Release Notes for Open-AudIT v3.3.1

Released 2020-04-20

Linux SHA256: 9b1016633a3037ce24f974d4736f5a4d18f88184223092ddc3e4adf1950bb892

Linux md5sum: 393b05f92ab936aa2c2d533786da2557


This is a minor release to fix a few minor bugs and a XSS issue.

VersionTypeCollectionDescription
ProfessionalBugAllFix Javascript error on AJAX request display on update.
CommunityImprovementAllUse mariadb-server in dependency list for Ubuntu 20.04 instead of mysql-server.
CommunityImprovementAllCentos 8, add new package names in installer.
CommunityBugHelpImprove m_helper for OS Timezone for Redhat derived distro's so as to silence the PHP error for file does not exist.
CommunityImprovementDiscoveriesAccount for multiple spaces in config item for discovery_exclude_ip.
CommunityBugDiscoveriesEnsure we use the config item discovery_exclude_ip when executing discoveries (as well as the discovery specific exclude_ip attribute).
CommunityImprovementDiscoveriesImprove logging for all_ip_list and responding_ip_list functions.
CommunityImprovementAllUse htmlentities on all default error templates for $message. Resolve XSS issue. CVE-2020-12261
CommunityImprovementSearchOnly accept POST for /search. Do not try to find the ID of a search using the name.
CommunityBugAllFix test in insert_collection for an attribute value. Test using isset, not \!empty because a value of 0 is being replaced with an empty value, hence when the database accepts it, it is using the column default, not 0. Found in tasks with minute and hour at 0, being inserted and ending up with a value of *.
CommunityBugDatabaseFix links from database lists to database table.
CommunityImprovementLogsRevise logging to set failed and successful logon attempts at level 5.