Greenbone OS: Current
Releases under development are listed here: Roadmap.
Releases beyond status End-of-Life are listed here: Old Releases.
Please read in our TechDoc portal about how to execute a upgrade and what to consider for this.
2015-01-26: Greenbone OS 3.1
Latest patch level: 3.1.32 (2016-08-13)
The items marked with (*) will change the default behaviour.
New: Dynamic charts "bar-chart", "donut" "lines" and "bubbles" for SecInfo Management of the web interface. For each object types, two chart types can be selected. Each chart can be detached into a window of its own, the underlying data can be exported in CSV format or opened as HTML table, the SVG representation can be opened in the browser or be exported.
New: Dashboard overview for SecInfo Management of the web interface. It consists of 4 charts which can each be individually selected by type and combined with a powerfilter. The configuration is persistent for each user.
New: Dynamic diagrams for tasks analog to SecInfo Management.
New section "Results" under menu "Scan Management". This section offers a object management for all of the scan results in the database a user has permission for. In other words, searching and filtering for results is now possible independent of a scan report.
New: SecInfo object type "CERT-Bund" which are the advisories published by the German federal CERT.
New: Attribute "Solution Type" for NVTs and results.
New: Bulk actions for example to remove or download many objects within a single action.
New: Configuration type "Scanner" allows to configure additional scanners of type OpenVAS (the default and pre-configured one) or OSP-based scanners. OSP stands for OpenVAS Scanner Protocol which can be used to wrap up arbitrary scanners with a generic interface to be handled generically for the vulnerability management.
The task management is extended with scanner-type dependent alternatives.
These features prepare the integration of OSP scanners. Any default settings and behaviour remains like in the previous Greenbone OS release. OSP is entirely optional.
New: Option for anonymous guest access. Apart from the new role "Guest" which is similar to role "Info" allowing access only to the SecInfo section, there is now the opportunity in gos-admin-menu to enable access for guests. This makes it also possible to use static URLs to link into certain views in the SecInfo section.
New: Role "Monitor" that allows access to the performance data of the GSM.
New: Role "Super Admin" that allows access to all objects of all users.
New: Permissions "Super" that for example allows to create Group Administrators.
New: The filenames for Downloads can now be configured via "My Settings".
New: Wizard for modifying a task.
GXR/GSR: These report format plugins were re-worked. Especially GSR was changed to have less pages for the same content and to get created faster.
Tasks: The dialog for setting permissions is re-worked.
Timezones: The configuration of timezones was changed so that now there is offered a drop down list of available timezones instead of a entry field for specifying the timezone in text form.
(*) Users are now allowed to have multiple simultaneous sessions, as long as the sessions are on different browsers. Up to GOS 3.0, a second session always invalidated the previous one regardless of which browser is used.
For any web interface page, the duration of the backend operation will be shown at the bottom.
(*) Credentials: The public key of SSH credentials is not required anymore because it is extracted from the private key.
Credentials/Targets: Credentials for ESXi target systems can now be configured directly with the Target object instead of in the Scan Configuration object.
New: Statistics module at OMP level represented by the command "GET_AGGREGATES" which is also the foundation for charts.
(*) When a task is requested to stop, the scanner will now be advised to switch immediately into the final phase of scanning. With GOS 3.0 the scanner immediately stopped activity and did not return so far collected host details. With GOS 3.1 this is now transferred to the database.
New internal inter-process communication of scanner.
Memory consumption of scanners reduced by 50%.
(*) Dropped support for pausing of tasks (OMP).
(*) Dropped support of outdated "openvasrc" Format (OMP).
Patch-Level GOS 3.1:
Critical Bugfix: Unfortunately version 3.1.31 has a critical problem for the sensor management. Sensors at version 3.1.31 can not be updated anymore by their master, neither NVT Feed updates nor GOS version updates.
If you upgraded from version 3.1.30 or prior to version 3.1.32, then there are no problems. But once a Master was updated to 3.1.31, the problem exists for all its sensors that were automatically updated to 3.1.31.
In case being affected by this poblem, it is unfortunately mandatory to apply a manual change on the sensors. The Greenbone Support has prepared a recipe for this manual change. We apologize for this inconvenience (#62030).
Web-Interface and OMP:
Extension: Automatic deletion of old reports. For tasks there is now a new setting that allows to specify a maximum number of reports stored for this task. If a further report is added, the oldest report gets automatically deleted. This makes it possible to for example to keep the latest 10 reports of a daily executed task. By default this is unset (#38210).
Improvement: If a scan via a scan slave fails due to a wrong password or wrong username for the slave, there will now be a respective note in a error message of the report (#59154).
