Version 5.6 Release Candidate 2 on the way

We have been reviewing version 5.6 RC 1  and working to get the OVAL Interpreter and OVAL Repository updated to support version 5.6. For the most part things are progressing well. However, we have discovered a few issues with the release candidate.  Given the number of issues found, and their impact we will be delaying the official release and posting a second release candidate shortly. The release will be delayed by 1 week to ensure that time is given to review the corrections.

The new official release date will be September 4^th. A new release candidate will be posted later today and the OVAL web site will be updated to reflect this change.

The following known issues have been found or requested since Version 5.6 RC 1 and will be fixed in Version 5.6 RC 2:

-          BUG - Missing lower bound on the max_depth attribute in all file behaviors to -1.

While updating the interpreter we noticed that the schema did not set a lower bound on this attribute despite the fact that the schema documentation implied a lower bound of -1 and one was intended.

-          BUG - Missing Schematron rule to ind-def:textfilecontent_test and ind-def:textfilecontent54_test.

The schema documentation specified that the line entity uses a pattern match only the Schematron rule enforcing this was missing.

-          BUG - Missing state_operator attribute to the oval-res:TestType definition.

When updating the oval-def:TestType to support a single test referencing multiple states the state_operator attribute was added to the oval-def:TestType, but it was not added to the oval-res:TestType.

-          BUG – Documentation of new state_operator did not align with intended behavior.

While implementing support for the new state_operator in the OVAL Interpreter we realized that the documentation for this new attribute was not clear and would likely lead to the wrong implementation.

-          BUG – Incorrect documentation on the ind-def:ldap_test

The documentation specifically disallowed the collection of data from LDAP objects that did not contain a relative_dn value (relative_dn set to nil) as it also required that the attribute entity to also be set to nil.  As a result, data from the LDAP objects that only include a suffix value such as the domain (DC=Example,DC=Com) could not be collected.

-          BUG - Incorrect the documentation on the win-def:activedirectory_test

The documentation specifically disallowed the collection of data from Active Directory objects that did not contain a relative_dn value (relative_dn set to nil) as it also required the attribute entity to also be set to nil.  As a result, data from Active Directory objects that only include a naming context value such as the domain (DC=Example,DC=Com), configuration (CN=Configuration,DC=Example,DC=Com), and schema ( CN=Schema,CN=Configuration,DC=Example,DC=Com) could not be collected.

-          FEATURE REQUEST - Request for new IBM AIX test for examining interim fixes.

There has also been a request for a new test in the AIX component schema that will support checking interim fixes without this support OVAL cannot be used to support this kind of patch checking any other way. Adding this test now will greatly reduce the level of effort required to get this new test into the language. The alternative is to do a 5.7 release on an shortened release timeline to add this test. A 5.7 will not be finalized in time for the next revision of SCAP whereas 5.6 will. This means that vendors that must support SCAP may have to support two versions of OVAL.

-          FEATURE REQUEST - Request for new behavior on the win-def:wuaupdatesearcher_object.

There has also been a request for a new behavior on the win-def:wuaupdatesearcher_object that will allow a content author to specifically include or exclude updates that have been superseded. Adding this behavior now will make this test much more useful.

As always we appreciate your review and comments on the release candidate.

Thanks,

Jon

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]