Skip to content

@evgenyz evgenyz released this Apr 29, 2020 · 69 commits to maint-1.3 since this release

  • New features
    • Added a Python script that can be used for CLI tailoring (autotailor)
    • Added timezone to XCCDF TestResult start/end time
    • Added yamlfilecontent independent probe (proposal/draft implementation),
      see OVAL-Community/OVAL#91 for more information
    • Introduced urn:xccdf:fix:script:kubernetes fix type in XCCDF
    • Added ability to generate machineconfig fix
  • Maintenance, bug fixes
    • utils/oscap-podman: Detect ambiguous scan target
    • Fixed #170: The rpmverifyfile probe can't verify files from '/bin' directory
    • The data system_info probe return for offline and online modes is consistent and actual
    • Prevent crashes when complicated regexes are executed in textfilecontent58 probe
    • Fixed #1512: Severity refinement lost in generated guide
    • Fixed #1453: Pointer lost in Swig API
    • Evaluation Characteristics of the XCCDF report are now consistent with OVAL entities
      from system_info probe
    • Fixed filepath pattern matching in offline mode in textfilecontent58 probe
    • Fixed infinite recursion in systemdunitdependency probe
    • Fixed the case when CMake couldn't find libacl or xattr.h
Assets 6
  • 1.3.2
  • 4513803
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.3.2
  • 4513803
  • Compare
    Choose a tag to compare
    Search for a tag

@evgenyz evgenyz released this Jan 14, 2020 · 0 commits to ebbe0feea24a0798a19de04abb64b11fa4d09637 since this release

  • New features
    • Offline mode support for environmentvariable58 probe
    • The oscap-docker wrapper is available without Atomic
  • Maintenance, bug fixes
    • Improved support of multi-check rules (report, remediations, console output)
    • Improved HTML report look and feel, including printed version
    • Less clutter in verbose mode output; some warnings and errors demoted to verbose mode levels
    • Probe rpmverifyfile uses and returns canonical paths
    • Improved a11y of HTML reports and guides
    • Fixes and improvements for SWIG Python bindings
    • #1403 fixed: Scanner would not apply remediation for multicheck rules (verbosity)
    • Fixed URL link mechanism for Red Hat Errata
    • New STIG Viewer URI:
    • Probe selinuxsecuritycontext would not check if SELinux is enabled
    • Scanner would provide information about unsupported OVAL objects
    • Added more tests for offline mode (probes, remediation)
    • #528 fixed: Eval SCE script when /tmp is in mode noexec
    • #1173, RHBZ#1603347 fixed: Double chdir/chroot in probe rpmverifypackage
Assets 6

@jan-cerny jan-cerny released this Jun 13, 2019 · 507 commits to maint-1.3 since this release

  • New features
    • Support for SCAP 1.3 Source Datastreams (evaluating, XML schemas,
    • Introduced oscap-podman -- a tool for SCAP evaluation of Podman
      images and containers (rhbz#1642373)
    • Tailoring files are included in ARF result files (#902)
    • OVAL details are always shown in HTML report, users do not have to
      provide --oval-results on command line
    • HTML report displays OVAL test details also for OVAL tests included
      from other OVAL definitions using extend_definition (#916, #954)
    • OVAL test IDs are shown in HTML report
    • Rule IDs are shown in HTML guide (#1293)
    • Added block_size in Linux partition_state defined in OVAL 5.11.2
    • Added oscap_wrapper that can be used to comfortably execute custom
      compiled oscap tool
  • Maintenance, bug fixes
    • Remote filesystems mounted using autofs direct maps are not
      recognized as local filesystems (rhbz#1655943)
    • SCAP source datastreams containing remote components can be
      evaluated without downloading remote data (rhbz#1709423)
    • Fixed duplicated variables in generated Ansible Playbooks
    • Fixed trailing whitespace characters in Ansible Playbooks
    • Correctly handle multiline profile titles and profile descriptions
      in generated Ansible Playbooks (#1112)
    • Fixed STIG Viewer output (--stig-viewer) to handle multiple rules
      that have the same STIG ID
    • Fixed incorrect displaying of OVAL test results in HTML report
    • Fixed segmentation fault in offline mode caused by usage of chroot
      file descriptor after closing (rhbz#1636431)
    • Fixed textfilecontent54 probe to not ignore max_depth, recurse,
      recurse_direction and recurse_file_system attributes of
      behaviors element when filepath element is given (rhbz#1655943)
    • Added CMake policies (CMP0078 and CMP0086) related to UseSWIG
    • Added RHEL 8 CPE, Fedora 31 CPE, Oracle Linux 8 CPE
    • Fedora CPEs fixed to work also on Fedora >= 30
    • Fixed segmentation fault in CVRF module (rhbz#1642283)
    • Fixed unresolved symbols in
    • Fixed memory leaks in Windows registry probe (#1269)
    • Fixed many GCC compiler warnings
    • Removed dead code from fsdev module
    • Many new test cases in upstream test suite
    • Refactoring
    • Updated Developer Guide
    • Updated manual pages
Assets 6

