Releases: greenbone/gvmd
Releases · greenbone/gvmd
gvmd 21.4.2
gvmd 21.4.1
21.4.1 - 2021-06-23
Added
- Add NVT tag "deprecated" #1536
- Extend GMP for new privilege escalation credential #1535
- Include new ssh elevate (escalation) credential in OSP request #1539
- Add test if the ssh elevate credential is different from the ssh credential #1582
Changed
- Update default log config #1501
Fixed
- Improve VT version handling for CVE & OVAL results #1496
- Fix migration to DB version 242 from gvmd 20.08 #1498
- Update subject alternative name in certificate generation #1503
- Fix whole-only config family selection #1517
- Migrate GMP Scanners to OSP Sensors #1533
- Solved a peformance problem for tasks after scanning lots of hosts #1567
- Solved a performance problem when filtering results by tags #1579
gvmd 20.8.2
20.8.2 - 2021-06-23
Added
- Add standard info elem fields for NVTs in get_info #1426
- Add --ldap-debug option #1439
- Try to install PostgreSQL extensions automatically #1444 #1483
- Add auto retry on scanner connection lost during a running task #1452
- Add --feed-lock-timeout option #1472
- datetime parser for
%Y-%m-%dT%Hh%M
for keywords 1518
Changed
- Improve report counts performance #1438
- Clean up log config, add gvm-libs log domains #1502
- Sort missing severity as lowest value in GMP get #1508
- Use passwordbasedauthentication of gvm-libs instead of auth_utils #1505
- Set file permissions in greenbone-feed-sync #1575
Fixed
- Also create owner WITH clause for single resources #1406
- Fix SQL escaping when adding VT references #1429
- Update report run status more consistently #1434
- Improve modify_override errors, fix no NVT case #1435
- Fix size calculation in
--optimize vacuum
#1447 - Fix report host end time check in CVE scans #1462
- Fix "not regexp ..." filters #1482
- Escape TLS certificate DNs that are invalid UTF-8 #1486
- Free alert get data in report_content_for_alert #1526
- Fix erroneous freeing of ical timezone component #1530
- Fixed the sorting / filter by username functionality for remediation tickets #1546
- The alterable indicator is now copied when cloning a task #1553
- Fix stop resume feature. #1568
Removed
Greenbone Vulnerability Manager v21.4.0
Added
- Extend GMP for extended severities #1326 #1329 #1359 #1371 #1477 #1488
- Parameter
--db-user
to set a database user #1327 - Add
allow_simultaneous_ips
field for targets #1346 #1396 - Speed up GET_VULNS #1354 #1355
- Speed up result counting iterator #1358 #1361
- Speed up result iterator #1370 #1361
- Improve GMP docs around users #1363
- Cache report counts when Dynamic Severity is enabled #1389
- Detection entry detection while importing reports #1405
Changed
- Move EXE credential generation to a Python script #1260 #1262
- Clarify documentation for --scan-host parameter #1277
- In result iterator access severity directly if possible #1321
- Change SCAP and CERT data to use "severity" consistently #1333 #1357 #1365 #1457 #1476
- Expect report format scripts to exit with code 0 #1383
- Send entire families to ospd-openvas using VT_GROUP #1384
- Limit "whole-only" config families to "growing" and "every nvt" #1386
- Access current user with an SQL function #1399
- Refactor modify_config, allowing multiple simultaneous changes #1404
- Add retry on a deadlock within sql#sql #1460
- Don't require report format plugin for XML report #1466
- Wording of
Rebuilding NVTs because integrity check failed
1475
Fixed
- Use GMP version with leading zero for feed dirs #1287
- Check db version before creating SQL functions #1304
- Fix severity_in_level SQL function #1312
- Fix and simplify SecInfo migration #1331
- Prevent CPE/NVD_ID from being "(null)" #1369
- Check DB versions before CERT severity updates #1376
- Add owner checks to report_count queries #1397
Removed
- Remove solution element from VT tags #886
- Drop GMP scanners #1269
- Reduce Severity Classes #1285
- Removed Severity Classes #1288
