openvas-manager 1.0.4 (2011-01-19)

This is the fourth maintenance release and the first
security release for the 1.0 series of the Manager
module for the Open Vulnerability Assessment System (OpenVAS).

It fixes a serious security bug and it is highly recommended
to update any installation of OpenVAS Manager 1.0 with this release.
Apart from this, the update introduces a full protocol self-documentation
of OMP 1.0 and fixes inconsistencies regarding PDF/LaTeX reports.

Many thanks to everyone who has contributed to this release:
Matthew Mundell.

Main changes since 1.0.3:
* A security-relevant bug has been fixed regarding email escalation
  methods. Configured OpenVAS users were able to damage installation
  and/or gain higher privileges.
* Full OMP 1.0 documentation now included as "doc/omp.html" and
  "doc/omp.rnc".
* PDF and LaTeX reports were not consistent with other reports.
  The filter procedure was updated to behave identical to other
  report formats, espcially with the report shown in the GSA. 


openvas-manager 1.0.3 (2010-10-29)

This is the third maintenance release for the 1.0 series of the openvas-manager
module for the Open Vulnerability Assessment System (OpenVAS).

It fixes two bugs which caused to manager to fail to reply properly on certain
request and improves the PDF report generation.

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Michael Wiegand.

Main changes since 1.0.2:
* Two bugs which caused the manager to fail to give adequate replies on certain
  report and scan config requests have been fixed.
* A bug which caused PDF reports to be unavailable for reports which contained
  certain unicode character has been fixed.


openvas-manager 1.0.2 (2010-08-17)

This is the second maintenance release for the 1.0 series of the openvas-manager
module for the Open Vulnerability Assessment System (OpenVAS).

It fixes a bug which could cause changes in derived scan configs to affect
predefined scan configs under certain circumstances.

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Michael Wiegand.

Main changes since 1.0.1:
* A bug which could cause changes in derived scan configs to affect predefined
  scan configs under certain circumstances has been fixed.


openvas-manager 1.0.1 (2010-08-06)

This is the first maintenance release for the 1.0 series of the openvas-manager
module for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Michael Wiegand.

Main changes since 1.0.0:
* A fix for incorrect preference values in the database has been adjusted to
  work with GSA 1.0.1 as well.


openvas-manager 1.0.0 (2010-07-29)

This is the 1.0.0 release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

OpenVAS Manager 1.0 represents almost 2 years of intensive work.  The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.

The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command line
technology and will replace the classic OpenVAS Client.

Central features of OpenVAS Manager are:

* New XML-based protocol OMP (OpenVAS Management Protocol) which client tools
  use to control scans, results, etc.

* SQL database where configurations, scan results etc. are stored. Thus, clients
  do not need to keep local storage anymore.

* Full control of scan processes. This includes multiple concurrent scans as
  well as stopping, pausing, resuming and not at least the scheduling of scans.

* Management of scan notes, false positives and result escalators (notification
  on finished scans).

OpenVAS Manager is Free Software (Open Source), licensed under GNU General
Public License Version 2 or any later version.

The first compatible client application to be released will be the web client
GSA (Greenbone Security Assistant), approximately next week.
Beta- and alpha versions of various clients are already available for download.

The OpenVAS development team offers support for any efforts to create binary
packages for the various Linux distributions in order have this new server
readily available for users as soon as possible. Please use our openvas-distro
mailing list for this purpose.

Many thanks to everyone who has contributed to this release since 1.0.0.rc1:
Stephan Kleine, Matthew Mundell, Jan-Oliver Wagner, Michael Wiegand and Felix
Wolfsteller.

Main changes since 1.0.0.rc1:
* A number of build issues has been addressed.
* The code documentation has been updated.
* Code cleanup: Internal error handling has been made more consistent.
* A potential ressource leak identified by static analysis has been fixed.
* A bug which caused NVT preferences to be displayed incorrectly has been
  fixed.


openvas-manager 1.0.0.rc1 (2010-07-15)

This is the first release candidate of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Michael Wiegand and Felix Wolfsteller.

Main changes since 1.0.0-beta7:
* Code cleanup: Internal resource management has been improved to use UUIDs in
  more places.
* Support for agents has been improved.
* Support for external target sources has been added.
* A bug which caused PDF exports to fail if the NVT description contained
  certain characters has been fixed.
* A bug which caused hosts in the scan result to be sorted incorrectly under
  certain circumstances has been fixed.
* Support for defining threat overrides has been added.
* Some OMP commands have been renamed and adjusted to make the protocol more
  concise and useful.
* Support for event logging has been added.
* Support for syslog escalators has been added.
* The documentation has been updated.


openvas-manager 1.0.0-beta7 (2010-05-28)

This is the seventh beta release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

IMPORTANT: Since version 1.0.0-beta6, the manager uses certificate based
authentication to authenticate against an openvas-scanner. Please do read the
INSTALL file provided with openvas-manager and make sure you have
openvas-scanner 3.0.2 or higher before installing this manager version!

