forked from OpenSCAP/openscap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
371 lines (323 loc) · 12.5 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
openscap-0.9.12 12-09-2013
- tailoring improvements (@id, version, and benchmark ref attributes)
- XCCDF 1.1 tailoring extension
- improved robustness of CPE dictionary parser and exporter
- and added misc CPE 2.3 elements
- added Fedora 20 to internal CPE dictionary
- updated OVAL's results_to_html stylesheet from Mitre Corporation.
- profiles with duplicate selects (same @idref) now export correctly
- test improvements
- bug fixes
- fixed IPv6 export in TestResult/target-address
- consistently inject target-id-ref into TestResult in ARFs
- improved rpmdb manipulation (rhbz#999903)
- solaris build fixes
- spelling of name of default language fixed (oscap_text related)
- fixed CPE names matching (generalization vs. specialization)
openscap-0.9.11 17-07-2013
- bug fixes
openscap-0.9.10 12-07-2013
- bug fixes
openscap-0.9.9 10-07-2013
- --oval-results also exports CPE OVAL results
- added --benchmark-id to select a component-ref by ID of Benchmark it's pointing to
- OVAL variable_instance processing (or so called value multiset) and the processing
of @variable_instance attribute to OVAL Result Definition, OVAL Result Test and
Collected Objects.
- improved test coverage of OVAL variable processing
- introduced new internal data type: oval_smc
- added support for evaluating OVAL definitions against an RPM database, a.k.a. rpm
database offline mode
- bug fixes and dead code removal
openscap-0.9.8 17-06-2013
- added experimental support for offline mode scanning to the OVAL
check engine (i.e. scanning of virtual host disk images)
- improved OVAL variables processing
- bug fixes and dead code removal
openscap-0.9.7 26-04-2013
- bug fixes
openscap-0.9.6 23-04-2013
- new command-line module added as preview: "oscap ds sds-add"
- improved xccdf:fix processing (support of DataStreams and CPE)
- internal selinux policy preview
- added Fedora 19 to default CPE dictionary
- bug fixes
openscap-0.9.5 19-03-2013
- oscap xccdf remediate (new oscap module which introduces offline
remediation; the remediation based on existing xccdf:TestResult file)
- added support for SCE into DataStream (SCE scripts can now be
embedded into the DataStream file similarly as OVAL can)
- improved bash completion and documentation
- bug fixes
openscap-0.9.4 26-02-2013
- high Level API
- improved Text Substitution Processing
- technical Preview of Online Remediation Execution
(the oscap xccdf eval --remediate)
- improved Library Internal Error Reporting.
- the oscap xccd export-oval-variables now support DataStreams.
- improved documentation
- improved schema files.
- tailoring file support
- profile shadowing support
- bug Fixes
openscap-0.9.3 17-12-2012
- Embedded CPE dictionary (allows users to ommit --cpe argument)
- improvements of DataStream and CPE processing on RHEL5
- changed API of various functions in cpe_dict, benchmark and xccdf_policy to use string timestamp instead of time_t
- fixed several issues found by Coverity and cppcheck static code analysis
- bug fixes
openscap-0.9.2 19-11-2012
- rewritten the heuristic for pattern matching on path and filepath
- CPE 2.3 language applicability testing
- new ds_sds_index API providing a datastream overview
- CPEs in source datastreams are automatically registered and used
for XCCDF evaluation
- --cpe option autodetects CPE dictionary and language
- CVE support (validate feed, print CVEs)
- introduced info module
- made "$oscap xccdf generate custom" work again -> man page update
- bug fixes
openscap-0.9.1 22-10-2012
- the http in the check-content-ref/@hrefhref support
- the cpedict support
- obsoleted the oscap_reporter
- send start and finish messages to the syslog
- the XCCDF multi-check evaluation support
- "oscap oval validate-xml" autodetect a document type
- bug fixes
openscap-0.9.0 25-09-2012
- consolidate public headers naming
- do not build untested modules
- improved support of SCAP datastreams
- various fixes in OVAL and XCCDF
openscap-0.8.5 27-08-2012
- added rpmverifypackage probe
- added initial support for source and target datastreams
- added xccdf 1.2 dc-status support
- several probes updated to conform to OVAL 5.10.1
- bug fixes
openscap-0.8.4 07-08-2012
- added OVAL schemas 5.9, 5.10.1
- alloc.h is no more public api
- bug fixes
openscap-0.8.3 30-07-2012
- added XCCDF 1.2 schemas
- changed XCCDF report format
- updated schemas for OVAL 5.10
- added additional OVAL schemas - 5.3, 5.4, 5.5, 5.6, 5.7
- multi version support for XCCDF and OVAL
- a schema version of an imported and exported content is same
- added rpmverifyfile probe
- results are validated only if an OSCAP_FULL_VALIDATION variable is set
- bug fixes
openscap-0.8.2 28-03-2012
- XCCDF check-import support
- XSLT transformation for XCCDF 1.1 to 1.2 migration
- SCE reports now optionally use the new check-import functionality
and don't need separate SCE result files
- bug fixes
openscap-0.8.1 15-02-2012
- introduce Script Check Engine
openscap-0.8.0 11-10-2011
- Added an OVAL Directives schema to allow for a tool
to supply a set of directives to more easily specify
desired results content.