Extension: The new alert method "SCP" allows to transfer a scan report in XML format via the SCP protocol. This is for example supported by some SIEM systems (#53932).
Extension: The alert method "SNMP" was separated from the method "SysLog" now forming a method of its own. It is not necessary anymore to additionally configure the SNMP trap received via GOS-Admin-Menu (#58742).
Extension: "Default Severity" was added under "My Settings". This is the pre-defined severity to be used for NVTs that do not offer a severity. This can only happen if CVE-based OSP scanners are used and the CVEs do not have yet a CVSS assigned. Default is the conservative maximum of 10.0 (#49729).
Extension: It is now possible to attach a GXR and/or GSR to the Verinice ISM Report Format Plugin (#41074, #60444, #54603, #2015111910000013).
Minor extension: The powerfilter for permisions was extended with keyword "orphan". With "orphan=1" orphaned permissions can be filtered. It is those permissions where the referring resource does not exist anymore (#55906, #2016010410000022).
GXR/GSR: The topology graph is created only for a maximum of 50 hosts (#56108, #2016011810000014).
Minor improvement: It is now allowed to use character "@" in the comment and value of tags (#57395).
Bugfix: If user names contained special characters, it was not possible to add them to groups or roles (#58879).
Bugfix: When importing special scan configurations it was possible that errors prevented the import (#59629).
Bugfix: Under certain conditions it was possible that a task executed via a scan slave hung in status "Stop Requested" (#59726, #2016050310000017, #2016052310000024).
Bugfix: Cloned pre-define report formats are now automatically trusted since only the gneral description can be changed and not the internal logic (#56990).
Bugfix: A formatting problem for special NVT descriptions was solved for the GSR PDF report format (#56150, #2016012010000037).
Bugfix: In very special cases it was not possible to positively verify a imported Report Format Plugin (#59287, #59756).
Bugfix: For delta reports some unneeded entries were created under certain conditions (#56952, #2016020910000011).
Bugfix: When creating for example GSR PDF reports directly in the web interface, the filter settings about hosts were not considered although this was considered in the GUI (#57256, #2016022910000055).
Bugfix: In the port list overview UUIDs were shown for targets using the port lists but which were not readable for the current user. The cross references did not work as a matter of fact. Now such UUIDs are not shown anymore (#58885).
Minor corrections of the OMP Documentation (#56666).
Layout improvements for host table in report results browser: The column content is now better wrapped (#55406).
Bugfix: Special manual changes to HTTP request now result immediatly in an empty page and not cause anymore a delay (#57986).
Additional icons for operating systems were added (#57183).
Bugfix: When using the auto-refresh a error message could occur when creating a multiple permission (#56795).
Minor improvement: The titles for the filtering rules in the report results browser were changed to prevent misunderstanding about what exactly is the view about (#39535, #2014072410000121).
Minor improvement: The "once" status of a task is now also visible in the tooltip (#48265, #2015040910000028).
Bugfix: The edit-dialog for user account did not set the LDAP flag automatically if the user was managed via LDAP (#56469, #2016012610000017).
Improvement: Under high load of web interface (many concurrent users) it could happen that a new connection was denied. The limit of concurrent connections has been increased now (#58167, #2016040710000039).
The menu for SNMP trap configuration was removed. It is now availble via the web interface (#58743, #58745).
The cipher configuration of the SSH service was moved to a higher security level (#58450).
Improvement of internal logging: UUIDs of resources are now accompanied with the resource name and any "Internal Error" is not explicitely detailed (#58005, #58721, #59683).
Extension: For an in-depth analysis of a GSM in cooperation with the Greenbone Support there is now an option in the GOS-Admin-Menu to create a encrypted package with all relevant system data (#44900, #60301).
Extension: Internal clean-up method for resetting a scan sensor (#28277).
Improvement: The internal journal sizes of the database are limited now (#57888).
Bugfix: During a Factory Reset possibly (depending on the GSM model) an error occured. This was only in very rare cases and it was possible to circumvent it. This is now fixed in general (#60488, #55414).
Improvement: The OpenVAS Scanner was made more robust handling timouts. If a port was detected as open but later on it times out, a multiple retry strategy is applied (#48537).
Improvement: If SMBv1 is disabled n the target system and SMBv2 enabled, the scanner can achieve some more results during a authenticated scan. However, the detection capabilities very much depend on the presence of a running remote registry service (#50757, #2015071510000029).
Bugfix: Under extreme high load scan tasks could hang on a scan sensor. In combination with a limited schedule tasks could remain in status "Stop Requested" until next reboot. Measures are taken to prevent such so-called "scan zombies" (#56688, #2016020310000022).
