v2.32 - Added dist tag to RPM filename

This release is a fixup release of version 2.30. It fixes two errors in import/export and provides specific RPMs for el5, el6 and el7 now.

Enhancements

Bug Fixes

#438 - Export failed when a scan did not have any attachments
#440 - Import fails if issue it is linked is older then before
#443 - Added dist tag to RPM filename

v2.30 - Improved delta engine and import and export tools

One of the things that has been lacking for a while were proper workspace export and import tools. This release adds them and fixes another issue that has been on our whishlist for long, better handling of gone findings reappearing.

Now when a finding that was previously marked as gone reappears in a scan the 'status before gone' is taken into account.

When the 'status before gone' was:

• New - The finding will reappear as new
• Changed - The finding will reappear as changed
• Open - The finding will reappear as open, unless the finding text has changed, then it will reappear as changed
• No issue - The finding wil reappear as no issue, unless the finding text has changed, then it will reappear as changed
• MASKED - The finding will stay MASKED

Enhancements

• #126 - Delta engine improved: Beter recovery from GONE findings
• #257 - Import/export tools added
• #408 - Seccubus now refuses to load an ivil file with 0 findings
• #412 - Disabled tofu to enhance Docker support
• #419 - Enable crontab support in docker images
• #423 - Show futureGrade in SSLlabs scan results

Bug Fixes

• #403 - SSLlabs scanner help file was not up to date
• #414 - Mkdir error will no longer appear if entrypoint.sh is run twice
• #426 - Corrections to README.md from Karol Kozakowski merged
• #432 - StaticPkpPolicy not recognized

v2.28 - The Docker edition

For my work at Schuberg Philis we wanted to run Seccubus in Docker
containers. This and inspiration from Karl Newell
caused me to add a Dockerfile (and some other files) to Seccubus so that Seccubus can now be
run in a docker container.

In addition I fixed a couple of bugs and changed the ssllabs scanner so it now uses the v3 API endpoint.

Enhancements

• #361 - arkenoi created a netsparker2ivil tool that allows you to manually import Netsparker scans
• #331 - Now using SSLLabs API v3
• #386 - New SSL labs API output featues incorporporated
• #389 - API endpoint URL has moved to a single function so it can be patched if deployed in a
  three tier architecture
• #392 - Alternative handling of the updateFIndings.pl API
• #397 - Allow seccubus to authenticate via an http request header
• #399 - Create a Docker container for Seccubus

Bug Fixes

• #364 - auto_gen column was missing from asset_host table
• #358 - Could not get findings when an asset was used for the query
• #360 - Not able to export report in PDF format - This breaks the scan
• #336 - Non-critical RPM errors on CentOS 5
• #376 - Removed 50 host limit in filters as it was counterproductive
• #374 - Fixed Nikto path detection code
• #377 - Hostname filter wasn't working correctly, typed Hostname iso HostName
• #385 - SSLlabs failed because cypher preference order was split out per protocol by SSLlabs now.
• #394 - SSLlabs scanner failed if all enpoints fail and --gradeonly was used

Docker image at https://hub.docker.com/r/seccubus/seccubus/

Speed improvements and a whole log of bugfixes

12-7-2016 - 2.26 - Speed improvements and a whole log of bugfixes

This release is especially interesting for those of you that are working with large result sets.
The number of findigns that is returned is now limited to 200 results by default and can be adjusted
up or down.
A lot of the filter logic has been moved from the Perl backend to more intelligent database queries
where caching and other optimalisations techniques prevent timeouts when working with larger result
sets.

Additional improvements are done the rpm packaging and the Nessus6 scanner wich now no longer depends
on certain excotic perl modules.

The number of change records that is created and displayed has been reduced and some other more minor
have been fixed too.

Enhancements

• #128 - Limit the amount of findings that is returned from the back end
• #312 - SSLLabs and Nessus6 scanner no longer depend on perl-REST-Client
• #319 - RPM now builds and installs under CentOs/RHEL 5 too
• #320 - Nessus6 scanner now downloads PDF and HTML version of report too
• #322 - Removed old scanners: Nessus v5 and earlier, OpenVAS v5 and earlier
• Improved exit codes for the onlyonxday.sh utility

Bug Fixes

• #344 - Nessus6 scanner script using LWP::UserAgent is too brittle
• #330 - Add perl-LWP-Protocol-https as RPM dependency
• #328 - CopyRight year unit test appears to be broken on Travis
• #327 - OpenVAS target is always created with the default portlist
• #323 - Non-critical warnings in unit tests fixed
• #333 - LWP::UserAgent is missing method delete on RH5 and RH6
• #305 - Finding change records are generated even if a finding did not actually change
• #300 - Editing an issue and updating the severity doesn't work
• #295 - Trigger in notification edit will fall back to previous on re-edit
• #277 - Remove redundant documentation from source tree
• #183 - SSL validation ingore not corretly implemented

v2.24 - RPM and cert improvements

22-04-2016 - 2.24 - RPM and cert improvements

Not everything went perfect upgrading the build process, so we had to tweak the RPM a little and fix an error in the UpToDate.pl script.