- Remove remaining use of "Severity Class" in where_levels_auto #1311
- Remove the functionality "autofp" (Auto False Positives) #1300
- Remove severity type "debug" #1316
- Remove element "threat" of element "notes" #1324
Greenbone Vulnerability Manager v20.8.1
Added
- Added ability to enter Subject Alternative Names (SAN) when generating a CSR #1246
- Add filter term 'predefined' #1263
- Add missing elements in get_nvts and get_preferences GMP doc #1307
- Add command line options db-host and db-port #1308
- Add missing config and target to modify_task GMP doc #1310
- Add version for NVTs and CVEs in make_osp_result #1335
- Add check if gvmd data feed dir exists #1360 #1362
Changed
- Extended the output of invalid / missing --feed parameter given to greenbone-feed-sync #1255
- The xsltproc binary is now marked as mandatory #1259
- Check feed status without acquiring lock #1266
- Use timestamp in automatic sensor task names #1390
- Replace g_file_test with gvm-libs file tests #1391
Fixed
- Add dummy functions to allow restoring old dumps #1251
- Fix delta sorting for unusual filter sort terms #1249
- Fix SCP alert authentication and logging #1264
- Set file mode creation mask for feed lock handling #1265
- Ignore min_qod when getting single results by UUID #1276
- Fix alternative options for radio type preferences when exporting a scan_config #1278
- Replace deprecated sys_siglist with strsignal #1280
- Copy instead of moving when migrating predefined report formats #1286
- Skip DB check in helpers when main process is running #1291
- Recreate vulns after sync #1292
- Add SecInfo case to alert check in MODIFY_FILTER #1293
- For radio prefs in GMP exclude value and include default #1296
- Add permission check on host in OS host count #1301
- Auto delete at the start of scheduling so it always runs #1302
- Fix create_credential for snmpv3. #1305
- Remove extra spaces when parsing report format param type #1309
- Correct arg to alert_uuid #1313
- Switch result filter column 'task' from task ID to name task name #1317
- Correct check of get_certificate_info return #1318
- Fix GMP doc text of
active
elem for notes and overrides #1323 - Account for -1 of orphans when deleting permission #1345
- Move feed object in trash checks to startup #1325
- Always check for 'All' when deleting selectors #1342
- Do not inherit settings from deleted users #1328
- Delete TLS certificate sources when deleting users #1334
- Fix SQL errors in SCAP and CERT update #1343
- Check private key when modifying credential #1351
- Clean up hosts strings before using them #1352
- Improve SCP username and destination path handling #1350
- Fix response memory handling in handle_osp_scan #1364
- Allow config to sync even if NVT family is not available #1366
- Delete report format dirs last when deleting a user #1368
- Fix sorting in get_aggregates and its documentation #1375
- Improve "Failed to find..." messages #1395
Removed
- Remove DROP from vulns creation #1281
Greenbone Vulnerability Manager v20.8.0
Added
- Add setting "BPM Dashboard Configuration" #764
- Faster SecInfo REF retrieval for GET_REPORTS #793
- Improve performance of GET_REPORTS #801 #811 #817
- Speed up the HELP 'brief' case #807
- Faster startup #826
- Add option --optimize migrate-relay-sensors #827
- Add host_id filter for tls_certificates #835
- Allow use of public key auth in SCP alert #845
- Refuse to import config with missing NVT preference ID #853 #860
- Add "Base" scan config #862
- Add setting "BPM Data" #915
- Automatically load predefined configs from the feed #931 #933 #934
- Automatically load predefined port lists from the feed #950 #952
- Automatically load predefined report formats from the feed #968 #970
- Print UUIDs in --get-users when --verbose given #991
- Add --get-roles #992
- Add --rebuild #998
- Lock a file around the NVT sync #1002
- Add a delay for re-requesting scan information via osp #1012
