were not accepted during feed update or during startup at the first attempt. In many cases the Scanner was able to overcome the situation on its own, but in a few cases the problem becomes severe. This bugfix resolves the problem at its root (#88860).
- Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88187).

4.2.12 (2018-03-03):

Greenbone OS:
- Bugfix: The comprehensive changes of 4.2.11 introduced a bug for the feed update for updated NVTs leading to invalid hash sums. (#88630).

4.2.11 (2018-03-01):

Greenbone OS:
- Performance: The duration of starting up the scanner and the duration for updating the NVT feed was accelerated significantly. We measured up-to a factor of 30. This comprehensive change became necessary for the migration of the GSM 500/510/550 models to GOS 4.2. All other models were able to cope with the demands of the modern GOS 4.2 before, but will benefit from this acceleration. (#86323).
- Feature: The menu for log vview was added for the models GSM 25, GSM 25V and GSM ONE. (#83489, #2017112410000018, FS-171220-0411-logging-menu).
- Robustness: In case the scanner runs into a severe problem that prevents to continue his job for whatever reason, the scanner is restarted after one minute. (#86734).

4.2.10 (20108-01-19):

Vulnerability Management:
- Updated GSR HTML: The new version 0.4 adds the new section “TLS certificates”, sort indicators in table header, expand/collapse for all details of a table and total/average summary to some of the tables. Apart from some further smaller improvements, the resulting size of a report file is reduced. The level of reduction depends very much on the actual content. The best value we measured was a reduction by 70% (#84502, #75109, #2017063010000043).
- Change in power filter for performance improvement and consistency: The power filter will now search only for text columns for terms that do not refer to a specific column. This means that filters with a plain generic keyword that could be interpreted as a number (for example “6.4” or “212.10”) can produce less results (actually being more adequate). If for example explicitely a severity of 6.4 should be filterd, use “severity=6.4” (#82377, FS-171129-1004).
- Extension: The Web-UI offers an updated German translation and and also a new and complete Arabic translation. (#81116).
- Improved GSR PDF: In special situations, inconsistent fonts were applied for results. Also long CPE names are better treated in the section “Top 10 Applications” (#83830, #2017120510000016, #82546, #2017111010000026).
- Improvement for Web-UI consistency: The refresh drop down menu is no longer displayed on pages where it was non-interactive before (#80470).
- Extension: The details dialog for a CERT-Bund advisory now displays the advisory version if available. (#83965).
- Bugfix: The feedback button for Greenbone Support in the details dialog for results was missing and is now re-added (#84564).
- Bugfix: When creating a Credential, for special types this caused an error and the credential was not created (#84509).
- Bugfix: In case a schedule was configured in a special way, it caused an internal error and schedules for tasks were reset (#84889, #2017122210000011).
- Minor bugfix: Typo in task wizard dialog. (#80048)
Greenbone OS:
- Security bugfix: Although Greenbone OS did not expose an attack vector for Meltdown, the respective kernel updates are now adopted. These kernel changes affect performance in general. Our tests have shown little, but in some cases with high I/O a performance reduction of a few percent. We found no scenario with severe impact but we ask our customers to report about them to our support team in case it happens. We apologize for the Meltdown impacts, but we share this problem with virtually any other vendor (#85433, #85701).
- Improved robustness of setup wizard regarding upload of a subscription key: It becomes easier to retry again after uploading wrong files or in other way invalid keys (#81615).
- Extension: It is now optionally possible to activate encryption for the SysLog configuration (#65388, #2016121610000015).
- Bugfix: For certain values for the VLAN configuration it was possible that an internal error occurred (#84334).
- Bugfix: The log view for scanner modules stopped working after a log rotation (#85432, #2018010510000053).
- Minor bugfix: Window title for VLAN configuration (#84335).
Vulnerability Scanning:
- Bugfix: With each feed update the scanner consumed more memory due to a memory leak. Over time this resulted in performance reduction and subsequent effects. A reboot of the system solved the problem for a while. The memory leak is now resolved (#85977, #85073).
- Change: The scanner preference “log_whole_attack” is not available anymore in Scan Configurations. This is actually a debugging feature and (unintended) massive use can cause unwanted side-effects. The debug feature can now be activated via GOS CLI and GOS will warn about the use during selfchecks (#83199, #83171, #2017111710000031).
- Minor bugfix: A bug in the internal programming language for NVTs was fixed (#84584).

4.2.9 (2017-12-19):

Web-Oberfläche und GMP:
- Bugfix: Unter seltenen Umständen ist die Web-Oberfläche und GMP nach eine Migration von GOS 3.1 nicht verfügbar. Eine manuelle Reaktivierung ist möglich, aber dieser Bugfix automatisiert es (#84586, #2017111510000026).

4.2.8 (2017-12-15):

Web-Oberfläche und GMP:
- Performanz-Verbesserung: Bei sehr großen Host- und OS-Zahlen sind die Abfragen im Asset-Management nun schneller (#82376).
- Bugfix: Falls eine Aufgabe ein spezielles Zeichen im Titel enthielt so konnten dazu keine Ergebnis-Abfragen mehr erfolgen (#83717, #82474, #2017112710000076).
- Erweiterung: Für den Alarmierungs-Typ “EMail” kann der Titel nun 160 Zeichen anstatt 80 enthalten und die Textvorlage voreingestellt 2048 anstatt 1024 (#83170, #2017102510000018).
Web-Oberfläche:
- Bugfix: Beim Bearbeiten einer Aufgabe konnte es vorkommen, dass Änderungen mit Schließen des Dialogs nicht übernommen wurden (#83827, #2017111410000073).
Scanner:
- Bugfix: Bei intensiven Scans konnte es nach einige Zeit dazu kommen, dass der Scanner zu viel Hauptspeicher verbraucht hat und ein Neustart des GSM notwendig war(#83892).

4.2.7 (2017-12-04):

Web-Oberfläche und GMP:
- Bugfix: Die Gesamtzahl bei den Scan-Ergebnissen hatte die Fehlermeldungen beinhaltet. Diese werden nun nicht mehr mitgezählt (#83476, 2017112310000056).
- Migration von Report Format Plugins: Bei der Migration von GOS 3.1 nach GOS 4.2 werden alle Report Format Plugins deaktiviert die nicht zum Systemstandard gehören. Bitte beachten Sie die Hinweise zur Migration bevor sie diese wieder aktivieren (#75449).
- Bugfix: Der Fortschrittbalken für Scans konnte negative Werte annehmen falls zuvor spezielle Einstellungen auf GOS-Ebene gemacht und wieder zurückgestellt wurden (#80284).
- Bugfix: Unter speziellen Umständen konnte das Zurücksetzen des Powerfilters im klassischen Asset Management zu einer Fehlermeldung führen (#80291).
- Bugfix: Für den Abschnitt Ports des Report Browsers wurde die Filter-Einstellungen für Übersteuerungen und QoD nicht beachtet (#81947).
- Bugfix: Es kam zu einem Internal Error wenn bei bestimmten Umständen ein fehlerhafte Powerfilter verwendet wurde (#78351, #2017082910000033).
- Bugfix: Die automatisch erstellten Credential-Installationspakete für Windows haben für Windows 10 nicht funktioniert (#81894, #2017101810000013).
- Kleine Verbesserung: Bei der Verwendnung nicht existierender UUIDs für Reports via GMP gab es eine irreführende Fehlermeldung (#82301).
- Kleine Verbesserung: Sollte ein Sensor während einer Performanzanfrage nicht verfügbar sein, ist die Fehlermeldung nun passender definiert (#78870).
- Bugfix: GSR konnte bei bestimmten Inhalten der Scan-Ergenisse kein Dokument erstellen (#82601, #80179, #2017111310000057).
- Verbesserung: Der GMP Dienst wurde für besonders schnelle Zugriffe verbessert (#66155).
- Bugfix: Das Filterelement “sort-reversed” konnte nicht mit Delta-Reports kombiniert werden (#80472).
- Bugfix: In sehr seltenen Fällen konnte aufgrund spezieller Scan-Resultate Probleme mit der Datenbank entstehen (#82215, #2017110110000016).
Web-Oberfläche:
- Bugfix: Bei der Zuordnung von Gruppen zu Benutzern wurde unter bestimmten Umständen die Aktion fälschlicherweise verweigert (#76830, #2017072810000046).
- Bugfix: Bei bestimmten Click-Abfolgen konnte es vorkommen, dass das Powerfilter-Elemente “rows” fälschlicherweise auf “-1” gesetzt wurde (#80192).
- Verbesserung: Die fortgeschrittenen Task-Wizards stellen nicht mehr das das Refresh-Inverall um (#65521, #2016122110000014). * Verbesserung: Einige deutsche Üersetzungen wurden verbesserte bzw. nachgeholt (#80990, #2017101310000013).
GOS-Admin:
- Verbesserungen für die Migration der Anwenderdaten von GOS 3.1 nach GOS 4 (#83008, #80131, #82543).
- Bugfix: Bei der Master-Sensor-Konfiguration kam es unter bestimmten Umständen zu Fehlern wenn mindestens ein Sensor für Port 9390 konfiguriert wurde (#81607, #2017102310000058).
- Verbesserung: Beim Management der Logdaten wurden diese zu lange aufbewahrt (#83234).
- Verbesserung: Im Falle von erheblichen System-Fehlern ermöglicht ein sog. Failsafe-Modus in einen Minimalzustand zu gehen um das System zu analysieren oder zu reparieren (#81798).
- Verbesserung: Der Selfcheck von GOS-Admin-Menu prüft nun auch auf RAID-Fehler (GSM 5300/6400) (#82208).
- Kleiner Bugfix: Es tauchten einige unnötige Fehlermeldungen für “gsad” im log auf (#80050).
- Kleiner Bugfix: Fehlermeldungen beim starten des LCD-Anzeige Moduls (#81298).
Scanner:
- Bugfix: Es konnte unter bestimmten Umständen vorkommen, dass bei einem authentifizierten Scan via ssh auf dem Zielsystem Scan-Prozesse nicht abgebrochen wurden auch wenn der Scan gestoppt wurde. (#38015, #82704, #2017111410000019).
- Verbesserung: Diverse Log-Meldungen des Scanners wurden für eine bessere Problemanalyse erweitert (#73002).

4.2.6 (2017-11-03):

Web-Oberfläche und OMP:
- Bugfix: Tags auf die andere Anwender Lese-Recht hatten wurden nicht dargestellt. Das galt sogar auch für den superadmin (#80132, #2017092810000033).
- Bugfix für GSR/GXR: Die Summen zum Schweregrad von Hosts im PDF Bericht waren nicht immer konsistent (#80951, #2017101110000017, #80466, #2017100410000085).
- Bugfix für GSR HTML: Der HTML Bericht hat eine leere Seite angezeigt wenn man ihn mit dem Web-Browser IE geöffnet hat (#79585).
- Verbesserung zum Import von Scan-Reports: Der Import-Vorgang läuft nun im Hintergrund und blockiert dadurch nicht mehr die Datenbank (#80988).
- Verbesserung: Die Performance der Tabelle Scans->Results wurde verbessert (#80124, #80115).
- Kleinerer Bugfix für GSR: In seltenen Fällen hatte der Text zu Scan-Details einen falschen Font im PDF verwendet und konnte nicht alle Sonderzeichen korrekt darstellen (#65007, #2016120810000012, #67100, #2017020110000015).
Web-Oberfläche:
- Bugfix: Bei Verwendung des Web-Browsers Chrome waren Schaltflächen für Bulk-Aktionen nicht sichtbar (81301, #2017101710000033).
- Bugfix: Bei Verwendung des Web-Browsers IE haben einige Schaltflächen nicht auf einen Mausklick reagiert (#80418, #2017100410000067).
GOS-Admin:
- Geändertes Verhalten von Zeitplänen: Wird ein GSM nach längerer Ruhe-Phase wieder eingeschaltet, dann werden nur noch diejenigen Aufgaben gestartet welche in den letzten 60 Minuten verpasst wurden. Alle Zeitpläne die vor mehr als einer Stunde verpasst wurden, werden nicht mehr ausgeführt. In den Versionen vor 4.2.6 wurden beim Einschalten eines GSM alle verpassten Aufgaben gestartet, bei eingestelltem Intervall aber natürlich nur einmal (#81839).
- Neues Menü zur Anzeige des HTTPS Zertifikats und Fingerprints: Die Menüpunkte “Fingerprints” und “Show” wurden zum Menü Setup/Services/HTTPS hinzugefügt (#78214).
- Bugfix für SysLog: Bei Verwendung von Sonderzeichen in der Konfiguration des SysLog Dienstes konnte diesen Dienst deaktivieren (#81163).
- Interne Erweiterungen zur Kontrolle des Verhaltens von Zeitplänen um ungestört Wartungsarbeiten durchführen zu können (#81801).
- Interne Erweiterung zur Kontrolle von Abbrüchen von Web- und SQL-Anfragen um die Performance entsprechend zu beeinflussen (#70226, #81895).
- Interne Erweiterung zur Kontrolle des Hauptspeicherverbrauchs um die Auslagerung auf die Festplatte (swap memory) zu vermeiden (#81837).
- Bugfix: Im Falle eines plötzlichen Stromausfalls laufen beim nächsten Systemstart einige Rekonstuktions-Routinen um mit möglichen Schäden am Dateisystem umzugehen. Unter bestimmten Bedingungen hat das dazu geführt, dass man Fehler-Meldungen bei der Anmeldung erhielt, weil das Log-System schon benutzt wird bevor es wiederhergestellt werden kann (#81208, #2017101610000062).
- Bugfix: Im Falle eines plötzlichen Stopps der Datenbank wird der GMP Dienst nun nicht mehr automatisch ebenfalls wegfallen (#80566, #2017100610000027).
- Verbesserungen des Support-Pakets (#73641, #81306, #81307, #81308).
- Verbesserung: Für GSM Modelle 5300/6400 zeigt das LCD-Display nun auch den RAID Sync-Status (#80051).
- Kleinere interne Verbesserungen zur Vermeidung missverständlicher Log-Meldungen zu “redis” (#76132).
- Kleinere Verbesserungen: Verschiedene Begriffe, Namen und Erklärungen im GOS-Admin-Menu wurden verbessert bzw. konsistenter gestaltet (#80052, #78620, #79216, #80185, #79521, #80114, #80414, #80570).
- Interne Verbesserungen (neuer Signtur-Schlüssel, EFI, Kernel) (#73818, #78139, #80112, #81117, #72047, #81003, #73487).
Scanner:
- Performance-Verbesserung: Für einige Scan-Szenarien (wenige NVTs, viele Zielsysteme, reverse lookup) sind die Scans nun spürbar schneller (#77776).
- Verbesserung bei der Authentifizierung beim Scannen von Windows-Systemen (#78621, #81111, #201709051000003).
- Bugfix: Bei speziellen temporären Ressourcen-Problemen kann sich der Scanner nun selbst wieder in einen funktionalen Zustand versetzen (#78711).
- Anpassung von Performance-Einstellungen bei den GSM Modellen 400, 500, 510 und 550 um Situationen mit sehr hoher Last besser zu handhaben (#81614).

2015-01-26: Greenbone OS 3.1

Current Patch Level: 3.1.48 (2018-09-05)

Lifecycle Status: Obsolete

Vulnerability Scanning:
- Bugfix: The scanner could hang and cause a longer scan time because of time-outs. This problem was pressent since a while, but so rarely triggered that it was not reproducable. Recent extensions of the NVT Feed triggered the problem more often reliably and allowed to identify and fix the problem (#100238, #2018082010000021)

3.1.47 (2018-03-13):

Greenbone OS:
- Improvement for Migration to GOS 4 to allow a headless reboot (#88557).
- Add public part of new upcoming Brainpool ECC feed signing key (#78138).
Scanner:
- Bugfix: The scanner issued warnings “Possible dependency cycle detected” (#88919).
- Improvement: Prepare for handling upcoming Brainpool ECC feed signing key (#77601).

3.1.46 (2018-01-06):

GOS-Admin:
- Bugfix: Download von GOS 4.2 Image nun immer korrekt bei GSM 5300 (#85212).
- Verbesserung: Letzte Vorbereitungen für die Migration der Modelle GSM 500/510/550 (#84855).

3.1.45 (2017-12-29)

Web-Oberfläche:
- Bugfix: Es war nicht möglich neue Zeitpläne anzulegen die im Jahr 2018 starten (#85036, #2017122810000018).

3.1.44 (2017-12-15)

GOS-Admin:
- Verbesserung für Migration von GSM 25 und 100 auf GOS 4.2: Je nach BIOS/EFI/Firmware-Status kann es sein, dass eine Migration manuelle Schritte erfordert. Diese Verbesserung behebt einige Fälle davon. (#83790, #83964).
- Verbesserungen für Migration von GOS 3.1 auf GOS 4.2 von Midrange und Enterprise-Modellen (#83894, #83788, #80288).

3.1.43 (2017-11-30):

GOS-Admin:
- Verbesserung: Während des Upgrades von GOS 3.1 auf 4.2 beim GSM 100 bootet das System nach dem Flash-Update nun automatisch in das GSM Installations System. Damit entfällt ein manueller Schritt der Migration (#83619).
- Erweiterung: Für die anstehende Freigabe der Migration von GSM 25 auf GOS 4.2 wurde die automatische Übernahme der System-Konfiguration hinzugefügt (#81118).

3.1.42 (2017-11-17):

GOS-Admin:
- Aktivierung des Upgrade-Menüs für GOS 4 im GOS-Admin-Menu. Das eigentliche Upgrade kann erst dann erfolgen wenn für das betreffende GSM Modell ein Flash-Image auf dem Greenbone Feed Server bereit steht. Den Anfang macht der GSM 100 am 20. November. Die Verfügbarkeit eines jeden Modells wird über den Greenbone Newsletter bekannt gegeben (#80049).

3.1.41 (2017-09-05):

Web-Oberfläche und OMP:
- Bugfix: Bei den zeitgesteuerten Scan-Aufgaben konnte es passieren, dass die Aufgaben nicht entsprechend des eingestellten Zeitplans ausgeführt wurden oder mehrfach ausgeführt wurden (#77726, #2017062610000015, #78080, #2017071810000038).
Scanner:
- Änderung des Scan-Verfahren für authentifiziertes Scannen von Windows-Systemen: Eine ausgetauschte Protokoll-Ebene erlaubt nun das Scannen für sämtliche Konfigurations-Kombinationen von SMBv1 und SMBv2. Es gibt zudem keine Situationen mehr bei denen der Scanner auf volatile Agenten zurückgreifen muss um den Registry-Dienst ansprechen zu können (#61498, #77109).

3.1.40 (2017-08-05):

Web-Oberfläche und OMP:
- Workaround: Bei intensiver Kombination von Berechtigungen und Übersteuerungen kann das Bearbeiten oder Löschen zu einem längeren Cache-Aufbau führen. Dies kann sich durch multiple Aktionen aufsummieren. Mit der neu hinzugefügte persönliche Einstellung “Auto Cache Rebuild” kann der Cache-Aufbau temporär abgeschaltet werden um viele Aktionen schnell hintereinander ausführen zu können (#76403, #2017071810000038).

3.1.39 (2017-07-03):

Web-Oberfläche und OMP:
- Bugfix für das Bearbeiten eines Ziel-Objektes mit vielen Host-Einträgen oder mit Syntaxfehlern. Damit wird auch in der Web-Oberfläche die Limitierung auf 2000 Zeichen aufgehoben (#73059, #64285, #2017051910000049, #2016110210000061).
- Verbesserung für Slave-Passworte: Einige spezielle Sonderzeichen dürfen nun verwendet werden (#72910, #2017050810000079).
- BugFix für Super-Admin: Dieser hatte keine Schreib-Berechtigung für Notizen und Übersteuerungen von anderen Benutzern (#65028).
- Bugfix: Unter bestimmten Bedingungen konnte es vorkommen, dass während eines Feed-Updates Scan-Aufgaben nicht gestoppt werden konnten (#63837, #2016101710000044).
- Performanz-Verbesserung: In der Kombination von Notizen/Übersteuerungen und Aufgaben-Berechtigungen an andere Anwender wurde das Erstellen und das Bearbeiten beschleunigt (#73961).
- Bugfix: Beim gleichzeitigen Start einer großen Anzahl an Scans konnte es dazu kommen, dass einige Scans blockiert wurden (#74876, #2017061910000047).
GOS-Admin:
- Weitere Vorbereitungen für das Upgrade von GOS 3.1 auf GOS 4 (#74401, #73429).
Scanner:
- Performanz-Verbesserung: Speziell für große Scans konnte es zu Latenz-Effekten kommen, inbesondere wenn sehr viele HTTP-Seiten gleichzeitig gescannt wurden. Durch Optimierungen laufen solche Scans nun um ca. 3% schneller und verbauchen dabei um ca. 20% weniger CPU-Zeit. Auch Latenz-Effekte sind damit reduziert (#71135).

