Releases: greenbone/gvmd
Greenbone Vulnerability Manager v8.0.0
This is the first release of the gvmd module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.
Please note that migration steps for the transition to gvmd are required for existing setups / installations.
Many thanks to everyone who has contributed to this release.
Main changes compared to gvm 8.0+beta2:
- The new alert method "Alemba vFire" has been added.
- GMP CREATE_ASSET, its GMP doc and usage by GSA are now more consistent.
- The SMB alert will now try to create directories as needed.
- The file path of SMB alerts can now be set to a directory, using the default
report filename from the user's settings. - The file extension from the report format will now be added by SMB alerts.
- The tag "smb-alert:file_path" on tasks will override the file path of
SMB alerts. - Handling of SSH private keys has been improved, allowing use of EC keys.
- An issue with deleting users has been fixed.
- The option
--optimize remove-open-port-results
has been removed. - CREATE_TASK now requires a name.
- The compile-time LOG option has been removed.
- The
--modify-scanner
option now also accepts UNIX sockets. - Support for report content composition has been added.
- TEST_ALERT now also works if NVTs are missing.
- LSC errors are now logged as warnings.
- Remediation support has been added (GMP CREATE_TICKET, GET_TICKETS, etc).
- Missing data in credentials no longer prevents slave tasks from starting.
Instead the scan will start without the credential. - An issue preventing "Start Task" alerts from running has been fixed.
- Handling of failed/successful SNMP Authentication has been added to the
HTML, LaTeX and PDF report formats. - A new password-only credential type has been added
- The Sourcefire alert now accepts a password credential for PKCS12 decryption.
- The source code and GMP documentation have been cleaned up.
- A section about deprecated GMP elements has been added to the documentation.
- Targets now use TCP-SYN without TCP-ACK when pinging hosts when configured
to do so. - Performance of GET_REPORTS retrieving the results has been improved.
- GET_REPORTS will only return Tags of results if requested with the new
result_tags attribute. - Updates of the NVTs will now ignore duplicate preferences instead of failing.
- An issue with alert emails missing a line break has been addressed.
- MODIFY_SETTING now checks if text values can be decoded to valid UTF-8.
- Users will automatically get read permission for themselves.
- An issue with incomplete NVT info after feed updates has been addressed.
- Issues with the predefined report formats not handling hosts and hostnames
correctly have been addressed. - Settings "Hosts Filter" and "Operating Systems Filter" have been added.
- The predefined "Discovery", "Host Discovery" and "System Discovery" now
mark unreachable hosts as dead. - The GET_TASKS command now only returns the progress of individual hosts
when details are requested. - The --slave-commit-size option has been added, which can help prevent large
updates from GMP scanners blocking the database for a long time. - An issue with GET_FEEDS returning the wrong feed types has been addressed.
- Various other code cleanups and improvements.
Greenbone Vulnerability Manager v8.0+beta2
This is the second beta release of the gvmd module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.
It was renamed from gvm to gvmd (Greenbone Vulnerability Manager daemon).
Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matthew Mundell, Timo Pollmeier,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to gvm 8.0+beta1:
- Classic report format HTML has been removed from predefined report formats.
- External tool openvasmr has been renamed to gvmcg.
- Size of result description and diff text in GMP has been limited.
- Support for creating filters for vulnerabilities has been added.
- .deb and .rpm LSC package generation has been improved.
- SNMP and ESXi Authorization in the scan config have been hidden.
- Support for using configurable GPG and S/MIME encryption keys for Email Alerts
has been added. - Script copyright and script version have been removed.
- Vhosts handling has been improved.
- User tags can now refer to multiple resources for easier bulk tagging.
- Elements host_start and host_end have been removed
from the report element of response from get_reports. - The task status "Internal Error" has been replaced by "Interrupted", which
can also occur in case of errors that previously set tasks to "Stopped". - "OpenVAS Classic" has been removed from the list of predefined severity
classification schemes. - A results trashcan table has been added for performance reasons.