@jan-cerny jan-cerny released this Oct 9, 2018 · 740 commits to maint-1.3 since this release

  • New features
    • Introduced a virtual '(all)' profile selecting all rules
    • Verbose mode is a global option in all modules
    • Added Microsoft Windows CPEs
    • oscap-ssh can supply SSH options into an environment variable
  • Maintenance
    • Removed SEXP parser
    • Added Fedora 30 CPE
    • Fixed many Coverity defects (memory leaks etc.)
    • SCE builds are enabled by default
    • Moved many low-level functions out of public API
    • Removed unused and dead code
    • Updated manual pages
    • Numerous small fixes
Assets 4

@jan-cerny jan-cerny released this Aug 10, 2018 · 855 commits to master since this release

  • Maintenance
    • Removed '--probe-root' option
    • Removed '--show' option from 'oscap xccdf generate report'
    • Removed CCE API
    • Removed deprecated option '--sce-results'
    • Removed 'oscap oval list-probes' submodule
    • Removed 'validate-xml' submodule from CPE, OVAL, XCCDF modules
    • Moved OVAL probe handler to private headers
    • Added tests for filehash58 offline mode
    • Fixed broken SCE
    • Fixed problematic versioning in CMake and pkgconfig file
    • Removed many unused code
    • Rewritten test tests/API/XCCDF/default_cpe
    • Started to use asciidoc instead of asciidoctor
    • Fixed many compiler warnings
    • Fixed MinGW builds
    • Documentation updates
    • Small fixes
Assets 4

@jan-cerny jan-cerny released this Jul 18, 2018 · 239 commits to maint-1.2 since this release

  • New features
    • Microsoft Windows support (issue #195)
    • new probes:
      • Windows registry probe
      • Windows accesstoken probe
      • Windows wmi57 probe
    • CMake is used as build system (issue #542)
    • CTest is used as test suite driver
  • Maintenance
    • probes are not separate processes, they are threads within oscap
    • OpenSCAP can be compiled using Visual Studio 2017
    • Dropped 53 deprecated API symbols (issue #1088)
    • Removed GNU Automake
    • Removed Python 2 support (issue #1034)
    • Ninja build is supported
    • Public API symbols are marked by OSCAP_API macro
    • Removed variable length arrays
    • Removed custom memory allocation functions (issue #1077)
    • Improved OS X build support
    • Fixed crash when deallocating red-black-tree node in Windows
    • Several large tests are splitted into smaller test cases
    • User manual is splitted in User and Developer manual
    • Many documentation updates (issue #1069, #1066)
    • Stopped using '\r' characters on stdout (issue #579, #1023)
    • Updated release tools to reflect CMake (issue #1036)
    • Dropped Cygwin support from User Manual (issue #1011)
    • source tarball does not contain build artifacts
    • Many small fixes
Assets 4

@jan-cerny jan-cerny released this May 29, 2018 · 273 commits to maint-1.2 since this release

  • New features
    • HTML Guide user experience improvements
    • New options in HTML report "Group By" menu
    • oscap-ssh supports --oval-results (issue #863)
  • Maintenance
    • Support comparing state record elements with item
    • Updated Bash completion
    • Make Bash role headers consistent with --help output
    • Fixed problems reported by Coverity (issue #909)
    • Fixed CVE schema to support 4 to 7 digits CVEs
    • Fix output of generated bash role missing fix message
    • Fix oscap-docker to clean up temporary image (RHBZ #1454637)
    • Fix Ansible remediations generation
    • Add a newline between ids in xccdf info (issue #968)
    • Fix unknown subtype handling in oval_subtype_parse (issue #986)
    • Outsourced the pthreads feature check and setup
    • Speed up in debug mode
    • Refactored the Python handling in build scripts
    • Prevent reading from host in offline mode (issue #1001)
    • Many probes use OWN offline mode
    • Improve offline mode logic in OVAL probes
    • Do not use chroot in system_info probe
    • Prevent a segfault in oscap_seterr on Solaris
    • Out of tree build is possible
    • Use chroot for RPM probes in offline mode
    • PEP8 accepts lines up to 99 characters
    • New configure parameter --with-oscap-temp-dir (issue #1016)
    • Fixed OVAL record elements namespace and SEXP conversion
    • Removed '\r' characters from help output (issue #1023)
    • Full Python 3 compatibility
    • Removed basic Python implementation of oval_probes.c
    • Added support for Travis CI and Sonar Cloud
    • Minor fixes inspired by Sonar Cloud
    • Added Fedora 29 CPE
    • New tests in upstream test suite (offline mode, Ansible, etc.)
Assets 3

@matejak matejak released this Nov 14, 2017 · 2451 commits to maint-1.3 since this release


  • Over 350 commits from 12 distinct persons
  • 3 new contributors.
  • 66 Github issues fixed, 59 PRs merged.

