Release Notes
What's new in each Open-AudIT release — features, fixes, and improvements.
On this page
Release Notes
This page lists the changes introduced in each Open-AudIT release. For download links and upgrade instructions, see the Installation section.
Open-AudIT 6.0.3 (Windows)
Released: 2026-05-14
We are releasing Open-AudIT 6.0.3 for Windows as a minor release for bugs and improvements.
The new items are installed user browser extensions (assuming you're auditing using Administrator for Windows or sudo/root for MacOS), and MS Entra for authentication.
We have also enabled a basic discovery scan that will be executed if Nmap is not detected.
Our Windows installer is now signed with our FirstWave certificate. Initial tests on Windows Server do not trigger a warning, however initial testing on Windows 11 do still trigger a warning. To get around this, we have submitted the file to Microsoft for review. It is unknown how long this will take to make its way to client machines (the updated "this file is OK" detail).
| Version | Type | Collection | Description |
|---|---|---|---|
| Professional | improvement | installer | Windows now has a signed install package. |
| Professional | improvement | installer | Audit the local machine upon install / upgrade. |
| Community | improvement | devices | Added logos for over 30 more manufacturers. |
| Community | new feature | devices | Add browser extensions for Edge, Chrome and Firefox on Windows audit. |
| Community | new feature | devices | Add browser extensions for Edge, Chrome and Firefox to MacOS audit. |
| Community | improvement | devices | Add user accounts to MacOS audit script. |
| Enterprise | new feature | auth | MS Entra for authentication working. |
| Community | bug | auth | Fix redirect URL for OKTA / Entra. |
| Community | bug | gui | Fix the dataTables pagination buttons when there are multiple dataTables on a single page. |
| Professional | improvement | discoveries | If we detect we are running on a Windows client OS (Win 10/11), reduce the number of concurrent discovery queue processes from 20 to 1 in order to attempt to discover some devices before Windows kills Apache. |
| Community | improvement | discoveries | Populate the SNMP 'public' credential if no credentials exist (most often at first logon). |
| Community | improvement | discoveries | Revise Welcome page quick discovery. |
| Community | improvement | discoveries | Ability to still execute a very basic discovery scan, even when Nmap not detected. |
| Community | improvement | discoveries | Improve the HP SNMP code. |
| Professional | improvement | rules | Various rules have been added when certain items are detected, to assign criticality. |
| Professional | improvement | rules | Rules for detecting but not auditing Windows machines added. |
| Enterprise | bug | widgets | Fix creating a widget. |
Open-AudIT 6.0.2
Released: 2026-01-23
This is an update release to address a few bugs found, improve a few items and just generally tidy up. We recommend you update ASAP.
The discovery code has received attention to make it more robust and withstand non-standard responses from devices.
| Version | Type | Collection | Description |
|---|---|---|---|
| Enterprise | bug | clouds | Fix failing cloud audits. |
| Community | improvement | discoveries | Improve SSH key connection robustness. |
| Community | improvement | discoveries | Ability to filter discovery logs by IP. |
| Community | improvement | all | Update composer packages. |
| Community | improvement | discoveries | Windows Audit PowerShell script — test for DNS before using. Silence connectivity test error when offline. Only use Get-WindowsFeature when on a server. |
| Professional | improvement | vulnerabilities | Enable Vulnerabilities for Professional licenses. |
| Community | improvement | all | Add include flag. If set to 'y' and requesting data using JSON for a read (a single item), include in the JSON response the normal 'include' array of items. |
| Enterprise | bug | benchmarks | JS fix to not throw an error if no devices returned from query on benchmarksCreateForm. |
| Community | bug | devices | In the GUI, when viewing a Windows device, remove the duplicate column for user→status in the table. |
| Enterprise | improvement | racks | When adding a device, if no height is provided, make it 1(ru). |
| Community | improvement | discoveries | Add a critical log if Nmap not detected. |
| Community | improvement | queries | Make queries use server side data in GUI. |
| Community | improvement | locations | Add a query_id column which will populate a button in the GUI to run this query and in addition, supply devices.location_id=$resource->id. |
| Community | improvement | discoveries | Force PowerShell audit to output the file in UTF-8. |
| Community | bug | discoveries | Fix bug retrieving Redhat (and derivatives) and Arch packages in audit script. |
| Community | improvement | discoveries | An FAQ page for Windows discovery issues. |
| Professional | improvement | vulnerabilities | Performance improvement in the GUI. |
Open-AudIT 6.0.1
Released: 2025-12-15
This is a bug fix release for the large 6.0.0 release.