Enhancements

• #310 - Root CA for v2.seccubus.com (LetsEncrypt) is now pinned for the version check
• #316 - Clarify create database and grant statement in ConfigTest.pl

Bug Fixes

• #310 - Version check does not like my certificate
• #311 - RPM: Config could not be found after version upgrade to 2.22
• #313 - RPM: Seccubus.conf not placed in correct directory (v2.22)
• #314 - RPM: v2.22 /opt/seccubus/www/dev should not exist
• #315 - RPM: v2.22 dependancy mysql-server is not installed

v2.22 - OpenVAS integration fixed

Enhancements

• Improved the release process (see https://www.seccubus.com/documentation/22-releasing/)
• #308 - Rewrote the OpenVAS scan script with the following objectives:
  • Remove dependancy on the omp utility (because I don't have it on my Mac for starters)
  • XML parsing is now done with XML::Simple in stead of manually (which is fragile)
  • Better error handling

Bug Fixes

• #289 - Online version test needs a unit test
• #269 - Correct handling of multiple address nodes in NMap XML
• #298 - OpenVAS6: fix scan and import to ivil
• #297 - Port field abused to store port state
• #307 - OpenVAS integration was broken

28-10-2015 - v2.20 - What is the issue?

This release introduces a major new feature that has been in my head since the beginning of Seccubus version 2: Issues.

An issue is a sort of trouble ticket that allows you to link multiple findings together, in order to help keeping track of the remediation process.
An issues can be linked to multiple findings (e.g. because you have the same finding across different hosts) and at the same time a single finding can be linked to multiple issue (e.g. multiple certificate issues found in a single finding).

If you want to know more about issue, please see the online documentation at [www.seccubus.com]

Enhancements

#238 - Issues

Bug Fixes

#244 - Database model and database not consistent anymore

Noticed the notices not being there?

08-10-2015 - 2.18 - Fixed a notifications error

Some people noticed that notifications were not visible anymore, @phrag and I fixed them

Enhancements

• Unit tests for notifications API

Bug Fixes

• #267 - Email notification config is not showing

v2.17 - GNU Terry Pratchett (Fixed!)

17-09-2015 - 2.17 - GNU Terry Pratchett (Fixed!)

The bonanza of after summer fixes and small enhancements continues
Our dear contributor @Ar0xA notified us of a bug in v2.16 which has been fixed in this release
See bug #260

Enhancements

• #185 - GNU Terry Pratchett
• #214 - NMap, include port status in port number
• #223 - Make the Bulk Update feature much faster in the GUI
• #228 - SSL Labs: Warn if MaxAge is below the recommended 180 days
• #226 - Create Travis Unit tests for DB upgrade
• #241 - Unit tests for delta engine
• Moved to new Travis build infra. See: http://docs.travis-ci.com/user/migrating-from-legacy/

Bug Fixes

• #180 - NMAP script output ignored
• #186 - Custom SQL table is missing from DB init scripts
• #198 - Unable to add more then 1 asset
• #199 - asset_host broken in v6 and upgrade problems
• #200: Error using ZAP remote
• Fixed ZAP file handling issue
• Fixed a new found bug in ivil2zap, more output now in findings
• Fixed SSLlabs error exception
• #213 - .spec file still references v4 data structures instead of v6
• #222 - SSL Labs: hasSct and sessionTickets findings not saved in IVIL file
• #224 - Bulk Update controller not updated after update of remark only
• #236 - Database upgrades inconsistent
• #243 - do-scan -q is not very quiet
• #247 - SSLLabs: certain values for PoodleTLS not handled
• #248 - SSLLabs Reneg finding empty is reneg is not supported
• Copyright related unit tests now work on Travis CI too
• #252 - scannerparam column in scans table too small
• #255 - Incorrect use of CGI.pm may cause parameter injection vulnerability
• #260 - Runs not showing in Seccubus v2.16

v2.16 - GNU Terry Pratchett

The bonanza of after summer fixes and small enhancements continues

Enhancements

• #185 - GNU Terry Pratchett
• #214 - NMap, include port status in port number
• #223 - Make the Bulk Update feature much faster in the GUI
• #228 - SSL Labs: Warn if MaxAge is below the recommended 180 days
• #226 - Create Travis Unit tests for DB upgrade
• #241 - Unit tests for delta engine
• Moved to new Travis build infra. See: http://docs.travis-ci.com/user/migrating-from-legacy/

Bug Fixes

• #180 - NMAP script output ignored
• #186 - Custom SQL table is missing from DB init scripts
• #198 - Unable to add more then 1 asset
• #199 - asset_host broken in v6 and upgrade problems
• #200: Error using ZAP remote
• Fixed ZAP file handling issue
• Fixed a new found bug in ivil2zap, more output now in findings
• Fixed SSLlabs error exception
• #213 - .spec file still references v4 data structures instead of v6
• #222 - SSL Labs: hasSct and sessionTickets findings not saved in IVIL file
• #224 - Bulk Update controller not updated after update of remark only
• #236 - Database upgrades inconsistent
• #243 - do-scan -q is not very quiet
• #247 - SSLLabs: certain values for PoodleTLS not handled
• #248 - SSLLabs Reneg finding empty is reneg is not supported
• Copyright related unit tests now work on Travis CI too
• #252 - scannerparam column in scans table too small
• #255 - Incorrect use of CGI.pm may cause parameter injection vulnerability