Version 5.10.1 (Official)

This page provides information on the proposed changes to the OVAL Language. This is an update version change that fixes a critical issue discovered in Version 5.10 of the OVAL Language. All information about the new version is included in this centralized location. The major highlights of the release so far are listed below:

  • Deprecated the include_group behavior in the win-def:sharedresourceeffectiverights_test and the win-def:sharedresourceauditedpermissions_test.
  • Made several documentation clarifications and fixes.
  • Updated the schema_version entity, in the GeneratorType, to align with the new three-component version identifier in the OVAL Language Versioning Policy.
  • Updated the version entity, in the DeprecatedInfoType, to align with the new three-component version identifier in the OVAL Language Versioning Policy.
  • Added the missing extended_name entity to the linux-def:rpmverifypackage_state.
  • Changed the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object from "0" to "1".

All of the above items remain open for discussion and any comments or feedback is greatly appreciated. For a complete listing of the release contents see the New in Version 5.10.1 section. More information about the OVAL Language review process can be found on the OVAL Language Review Process page.

Test Listing

A complete listing of the tests available in this release can be found on the Version 5.10.1 — Test Listing page.

Specifications

Please submit any comments or questions about the current versions of the OVAL Language Specification document(s) to oval-developer-list@lists.mitre.org. Along with any comments please specify the exact version of the document that is being commented on. Track changes has been enabled in the document and annotated documents are appreciated. If you would like to submit an annotated document please simply attach it to your email to the oval-developer-list. You may also submit comments directly to oval@mitre.org.

OVAL Language Specification:

OVAL Language Component Model Specifications:

In addition, all currently available specifications associated with a particular schema are posted in the Specifications columns in the Downloads section, below.

Downloads

Includes downloads for the Version 5.10.1 Schemas, Specifications, Schematron Rules, Element Dictionaries, and Deprecation Listings.

KEY

Complete Schema — has all documentation embedded and the Schematron mark-up.
Minimal Schema — includes the raw xml schema only.
Schematron — a schema that can provide additional validation of OVAL V5 documents.
Documentation html — element dictionaries, which users can elect to view in a browser or save.
All files zip — all files zipped together to allow for one simple download.
xsd/sch — a user can either right click to download the file or left click to open the file in their default viewer.
Deprecation Listing — a list of all deprecated language constructs.

OVAL Definitions Schema Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
All Files zip zip zip - zip | sch -
Core xsd xsd html Word | PDF - -
Common xsd xsd html Word | PDF - html
 

OVAL Definitions Schema Extensions Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
Independent xsd xsd html - - html
Apache xsd xsd html - - html
Apple Macintosh xsd xsd html - - -
Cisco CatOS xsd xsd html - - html
Cisco IOS xsd xsd html - - html
Cisco PixOS xsd xsd html - - -
FreeBSD xsd xsd html - - -
HP-UX xsd xsd html - - html
IBM AIX xsd xsd html - - -
Linux xsd xsd html - -
Microsoft Windows xsd xsd html Word | PDF - html
SharePoint xsd xsd html - - -
Sun Solaris xsd xsd html - - html
UNIX xsd xsd html Word | PDF - html
Vmware ESX xsd xsd html - - html
 

OVAL System Characteristics Schema Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
All Files zip zip zip - zip | sch -
Core xsd xsd html Word | PDF - -
Common xsd xsd html Word | PDF - html
 

OVAL System Characteristics Schema Extensions Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
Independent xsd xsd html - - html
Apache xsd xsd html - - html
Apple Macintosh xsd xsd html - - -
Cisco CatOS xsd xsd html - - html
Cisco IOS xsd xsd html - - html
Cisco PixOS xsd xsd html - - -
FreeBSD xsd xsd html - - -
HP-UX xsd xsd html - - -
IBM AIX xsd xsd html - - -
Linux xsd xsd html - - -
Microsoft Windows xsd xsd html Word | PDF - html
SharePoint xsd xsd html - - -
Sun Solaris xsd xsd html - - -
UNIX xsd xsd html Word | PDF - -
Vmware ESX xsd xsd html - - html
 

OVAL Results Schema Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
All Files zip zip zip - zip | sch -
Core xsd xsd html Word | PDF - -
Common xsd xsd html Word | PDF - html
 

OVAL Variables Schema Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
All Files zip zip zip - zip | sch -
Core xsd xsd html Word | PDF - -
Common xsd xsd html Word | PDF - html
 

