CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

20.4 (unreleased)

Added

• Add setting "BPM Dashboard Configuration" #764
• Faster SecInfo REF retrieval for GET_REPORTS #793
• Improve performance of GET_REPORTS #801 #811 #817
• Speed up the HELP 'brief' case #807
• Faster startup #826
• Add option --optimize migrate-relay-sensors #827
• Add host_id filter for tls_certificates #835
• Allow use of public key auth in SCP alert #845
• Refuse to import config with missing NVT preference ID #853 #860
• Add "Base" scan config #862
• Add setting "BPM Data" #915
• Automatically load predefined configs from the feed #931 #933 #934
• Automatically load predefined port lists from the feed #950 #952
• Automatically load predefined report formats from the feed #968 #970

Changed

• Update SCAP and CERT feed info in sync scripts #810
• Extend command line options for managing scanners #815
• Try authentication when verifying GMP scanners #837
• Try importing private keys with libssh if GnuTLS fails #841
• Extend GMP API for nvt object to carry a explicit solution element #849
• Allow resuming OSPd-based OpenVAS tasks #869
• Require PostgreSQL 9.6 as a minimum #872
• Speed up the SCAP sync #875 #877 #879 #881 #883 #887 #889 #890 #891 #901
• Change rows of built-in default filters to -2 (use "Rows Per Page" setting) #896
• Force NVT update in migrate_219_to_220 #895
• Use temp tables to speed up migrate_213_to_214 #911
• Allow "Start Task" alert method for SecInfo events #960

Fixed

• Add NULL check in nvts_feed_version_epoch #768
• Faster counting in GET_REPORTS when ignoring pagination #795
• Improve performance of GET_REPORTS #797
• Consider results_trash when deleting users #800
• Update to gvm-portnames-update to use new nomenclature #802
• Escaping correctly the percent sign in sql statements #818
• Try to get NVT preferences by id in create_config #821
• Remove incorrect duplicates from config preference migrator #830
• Update config preferences after updating NVTs #832
• Fix order of fingerprints in get_tls_certificates #833
• Fix notes XML for lean reports #836
• Fix asset host details insertion SQL #839
• MODIFY_USER saves comment when COMMENT is empty #838
• Prevent HOSTS_ORDERING from being '(null)' #859
• Fix result diff generation to ignore white space in delta reports #861
• Fix resource type checks for permissions #863
• Fix result_nvt for new OSP and slave results #865
• Fix preference ID in "Host Discovery" config #867
• Fix SQL for tickets with overrides #871
• Fix result_nvt for new OSP and slave results #873
• Use right format specifier for merge_ovaldef version #874
• Fix creation of "Super" permissions #892
• Add tags used for result NVTs to update_nvti_cache #916
• Apply usage_type of tasks in get_aggregates (9.0) #912
• Add target's alive test method before starting a scan. #947
• Set run status only after getting OSP-OpenVAS scan #948 #951
• Fix get_system_reports for GMP scanners #949
• Fix QoD handling in nvti cache and test_alert #954
• Use stop_osp_task for SCANNER_TYPE_OSP_SENSOR #955
• Add target's reverse_lookup_* options #959
• Fix "Start Task" alerts by using alert owner #957
• Fix Verinice ISM report format and update version #962
• Always use details testing alerts with a report #964
• Remove extra XML declaration in Anonymous XML #965
• Fix SecInfo alert filter conditions #971

Removed

• Remove support for "All SecInfo": removal of "allinfo" for type in get_info #790
• Removed tag_value() by using nvti_get_tag() #825
• Remove support for "MODIFY_REPORT" GMP command #823
• Remove 1.3.6.1.4.1.25623.1.0.90011 from Discovery config (9.0) #847
• Removed migration tool "gvm-migrate-to-postgres" including the man page #905
• Remove agents #922
• Remove GMP COMMANDS #923

9.0.0 (2019-10-11)

Added

• Added TLS certificates as a new resource type #585 #663 #673 #674 #689 #695 #703 #728 #732 #750 #752 #775 #796
• Update NVTs via OSP #392 #609 #626 #753 #766
• Handle addition of ID to NVT preferences. #413 #744
• Add setting 'OMP Slave Check Period' #491
• Document switching between releases when using PostgreSQL. #563
• Cgreen based unit tests for gvmd has been added. #579
• New usage_type property to distinguish normal scan tasks and configs from compliance audits and policies #613 #625 #633
• Command cleanup-report-formats for --optimize option #652
• Enable SecInfo alert checks #670
• Add an explicit solution column to NVTs #681 #702 #730
• Document container tasks in GMP doc #688
• Add explicit columns for the NVT tags "summary", "insight", "detection", "impact" and "affected" #719 #746
• Add lean option to GET_REPORTS #745
• Add scanner relays and OSP sensor scanner type #756 #759
• Add setting "BPM Data" #914