The important bits are:
- Processing an audit result and/or completing a discovery will not trigger a vulnerabilities scan. Once an hour we scan all devices for vulnerabilities from your chosen vendor list. Then once per day we scan all devices for all vulnerabilities. This is scheduled for sometime in the early AM (morning). Check the tasks schedule to determine exactly when (we randomise it).
- Agents now delay for X minutes (settable) before executing and submitting their audit. X minutes means a delay of between 0 and X. By default this is 120 minutes. This reduces load on the server when a large number of agents check-in at the same time.
| Type | Collection | Description |
|---|---|---|
| bug | audit | Fix audit_linux.sh to not create 1 and $hostname-temp files. |
| bug | audit | Better test and set os_family on Debian (was triggered by SNMP but no SSH discovery on a Debian box). |
| improve | audit | set_icon to raspbian, for raspbian OS. |
| bug | tasks | Fix viewing the vulnerabilities all task. |
| bug | vulnerabilities | When VulnerabilitiesModel::includedRead is run, update the device.cve. |
| improve | logs | Create the log file if it doesn't exist when tasks::execute called, before enterprise binary is called. |
| bug | news | Register install with correct URL. |
| improve | discoveries | Improve the CPE creation for HP Laserjets. |
| improve | discoveries | For laserjet devices, decode from Hex-String the firmware version. |
| improve | discoveries | Retrieve the firmware version for HP Laserjets. |
| improve | discoveries | Assign the H or O CPE to the corresponding devices.os_cpe or devices.hw_cpe attribute. |
| bug | baselines policies | On the read template, use the correct id for 'notes' to enable editing. |
| improve | logs | Add an extra line for logs when critical so we can see which file and line the issue occurred. |
| improve | audit | When auditing Windows from the logon screen, add debugging to the arguments. Correctly space the ARP line in the audit script. Output the URL with the other variables in the audit script. |
| improve | audit | Fix logon page to initially populate the audit script type, based upon the User Agent. Add debugging command option to help text for scripts. |
| improve | devices | Remove old and outdated CentOS 5 and 6 example devices. |
| improve | vulnerabilities | Remove vulnerabilitiesModel→executeAll from the end of a discovery and when processing an individual device. |
| improve | discoveries | Improve SSH discovery logon when using sudo. |
| bug | widgets | Fix widget link for Unknown Devices. |
| improve | audit | Retrieve MacOS monitor details. |
| improve | agents | Introduce action_delay into the DB schema for agents. Number of minutes to wait before executing an audit. |
| improve | audit | Fix PowerShell audit to format MAC and IPs for ARP, and output correct syntax for File to be picked up by discovery. |
| improve | vulnerabilities | Execute all vulnerabilities once per day. |
| improve | vulnerabilities | Execute Vendor vulnerabilities hourly. |
| improve | audit | Retrieve snap version (Ubuntu) of a package if snap is on the system and the version contains _snap_ (Firefox does this). |
Open-AudIT 6.0.0
Released: 2025-11-30
Note
Linux SHA256: 9339325282d0d083a608a6921ec57ad72ccc1c882f3613bbeab6ce196b800622
Windows SHA256: 53548738fdc66609484e50b1e1eec96c20d1776e0e317ab662f2fa9de9da8587
This is the one you've all been waiting for. We are introducing quite a few new features, the most compelling of which is vulnerability detection. When a device is audited, during data processing Open-AudIT will compare the installed software to the current CVE listing. You will know — right on the default dashboard — if something has an outstanding vulnerability.
