1.3.2

• New features
  • Offline mode support for environmentvariable58 probe
  • The oscap-docker wrapper is available without Atomic
• Maintenance, bug fixes
  • Improved support of multi-check rules (report, remediations, console output)
  • Improved HTML report look and feel, including printed version
  • Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
  • Probe rpmverifyfile uses and returns canonical paths
  • Improved a11y of HTML reports and guides
  • Fixes and improvements for SWIG Python bindings
  • #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
  • Fixed URL link mechanism for Red Hat Errata
  • New STIG Viewer URI: public.cyber.mil
  • Probe selinuxsecuritycontext would not check if SELinux is enabled
  • Scanner would provide information about unsupported OVAL objects
  • Added more tests for offline mode (probes, remediation)
  • #528 fixed: Eval SCE script when /tmp is in mode noexec
  • #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage

1.3.1

• New features
  • Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas,
    validation)
  • Introduced oscap-podman -- a tool for SCAP evaluation of Podman
    images and containers (rhbz#1642373)
  • Tailoring files are included in ARF result files (#902)
  • OVAL details are always shown in HTML report, users do not have to
    provide --oval-results on command line
  • HTML report displays OVAL test details also for OVAL tests included
    from other OVAL definitions using extend_definition (#916, #954)
  • OVAL test IDs are shown in HTML report
  • Rule IDs are shown in HTML guide (#1293)
  • Added block_size in Linux partition_state defined in OVAL 5.11.2
  • Added oscap_wrapper that can be used to comfortably execute custom
    compiled oscap tool
• Maintenance, bug fixes
  • Remote filesystems mounted using autofs direct maps are not
    recognized as local filesystems (rhbz#1655943)
  • SCAP source datastreams containing remote components can be
    evaluated without downloading remote data (rhbz#1709423)
  • Fixed duplicated variables in generated Ansible Playbooks
  • Fixed trailing whitespace characters in Ansible Playbooks
  • Correctly handle multiline profile titles and profile descriptions
    in generated Ansible Playbooks (#1112)
  • Fixed STIG Viewer output (--stig-viewer) to handle multiple rules
    that have the same STIG ID
  • Fixed incorrect displaying of OVAL test results in HTML report
  • Fixed segmentation fault in offline mode caused by usage of chroot
    file descriptor after closing (rhbz#1636431)
  • Fixed textfilecontent54 probe to not ignore max_depth, recurse,
    recurse_direction and recurse_file_system attributes of
    behaviors element when filepath element is given (rhbz#1655943)
  • Added CMake policies (CMP0078 and CMP0086) related to UseSWIG
  • Added RHEL 8 CPE, Fedora 31 CPE, Oracle Linux 8 CPE
  • Fedora CPEs fixed to work also on Fedora >= 30
  • Fixed segmentation fault in CVRF module (rhbz#1642283)
  • Fixed unresolved symbols in libopenscap_sce.so
  • Fixed memory leaks in Windows registry probe (#1269)
  • Fixed many GCC compiler warnings
  • Removed dead code from fsdev module
  • Many new test cases in upstream test suite
  • Refactoring
  • Updated Developer Guide
  • Updated manual pages

1.3.0

• New features
  • Introduced a virtual '(all)' profile selecting all rules
  • Verbose mode is a global option in all modules
  • Added Microsoft Windows CPEs
  • oscap-ssh can supply SSH options into an environment variable
• Maintenance
  • Removed SEXP parser
  • Added Fedora 30 CPE
  • Fixed many Coverity defects (memory leaks etc.)
  • SCE builds are enabled by default
  • Moved many low-level functions out of public API
  • Removed unused and dead code
  • Updated manual pages
  • Numerous small fixes