- Add --optimize option cleanup-result-encoding #1013
- Perform integrity check of VTs after updates #1024 #1035
- Ensure path of listening UNIX socket exists #1040
- Add --rebuild-scap option #1051
- Stop current scheduling of task when permission denied #1058
- Trim malloc heap after updating cache #1085
- Handle QUEUED osp scan status. #1113
- Add time placeholders for SCP path #1164
- Expand detection information of results #1182
- Add filter columns for special NVT tags #1199
- Add currently_syncing for NVTs in GMP get_feeds #1210
- Add logging for ANALYZE at end of migration #1211
- Basic systemd, logrotate and config files have been added #1240
Changed
- Update SCAP and CERT feed info in sync scripts #810
- Extend command line options for managing scanners #815
- Try authentication when verifying GMP scanners #837
- Try importing private keys with libssh if GnuTLS fails #841
- Extend GMP API for nvt object to carry a explicit solution element #849 #1143
- Allow resuming OSPd-based OpenVAS tasks #869
- Require PostgreSQL 9.6 as a minimum #872
- Speed up the SCAP sync #875 #877 #879 #881 #883 #887 #889 #890 #891 #901
- Change rows of built-in default filters to -2 (use "Rows Per Page" setting) #896
- Force NVT update in migrate_219_to_220 #895
- Use temp tables to speed up migrate_213_to_214 #911
- Allow "Start Task" alert method for SecInfo events #960
- New Community Feed download URL in sync tools #982
- Change setting UUID to correct length #1018
- Change licence to AGPL-3.0-or-later #1026
- Count only best OS matches for OS asset hosts #1029
- Clean up NVTs set to name in cleanup-result-nvts #1039
- Improve validation of note and override ports #1045
- The internal list of current Local Security Checks for the Auto-FP feature was updated #1054
- Simplify sync lockfile handling #1059
- Do not ignore empty hosts_allow and ifaces_allow #1064
- Reduce the memory cache of NVTs #1076
- Sync SCAP using a second schema #1111
- Use error variable in osp_get_vts_version(). #1159
- Include unknown preferences when uploading or syncing configs #1005
- Set the default OSPD unix socket path to /var/run/ospd/ospd.sock #1238
- The default OSPD unix path is now configurable #1244
Fixed
- Add NULL check in nvts_feed_version_epoch #768
- Faster counting in GET_REPORTS when ignoring pagination #795
- Improve performance of GET_REPORTS #797
- Consider results_trash when deleting users #800
- Update to gvm-portnames-update to use new nomenclature #802
- Escaping correctly the percent sign in sql statements #818
- Try to get NVT preferences by id in create_config #821
- Remove incorrect duplicates from config preference migrator #830
- Update config preferences after updating NVTs #832
- Fix order of fingerprints in get_tls_certificates #833
- Fix notes XML for lean reports #836
- Fix asset host details insertion SQL #839
- MODIFY_USER saves comment when COMMENT is empty #838
- Prevent HOSTS_ORDERING from being '(null)' #859
- Fix result diff generation to ignore white space in delta reports #861
- Fix resource type checks for permissions #863
- Fix result_nvt for new OSP and slave results #865
- Fix preference ID in "Host Discovery" config #867
- Fix SQL for tickets with overrides #871
- Fix result_nvt for new OSP and slave results #873
- Use right format specifier for merge_ovaldef version #874
- Fix creation of "Super" permissions #892
- Add tags used for result NVTs to update_nvti_cache #916
- Apply usage_type of tasks in get_aggregates (9.0) #912
- Add target's alive test method before starting a scan. #947
- Set run status only after getting OSP-OpenVAS scan #948 #951
- Fix get_system_reports for GMP scanners #949
- Fix QoD handling in nvti cache and test_alert #954
- Use stop_osp_task for SCANNER_TYPE_OSP_SENSOR #955
- Add target's reverse_lookup_* options #959
- Fix "Start Task" alerts by using alert owner #957
- Fix Verinice ISM report format and update version [#962](htt...