OVAL Directives Schema Downloads

File Name Complete Schema Minimal Schema Documentation Specification Schematron Deprecation Listing
All Files zip zip zip - zip | sch -
Core xsd xsd html Word | PDF - -
Common xsd xsd html Word | PDF - html
Results xsd xsd html Word | PDF - -
 

Example XML Stylesheets

File Name Description
results_to_html.xsl The results_to_html stylesheet converts an OVAL Results document into a more readable html format.
minimal_schema.xsl The minimal_schema stylesheet removes all annotation elements from the OVAL Schema leaving only the minimal schema.
element_dictionary.xsl The element_dictionary stylesheet creates documentation files from the OVAL Schema.
reference_mapping.xsl The reference_mapping stylesheet creates a map between each OVAL Definition in a document and a specified reference source.
Back to top

New in Version 5.10.1

Version 5.10.1 of the Official OVAL Schema is a direct result of feedback from the OVAL Community. This will be an update version change and may require some new development by tools that support earlier versions of the Language. The changes pending to the different schemas are outlined below. "Open" status means the item is under consideration or being worked upon and "Closed" status means that the item has been incorporated and work on it is completed. For full details on a particular item please expand the item by clicking the + icon in the left column.

Tracker items in this version include:

ID Title Status Date Opened Resolution
32340 owrite and oexec entity documentation in the macos-def:diskutil_test is incorrect Closed 2011-10-18 Fixed
Priority: Medium | Category: n/a | Date Closed: 2012-01-18 00:46:18
Details:
The owrite and oexec entity documentation in the macos-def:diskutil_state and macos-sc:diskutil_item is incorrect because they have the documentation from the oread entity.
Follow-ups:
Date Added: 2012-01-18 00:46:17
This change will be available in Version 5.10.1 Release Candidate 2.

32517 fix win-sc:EntityItemWindowsViewType documentation for the empty string Closed 2011-11-09 Fixed
Priority: Medium | Category: System Characteristics Schemas | Date Closed: 2012-01-18 03:32:53
Details:
We need to fix win-sc:EntityItemWindowsViewType documentation for the empty string because it says that it is associated with variable references when it should really be associated with error and not collected conditions.
Follow-ups:
Date Added: 2012-01-18 00:49:11
This change will be available in Version 5.10.1 Release Candidate 2.

32600 deprecate include_group behavior in win-def:sharedresourceeffectiverights_test and win-def:sharedresourceauditedpermissions_test Closed 2011-11-23 Fixed
Priority: Medium | Category: Definition Schemas | Date Closed: 2012-01-18 03:33:21
Details:
We should deprecate the use of include_group behavior in these tests in favor of using the sid_sid_object. This will align with the other effective rights and audited permissions tests.
Follow-ups:
Date Added: 2012-01-18 00:47:36
These changes will be available in Version 5.10.1 Release Candidate 2

32678 add the missing extended_name entity to the linux-def:rpmverifypackage_state Closed 2011-12-12 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2011-12-15 16:02:17
Details:
In OVAL 5.10, the extended_name entity was accidentally left out of the linux-def:rpmverifypackage_state.  We need to add this entity to the state to allow for content authors to map between the various rpm-based tests.
 
Please see the following oval-developer-list post for additional information.

http://making-security-measurable.1364806.n2.nabble.com/Issues-with-the-linux-def-rpmverifyfile-test-and-linux-def-rpmverifypackage-test-in-OVAL-5-10-tp7055684p7055684.html
Follow-ups:
Date Added: 2011-12-13 15:38:02
This change will be available in Version 5.10.1 draft 1.

32680 fix the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and the linux-def:rpmverifyfile_object Closed 2011-12-12 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2011-12-15 16:02:18
Details:
The minOccurs attributes on the name, epoch, version, release, and arch entities, in the linux-def:rpmverifypackage_object and the linux-def:rpmverifyfile_object, are incorrectly set to "0".  As a result, these objects will pass validation without having these entities which are needed to uniquely identify an rpm on a system.  We need to change the minOccurs attribute for these entities to "1".  

Please see the following oval-developer-list post for additional information.

http://making-security-measurable.1364806.n2.nabble.com/Issues-with-the-linux-def-rpmverifyfile-test-and-linux-def-rpmverifypackage-test-in-OVAL-5-10-tp7055684p7055684.html
Follow-ups:
Date Added: 2011-12-13 15:38:43
This change will be available in Version 5.10.1 draft 1.