3.1.38 (2017-06-20)

Web-Oberfläche und OMP:
- Sicherheits-Bugfix: Es war möglich mit einem angemeldeten Benutzer die Netzwerkinterface-Einstellung von den Aufgaben anderer Benutzer zu löschen. Die Modelle GSM ONE und 25V waren nicht betroffen (#74682).
- Performance-Verbesserung: In der Kombination von Übersteuerungen und Aufgaben-Berechtigungen an andere Anwender wurde das Caching der Übersichten zu Aufgaben/Ergebnissen optimiert. Anstatt den Cache erst bei Bedarf zu erstellen wird er nun automatisch beim Anlegen neuer Berichte und vor allem beim Anlegen neuer Übersteuerungen aktualisiert. Damit ist die erste Anmeldung nach Änderungen von Übersteuerungen oder Berichten nun wesentlich schneller. Das Problem trat nur bei Benutzerkonten auf die nicht Eigentümer der Scandaten sind (#73961, #72048, #68483, #2017042710000044).
- Bugfix: Bei Zugangsdaten die für authentifizierte Scans für Windows verwendet wurden, konnte das Euro-Symbol nicht im Passwort verwendet werden (#47080, #2015022010000055).
- Bugfix: Wenn man einen HTML Report in MS Word importiert, konnte es zu Font-Problemen kommen (#67606).
- Bugfix: Zeitpläne wurden mehrfach ausgeführt wenn sie in eine Zeitumstellung (Sommer/Winter-Zeit) fielen (#70613, #2017040510000022, ##2017040310000017, #2017041010000058, #2017041210000018,#2017041310000061).
- Bugfix: Unter bestimmten Umständen konnte es beim Bearbeiten eines Powerfilters zu einer Fehlermeldung bzgl. “saver_filter_omp” kommen (#70093, #2017032910000024)
- Änderung der Auto-Delete Einstellung für Reports bei den Aufgaben: Das bisher erlaubte Minimum wurde von 5 auf 2 reduziert (#66470, #2017012310000011).
GOS-Admin:
- Weitere Vorbereitungen für das Upgrade von GOS 3.1 auf GOS 4 (#67409, #66266, #65983, #66348, #65984, #66267, #66268, #73642).
Scanner:
- Bugfix: In einigen Fällen hat ein einzelner Test das definierte Timeout überschritten und konnte bis zu 60 Minuten laufen (#67838).
- Kleiner Bugfix: In sehr seltenen Fällen konnte bei der Ausführung eines NVTs ein interner Fehler im Scanner auftauchen (“invalid next size”) (#48814).

3.1.37 (2017-02-21):

Web-Oberfläche und OMP:
- Performanz-Verbesserung für die Kombination von vielen Übersteuerungen mit Rollen-basierter Rechtevergabe (#67958).
- Performanz-Verbesserung bei großer Anzahl von LDAP-authentifizierten Benutzern (#67318).
- Verbesserungen: Dokumentation, Logging und Funktionsweise für den Benachrichtigungstyp “SCP” (#64696).
- Bugfix: Die Auswahl der Report Format Plugins für die Benachrichtigung “SCP” wird nun korrekt berücksichtigt (#64862, #2016112410000065).
- Bugfix: Zeitpläne mit einem Invervall größer als ein Monat wurden maximal monatlich ausgeführt (#65010, #2016120810000021).
- Bugfix: Ein Zeitplan mit monatlichem Interval wurde nach dem Lauf von der Aufgabe entfernt falls keine Laufzeit angegeben wurde (#64362, #2016100610000065).
- Verbesserung: Das Report Format Plugin “CSV” schützt nun zusätzlich Anführungszeichen innerhalb von Zeichenketten (#64678).
- Kleiner Bugfix: In sehr seltenen Fällen wurde intern der Zeitstempel eines Feed-Status nicht korrekt verarbeitet (#66146).
GOS-Admin:
- Verbesserung: Es ist nun möglich jederzeit via Master ein Zertifikat eines Sensors zu aktualisieren. Dies ist nun Teil von “Reset all sensor certificates” (#51245, #51242, #2015072710000015).
- Kleiner Bugfix für seltene Fälle bei der Migration zu GOS 4 (#67094).
Scanner:
- Verbesserung: Erkennung von speziellen Host-Namen in TLS-Zertifkaten (#64997).

3.1.36 (2016-12-23):

Web-Oberfläche und OMP:
- Erweiterung: Neues Verince-Tag “gsm_system_Windows_Embedded” (#63875, #2016102010000074).
- Verbesserung: Das Stoppen von Scans wird nun stärker durchgesetzt. Zugunsten eines schnelleren Abbruchs erhaten die Scan-Jobs weniger Zeit ihre aktuelle Aktivität zu beenden. Diese werden dann erst wieder aufgenommen sollte der Scan die Anweisung erhalten fortzufahren (#63832, #63830).
GOS-Admin:
- Bugfix für GSM 5300/6400: Bei einem System-Backup wurden keine dazu passenden Meldungen ausgegeben (#60020).
- Verbesserung: Für das USB-Airgap Verfahren wurden die Meldungen auf dem LCD-Display angepasst (#64635).
- Kleiner Bugfix: Interne Log-Rotation für Scanner-Logs wurde so angepasst, dass sie auch bei Feed-Updates durchgeführt wird (#60130).
- Interne Vorbereitungen für eine Migration auf GOS 4 (#64848).
Scanner:
- Erweiterung um Unterstützung von TLS-SNI (#61661, #64588. #2016080410000019).

3.1.35 (2016-10-27):

Web-Oberfläche und OMP:
- Performanz-Verbesserungen: Die Ergebnis-Ansicht bei großen Datenmengen wurde beschleunigt, darunter auch für das Anlegen von Notizen und Übersteuerungen. Ebenso wurde die Host-Ansicht beschleunigt (#63767, #62927).
- Erweiterung des Limits für Ergebnisse des voreingestellten Email Filters von 1000 auf 2000. Ab GOS 4 fällt eine Limitierung weg (#62290, #2016070510000019).
- Bugfix: Verinice GSM Tags für verschiedene Windows-Versionen wurden korrigiert (#63044, #2016092610000021).
- Bugfix: Beseitigung kleiner Fehler bei den automatisch generierten Credential-Paketen für Windows (#59700, #2016053110000018).
- Bugfix: Fehlermeldungen tauchen nicht mehr zusätzlich unter den regulären Ergebnissen auf, sondern nur noch im Abschnitt “Fehlermeldungen” (#62937).
- Kleiner BugFix: NVTs dürfen nun auch das Zeichen “&” im Namen haben (#63643).
- Kleine Verbesserungen GSR: Formatierungen bei den Ergebnis-Details kommen nun mit mehr Sonderfällen zurecht (#57213, 2016022610000024).
- Kleine Verbesserung: Scan-Config Parameter “unscanned_closed” und “unscanned_closed_udp” verwenden nun das gleiche Eingabeelement im Dialog (#62929).
Web-Oberfläche:
- Bugfix: Einige Verweise hatten inkonsistente Filter bzgl. Diagrammen und Tabellen zur Folge. Die Berücksichtigung des QoD wurde nun vereinheitlicht (#63340).
- BugFix: Die Variable SCANNER_NVT_TIMEOUT wird in der GUI nun auch aufgelöst (#62931).
- Kleiner Bugfix: Ein Darstellungsfehler durch Zeilenumbruch auf der Ergebnis-Ansicht wurde beseitigt (#62273, #2016082910000044).
- Kleine Verbesserung der Online-Hilfe zur “SCP” Alarmierung (#62274, #2015031210000014).
GOS-Admin:
- Erweiterung: Die Fingerprints der SSL Zertifikate werden nun über das GOS-Menu angezeigt und können so leichter verifiziert werden (#53378).
- Bugfix: Nach dem Anlegen eines Userdata-Backups werden nun umittelbar die nicht mehr benötigten Dateien gelöscht (#57904).
- Kleiner Bugfix: Falsche Fehlermeldung im Log zu rsyncd wurde beseitigt (#62374).
Scanner:
- Verbesserte Detektion von “rsnyc”-Diensten (#63766).
- Bugfix: Bei zirkuläre Abhängigkeiten innerhalb von NVTs bleibt der Scan nicht mehr hängen und es wird eine Meldung im Log hinterlassen (#62797).

3.1.34 (2016-09-21):

Web-Oberfläche und OMP:
- Aktualisierung von GXR/GSR: Diagramme die aufgrund der Scan-Ergebnisse oder des Filters leer sind werden nicht mehr aufgenommen. Ausserdem wurden die NVT OIDs zur besseren Lesbarkeit gekürzt. Auch wurde ein Darstellungsfehler bei Hostnamen die einen Unterstrich enthalten behoben (#61602, #62598, #2016091310000045).
- Verbesserung: Für den Start von Scans werden nun nicht mehr pauschal alle NVTs aktiviert die möglicherweise Einstellungen vornehmen. Nur noch diejenigen, für die es offensichtlich ist, werden aktiviert wie beispielsweise das Setzen der Credentials nur dann überhaupt erst zu versuchen wenn auch wirklich welche verknüpft wurden. Es handelte sich um eine Übergangslösung für Anwender von GOS 2 die nunmehr endgültig entfernt wurde. Bei großen Scans mit wenig NVTs kann dies zu leichten Performanz-Steigerungen führen (#62267).
- BugFix: GSM Tag für Windows Server 2012 wird beim Verinice ISM Report Format Plugin nun korrekt gesetzt (#60486, #2016062810000059).
- BugFix: In der Task-Übersicht zu Scanner-Details wurden Objekte angezeigt auf die man mangels Zugriffsberechtigung nicht durchgreifen konnte. Diese Objekte werden nun nicht mehr angezeigt (#57759).
Web-Oberfläche:
- Bugfix: Unter bestimmten Umständen war die voreingestellte Sortierung von Berichten nicht nach Datum (#62509).
- Kleiner Tippfehler in englischer Version beseitigt (#62509).
Scanner:
- Erweiterung: Der Scanner bietet den NVTs mehr Möglichkeiten zur Analyse von TLS-Zertifikaten an (#62139).
- Bugfix: Unter sehr seltenen und sehr besonderen Umständen konnte der Scanner bei der Ausführung eines NVT in ein Problem laufen und die Bearbeitung des betreffenden NVT abbrechen (#62465).

3.1.33 (2016-09-02):

Scanner:
- Bugfix: Unter bestimmten Umständen konnte es dazu kommen, dass einzelne Scans hängen blieben oder frühzeitig endeten (#62049).
- Bugfix: Fehlermeldungen zu Scans enthielten unter bestimmten Umständen nicht die korrekte Bezeichnung des jeweiligen Zielsystems (#62268).
- Bugfix: Bei unterschiedlichen Host-Limits auf Master und Slave konnte es dazu kommen, dass der Scan unter bestimmten Umständen im Status ‘Requested’ hängen blieb (#54755).
- Bugfix: Unter bestimmten Umständen konnte es dazu kommen, dass einzelne Schwachstellentests frühzeitig endeten (#60387).
Web-Oberfläche und OMP:
- Bugfix: Unter bestimmten Umständen wurde bei der Bearbeitung eines Tasks eine inkorrekt Fehlermeldung gezeigt (#60442).
- Bugfix: Beim Klonen eines Target wurde die ‘Alive Check’-Eigenschaft ignoriert (#60634, #2016070410000021).
- Verbesserung: Der bei Auto-Alerts verwendete Filter sortiert Ergebnisse nun nach Schweregrad vor um den maximalen Schweregrad bei sehr vielen Ergebnissen besser darzustellen (#60712, #2016070510000019).
- Verbesserung: Die maximal erlaubte Eingabelänge für das Feld ‘Target Host’ im Advanced Task Wizard wurde erhöht (#56513, #2016012810000013).
- Verbesserung: Die englischsprachige Hilfe zur ‘New Credential’-Funktion wurde verbessert (#56663, #2016020410000021).
- Verbesserung: Der Report-Format ‘Anonymous XML’ entfernt nun noch mehr Datenelemente die unter Umständen Rückschlüsse auf den Ursprung der Daten erlauben könnten (#56793, #2016021010000027).
GOS-Admin:
- Verbesserung: Zur Authentifizierung zwischen Master und Sensor kann nun auch der RSA-Algorithmus verwendet werden (#62059).

3.1.32 (2016-08-13)

Die mit (*) gekennzeichneten Einträge ändern voreingestelltes Verhalten.

Neu: Dynamische Diagramme “bar-chart”, “donut”, “lines” und “bubbles” für das SecInfo Management in der Web-Oberfläche. Für jede Objekt-Kategorie können jeweils zwei Diagramme gewählt werden. Jedes Diagramm kann auch als eigenes Fenster geöffnet. Die zugrunde liegenden Daten können als CSV Tabelle exportiert oder als HTML Tabelle geöffnet werden. Die SVG Vektor-Grafik kann ebenfalls exportiert oder direkt im Browser geöffnet werden.
Neu: Dashboard Übersicht für das SecInfo Management der Web-Oberfläche. Diese besteht aus 4 Diagrammen die individuell bzgl. Typ konfiguriert und mit Powerfilter kombiniert werden können. Die Konfiguration ist persistent für jeden Anwender.
Neu: Dynamische Diagramme für Aufgaben analog zu SecInfo Management.
Neuer Abschnitt “Ergebnisse” im Menu “Scan Management”. Dieser bietet ein Objekt-Management für sämtliche Scan-Ergebnisse in der Datenbank für die der Anwender Lese-Rechte besitzt. Damit ist es nun möglich Suche und Filterung von Ergebnissen vollkommen unabhängig von den eigentlichen Scan-Berichten durchzuführen.
Neu: SecInfo Objekt-Kategorie “CERT-Bund”. Hierbei handelt es sich um die deutschsprachigen Sicherheits-Meldungen des CERT der deutschen Bundesverwaltung.
Neu: Attribut “Solution Type” für NVTs und Ergebnisse.
Neu: Block-Aktionen um beispielsweise viele Objects mit einer einzelnen Aktion zu löschen oder herunterzuladen.
Neu: Der Konfiguration-Typ “Scanner” erlaubt die Konfiguration zusätzlicher Scanner des Typs OpenVAS (der bisherige und weiterhin voreingestellte Scanner) sowie von OSP-basierten Scannern. OSP steht für OpenVAS Scanner Protocol und ist eine generische Abstraktion für beliebige Scanner um diese dann auch generisch in das Schwachstellen-Management einzubinden.Das Aufgaben-Management wurde ebenfalls um scannertyp-abhängigen Elemente erweitert.Diese Funktionalitäten bereiten die Integration von OSP Scannern vor. Sämtliche Voreinstellungen sind so belassen, dass sich das Verhalten der vorhergehenden Greenbone OS Version nicht ändert. OSP ist also komplett optional.
Neu: Option für anonymen Gast-Zugang. Neben der neuen Rolle “Guest” die ähnlich der Rolle “Info” nur Zugang zum Abschnitt “SecInfo” erlaubt kann nun über gos-admin-menu ein Gast-Zugang für anonymen Zugriff freigeschaltet werden. Es lassen sich dann auch statische allgemeine URLs in den SecInfo Bereich verwenden.
Neu: Rolle “Monitor” die den Zugang zu den Performancedaten des GSM erlaubt.
Neu: Rolle “Super Admin” die den vollen Zugang zu allen Objekten aller Anwender erlaubt.
Neu: Berechtigung “Super” beispielsweise für das Anlegen von Gruppen-Administratoren.
Neu: Die Dateinamen für Downloads können nun via “Eigene Einstellungen” konfiguriert werden.
GXR/GSR: Diese Report Format Plugins wurden überarbeitet. Insbesondere wurde GSR bzgl. Seitenanzahl und Erstellungsdauer verbessert.
Neu: Wizard für das modifizieren von Aufgaben.
Aufgaben: Der Dialog zu den Berechtigungen wurde überarbeitet.
Zeitzonen: Die Konfiguration von Zeitzonen wurde so geändert, dass nunmehr eine Auswahlliste verfügbar ist.
(*) Anwender können nun mehrere Sitzungen gleichzeitig betreiben so lange diese in verschiedenen Browsern laufen. Bis GOS 3.0 hat eine neue Sitzung unabhängig von welchem Browser sie ausgeführt wurde die alte Sitzung unmittelbar beendet.
Auf jeder Seite der Weboberfläche wird nur nun in der Fusszeile die Dauer der jeweiligen Operation angezeigt.
(*) Anmeldedaten: Der öffentliche Schlüssel von Anmeldedaten für SSH ist nicht mehr explizit benötigt, da er nun aus dem privaten Schlüssel extrahiert wird.
Anmeldedaten/Ziele: Zugangsdaten für ESXi Zielsysteme können nun direkt beim Ziel angegeben werden anstatt in der Scan Konfiguration.
Neu: Statistik-Modul auf OMP-Ebene repräsentiert durch das Kommando “GET_AGGREGATES” welches auch die Basis für die Digramme bildet.
(*) Wird eine Aufgabe gestopped, so wird der Scanner nun angewiesen, die Abschlussphase trotzdem durchzuführen anstatt unmittelbar abzubrechen. Somit gehen die bis dahin gesammelten allgemeinen Informationen über Zielsystemen nicht mehr verloren.
Neue interne Inter-Prozess Kommunikation des Scanners.
Hauptspeicher-Verbrauch des Scanners um 50% reduziert.
(*) Keine weitere Unterstützung für das pausieren von Aufgaben (OMP).
(*) Keine weitere Unterstützung des veralteten “openvasrc” Format (OMP).

3.1.32 (2016-08-13):

GOS-Admin:
- Kritischer Bugfix: Leider enthielt 3.1.31 einen kritischen Fehler für das Sensor-Management. Sensoren die auf 3.1.31 stehen, können durch ihren Master nicht mehr mit Feed-Updates (weder NVTs noch neue GOS-Versionen) versorgt werden.Wird von einer Version 3.1.30 oder älter auf 3.1.32 aktualisiert, dann bestehen keine Probleme. Sobald jedoch ein Master auf 3.1.31 aktualisiert wurde, liegt das Problem für seine Sensoren vor die automatisch auch auf 3.1.31 aktualisiert wurden.Liegt das Problem vor, so ist leider zwingend eine manuelle Änderung auf den Sensoren notwendig. Der Greenbone Support hält für Sie ein Rezept für diese manuelle Änderung bereit. Wie bitten vielmals für diese Unannehmlichkeiten um Entschuldigung (#62030).