- Enhanced OVAL Results directives to allow for more flexibility
in allowed results content
- added new OVAL objects(all OVAL 5.8 objects are covered now)
- update dpkgprobe
- all issues reported by coverity are fixed
- add capability to export OVAL Variables from XCCDF
- added cvss score calculator from vector
openscap-0.7.4 25-07-2011
- support set operations on Set Objects
- add support for an unbounded filter element in all objects
- fix various datatype changes in object items
- SOLARIS integration(get existing probes working, dist files)
- support new OVAL objects: environmentvariable58, filehash58, selinuxboolean
- extend oscap tool(validate all imports and exports)
- bug fixes (make check in test/mitre)
openscap-0.7.3 24-06-2011
- start migration to OVAL 5.8
- new probes and schemas from OVAL 5.8
- RHEL6 SCAP content is in good shape
- SOLARIS integration(make and make check work)
- use gnulib (better portability)
- add "analyse" mode to oscap tool
- fixes
openscap-0.7.2 13-04-2011
- OVAL 5.7 is supported
- "--skip-valid" option in oscap tool
- bugfixes
openscap-0.7.1 08-03-2011
- improve library selfcheck mechanism
- substitution support in XCCDF
- mostly bug-fixes and cleanups
openscap-0.7.0 10-02-2011
- OVAL 5.6 is supported
- async stop of evaluation by signal
- bugfixes
openscap-0.6.8 31-01-2011
- support more than one state inside OVAL tests
- initial implementation of filepath element
- add 'mask' attribute support
- support PCRE in object-state comparison
- support unstructured 'metadata' elements in OVAL definitions
- interface probe support 'type' entity
- support for new 'behaviors' attributes
- add OVAL schemas version 5.6
- improved XCCDF reporting (include OVAL result items)
- bugfixes and clean ups
openscap-0.6.7 14-01-2011
- new CPE dict. match functionality in oscap
- bugxifes
openscap-0.6.6 09-12-2010
- better atomic functions support check
openscap-0.6.5 01-12-2010
- propagate probe communication errors upwards
- functions for handling OVAL "generator"
- implement oval_probe_session_abort
- RHEL5 related fixes
- libtool versioning
openscap-0.6.4 20-10-2010
- perl regular expression is on by default
- OVAL float type support
- fix non-compliant handling of empty variables in OVAL
- directory traversal algorithm made-over, avoid loops
- add RHEL5 spec file and related fixes
- XSL transformation improvements + Dublin Core support
- fixing XCCDF export functionality
openscap-0.6.3 14-09-2010
- support filters inside objects
- optimizing memory consumption
- proper result for unsupported OVAL objects
- many improvements in XSLT transformations
- supporting OVAL incomplete objects
- fixes in directories traversal (findfiles)
- python API improvements
- Fedora SCAP content improvements
openscap-0.6.2 25-08-2010
- provide draft of fedora14 XCCDF and OVAL content
- XSL transformations for generating report and guidance
- memory optimalizations for file probe
- add probes: sql and xinetd
- new modular design of oscap tool
- OVAL API refactor and clean up
- debug mechanism clean up
- improved python bindings
- many many fixes
openscap-0.6.0 14-07-2010
- finished OVAL variables support
- fixed swig version requirement
- xccdf_policy API tuned up
- simplified reporting mechanism
- provided OVAL and XCCDF schemas in tarball
- improved interface for validation
- added validation and cvss support to oscap tool
- oscap tool fixes
openscap-0.5.12 30-06-2010
- OVAL high level API
- OVAL split system querying and evaluation
- OVAL variables rebind functionality
- XCCDF_POLICY - OVAL integration