Greenbone Vulnerability Manager v9.0.1
Added
- Add option --optimize migrate-relay-sensors #827
- Add host_id filter for tls_certificates #835
- Allow use of public key auth in SCP alert #845
- Refuse to import config with missing NVT preference ID #856 #860
- Add "Base" scan config #862
- Add setting "BPM Data" #914
- Add --optimize option cleanup-result-encoding #1014 #1031
- Add --rebuild #1016
- Lock a file around the NVT sync #1017
- Add --rebuild-scap option #1050
Changed
- Extend command line options for managing scanners #815
- Update SCAP and CERT feed info in sync scripts #809
- Try authentication when verifying GMP scanners #837
- Try importing private keys with libssh if GnuTLS fails #841
- Allow resuming OSPd-based OpenVAS tasks #869
- Require PostgreSQL 9.6 as a minimum #872
- Speed up the SCAP sync #875 #877 #879 #881 #883 #887 #889 #890 #891 #901
- Change rows of built-in default filters to -2 (use "Rows Per Page" setting) #896
- Force NVT update in migrate_219_to_220 #895
- Use temp tables to speed up migrate_213_to_214 #911
- Add a delay for re-requesting scan information via osp #1009
- Count only best OS matches for OS asset hosts #1028
- Clean up NVTs set to name in cleanup-result-nvts #1038
- New Community Feed download URL in sync tools #1042
- Do not ignore empty hosts_allow and ifaces_allow #1063
Fixed
- Consider results_trash when deleting users #799
- Try to get NVT preferences by id in create_config #821
- Fix preference ID in "Host Discovery" config #828
- Fix order of fingerprints in get_tls_certificates #833
- Update config preferences after updating NVTs #832
- Fix asset host details insertion SQL #839
- Fix notes XML for lean reports #836
- MODIFY_USER saves comment when COMMENT is empty #842
- MODIFY_PERMISSION saves comment when COMMENT is empty #918
- Fix result diff generation to ignore white space in delta reports #861
- Fix resource type checks for permissions #863
- Fix result_nvt for new OSP and slave results #865
- Use right format specifier for merge_ovaldef version #874
- Fix creation of "Super" permissions #892
- Setup general task preferences to launch an osp openvas task. #898
- Add tags used for result NVTs to update_nvti_cache #916
- Apply usage_type of tasks in get_aggregates #912
- Setup target's alive test setting to launch an osp openvas task #936
- Remove incorrect duplicates from config preference migrator #940
- Correct pref ID in migrate_219_to_220 #941
- Fix alive test. Target's alive test setting has priority over scan config #943
- Set run status only after getting OSP-OpenVAS scan #948 #951
- Fix get_system_reports for GMP scanners #949
- Use stop_osp_task for SCANNER_TYPE_OSP_SENSOR #955
- Setup target's reverse_lookup_* settings to launch an osp openvas task #958
- Always use details testing alerts with a report #964
- Remove extra XML declaration in Anonymous XML #965
- Fix Verinice ISM report format and update version #962
- Fix SCP alert authentication and logging #972
- Accept expanded scheme OIDs in parse_osp_report #983
- Fix SCAP update not finishing when CPEs are older #985
- Add user limits on hosts and ifaces to OSP prefs #1032
- Fix scanner_options not inserted correctly when starting ospd task #1056
- Fix QoD handling in NVTi cache and sensor scans #1060
- Fix doc of get_tasks in GMP doc #1065
- Fix deletion of OVAL definition data #1080
Removed
- Remove 1.3.6.1.4.1.25623.1.0.90011 from Discovery config (9.0) #847
Greenbone Vulnerability Manager v8.0.2
Added
- Add setting 'GMP Slave Check Period' #628
- Command cleanup-report-formats for --optimize option #651
- Document container tasks in GMP doc #690
- New columns Ports, Apps, Distance, and Auth in the CSV Hosts report format #734
- Allow use of public key auth in SCP alert #846
- Add --rebuild-scap option #1049
Changes
- Use lower case for new style DELETE responses #664
- Check and create default permissions individually #672
- Add -f arg to sendmail call in email alert #677 #679
- Change get_tickets to use the status text for filtering. #698
- Also consider 0 of n NVTS as busy loading #706
- Check whether hosts are alive and have results when adding them in slave scans. #718 #737
- Change rows of built-in default filters to -2 (use "Rows Per Page" setting) #897
- Update SCAP and CERT feed info in sync scripts #808
- Count only best OS matches for OS asset hosts #1027