3.1.31 (2016-08-08):

Web-Oberfläche und OMP:
- Erweiterung: Automatisches Löschen alter Berichte. Für Aufgaben gibt es nun eine weitere Einstellung die es erlaubt eine maximale Anzahl von Berichten für diese Aufgabe festzulegen. Wird ein weiterer Bericht durch einen Scan erstellt, so wird der älteste Bericht automatisch gelöscht. Man kann also einstellen, dass zum Beispiel genau die 10 letzten Bericht aufbewahrt werden. Voreingestellt ist jedoch das bisherige Verhalten, also keine Berichte selbsttätig zu löschen (#38210).
- Verbesserung: Schlägt der Scan eines Scan-Slaves fehl weil ein falsches Passwort oder Zugangskonto für den Slave verwendet wurde, so wird nun eine Fehler-Nachricht im Bericht mit einem entsprechenden Hinweis angelegt (#59154).
- Erweiterung: Die neue Alarmierungsmethode “SCP” erlaubt es einen Scan-Bericht als XML per SCP-Protokoll zu versenden. Dies wird beispielsweise von einigen SIEM-Systemen unterstützt (#53932).
- Erweiterung: Die Alarmierungsmethode “SNMP” wurde aus der Methode “SysLog” als nunmehr eigenständige Methode ausgegliedert. Eine bislang zusätzliche Konfiguration in GOS-Admin-Menu ist nicht mehr notwendig (#58742).
- Erweiterung: Unter “My Settings” gibt es nun die “Default Severity”. Das ist der voreingestellte Schweregrad der angewendet werden soll wenn ein NVT keinen eigenen bietet. Dies kann bisher nur passieren wenn CVE-basierte OSP-Scanner eingesetzt werden und für die CVE noch keine CVSS Einstufung existiert. Voreingestellt ist der konservative Maximal-Wert 10.0 (#49729).
- Erweiterung: An das Verinice ISM Report Format Plugin kann nun auch das GSR und GXR Format angehängt werden (#41074, #60444, #54603, #2015111910000013).
- Kleine Erweiterung: Der Powerfilter für die Berechtigungen wurde um das Schlüsselwort “orphan” erweitert. Mit “orphan=1” können verwaiste Berechtigungen gefiltert werden deren Ressourcen bereits nicht mehr existieren (#55906, #2016010410000022).
- GXR/GSR: Der Topologie-Graph wird nur noch für maximal 50 Hosts erstellt (#56108, #2016011810000014).
- Kleine Verbesserung: Im Kommentar und Wert von Tags ist nun das “@”-Zeichen erlaubt (#57395).
- Bugfix: Haben Benutzernamen einige besondere Zeichen verwendet, konnten sie nicht in Gruppen oder Rollen hinzugefügt werden (#58879).
- Bugfix: Beim Import von speziellen Scan-Konfigurationen kam es zu Fehlern die den Import verhindert hatten (#59629).
- Verbesserung: Schlägt der Scan eines Scan-Slaves fehl weil ein falsches Passwort oder Zugangskonto für den Slave verwendet wurde, so wird nun eine Fehler-Nachricht im Bericht mit einem entsprechenden Hinweis angelegt (#59154).
- Bugfix: Unter bestimmten Situationen konnte es dazu kommen, dass Aufgaben auf Scan-Slaves im Status “Stop Requested” hängen geblieben sind (#59726, #2016050310000017, #2016052310000024).
- Bugfix: Geklonte vordefinierte Report-Formate sind nun automatisch auch vertrauenswürdig da ja nur die allgemeine Beschreibung geändert wird, nicht aber die interne Logik (#56990).
- Bugfix: Ein Formatierungs-Problem für spezielle NVT-Beschreibungen wurde für das GSR PDF Report Format gelöst (#56150, #2016012010000037).
- Bugfix: In sehr speziellen Fällen war es nicht möglich ein importiertes Report Format positiv zu verifizieren (#59287, #59756).
- Bugfix: Bei Delta-Berichten kam es unter bestimmten Umständen zu unnötigen Einträgen (#56952, #2016020910000011).
- Bugfix: Bei der Erstellung von z.B. GSR PDF-Berichten wurde direkt in der Web-Oberfläche gemachte Filtereinstellungen für den Host nicht beachtet während sie in der Ansicht durchaus angewendet wurden (#57256, #2016022910000055).
- Bugfix: In der Port-Listen Übersicht wurden UUIDs zu Zielen aufgelistet die diese Port-Liste verwendet haben, aber für das aktuelle Benutzerkonto nicht lesbar waren. Die Querverweise hatten dementsprechend aucn nicht funktioniert (#58885).
- Kleinere Korrekturen in der OMP Dokumentation (#56666).
Web-Oberfläche:
- Formatierungsverbesserung bei Host-Tabellen im Report Ergebnis-Browser: Spalten-Inhalte werden nun besser umgebrochen und vermeiden Tabellen mit Überbreite (#55406).
- Bugfix: Bestimmte händische Veränderungen der HTTP-Anfragen an die Web-Oberfläche führen nun unmittelbar zu einer leeren Antwort anstatt mit einer Verzögerung (#57986).
- Ergänzung der Icon-Liste für Betriebssysteme (#57183).
- Bugfix: Bei der Verwendung von Auto-Refresh konnte es nach dem Anlegen einer multiplen Zugriffs-Berechtigung zu einer Fehlermeldung kommen (#56795).
- Kleine Verbesserung: Die Benennung der Filter-Regeln im Report Ergebnis Browser wurde geändert um Mißverständnissen besser vorzubeugen auf was genau sich die Ansicht (z.B. Hosts) bezieht (#39535, #2014072410000121).
- Kleine Verbesserung: Der “once”-Status einer Aufgabe ist nun auch im Tooltip sichtbar (#48265, #2015040910000028).
- Bugfix: Der Bearbeitungs-Dialog für Benutzerkonten hatte die die LDAP-Flagge nicht automatisch gesetzt wenn es sich um ein LDAP-Konto handelte (#56469, #2016012610000017).
- Verbesserung: Unter hoher Last der Web-Oberfläche (viele gleichzeitige Anwender) kann es passieren, dass eine neue Verbindung für den Augenblick verweigert wird. Die Grenze hierfür wurde nun angehoben (#58167, #2016040710000039).
GOS-Admin:
- Menü für SNMP Trap Konfiguration entfällt. Diese ist nun in der Web-Oberfläche verfügbar (#58743, #58745).
- Die Cipher-Einstellungen des SSH-Dienstes wurden auf eine höhere Sicherheits-Stufe angehoben (#58450).
- Verbessung des internen Loggings: UUIDs von Objekten sind nun um den Objekt-Namen ergänzt und jeder “Internal Error” wird explizit aufgeführt (#58005, #58721, #59683).
- Erweiterung: Für eine Detail-Analyse eines GSM in Zusammenarbeit mit dem Greenbone Support kann nun via GOS-Admin-Menu ein verschlüsseltes Paket mit allen relevanten System-Daten erstellt werden (#44900, #60301).
- Erweiterung: Interne Aufräum-Methode für das Zurücksetzen von Scan-Sensoren (#28277).
- Verbesserung: Die internen Journal-Größen für die Datenbank wurden begrenzt (#57888).
- Bugfix: Ein Factory Reset konnte je nachdem um welches GSM-Modell es sich handelte eine Fehler auftreten. Dieser trat nur selten auf, konnte umgangen weden und ist nun beseitgt (#60488, #55414).
Scanner:
- Verbesserung: Der OpenVAS Scanner wurde robuster im Umgang mit Timeouts gemacht macht. War ein Port bereits einmal als offen festgestellt so wird bei einem Timeout mehrmals, mit zeitlichem Versatz, ein Aufbau versucht (#48537).
- Verbesserung: Ist auf dem Zielsystem SMBv1 ausgeschaltet und SMBv2 eingeschaltet, so werden nun mehr Scan-Ergebnisse bei einem authentifizierten Scan erzielt. Die Menge hängt jedoch wesentlich davon ab ob der Remote Registry Service zur Verfügung steht (#50757, #2015071510000029).
- Bugfix: Unter extrem hoher Last konnten Scan-Aufgaben auf Sensoren stecken bleiben. In Verbindung mit limitierten Zeitplänen blieben dann Aufgaben im Status “Stop Requested” zurück. Der Entstehung sog. “Scanner-Zombies” wird nun vorgebeugt (#56688, #2016020310000022).
- Bugfix: Unter bestimmten Umständen konnten SSH-Scans “hängen” bleiben. Bei Schwierigkeiten mit dem gescannten SSH-Dienst wird nun schneller abgebrochen (#54059).
- Verbesserung: Beim Scannen von SNMP Diensten wurden unter bestimmten Umständen (fehlende MIBs) unnötig viel interne Log-Informationen geschrieben (#59857).

3.1.30 (2016-05-30):

Web-Oberfläche und OMP:
- Bugfix: Bei zeitgesteuerten Scans mit limitierter Laufzeit im Master-Slave-Betrieb konnte es vorkommen, dass die Scan-Aufgabe auf dem Master gestoppt wurde, aber auf dem Slave bis zum Ende durchlief. Bei der Wiederaufnahme wurde dann ein neuer Scan gestartet anstatt den alten Scan zu Ende zu führen (#59433, #59431).
Scanner:
- Bugfix: Häufiges uns schnell hintereinander ausgeführte Stopps und Starts von Aufgaben im Master-Slave-Betrieb konnte dazu führen, dass eine Aufgabe im Status “Stop Requested” hängen geblieben ist. Verantwortlich war ein blockierender Scanner (#59642).

3.1.29 (2016-04-21):

Web-Oberfläche:
- Bugfix: Die Aktion eine gestoppte Aufgabe wieder aufzunehmen bei gleichzeitig angeschaltetem Refresh könnte zum Verlust des Session-Tickets führen (#58356).
- Bugfix: Durch Verwendung spezieller UTF-8 Zeichen im Filter konnte das Session-Ticket verloren gehen (#57961).
GOS-Admin:
- Update eines internen CA-Zertifikats mit einer neuen Gültigkeitsdauer. Dieses Update ist zwingend notwendig für die korrekte Funktion des Schwachstellen-Scannings und Schwachstellen-Managements. Es ist besonders dringend für den GSM ONE für den das Update noch innerhalb des April 2016 erfolgen muss (#57946).
Scanner:
- Für authentifizierte Scans via SSH können nun auch ECDSA Schlüssel verwendet werden (#57091, #29613).

3.1.28 (2016-02-23):

Web-Oberfläche und OMP:
- Performanz-Verbesserungen: Auf verschiedene Anwendungsszenarien hin wurde die Performanz bei Aufgaben, Berichten und Ergebnissen optimiert (#50862, #54971).
- Für verschiedene Situationen werden Aktionen nicht mehr blockiert, so dass der Anwender mit seinen Aktionen parallel zu den Hintergrundprozessen (z.B. SCAP-Update) arbeiten kann. Ebenfalls verringert wurde die CPU-Last (#44104, #56004, #56127).
- Bugfix für den Mülleimer. Es konnte dazu kommen, dass beim leeren des Mülleimers auch andere Objekte gelöscht wurden (#55296).
- Erweiterte Möglichkeiten bei der Bedingung für Benachrichtigungen: Es ist nun möglich die Treffer-Anzahl eines Powerfilters als Kriterium zu verwenden (#45430, #2015010710000019).
- Bugfix: Einige Graphen aus dem Menüpunkt Extras/Leistung wurden beim GSM ONE sowie bei GSM 500/510/550 nicht korrekt angezeigt (#55648, #2014050510000017, #54799).
- Das Report Format Plugin “Verinice ISM” wurde für eine Verallgemeinerung vorbereitet (#43295).
- Nur GSM 100: Bugfix der Aufgaben-Zeitsteuerung. Es wurden nicht immer alle zeitgesteuerten Aufgaben ausgeführt (#55259, #56466, #2016012510000028).
Web-Oberfläche:
- Die regulären Ausdrücke für die erlaubten Eingaben wurden geprüft, und zum Teil enger gefasst. Fehlerhafte Eingaben werden dadurch nun schon früher abgefangen (#55933).
- Kleine Verbesserung: Die Icons für das Löschen von Notizen und Übersteuerungen sind nur dann verfügbar wenn die Berechtigungen des Benutzers diese Aktion auch erlauben (#55384).
- Bugfix: Bei der Verwendung von Auto-Refresh konnte es nach dem Anlegen einer Zugriffs-Berechtigung für Aufgaben zu einer Fehlermeldung kommen. Die Aufgabe oder angelegten Berechtigungen sind aber nicht betroffen (#55298).
- Bugfix: Bei Verwendung von IPv6 funktionierte die Umleitung von http auf https nicht für alle IPv6 Adressen (#54839).
GOS-Admin:
- Neu: Für das Backup der Benutzerdaten steht nun neben USB und SCP zusätzlich die Methode SFTP zur Verfügung (#51195, #2015072310000013).
- Kleine Verbesserung bei der Unterstützung der TLS Cipher von OMP/HTTPS bzgl. der Einstellungen SECURE und NORMAL (#55940).
- Für die Proxy-Zugangsdaten wurden die Einschränkungen für die erlaubten Zeichen reduziert (#49453, #2015052710000055).
- In GOS-Admin-Menu wurden einige Passworte im Klartext angezeigt. Dies wurde nun abgeändert, so dass in GOS-Admin-Menu keinerlei Passworte mehr angezeigt werden (#56599, #2016020110000035).
- Im GOS-Admin-Menu wurde eine Option zum Löschen von Quelltexten hinzugefügt. Diese kann verwendet werden falls manuell Quelltexte installiert wurden (#54020).
- Kleine Verbesserung für Upgrades: Die neue Versionsnummer wurde im Verlauf des Upgrades etwas zu früh angezeigt (#47727).
- Zur Vorbereitung der kommenden Unterstützungs-Funktion für Support-Pakete wurde der PGP-Schlüssel des Greenbone Support integriert um eine Verschlüsselung von Daten zu ermöglichen die an den Support gehen (#56126).
Scanner:
- Durch die Aktualisierung einer Basis-Bibliothek für das SSH-Protokoll werden sowohl die Detektions-Fähigkeiten des Scanners erweitert als auch die Unterstützung für die SSH-Credentials für authentifizierte Scans (#52479).
- Verbesserte Robustheit des Scanners gegen unvollständige NVT-Metadaten (#55264).
- Bugfix bzgl. SSH-Verbindungen: Bei massiven Scans konnte es zur Verlangsamung oder Abbrüchen von einzelnen SSH-Verbindungen kommen (#54661).

3.1.27 (2016-02-18):

GOS Basis-System:
- Sicherheits-Bugfix, der eine schwerwiegende Schwachstelle in der allgemeinen Basis-Bibliothek “glibc” behebt. Nach vollständig beendetem Upgrade ist ein Neustart empfehlenswert (CVE-2015-7547).

3.1.26 (2016-02-02):

Web-Oberfläche:
- Sicherheits-Bugfix, der einen DoS-Angriffsvektor beseitigt. Es war möglich die Web-Session-Tickets anderer Benutzer ungültig werden zu lassen. Weder die Integrität noch die Verfügbarkeit von OMP oder SSH sind davon betroffen (#56541, GBSA-2016-02).

3.1.25 (2016-01-12):

Web-Oberfläche:
- Kleinerer Sicherheits-Bugfix, der ein offenes Redirect schließt welches nur bei Freischaltung des Gast-Modus vorlag (#55720).

3.1.24 (2016-01-09):

Web-Oberfläche:
- Sicherheits-Bugfix, der eine Cross-Site-Scripting Schwachstelle beseitigt. Sie kann nur mit einem gültigen Session-Token ausgenutzt werden. Falls der Gast-Zugang aktiviert ist, so kann das allgemeine Gast-Token verwendet werden. Allerdings verfügt der Gast-Zugang über keinerlei Schreibberechtigung für den GSM (#55720, GBSA-2016-01).

3.1.23 (2015-12-15):

Web-Oberfläche und OMP:
- Performanz-Verbesserungen: Auf verschiedene Anwendungsszenarien hin wurde die Performanz bei Aufgaben, Berichten und Ergebnissen optimiert (#51923).
- Neue Benachrichtigungsmethode “Send to host”: Diese Methode erlaubt es, das Scan-Ergebnis in verschiedenen Formaten an eine konfigurierbare Adresse als einfachen TCP Upload zu senden wie es von verschiedenen SIEM-Systemen angeboten wird (#53931, #54296).
- Bugfix für verinice ISM Report Plugin: Es kann nun ein HTML-Bericht optional angehängt werden (#54602, #2015111810000015).
- Änderung für verinice ISM Report Plugin: Das Tag “Verinice Source ID” wird nun verwendet anstatt des bisherigen Work-Arounds af Basis des Aufgaben-Kommentares (#54687).
- Neue Authentifizierungsmethode für GSM Anwender via Radius (#54696, #54060).
- Änderung: Die “Once” (“Einmal”) Checkbox für zeitgesteuerte Aufgaben bleibt aktiv nachdem der Scan gestartet wurde. Bisher wurde sie deaktiviert was aber den üblichen Arbeitsablauf behindert (#48228, #2015040710000013).
- Verbesserung: Wurden bei einem Scan keine Resultate erhoben, so werden dem Anwender hinweise gegen woran dies liegen könnte (#51462).
- Bugfix zu Übersteuerungen und CSV Export: Die Übersteuerungen werden nun auch für die CSV Exports angewendet (#52768, #2015092110000041).
- Verbesserungen zu Slave-Scans: durch einen Neustart des Master-GSM werden die Slave-Scans nicht mehr gestoppt sondern der Scan kann vom Master an gestoppter Stelle wiederaufgenommen werden (#45074, #45073).
- Verbesserung in der Schwachstellen-Ansicht im Report Browser: Notizen und Übersteuerungen werden nun angezeigt (#52187, #2015090110000024).
- Bugfix bei Übersteuerungen: Im Bearbeitungsdialog fehlte ein expliziter Knopf für die Auswahl “ja” bei der Einstellung “aktiv” (#52996).
- Verbesserung für OSP Scan-Konfigurationen: Sinnvollere Voreinstellungen bei Auswahllisten (#52572, #52376).
- Bugfix für Zähler bzgl. NVT-Familien in Scan-Konfigurationen: In einigen Fällen wird die falsche Anzahl an NVTs in der Übersicht dargestellt. Die Detail-Ansicht war hingegen korrekt (#53645, #2015091010000043).
- Bugfix für das Löschen von ESXI Zugangsdaten aus dem Mülleimer: Das Löschen ist nicht mehr erlaubt wenn die Zugangsdaten an anderer Stelle verwendet werden. (#54332).
- Bugfix für zeitgesteuerter Scans mit begrenzter Laufzeit: Beim Erreichen der erlaubten Zeit wird die Aufgabe nun ohne Fehlermeldung auf “Gestoppt” gestellt (#53049, #2015093010000041).
- Bugfix für das importieren von OSP Scan-Konfigurationen (#53088, #2015100210000083).
- Bugfix für LSC-Installer für Windows: Die bei der Installation entstehenden temporären Dateien werden nun alle nach der Installation unmittelbar gelöscht (#53680, #2015102210000036).
- Bugfix bei den Performanz-Graphen: Für nicht verfügbare Daten werden keine leeren Graphen mehr angezeigt und einige leere Graphen zeigen wieder die zugehörigen Daten an (#22336, #22856, #36565).
- Bugfix für Prognose-Berichte: Das Format NBE wird nun auch unterstützt (#52897).
- Kleiner Bugfix der eine interne Log-Meldung auf Slave-GSMs vermeidet falls ohne Zugangsdaten gescannt wurde (#54526).
Web-Oberfläche:
- Kleine Verbesserung: Für den Gast-Zugang bleibt die Seitenauswahl erhalten falls das Session-Ticket ausgelaufen ist und neu ausgestellt wird (#52165).
- Kleiner Bugfix: In einigen Fällen waren Verweise zu Objekten die im Mülleimer liegen nicht funktional (#54336).
- Session Tokens sind nun mit der IP-Adresse des Browsers verknüpft. Wird nun versucht ein Session Token von einem anderen System aus als für welches es ausgestellt wurde zu benutzen, so wird es nicht anerkannt (#52008).
- Kleine Verbesserung falls man versucht sich als Benutzer mit ungültigen Zeichen im Namen anzumelden: Bisher wurde eine Fehlerdialog geöffnet, nun wird einfach nur eine erneuter Login-Versuch angeboten (#20082).
- Bugfix: Fehlendes Icon für Lösungs-Typ “Mitigation” (#52596).
- Kleiner Bugfix: Schaltet man Block-Aktionen ein, so blieben Icons ohne Funktion sichtbar (#54335).
GOS-Admin:
- Fehlgeschlagene Login-Versuche werden nun voreingestellt im Logbuch festgehalten, inklusive der Herkunfts-Adresse (#51158, #51927).
- Interne Verbesserung: Nicht mehr benötigte Daten die nach einer Migration aus GOS 3.0 übrig geblieben sind, werden gelöscht. Es handelt sich um System-Daten, keine Anwender-Daten (#54019).
- Kleine Verbesserung: Bei Eingabe von Proxy-Credentials wird ein zusätzlicher Hinweis zur Syntax bei ADS-Umgebungen gegeben (#53684).
- Bugfix: Airgap Menü von gos-admin reflektiert nun sämtliche Airgap-Kombinationen (#54058, #51272).
Scanner:
- Berücksichtigung des Host-Alive Status bei OSP-Scannern (#51924).
- Bugfix für die Auflösung von Rechnernamen in Umgebungen die ausschließlich IPv6 unterstützen (#54216).
- Bugfix: Bei einigen OSP-Scans wurden Ziele in CIDR-Notation nicht korrekt aufgelöst (#52373).
- Interne Verbesserung des OpenVAS Scanners bzgl. Datenstrom-Block-Längen (#53023, #52146).
- Verbesserte Status-Meldung bei fehlerhaften OSP-Scannern (#52240).