- XCCDF_POLICY - scanner implementation
- XCCDF - implementation resolve(),
- XCCDF - fixes in clone()
- XCCDF - fixes and test for export()
- XCCDF - value handling
- probes - documentation
- probes - reset()
- probes - leaks
- bindings - callback interface
- transform oscap-scan to oscap toolkit
openscap-0.5.11 26-05-2010
* leak fixes on side of probes
* variables support almost in all probes
* new probes: environment variable, variable
* semantic validation of variable model
* library selftests for new probes
* xccdf export and clone functions
* xccdf_policy python/perl wrappers
* bugfixes
openscap-0.5.10 07-05-2010
- fixing many many leaks
- variables support in: findfiles and process, password probes
- new probes: textfilecontent
- semantic validation available for: syschar model, result model
- library selftests: two new tests, skiping missing probes
- documentation: better coverege of "common" part
- xccdf_policy: new variables support
openscap-0.5.9 16-04-2010
- built on windows (without probe support)
- better support on RHEL5
- OVAL model validation functionality
- OVAL, XCCDF xml file validation functionality
- update XCDDF model manipulation functions
- introduction of XCCDF_POLICY tailoring interface
- new probes: filemd5, filehash
- removed libnl dependency
- extended and improved library selfcheck
- alternative solution to atomic functions based on mutex
- many many fixes
openscap-0.5.8 24-03-2010
- new s-expr parser
- new probes from unix schema
- file probe optimization
- xccdf test_results implementation
- extended OVAL API
- documentaion update for OVAL + probes
- tuned fedora content
- initscript, cron job, oscap-scan (improved)
- XCCDF_POLICY API specification
- fixes(make distcheck pass)
openscap-0.5.7 21-02-2010
- Debian dpkginfo probe is available now
- RHEL5 support
- new command line tool - OVAL scanner
- Fedora 12 OVAL content available
- documentation is heavy updated (with class diagrams)
- new tests in make check
- minor API changes
- C++ reserved names cleanup
openscap-0.5.6 04-01-2010
- OVAL API has been extended
- OVAL doxygen documentation is available
- migration to new checking mechanism is completed
- new logging and error propagating mechanism
- many many bugfixes + defensive code
openscap-0.5.5 12-11-2009
- many fixes in OVAL
- new system_info probe in OVAL
- CVE is re-implemented
- migration to improved testing mechanism has begun (see CPE)
- bindings are merged into single module called openscap
openscap-0.5.4 23-10-2009
- new CPE model
- evaluation of set objects and system characteristic output
- bindings clean up
- probes tune up, memory leaks fixes
openscap-0.5.3 29-09-2009
- OVAL results part is code complete
- improved memory management of definition and system characteristic model (OVAL)
- improved memory management of S-expressions
- new probe API
- refactoring
openscap-0.5.2 19-08-2009
- new family probe
- simple objects in OVAL content can be processed
- initial implementation of conversion of S-Expressions to System Characteristic
- bugfixes
openscap-0.5.1 03-08-2009
- all code except oval is after refactoring
- populating of system-characteristics model from xml is available
- implementation of probes: rpminfo, runlevel, textfilecontent54,xmlfilecontent is done
- perl and python bindings are up2date
openscap-0.3.2 24-04-2009
- perl bindings are available
openscap-0.3.1 09-04-2009
- python bindings for CPE, CCE, CVE and CVSS
- OVAL can load definitions
openscap-0.1.4 29-03-2009
- first official release
- CPE, CCE, CVE and CVSS are implmented