Skip to content

Releases: greenbone/gvmd

Greenbone Vulnerability Manager v9.0.0

14 Oct 11:12
@timopollmeier timopollmeier
v9.0.0
a46996f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Greenbone Vulnerability Manager v9.0.0

This is the first release of the gvmd module 9.0 for the Greenbone Vulnerability Management (GVM) framework.

Added

  • Added TLS certificates as a new resource type #585 #663 #673 #674 #689 #695 #703 #728 #732 #750 #752 #774 #792
  • Update NVTs via OSP #392 #609 #626 #753 #767
  • Handle addition of ID to NVT preferences. #413 #744
  • Add setting 'OMP Slave Check Period' #491
  • Document switching between releases when using Postgres. #563
  • Cgreen based unit tests for gvmd has been added. #579
  • New usage_type property to distinguish normal scan tasks and configs from compliance audits and policies #613 #625 #633
  • Command cleanup-report-formats for --optimize option #652
  • Enable SecInfo alert checks #670
  • Add an explicit solution column to NVTs #681 #702 #730
  • Document container tasks in GMP doc #688
  • Add explicit columns for the NVT tags "summary", "insight", "detection", "impact" and "affected" #719 #746
  • Add lean option to GET_REPORTS #745
  • Add scanner relays and OSP sensor scanner type #756 #759

Changed

  • Always convert iCalendar strings to use UTC. #777
  • Check if NVT preferences exist before inserting. #406
  • Raise minimum version for SQL functions. #420
  • Run OpenVAS scans via OSP instead of OTP. #422 #584 #623 #636 #704 #729
  • Request nvti_cache update only at very end of NVT update. #426
  • Consolidate NVT references into unified "refs" element. #427 #739
  • Update gvm-libs version requirements to v11.0. #480
  • Adjust to use new API for vt references. #526
  • Expect NVT sync script in bin directory. #546
  • Change internal handling of NVT XML to use nvti_t. #562
  • Change NVT references like CVEs and BID to general vt_refs. #570 #574 #582
  • Update Postgres to SQLite migration. #581 #601 #604 #605
  • Update result diff generation at delta reports #650
  • Check and create default permissions individually #671
  • Add -f arg to sendmail call in email alert #676 #678
  • Change get_tickets to use the status text for filtering. #697
  • Made checks to prevent duplicate user names stricter. #708 #722
  • Send delete command to ospd after stopping the task. #710
  • Check whether hosts are alive and have results when adding them in slave scans. #717 #726 #736 #771
  • Use explicit nvti timestamps #725
  • New columns Ports, Apps, Distance, and Auth in the CSV Hosts report format #733
  • The details attribute of GET_REPORTS now defaults to 0 #747
  • Incoming VT timestamps via OSP are now assumed to be seconds since epoch #754
  • Accelerate NVT feed update #757

Fixed

  • Make get_settings return only one setting when setting_id is given #779
  • A PostgreSQL statement order issue #611 has been addressed #642
  • Fix iCalendar recurrence and timezone handling #654
  • Fix issues with some scheduled tasks by using iCalendar more instead of old period fields #656
  • Fix an issue in getting the reports from GMP scanners #659 #665
  • Fix GET_SYSTEM_REPORTS using slave_id #668
  • Fix RAW_DATA when calling GET_INFO with type NVT without attributes name or info_id #682
  • Fix ORPHAN calculations in GET_TICKETS #684 #692
  • Fix assignment of orphaned tickets to the current user #685
  • Fix response from GET_VULNS when given vuln_id does not exists #696
  • Make bulk tagging with a filter work if the resources are already tagged #711
  • Check if the scan finished before deleting it and ensure that the task is set to done #714
  • Fix columnless search phrase filter keywords with quotes #715
  • Fix issues importing results or getting them from slaves if they contain "%s" #723
  • Fix sorting by numeric filter columns #751
  • Fix array index error when modifying roles and groups #762
  • Add NULL check in nvts_feed_version_epoch #773
  • Fix percent sign escaping in report_port_count #782
  • If the nvt preference is "file" type, encode it into Base64 format #785