32681 update the schema_version entity in the oval:GeneratorType to align with the new three-component version identifier Closed 2011-12-12 Fixed
Priority: High | Category: n/a | Date Closed: 2011-12-15 16:02:19
Details:
We need to update the schema_version entity in the oval:GeneratorType to align with the new three-part version identifier in the OVAL Language Versioning Methodology.  The version attribute in the xs:schema element does not need to be updated because it is of type xs:token which allows for the three-part version identifier.
Follow-ups:
Date Added: 2011-12-13 15:38:59
This change will be available in Version 5.10.1 draft 1.

32826 update the foreign_port documentation in the linux-def:inetlisteningservers_test Closed 2012-01-12 Fixed
Priority: Medium | Category: n/a | Date Closed: 2012-01-18 03:33:48
Details:
We need to update the foreign_port documentation in the linux-def:inetlisteningservers_test to not recommend using "*" for unestablished connections, but, rather "0" as that is what the operating system sees.

Please see the following oval-developer-list for additional information.

http://making-security-measurable.1364806.n2.nabble.com/Potential-schema-issue-with-http-oval-mitre-org-XMLSchema-oval-system-characteristics-5-linux-foreig-tp7177176p7177176.html
Follow-ups:
Date Added: 2012-01-18 00:55:50
This change will be available in Version 5.10.1 Release Candidate 2.

32862 update the version element in the oval:DeprecatedInfoType to align with the three-component version identifier Closed 2012-01-18 Fixed
Priority: Medium | Category: n/a | Date Closed: 2012-01-18 03:35:06
Details:
The version element in the oval:DeprecatedInfoType needs to align with the three-component version identifier in the new versioning policy.
Follow-ups:
Date Added: 2012-01-18 00:53:12
This change will be available in Version 5.10.1 Release Candidate 2.

Back to top

Timeline for Version 5.10.1

PLANNING DRAFT RELEASE CANDIDATE OFFICIAL
10 November 2011 15 December 2011 17 January 2012 27 January 2012
Back to top

Status Reports

Status updates are included below. You may also review the OVAL Developer’s Forum Archives for discussions about Version 5.10.1.

[2012-01-27]

Version 5.10.1 has been officially released. Many thanks to all in the community who helped with this update release.

[2011-01-17]

Version 5.10.1 Release Candidate 2 is now available for community review and comment. As a reminder a release candidate signifies that the proposed OVAL Language revision has reached a level of consensus within the OVAL Community, and the OVAL Moderator has verified that the language is valid. In the release candidate stage, the language remains frozen for a period of time determined by the OVAL Board. It is during this stage that vendors and tool developers should update their tools with the knowledge that the schema will remain stable. Subsequent release candidates may be released if a serious problem is discovered in the proposed language. This release candidate represents a complete implementation of all planned changes for Version 5.10.1 and includes the following updates since the last release candidate:

  • Clarified the foreign_port entity documentation in the linux-def: inetlisteningservers_test.
  • Deprecated the include_group behavior in the win-def:sharedresourceeffectiverights_test and the win-def:sharedresourceauditedpermissions_test.
  • Updated the version entity, in the DeprecatedInfoType, to align with the new three-component version identifier in the OVAL Language Versioning Policy.
  • Fixed the copy and paste errors in the owrite and oexec entities in the macos-def:disktuil_test.
  • Fixed a copy and paste error in the win-sc:EntityItemWindowsViewType.

[2011-12-29]

Version 5.10.1 Release Candidate 1 is now available for community review and comment. As a reminder a release candidate signifies that the proposed OVAL Language revision has reached a level of consensus within the OVAL Community, and the OVAL Moderator has verified that the language is valid. In the release candidate stage, the language remains frozen for a period of time determined by the OVAL Board. It is during this stage that vendors and tool developers should update their tools with the knowledge that the schema will remain stable. Subsequent release candidates may be released if a serious problem is discovered in the proposed language. This release candidate represents a complete implementation of all planned changes for Version 5.10.1.

[2011-12-15]

Version 5.10.1 Draft 1 is now available for community review and comment. This first draft adds the missing extended_name entity to the linux-def:rpmverifypackage_state and fixes the minOccurs attribute on the entities in the linux-def:rpmverifypackage_object and linux-def:rpmverifyfile_object so that they are required. Finally, this draft includes an update to the schema_version entity, in the oval:GeneratorType, so that it aligns with the new three-component version identifier in the OVAL Language Versioning Policy.

Please send all comments and suggestions to the OVAL Community.

[2011-11-10]

Version 5.10.1 is currently in the planning stage. If you have any suggestions for changes that should be included, please send them to the OVAL Community.

Back to top

Page Last Updated: October 03, 2013