Bugfix: Under certain conditions SSH scans could hang for a while. If the scanner has trouble with the remote ssh service, it terminates earlier now (#54059).
Improvement: When scanning SNMP services too many unneeded internal log information were created in case of missing MIBs (#59857).
Web-Interface and OMP:
Bugfix: For scheduled scans with limited duration and in master-slave operation it could happen that the scan task was stopped on the master but not on the slave. When resuming a task a new scan was started instead of finishing the stopped one (#59433, #59431).
Bugfix: Frequent stop and start of a task in short intervals could lead to a task that stay in status "Stop Requested". A blocking scanner was responsible for this situation (#59642).
Bugfix: The action to resume a task while concurrently using a page refresh could lead to loosing the session ticket (#58356).
Bugfix: By using some special UTF-8 characters for filters it was possible to loose the session ticket (#57961).
Update of an internal CA certificate with a new expiration date. This update is mandatory for proper operation of the vulnerability scanning and management. It is especially urgent for GSM ONE where the update needs to happen during April 2016 (#57946).
For authenticated scans via SSH it is now possible to use ECDSA keys (#57091, #29613).
Web-Interface and OMP:
Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#50862, #54971).
For various situations there is no blocking of actions anymore. A user can act in parallel to background processes like SCAP update. At the same time the CPU load is lowered (#44104, #56004, #56127).
Bugfix for the trashcan. It was possible that when emptying the trashcan also other resources were deleted (#55296).
Extended options for the condition of alerts: It is now possible to use the number of matches of a powerfilter as criterion (#45430, #2015010710000019).
Bugfix: Some graphs of Extras/Performance were not correctly displayed for the GSM ONE and for GSM 500/510/550 (#55648, #2014050510000017, #54799).
The Report Format Plugin "Verinice ISM" was prepared for a generalization (#43295).
Only GSM 100: Bugfix of the task scheduling. Not all of the scheduled tasks were always properly started (#55259, #56466, #2016012510000028).
The regular expressions for user inputs where checked and where possible narrowed down. This helps to identify invalid user input earlier (#55933).
Minor improvement: The icons for deleting notes and overrides are now only available if the user has no permission to execute this action (#55384).
Bugfix: When using auto-refresh it was possible to get an error message after creating a permission for a task. The task or permission as such was not affected, it was just a wrong error message (#55298).
Bugfix: When using IPv6 the redirection from http to https did not work properly for all of the possible IPv6 addresses (#54839).
New: For the backup of user data the new method SFTP accompanies the methods USB and SCP (#51195, #2015072310000013).
Minor improvement for the TLS cipher support for OMP/HTTPS regarding the settings SECURE and NORMAL (#55940).
The range of accepted characters for proxy credentials was extended (#49453, #2015052710000055).
In GOS-Admin-Menu some passwords where shown in clear text. This was now changed so that GOS-Admin-Menu shows no passwords in clear text at all (#56599, #2016020110000035).
An option to delete source code was added to GOS-Admin-Menu. This can be use in case source codes were installed manually (#54020).
Minor improvement for upgrades: The new version number was shown too early in the process of the upgrade (#47727).
In order to prepare the upcoming feature of support packages, the PGP key of the Greenbone Support was integrated. This will allow in future releases to encrypt data when sending to the support team (#56126).
An updated base library for the SSH protocol improves the detection abilities of the scanner and also extends the support for SSH credentials used for authenticated scans (#52479).
Improved robustness of the scanner against incomplete NVT meta data (#55264).
Bugfix regarding SSH connections: When doing massive scans a slow-down or connection loss could happen (#54661).
GOS Base System:
Security-Bugfix closing a severe vulnerability in the general base library "glibc". It is recommended to reboot the system after the upgrade completed (CVE-2015-7547).
Security-Bugfix closing a DoS attack vector. It was possible to invalidate web session tickets of other users. Neither integrity nor availability of OMP or SSH is affected (#56541, GBSA-2016-02).
Minor security bugfix that closes a open redirect which was present only with enabled guest mode (#55720).
Security-Bugfix solving a cross site scripting vulnerability. To exploit the vulnerability a valid session token is required. In case the guest account is activated, the general guest token can be used. However, the guest user account owns no write permissions for the GSM (#55720, GBSA-2016-01).
Web-Interface and OMP:
Performance improvements: The performance for tasks, reports and results was optimized for various use cases (#51923).
New alert method "Send to host": This method allows to send scan results in various formats to a configurable address as a simple TCP upload. Such upload opportunities are offered by several SIEM systems (#53931, #54296).
Bugfix for verinice ISM report plugin: It is now possible to attach a HTML report optionally (#54602, #2015111810000015).