Removed

  • The handling of NVT updates via OTP has been removed. #575
  • Bid and xref have been removed from table nvts. #582
  • Database migration from revisions before 185 has been removed. #411 #622
  • Drop SQLite support #610 #612 #614
  • Remove create report task creation #616
  • Remove --backup command line option #615
  • Remove GET_REPORTS type "assets" #617 #620
  • Remove errors for unknown elements #619
  • Remove unused reports column nbefile #675
  • Eliminate get_tag() and parse_tags() #743
  • Remove helper functions and other code for handling OTP #705 #709 #713 #735 #748 #749
  • Remove stray prototype nvt_iterator_copyright [#721](https://github....
Read more
Assets 4
Loading

Greenbone Vulnerability Manager v8.0.1

17 Jul 14:29
@timopollmeier timopollmeier
v8.0.1
3f7c3bc
Compare
Choose a tag to compare
Greenbone Vulnerability Manager v8.0.1

Added

  • Special characters in credential login names are allowed. #475
  • Add type filter column to GET_CONFIGS. #486
  • Filter settings for groups, scanners, tickets, users and vulnerabilities have been added. #497
  • Multiple certificate formats for S/MIME are allowed. #551

Changes

  • Functions config_in_use, trash_config_in_use and port_list_in_use
    returned a count instead of the expected 1 or 0. #460
  • The cache is rebuild for each chunk in CREATE_REPORT. #469
  • Hosts without HOST_START are added in CREATE_REPORT. #479
  • Use host details for login failure in ticket check. #483
  • In create_target() and modify_target() exclude_hosts is cleaned up to be in a consistent format like the included hosts are. #488.
  • Check that roles exist earlier. #493
  • Anonymize more IPs and hostnames in Anonymous XML. #496 #535
  • Ensure that authentication always works for Start Task alerts. #515
  • Get content type when emailing an attached report. #517
  • Allow vuln_iterator_opts_from_filter filter to be NULL. #527
  • Wrap PostgreSQL exclusive table lock in function to prevent error messages in the PostgreSQL log if the lock is not available. #542
  • Trim whole report when resuming slave scans #549
  • Documentation has been improved. #569 #567 #588
  • Update command line options in gvmd man page #565
  • Clean special option keywords in filters. #571 #578 #576
  • If the schedule of a task is available, GET_TASKS will always return the
    long schedule XML, not just if only the schedules are requested. #500
  • References to OpenVAS have been replaced with GSM #529
  • Buffer inserts when adding results from a slave #641

Fixed

  • Checks on 'type' in GET_FEEDS has been fixed. #462
  • An issue which caused a race condition using the WHERE NOT EXISTS SQL has been addressed. #472
  • A missing argument in check_tickets is added. #477
  • Add missing filter case to result_count. #548
  • Fix create_report cache update at end of results. #490
  • Fix permission checks for trash reports #503
  • Fix MODIFY_TAG and CREATE_TAG responses. #520
  • Fix MODIFY_TAG for all types when given a filter. #523
  • Fix email field validation in create_alert and modify_alert. #534 #545
  • Fix --slave-commit-size option. #555
  • Fix TippingPoint error handling #592
  • Apply ignore_pagination in delta reports #597
  • Fix getting single unowned resources #607
  • Fix the "Host Authentications" section in PDF / LaTeX reports. #640

Removed

  • Remove -m SMB3 for smbclient in SMB alert, which allows changing the maximum protocol version via the smbclient config instead of forcing a particular one in the alert script. #505
  • Remove "slave" from valid_db_resource_type. #558
Assets 4
Loading

Greenbone Vulnerability Manager v8.0.0

05 Apr 13:13
@timopollmeier timopollmeier
v8.0.0
a8d8e26
Compare
Choose a tag to compare
Greenbone Vulnerability Manager v8.0.0

This is the first release of the gvmd module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.

Please note that migration steps for the transition to gvmd are required for existing setups / installations.

Many thanks to everyone who has contributed to this release.