Many thanks to everyone who has contributed to this release:
Stephan Kleine, Matthew Mundell, Michael Wiegand and Felix Wolfsteller.

Main changes since 1.0.0-beta6:

* A large amount of code which was present in both openvas-manager and
  openvas-administrator has been moved to openvas-libraries.
* An issue that caused started tasks to remain in the "Requested" stage
  indefinitely has been fixed.
* An issue that caused incorrect values of the scan progress under certain
  conditions has been fixed.
* A new escalator condition has been add: Threat Level Changed.
* Open ports are now included in scan reports even if no vulnerability was
  detected on that port.
* Support for CVSS scores and Risk Factors has been improved.
* Support for excluding host without any results from the report has been added.


openvas-manager 1.0.0-beta6 (2010-04-15)

This is the sixth beta release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

IMPORTANT: The manager now uses certificate based authentication to authenticate
against an openvas-scanner. Please do read the INSTALL file provided with
openvas-manager and make sure you have openvas-scanner 3.0.2 or higher before
installing this manager version!

Many thanks to everyone who has contributed to this release:
Hartmut Goebel, Stephan Kleine, Matthew Mundell, Joseph Sokol-Margolis,
Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller.

Main changes since 1.0.0-beta5:

* A bug which caused incorrect NVT counts in the scan config under certain
  circumstances has been fixed.
* The manager now uses certificate based authentication.
* Support for resuming stopped tasks has been added.
* Support for task scheduling has been added.
* The openvasmd binary will now install into /usr/sbin instead of /usr/bin.


openvas-manager 1.0.0-beta5 (2010-03-04)

This is the fifth beta release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Stephan Kleine, Matthew Mundell and Felix Wolfsteller.

Main changes since 1.0.0-beta4:

* More internal data structures are now identified by UUID and not by
  name.
* Several build issues have been fixed.
* Note management has been introduced.
* Support for handling ITG and CPE reports has been added.
* OTP forwarding is now disabled by default.


openvas-manager 1.0.0-beta4 (2010-02-08)

This is the fourth beta release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Stephan Kleine and Matthew Mundell.

Main changes since 1.0.0-beta3:

* More internal data structures are now identified by UUID and not by
  name.
* A bug which prevented PDF reports to be generated from certain results due to
  unescaped LaTeX characters has been fixed.
* A number of formatting and casting issues found by Stephan Kleine have been
  fixed.
* The man page has been updated.


openvas-manager 1.0.0-beta3 (2010-02-05)

This is the third beta release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS) leading up to the upcoming
openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Felix Wolfsteller.

Main changes since 1.0.0-beta2:

* Nmap is now the default port scanner for predefined configurations.
* The man page has been updated.
* LSC credential management has been improved.
* A number of internal data structures are now identified by UUID and not by
  name.
* The manager now converts all input from the scanner to UTF-8.
* The encoding of the LaTeX report has been switch to UTF-8.
* A bug that caused some settings to be ignored during scan configuration import
  has been fixed.


openvas-manager 1.0.0-beta2 (2010-01-26)

This is the second beta release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS) leading up to the
upcoming openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Felix Wolfsteller.

Main changes since 1.0.0-beta1:

* Deleting of active reports is prevented.
* Introduced ownership for all objects.
  This makes objects (like a "target") not
  appear for other users anymore.
* Improved ISO-8859-1 to UTF-8 conversion hacks.
* Allowed "\" for login names (important for windows)
* Send users host restrictions ("rules") via OTP when
  starting a scan.
* Activated NSIS package generator for credentials management.
* Filter out potentials passwords from logging.
* Introduced UUIDs for users.
* Improved PDF report generator.


openvas-manager 1.0.0-beta1 (2010-01-12)

This is the first beta release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS) leading up to the
upcoming openvas-manager 1.0.

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Felix Wolfsteller and Michael Wiegand.

Main changes since 0.9.8:

* Agent support has been improved.
* Escalation support has been added.
* A bug in PDF generation which could cause the manager to stay in an infinite
  loop under certain conditions has been fixed.
* Support for exporting scan configurations has been added.
* Support for performance monitoring has been added.
* An issue which could cause some preferences not to be sent to the scanner has
  been fixed.
* Initial searching support has been added.


openvas-manager 0.9.8 (2009-12-21)

This is the fourteenth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Jan-Oliver Wagner, Felix Wolfsteller and Michael Wiegand.

Main changes since 0.9.7:

* Database performance has been improved.
* Credential management has been improved.
* Initial agent support has been added.
* Support for cross-referencing in tasks, configs and targets has been added.


openvas-manager 0.9.7 (2009-12-08)

This is the thirteenth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Michael Wiegand and Tim Brown.