Change for verinice ISM report plugin: The tag "Verinice Source ID" is now used instead of the previous work around based on the comment of a task (#54687).
New remote authentication method for GSM users via radius (#54696, #54060).
Changed: The "Once" checkbox for scheduled tasks now stays active after the scan was started. Before, it was deactivated but this added extra work for typical use cases (#48228, #2015040710000013).
Improvement: If no results were obtained during a scan, the user now gets some hints about potential reasons why the scan report could be empty (#51462).
Bugfix for overrides and CSV export: The overrides are now also applied for CSV exports (#52768, #2015092110000041).
Improvement for slave scans: a reboot of the master GSM does not anymore stop the slave scans. Now the slave scans can be resumed properly (#45074, #45073).
Improvement for the vulnerability view in the report browser: Notes and overrides are now also displayed (#52187, #2015090110000024).
Bugfix for overrides: The edit dialog was missing an explicit selection button for "yes" for the "active" setting (#52996).
Improvement for OSP scan configurations: Better defaults for selection lists (#52572, #52376).
Bugfix for counter of NVT Families in scan configurations: In some cases the number of NVTs was not shown correctly in the overview. The details view, however was correct (#53645, #2015091010000043).
Bugfix for deleting of ESXI credentials from trashcan: It was possible to ultimately delete a credential that was actually still in use (#54332).
Bugfix for scheduled scans with limited duration: After reaching the limit the task is now set to "Stopped" without any error notice (#53049, #2015093010000041).
Bugfix for importing OSP scan configurations (#53088, #2015100210000083).
Bugfix for LSC installer for Windows: Temporary files created during the installation are now removed immediately after the installation (#53680, #2015102210000036).
Bugfix for the performance charts: If data are no available, instead of showing an empty graph, now the graph is dropped. Several graphs are fixed and now use the correct data source (#22336, #22856, #36565).
Bugfix for prognosis reports: The format NBE is now also supported (#52897).
Minor bugfix that avoids an internal log message on slave GSMS in case scanning happens without credentials (#54526).
Minor improvement: For a guest access the page selection persists when the session ticket expires and a direct re-login is requested (#52165).
Minor bugfix: In some cases links to objects in the trashcan were non-functional (#54336).
Session tokens are now combined with the IP address of the browser. If a session token is used from a different system than it was issued for, it will not be accepted (#52008).
Minor improvement for the case a login user name is tried for logging in that contains invalid characters: In the past, a error dialog was raised. Now simply the login dialog returns and asks for a new try (#20082).
Bugfix: Missing icon for solution type "Mitigation" (#52596).
Minor bugfix: Enabling the bulk action, some icons remained visible, but without functionality. These are not visible anymore (#54335).
Failed logins are now logged by default, including the source address (#51158, #51927).
Internal improvement: Some unneeded files that remained after an upgrade from GOS 3.0 are now deleted. These were just system files, no user data (#54019).
Minor improvement: When entering a proxy credential, a additional hint on the syntax for ADS environments is provided for convenience (#53684).
Bugfix: The Airgap menu of gos-admin now correctly reflects all of the airgap combinations (#54058, #51272).
OSP scanners report about the host alive status properly (#51924).
Bugfix for resolving hostnames in pure IPv6 environments (#54216).
Bugfix: For some OSP scans the target CIDR notation was not correctly resolved (#52373).
Internal improvement of the OpenVAS scanner regarding data stream block lengths (#53023, #52146).
Improved status message in case of a malfunctioning or unavailable OSP scanner (#52240).
Improved robustness of the central data manager against special load and stress situations (#53834, #53825, #53832, #53646, #2015100710000047).
Web-Interface and OMP:
Minor Bugfix: Subject for email alerts are now prefixed with "GSM" (#53282).
At high load it could happen that more than one feed update is executed in parallel. This could lead to a blocking situation (#53356, #53360, #2015100710000047).
The upgrade starting from a factory reset could lead to error messages in the log during a feed update due to inconsistent data migration (#53358, #2015100610000031).
Bugfix: An issue which could cause the upgrade process to abort under certain circumstances has been addressed (#53089, #2015100210000065).
Improved detection and reporting of inconsistent internal state via gos-admin-menu (#53091).
Improved visibility of upgrade process in system log files (#44607).
Web-Interface and OMP:
Accelerated responses for task overview in case of high scan loads (#50860, #2015070610000037).
New: Extended configuration of email alerts. The title as well as the message body can now be specified individually. Some variables can be used to reference the task and to use text elements. The pre-configure settings reflect the title and content as was so far. So, there is not necessary to immediately change anything (#50859, #50572, #2015070810000042).