Changed

• Always convert iCalendar strings to use UTC. #778
• Check if NVT preferences exist before inserting. #406
• Raise minimum version for SQL functions. #420
• Run OpenVAS scans via OSP instead of OTP. #422 #584 #623 #636 #704 #729
• Request nvti_cache update only at very end of NVT update. #426
• Consolidate NVT references into unified "refs" element. #427 #739
• Update gvm-libs version requirements to v11.0. #480
• Adjust to use new API for vt references. #526
• Expect NVT sync script in bin directory. #546
• Change internal handling of NVT XML to use nvti_t. #562
• Change NVT references like CVEs and BID to general vt_refs. #570 #574 #582
• Update SQLite to PostgreSQL migration script and documentation. #581 #601 #604 #605
• Update result diff generation at delta reports #650
• Check and create default permissions individually #671
• Add -f arg to sendmail call in email alert #676 #678
• Change get_tickets to use the status text for filtering. #697
• Made checks to prevent duplicate user names stricter. #708 #722
• Send delete command to ospd after stopping the task. #710
• Check whether hosts are alive and have results when adding them in slave scans. #717 #726 #731 #736
• Use explicit nvti timestamps #725
• New columns Ports, Apps, Distance, and Auth in the CSV Hosts report format #733
• The details attribute of GET_REPORTS now defaults to 0 #747
• Incoming VT timestamps via OSP are now assumed to be seconds since epoch #754
• Accelerate NVT feed update #757

Fixed

• A PostgreSQL statement order issue #611 has been addressed #642
• Fix iCalendar recurrence and timezone handling #654
• Fix issues with some scheduled tasks by using iCalendar more instead of old period fields #656
• Fix an issue in getting the reports from GMP scanners #659 #665
• Fix GET_SYSTEM_REPORTS using slave_id #668
• Fix RAW_DATA when calling GET_INFO with type NVT without attributes name or info_id #682
• Fix ORPHAN calculations in GET_TICKETS #684 #692
• Fix assignment of orphaned tickets to the current user #685
• Fix response from GET_VULNS when given vuln_id does not exists #696
• Make bulk tagging with a filter work if the resources are already tagged #711
• Check if the scan finished before deleting it and ensure that the task is set to done #714
• Fix columnless search phrase filter keywords with quotes #715
• Fix issues importing results or getting them from slaves if they contain "%s" #723
• Fix sorting by numeric filter columns #751
• Fix array index error when modifying roles and groups #762
• Add NULL check in nvts_feed_version_epoch #768
• Make get_settings return only one setting when setting_id is given #780
• Fix percent sign escaping in report_port_count #783
• If the nvt preference is "file" type, encode it into Base64 format #784

Removed

• The handling of NVT updates via OTP has been removed. #575
• Bid and xref have been removed from table nvts. #582
• Database migration from revisions before 185 has been removed. #411 #622
• Drop SQLite support #610 #612 #614
• Remove create report task creation #616
• Remove --backup command line option #615
• Remove GET_REPORTS type "assets" #617 #620
• Remove errors for unknown elements #619
• Remove unused reports column nbefile #675
• Eliminate get_tag() and parse_tags() #743
• Remove helper functions and other code for handling OTP #705 #709 #713 #735 #748 #749
• Remove stray prototype nvt_iterator_copyright #721

8.0.1 (2019-07-17)

Added

• Special characters in credential login names are allowed. #475
• Add type filter column to GET_CONFIGS. #486
• Filter settings for groups, scanners, tickets, users and vulnerabilities have been added. #497
• Multiple certificate formats for S/MIME are allowed. #551