1.3.0_alpha2

• Maintenance
  • Removed '--probe-root' option
  • Removed '--show' option from 'oscap xccdf generate report'
  • Removed CCE API
  • Removed deprecated option '--sce-results'
  • Removed 'oscap oval list-probes' submodule
  • Removed 'validate-xml' submodule from CPE, OVAL, XCCDF modules
  • Moved OVAL probe handler to private headers
  • Added tests for filehash58 offline mode
  • Fixed broken SCE
  • Fixed problematic versioning in CMake and pkgconfig file
  • Removed many unused code
  • Rewritten test tests/API/XCCDF/default_cpe
  • Started to use asciidoc instead of asciidoctor
  • Fixed many compiler warnings
  • Fixed MinGW builds
  • Documentation updates
  • Small fixes

1.3.0_alpha1

• New features
  • Microsoft Windows support (issue #195)
  • new probes:
    • Windows registry probe
    • Windows accesstoken probe
    • Windows wmi57 probe
  • CMake is used as build system (issue #542)
  • CTest is used as test suite driver
• Maintenance
  • probes are not separate processes, they are threads within oscap
  • OpenSCAP can be compiled using Visual Studio 2017
  • Dropped 53 deprecated API symbols (issue #1088)
  • Removed GNU Automake
  • Removed Python 2 support (issue #1034)
  • Ninja build is supported
  • Public API symbols are marked by OSCAP_API macro
  • Removed variable length arrays
  • Removed custom memory allocation functions (issue #1077)
  • Improved OS X build support
  • Fixed crash when deallocating red-black-tree node in Windows
  • Several large tests are splitted into smaller test cases
  • User manual is splitted in User and Developer manual
  • Many documentation updates (issue #1069, #1066)
  • Stopped using '\r' characters on stdout (issue #579, #1023)
  • Updated release tools to reflect CMake (issue #1036)
  • Dropped Cygwin support from User Manual (issue #1011)
  • source tarball does not contain build artifacts
  • Many small fixes

1.2.17

• New features
  • HTML Guide user experience improvements
  • New options in HTML report "Group By" menu
  • oscap-ssh supports --oval-results (issue #863)
• Maintenance
  • Support comparing state record elements with item
  • Updated Bash completion
  • Make Bash role headers consistent with --help output
  • Fixed problems reported by Coverity (issue #909)
  • Fixed CVE schema to support 4 to 7 digits CVEs
  • Fix output of generated bash role missing fix message
  • Fix oscap-docker to clean up temporary image (RHBZ #1454637)
  • Fix Ansible remediations generation
  • Add a newline between ids in xccdf info (issue #968)
  • Fix unknown subtype handling in oval_subtype_parse (issue #986)
  • Outsourced the pthreads feature check and setup
  • Speed up in debug mode
  • Refactored the Python handling in build scripts
  • Prevent reading from host in offline mode (issue #1001)
  • Many probes use OWN offline mode
  • Improve offline mode logic in OVAL probes
  • Do not use chroot in system_info probe
  • Prevent a segfault in oscap_seterr on Solaris
  • Out of tree build is possible
  • Use chroot for RPM probes in offline mode
  • PEP8 accepts lines up to 99 characters
  • New configure parameter --with-oscap-temp-dir (issue #1016)
  • Fixed OVAL record elements namespace and SEXP conversion
  • Removed '\r' characters from help output (issue #1023)
  • Full Python 3 compatibility
  • Removed basic Python implementation of oval_probes.c
  • Added support for Travis CI and Sonar Cloud
  • Minor fixes inspired by Sonar Cloud
  • Added Fedora 29 CPE
  • New tests in upstream test suite (offline mode, Ansible, etc.)

1.2.16

Stats

• Over 350 commits from 12 distinct persons
• 3 new contributors.
• 66 Github issues fixed, 59 PRs merged.

New features

• oscap can generate output that is compatible with STIG Viewer.
• CVRF parsing and export has been implemented.
• oscap info command has been expanded.
• The AIX platform is supported.
• Many documentation improvements.
• Numerous other improvements of existing features.

Maintenance

• Huge cross-platform improvements.
• Memory leaks fixed (RHBZ#1485876).
• SELinux fixes.
• Many coverity fixes.
• Numerous other bugfixes.