3.1.22 (2015-10-30):

GOS-Admin:
- Verbesserte Robustheit des zentralen Daten-Managers gegen spezielle Last- bzw. Stress-Situationen (#53834, #53825, #53832, #53646, #2015100710000047).

3.1.21 (2015-10-20):

Web-Oberfläche und OMP:
- Kleiner Bugfix: Titel für Email-Alarmierungen nun ein “GSM” vorangestellt (#53282).
GOS-Admin:
- Bei hoher Last konnte es vorkommen, dass parallel mehr als ein Feed-Update durchgeführt wird und das System dadurch weitgehend blockiert werden konnte (#53356, #53360, #2015100710000047).
- Die Aktualisierung aus einem Factory Reset heraus konnte aufgrund einer Unstimmigkeit in den Datenmodell-Migrationsroutinen zu Fehlermeldungen bei einem Feed-Update führen. (#53358, #2015100610000031).

3.1.20 (2015-10-07):

GOS-Admin:
- Bugfix: Unter bestimmten Umständen konnte es zu einem Abbruch des Upgrade-Vorgangs kommen. Dieses Verhalten wurde behoben (#53089, #2015100210000065).
- Die Erkennung von und Benachrichtigung über einen inkonsistenten internen Zustand durch das gos-admin-menu wurde verbessert (#53091).
- Die Sichtbarkeit des Upgrade-Vorgangs in den Log-Dateien des Systems wurde verbessert (#44607).

3.1.19 (2015-09-29):

Web-Oberfläche und OMP:
- Beschleunigtes Antwortverhalten der Aufgaben-Übersicht bei hoher Scan-Last (#50860, #2015070610000037).
- Neu: Erweiterte Konfigurierbarkeit von Email-Alarmierungen. Sowohl der Titel als auch der Inhalt können nun individuell angegeben werden. Durch entsprechende Variablen kann Bezug auf die Aufgabe genommen und auch die bisherigen Textbausteine abgerufen werden. Die Voreinstellung entspricht den bisherigen Inhalten, es besteht also keine unmittelbare Anpassungs-Notwendigkeit (#50859, #50572, #2015070810000042).
- GSR Report: Unter bestimmten Umständen (getriggert durch eine Alarmierung) konnten die falsche Schweregrad-Farbe und Klassen-Benennung verwendet werden die nicht zum CVSS passten (#51820, #50171, #2015081810000058, #2015062310000015).
- Neu: XML-Repräsentation von Aufgaben enthält nun auch die Tags die an die Aufgabe angehängt sind (#52478).
- Bugfix: Über Berechtigungen geteilte Zugangsdaten konnten unter bestimmten Umständen nicht genutzt werden (#50363, #2015070110000028, #2015070810000051).
- Bugfix: Es konnte vorkommen, dass ein über eine Gruppe geteiltes Unterobjekt (z.B. eine Port-Liste) nicht lesbar war (#51416, #2015080410000039).
- Bugfix: Die Zugriffsverweigerung für einen Super-Admin via LDAP wurde behoben (#48824, #2015042710000021).
- Bugfix: Bei Verwendung des dynamischen Schweregrades wurden Timeout-Meldungen als normales Ergebnis dargestellt anstatt als Fehler (#50324, #2015070110000019).
- Kleinerer Bugfix: In Scan Konfigurationen konnte für einige Familien in der Übersicht eine falsche Anzahl der selektierten NVTs angezeigt werden. Defekt war nur die Anzeige dieser Zahl, die Selektionen waren korrekt (#48250).
Web-Oberfläche:
- Bugfix für den Export von größeren Datenmengen ab ca. 100 Objekte z.B. für CPE-Objekte (#52174).
- Neu: Bei der Erstellung eines neuen Zieles wird nun die Herkunfts-IP-Adresse des Anwenders als Vorbelegung eingetragen. (#47098, 51639, 51925).
- Neu: Bei der Erstellung einer neuen Ausgabe kann unmittelbar ein Tag angefügt werden (#35488, #2014022510000066).
- Bugfix bei Host-Zugangseinschränkung für einen Benutzer: Bereiche die in der Bindestrich-Syntax angegeben wurden (von-bis) wurden als Eingabe nicht akzeptiert (#50915, #2015080710000015).
- Benutzernamen dürfen nun auch einen Punkt (“.”) als Zeichen enthalten (#51136).
- Kleiner Bugfix: Die chinesische Übersetzung hat nun die Kennung “zh_CN” anstatt “zh” (#51112).
- Kleine Änderung: Die Login-Seite hat nun ein eigenes CSS (#50915).
- Neu: Über die “Content-Security-Policy” Einstellungen wird nun die Verwendung der Web-Oberfläche in anderen Oberflächen eingeschränkt (#51375).
GOS-Admin:
- Beschleunigtes Upgrade: Unter bestimmten Umständen konnte ein automatisches Upgrade einige Stunden dauern, da interne Datenoptimierungen ausgeführt werden. Diese werden nun nicht mehr zwingend bei jedem Upgrade ausgeführt (#51481, #2015081010000045).
- Nicht erfolgreiche Anmeldeversuche an der Web-Oberfläche werden nun inklusive der Herkunfts-IP per Voreinstellung gelogged (#51926).
- Kleiner Bugfix: Die Übernahme von TLS Cipher Änderungen erfolgt nun mit weniger Verzögerung (#43785).
- Kleiner Bugfix: Verminderung des Log-Aufkommens für ein Upgrade (#49956).
Scanner:
- Beschleunigung von Scans um ca. 10%. Die tatsächliche realisierte Beschleunigung hängt von vielen Faktoren ab und könnte durchaus höher liegen (#48799).
- Verbesserte Anbindung und Integration des Web-Anwendungs-Scanners w3af, darunter auch die bisher fehlende Seed-URL (#51266, #51334, #51412, #51283).
- Verbesserte Anbindung des IDS PaloAlto (#52600, #52579).
- Verbesserte Fehlerbehandlung bei OSP-Scannern (#51335).
- Kleiner Bugfix: Bei Anlegen eines neuen OSP-Scanners wird ein bereits abgelaufenes Zertifikat nun unmittelbar abgelehnt (#50398).
- OSP-Server verweigern nun den Start wenn das Zertifikat abgelaufen ist (#50397).
- Bugfix: Dynamischer Schweregrad stellt OSP-Scanner Ergebnisse nicht mehr als “0.0” dar (#50738).
- Neu: OSP-Anbindung für Fortinet, allerdings noch nicht zur Verwendung freigegeben (#49627, #52104).
- OpenVAS Scanner: Die Option “max_sysload” wurde aus der Scan Konfiguration entfernt, da es eine Systemweite Einstellung ist, kein scan-spezifische (#51263).
- Bugfix bei OpenVAS Scanner: Verbesserte SSH Host-Key Ermittlung (#50588).

3.1.18 (2015-09-24):

Hardware:
- Sicherheitsupdate für GSM 600 und GSM 650 welches unkonfigurierte Werkseinstellungen des BMC (Baseboard Management Controller) aus sichere Werte zurücksetzt. Ein Reboot ist nach Upgrade nicht erforderlich. Laufende Scans werden nicht beeinträchtigt. Ein Angreifer aus dem selben Netzsegment könnte den Geräte-Status auslesen, das Gerät abschalten oder einen Neustart auslösen. (#52838, GBSA-2015-01).

3.1.17 (2015-08-03):

Web-Oberfläche und OMP:
- Verbesserungen bei der Filterung bzgl. QoD durch erweiterte Verwendung des Filterelements “min_qod”. Dadurch wird für die Voreinstellungen ein konsistentere Darstellung erreicht (#46117).
- Erweiterung des Powerfilter für Ergebnisse, so dass alle Ergebnisse einer bestimmten Aufgabe über alle Berichte hinweg und zu einer bestimmten CVE selektiert werden können (z.B.: “task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320”) (#48539, #2015041010000025).
- Bugfix für den Powerfilter wenn nach Teil-Elementen von IP-Adressen gesucht wird (#49497, #2015052910000015).
- Inkonsistenzen (None vs. Log) bei der Behandlung der PCIDSS Schweregrad-Klasse beseitigt sowie Korrektur der Bereiche (#49080, #49075).
- GSR PDF Berichte: Größenbegrenzung erweitert (#49655, #2015040810000021).
- Bugfix: Bei Scans via Slaves wurden die Host-Details (z.B. das Betriebssystem) erst nach Ende des Scans in der Oberfläche sichtbar und nicht wie bei Scans ohne Slave schon während des Scans (#49655, #2015040810000021).
- GSR/GXR PDF Berichte: Ab 100 Hosts wird der Topologie-Graph ausgelassen da die Details dann ohnehin nicht mehr erkennbar sind und es die Berichtserstellung beschleunigt (#49269, #2015051810000018).
- Bugfix: QoD für “general_note” wird nun mit 1% und nicht mehr mit der Voreinstellung 75% angezeigt (#50325).
- Bugfix: Die Installationsroutine für automatisch erzeugte Zugangs-Daten funktionieren nun auch für Windows 2012 R2 und Windows 10 (#47269, #2015030210000033).
- Bugfix: Verbesserte Fehlerbehandlung bei ungültigen Benutzereingaben im Powerfilter (#49412).
- Bugfix: Globale Benutzer fehlten in den Auswahlboxen bei den Zugangsberechtigungen (#49381, #50497, #2015070610000046).
- Kleiner Bugfix: Weniger Prozess-Overhead u.a. bei der Erstellung von Berichten (#48977).
Web-Oberfläche:
- Verbesserung der Unterstützung der Sprachen in der Oberfläche. Durch eine Umstrukturierung ist es nun wesentlicher einfacher, die Web-Oberfläche für weitere Sprachen anzupassen. In diesem Zusammenhang wurde auch Deutsch und Chinesisch aktualisiert sowie eine Teilübersetzung für Russisch verfügbar gemacht (#44479, #50723).
- Erweiterte Block-Aktionen: Es ist nun erlaubt, eine wesentlich größere Anzahl an Objekten mit einer einzigen Aktion zu verarbeiten, beispielsweise eine große Anzahl alter Berichte auf einmal löschen (#50584, #2015070610000028).
- Details-Dialog für Aufgaben: Erweitert um die Information wieviele Einzelergebnisse insgesamt über alle Berichte für diese Aufgabe vorliegen und direkter Einsprung in die Ergebnis-Übersicht (#49628).
- Verbesserung: Der Dialog für die Erstellung eines neuen Anwenderkontos erlaubt nun nicht mehr die Eingabe eines Passworts, da es ohnehin für das Anlegen des Kontos ignoriert wurde (#49271).
- Bugfix bei Zugangsberechtigungen: Für ein paar Sonderfälle waren Aktions-Icons ausgegraut obwohl die Aktionen durchaus zulässig waren (#49583).
- Bugfix für den Powerfilter wo bei der Verknüpfung von bestimmten Schlüsselworten keine passende Filterung erfolgte, beispielsweise die Kombination von “task_id” und “cve”. (#49675).
- Bugfix für den Erstellungs-Dialog von Zeitplänen: Der Kommentar wurde nicht berücksichtigt (#49595).
- Erweiterung der erlaubten Zeichen in Kommentarfelder um “:” (#49494, #2015052810000026).
GOS-Admin:
- User-Data Backups können nun auch angelegt werden wenn die Datenbank größer als 4 GByte ist (#48109).
- Erweiterung der erlaubten Zeichen für das SNMPv3 Passwort um “$#?!” (#49312, #2014100110000023).
- Die SNMP Einstellung sind jetzt auch im GOS-Admin-Menu des GSM 25 enthalten (#49448, #2015052710000019).
- Bugfix für den Import von Berichten: Die Details der Detektion wurden nicht importiert (#49660, #2015060410000033).
- Bugfix für die SNMP Trap Einstellung (#46321, #50323, #2015013010000029, #2015063010000083).
- Bugfix zur Vermeidung von nicht mehr in Funktion befindlichen internen Prozessen. Dies hatte aber keinen Einfluss auf die Performanz (#48109).
- Kleiner Bugfix für den Scanner für sehr seltene Sonderfälle (#49593).
- Die schon seit langem nicht mehr verwendete CLI-Admin Einstellung “proxy_update” wurde nun endgültig entfernt. Es wird stattdessen die Einstellung “proxy_feed” verwendet. (#49593).
- Verbesserte interne Fehlermeldungen bei Datenbank-Problemen (#48876).
Scanner:
- Bugfix: Unter bestimmten Umständen wurde der Scan-Versuch einzelner Prüfungen vorzeitig abgebrochen (#48906).
- Bugfix: Bei Linux-Systemen mit sehr umfangreichen Paket-Datenbanken (mit ca. über 8000 Paketen) konnte es dazu kommen, dass nur ein Teil übertragen und analysiert wurde (#49727).
- OSP: Um Verarbeitung von Ports als Host Details sowie für Zeitstempel erweitert (#48800, #49584).
- OSP: Verbesserte Handhabung leerer OSP-Scanner-Parameter (#50548).
- Neu: Beta-Version des Paolo-Alto OSP Scanners für ausgewählte Pilot-Anwender (#48538, #51194, #50912, #50858).
- Neu: Beta-Version des w3af OSP Scanners für ausgewählte Pilot-Anwender (#50912, #43436, #49673).

3.1.16 (2015-07-03):

Web-Oberfläche und OMP:
- Bugfix: Automatische Ausführung einer Aufgabe wird jetzt nur noch für den Besitzer ausgeführt (#50140, #2015020210000026).
- Bugfix: Automatische Ausführung von Aufgaben wird nun nur noch einmal pro angegebenes Zeitfenster ausgeführt (#50314, #2015063010000065).

3.1.15 (2015-06-19):

Web-Oberfläche und OMP:
- Bugfix: Beim Stoppen von Scan-Aufgaben konnte es passieren, dass die Aufgabe im Status “Stopp angefragt” verbleibt. Erst ein Neustart hatte den Status auf “Gestoppt” zurückgesetzt (#49496, #2015052810000017).
- Bugfix: Durch eine Alarmierung ausgelöste Berichtserstellung konnte die Datenbank für die Phase der Erstellung blockieren (#49975).

3.1.14 (2015-06-16):

Web-Oberfläche und OMP:
- Bugfix: Eine Kombination aus Scans mit vorgegebener zeitlicher Begrenzung und automatisch angekoppelter Erzeugung von Berichten konnte bei umfangreichen Scans bzw. engen Zeitfenstern zu einer Blockierung der Datenbank führen (#49861, #2015061110000011).

3.1.13 (2015-05-21):

Web-Oberfläche und OMP:
- Zugriffsberechtigungen: Erweiterter Dialog für die Erstellung von neuen Zugriffsberechtigungen. Es ist nun möglich Multiple Zugriffsberechtigungen in einem Schritt anzulegen. Beispielsweise kann bei der Rechtevergabe für ein Ziel-Objekt automatisch auch die verknüpfte Port-Liste und Zugangsberechtigung berücksichtigt werden. Gleichzeitig wurde nun ein vereinheitlichter Dialog für die Rechteübersicht für alle Objekt-Typen eingeführt. Dieser findet sich auf der jeweiligen Details-Seite des Objekt-Typs. Er bietet einen Einsprung in den neuen Erstellungsdialog für Zugriffsberechtigungen und setzt automatisch alle verknüpften Objekte. Insgesamt entsteht damit ein wesentlich verbesserter Komfort für die Einrichtung, Prüfung und Bearbeitung von Zugriffsberechtigungen.(#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
- QoD: Inkonsistente voreingestellte Filterung (min_qod) ist nun vereinheitlicht und die aktuelle min_qod Wahl bleibt beim Sprung in einen Bericht erhalten. (#46989, #47891).
- Bugfix: Das Löschen von Report Format Plugins konnte unter bestimmten Umständen fehlschlagen (#48961).
- Bugfix: Der Zugriff auf den Mülleimer konnte unter bestimmten, seltenen Umständen fehlschlagen (#49058, #2015050710000021).
- Bugfix: Durch das Entfernen eine Schweregrad-Übersteuerung konnte es passieren, dass der Schweregrad nicht nachkorrigiert wurde (#47789).
- Passworte für Web- und OMP-Anwender: Es sind ist nun auch das Leerzeichen als Bestandteil des Passwortes erlaubt (#48712, #2015042210000021).
- Das Report Format Plugin “Verinice-ITG” ist nun ein vorkonfiguriertes Plugin und muss nicht mehr explizit importiert werden. (#41765).
- Bugfix: Der Name eines NVTs und sein letztes Tag werden nun auch beim Filtern berücksichtigt (#48891, #2015041610000023).
- Bugfix: Die Sortierung nach “Letztem” Bericht in der Aufgabenübersicht funktionierte nicht korrekt (#48823, #2015042710000011).
- Bugfix zu Slave-Aufgaben: War der Sensor oder Slave nicht erreichbar, konnte ein gestartet Scan nicht abgebrochen werden solange er noch nicht starten konnte (#48877, #2015040110000024).
- Bugfix für das Filtern von Scan-Ergebnissen wenn auf eine IP-Adresse eingeschränkt wird. Der Filter wurde nicht scharf angewendet und hat unter bestimmten Umständen mehr Ergebnisse geliefert als der Anwender erwartet hätte (#47710, #48890, #2015040210000041).
- Bugfix: Filter-Anweisungen bei Delta-Berichten wurden zwar korrekt ausgeführt, aber in der neuen Ansicht ging der Filter verloren. (#48063).
- Bugfix: Individuelle Port-Listen die auf einem Slave oder Sensor für einen Scan benutzt wurden, wurden dort nach Beendigung des Scans nicht automatisch gelöscht (#47889).
- Bugfix bzgl. der Anzeige des Trust-Status von Report Format Plugins (#47721, #2015022310000013).
- Bugfix für das manuelle Erstellen eines Overrides, so dass nun auch das Port-Protokoll angegeben werden kann, z.B. “80/tcp” (#48715, #2015031810000031).
- Bugfix: Unter bestimmten Umständen konnte es vorkommen, dass im Ergebnis-Browser beim ausklappen der Details diese nicht zu sehen waren wenn der Report einem anderen Anwender gehörte (#47411).
Web-Oberfläche:
- Bugfix: Verweise aus dem Asset Management in einen Report hatten nicht auf die exakte IP gefiltert, sondern diese als Substring verwendet (#48981).
- Bugfix: Die Versionsangabe zu GSR und GXR hatte fälschlicherweise noch nicht Version 3 angegeben (#48115).
- Bugfix: Die Zähler für Notizen und Übersteuerungen im NVT Details Dialog zeigten immer 0 an (#48247, #2015040810000048).
- Kleinere Erweiterungen in den Online-Hilfe-Texten (#47708, #47858).
GOS-Admin:
- Via GOS-Admin können nun von einem Master aus die angeschlossenen Sensoren angewiesen werden ein neues selbstsigniertes Zertifikat zu erstellen falls das bisherige Zertifikat ausgelaufen ist (#48788).
- OMP via IPv6: Falls OMP freigeschaltet wird, so kann dieses Protokoll nun auch via IPv6 angesprochen werden (#13592).
- User-Data Backups: Im GOS-Admin-Menu ist eine Funktion hinzugekommen eine Liste aller vorliegenden lokalen Backups der Benutzerdaten anzeigt (#47787).
- User-Data Backups: Im GOS-Admin-Menu ist eine Funktion hinzugekommen die das Löschen einzelner lokaler Backups der Benutzerdaten erlaubt (#44852).
- Bugfix für GOS-Admin: Für verschiedene IP-Adress-Einstellungen wie NTP oder die Sensoren konnten keine IPv6-Adressen angeben werden (#48523).
- Backup Management: Die Struktur im GOS-Admin-Menu wurde neu organisiert. Es liegt nun eine klarere Trennung der Backup-Typen sowie der Backup-Konfiguration vor (#44769).
- Kleiner Bugfix für den Selfcheck in GOS-Admin-Menu: Für GSM-Modelle die keine Sensoren managen können, wird kein Sensor-Check mehr angezeigt (#48442).
- Bugfix für GOS-Admin-Menu, so dass nun beim Sensor Check nun ein Scroll-Balken zur Verfügung steht um bei längeren Berichten alle Informationen einzusehen (#47055, #2015022010000019).
Scanner:
- Bugfix: Durch stoppen und wieder starten von Aufgaben konnten es im Überschneidungsbereich zu verdoppelten Ergebnissen kommen. (#48538, #48974, #2015041710000031).
- Bugfix: In einigen Fällen fehlte in den Ergebnissen der Hostname zu einer gescannten IP (#44904).

