This message starts to come up a few days ago:
Version of installed component: 21.4.3 (Installed component: openvas-libraries on OpenVAS <= 9, openvas-scanner on GVM >= 10) Latest available openvas-scanner version: 21.4.4 Reference URL(s) for the latest available version: GVM 21.04 (stable, initial release 2021-04-16)
I think 21.x.x is new enough !?
This message / report is absolutely valid. Some reasons why the version (even for minor releases of the scan engine) should be kept up to date have been given in the past here:
And as there are e.g. even extensions on the scanner side in minor release jumps like from 21.4.2 to 21.4.3 on which VTs rely to report / detect vulnerabilities it is important to keep the scanner engine up to date.
Thanks for your fast reply.
I understand. But is this really a priority 10 ?
We will update as soon as possible.
The priority of 10 is a default and currently used because there is no other means of user notification for such outdated versions available within GVM.
If you like you can also set a lower/custom severity or even set it to 0.0 like mentioned in the VT description:
If you want to accept the risk of a possible decreased scan coverage or missing detection of vulnerabilities on the target you can set a global override for this script as described in the linked GSM manual.
with the reference to:
I understand the idea.
I will discuss internally if disabling is an option …
Thanks for your help!
Normally you should update the tool chain, otherwise you risk false negatives.
Of course we will update the tool chain, but the pressure a 10.0 rating creates is fairly hard. But to be honest I have no better idea
Thanks for the good work and keep on.