1.4.3

• New features
  • Show rule details in output
• Maintenance, bug fix
  • Fix inverted fields in HTML report
  • Add new STIG URL - 1.4
  • Bump OVAL_SUPPORTED to 5.11.3
  • Handle virtual packages in dpkginfo probe
  • Inherit environment for scanning and remediating in oscap-im wrapper
  • Fix the way we check rpm library version in CMake
  • Explicitly allow xmlsec1 to load key data from KeyValue
  • Fix double-free in xccdf_policy_remediate.c
  • Fix unterminated-string-initialization errors
  • Inherit OpenSCAP environment when executing Bash remediations with --remediate option
  • Fix verbose command line option

1.3.13

• Maintenance, bug fix
  • Handle virtual packages in dpkginfo probe
  • Inherit environment for scanning and remediating (oscap-im)
  • Fix inverted fields in HTML report
  • Clarify the '--local-files' option
  • Add new STIG URL

1.3.12

• Maintenance, bug fix
  • Fix thread synchronization bugs
  • Fix textfilecontent54_probe behaviour for negative instance numbers
  • Fix signature obtaining in rpm_info probe

1.4.2

• Maintenance, bug fix
  • Fix thread synchronization bugs
  • Fix textfilecontent54_probe behaviour for negative instance numbers
  • Fix signature obtaining in rpm_info probe

1.3.11

• New features
  • Introduce "oscap-im" - script that can be used in Containerfiles to build
    hardened bootable container images to run as Image Mode Operating System
• Maintenance, bug fix
  • Fix Python 3.13 compatibility
  • Fix collecting signature in rpm_info probe
  • Fix RPM database path in RPM probes (RHEL-55251, #2151)
  • Ensure xlink namespace exists (RHEL-34104)
  • Stop printing useless component reference information in "oscap info"
  • Minor fixes in test suite and CI

1.4.1

• New features
  • Introduce "oscap-im" - script that can be used in Containerfiles to build
    hardened bootable container images to run as Image Mode Operating System
• Maintenance, bug fix
  • Add support for containers with no entrypoint/cmd in "oscap-docker"
  • Stop printing useless component reference information in "oscap info"
  • Fix missing declaration of PATH_MAX on Solaris
  • Fix RPM database path in RPM probes (RHEL-55251, #2151)
  • Fix issues reported by OpenScanHub after 1.4.0 release
  • Fix failing test probes/filehash58/test_probes_filehash58.sh on s390x
    architecture
  • Ensure xlink namespace exists (RHEL-34104)
  • Minor fixes in test suite and CI

1.4.0

• New features
  • Introduce ability to generate Kickstarts for unattended OS installation using the oscap xccdf generate fix --fix-type kickstart command
  • Add ability to process multi-profile JSON tailorings by the autotailor tool
• Removed features
  • Removed cve, cvss, cvrf modules
  • Removed ds submodules sds-compose, sds-add, sds-split, rds-create, rds-split
  • Removed --template, --oval-template and --sce-template options from the xccdf generate submodule
  • Remove the --skip-valid option (replaced by --skip-validation)
• Maintenance, bug fix
  • Advertise path to SSG in remediation scripts
  • Remove the option to build with PCRE
  • Process CPE AL platforms if CPE dictionary isn't part of data stream
  • Disable GConf probe by default (and remove dependencies from docs)
  • Disable MD5 and SHA-1 by default
  • Remove CPE dictionary
  • Fix compiler warnings
  • Update User Manual

1.3.10

• New features
  • Dump all env. variables that affects the behaviour on INFO log level
  • Support Blueprint services customization for masking
  • Fix Blueprint template to be self-contained
  • Add a refine-rule tailoring ability to autotailor
  • Introduce JSON tailoring import option for autotailor
  • Select rules based on reference
  • Skip certain paths from scanning (controlled via env. variable)
  • Introduce a limit of collected items (controlled via env. variable)
• Maintenance, bug fix
  • Fix partition probe for PCRE2
  • Fix NSS crypto backend
  • Wrap Bash snippets in a subshell when generating a fix script
  • Improve references in HTML guides and reports
  • Update html report with OVAL details
  • Rewrite dpkginfo probe without using APT
  • Fix incorrect openscap-cpe-oval result filename
  • Implement xccdf_session_get_rule_results function in XCCDF session API
  • Implement xccdf_session_result_reset function in XCCDF session API

1.3.9

• New features
  • OpenSCAP can now use PCRE2 library
• Maintenance, bug fix
  • Fix offline mode (OVAL/sysctl)
  • Fix leak of dpkg cache when dpkginfo_init is called multiple times
  • Fix un-expanded variable in xccdf report output
  • Fix issues when parsing profiles
  • Fix minor problems and resource leaks

1.3.8

• New features
  • The boot-time remediation service for systemd's Offline Update mode is now disabled by default
  • Add offline capabilities to the shadow OVAL probe
  • Add offline capabilities to the sysctl OVAL probe
  • Add 'auristorfs' to list of network fileystems
  • Add new experimental linux-bound fwupdsecattr probe for system firmware security attributes (fwupd-based)
• Maintenance, bug fix
  • Use ListUnitFiles D-Bus method to fetch all units in systemd OVAL probe
  • Fix minor resource leaks
  • Workaround for issues with tailoring files produced by autotailor