Releases: nexB/vulnerablecode
Releases · nexB/vulnerablecode
v33.2.0
v33.0.0
This is a major new release
Highlights are:
- We have dropped unresolved_vulnerabilities from /api/package endpoint API response.
- We have added missing quotes for href values in template.
- We have fixed merge functionality of AffectedPackage.
v32.0.0
This is a major new release
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
- We added support for conan related vulnerabilities.
- We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.
- We fixed Apache HTTPD and Apache Kafka importer.
- We added documentation for version 32.0.0.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
- minor fix: load env for GitHub DataSource by @keshav-space in #1118
- Fix github importer by @TG1999 in #1149
- Add valid version improver by @TG1999 in #1138
- Add env variables for throttling by @TG1999 in #1140
- Fix kbmsr2019 importer by @TG1999 in #1158
- Add support for conan advisories by @TG1999 in #1155
- Prepare for release of v32.0.0rc4 by @TG1999 in #1159
- fix ecosystem mappings and filter out fixed and affected package based on purl.type in VCIO by @keshav-space in #1139
- Support query using CVE in VulnTotal by @keshav-space in #1160
- Remove excessive network calls from redhat importer #1161 by @TG1999 in #1162
- Fix Apache kafka and Apache httpd importer by @TG1999 in #1176
- Add documentation for v32.0.0 by @TG1999 in #1169
- Bump cryptography from 36.0.2 to 39.0.1 by @dependabot in #1120
- Update deps according to dependabot PRs by @TG1999 in #1183
- Bump django from 4.0.7 to 4.1.7 by @dependabot in #1131
- Bump ipython from 8.0.1 to 8.10.0 by @dependabot in #1124
- Prepare for release v32.0.0 by @TG1999 in #1184
Full Changelog: v31.1.1...v32.0.0
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc4
This is the fourth release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
- We added support for conan related vulnerabilities.
- We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
- minor fix: load env for GitHub DataSource by @keshav-space in #1118
- Fix github importer by @TG1999 in #1149
- Add valid version improver by @TG1999 in #1138
- Add env variables for throttling by @TG1999 in #1140
- Fix kbmsr2019 importer by @TG1999 in #1158
- Add support for conan advisories by @TG1999 in #1155
- Prepare for release of v32.0.0rc4 by @TG1999 in #1159
Full Changelog: v31.1.1...v32.0.0rc4
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc3
This is the third release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
Full Changelog: v31.1.1...v32.0.0rc3second
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc2
This is the second release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
Full Changelog: v31.1.1...v32.0.0rc2
Contributors
johnmhoran, ziadhany, and TG1999
Assets 4
v32.0.0rc1
This is the first release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
Full Changelog: v31.1.1...v32.0.0rc1
Contributors
johnmhoran, ziadhany, and TG1999
Assets 4
v31.1.1
What's Changed
- Migrate apache httpd importer#971 by @johnmhoran in #1014
- Support incomplete versions for a valid purl in search by @TG1999 in #1065
- Prepare for release v31.1.1 by @TG1999 in #1073
Full Changelog: v31.1.0...v31.1.1
Contributors
johnmhoran and TG1999
Assets 4
v31.1.0
What's Changed
- Migrate npm importer by @TG1999 in #960
- Migrate retiredotnet importer by @TG1999 in #1041
- Link sanity by @Hritik14 in #1048
- Handle purl fragments in package search #1032 by @TG1999 in #1033
- Ingest npm data through github api #1025 by @TG1999 in #1027
- Prepare for release v31.1.0 by @TG1999 in #1062
Full Changelog: v31.0.0...v31.1.0
Contributors
Hritik14 and TG1999
Assets 4
v31.0.0
This is a major new release with data changes that are API breaking: The way we store CVSS scores has changed.
There is a major new feature with Vulntotal which is like https://www.virustotal.com/ for comparing vulnerability databases. We also re-enabled PostgreSQL advisory imports.
What's Changed
- Add initial config for vulntotal by @keshav-space in #777
- Add support for calculating CVSS score from the CVSS vector by @ziadhany in #747
- Add Vulntotal CLI by @keshav-space in #801
- Add GitHubDataSource by @keshav-space in #804
- Add OSS-Index DataSource by @keshav-space in #829
- Add Gitlab datasource by @keshav-space in #883
- Register available datasources by @keshav-space in #901
- Add Vulntotal by @pombredanne in #1009
- Migrate postgresql.py by @johnmhoran in #985
- Fix the API key request form UI and make it consistent with rest of UI by @TG1999 in #1004
- Explicitly state app name in TestMigration by @JonoYang in #1012
- Make bulk search fast by @TG1999 in #1017
New Contributors
Full Changelog: v30.3.1...v31.0.0
Contributors
pombredanne, JonoYang, and 4 other contributors