- New Community Feed download URL in sync tools #1043
- Do not ignore empty hosts_allow and ifaces_allow #1062
Fixed
- A PostgreSQL statement order issue #611 has been addressed #691
- Fix iCalendar recurrence and timezone handling #653
- Fix issues with some scheduled tasks by using iCalendar more instead of old period fields #655
- Fix an issue in getting the reports from GMP scanners #658 #666
- Fix GET_SYSTEM_REPORTS using slave_id #667
- Fix RAW_DATA when calling GET_INFO with type NVT without attributes name or info_id #682
- Fix assignment of orphaned tickets to the current user #686
- Fix ORPHAN calculations in GET_TICKETS #687 #700
- Fix response from GET_VULNS when given vuln_id does not exist #699
- Make bulk tagging with a filter work if the resources are already tagged #712
- Fix columnless search phrase filter keywords with quotes #716
- Fix issues importing results or getting them from slaves if they contain "%s" #724
- A possible database migration issue from GVMd-7 to GVMd-8 has been addressed #742 #755
- Fix escaping that was preventing start_task from running #758
- Fix array index error when modifying roles and groups #763
- Fix percent sign escaping in report_port_count #781
- Consider results_trash when deleting users #804
- Allow to migrate gvmd 8 sqlite3 database to postgres with gvm-migrate-to-postgres script
#820 - Fix asset host details insertion SQL #840
- Fix creation of "Super" permissions #893
- Init comment for MODIFY_USER/COMMENT, in case it's empty #894
- Init comment for MODIFY_PERMISSION, in case it's empty #919
- Fix Verinice ISM report format and update version #963
- Fix SCP alert authentication and logging #973
- Use right format specifier for merge_ovaldef version #1053
- Fix deletion of OVAL definition data #1077
Greenbone Vulnerability Manager v9.0.0
This is the first release of the gvmd module 9.0 for the Greenbone Vulnerability Management (GVM) framework.
Added
- Added TLS certificates as a new resource type #585 #663 #673 #674 #689 #695 #703 #728 #732 #750 #752 #774 #792
- Update NVTs via OSP #392 #609 #626 #753 #767
- Handle addition of ID to NVT preferences. #413 #744
- Add setting 'OMP Slave Check Period' #491
- Document switching between releases when using Postgres. #563
- Cgreen based unit tests for gvmd has been added. #579
- New usage_type property to distinguish normal scan tasks and configs from compliance audits and policies #613 #625 #633
- Command cleanup-report-formats for --optimize option #652
- Enable SecInfo alert checks #670
- Add an explicit solution column to NVTs #681 #702 #730
- Document container tasks in GMP doc #688
- Add explicit columns for the NVT tags "summary", "insight", "detection", "impact" and "affected" #719 #746
- Add lean option to GET_REPORTS #745
- Add scanner relays and OSP sensor scanner type #756 #759
Changed
- Always convert iCalendar strings to use UTC. #777
- Check if NVT preferences exist before inserting. #406
- Raise minimum version for SQL functions. #420
- Run OpenVAS scans via OSP instead of OTP. #422 #584 #623 #636 #704 #729
- Request nvti_cache update only at very end of NVT update. #426
- Consolidate NVT references into unified "refs" element. #427 #739
- Update gvm-libs version requirements to v11.0. #480
- Adjust to use new API for vt references. #526
- Expect NVT sync script in bin directory. #546
- Change internal handling of NVT XML to use nvti_t. #562
- Change NVT references like CVEs and BID to general vt_refs. #570 #574 #582
- Update Postgres to SQLite migration. #581 #601 #604 #605
- Update result diff generation at delta reports #650
- Check and create default permissions individually #671
- Add -f arg to sendmail call in email alert #676 #678
- Change get_tickets to use the status text for filtering. #697
- Made checks to prevent duplicate user names stricter. #708 #722
- Send delete command to ospd after stopping the task. #710
- Check whether hosts are alive and have results when adding them in slave scans. #717 #726 #736 #771
- Use explicit nvti timestamps #725
- New columns Ports, Apps, Distance, and Auth in the CSV Hosts report format #733
- The details attribute of GET_REPORTS now defaults to 0 #747
- Incoming VT timestamps via OSP are now assumed to be seconds since epoch #754
- Accelerate NVT feed update #757
Fixed