Main changes compared to gvm 8.0+beta2:

  • The new alert method "Alemba vFire" has been added.
  • GMP CREATE_ASSET, its GMP doc and usage by GSA are now more consistent.
  • The SMB alert will now try to create directories as needed.
  • The file path of SMB alerts can now be set to a directory, using the default
    report filename from the user's settings.
  • The file extension from the report format will now be added by SMB alerts.
  • The tag "smb-alert:file_path" on tasks will override the file path of
    SMB alerts.
  • Handling of SSH private keys has been improved, allowing use of EC keys.
  • An issue with deleting users has been fixed.
  • The option --optimize remove-open-port-results has been removed.
  • CREATE_TASK now requires a name.
  • The compile-time LOG option has been removed.
  • The --modify-scanner option now also accepts UNIX sockets.
  • Support for report content composition has been added.
  • TEST_ALERT now also works if NVTs are missing.
  • LSC errors are now logged as warnings.
  • Remediation support has been added (GMP CREATE_TICKET, GET_TICKETS, etc).
  • Missing data in credentials no longer prevents slave tasks from starting.
    Instead the scan will start without the credential.
  • An issue preventing "Start Task" alerts from running has been fixed.
  • Handling of failed/successful SNMP Authentication has been added to the
    HTML, LaTeX and PDF report formats.
  • A new password-only credential type has been added
  • The Sourcefire alert now accepts a password credential for PKCS12 decryption.
  • The source code and GMP documentation have been cleaned up.
  • A section about deprecated GMP elements has been added to the documentation.
  • Targets now use TCP-SYN without TCP-ACK when pinging hosts when configured
    to do so.
  • Performance of GET_REPORTS retrieving the results has been improved.
  • GET_REPORTS will only return Tags of results if requested with the new
    result_tags attribute.
  • Updates of the NVTs will now ignore duplicate preferences instead of failing.
  • An issue with alert emails missing a line break has been addressed.
  • MODIFY_SETTING now checks if text values can be decoded to valid UTF-8.
  • Users will automatically get read permission for themselves.
  • An issue with incomplete NVT info after feed updates has been addressed.
  • Issues with the predefined report formats not handling hosts and hostnames
    correctly have been addressed.
  • Settings "Hosts Filter" and "Operating Systems Filter" have been added.
  • The predefined "Discovery", "Host Discovery" and "System Discovery" now
    mark unreachable hosts as dead.
  • The GET_TASKS command now only returns the progress of individual hosts
    when details are requested.
  • The --slave-commit-size option has been added, which can help prevent large
    updates from GMP scanners blocking the database for a long time.
  • An issue with GET_FEEDS returning the wrong feed types has been addressed.
  • Various other code cleanups and improvements.
Assets 4
Loading

Greenbone Vulnerability Manager v8.0+beta2

05 Dec 11:39
@jjnicola jjnicola
v8.0+beta2
3094bec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Greenbone Vulnerability Manager v8.0+beta2 Pre-release
Pre-release

This is the second beta release of the gvmd module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.

It was renamed from gvm to gvmd (Greenbone Vulnerability Manager daemon).

Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matthew Mundell, Timo Pollmeier,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to gvm 8.0+beta1:

  • Classic report format HTML has been removed from predefined report formats.
  • External tool openvasmr has been renamed to gvmcg.
  • Size of result description and diff text in GMP has been limited.
  • Support for creating filters for vulnerabilities has been added.
  • .deb and .rpm LSC package generation has been improved.
  • SNMP and ESXi Authorization in the scan config have been hidden.
  • Support for using configurable GPG and S/MIME encryption keys for Email Alerts
    has been added.
  • Script copyright and script version have been removed.
  • Vhosts handling has been improved.
  • User tags can now refer to multiple resources for easier bulk tagging.
  • Elements host_start and host_end have been removed
    from the report element of response from get_reports.
  • The task status "Internal Error" has been replaced by "Interrupted", which
    can also occur in case of errors that previously set tasks to "Stopped".
  • "OpenVAS Classic" has been removed from the list of predefined severity
    classification schemes.
  • A results trashcan table has been added for performance reasons.
  • The prognostic type has been removed from GET_REPORTS and from the
    report element.
  • An issue related to credential creation and modification has been addressed.
  • Several improvements and fixes related to reports have been done.
  • Documentation has been updated.
  • Several memory management aspects have been improved.
  • Various code cleanups and improvements.
Assets 4
Loading

Greenbone Vulnerability Manager v8.0+beta1

30 Apr 07:15
@jjnicola jjnicola
v8.0+beta1
0477036
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Greenbone Vulnerability Manager v8.0+beta1 Pre-release
Pre-release

This is the first beta release of the gvm module 8.0 for the Greenbone
Vulnerability Management (GVM) framework.