3.1.12 (2015-04-23):

Scanner:
- Bugfix im Scanner der bei bestimmten Windows-Zielsystemen bestimmte Tests nicht zuverlässig ausführen konnte. Das führte zu geringerer Anzahl detektierter Schwachstellen im Vergleich zu GOS 3.0 (#46115, #48521).

3.1.11 (2015-04-08):

Web-Oberfläche und OMP:
- Bugfix für die NVT Details: Der CVSS-Vektor war bei GOS 3.1.10 nicht mehr verfügbar. Nach dem nächsten Feed-Update sind die Vektoren wieder sichtbar (#48062).

3.1.10 (2015-04-01):

Web-Oberfläche und OMP:
- Umfassende Überarbeitung der Report Format Plugins GXR und GSR. Die Darstellungsform ist kompakter geworden. Besonders der GSR wird dadurch schneller erzeugt und umfasst weniger Seiten. Außerdem werden nun diverse aktuelle Funktionen, darunter Solution Type und QoD (#46216).
- Die Report Format Plugins GXR und GSR bieten nun eine tabellarische Übersicht über den Erfolg von Authentifizierungen an den Zielsystemen (SMB, SSH und ESXi) (#45700, #2015011510000021).
- Bugfix im GSR Report Plugin: Der Text-Eintrag zu Overrides fehlte (#47212).
- Neues Report Format Plugin “Anonymous XML”: Wie XML, es werden aber IP-Adressen pseudonymisiert und sonstige Hinweise auf die Herkunft des Scan entfernt (#38250).
- Umfassende Überarbeitung der Rechteverwaltung bezüglich Sichtbarkeit von Objekten durch User, Groups und Roles. Es werden nun zahlreiche Abhängigkeiten automatisch bei der Rechtevergabe berücksichtigt (#47310, #2015030410000011).
- Bugfix für automatisch erstellte Debian Credential Pakete (#46996).
- Vollautomatische Aktualisierung von CERT-Bund nun aktiviert (#45364, #47176, #2015022610000062).
- Bugfix beim Schlüsselwort “owner” im Powerfilter (#46915).
- Bugfix bzgl. Weiterleitung von Task-Eigenschaften an Scan-Slaves (#46721).
- Änderung zu Schedules: Ein geplanter Task wurde nicht ausgeführt wenn 3 Minuten lang nach Start keine Scanner-Ressourcen zur Verfügung waren. Diese Begrenzung ist nun aufgehoben (#46897).
- Bugfix der eine anhäufen von verloren gegangenen Scanner-Prozessen verhindert die sonst den GSM mit der Zeit ausbremsen (#47854).
- Bugfix bzgl. wechseln der “Host-Alive” Methode (#47989).
Web-Oberfläche:
- Charts: Tooltips mit Prozent-Angaben erweitert und auf die Legenden ausgedehnt (#47358).
- Bugfix: Overrides wurden im Report-Browser angewendet, aber False Positives nicht angezeigt (#47096).
- Verbesserte Benutzerfreundlichkeit des Powerfilters: Das Eingabefeld enthält nur noch die besonderen Filtereinstellungen. Alle anderen werden darunter angezeigt, können aber jederzeit ebenfalls angegeben und damit geändert werden (#45912).
- Kleiner Bugfix bei Task Details Dialog: Slave-Info wird nicht mehr angezeigt wenn ohnehin kein Slave verwendet wird (#46819).
- Kleiner Bugfix um sehr spezielle HTTP Anfragen an den GSA nun korrekt zu beantworten (content-length headers) (#15343).
- Verbesserte Online-Hilfe zu Scanner Details (#47282).
- Download-Option für Zertifikate von OSP Scannern hinzugefügt (#47281, #47283).
- SecInfo zu NVTs wurde in der Oberfläche intern auf das OMP Kommando GET_INFO umgestellt (#39910).
- Kleiner Bugfix: Graphischer Darstellungsfehler bei Charts bzgl. vieler Prozent-Zeichen (#47357).
- Kleiner Bugfix: Graphischer Darstellungsfehler bei IT-Schwachstellenampel bzgl. URLs (#46969).
- Kleiner Bugfix zur Status-Anzeige des OpenVAS Scanner: Hier stand fälschlicherweise, dass er nicht online sei (#47280).
GOS-Admin:
- Erweiterung SNMP Monitoring Parameter und MIB: Die MIB für die Greenbone Security Manager sowie weitere neu unterstützte Standard-Eigenschaften sind nun auf der Greenbone Website über SNMP dokumentiert (#44239, #29960, #2013052810000039).
- Interne Verbesserung zur Selbst-Prüfung nach Upgrades um unvollständige Upgrades zu identifizieren (#47579).
- Interne Verbesserung zum Management des OSP Ovaldi: Zertifikatsaktualisierung via GOS-Admin-Menu (#47219).
- Kleiner Bugfix der NTP-Konfiguration so dass nun keine Fehlermeldungen im Log mehr auftauchen (#46726, #2015021110000027).
- Kleiner Bugfix für CLI Admin: Für einige nicht mehr benötigte Kommandos (z.B. nosystemupgrade) lag noch ein Alias vor. Diese wurde nun entfernt (#47264).
- Auf GSM ONE ist nun das “Advanced Management” Menü in GOS-Admin-menu wieder verfügbar (#47724).
- Verbessertes Boot-Check Log (#43682).
- Bugfix für einen kleinen Fehler der aber viele Meldungen im Log verursachte (parse_ctime) (#46815).
Scanner:
- Interne Verbesserung: NVTs des OpenVAS Scanner müssen nicht mehr zwingend einen CVSS Base liefern wenn sie bereits einen CVSS Base Vector liefern (#41456).
- Verbesserung von authentifizierten Scans auf Systeme mit bestimmten aktuellen SSH-Diensten und Schlüsseltypen (#47304, #47278, #29613).
- OSP-ovaldi liefert nun auch eigene CPE als Host Detail (#45909).
- Neuer Parameter “debug_mode” für alle OSP-Scanner (#45906).

3.1.9 (2015-03-13):

Bugfix für den internen Ablauf eines GOS Upgrades (#47513).

3.1.8 (2015-03-05):

Bugfix zu TLS-Zertifikaten des voreingestellten Scanners. Unter bestimmten Umständen konnte es vorkommen, dass der Scanner keine Scans mehr ausgeführt hat und eine manuelle Zertifikats-Aktualisierung notwendig gemacht hat. Dies ist nun automatisiert (#47279).

3.1.7 (2015-03-03):

Quality of Detection (QoD): Das Konzept zur Verlässlichkeit der erfolgreichen Detektion von Schwachstellen hat nun auch in der Web-Oberfläche Einzug gehalten. Neue NVTs wurden schon seit einiger Zeit mit spezifischen QoD Werten (zwischen 0% und 100%) ausgestattet. Die QoD ist nun sowohl für NVTs als auch für Scan-Ergebnisse sichtbar. Natürlich kann nun auch bzgl. QoD gefiltert werden. Die Voreinstellungen sind so gesetzt, dass die gleiche Anzahl Ergebnisse wie bisher angezeigt wird, was einem QoD von 70% entspricht. Damit fällt nun der Parameter “paranoia” in den Scan-Konfigurationen weg, denn auch alle Tests mit geringer Trefferwahrscheinlichkeit werden nun immer ausgeführt und die Ergebnisse sind bei Bedarf jederzeit einsehbar. Ein separater Scan für sogenannte “potentielle Schwachstellen” ist nun nicht mehr nötig (#46396, #38193, #46118).
Erweiterung des Rechte-Management Dialogs für Tasks: Mit der Rechtevergabe für einen Task im Task-Details Dialog werden nun automatisch auch die Rechte für zugehörige Objekte gesetzt, beispielsweise für Alarmierung oder Schedule. (#39459, #2014072210000017).
Reduzierung der DNS Revers Lookups des GSM für die NTP-Server (#46965, #2015012110000037).
Bugfix für Ausführung von Scans via Slaves: Nun wird die die ausgewählte Port-Liste verwendet und nicht immer die Voreingestellte (#46632).
Bugfix bei der Verwendung von SSH-Schlüsseln für SSH-Credentials (#46474).
Bugfix für die Restore-Funktion des Userdata-Backup auf GSM 100 bei Migration auf GOS 3.1 (#46813, 46835, 46241, 46515).
Bugfix für Drop-Down Dialog-Elemente für Zeiten in Task Wizards (#46125).
Bugfix für Scan Fortschrittsbalken: Der Fortschritt wird nun besser wiedergegeben (#18591, #46694, #2015020210000053).
Neue Funktionen via gos-admin-menu (Abschnitt “Advanced”) für das Management der Datenbank (vacuum, analyze) (#41097, #43688).
Bugfix für Sensor-Upgrades, speziell bei Airgap (#46836).
Bugfix für individuelle Timeout-Konfiguration von NVTs bei Ausführung auf einem Slave-System (#44857, #2014121110000019).
Bugfix für fehlenden Transfer von ESXi Credentials auf Slave-Systeme (#46691).
Das erzeugen von Web-Anwendern mit gleichem Namen ist nicht mehr erlaubt (#46214).
Änderbare Aufgaben: Werden alle Berichte gelöscht, so wechselt die Aufgabe nun nicht mehr automatisch in den Status einer nicht-änderbaren Aufgabe (#42226, #2014101310000028).
Erweiterung bei Erstellung neuer Aufgaben: Es ist nun möglich bei Angabe eines Schedules festzulegen, dass dieser Schedule nur genau einmal angewendet wird. Danach wird der Schedule automatisch wieder von der Aufgabe getrennt (#46184, #2015012610000028).
Aufgaben mit Schedules die nur eine einzige Ausführung vorsehen: Nach Start des Scans wird der Schedule automatisch von der Aufgabe getrennt, da keine weitere Auslösung mehr stattfinden kann. Das bedeutet, dass nun alle Tasks in der Task-Übersicht die ein Schedule-Icon haben definitiv mindestens einmal in der Zukunft ausgeführt werden (#45943, #46185, #2015012610000046).
Erweiterung des Selfcheck von gos-admin-menu um Erreichbarkeit des internen OMP Dienstes (#46397).
Update eines externen Verweises im Online-Hilfe-System (#46390, #2015013010000047).
Aktualisierung der SSH-Bibliothek des OpenVAS Scanners, so dass authentifizierte Scans auch bei neuesten SSH-Servern funktionieren (#46542).
Bugfix für Sortierung der numerischen Spalte “IPs” bei Targets (#39267, #2014071710000018).
Bugfix für Superadmin: Icons für das Klonen sind nun nicht mehr ausgegraut (#45888).
Bugfix für Superadmin: Der Zugriff auf Notizen und Übersteuerungen ist nun möglich (#45889).
Bugfix für Auto-Credentials (#45729, #45730).
Verbesserte WMI RSOP Unterstützung für den OpenVAS Scanner (#40407).

3.1.6 (2015-01-26):

Letztes Release der Beta-Phase. Erstes Release von 3.1.

2017-04-25: Greenbone OS 4.1 für Neu-Auslieferungen ohne Sensor-Kopplung von GSM ONE, GSM 400, GSM 600 und GSM 650.

Verfügbar auch als Upgrade mit Migration für alle GSM ONE.

Aktuellster Patch Level: 4.1.7 (2017-08-24)

Lifecycle Status: Obsolete

Verwendung von LVM (Logical Volume Manager) für alle Appliances.
Verschlüsseltes Dateisystem für alle Appliances.
Überarbeitete und erheblich erweiterte Informations-Anzeige der LCD-Displays. Über die Anzeige-Steuerung an den Appliances kann auch manuell durch die Status-Inforationen geblättert werden.
Umfassend überarbeites Backup-Management: Es wird nun ein vollständig automatisierbares und effizient arbeitendes Backup-Verfahren angeboten. Jeder beliebige Sicherungs-Stand kann bei Bedarf wiederhergestellt werden. Die Backups werden über eine verschlüsselte Verbindung auf einem Backup-Server abgelegt. Ergänzend sind Backups auf einen USB-Stick möglich.
Konfiguration von VLANs ist nun komfortabel direkt in der administrativen Oberfläche von GOS möglich.

Greenbone OS 4.1.7 (2017-08-24)

Web-Oberfläche:
- Bugfix: Einige Sonderzeichen wurden in einigen Eingabefelder nicht akzeptiert und hatten den internen Fehler 500 ausgelöst (#77779).
- Bugfix: Bei kurzem Refresh-Intervall und längeren Aktionen konnte ein erneutes automatisches Refresh zum Abbruch einer Aktion führen (#72656, #2017051210000043).

Web-Oberfläche und OMP:
- Verbesserung: Die Abfrage in der Ergebnis-Ansicht wurde erheblich beschleunigt.(#72655, #2017051210000043).
- Bugfix: Zugangsdaten die an eine Alarmierung gebunden waren konnte man versehentlich löschen. Nun wird die Löschung so lange verhindert wie ein Alert damit verbunden ist (#75529).

GOS-Admin:
- Verbesserung: Die Dauer des Herunterfahrens von GOS wurde verkürzt (#69204, #74730).
- Verbesserungen für die Migration von GOS 3.1 nach 4.1 (#75205, #71995)

Scanner:
- Änderung des Scan-Verfahren für authentifiziertes Scannen von Windows-Systemen: Eine augetauschte Protokoll-Ebene erlaubt nun das Scannen für sämtliche Konfigurations-Kombinationen von SMBv1 und SMBv2. Es gibt zudem keine Situationen mehr bei denen der Scanner auf volatile Agenten zurückgreifen muss um den Registry-Dienst ansprechen zu können. (#77754, #77108).

Greenbone OS 4.1.6 (2017-07-18)

Web-Oberfläche:
- Bugfix: Diverse Darstellungsfehler für IE 11 wurden beseitigt (#75208, #73555, #73556, #73557).
- Bugfix: Die Zeittempel-Darstellung bei bestimmten Zeitzonen war nicht korrekt (“NaN”) (#75524).
- Bugfix: Bei der Darstellung einiger Graphen fehlte der Filtername (#72228, #2017050210000026).
- Kleine Verbesserung: Die Web-Oberfläche liefert nun ein robots.txt falls es durch eine regelkonforme Suchmaschine besucht wird (#70916).
- Kleine Verbesserung: Einige Dialog werden nun größer dargestellt (#72618, #2017051110000054).
- Verbesserung Online-Dokumentation (#75248).

Web-Oberfläche und OMP:
- Bugfix: Importierten Report Format Plugins konnte kein Vertrauen via digitaler Signatur bescheinigt werden (#72859, #2017051510000047).
- Bugfix: Klonen des Default OpenVAS Scanners ist nun nicht mehr erlaubt (#72652).
- Bugfix: Super-Admin kann nun auch Report Format Plugins anderer Benutzer löschen und wiederherstellen (#75651).
- Bugfix: Die Performance-Graphen wurden unter bestimmten Umständen nicht dargestellt (#75443, #2017070610000033).
- Bugfix: Beim gleichzeitigen Start einer großen Anzahl an Scans konnte es dazu kommen, dass einige Scans blockiert wurden (#75177).
- Bugfix: Beim Powerfilter hatte für RegExp das Muster “(?i)” nicht reagiert (#72261, #2017050210000099).
- BugFix für Super-Admin: Dieser hatte keine Schreib-Berechtigung für Notizen und Übersteuerungen von anderen Benutzern (#75176).
- Bugfix für das Bearbeiten eines Ziel-Objektes mit vielen Host-Einträgen oder mit Syntaxfehlern (#73060).
- Bugfix: Die eigene Einstellung zur voreingestellten Scan-Konfiguration wurde nicht verwendet (#73132, #2017052210000042).
- Performanz-Verbesserung: In der Kombination von Notizen/Übersteuerungen und Aufgaben-Berechtigungen an andere Anwender wurde das Erstellen und das Bearbeiten beschleunigt (#73889, #72431).
- Performance-Verbesserung: Der Sprung von einer NVT-Detailansicht zu den betreffenden Ergebnissen wurde erheblich beschleunigt (#69345).
- Bugfix: Bei Zugangsdaten die für authentifizierte Scans für Windows verwendet wurden, konnte das Euro-Symbol nicht im Passwort verwendet werden (#72258).

GOS-Admin:
- Verbesserungen der LCD-Anzeige für Midrange-Geräte (#71141, #73640).
- Interne Verbesserungen von GOS für Dateisystem-Prüfungen (#73290).
- Kleiner Bugfix für GOS-Menü: Hostnamen mit einem Punkt werden abgelehnt (#75178).
- Verbesserung für GOS-Menu: Das Menu konnte unter bestimmten Umständen blockiert sein (#74400).
- Verbesserung der Verfügbarkeit auch bei hoher Datenbank-Last (#69206).
- Bugfix: Unter bestimmten Umständen konnten das automatische Backup fehlschlagen (#73689).
- Erweiterung: Als Gateway kann nun auch eine IPv6 Adresse konfiguriert werden (#67696).
- Verbesserte Robustheit beim Boot-Vorgang wenn unmittelbar ein Feed-Update gestartet wird (#75175).
- Verbesserungen zur Migration von GOS 3.1 auf GOS 4.1 (#64702, #65890, #66582, #68587, #68588, #68997, #66349, #66638, #72270, #2017041210000063).

Scanner:
- Performanz-Verbesserung: Die Prüfung der digitalen Signaturen von NVTs wurde beschleunigt. Dies ist vor allem bei Feed-Updates nach längerer Offline-Zeit spürbar (#75173).
- Performanz-Verbesserung: Speziell für große Scans konnte es zu Latenz-Effekten kommen, inbesondere wenn sehr viele HTTP-Seiten gleichzeitig gescannt wurden. Durch Optimierungen laufen solche Scans nun um ca. 3% schneller und verbauchen dabei um ca. 20% weniger CPU-Zeit. Auch Latenz-Effekte sind damit reduziert (#74459).
- Verbesserung: Für TLS-Scans wurde die Erkennungsleistung erhöht (#72647).
- Interne Verbesserung: Unterstützung multipler Signaturen für NVTs (#74871).
- Interne Verbesserung für Scan-Performance (#75174).

Greenbone OS 4.1.5 (2017-06-20)

Web-Oberfläche und GMP:
- Sicherheits-Bugfix: Es war möglich mit einem angemeldeten Benutzer die Netzwerkinterface-Einstellung von den Aufgaben anderer Benutzer zu löschen. Die Modelle GSM ONE und 25V waren nicht betroffen (#74684).

Greenbone OS 4.1.4 (2017-05-31)

Scanner:
- Dringender Bugfix: Bei Scans konnte es vorkommen, dass die Prüfungen nicht in der richtigen Reihenfolge ausgeführt wurden. Das konnte dazu führen, dass weniger Scan-Ergebnisse berichtet wurden, weil die Tests zum Zeitpunkt der Ausführung noch nicht alle Informationen über das Zielsystem hatten (#73601).

Greenbone OS 4.1.3 (2017-05-23)

Web-Oberfläche:
- Bugfix: Beim Bearbeiten eines Scanners wurde das zugehörige Credential vom Typ “up” fälschlich als Typ “cc” angezeigt (#70583).
- Bugfix: Darstellungsfehler für IE 11 bzgl. Host Toplogy (#70904).
- Bugfix: Beim Wechsel der Zeitzonen-Einstellung ging die Sprachauswahl für die Web-Oberfläche verloren (#72027, #2017042710000035).
- Bugfix: Wenn Filter in Alarmierungen verwendet werden, ist das Icon für das Löschen nun ausgegraut (#68999).
- Änderung der Auto-Delete Einstellung für Reports bei den Aufgaben: Das bisher erlaubte Minimum wurde von 5 auf 2 reduziert (#67694).