- Make get_settings return only one setting when setting_id is given #779
- A PostgreSQL statement order issue #611 has been addressed #642
- Fix iCalendar recurrence and timezone handling #654
- Fix issues with some scheduled tasks by using iCalendar more instead of old period fields #656
- Fix an issue in getting the reports from GMP scanners #659 #665
- Fix GET_SYSTEM_REPORTS using slave_id #668
- Fix RAW_DATA when calling GET_INFO with type NVT without attributes name or info_id #682
- Fix ORPHAN calculations in GET_TICKETS #684 #692
- Fix assignment of orphaned tickets to the current user #685
- Fix response from GET_VULNS when given vuln_id does not exists #696
- Make bulk tagging with a filter work if the resources are already tagged #711
- Check if the scan finished before deleting it and ensure that the task is set to done #714
- Fix columnless search phrase filter keywords with quotes #715
- Fix issues importing results or getting them from slaves if they contain "%s" #723
- Fix sorting by numeric filter columns #751
- Fix array index error when modifying roles and groups #762
- Add NULL check in nvts_feed_version_epoch #773
- Fix percent sign escaping in report_port_count #782
- If the nvt preference is "file" type, encode it into Base64 format #785
Removed
- The handling of NVT updates via OTP has been removed. #575
- Bid and xref have been removed from table nvts. #582
- Database migration from revisions before 185 has been removed. #411 #622
- Drop SQLite support #610 #612 #614
- Remove create report task creation #616
- Remove --backup command line option #615
- Remove GET_REPORTS type "assets" #617 #620
- Remove errors for unknown elements #619
- Remove unused reports column nbefile #675
- Eliminate get_tag() and parse_tags() #743
- Remove helper functions and other code for handling OTP #705 #709 #713 #735 #748 #749
- Remove stray prototype nvt_iterator_copyright [#721](https://github....
Greenbone Vulnerability Manager v8.0.1
Added
- Special characters in credential login names are allowed. #475
- Add type filter column to GET_CONFIGS. #486
- Filter settings for groups, scanners, tickets, users and vulnerabilities have been added. #497
- Multiple certificate formats for S/MIME are allowed. #551
Changes
- Functions config_in_use, trash_config_in_use and port_list_in_use
returned a count instead of the expected 1 or 0. #460 - The cache is rebuild for each chunk in CREATE_REPORT. #469
- Hosts without HOST_START are added in CREATE_REPORT. #479
- Use host details for login failure in ticket check. #483
- In create_target() and modify_target() exclude_hosts is cleaned up to be in a consistent format like the included hosts are. #488.
- Check that roles exist earlier. #493
- Anonymize more IPs and hostnames in Anonymous XML. #496 #535
- Ensure that authentication always works for Start Task alerts. #515
- Get content type when emailing an attached report. #517
- Allow vuln_iterator_opts_from_filter filter to be NULL. #527
- Wrap PostgreSQL exclusive table lock in function to prevent error messages in the PostgreSQL log if the lock is not available. #542
- Trim whole report when resuming slave scans #549
- Documentation has been improved. #569 #567 #588
- Update command line options in gvmd man page #565
- Clean special option keywords in filters. #571 #578 #576
- If the schedule of a task is available, GET_TASKS will always return the
long schedule XML, not just if only the schedules are requested. #500 - References to OpenVAS have been replaced with GSM #529
- Buffer inserts when adding results from a slave #641
Fixed
- Checks on 'type' in GET_FEEDS has been fixed. #462
- An issue which caused a race condition using the WHERE NOT EXISTS SQL has been addressed. #472
- A missing argument in check_tickets is added. #477
- Add missing filter case to result_count. #548
- Fix create_report cache update at end of results. #490
- Fix permission checks for trash reports #503
- Fix MODIFY_TAG and CREATE_TAG responses. #520
- Fix MODIFY_TAG for all types when given a filter. #523
- Fix email field validation in create_alert and modify_alert. #534 #545
- Fix --slave-commit-size option. #555
- Fix TippingPoint error handling #592
- Apply ignore_pagination in delta reports #597
- Fix getting single unowned resources #607
- Fix the "Host Authentications" section in PDF / LaTeX reports. #640