Main changes since 0.9.6:

* A bug which caused the number of selected NVTs within a family to be wrongly
  calculated under certain circumstances has been fixed.


openvas-manager 0.9.6 (2009-12-01)

This is the twelfth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Felix Wolfsteller.

Main changes since 0.9.5:

* Support for empty scan config templates has been added.


openvas-manager 0.9.5 (2009-11-30)

This is the eleventh development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Felix Wolfsteller.

Main changes since 0.9.4:

* Server preference handling has been improved.
* The build environment has been made more robust.
* Support for per-NVT timeouts has been added.
* The database upgrade has been made more flexible.
* The library used for UUID generation has been changed to a more widely
  available library.
* Updating of the internal cache has been improved.
* The layout of the PDF reports has been improved.
* An issue with long task start times has been fixed.
* Cache management has been improved.


openvas-manager 0.9.4 (2009-11-23)

This is the tenth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell and Felix Wolfsteller.

Main changes since 0.9.3:

* The layout of the PDF reports has been improved.
* A bug which broke DB migration under certain circumstances has been fixed.
* Support for NVT family retrieval and configuration management has been
  introduced.
* Cache management has been improved.


openvas-manager 0.9.3 (2009-11-09)

This is the ninth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Matthew Mundell, Felix Wolfsteller and Michael Wiegand.

Main changes since 0.9.2:

* Database handling and migration has been improved.
* Code cleanup.
* NVT selection based on the family attributed has been introduced.
* Sorting parameters have been added to most data retrieval commands.
* Support for retrieving NVT preferences has been introduced.
* The NBE output has been harmonized with the NBE output of openvas-client.
* Support for filtering results has been added.
* The layout of the LaTeX reports has been improved.
* The layout of the PDF reports has been improved.


openvas-manager 0.9.2 (2009-10-26)

This is the eigth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Tim Brown, Matthew Mundell, Felix Wolfsteller, Jan-Oliver Wagner and Michael
Wiegand.

Main changes since 0.9.1:

* Improved preference caching.
* Support for migrating old openvas-manager databases has been added.
* Pidfile management has been refactored.
* LSC support has been improved.
* The layout of the LaTeX reports has been improved.
* Many more fixes and improvements.


openvas-manager 0.9.1 (2009-10-19)

This is the seventh development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Tim Brown, Matthew Mundell, Felix Wolfsteller, Jan-Oliver Wagner and Michael
Wiegand.

Main changes since 0.9.0:

* NVT preferences are now cached in the database.
* Support for storing and sending files has been added.
* Parsing of the NVT category has been fixed.
* Premature pidfile deletion has been fixed.
* The START_TASK response now contains the id of the report for this scan.
* Many more fixes and improvements.


openvas-manager 0.9.0 (2009-09-30)

This is the sixth development release of the openvas-manager module
for the Open Vulnerability Assessment System (OpenVAS).

Many thanks to everyone who has contributed to this release:
Mattew Mundell, Felix Wolfsteller and Jan-Oliver Wagner.

Main changes since 0.8.1:

* Moved OMP library to openvas-libraries
* openvas-libraries >= 3.0 now required
* Add support of OMP commands CREATE_LSC_CREDENTIAL,
  DELETE_LSC_CREDENTIAL and GET_LSC_CREDENTIALS.
* Many fixes and improvements

openvas-manager 0.8.1 (2009-09-14)

This is a maintenance release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

It contains a number of small improvements and bugfixes.


openvas-manager 0.7.0 (2009-08-21)

This is a maintenance release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

It contains considerable changes and vastly improved functionality.


openvas-manager 0.6.1 (2009-06-22)

This is a maintenance release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

It contains a few minor changes to improve compatibility with the Debian
packaging system and other OpenVAS modules.


openvas-manager 0.6.0 (2009-06-18)

This is the second public release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

It offers improved support for the new OpenVAS Management Protocol (OMP) and
new and improved functionality.
The following areas have been added or significantly improved:
- User authentication
- Task ID assignment (UUIDs)
- Retrieving checksums of the NVT collection
- NVT information retrieval
- Certificate handling

In addition, the protocol implementation has been updated to match
the specification more closely.


openvas-manager 0.5.0 (2009-05-08)

This is the first public release of the openvas-manager module for the Open
Vulnerability Assessment System (OpenVAS).

The OpenVAS Manager aims to be a layer between OpenVAS-Client and
the actual OpenVAS Server. Basically it should be responsible for
any tasks where no high system privileges are required.

This module is in an early development stage and not yet intended for
production use.

It is not mandatory to have OpenVAS Manager for using OpenVAS 1.0 or 2.0.

Usage example:
If openvasd is running on port 7772, the following command starts the manager
on port 1241.  The client can then connect to port 1241 as though it was
connecting to openvasd.

# openvasmd --port 1241 --sport 7772

More information about the command line arguments can be obtained using:

# openvasmd --help