Changed

• Functions config_in_use, trash_config_in_use and port_list_in_use returned a count instead of the expected 1 or 0. #460
• The cache is rebuild for each chunk in CREATE_REPORT. #469
• Hosts without HOST_START are added in CREATE_REPORT. #479
• Use host details for login failure in ticket check. #483
• In create_target() and modify_target() exclude_hosts is cleaned up to be in a consistent format like the included hosts are. #488.
• Check that roles exist earlier. #493
• Anonymize more IPs and hostnames in Anonymous XML. #496 #535
• Ensure that authentication always works for Start Task alerts. #515
• Get content type when emailing an attached report. #517
• Allow vuln_iterator_opts_from_filter filter to be NULL. #527
• Wrap PostgreSQL exclusive table lock in function to prevent error messages in the PostgreSQL log if the lock is not available. #542
• Trim whole report when resuming slave scans #549
• Documentation has been improved. #569 #567 #588
• Update command line options in gvmd man page #565
• Clean special option keywords in filters. #571 #578 #576
• If the schedule of a task is available, GET_TASKS will always return the long schedule XML, not just if only the schedules are requested. #500
• References to OpenVAS have been replaced with GSM #529
• Buffer inserts when adding results from a slave #641

Fixed

• Checks on 'type' in GET_FEEDS has been fixed. #462
• An issue which caused a race condition using the WHERE NOT EXISTS SQL has been addressed. #472
• A missing argument in check_tickets is added. #477
• Add missing filter case to result_count. #548
• Fix create_report cache update at end of results. #490
• Fix permission checks for trash reports #503
• Fix MODIFY_TAG and CREATE_TAG responses. #520
• Fix MODIFY_TAG for all types when given a filter. #523
• Fix email field validation in create_alert and modify_alert. #534 #545
• Fix --slave-commit-size option. #555
• Fix TippingPoint error handling [#592] (greenbone#592)
• Apply ignore_pagination in delta reports #597
• Fix getting single unowned resources #607
• Fix the "Host Authentications" section in PDF / LaTeX reports. #640

Removed

• Remove -m SMB3 for smbclient in SMB alert, which allows changing the maximum protocol version via the smbclient config instead of forcing a particular one in the alert script. #505
• Remove "slave" from valid_db_resource_type. #558

8.0.0 (2019-04-05)

Added

• The new alert method "Alemba vFire" has been added.
• The file extension from the report format will now be added by SMB alerts.
• Handling of SSH private keys has been improved, allowing use of EC keys.
• The --modify-scanner option now also accepts UNIX sockets.
• Support for report content composition has been added.
• Remediation support has been added (GMP CREATE_TICKET, GET_TICKETS, etc).
• The --slave-commit-size option has been added, which can help prevent large updates from GMP scanners blocking the database for a long time.
• Settings "Hosts Filter" and "Operating Systems Filter" have been added.
• Performance of GET_REPORTS retrieving the results has been improved.
• A section about deprecated GMP elements has been added to the documentation.
• The Sourcefire alert now accepts a password credential for PKCS12 decryption.
• A new password-only credential type has been added
• Handling of failed/successful SNMP Authentication has been added to the HTML, LaTeX and PDF report formats.

Changed

• GMP CREATE_ASSET, its GMP doc and usage by GSA are now more consistent.
• The file path of SMB alerts can now be set to a directory, using the default report filename from the user's settings.
• The tag "smb-alert:file_path" on tasks will override the file path of SMB alerts.
• CREATE_TASK now requires a name.
• TEST_ALERT now also works if NVTs are missing.
• LSC errors are now logged as warnings.
• Missing data in credentials no longer prevents slave tasks from starting. Instead the scan will start without the credential.
• The GET_TASKS command now only returns the progress of individual hosts when details are requested.
• The predefined "Discovery", "Host Discovery" and "System Discovery" now mark unreachable hosts as dead.
• Users will automatically get read permission for themselves.
• Updates of the NVTs will now ignore duplicate preferences instead of failing.
• GET_REPORTS will only return Tags of results if requested with the new result_tags attribute.
• Targets now use TCP-SYN without TCP-ACK when pinging hosts when configured to do so.
• The source code and GMP documentation have been cleaned up.

Fixed

• An issue with deleting users has been fixed.
• An issue with GET_FEEDS returning the wrong feed types has been addressed.
• Various other code cleanups and improvements.
• Issues with the predefined report formats not handling hosts and hostnames correctly have been addressed.
• An issue with incomplete NVT info after feed updates has been addressed.
• MODIFY_SETTING now checks if text values can be decoded to valid UTF-8.
• An issue with alert emails missing a line break has been addressed.
• An issue preventing "Start Task" alerts from running has been fixed.

Removed

• The option --optimize remove-open-port-results has been removed.
• The compile-time LOG option has been removed.
• Report format special case has been removed from send_get_common #456