Released 2020-05
Linux SHA256:
Linux md5sum:
This release see's the refinement of User ↔ Org permissions based on the requested collection.
Certain collections should allow the user to request any ascendants items, like queries for example. If a user has permission on an Org further down the tree, traditionally they could not see the Default Orgs queries (ie, the default queries supplied in the program). From 3.3.2 onward, users have the ability to see their ascendants items for: dashboards, discovery_scan_options, fields, files, groups, queries, reports, roles, rules, scripts, summaries, widgets. Users can still only see their specified Orgs (and their descendants) for applications, baselines, baselines_policies, buildings, clouds, clusters, collectors, connections, credentials, devices, discoveries, discovery_log, floors, integrations, ldap_servers, licenses, locations, logs, networks, orgs, rack_devices, racks, rooms, rows, tasks, users.
NOTE - ascendants does not mean all items. Only their direct "in-line" parent, grandparent, etc.
This is not considered a change to access, more making it what it should always have been. For more information, see Users, Roles and Orgs - how does it work?
Don't forget you have granular control over what users can see and do using Roles in Enterprise.
| Version | Type | Collection | Description |
|---|---|---|---|
| Community | Improvement | All | Do not allow INSERT, UPDATE or DELETE in groups or queries SQL attribute. |
| Community | Improvement | Attributes | Harden allowed type, name, value for attributes. |
| Community | Improvement | Files | Harden allowed value for path for files. |
| Community | Improvement | Scripts | Harden allowed options values for scripts. |
| Community | Improvement | All | Add user Org ascendants and descendants based on collection requested. |
| Community | Bug | Applications | Fix SQL in m_applications::read_sub_resource to return correct device list. |
| Community | Improvement | Discoveries | Improved fault tolerance detecting IIS websites. |
| Community | Bug | Help | Fix help::support directory parsing (use correct array offset). |
| Community | Bug | Discoveries | Validate correct character for subnet and exclude_ip attributes when running a discovery. CVE-2020-8813 |
| Community | Improvement | Configuration | Apply validation to config items for update. |
| Community | Bug | Discoveries | Fix memory speed formatting. |
| Professional | Bug | Installer | Remove 'IF NOT EXISTS' from database user creation as Centos and old Debian do not have this ability. |
| Professional | Bug | Discoveries | Sort discoveries by correct column in discoveries_collection template. |
| Professional | Bug | Devices | Fix link in Opmantek details of devices_read template. |