Release Notes for Open-AudIT v3.3.1
Released 2020-04-20
Linux SHA256: 9b1016633a3037ce24f974d4736f5a4d18f88184223092ddc3e4adf1950bb892
Linux md5sum: 393b05f92ab936aa2c2d533786da2557
This is a minor release to fix a few minor bugs and a XSS issue.
Version | Type | Collection | Description |
---|---|---|---|
Professional | Bug | All | Fix Javascript error on AJAX request display on update. |
Community | Improvement | All | Use mariadb-server in dependency list for Ubuntu 20.04 instead of mysql-server. |
Community | Improvement | All | Centos 8, add new package names in installer. |
Community | Bug | Help | Improve m_helper for OS Timezone for Redhat derived distro's so as to silence the PHP error for file does not exist. |
Community | Improvement | Discoveries | Account for multiple spaces in config item for discovery_exclude_ip. |
Community | Bug | Discoveries | Ensure we use the config item discovery_exclude_ip when executing discoveries (as well as the discovery specific exclude_ip attribute). |
Community | Improvement | Discoveries | Improve logging for all_ip_list and responding_ip_list functions. |
Community | Improvement | All | Use htmlentities on all default error templates for $message. Resolve XSS issue. CVE-2020-12261 |
Community | Improvement | Search | Only accept POST for /search. Do not try to find the ID of a search using the name. |
Community | Bug | All | Fix test in insert_collection for an attribute value. Test using isset, not \!empty because a value of 0 is being replaced with an empty value, hence when the database accepts it, it is using the column default, not 0. Found in tasks with minute and hour at 0, being inserted and ending up with a value of *. |
Community | Bug | Database | Fix links from database lists to database table. |
Community | Improvement | Logs | Revise logging to set failed and successful logon attempts at level 5. |