New features

  • oscap can generate output that is compatible with STIG Viewer.
  • CVRF parsing and export has been implemented.
  • oscap info command has been expanded.
  • The AIX platform is supported.
  • Many documentation improvements.
  • Numerous other improvements of existing features.


  • Huge cross-platform improvements.
  • Memory leaks fixed (RHBZ#1485876).
  • SELinux fixes.
  • Many coverity fixes.
  • Numerous other bugfixes.
Assets 3

@jan-cerny jan-cerny released this Aug 25, 2017 · 808 commits to maint-1.2 since this release

  • New features
    • short profile names can be used instead of long IDs
    • new option --rule allows to evaluate only a single rule
    • new option --fix-type in "oscap xccdf generate fix" allows choosing
      remediation script type without typing long URL
    • "oscap info" shows profile titles
    • OVAL details in HTML report are easier to read
    • HTML report is smaller because unselected rules are removed
    • HTML report supports NIST 800-171 and CJIS
    • remediation scripts contain headers with useful information
    • remediation scripts report progress when they run
    • basic support for Oracle Linux (CPEs, runlevels)
    • remediation scripts can be generated from datastreams that contain
      multiple XCCDF benchmarks (issue #772)
    • basic support for OVAL 5.11.2 (only schemas, no features)
    • enabled offline RPM database in rpminfo probe (issue #778)
    • added Fedora 28 CPE
  • Maintenance
    • fixed oscap-docker with Docker >= 2.0 (issue #794)
    • fixed behavior of sysctl probe to be consistent with sysctl tool
    • fixed generating remediation scripts (issue #723, #773)
    • severity of tailored rules is not discarded (issue #739)
    • fixed errors in RPM probes initialization
    • oscap-docker shows all warnings reported by oscap (issue #713)
    • small improvements in verbose mode
    • standard C operations are used instead of custom OpenSCAP operations
    • fixed compiler warnings
    • fixed missing header files
    • fixed resource leaks (issue #715)
    • fixed pkgconfig file (RHBZ #1414777)
    • refactoring
    • documentation fixes and improvements
Assets 3

@jan-cerny jan-cerny released this Mar 21, 2017 · 1052 commits to maint-1.2 since this release

  • New features
    • Detailed information about ARF files in 'oscap info' (issue #664)
    • XSLT template creating XCCDF files from OVAL files
    • Generating remediation scripts from ARF
    • Significant improvements of User Manual (issue #249, #513)
    • HTML report UX improvements (issue #601, #620, #622, #655)
    • Warnings are shown by default
    • Verbose mode is available in 'xccdf remediate' module (issue #520)
    • Added Fedora 26, Fedora 27 and OpenSUSE 42.2 CPEs (issue #698)
    • Support for Anaconda remediation in HTML report
  • Maintenance
    • Fixed CPE dictionary to identify RHEVH as RHEL7 (RHBZ #1420038)
    • Fixed systemd probes crashes inside containers (RHBZ #1431186, issue #700)
    • Added a warning on non-existing XCCDF Benchmarks (issue #614)
    • Fixed output on terminals with white background (RHBZ #1365911, issue #512)
    • Error handling in oscap-vm (RHBZ #1391754)
    • Fixed SCE stderr stalling (RHBZ #1420811)
    • Fixed Android OVAL schema (issue #279)
    • Fixed absolute filepath parsing in OVAL (RHBZ #1312831, #1312824)
    • Fixes based on Coverity scan report (issue #581, #634, #681)
    • Fixed duplicated error messages (issue #707)
    • Fixed XCCDF score calculation (issue #617)
    • Fixed segmentation faults in RPM probes (RHBZ #1414303, #1414312)
    • Fixed failing DataStream build if "@" is in filepath
    • Fixed missing header in result-oriented Ansible remediations
    • Memory leak and resource leak fixes (issue #635, #636)
    • New upstream tests
    • Many minor fixes and improvements
Assets 3
You can’t perform that action at this time.