GSR Report: Under certain circumstances (triggered by an alert) wrong severity colors and classes could be applied that did not match the actual CVSS (#51820, #50171, #2015081810000058, #2015062310000015).
New: XML representation of tasks now includes the tags attached to the task (#52478).
Bugfix: Credentials shared via permissions were in some cases not accessible for the scan (#50363, #2015070110000028, #2015070810000051).
Bugfix: It could happen that a shared sub-object (for example a port list) was not readable (#51416, #2015080410000039).
Bugfix: Access of super admin via LDAP is not denied anymore (#48824, #2015042710000021).
Bugfix: When using dynamic severity, it could happen that timeout messages were displayed as a regular result instead of as an error (#50324, #2015070110000019).
Minor Bugfix: In scan configurations it could happen that the displayed number of selected NVTs for a family was wrong. The actual selection was handled correctly (#48250).
Bugfix for the export of larger data collections from ca. 100 objects, for example CPE resources (#52174).
New: When creating a new target, now the pre-set target is the source IP address of the user's browser system (#47098, 51639, 51925).
New: When creating a new task, now it is possible to directly specify a tag for the new task (#35488, #2014022510000066).
Bugfix for host restrictions for a user: Ranges that were expressed using the hyphen syntax (from-to) were not accepted (#50915, #2015080710000015).
User names may now contain the dot character (".") (#51136).
Minor Bugfix: The Chinese translation is now identified as "zh_CN" instead of just "zh" (#51112).
Minor change: Die login page now has a CSS of its own (#50915).
New: The "Content-Security-Policy" settings are now used to limit the embedded access from within other sites (#51375).
Accelerated Upgrade: Under certain circumstances a automatic update could take several hours because some internal data optimizations were executed. These are not enforced anymore for each upgrade (#51481, #2015081010000045).
Failed logins for the web interface are now logged by default including the source IP address (#51926).
Minor Bugfix: Applying changes of TLS Cipher is less delayed now (#43785).
Minor Bugfix: Lowered log noise about upgrades (#49956).
Accelerated scans by about 10%. The actual achievements depend on various circumstances and might be even better (#48799).
Improved integration of the web application scanner w3af, now also supporting the seed URL setting (#51266, #51334, #51412, #51283).
Improved integration of the IDS PaloAlto (#52600, #52579).
Improved error handling of OSP scanners (#51335).
Minor Bugfix: When creating a OSP scanner, expired certificates are immediately rejected (#50398).
OSP servers now refuse to launch with a certificate that expired anyway (#50397).
Bugfix: Dynamic severity will not display OSP scanner results as "0.0" anymore (#50738).
New: OSP connector for Fortinet which however is not yet supported for use (#49627, #52104).
OpenVAS Scanner: The option "max_sysload" was removed as a scan configuration option, because it is a system wide setting, not a scan-specific one (#51263).
Bugfix for OpenVAS Scanner: Improved SSH host key detection (#50588).
Security update for GSM 600 and GSM 650 that resets unconfigured factory settings of the BMC (Baseboard Management Controller) to save values. A reboot after the upgrade is not necessary. Running scans are not affected. An attacker from the same network segment could read device status, turn off the device or enforce its reboot. (#52838, GBSA-2015-01).
Web-Interface and OMP:
Improvement of filtering regarding QoD by extending the use of filter element "min_qod". This helps for a consistent view for default settings (#46117).
Extended powerfilter for results: All results for a task across all reports can be selected for a certain CVE (for example "task_id=69512154-167c-4e12-9351-a778da2d29e9 and cve~2004-2320") (#48539, #2015041010000025).
Bugfix for the powerfilter when searching for parts of an IP address (#49497, #2015052910000015).
Resolved inconsistencies (None vs. Log) when handling PCIDSS severity classes and corrected ranges (#49080, #49075).
GSR PDF reports: Size limitation extended (#49655, #2015040810000021).
GSR/GXR PDF Reports: With more than 100 hosts the topology graph will not be included anymore since details can not be identified anymore anyway. With this, the creation of the larger reports is also accelerated (#49269, #2015051810000018).
Bugfix: QoD for "general_note" is now displayed with 1% and not anymore with the default of 75% (#50325).
Bugfix: The installation routine for automatically created credentials now also works for Windows 2012 R2 and Windows 10 (#47269, #2015030210000033).
Bugfix: Improved error handling for invalid user input for the powerfilter (#49412).
Bugfix: Global users were missing in the selection box for permission dialogs (#49381, #50497, #2015070610000046).
Minor bugfix: Less process overhead for the creation of report documents (#48977).
Improved support for user interface languages. By restructuring the handling it is now easier to add more languages. In this context, German and Chinese was updated and a partial translation for Russian was added (#44479, #50723).