1.2.15

• New features
  • short profile names can be used instead of long IDs
  • new option --rule allows to evaluate only a single rule
  • new option --fix-type in "oscap xccdf generate fix" allows choosing
    remediation script type without typing long URL
  • "oscap info" shows profile titles
  • OVAL details in HTML report are easier to read
  • HTML report is smaller because unselected rules are removed
  • HTML report supports NIST 800-171 and CJIS
  • remediation scripts contain headers with useful information
  • remediation scripts report progress when they run
  • basic support for Oracle Linux (CPEs, runlevels)
  • remediation scripts can be generated from datastreams that contain
    multiple XCCDF benchmarks (issue #772)
  • basic support for OVAL 5.11.2 (only schemas, no features)
  • enabled offline RPM database in rpminfo probe (issue #778)
  • added Fedora 28 CPE
• Maintenance
  • fixed oscap-docker with Docker >= 2.0 (issue #794)
  • fixed behavior of sysctl probe to be consistent with sysctl tool
  • fixed generating remediation scripts (issue #723, #773)
  • severity of tailored rules is not discarded (issue #739)
  • fixed errors in RPM probes initialization
  • oscap-docker shows all warnings reported by oscap (issue #713)
  • small improvements in verbose mode
  • standard C operations are used instead of custom OpenSCAP operations
  • fixed compiler warnings
  • fixed missing header files
  • fixed resource leaks (issue #715)
  • fixed pkgconfig file (RHBZ #1414777)
  • refactoring
  • documentation fixes and improvements

1.2.14

• New features
  • Detailed information about ARF files in 'oscap info' (issue #664)
  • XSLT template creating XCCDF files from OVAL files
  • Generating remediation scripts from ARF
  • Significant improvements of User Manual (issue #249, #513)
  • HTML report UX improvements (issue #601, #620, #622, #655)
  • Warnings are shown by default
  • Verbose mode is available in 'xccdf remediate' module (issue #520)
  • Added Fedora 26, Fedora 27 and OpenSUSE 42.2 CPEs (issue #698)
  • Support for Anaconda remediation in HTML report
• Maintenance
  • Fixed CPE dictionary to identify RHEVH as RHEL7 (RHBZ #1420038)
  • Fixed systemd probes crashes inside containers (RHBZ #1431186, issue #700)
  • Added a warning on non-existing XCCDF Benchmarks (issue #614)
  • Fixed output on terminals with white background (RHBZ #1365911, issue #512)
  • Error handling in oscap-vm (RHBZ #1391754)
  • Fixed SCE stderr stalling (RHBZ #1420811)
  • Fixed Android OVAL schema (issue #279)
  • Fixed absolute filepath parsing in OVAL (RHBZ #1312831, #1312824)
  • Fixes based on Coverity scan report (issue #581, #634, #681)
  • Fixed duplicated error messages (issue #707)
  • Fixed XCCDF score calculation (issue #617)
  • Fixed segmentation faults in RPM probes (RHBZ #1414303, #1414312)
  • Fixed failing DataStream build if "@" is in filepath
  • Fixed missing header in result-oriented Ansible remediations
  • Memory leak and resource leak fixes (issue #635, #636)
  • New upstream tests
  • Many minor fixes and improvements

1.2.13

openscap-1.2.13

• Maintenance
  • we always build system_info OVAL probe, fixed configure output accordingly
  • warn when the user requests to generate an ARF from XCCDF 1.1
  • fixed a segfault when loading an OVAL file with invalid family attribute
  • added --thin-results CLI override to oscap xccdf eval
  • added --without-syschar CLI override to oscap xccdf eval
  • fixed a segfault when freeing xccdf_policy of the default profile
  • removed ARF schematron workaround when there are no applicable checks
  • fixed verbose output in oscap xccdf generate fix
  • do not filter fix by applicability when generating remediations from results
  • fixed memory leaks, resource leaks and other minor issues