Web-Oberfläche und OMP
- Bugfix: Zeitpläne wurden mehrfach ausgeführt wenn sie in eine Zeitumstellung (Sommer/Winter-Zeit) fielen (#71930).
- Performance-Verbesserung für Aufgaben-Übersicht (#72267).
- Bugfix: Unter speziellen Umständen konnte ein Scan bei dem Fortschritt von 1% von alleine in den Status “Gestoppt” wechseln (#64112).
- Bugfix: Man Musste einer Rolle zunächst alle Benutzer entfernen um sie zu löschen ansonsten gab es eine Fehlermeldung (#69381).

GOS-Admin:
- Kleiner interner Bugfix: Eine Datei des automatischen Backup Systems war fälschlicherweise im Backup-Bereich platziert(#72851).
- Interne Verbesserung für Upgrades für bessere Konsistenz von Konfigurationsdateien auch bei Stör-Einflüssen wie z.B. Stromausfall oder manuellen System-Änderungen (#72967).
- Aktivierung von internen Größeneinstellungen (#70800).
- Bugfix: Das Logging des GSA Moduls (Web-Interface) ist nun wieder aktiviert und beinhaltet neben den nicht-erfolgreichen auch die erfolgreichen Logins (#72553, 66595).
- Verbesserungen für das Upgrade von GOS 4.0 auf 4.1 (#72432, #68860, #72423, #2017050710000026, #71561, #2017042110000046).
- Verbesserungen für das Upgrade von GOS 3.1 auf 4.1 (#68860, #68653).
- Erweiterungen und Verbesserungen des Support-Paketes (#72021, #72650, #71138).
- Vorbereitungen für Modell GSM 100 (#72549, #72049).
- Verbesserung: Die SNMP Engine-ID kann nun über das GOS-Menu abgefragt werden (#66466, #2017012010000026).
- Robusteres Verhalten bei schwerwiegenden Hardwarefehlern inklusive Hinweis auf LCD Display (#70909).
- Bugfix: Neue selbst-signierte Zertifikate hatten die persönlichen Eingaben ignoriert und stattdessen die Voreinstellungen verwendet (#72023, #72217, #2017042710000017, #2017042810000015).
- Verbesserung: Während eines CSR zwischen Anfrage und Upload, ist HTTPS nicht verfügbar. Via HTTP wird nun eine entsprechende Information geliefert (#69879).
- Kleiner Bugfix: Der Abbruch eines CSR führte zu einer unnötigen internen Fehlermeldung (#72022).
- Kleine Interne Verbesserung zur Robustheit von Fehleingaben bei GOS-Variablen (#72430).
- Kleine Verbesserung in GOS-Menü: Eimheitliche Verwendung des Begriffs “Selfcheck” (#70796).
- Kleiner Bugfix im Logging bzgl. IP-Adressen (#69959).
- Erweiterung: Beim Selfcheck wird nun ein Hinweis gegeben ob seit einem Upgrade noch kein Neustart durchgeführt wurde (#72256).
- Bugfix: Für IPv4 konnte keine MTU konfiguriert werden(#71991).

Scanner:
- Bugfix: In einigen Fällen hat ein einzelner Test das definierte Timeout überschritten und konnte bis zu 60 Minuten laufen(#69139).
- Kleiner Bugfix: In sehr seltenen Fällen konnte bei der Ausführung eines NVTs ein interner Fehler im Scanner auftauchen (“invalid next size”) (#72259).
- Erweiterung: Der Scanner kann nun auf einen sehr speziellen Typ einer SSH-Backdoor prüfen (#55907).

Greenbone OS 4.1.2 (2017-04-25):

Letztes Release der Beta-Phase. Erstes Release von 4.1.

2016-12-21: Greenbone OS 4.0 für GSM ONE und GCE

Aktuellster Patch Level: 4.0.5 (2017-04-04)

Lifecycle Phase: Obsolete

Vollständig erneuertes Basis-System.
- Aktualisierung sämtlicher Komponenten.
- Durchgängige 64bit Architektur für alle Appliances und VMs.
Integriertes vollwertiges Datenbank-Management-System (DBMS) als Backend.
Umfassend überarbeitete Administrations-Ebene.
Neu: Explizites Asset Management. Die ersten Themen für das neu konzipierte Asset Management sind nun verfügbar.
- Hosts: Können aus Scans automatisch übernommen werden. Manuelles übernehmen und einfügen neuer Datensätze ist ebenso möglich wie die automatische Erstellung von Zielen anhand beliebiger Themenauswahl (z.B. “alle Windows 2012 Server” oder “alle Hosts die seit 10 Tagen nicht geprüft wurden”).
- Betriebssysteme: Werden automatisch oder manuell aus Scans übernommen. Es ist ein Vergleich der maximalen oder durchschnittlichen Gefährdung und natürlich der Anzahlen möglich.
Umfassend überarbeitete Web-Oberfläche. Sowohl optisch, technologisch als auch in den Abläufen wurde die Benutzerschnittstelle stärker überarbeitet als in allen bisherigen Updates.
- Dynamische, interaktiv konfigurierbare Chart- und Dashboard-Ansichten.
- Dynamische Ausnutzung der gesamten Fläche des Browser-Fensters.
- Webseiten für die Erstellung und Änderung von Objekten sind nun als Dialoge realisiert. Außerdem können sie damit verkettet aufgerufen werden, beispielsweise die Erstellung eines Zieles aus dem Erstellungsdialog einer Aufgabe heraus.
- Dynamische Eingabesyteme, beispielsweise für Auswahl-Listen oder für ein Datum.
Umstellung des Filters der Berichts-Ergebnisse auf regulären Powerfilter. Mit diesem Schritt ist das Verhalten des Powerfiltes nun über die gesamte Anwendung hin vereinheitlicht. Eine vollständig automatische Migration der Filter ist leider nicht möglich. Daher empfehlen wir eine Prüfung und ggf. Anpassung Ihrer Filter, insbesondere dann wenn sie auch für Alarmierungen verwendet werden.
Neue Diagramme:
- Aufgaben: Als nächstes ausgeführte Aufgaben als GANTT-Diagramm.
- Aufgaben: Kritische Probleme pro Host als Blasen-Diagramm.
- Aufgaben: Meiste kritische Probleme pro Host als vertikales Balkendiagramm.
- Berichte: Entwicklung kritische Probleme pro Host als Zeitdiagramm.
- Ergebnisse: Schwachstellen-Titel als Wort-Wolken-Diagramm.
- Ergebnisse: Schwachstellen-Beschreibungen als Wort-Wolken-Diagramm.
Neu: Alarmierungen für SecInfo. Es können nun Alarmierungen zu neu eintreffenden SecInfo-Daten konfiguriert werden.
Neu: Integrierter CVE Scanner. Der Prognose-Scan ist nun als auswählbarer Scanner für Tasks neben den anderen Scannern verfügbar und es können alle üblichen Methode für Tasks nun auch für die CVE-Scans (Prognose-Scans) angewendet werden.

Aktuellster Patch Level: 4.0.5 (2017-04-04):

Web-Oberfläche:
- Bugfix: Im Linien-Diagramm wurde das Power-Filter Element “rows” nicht korrekt berücksichtigt (#66149).
- Bugfix: Das Anlegen neuer Berechtigungen direkt aus einer Notiz oder einer Übersteuerung heraus hat nicht funktioniert (#66156, #66343).
- Bugfix: In einigen Fällen (inkonsistente Zeitstempel) kann es dazu kommen, dass das Session-Cookie vom Browser nicht mehr akzeptiert wird und ein neues angefordert wird (#68506, #67829)
- Verbesserung: Der Dilaog der “Performance”-Seite wurde überarbeitet (#67076).
- Kleiner Bugfix: Skalierungsprobleme mit einigen IE 11 Browsern (#65299).
- Kleine Erweiterung: Die Sprachunterestützung für Portugisisch und Arabisch wurde erweitert (#66272).
Web-Oberfläche und OMP:
- Kleiner Bugfix: In sehr seltenen Fällen wurde intern der Zeitstempel eines Feed-Status nicht korrekt verarbeitet (#66342).
- Verbesserung: Das Report Format Plugin “CSV” schützt nun zusätzlich Anführungszeichen innerhalb von Zeichenketten (#66339).
GOS-Admin:
- Vorbereitungen für das Upgrade auf GOS 4.1 (#69343, #66637, #67863, #69949, #69950, #70172, #66346).
- Verbesserter Hinweis-Text zum Greenbone Testschlüssel, nur bei GCE (#69951, #68778).
- GCE: Vorbereitung für Evaluierungs-Schlüssel (GEF) (#70394).

Scanner:
- Erweiterung um Unterstützung von TLS-SNI (#66336).
- Bugfix: Die “Host-Dead”-Beurteilung wurde verbessert (#67080). * Bugfix: Der Scanner hatte Probleme beim Scannen spezifischer Samba-Dienste (#68106).
- Bugfix: Der Scanner kann bestimmte größere Ziel-System-Umgebungen nun schneller absolvieren (#68777).
- Bugfix: Es konnte unter bestimmten Bedingungen vorkommen, dass der Scanner unnötig viel CPU-Zeit beansprucht. (#64551)
- Kleine Verbesserung: Das interne Logging des Scanners wurde erweitert um bei Problemen bessere Analysen zu ermöglichen (#56130).

Greenbone OS 4.0.4 (2017-03-30)

GOS-Admin:
- Bugfix: Unter bestimmten Umständen (fehlender oder langsam antwortender DNS) werden Namen (z.B. Scan-Ziele) auf die lokale Adresse aufgelöst (#70091).

Greenbone OS 4.0.3 (2017-01-13)

Web-Oberfläche und OMP:
- Kleine Bugfixes: Einige Funktionen waren in der Oberfläche anwählbar auch wenn keine Berechtigung bestand. Hat man es dann trotzdem angewählt wurde ein interner Fehler gemeldet (#65303, #64592, #64681, #64712).
- Kleiner Bugfix: Nach Löschung eines Benutzers wurde zunächst eine leere Seite angezeigt (#65301).

2014-03-21: Greenbone OS 3.0

Aktueller Patch Level: 3.0.38 (2015-10-07)

Lifecycle Phase: Obsolete

Die mit (*) gekennzeichneten Einträge ändern voreingestelltes Verhalten.

Versionierung: Ab GOS 3.0 werden die Patch-Level-Versionen durch die dritte Ziffer der Version gekennzeichnet. Also wird beispielsweise der neunte Patch Level “3.0.9” lauten anstatt “3.0.0-9”.
Benutzer-Gruppen: Für Zugriffsrechte-Vergabe können Benutzerkonten frei wählbaren Gruppen zugeordnet werden. Die Web-Oberfläche bietet das vollständige Management der Gruppen für Anwender mit Administrator-Rolle an.
Permissions: Unter dem Menü “Configuration” gibt es nun den Punkt “Permissions”. Hier werden sämtliche Zugriffsfreigaben des Benutzers dargestellt und können bearbeitet werden.
(*) Rolle “User” wird das Recht entzogen, alle anderen Benutzernamen abzurufen. Das Recht andere Benutzernamen zu sehen (“get_users”) muss nun explizit gegeben werden. Dies hat Auswirkungen auf das Verteilen von Leserechten auf eigenen Aufgaben an andere Anwender. In der Benutzeroberfläche sind die Dialog-Elemente dafür nur dann verfügbar wenn der Benutzer das entsprechend Recht wieder eingeräumt bekommt. Das kann beispielsweise direkt für den Benutzer erfolgen via Administration der Anwenderkonten.

Alternativ kein man eine neue Rolle (z.B. “Anwender sehen”) erstellen die ausschließlich das Recht “get_users” enthält. Diese neue Rolle kann dann als Ergänzung an alle Benutzer verteilt werden die die entsprechende Berechtigung erhalten sollen. Natürlich sind auch andere Berechtigungs-Modellierungen nach eigenen Vorstellungen möglich.

(*) Alive-Test (Up-Test, Ping-Test): Die Art dieses Tests mit dem festgestellt wird ob ein System aktiv ist und daher gescannt werden kann ist nun auch als Eigenschaft des Objektes “Target” einstellbar, also ohne Änderung von einem Task oder einer Scan Configuration. Mögliche Methoden sind ICMP, TCP und ARP wie bisher auch. Die Voreinstellung für den Alive-Test ändert sich von ICMP&TCP&ARP auf nur ICMP. Damit können sich möglicherweise Ergebnisse bei Ihren Scan-Aufgaben ändern weil Systeme nicht mehr als aktiv angesehen werden. In den meisten Fällen mit größeren IP-Bereichen wird sich aber die Scan-Dauer deutlich verringern. Sie müssen aber weder eine neue Scan-Configuration anlegen noch den Task sondern bei Bedarf einfach nur die Alive-Test Methode beim Target anpassen.
(*) Severity (Schweregrad) ersetzt Threat: Das Konzept der “Threat” Klassen wurde umfangreich erweitert auf das “Severity” Konzept bei dem der Schweregrad nicht nur die Klasse beinhaltet sondern auch den CVSS-Wert. Der CVSS-Wert einer Severity ist jeweils der höchste CVSS-Wert in den zugehörigen Scan-Resultaten. Dies erlaubt eine feinere Unterscheidung in der Ansicht aber beispielsweise auch bei der Sortierung. Dies bedeutet weitreichende Änderungen für die gesamte Anwendung:
- Task-Übersicht: Bisher wurde für Tasks nur der Threat-Level gespeichert. Da bei alten Tasks noch Ergebnisse nur mit Threat-Level und ohne CVSS enthalten sein können (inzwischen wurde alles auf CVSS harmonisiert) werden die alten Regeln für Threat-Level Zuordnung verwendet und jeweils das Maximum des Levels bei der Migration eingetragen. Das bedeutet, dass in der Severity dann durchaus ein höherer CVSS Wert stehen kann als in den Scan-Ergebnissen vorhanden. Der Threat-Level ist damit aber garantiert der ursprüngliche Wert. Folgende Zuordnung erfolgt bei der Migration: High: 10.0, Medium: 5.0, Low: 2.0. Bei neuen Scans werden natürlich dann die exakten Werte verwendet wie sie in den Ergebnissen vorliegen.
- Task-Details: Für die Liste der Reports eines Tasks gilt die gleiche Änderung und Migrations-Regel wie für die Task-Übersicht.
- Notizen: Die bisherige Unterscheidung von High, Medium, Low entfällt und wird zusammengefasst. Damit wird vermieden, dass Notizen bei Aktualisierungen des NVTs nicht mehr angezeigt werden.
- Overrides (Übersteuerungen): Die bisherige Unterscheidung des Ausgangswertes von High, Medium, Low entfällt und wird zusammengefasst. Damit wird vermieden, dass Overrides bei Aktualisierungen des NVTs nicht mehr berücksichtigt werdendes weiteren wird nun als Neuer Schweregrad kein Threat-Level mehr sondern ein CVSS-Wert angegeben. Alte Overrides mit Threat-Level werden nach dem gleichen Schema migriert wie bei den Tasks und Reports (siehe oben).
Tags: Die neue Konfigurations-Objektklasse “Tag” erlaubt es, kurze Texte an fast alle anderen Objekte anzuhängen. Diese stehen bei der Filterung und auch beim Export zur Verfügung. Es können damit sowohl Thematisch Gruppen gebildet werden oder auch beliebige Attribute angehängt werden.
Reports: Unter dem Menü “Scan Management” gibt es nun auch eine Übersicht zu sämtlichen vorliegenden Reports, unabhängig von der Zugehörigkeit zu den Tasks. Auch hier ist der Powerfilter verfügbar. Diese neue Ansicht ersetzt die bisherige Report-Liste die in den Task-Details verwendet wurde. Die passenden Filter werden dabei automatisch gesetzt.
Suchmaske für sämtliche Objekte im SecInfo Management: Über den Menüpunkt “All SecInfo” kann über insgesamt knapp 300.000 Objekte unterschiedlicher Art nach Stichworten und mit weiteren Möglichkeiten des Powerfilters gesucht werden.
Weboberfläche wurde um multilinguale Unterstützung erweitert und in deutsche Sprache übersetzt.
Neue voreingestellte Scan Configuration “Host Discovery”. Diese Scan Configuration ermittelt lediglich hinter welchen Zieladressen sich tatsächlich Systeme verbergen. Es werden keinerlei Schwachstellen-Prüfungen durchgeführt. Es gibt lediglich eine Liste von aktiven Systemen bei der Suche aufgefunden wurde.
Neue voreingestellte Scan Configuration “System Discovery”. Diese Scan Configuration ermittelt den Typ der Systeme, also Betriebssystem und/oder Hardware-Gerät. Es werden keinerlei Schwachstellen-Prüfungen durchgeführt. Das Resultat ist vor allem eine Liste der Betriebssysteme die aufgefunden wurden.
Neue voreingestellte Scan Configuration “Discovery”. Diese Scan Configuration verwendet sämtliche NVTs die so viel wie möglich über die Zielsysteme und den dort laufenden Diensten und installierten Anwendungen herauszufinden versuchen. Es werden aber keinerlei Schwachstellen-Prüfungen durchgeführt.
Tasks: Die neue Klasse “Alterable Task” gestattet es das Ziel und die Scankonfiguration auch dann zu ändern wenn bereits Berichte erstellt wurden. Damit sind diese Tasks eine Spielwiese um verschiedene Scans auszuprobieren, garantieren dabei eben aber nicht mehr die Konsistent der Berichte zueinander.
Integrierter Online CVSS Rechner: Unter Menü “Extras/CVSS Calculator” steht ein Formular zu Berechnung von CVSS zu Verfügung.
(*) Reports: Der Browser für die Report-Ansicht wurde vollkommen neu gestaltet und in mehrere Abschnitte aufgeteilt die jeweils eine eigene Seite erhalten haben. Es sind zahllose Änderungen und Erweiterungen eingeflossen. Achtung: Die Änderungen sind sehr weitreichend und betreffen unter Anderem sowohl die voreingestellte Ansicht also auch die Powerfilter. Alte Powerfilter für Berichte werden unter Umständen nicht mehr funktionieren und müssen neu angelegt werden.
(*) Reports: Anwender können nun individuell einstellen welche Schweregrad-Einteilung (High, Medium, Low) bei der Ansicht verwendet werden soll. Achtung: Die Voreinstellung verwendet nun die Einteilung die auch NIST verwendet. Daher können in der Darstellung die Farben umspringen und auch die Filter werden ggf. andere Ergebnisse liefern. Wer das alte Verhalten haben möchte kann dies unter “My Settings” wieder als “OpenVAS Classic” einschalten.
Powerfilter: Der Powerfilter bietet nun eine Aufklapp-Funktion an die die Filter-Kommandos der Zeichenkette als Dialog anbietet. Dialog und Filter-Zeichenkette werden automatisch wechselseitig synchronisiert.
Target: Es ist nun möglich den gewählten Bereich der Zielsysteme durch einige Regeln einzuschränken. Dazu gehören die Angabe einer Ausschlussliste sowie die Möglichkeit doppelte Einträge aufgrund Reverse Lookup zu vermeiden oder ein Reverse Lookup obligatorisch zu machen.
Host Zugangsregeln: Die Möglichkeiten das Scannen von bestimmten Hosts für einen Anwender zu Verweigern oder zu gestatten wurden erweitert. Beispielsweise ist es nun auch möglich dort Host-Namen zu verwenden.
Interface Zugangsregeln: Diese neue Funktionalität erlaubt es zum einen pro Task ein spezielles Interface (wie etwa “eth1”) zu verwenden. Zum anderen kann man pro Benutzer Verwendungsregeln für Interfaces definieren.
Problem bei DNS-Auflösung während Scan: Jede fehlgeschlagene Auflösung eines Zielsystem-Namens wird nun im Report im Abschnitt “Errors” aufgelistet.
Reports: Die Port-Informationen werden nun ergänzt um den aktuellen IANA Service der für diesen Port registriert ist.
Neues voreingestelltes Report Format Plugin “CSV Results”: Komma-separierte Text-Tabelle der Einzelergebnisse.
Neues voreingestelltes Report Format Plugin “CSV Hosts”: Komma-separierte Text-Tabelle der Ergebnisübersicht zu den einzelnen Zielsystemen.
(*) Die Scanner-Einstellung “silent_dependencies” wurde entfernt. Sie hat den Umfang der Ergebnisse auf diejenigen NVTs reduziert, die explizit ausgewählt waren. Diese Reduzierung ist nicht mehr nötig, da durch den Powerfilter eine nachträgliche Reduzierung erfolgen kann. Damit wird gleichzeitig dafür gesorgt, dass im Sinne von transparenter und vollständiger Information auch alle Log-Daten des Scans verfügbar sind. Falls Sie Scan Konfigurationen mit dieser Einstellung verwenden, dann werden Sie nun mehr (alle) Ergebnisse in neuen Berichten sehen.