- The prognostic type has been removed from GET_REPORTS and from the
report element. - An issue related to credential creation and modification has been addressed.
- Several improvements and fixes related to reports have been done.
- Documentation has been updated.
- Several memory management aspects have been improved.
- Various code cleanups and improvements.
Greenbone Vulnerability Manager v8.0+beta1
This is the first beta release of the gvm module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.
It was renamed from openvas-manager to gvm (greenbone vulnerability manager).
Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version 7.0.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Antony Falegkos, Christian Fischer, Matthew Mundell, Juan
Nicola, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to the 7.0 series:
- The central service component "OpenVAS-Manager" has been renamed to
"Greenbone Vulnerability Manager". Subsequently, the central binary has been
renamed from "openvasmd" to "gvmd". Also any other occurence of "OpenVAS
Manager" or related terms has been renamed accordingly, including the API from
"OMP" to "GMP". - The new GMP command GET_VULNS allows for a view on found vulnerabilities with
quantities on results and hosts, across all reports. - The required minimum version of new dependency GVM Libraries is 1.0 and
the dependency to the openvas-libraries module has been removed. Therefore
many include directives have been adapted to the new source code. - The gmvd proctitle is set for each process to indicate what the process
is doing. - The elements host_start and host_end has been removed from report element,
which eliminate redundant information since there are already available in the
host element. - iCal standard (RFC2445) support has been introduced for "schedule" objects.
- The gvm daemon automatically detects new SCAP and CERT data as well as when new
NVTs are available from the OpenVAS Scanner and will load/update the database
accordingly. Therefore the --rebuild, --update and --progress options have
been removed. - Transition from global objects to ownerless-predefined objects: The possibility
to configure users, groups or roles to have arbitrary
permissions over pre-defined objects has been added.
For example, a role could be configured with only one specific Scan Config,
Scanner or Port List to use. The default permissions, however, do not change. - The update of SCAP and CERT data has been changed from external scripts
into internal routines of gvmd. This makes the process faster
and consumes less resources. - Documentation has been updated.
- Several memory management aspects have been improved.
- Various code cleanups and improvements.
- The CMake building process was improved.
- The minimum required version of GLib has been raised to 2.42.
- The minimum required version of CMake has been raised to 3.0.
OpenVAS Manager 7.0.3
For detailed code changes, please visit
https://github.com/greenbone/gvm/commits/openvas-manager-7.0
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/gvm.git
$ cd gvm && git checkout openvas-manager-7.0 && git log
This is the third maintenance release of the openvas-manager 7.0 module for the
Open Vulnerability Assessment System release 9 (OpenVAS-9). The OpenVAS Manager
is the central management service between the actual security scanners and the
user clients.
This release fixes various issues, improves the migration routine and
especially addresses performance issues.
Many thanks to everyone who has contributed to this release:
Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner, Michael Wiegand,
Raphael Grewe, Christian Fischer and Juan Jose Nicola.
Main changes since 7.0.2:
- Performance when creating, deleting or modifying overrides and permissions
has been improved. This includes rebuilding the reports cache only
for affected users and reports. - SQL queries are now canceled if the connection is closed by a client
to prevent abandoned requests like closed pages in GSA from keeping the
database busy. - The loading of NVTs has been improved with SQL simplifications.
- An issue where an invalid regular expression in a filter caused an error has
been addressed. - An issue which caused processes to wait busily has been addressed.
- The verify_scanner command can now be used to verify OMP Scanners.
- An issue generating ISO time strings with zero or negative offsets has been
addressed. - An issue which caused to not be possible for Superadmin to move a report
format to trash has been addressed. - Handling of credentials has been improved.
- Result list performance has been improved.
- An issue which caused a problem in an Alert method has been addressed.
- Password parameter to --create-user of openvasmd has been introduced.
- An issue which caused an internal error when editing specific options and
saving override has been addressed. - An issue which caused report counts not to include all results has been
addressed. - Postgres start and stop speed has been improved.