In our experience, 99% of these are rectified by upgrading the affected software to the latest version. But now you'll know just how many affected programs are on your estate.
Warning
Minimum supported Linux distributions have changed. Open-AudIT 6.0.0 requires Debian 12 or 13, Redhat 9 or 10, or Ubuntu 24.04. Windows Server 2025 is now supported as well.
| Version | Type | Collection | Description |
|---|---|---|---|
| Enterprise | New Feature | Vulnerabilities | Vulnerability Detection |
| All | New Feature | News | News Feeds for updates. |
| Enterprise | New Feature | Standards | Standards Reporting (ISO 27001 at the moment). |
| All | Improvement | GUI | Multiple languages now supported. |
| All | Improvement | GUI | Improved HELP in the GUI. |
| Enterprise | New Feature | Certificates | Certificate Management and Reporting. |
| All | Improvement | Devices | Filters for OS and Type on the Devices List page. |
| All | Improvement | Devices | Manufacturers logos shown on the devices list. |
| All | Improvement | Discoveries | Native PowerShell auditing. |
| All | Improvement | Discoveries | Hyper-V guest VM auditing. |
| All | Improvement | Discoveries | Cisco license retrieval. |
| All | Improvement | Discoveries | Redhat license details. |
| All | Improvement | Integrations | Improved NMIS integration. |
| Enterprise | Improvement | Benchmarks | Added Benchmarks (RH10, Ubuntu 24.04). |
| Enterprise | Improvement | Agents | Agents for MacOS and Linux. |
| Enterprise | New Feature | Logging | Log to syslog in Common Event Format for several different events. |
Vulnerabilities
Open-AudIT reaches out to our server and downloads a list of vulnerability definitions. These are used each time device data is processed to return a list of affected items. On our side, we use the CVE feed from NIST, process the data, enrich it, then create a suitable SQL query for your use.
Your Open-AudIT install will require access to the internet. The Vulnerabilities feature can be disabled. The Help icon on the Vulnerabilities list page shows you exactly what data is sent to us — we send only license data, application data (name, version, platform, timezone), logged errors, and counts of device types and feature usage. UUID and Server fields are SHA-256 encoded. No networks, IP addresses, OS versions, or software names are sent.
News Feeds
News feeds let you keep up with various Open-AudIT items such as updated Windows version numbers in queries. Configuration item changes are sent with recommendations as one-click fixes — read the news item, click Enable, and you're done. Like Vulnerabilities, News requires internet access and can be disabled, and sends only non-sensitive data points.
Standards Reporting
FirstWave is ISO 27001 compliant. Standards Reporting brings that workflow into Open-AudIT — review and answer the questions once, then in subsequent years simply revise where required and extract to Excel (click Report in the GUI) for auditors.
New Languages
Open-AudIT now has built-in support for: Albanian, Arabic, Azerbaijani, Bulgarian, Chinese, Czech, Danish, Dutch, English, Esperanto, Estonian, German, Greek, Finnish, French, Irish, Hindi, Hungarian, Indonesian, Italian, Japanese, Korean, Lithuanian, Latvian, Malay, Norwegian, Persian, Portuguese (Brazil), Polish, Portuguese, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish, Thai, Tagalog, Turkish, Ukrainian, Urdu and Vietnamese.
Translations were done via LibreTranslate. If you find anything that needs fixing, email us what is in the GUI, where, and what it should actually say and we'll include the correction and send you an updated translation file.
Certificate Management
Select a certificate found during an audit and mark it to make management (renewal, responsibility, et al) easier — and report on it. A typical use is a monthly report listing certificates expiring in the next 45 days and who needs to renew them.
Discoveries
The largest change is deprecation of the VBScript used to audit Windows. We now use a PowerShell script, which has all the property retrieval of the deprecated VBScript with the exception of local device group policies (to be added in time). We also return Cisco license info using show licenses via SSH, and Redhat subscription details, and audit Hyper-V hosts.