Beachten Sie, dass bei Verwendung der vor-definierten Scan Konfigurationen keine Änderungen zu beobachten sein werden. Diese Scan Konfigurationen selektieren ohnehin sämtliche NVTs explizit.

(*) Die Scanner-Einstellung “host_expansion” wurde entfernt. Sie war gedacht zur automatischen Erweiterung der vorgegebenen Ziele. Diese Funktionalität ist jedoch nicht Aufgabe des Scanners, zumal es zu nicht absehbaren Ausweitungen kommen kann. Bei Verwendung der vor-definierten Scan Konfigurationen oder davon abgeleiteter finden keine Änderungen des Verhaltens statt.
(*) Der Scanner erzeugt für detektierte Ports keine expliziten Meldungen mehr. Diese hatten keinen Bezug zu einem NVT und sind ohnehin redundant. Eine Übersicht zu den gefunden Ports wird bereits durch andere NVTs als Log-Information geliefert und steht nun sogar auch als explizite Übersicht in der Web-Oberfläche im Rahmen des neuen Report-Browsers zur Verfügung.
Tasks: Es ist nun möglich die Reihenfolge der Zielsysteme während des Scans zu konfigurieren: Sequentiell (wie bisher), Rückwärts und Zufällig.
Task Details: Die Liste der Berichte wird nun über das neue Objekt-Management verwaltet und erhält damit unter Anderem Zugang zum Powerfilter.
Notes/Overrides: Der eigentliche Notizen-Text wird nun als ID in der Liste verwendet anstatt des NVT-Namens.
Web-GUI: Konsistenter Zugang zu den Details eines Objektes über die ID in der ersten Spalte. Der damit redundante Knopf für “Details” wird daher aus der Liste der “Actions” entfernt.
Benutzer-Management ist nun auch via OMP verfügbar.
Feed-Management ist nun auch via OMP verfügbar.
Port 80 wird automatisch umgeleitet auf Port 443. Dies bedeutet, dass bei Eingabe von “http://gsm.example.com” automatisch auf “https://gsm.example.com” umgeleitet wird anstatt dass der Browser einen Fehler meldet.
OVAL Definitions: Sowohl die Übersicht als auch der Details-Dialog der OVAL Definitions wurde überarbeitet.

Patch-Level GOS 3.0:

3.0.38 (2015-10-07):
- GOS-Admin:
  - Die Erkennung von und Benachrichtigung über einen inkonsistenten internen Zustand durch das gos-admin-menu wurde verbessert (#53092).
3.0.37 (2015-09-24):
- Hardware:
  - Sicherheitsupdate für GSM 600 und GSM 650 welches unkonfigurierte Werkseinstellungen des BMC (Baseboard Management Controller) aus sichere Werte zurücksetzt. Ein Reboot ist nach Upgrade nicht erforderlich. Laufende Scans werden nicht beeinträchtigt. Ein Angreifer aus demselben Netzsegment könnte den Geräte-Status auslesen, das Gerät abschalten oder einen Neustart auslösen. (#52840, GBSA-2015-01).
3.0.36 (2015-06-12):
- GSR PDF Berichte: Größenbegrenzung erweitert (#48813, #2015040810000021).
- GSR/GXR PDF Berichte: Ab 100 Hosts wird der Topologie-Graph ausgelassen da die Details dann ohnehin nicht mehr erkennbar sind und es die Berichtserstellung beschleunigt (#49274).
- Verbesserung des Imports von Berichten für Container-Tasks, so dass die Weboberfläche auch während des Imports zur Verfügung steht (#48660).
- Verbesserung des Report-Filters für Ergebnisse (#48543, #2015041610000023).
- Bugfix: Verweise aus dem Asset Management in einen Report hatten nicht auf die exakte IP gefiltert, sondern diese als Substring verwendet (#49591).
3.0.35 (2015-04-24):
- Freigabe des Upgrades Greenbone OS 3.1 für sämtliche GSM Modelle (#48657).
- Via GOS-Admin können nun von einem Master aus die angeschlossenen Sensoren angewiesen werden ein neues selbstsigniertes Zertifikat zu erstellen falls das bisherige Zertifikat ausgelaufen ist (#37419).
- Bugfix für das manuelle Erstellen eines Overrides, so dass nun auch das Port-Protokoll angegeben werden kann, z.B. “80/tcp” (#47706, #2015031810000031).
- Bugfix für den OpenVAS Scanner der eine unter bestimmten Umständen entstehende hohe CPU-Last beseitigt (#41205, #2014081510000029).
- Bugfix für den OpenVAS Scanner der für spezielle Netzwerk-Geräte mit speziellen SSH-Servern hängende Scan-Prozesse hinterließ wenn ein authentifizierte Scan durchgeführt wurde (#47681, #2015031110000016).
- Bugfix für GOS-Admin-Menu, so dass nun beim Sensor Check nun ein Scroll-Balken zur Verfügung steht um bei längeren Berichten alle Informationen einzusehen (#48710).
- Kleiner Bugfix für den Selfcheck in GOS-Admin-Menu: Für GSM-Modelle die keine Sensoren managen können, wird kein Sensor-Check mehr angezeigt (#47512).
- Bugfix für das Filtern von Scan-Ergebnissen wenn auf eine IP-Adresse eingeschränkt wird. Der Filter wurde nicht scharf angewendet und hat unter bestimmten Umständen mehr Ergebnisse geliefert als der Anwender erwartet hätte (#48237, #2015040210000041).
- Bugfix für das Scannen via Slave: Host-Ausnahmen des Target wurden nicht beachtet (#48112, #2015040210000022).
- Bugfix für GOS-Admin: Für verschiedene IP-Adress-Einstellungen wie NTP oder die Sensoren konnten keine IPv6-Adressen angeben werden (#47683).
- Bugfix der Timeouts beim bearbeiten sehr großer NVT-Familien verhindert (#48396, #2015041310000038).
- Bugfix bzgl. wechseln der “Host-Alive” Methode (#47935, #2015032710000013)
- Kleiner Bugfix der NTP-Konfiguration so dass nun keine Fehlermeldungen im Log mehr auftauchen (#47356, #2015021110000027).
- Bugfix bzgl. neu erstellter automatisch generierter Credentials (#47086, #2015021910000067).
- Bugfix bzgl. der Anzeige des Trust-Status von Report Format Plugins (#47092, #2015022310000013).
- Ergänzung der Informationen in der Online-Hilfe zu Overrides (#47912).
- Bugfix der Timeouts bei der Erzeugung oder beim Import größerer Scan-Reports vermeidet. (#48305, #48304, #48303, #48268, #2015040910000046, #2015041010000034).
3.0.34 (2015-03-12):
- Freigabe des Upgrades aller Greenbone Security Manager vom Typ “GSM 100” auf Greenbone OS 3.1 (#47309).
- Änderung zu Schedules: Ein geplanter Task wurde nicht ausgeführt wenn 3 Minuten lang nach Start keine Scanner-Ressourcen zu Verfügung waren. Diese Begrenzung ist nun aufgehoben (#44856, #2014073110000063).
- Bugfix zu Reports die für eine bestimmte IP-Adresse gefiltert wurden: Es konnten einige Einzelresultate fehlen (#45891, #2015011510000058, #2015022510000037).
- Bugfix für Ausführung von Scans via Slaves: Nun wird die die ausgewählte Port-Liste verwendet und nicht immer die Voreingestellte (#46692).
- Aktualisierung der SSH-Bibliothek des OpenVAS Scanners, so dass authentifizierte Scans auch bei neuesten SSH-Servern funktionieren (#46543).
- Verbesserte Performanz für die Liste mit Berichten (#46964).
- Bugfix im GSR Report Plugin: Der Text-Eintrag zu Overrides fehlte (#38158, #2014060310000046).
- Bugfix für Scan Fortschrittsbalken: Der Fortschritt wird nun besser wiedergegeben (#46401, #2015020210000053).
- Bugfix für einen kleinen Fehler der aber viele Meldungen im Log verursachte (parse_ctime) (#46246).
- Bugfix für einen kleinen Fehler beim Upgrade von GOS 2.2 auf GOS 3.0. Dort war das Löschen eines nicht mehr benötigten Verzeichnisses fehlgeschlagen (users-remote). (#46320).
- Kleiner Bugfix für CLI Admin: Für einige nicht mehr benötigte Kommandos (z.B. nosystemupgrade) lag noch ein Alias vor. Diese wurde nun entfernt. (#47265).
- Kleiner Bugfix um sehr spezielle HTTP Anfragen an den GSA nun korrekt zu beantworten (content-length headers) (#47091).
- Bugfix für Schedules die sehr kurze Dauer konfiguriert hatten (z.B. nur 1 Minute) (#46520).
- Kleiner Bugfix zu einer geänderten externen URL in der Online-Hilfe (#46545).
3.0.33 (2015-02-05):
- Bugfix bei Scan Configuration für den Zähler der aktivierten NVTs pro Familie. Unter bestimmten Umständen war die Zahl um 1 zu hoch (#44476).
- Bugfix bei Autorefresh: Unter bestimmten, seltenen Umständen wurde das Session-Ticket ungültig und machte eine erneute Anmeldung notwendig (#44673).
- Konsistenz-Fix bei Alarmierungen: Voreingestellt war hier als Filterelement “autofp” während es nicht voreingestellt ist bei der Report-Ansicht. Nun wurde “autofp” auch bei den Alarmierungen aus der Voreinstellung herausgenommen (#45083, #2014120310000016).
- Verbesserte Fehlermeldung bei Alarmierungen die aufgrund fehlender Report Plugins nicht ausgeführt werden konnten (#43915).
- Bugfix für ausgefalteten Powerfilter: Die Checkbox für Übersteuerungen war nicht immer sichtbar (#44858).
- Bugfix bzgl. der Löschfunktion für Anwender innerhalb von gos-admin-menu (#45902).
- Erweiterung des Selfcheck von gos-admin-menu um Erreichbarkeit des internen OMP Dienstes (#41194).
- Erweiterung von gos-admin-menu um Konfigurationsmöglichkeit der MTU für ein Interface (#44953, #2014121910000059).
- Bugfix zu inaktiven Übersteuerungen: Diese werden nun nicht mehr von den Report Plugins angezeigt (#45076, #2014122210000034).
- Bugfixes die für bestimmte Situationen die CPU-Last des GSM verringern (#45564, #45562, #44544).
- Bugfix beim Schalter für Übersteuerungen beim Powerfilter, so dass nun kein Rücksprung mehr auf den voreingestellten Powerfilter passiert (#44905).
- Bugfix für die Ansicht der Berichte, so dass auch die Berichte sichtbar sind für die man die Stellvertreter-Berechtigung hat (#44052).
- Freigabe Release-Wechsel auf GOS 3.1 für GSM ONE. (#46468).
- Verringerung der Reverse-Lookups des GOS Basissystems für NTP um das Log-Rauschen im Netzmonitoring zu verringern (#45933).
- Bugfix für Berechtigungsprüfungen bei Objekten im Mülleimer (#44902).
- Bugfix für individuelle Timeout-Konfiguration von NVTs bei Ausführung auf einem Slave-System (#46297, #2014121110000019).
3.0.32 (2015-01-29):
- Bugfix für die Aktualisierung eines internen TLS-Zertifikates. Bei abgelaufenem Zertifikat ist das anmelden an der Web-Oberfläche nicht mehr möglich. Das Problem tritt aktuell nur beim GSM 600 auf (#46218).
3.0.31 (2014-12-18):
- Bugfix für die Wiederherstellung eines Userdata Backup beim Modell GSM 500 (#44474).
- Bugfix für Sensor-Upgrades, speziell bei Airgap. Bei Problemen mit der Aktualisierung wenden Sie sich bitte an unseren Support mit Bezug auf Ticket-Nummer 44535 (#44535, #44477, #44444, #2014082010000019).
- Aktivierung der Slave-Zuordnung: Slaves die ein Administrator erstellt und für andere zugänglich gemacht hat, tauchen nun auch in der dortigen Slave-Auswahl auf und können entsprechend verwendet werden. Die Zuordnung von Slaves erfolgt derzeit noch über die Permissions Konfiguration (#44187, #2014112110000029).
- Verbesserung des Verhaltens der Web-Oberfläche bei Kombinationen von Autorefresh und Post-Requests (#44362).
- Bugfix bzgl. NVT-Auswahl bei Verwendung älterer importierter Scan Configurations bei denen nicht alle ausgewählten NVTs immer ausgeführt wurden (#44446, #2014120310000016).
- Für Userdata Backup kann nun via gos-admin-menu eine Backup-Server konfiguriert werden (SSH-basiert) und es kann manuell ein Userdata Backup zum/vom Backup-Server übertragen werden (#43687, #2014110510000032).
3.0.30 (2014-12-04):
- Performanz-Verbesserung für den Abruf von Berichtslisten (#44348).
- Bugfix bzgl. automatischer Seiten-Aktualisierung in der Weboberfläche: Nach ausfüllen eines Formulars, wir es durch eine Aktualisierung nicht erneut gesendet wodurch die Aktualisierung auf eine andere Seite gesprungen ist (#43714).
- Bugfix bzgl. fehlender Grafiken im GXR Bericht bei Versendung via Email-Benachrichtigung und weitere Überarbeitungen des GXR und GSR Berichts, darunter auch eine verbesserte Darstellung von Zeitzonen (#40211, #2014082110000026, #44275, #40028, #2014072410000022, #43853, #2014101410000035).
- Verbesserung zur Ausführung von via Zeitplan gesteuerten Scans auch bei hohe Systemlast zum Startzeitpunkt (#44024, #2014073110000063).
- Bugfix bzgl. gelegentlich im Browser nicht dargestellten Logos in der Weboberfläche (#43713).
- Interne Verbesserung gegen Fehlbedienung im Expertenmodus der GSM-Administration bzgl. Feed-Synchronisation (#35126).
- Bugfix der den Speicherverbrauch des Scanners reduziert (#43581).
3.0.29 (2014-11-29):
- Dringender sicherheits-kritischer Fehler beseitigt der einen möglichen Angriff als via SQL Injection verhindert. Ein Angreifer muss dafür bereits über ein Benutzer-Konto auf dem GSM verfügen (#44316, #44315, GBSA-2014-02).
3.0.28 (2014-11-13):
- Vereinfachung des internen Ablaufsystems für das Management von Greenbone OS. Im Wesentlichen entfällt die Phase des “Schedulings” bei verschiedenen Aktionen und beschleunigt den Ablauf dadurch teilweise erheblich. Verbessert wurden die Funktionen Sensor Trigger, GOS Upgrade, Feed Sync, GOS Sync, Flash-Image Sync, Airgap sowie alles bzgl. Backup und Restore (#43776, #42781, #42782, #43298, #43297, #43584, #43618, #43617).
- Performanz-Verbesserung für einen Master-GSM der viele Sensoren steuert die jeweils mit zahlreichen Alarmierungen automatisch gekoppelt sind (#41734, #43328, #43329, #2014073110000063).
- Der Inhalte der “affected” Information eines NVT wird nun ebenfalls in den Ergebnis-Details sowie diversen Report Formaten dargestellt (#40460).
- Interne Verbesserung für die Analyse von NVT-Fehlern durch detailliertere Log-Meldungen (#40418)
- Verbesserte Online-Hilfe zu “Edit Tasks” bzgl. Alterable Tasks (#41189, #2014091810000031).
- Bugfix für Selfcheck in GOS-Admin-menu der gelegentlich auftrat und den Selfcheck eingefroren hat (#43813).
- Bugfix bzgl. Schedules die fälschlicherweise mehrfach täglich ausgeführt wurden. Dieses Problem konnte bei einem Wechsel der Zeitzone auftreten (#43619, #2014110510000023).
- Bugfix für Backup/Restore wenn diese über GOS-Generationen hinweg erfolgen sollten (#43622, #43681, #43715, #43681, #2014082010000019).
- Erweiterung des Powerfilters, so dass bei einigen Objekten das Präsens von Unter-Objekten berücksichtigt werden kann. Beispielsweise kann nun bei Tasks mit “schedule=” auf genau die Tasks gefiltert werden die einen Schedule besitzen (#39947, #2014081310000023).
- Bugfix für den Zeitstempel wann der Scan eines Zielsystems via eines Sensors beendet wurde. Der Zeitstempel steht nun zeitnah zur Verfügung und nicht erst am Ende des gesamten Scans (#32725, #2013102110000041).
- Verbessertes Antwortverhalten der Web-Oberfläche bei intensiver paralleler Verwendung (#42029).
- Die Voreinstellung des Scan Parameters “unscanned_closed_udp” wurde von “no” auf “yes” umgestellt um der Einstellung für tcp zu entsprechen. Damit werden einige unnötige Timeouts vermieden. (#31638).
- Verbesserte interne Selbstprüfung bzgl. unvollständiger Update-Downloads (#35948).
- Leichte Performanz-Verbesserung für das Asset Management (#42062, #2014100810000011).
- Erweiterung des Benutzer-Managements von GOS-Admin-Menu: Nun kann das Passwort eines Web-Admins auch an dieser Stelle geändert werden (#31074, #2013080610000021).
- Bugfix mit dem nun beim Powerfilter für NVTs auch die script tags einbezogen werden (#43455).
- Eine Analyse der Datenbank bzgl. spezieller Eigenschaften kann nun via GOS-Admin-Menu, Menü “Advanced”, ausgelöst werden (#43686, #41096).
- Bugfix für ein Problem, dass unter bestimmten, nicht reproduzierbaren Umständen nicht alle NVTs für ein Ziel ausgeführt wurden (#43300).
- In der Web-Oberfläche ist die Task-Filter Auswahl nun persistent. Wählt man also in der Task-Übersicht einen Filter, und kehrt später zur Task-Auswahl zurück, so wird wieder dieser Filter automatisch angewendet (#39676).
- In der Web-Oberfläche ist die Refresh-Einstellung nun persistent bei Wechsel der Ansichten (#39673, #2014073110000018)
- Online-Hilfe zu Rollen erweitert (#42033).
- Verbesserung der Airgap-Funktion bei GSM 5300/6400, so dass die USB-Stick Geräte-Reihenfolge keine Relevanz mehr hat (#42021).
- Interne Konsistenz-Prüfung für GOS vor Version 2.0 entfernt (#41152).
- Kleine interne Verbesserung die falsche Fehlermeldungen im Boot-Log beseitigt (nur GSM 600) (#37059).
- Die Form des CLI Admin Shell-Prompts wurde geändert und beinhaltet nun den Hostnamen des GSM (#24692).
3.0.27 (2014-10-16):
- Bugfixes für Airgap-Feature. In diesem Zusammenhang wurde der Ablauf mit einer neuen Logik implementiert über die diverse Seiteneffekte (beispielsweise wechselnde Geräte-Nummerierung) ausgeschlossen werden (#26710, #42149, #42010).
- Bugfix für GSM 600 und GSM 650 der eine Prozessor-Drosselung beseitigt. Die Leistung dieser Appliances sollte deutlich ansteigen (#42148).
- Reduzierung der Datei-Größe der GXR und GSR PDF-Berichte (#31553).
- Feed-Push- und Upgrade-Funktion für Sensoren in gos-admin-menu hinzugefügt. Damit kann manuell eine Aktualisierung der Sensoren durchgeführt werden falls beispielsweise der Sensor während der automatischen Aktualisierung nicht erreichbar war. (#21553, #33986, #2013122010000021 ).
- Im gos-admin-menu wurde ein Schalter eingebaut der die graphische Web-Oberfläche umschalten kann. Verfügbar sind die klassische Ansicht sowie die auf ein Minimum vereinfachte Oberfläche “IT-Schwachstellenampel” (ITS) (#37879).
- Administratives Interface: Es gibt nun die explizite Einstellung “all” die alle Interfaces freigibt. Dies wird nun identisch behandelt mit dem Fehlen der Einstellung (Leereingabe) (#41004).
- Bugfix für Sensor-Check im Selfcheck: Dieser verhält sich nun identisch mit dem check im Sensor-Management (#40324).
- Bugfix für Selfcheck im Sensor-Mode: Die Nicht-Erreichbarkeit des Feed-Servers wird nun nicht mehr bemängelt (#37577, #2014051310000011).
- Erweiterung des Selfcheck um eine Warnung falls die TLS-Zertifikate in absehbarer Zeit ablaufen (#39502, #2014072410000102).
- Änderung des voreingestellten MTA auf mail.example.com um Missverständnisse zu vermeiden (#40741).
- Bugfix mit dem vermieden wird, dass im internen Cron-Ablauf von GOS versucht wird lokale Emails mit log-Daten an “postmaster” zu versenden (#42013).
3.0.26 (2014-09-26):
- Sicherheitsupdate für durch Greenbone OS genutzte Hilfsprogramme. Dies schließt unter anderem die Behebung der in CVE-2014-6271 (Shellshock), CVE-2014-7169, CVE-2014-7186 und CVE-2014-7187 beschriebenen Schwachstellen in GNU Bash ein (#41575).
3.0.25 (2014-09-13):
- Bugfix für die Migration importierter Berichtsformate mit nicht-eindeutigen IDs (#40970).
- Bugfix für die Migration von Zeitplänen mit fehlenden Zeitzonen (#40737).
- Ein Bug, der unter gewissen Umständen beim Leeren des Mülleimers einen internen Fehler auslöste, wurde behoben (#40358).
- Die inkorrekte Anzeige der Änderbarkeit einer Aufgabe in der Weboberfläche wurde behoben (#40084, #2014081510000011).
- Der Name der Aufgabe erscheint nun in den Berichtsformaten PDF, LaTeX, HTML und TXT (#25269).
- Die inkorrekte Anzeige der Start- und Endzeit von bei der Nutzung von Slaves in anderen Zeitzonen wurde behoben (#39691, #2014072410000022).
- Die inkorrekte Anzeige des Scan-Status als “-1 %” unter gewissen Umständen während Slave-Scans wurde behoben (#39679, #2014073110000063).
- Die Scan-Leistung wurde durch ein Verminderung der Prozessorlast auf dem Master bei Slave-Scans erhöht (#40120, #2014073110000063).
- Sofern aktiviert wird JavaScript nun an mehr Stellen genutzt, um die Auswahl aus einer Dropdown-Liste automatisch anzuwenden (#39672, #2014073010000047).
- Ein Bug der unter gewissen Umständen zu einem unnötigen Logging führte wurde behoben (#40121).
- Die Funktionalität zum Klonen von Objekten ist nun einfacher zugänglich (#39674, #2014073110000027).
3.0.24 (2014-08-22):
- Bugfix bzgl. eine Migrationsfehlers beim Releasewechsel Im Zuge von GOS 3.0.23 eingeführte Änderungen führten dazu, dass ein Releasewechsel von GOS 2.2 nach GOS 3.0.23 während der Nutzermigration fehlschlug (#40159).
3.0.23 (2014-08-16):
- Bugfix bzgl. Sichtbarkeit des GXR PDF Plugins wenn man verschiedene Kopien gleichzeitig verwendet hat (#39058).
- Bugfix für defekte masterkeys auf den Sensoren, so dass diese nun erkannt werden (#38958).
- Bugfix für die Weiterleitung von Port 80 auf 443 für den Fall, dass ein anderes als das voreingestellte Netzwerkinterface verwendet wird (#39762).
- Bugfix für die Verwendung des administrativen Interfaces bzgl. der Web-Schnittstelle bei Verwendung eines anderen als dem voreingestellten Netzwerkinterfaces (#34964).
- Bugfix der einige falsche interne Log-Meldungen bzgl. SCAP und CERT Datenbank beseitigt (#39185).
- Bugfix der das Verhalten des CLI Kommandos “addadmin” korrigiert. Das User Management via gos-admin-menu hatte keine Fehler (#39227, #39245, #2014071510000067).
- Aus CLI Admin wurden nicht funktionale (leere) Kommandos nun endgültig entfernt (#39472).
- Entfernung einiger seit GOS 3.0 nicht mehr benötigten internen Datendateien. Nur in einigen wenigen Fällen kann es zu sichtbaren Speicherfreigaben kommen (#34966).
- Bugfix der die Weiterleitung von Port 80 auf Port 443 für einige Klient-Programme verbessert. Gängige Browser hatten keine Probleme (#38612).
- Kleiner Bugfix um das interne Log-Rotate für eine Log-Datei einzuschalten (#37483).
- Feedback-Knopf bei Ergebnissen hinzugefügt: In der Detailansicht findet sich nun ein Knopf mit dem eine Rückmeldung zu dem Scan-Resultat an das Greenbone Support-Team geschickt werden kann (#38249).
- Bugfix so dass nun eine interne temporäre Backup-Datei gelöscht wird nachdem das User Data Backup abgeschlossen wurde (#39335).
- Die Funktion “Pause” für Tasks wurde aus der Web-Oberfläche entfernt. Pausierende Aufgaben blockieren ggf. größere Speicherbereiche und eine gestoppte Aufgabe kann ebenfalls wieder fortgeführt werden (#39914).
- Bugfix für den Import von Brute-Force Login-Listen bei der Scan Configuration (#39471).
- Bugfix um das mehrfache importieren des selben Report Format Plugins zu erlauben (#38016).
- Änderung der Auswahl der Refresh-Zeiten: Anstatt 10s/30s/60s steht nun 30s/60s/2m/5m zu Auswahl (#36561, #2014040710000024).
- Bugfix für das Zuordnen von LDAP-Anwenderkonten zu einer Anwendergruppe (#38459).
- Bugfix für die Verwendung von Filtern für den Leserechte an andere freigegeben wurden (#38787).
- Kleiner Bugfix beim internen Prozesshandling beim Erstellen von Tags (#39936).
- Die Funktion “Filter entfalten” steht nun auch in der Report-Ansicht “Zusammenfassung” zur Verfügung (#38783).
- Interne Erweiterung um für Ausnahmefälle eine individualisierte Konfiguration der Dienste zu erlauben (#37575, #39692, #2014051310000038).
- IP-Adressen und Hostnamen in der Ergebnis-Ansicht sind nun mit Querverweisen in das Asset-Management verknüpft (#39226, #2014071510000049).
- Erweiterung der Tooltips im Asset-Management zu den Hosts um CPE (#39225, #2014071510000031).
- Bei Verwendung von LDAP für neue Anwender ist es nun nicht mehr notwendig ein lokales Passwort anzugeben (#31438, #2013082810000033).
- Erweiterung des gos-admin-menu um Hinweis auf Reboot-Notwendigkeit im Fall von Änderungen am SSL-Zertifikat (#39503, #2014072410000111).
- Erweiterung der Anzahl möglicher IPs im Host Access Feld für Anwender-Beschränkungen auf 16.777.216 (#39405, #2014072110000046).
- Verbesserte LVM-basierte Backup-Funktion für GSM 6×0 (#37820).
- Name des Tasks in Report-Ansicht nun Teil des Menüs (#38782, #2014063010000021).
- In CVSS Vektoren wird nun “AU” für “Au” akzeptiert (#37710).
3.0.22 (2014-07-11):
- Bugfix der ein Einfrieren des Systems während des Boot-Vorgangs verhindert. Unter bestimmten Umständen kann es bei GOS 3.0.20 und GOS 3.0.21 vorkommen, dass der GSM beim Neustart stehen bleibt. Der Greenbone-Support Team kann in diesem Fall weiterhelfen. Sollten Sie auf eine dieser Versionen aktualisiert aber noch nicht neu gestartet haben, so empfiehlt es sich zunächst noch auf die 3.0.22 zu aktualisieren und erst dann einen Neustart auszulösen (#39159).
3.0.21 (2014-07-09):
- Erweiterung des Benachrichtungs-Typ “verinice” um eine Auswahlmöglichkeit für das zu verwendeten Berichtsformat (#38995, #2014070710000037, #38996, #2014070710000046).
- Bugfix zu der mit GOS 3.0.20 eingeführten SSL/TLS-Aktualisierung um die korrekte Detektion eines SSL-Ports wieder zu gewährleisten (#38997).
- Das interne Boot-Log wurde deaktiviert, da es unter speziellen Umständen Probleme mit der Konsole verursachen kann (#39007).
- Bugfix zu Berechtigungen von vor-konfigurierten Rollen: Diese können nun auch mit Administrationsrechten nicht verändert werden (#38607).
3.0.20 (2014-07-05):
- Die Fähigkeiten bezüglich SSL/TLS wurden aktualisiert und erweitert. Das betrifft sowohl die GOS Dienste also auch den eigentlich Scanner. Unter Anderem wird nun auch PFS (Perfect Forward Secrecy) unterstützt (#38046, #33832).
- Unterstützung für das Konfigurieren vin TLS Cipher Priorities für OMP und HTTPS via gos-admin-menu hinzugefügt (#36507, #38615).
- Unterstützung für SINA One Way Gateway hinzugefügt. Damit können Feed-Updates über dieses Gateway hinweg von einem externen GSM an einen internen GSM übertragen werden. gos-admin-menu wurde hierfür erweitert und erlaubt nun sowohl die Konfiguration des Update-Master als auch des Update-Slave (#37854, #38047).
- Um das Update von inhomogenen GSM Strukturen (zum Beispiel 5300/600/100) in einem internen Netzwerk über einen einzelnen externen GSM zu erlauben wurde die GSM Midrange/Enterprise Modelle nun in die Lage versetzt die Daten für verschiedene GSM-Modelle zu übertragen. (#38069).
- Um eine in Reihe geschaltete Kette von Master-Sensor Setups zu ermöglichen (zum Beispiel 5300>600>100) wurde eine Unterstützung eingebaut um einen GSM sowohl als Master als auch gleichzeitig als Sensor zu konfigurieren (#38048).
- Bugfix der ein Datenbank-Locking Problem löst welches unter bestimmten Umständen bei Airgap Updates auftrat (#38460).
- Bugfix der nun dafür sorgt, dass CERT-Daten bei den Airgap Updates berücksichtigt werden (#38049).
- Kleiner Bugfix zu Notizen-Icons (#38722, 2014062610000011).
- Bugfix der es nun erlaubt mehrere Einträge in das Host Access Eingabefeld der Benutzer-Konfiguration einzutragen. Nun werden alle Elemente akzeptiert (#36137, #2014031910000031).
- Aufgaben mit Zeitplanung können nun durch einen Anwender auch jederzeit direkt gestartet werden (#28892, #2013040610000028).
- Bugfix der ein Problem beim Auslösen eines GSM 25V Upgrades via Master-GSM löst (#38192).
- Bugfix zu dem Problem, dass das Betreten des user/password Management in gos-admin-menu Sensor-Tasks auf “Gestoppt” gesetzt hat (#38288).
- Bugfix für ein UTF-8 Problem in ITG Scan-Ergebnissen (#37163, #2014042410000064).
- Report Format Plugin “verinice ISM” ist nun ein vorkonfiguriert systemweites Plugin (#30425, #38708, #2013062610000013).
- Unterstützung für mehrere E-Mail-Adressen im Email-Alarm. Zuvor war nur eine einzelne Email-Adresse möglich (#37652, #2014051410000036).
- Kleiner Bugfix zu Darstellungsfehlern in einigen Chrome-Browsern (#35495).
- Kleiner Bugfix zu einigen Log-Meldungs-Fällen bei der Synchronisation (#38197).
- Bugfix zum Wiederherstellen von gelöschten Gruppen. Die Benutzerdaten gehen nun nicht mehr verloren (#38614).
- Kleine interne Aufräumarbeit (Entfernung einer übriggebliebenen Datei) (#36423).
- Bugfix, so dass nun eine schneller Zugriff auf das User und Password Management von gos-admin-menu gewährleistet ist. In einigen Fällen dauert der Zugang recht lang (#38287).
- Bugfix zum Klonen von Aufgaben die Beobachter eingetragen haben. Diese wurden im Clon nicht freigegeben (#38213).
- Bugfix um die Boot-Zeit des GSM zu beschleunigen. In einigen spezielle Fällen dauert der Boot-Vorgang ca. 2 Minuten und liegt nun wieder bei wenigen Sekunden (#38286).
- Prüfung auf ausgelaufene Zertifikate ist nun Teil des Selfcheck in gos-admin-menu (#35918).
- Kleinere Verbesserung zu Zeitzonen bei Zeitplänen (Darstellung und Online-Hilfe) (#38611, #38613).
3.0.19 (2014-06-05):
- Erweiterung für gos-admin-menu so dass dort die TLS Ciphers für OMP konfigurierbar sind (#37763, #2014051910000018).
- Aktualisierung Guest-Tools für GSM 25V (#37566).
- Bugfix für GSM25V bzgl. fehlerhaftem Boot-Menü (#38012).
- Bugfix für die SCAP Datenbank so dass einige spezielle CVEs bei Datenbankabfragen nicht ignoriert werden (#37236).
- Beseitigung Tippfehler in gos-admin-menu bei Pfadangabe (“2.1” vs. “3.0”) (#37561).
- Bugfix um das Löschen eines Report Format Plugins via OMP und in der Web-Oberfläche zu verhindern, falls dieses noch bei Alarmierungen verwendet wird. (#37485, #35960).
- Bugfix für SSL-Zertifikate von eigener CA, so dass nun auch längere Zertifikats-Ketten verwendet werden können (#37863, #2013120910000043).
- Erweiterung für Sensor-Prüfungen eines Master-GSMs um Gültigkeitsprüfung der SSL-Zertifikate auf den Sensoren (#37414).
- Bugfix der ein Speicher- und CPU-Leck behebt und nur bei Verwendung von Chrome auftrat (#37988).
- Bugfix der das Problem behebt das bei einigen gelöschten Report Format Plugins diese noch angezeigt werden so lange sie noch im Mülleimer vorgehalten werden (#36509).
- Bugfix um neu importierte und aktivierte Report Format Plugins auch in die Auswahllisten aufzunehmen (#37457).
- Bugfix für Anmeldeverfahren LDAP-Benutzerkonten bzgl. LDAP Server TLS Zertifikate so dass sich nun alle LDAP-Benutzerkonten wieder anmelden können (#37458).
- Bugfix der dafür sorgt, dass für ein gelöschtes Konto auch die eingerichteten Gruppen- und Rollenzugehörigkeiten gelöscht werden (#37439).
- Bugfix um das Boot-Log über gos-admin-menu sichtbar zu machen (#37600).
- Bugfix der für die GSM ONE die Berechtigungen ausblendet die ohnehin Funktionen betreffen die hier nicht verfügbar sind (#34539).
- Verbesserung der internen Log-Mechanismen so dass auch extrem lange Log-Meldungen von GOS vollständig verzeichnet werden (#37476).
- Verbesserte Fehlermeldung beim Löschen von Benutzerkonten (#37451).
- Bugfix für das Löschen von Benutzerkonten via gos-admin-menu (#37878).
3.0.18 (2014-05-10):
- Bugfix für Migration (ANALYZE) von GOS 2.2.0 nach 3.0 (#37357).
- Verbesserung die nicht mehr benötigte temporäre Dateien (kbs) entfernt (#37263).
- Bugfix bzgl. Encoding welches die Konfiguration einiger NVTs verhindert hatte (#37146, #2014042410000073).
- Bugfix für Feed-Synchronisationsroutinen für Master-Sensor Aktualisierung (#37240).
- Bugfix für Sensor-Check in gos-admin-menu (#37243).
- Bugfix der verhindert, dass die individuelle Zeitzoneneinstellung verloren geht (#37265).
- Bugfix für die Erhaltung der Zugangsberechtigungen für Rolle User und Observer bei der Migration von GOS 2.2.0 nach 3.0 (#37438).
- Bugfix um das Kürzen langer CPE Kennungen im Berichts-Typ GSR zu vermeiden (#36508, #2014040410000011).
3.0.17 (2014-04-23):
- Bugfix für initiale Datenbank-Erstellung (#37045).
- Bugfix für konsistente Darstellung im LCD-Display (#36544).
- Verbesserung der Anzeige im LCD Display (GOS-Version und IP-Adresse). (#36281).
3.0.16 (2014-04-17):
- Verbesserung für GSM ONE, so dass bei noch fehlendem Web-Konto beim Start ein Hinweis in der Konsole erfolgt (#36444).
- Verbesserung für Upgrades die toleranter mit Fehlern umgeht die möglicherweise bei einer Datenmigration auftreten (#36546).
- Bugfix der den LDAP-Konfigurations-Dialog wieder sichtbar macht (#35363).
- Bugfix für die TLS-Einstellungen des OMP Dienstes (#36789).
- Erweiterung die bei dem ersten Start von GOS ein selbst-signiertes automatisch erstellt (#36574).
- Bugfix der die Eingabe von AD-Kennungen für authentifizierte Proxies in gos-admin-menu erlaubt (#36586).
- Bugfix für die Umleitung von http nach https für die Weboberfläche (#36762).
- Bugfix für Migration von GOS 2.2.0 (#36764, #36545).
3.0.15 (2014-04-05):
- Die NVTs “Host Summary” und “CPE Inventory” wurden für alle voreingestellten Scan-Konfigurationen ausgeschaltet. Die Daten sind ohnehin in den verschiedenen Abschnitten des Ergebnis-Browsers verfügbar (#36104, #35927).
- Bei GSM ONE wird nun auf der Konsole direkt die Web-Adresse angezeigt über die man die Web-Oberfläche erreicht (#36316).
- Umstellung internes Logging des Web-Dienstes auf SysLog (#36340).
- Formatierungsverbesserungen für diverse Login-Meldungen der internen Administrations-Ebene (#36201, #36317).
- Bugfix für Report Format Plugin GSR welcher in einigen Fällen fehl schlug (#36282).
- Bugfix der die DHCP Log-Informationen in gos-admin-menu in den passenden Abschnitt verschiebt (#31287).
- Neu: Quick-Task Wizard, erreichbar über die Wizard-Seite der Aufgaben. Bei GSM ONE reduzierter Umfang (keine Alarmierungen setzbar) (#33889, #36424, #28196, #2013022810000017, #2013112510000014).
- Striktere Einschränkung der TLS Versionen und Ciphers der Web-Schnittstelle. Ältere Browser können dann nicht mehr auf die Web-Schnittstelle zugreifen (#35333).
- Voreingestelltes Report Format Plugin für Prognose nun der einfache PDF-Bericht (#26361).
- Bugfix der interne nicht benötigte temporäre Dateien von Diensten entfernt die bei GOS 3.0 nicht mehr verwendet werden (#36357).
- Erweiterte Möglichkeiten des Scanners für TLS-Dienste (v1.1 und v1.2) (#36109).
- Bugfix für die Einstellung von Ergebnis-Filtern bei Benachrichtigungen (#36094).
- TLS Ciphers Einstellungen von OMP and die von HTTPS angepasst (#34747).
- Bugfix bzgl. Ansteuerung LCD-Anzeige (#36372).
- Bugfix so dass nun ein absoluter Pfad für den Location-Header der Web-Oberfläche verwendet wird. Dies verbessert die Verwendung mit Proxies (#9709).
3.0.14 (2014-03-27):
- Aktualisierung Report Format Plugins GXR und GSR auf Version 2.0.1 (#35767).
- Reduzierung der internen Log-Informationen von Greenbone OS (#35710).
- Verbesserung der Hypervisor-Unterstützung bei GSM ONE (#20497).
- Bugfix bei der Angabe der Alive-Test-Methode in der Web-Oberfläche (#36165).

Versioni attuali

Panoramica

Calendario release delle versioni OPENVAS SCAN

19.12.2025

03.02.2025

05.05.2025

01.02.2026

Rimani sempre un passo avanti con OPENVAS.

Changelog

Prodotti e soluzioni

Risorse e assistenza

Chi siamo

Contattaci

Community