- An issue which prevented deleting orphaned permissions has been addressed.
- An issue with XML escaping of targets and other resources referenced in
tasks has been addressed so reserved characters can no longer cause errors
in clients like GSA. - User password policy warning has been improved.
- Performance of the report results counting has been improved.
- Host details have been added to Host Report.
- An issue with the SQL function current_severity being undefined in the SQLite
backend has been addressed. - An issue with not being able to delete users due to the order the delete
statements violating foreign key constraints has been addressed. - If resources of a deleted user are still in use, the command will now fail
with a message saying so. - The SMB alert method has been added.
- Documentation has been updated.
- Several issues which caused problem after migrations have been addressed.
- The running scan progress bar has been improved.
- An issue with escaping dollar signs and backslashes in the LaTeX report
has been addressed. - An issue which caused alerts to not work has been addressed.
- An issue which caused timezone filter to have no effect on start and end
time of the scan has been addressed. - An issue which caused the Manager to exit when the DB is down has been
addressed. - An issue which caused user tags with read permissions to not be listed has
been addressed. - An issue which caused blocks on all other user actions under certain
circumstances has been addressed. - When a slave is unavailable get_system_reports will return a more specific
error message. - A schedule timeout has been introduced.
- Several issues which caused an internal error setting a report filter have
been addressed. - An issue which caused a race condition when accessing manager socket too
quickly has been addressed. - An issue which caused users not to be able to run tasks under certain
circumstances has been addressed. - Result filtering of port summary in reports has been addressed.
- An issue with delete commands returning wrong reasons for failures like
wrong UUIDs or resources being predefined has been addressed. - An issue which caused sort-reverse filter to break delta reports has been
addressed. - Several other performance improvements has been done.
- An issue which caused errors when an invalid filt_id is given has been
addressed. - An issue which caused users to not be able to access the vulnerability
details in reports has been addressed. - Message text for mail alerts has been improved.
- Wrong font in PDF report has been addressed.
- The enable option Log whole attack has been removed from scan config.
- An issue which caused a segfault in the PostgreSQL next_time function
under certain circumstances has been addressed. - An issue with time calculations of schedules has been addressed.
- An issue which caused permission problem because of deleted users has been
addressed. - New alert method Tipping Point SMS has been added.
- Details to --max-ips-per-target error message have been added.
- An issue which would cause an error in a fresh DB under certain circumstances
has been addressed. - An issue which caused a started task to hang in Requested status has been
addressed. - An issue which caused overwriting of credentials under certain circumstances
has been addressed. - Credentials which can not be created on slave are now ignored to avoid scans
getting stuck in the requested status because of bad credentials. - An issue with creating SQL functions in a new PostgreSQL database has
been addressed.
OpenVAS Manager v6.0.12
For detailed code changes, please visit
https://github.com/greenbone/gvm/commits/openvas-manager-6.0
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/gvm.git
$ cd gvm && git checkout openvas-manager-6.0 && git log
This is the twelfth maintenance release of the openvas-manager 6.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
This release addresses permission issues and contains performance improvements.
It also addresses an issue which cause to GSA to partly crash. Please see below
for a comprehensive list of changes.
Many thanks to everyone who contributed to this release:
Matthew Mundell, Timo Pollmeier and Michael Wiegand.
Main changes compared to 6.0.11:
- An issue which impacted on the performance of rebuilding reports cache on
override and permission changes has been addressed. - An issue which caused an internal error when editing specific options and
saving override has been addressed. - An issue which impacted on the performance when deleting overrides has been
addressed. - An issue which caused a deadlock in case of running too many task at once
has been addressed. - An issue which caused to not be possible for Superadmin to move a report
format to trash has been addressed. - An issue which caused that dropdownlists in scanconfig edit dialog were gone
has been addressed. - An issue which caused that orphaned permissions could not be deleted has been
addressed. - An issue which caused GSA to partly crash when using special characters on
target has been addressed. - An issue which caused scheduled task to be triggered several times has been
addressed.