Extended bulk actions: It is now allowed to handle a larger number of objects with a single action, for example to delete a larger number of reports (#50584, #2015070610000028).
Details dialog for tasks: Added the information about the total number of single results related to this task across all reports. This includes a direct link into the results table (#49628).
Improved: New User dialog now does not allow to enter a password in case LDAP is used because it was and is ignored anyway (#49271).
Bugfix for permissions: In some special cases the action icons were greyed out although the actions were allowed (#49583).
Bugfix for the Powerfilter: In some cases the combination of keywords did not establish the right selection, for example the combination of the keywords "task_id" and "cve". (#49675).
Bugfix for the creation of a schedule: The comments was not stored (#49595).
Extended the set of allowed characters for comments by ":" (#49494, #2015052810000026).
User-data backups can now be created even when the database exceeds the size of 4 GByte (#48109).
Extended the set of allowed characters for the SNMPv3 password by "$#?!" (#49312, #2014100110000023).
The SNMP setting are now also available via GOS-Admin-Menu for the GSM 25 (#49448, #2015052710000019).
Bugfix for the import of reports: The detection details were not imported (#49660, #2015060410000033).
Bugfix for the SNMP trap setting (#46321, #50323, #2015013010000029, #2015063010000083).
Bugfix to prevent non-functional internal processes. However, there was no impact on performance (#48109).
Minor bugfix for the scanner for rare special cases (#49593).
The setting "proxy_update" was not used since a very long time and now is finally removed. Instead, the setting "proxy_feed" is used (#49593).
Improved internal error messages in case of database problems (#48876).
Bugfix: Under certain conditions single checks were aborted too early (#48906).
Bugfix: For Linux systems with large package databases (ca. more than 8000 packages) it could happen that the list was truncated and thus not all packages were analyzed (#49727).
OSP: Extended to handle ports as host details and to handle timestamps (#48800, 49584).
New: Beta version of Palo-Alto OSP scanner for selected pilot customers (#48538, #51194, #50912, #50858).
New: Beta version of w3af OSP Scanner for selected pilot customers (#50912, #43436, #49673).
Web-Interface and OMP:
Bugfix: A scheduled start of a task will now only be done for the owner of the task (#50140, #2015020210000026).
Bugfix: A scheduled start of a task will now only be done once per given time window (#50314, #2015063010000065).
Web-Interface and OMP:
Bugfix: When stopping a scan task it could happen that the status of the task hangs at "Stop requested". Only a reboot did set back the status to "Stopped" (#49496, #2015052810000017).
Bugfix: A report creation triggered by an alert could block the database for the duration of the report creation (#49975).
Web-Interface and OMP:
Bugfix: A combination of scans with a configured time window and automatically coupled creation of reports could lead to a blocked database in case the Scan was comprehensive or the time window short (#49861, #2015061110000011).
Web-Interface and OMP:
Permissions: Extended dialog for setting new permissions. It is now possible to create multiple permissions in one step. For example it is now possible when changing a target object, to apply the same permissions automatically to the related port list and credentials.
Concurrently a unified permission dialog for all object types is introduced. It is available on the respective details pages. And it offers a direct link into the permission creation dialog and automatically configures all related objects for it.
In total this increases the comfort for creating, reviewing and modifying permissions.(#46998, #2014120410000032, #44025, #48540, #47336, #2015030510000028, #47359).
QoD: Some inconsistent default filtering (min_qod) is now unified and the current min_qod selection will be kept when entering into a report (#46989, #47891).
Bugfix: The deleting of Report Format Plugins failed under certain conditions (#48961).
Bugfix: Accessing the trashcan failed under certain, rare conditions (#49058, #2015050710000021).
Bugfix: It was possible that by removing an override the severity did not follow the change (#47789).
Passwords for web and OMP users: Now it is also allowed to use whitespace and part of a password (#48712, #2015042210000021).
The Report Format Plugin "Verinice-ITG" is now a pre-configured plugin and it is not required anymore to import it explicitly (#41765).
Bugfix: The name of a NVT and its last tag are now considered for filtering (#48891, #2015041610000023).
Bugfix: The sorting by "Last" report in the task list did not work properly (#48823, #2015042710000011).
Bugfix for slave tasks: In case the sensor or slave was not reachable, it was problematic to stop a started scan as long as the start was still was not established (#48877, #2015040110000024).
Bugfix for the filtering of scan results when searching for a specific IP address. The filter acted a bit fuzzy under certain condition which was now changed to match strictly (#47710, #48890, #2015040210000041).
Bugfix: Filter directives for delta reports were executed properly, but in the new view the filter was lost (#48063).