New Icons
We have changed from FontAwesome to Lucide icons. There are more available without a commercial license. We still love FontAwesome though.
Agents
We now have agents for MacOS and Linux. They are simple scripts that check in with the Open-AudIT server each day and (usually) audit and send the details. No remote access required if you don't want to enable it.
Benchmarks
New Benchmark definitions for Redhat 10 and Ubuntu 24.04 have been added.
Syslog in CEF Format
New configuration options to log certain events to syslog (on Linux) using the Common Event Framework format, consumable by Splunk and similar. All disabled by default. A typical CEF entry looks like:
CEF:0|FirstWave|Open-AudIT|6.0.0|5|Access|1|Info|collection=devices action=collection user=admin
Which corresponds to:
Cef:Version | Vendor | Product | Product Version | Event ID | Event | Severity Number | Severity Text | Details
Event IDs are: 1 — New Device, 2 — Component Added, 3 — Vulnerability Detected, 4 — Component Removed, 5 — Access. Events that do not change data are severity 1; events that change data are severity 5.
The available configuration items are feature_syslog_access, feature_syslog_components, feature_syslog_devices and feature_syslog_vulnerabilities.
Open-AudIT 5.6.5 (Linux)
Released: 2025-03-31
Note
Linux SHA256: 9ccc4223d8c2ab1a7aec15372f23537b44e9e620d0d7862adb3caccbbfe80283
Windows: Not released
This is a minor release mostly to address a couple of bugs that appeared for Redhat users.
We also now retrieve arp tables when running a discovery and, if we then find an IP that we don't have a MAC address for, check the arp table records (only against arp tables generated by this discovery).
Various discovery improvements have been included.
| Version | Type | Collection | Description |
|---|---|---|---|
| Community | Improvement | Devices | Implement DIFF for cli_config section if we have a non-current item. |
| Community | Bug | Discoveries | When running on Redhat, use a correct check for $timezone (empty). Prevented the Discovery Support output from working. |
| Community | Improvement | Discoveries | Add processor details for some Ubiquiti devices. |
| Community | Improvement | Discoveries | Add support for retrieving cli_config from Extreme, Fortinet, Juniper, Palo Alto and Ubiquiti devices using SSH. |
| Community | Improvement | Devices | Add a config item for the default sort order on the devicesCollection template. |
| Community | Improvement | GUI | Allow setting a message of the day to be displayed on the logon page. |
| Community | Improvement | Discoveries | Add more OID → models. |
| Community | Improvement | Discoveries | Code to retrieve, parse, store, display and discovery-populate arp table. |
| Community | Improvement | Discoveries | New code for discovery arp and cli_config. Added and improved a few SNMP helpers. |
| Community | Improvement | Devices | Add two new device types (ntu, management console). |
| Community | Improvement | Devices | Add revised (Newaita Reborn) device images. |
| Community | Improvement | Discoveries | SNMP details for Opengear management consoles. |
| Community | Improvement | Discoveries | SNMP details for Extreme EIQ WAP. |
| Enterprise | Improvement | Devices | Cater to a user having no access to locations, but able to read devices. |
| Community | Improvement | Discoveries | Include a hard-coded path when testing for SMBClient on Linux. Mostly for Redhat. |
| Community | Improvement | Networks | Add Orgs Name and Locations Name to the column list for the 'Devices in this Network' button on networksCollection. |
| Professional | Bug | Dashboards | Fix the incorrect variable name so we display a link to Devices on the left sidebar on dashboardsExecute template. |
| Community | Bug | All | Fix response helper to better parse the URL → filter code. Multiple IN and NOTIN in the same URL now parse correctly and work as expected. |
| Community | Bug | Discoveries | Use an array of deleted, retired and lost — only change status to production if we get a device result. |
| Community | Improvement | All | Show a warning banner if we only have read permission for this license, when showing a read template. |
Tip
For older release notes and the complete changelog, visit the Open-AudIT Release Notes page on the Community Wiki.