It was renamed from openvas-manager to gvm (greenbone vulnerability manager).

Apart from the new name, the module covers a number of significant advances
and clean-ups compared to the previous version 7.0.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Antony Falegkos, Christian Fischer, Matthew Mundell, Juan
Nicola, Timo Pollmeier, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to the 7.0 series:

  • The central service component "OpenVAS-Manager" has been renamed to
    "Greenbone Vulnerability Manager". Subsequently, the central binary has been
    renamed from "openvasmd" to "gvmd". Also any other occurence of "OpenVAS
    Manager" or related terms has been renamed accordingly, including the API from
    "OMP" to "GMP".
  • The new GMP command GET_VULNS allows for a view on found vulnerabilities with
    quantities on results and hosts, across all reports.
  • The required minimum version of new dependency GVM Libraries is 1.0 and
    the dependency to the openvas-libraries module has been removed. Therefore
    many include directives have been adapted to the new source code.
  • The gmvd proctitle is set for each process to indicate what the process
    is doing.
  • The elements host_start and host_end has been removed from report element,
    which eliminate redundant information since there are already available in the
    host element.
  • iCal standard (RFC2445) support has been introduced for "schedule" objects.
  • The gvm daemon automatically detects new SCAP and CERT data as well as when new
    NVTs are available from the OpenVAS Scanner and will load/update the database
    accordingly. Therefore the --rebuild, --update and --progress options have
    been removed.
  • Transition from global objects to ownerless-predefined objects: The possibility
    to configure users, groups or roles to have arbitrary
    permissions over pre-defined objects has been added.
    For example, a role could be configured with only one specific Scan Config,
    Scanner or Port List to use. The default permissions, however, do not change.
  • The update of SCAP and CERT data has been changed from external scripts
    into internal routines of gvmd. This makes the process faster
    and consumes less resources.
  • Documentation has been updated.
  • Several memory management aspects have been improved.
  • Various code cleanups and improvements.
  • The CMake building process was improved.
  • The minimum required version of GLib has been raised to 2.42.
  • The minimum required version of CMake has been raised to 3.0.
Assets 4
Loading

OpenVAS Manager 7.0.3

29 Mar 11:06
@jjnicola jjnicola
v7.0.3
3c29cf8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
OpenVAS Manager 7.0.3

For detailed code changes, please visit
https://github.com/greenbone/gvm/commits/openvas-manager-7.0
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/gvm.git
$ cd gvm && git checkout openvas-manager-7.0 && git log

This is the third maintenance release of the openvas-manager 7.0 module for the
Open Vulnerability Assessment System release 9 (OpenVAS-9). The OpenVAS Manager
is the central management service between the actual security scanners and the
user clients.

This release fixes various issues, improves the migration routine and
especially addresses performance issues.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Timo Pollmeier, Jan-Oliver Wagner, Michael Wiegand,
Raphael Grewe, Christian Fischer and Juan Jose Nicola.

Main changes since 7.0.2:

  • Performance when creating, deleting or modifying overrides and permissions
    has been improved. This includes rebuilding the reports cache only
    for affected users and reports.
  • SQL queries are now canceled if the connection is closed by a client
    to prevent abandoned requests like closed pages in GSA from keeping the
    database busy.
  • The loading of NVTs has been improved with SQL simplifications.
  • An issue where an invalid regular expression in a filter caused an error has
    been addressed.
  • An issue which caused processes to wait busily has been addressed.
  • The verify_scanner command can now be used to verify OMP Scanners.
  • An issue generating ISO time strings with zero or negative offsets has been
    addressed.
  • An issue which caused to not be possible for Superadmin to move a report
    format to trash has been addressed.
  • Handling of credentials has been improved.
  • Result list performance has been improved.
  • An issue which caused a problem in an Alert method has been addressed.
  • Password parameter to --create-user of openvasmd has been introduced.
  • An issue which caused an internal error when editing specific options and
    saving override has been addressed.
  • An issue which caused report counts not to include all results has been
    addressed.
  • Postgres start and stop speed has been improved.
  • An issue which prevented deleting orphaned permissions has been addressed.
  • An issue with XML escaping of targets and other resources referenced in
    tasks has been addressed so reserved characters can no longer cause errors
    in clients like GSA.
  • User password policy warning has been improved.
  • Performance of the report results counting has been improved.
  • Host details have been added to Host Report.
  • An issue with the SQL function current_severity being undefined in the SQLite
    backend has been addressed.
  • An issue with not being able to delete users due to the order the delete
    statements violating foreign key constraints has been addressed.
  • If resources of a deleted user are still in use, the command will now fail
    with a message saying so.
  • The SMB alert method has been added.
  • Documentation has been updated.
  • Several issues which caused problem after migrations have been addressed.
  • The running scan progress bar has been improved.
  • An issue with escaping dollar signs and backslashes in the LaTeX report
    has been addressed.
  • An issue which caused alerts to not work has been addressed.
  • An issue which caused timezone filter to have no effect on start and end
    time of the scan has been addressed.
  • An issue which caused the Manager to exit when the DB is down has been
    addressed.
  • An issue which caused user tags with read permissions to not be listed has
    been addressed.
  • An issue which caused blocks on all other user actions under certain
    circumstances has been addressed.
  • When a slave is unavailable get_system_reports will return a more specific
    error message.
  • A schedule timeout has been introduced.
  • Several issues which caused an internal error setting a report filter have
    been addressed.
  • An issue which caused a race condition when accessing manager socket too
    quickly has been addressed.
  • An issue which caused users not to be able to run tasks under certain
    circumstances has been addressed.
  • Result filtering of port summary in reports has been addressed.
  • An issue with delete commands returning wrong reasons for failures like
    wrong UUIDs or resources being predefined has been addressed.
  • An issue which caused sort-reverse filter to break delta reports has been
    addressed.
  • Several other performance improvements has been done.
  • An issue which caused errors when an invalid filt_id is given has been
    addressed.
  • An issue which caused users to not be able to access the vulnerability
    details in reports has been addressed.
  • Message text for mail alerts has been improved.
  • Wrong font in PDF report has been addressed.
  • The enable option Log whole attack has been removed from scan config.
  • An issue which caused a segfault in the PostgreSQL next_time function
    under certain circumstances has been addressed.
  • An issue with time calculations of schedules has been addressed.
  • An issue which caused permission problem because of deleted users has been
    addressed.
  • New alert method Tipping Point SMS has been added.
  • Details to --max-ips-per-target error message have been added.
  • An issue which would cause an error in a fresh DB under certain circumstances
    has been addressed.
  • An issue which caused a started task to hang in Requested status has been
    addressed.
  • An issue which caused overwriting of credentials under certain circumstances
    has been addressed.
  • Credentials which can not be created on slave are now ignored to avoid scans
    getting stuck in the requested status because of bad credentials.
  • An issue with creating SQL functions in a new PostgreSQL database has
    been addressed.
Assets 6
Loading

OpenVAS Manager v6.0.12

27 Mar 10:23
@jjnicola jjnicola
v6.0.12
8e031e9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
OpenVAS Manager v6.0.12

For detailed code changes, please visit
https://github.com/greenbone/gvm/commits/openvas-manager-6.0
or get the entire source code repository and view log history:
$ git clone https://github.com/greenbone/gvm.git
$ cd gvm && git checkout openvas-manager-6.0 && git log

This is the twelfth maintenance release of the openvas-manager 6.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).

This release addresses permission issues and contains performance improvements.
It also addresses an issue which cause to GSA to partly crash. Please see below
for a comprehensive list of changes.

Many thanks to everyone who contributed to this release:
Matthew Mundell, Timo Pollmeier and Michael Wiegand.

Main changes compared to 6.0.11:

  • An issue which impacted on the performance of rebuilding reports cache on
    override and permission changes has been addressed.
  • An issue which caused an internal error when editing specific options and
    saving override has been addressed.
  • An issue which impacted on the performance when deleting overrides has been
    addressed.
  • An issue which caused a deadlock in case of running too many task at once
    has been addressed.
  • An issue which caused to not be possible for Superadmin to move a report
    format to trash has been addressed.
  • An issue which caused that dropdownlists in scanconfig edit dialog were gone
    has been addressed.
  • An issue which caused that orphaned permissions could not be deleted has been
    addressed.
  • An issue which caused GSA to partly crash when using special characters on
    target has been addressed.
  • An issue which caused scheduled task to be triggered several times has been
    addressed.
Assets 6
Loading