Bugfix: Individual port lists that were used for a scan via a slave or sensor where not automatically deleted after the scan finished (#47889).
Bugfix about displaying the trust status of Report Format Plugins (#47721, #2015022310000013).
Bugfix for the manual creation of overrides so that now also the port protocol can be specified, for example "80/tcp" (#48715, #2015031810000031).
Bugfix: Under certain conditions it could happen that expanding the results view did not show the actual details in case the results are owned by another user (#47411).
Bugfix: Links from the Asset Management into a report did not filter for the exact IP. The IP was used only as a substring (#48981).
Bugfix: The version info about GSR and GXR did wrongly not show the actual version 3 (#48115).
Bugfix: The counter for notes and overrides in the NVT details dialog showed always 0 (#48247, #2015040810000048).
Minor extensions of the online help texts (#47708, #47858).
Via GOS-Admin it is now possible on a master GSM to advise all connected sensors to create a new self-signed certificate in case their current certificate expired (#48788).
OMP via IPv6: In case OMP is enabled, this protocol can now be accessed also via IPv6 (#13592).
User-Data backups: In GOS-Admin-Menu there is a new function that shows all local user data backups (#47787).
User-Data backups: In GOS-Admin-Menu there is a new function that allows to remove single local user data backups (#44852).
Bugfix for GOS-Admin: For several IP address settings like for NTP or for sensors it was not possible to enter IPv6 addresses (#48523).
Backup Management: The structure in GOS-Admin-Menu was re-organized with a better separation of backup types and backup settings (#44769).
Minor Bugfix for the selfcheck in GOS-Admin-Menu: For GSM models that can not manage sensors, the sensor check is not displayed anymore (#48442).
Bugfix for GOS-Admin-Menu to add a scroll bar for the sensor check results (#47055, #2015022010000019).
Bugfix: By stopping and then resuming a task it could happen that in the overlapping range some results were doubled (#48538, #48974, #2015041710000031).
Bugfix: In some cases the hostname for a scanned IP was missing in the results (#44904).
Bugfix for the scanner which did not reliably executed some tests for some Windows systems. This lead to a lower number of detected vulnerabilities compared to GOS 3.0 (#46115, #48521).
Web-Interface and OMP:
Bugfix for the NVT details: The CVSS vector was missing in GOS 3.1.10. After the next feed update the vectors will be visible again (#48062).
Web-Interface and OMP:
Comprehensive update of the Report Format Plugins GXR and GSR. The representation of is more compact now. Especially the GSR will now get created faster and will have less pages. Apart from that, several new functions are support now like solution type and QoD (#46216).
The Report Format Plugins GXR and GSR now offer a tabular overview about the success of target host authentications (SMB, SSH and ESXi) (#45700, #2015011510000021).
Bugfix for GSR Report Plugin: The text entry about overrides was missing (#47212).
New Report Format Plugin "Anonymous XML": Like XML, but IP addresses get pseudonyms and other potential hints about the origin of the scan are removed as well (#38250).
Comprehensive update of the permissions management regarding visibility of objects by Users, Groups and Roles. Now, several dependencies will be considered by the permissions management (#47310, #2015030410000011).
Bugfix for automatically created Debian credential packages (#46996).
Fully automized update of CERT-Bund now activated (#45364, #47176, #2015022610000062).
Bugfix for the keyword "owner" when used in the powerfilter (#46915).
Bugfix regarding transfer of task properties to scan slaves (#46721).
Change for schedules: A scheduled task was not executed in case no scanner resource was available for 3 minutes after schedule start time. This limit was removed now (#46897).
Bugfix to prevent piling up of lost scanner processes that slow down a GSM over time (#47854).
Bugfix regarding changing the "Host-Alive" method (#47989).
Charts: Tooltips extended with percentages and added tooltips for the legend (#47358).
Bugfix: Overrides were applied in the Report-Browser, but False Positives were not displayed (#47096).
Improved usability of powerfilters: The text entry now contains only specific elements. All others are displayed below, but could be set anytime as well (#45912).
Minor bugfix for Task Details Dialog: The Slave name is not displayed anymore if no slave is used anyway (#46819).
Minor bugfix to correctly handle some very specific HTTP request to the web interface (content-length headers) (#15343).
Improved online help for Scanner Details (#47282).
Added download option for certificates of OSP scanners (#47281, #47283).
SecInfo for NVTs was internally changed to now use the OMP command GET_INFO (#39910).
Minor bugfix: Graphical bug in Charts regarding too many percentage characters (#47357).
Minor bugfix: Graphical bug for IT-Schwachstellenampel regarding URLs (#46969).
Minor Bugfix for status info of OpenVAS Scanner: It was wrongly displayed that the scanner is offline (#47280).
Extended SNMP monitoring parameters and MIB: The MIB for the Greenbone Security Managers as well as the newly supported standard properties are now documented at the Greenbone website about SNMP (#44239, #29960, #2013052810000039).
Internal improvement for self-check after an upgrade to identify incomplete upgrades (#47579).
Internal improvement of management of OSP Ovaldi: Certificate update via GOS-Admin-Menu (#47219).
Minor bugfix of NTP configuration to avoid error messages in the log (#46726, #2015021110000027).
Minor bugfix for CLI Admin: For some unneeded commands (for example nosystemupgrade) there was still an alias entry. These were removed now. (#47264).
For GSM ONE the menu "Advanced Management" is now back in GOS-Admin-menu (#47724).
Improved Boot-Check log (#43682).
Minor bugfix for a problem that produced many log entries (parse_ctime) (#46815).
Internal improvement: For NVTs of the OpenVAS Scanner it is not mandatory anymore to deliver a CVSS Base if they already offer a CVSS Base Vector (#41456).
Improvement of authenticated scans for target systems with specific SSH services and key types (#47304, #47278, #29613).
OSP-ovaldi now also delivers its own CPE as a host detail (#45909).
New Parameter "debug_mode" for all OSP scanners (#45906).
Bugfix for internal GOS upgrade handling (#47513).
Bugfix regarding TLS certificates of the pre-configured scanner. Under certain conditions it could happen that no scans are executed anymore and a manual update of the certificates was necessary. This has now been automated (#47279).
Quality of Detection (QoD): This concept for the reliability of successful detections of vulnerabilities now arrived also in the web interface. New NVTs were already equipped with specific QoD values (between 0% and 100%) for some time. The QoD is now visible for NVTs as well as for the scan results. Of course, it is now possible to use the QoD to filter. The defaults are chosen to match the previous behaviour. This means, the same number of results are filtered which corresponds to a QoD of 70%.
With this new feature, the parameter "paranoid" in the scan configurations is dropped, because now even those tests with a low reliability are always executed. The results are present in the database and can be reviewed if needed. A separate scan for detecting so-called "potential vulnerabilities" is not necessary anymore. (#46396, #38193, #46118).
Extension of the permissions dialog for tasks: When granting permissions to a task, now the same permission is automatically granted for the depending objects like schedules or alerts. (#39459, #2014072210000017).
Reduction of DNS Reverse Lookups of the GSM for NTP servers (#46965, #2015012110000037).
Bugfix for executing scans via slaves: Now the configured port list is applied and not just the default port list (#46632).
Bugfix for the use of SSH keys for SSH credentials (#46474).
Bugfix for the Restore function of the user-data backup on GSM 100 when migrating to GOS 3.1 (#46813, 46835, 46241, 46515).
Bugfix for drop-down dialog elements for timestamp in task wizards (#46125).
Bugfix for scan progress bar: The progress is now reflected more adequately (#18591, #46694, #2015020210000053).
New functions via via gos-admin-menu (section "Advanced") to manage the database (vacuum, analyze) (#41097, #43688).
Bugfix for sensor upgrades, specifically for airgap (#46836).
Bugfix for individual timeout configuration of NVTs when executed via a slave system (#44857, #2014121110000019).
Bugfix for missing transfer of ESXi credentials to slave systems (#46691).
Creating web users with the same name is not allowed anymore (#46214).
Alterable tasks: If all reports are removed, the task does not anymore automatically turn into a regular tasks. It rather remains to be a alterable task (#42226, #2014101310000028).
Extension for creating a new task: It is now possible to assign a schedule and configure to execute the schedule only once. After this schedule is executed, it will automatically be removed from the task (#46184, #2015012610000028).
Tasks with schedules that define only a single execution: After the scan was started, the schedule object is removed from the task object because it won't be ever executed anymore anyway. This means that now any task in the task overview that has a schedule symbol will definitely be executed in the future at least once. (#45943, #46185, #2015012610000046).
Extension of the selfcheck in gos-admin-menu to check availability of internal OMP service (#46397).
Update of an external link inside the Online Help system (#46390, #2015013010000047).
Update of the SSH library of the OpenVAS Scanner so that authenticated scans work even with newest SSH servers (#46542).
Bugfix for sorting the numerical column "IPs" of targets (#39267, #2014071710000018).
Bugfix for Superadmin: Icons for cloning are not greyed anymore (#45888).
Bugfix for Superadmin: Access to notes and overrides is now possible (#45889).
Bugfix for auto-credentials (#45729, #45730).
Improved WMI RSOP support for the OpenVAS Scanner (#40407).
Last release of Beta phase. First release of 3.1.