Releases: aboutcode-org/vulnerablecode
Releases · aboutcode-org/vulnerablecode
v33.4.0
What's Changed
- Bump cryptography from 41.0.0 to 41.0.3 by @dependabot in #1254
- Bump pygments from 2.11.2 to 2.15.0 by @dependabot in #1242
- Bump django from 4.1.7 to 4.1.10 by @dependabot in #1227
- Bump certifi from 2022.12.7 to 2023.7.22 by @dependabot in #1248
- Bump sqlparse from 0.4.2 to 0.4.4 by @dependabot in #1185
- Bump requests from 2.27.1 to 2.31.0 by @dependabot in #1202
- Add venv activation by @Hritik14 in #1259
- Add importer specific improver by @TG1999 in #1277
Full Changelog: v33.3.0...v33.4.0
Contributors
Hritik14, dependabot, and TG1999
Assets 4
v33.3.0
v33.2.0
What's Changed
Full Changelog: v33.1.0...v33.2.0
Contributors
TG1999
Assets 5
v33.1.0
v33.0.0
This is a major new release
Highlights are:
- We have dropped unresolved_vulnerabilities from /api/package endpoint API response.
- We have added missing quotes for href values in template.
- We have fixed merge functionality of AffectedPackage.
v32.0.1
v32.0.0
This is a major new release
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
- We added support for conan related vulnerabilities.
- We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.
- We fixed Apache HTTPD and Apache Kafka importer.
- We added documentation for version 32.0.0.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
- minor fix: load env for GitHub DataSource by @keshav-space in #1118
- Fix github importer by @TG1999 in #1149
- Add valid version improver by @TG1999 in #1138
- Add env variables for throttling by @TG1999 in #1140
- Fix kbmsr2019 importer by @TG1999 in #1158
- Add support for conan advisories by @TG1999 in #1155
- Prepare for release of v32.0.0rc4 by @TG1999 in #1159
- fix ecosystem mappings and filter out fixed and affected package based on purl.type in VCIO by @keshav-space in #1139
- Support query using CVE in VulnTotal by @keshav-space in #1160
- Remove excessive network calls from redhat importer #1161 by @TG1999 in #1162
- Fix Apache kafka and Apache httpd importer by @TG1999 in #1176
- Add documentation for v32.0.0 by @TG1999 in #1169
- Bump cryptography from 36.0.2 to 39.0.1 by @dependabot in #1120
- Update deps according to dependabot PRs by @TG1999 in #1183
- Bump django from 4.0.7 to 4.1.7 by @dependabot in #1131
- Bump ipython from 8.0.1 to 8.10.0 by @dependabot in #1124
- Prepare for release v32.0.0 by @TG1999 in #1184
Full Changelog: v31.1.1...v32.0.0
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc4
This is the fourth release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
- We added support for conan related vulnerabilities.
- We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
- minor fix: load env for GitHub DataSource by @keshav-space in #1118
- Fix github importer by @TG1999 in #1149
- Add valid version improver by @TG1999 in #1138
- Add env variables for throttling by @TG1999 in #1140
- Fix kbmsr2019 importer by @TG1999 in #1158
- Add support for conan advisories by @TG1999 in #1155
- Prepare for release of v32.0.0rc4 by @TG1999 in #1159
Full Changelog: v31.1.1...v32.0.0rc4
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc3
This is the third release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
- We added aliases at package level in the API.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
- Drop safetydb importer by @TG1999 in #1099
- Migrate xen importer by @TG1999 in #1044
- Use for_purl instead of for_package_url in package detail view by @TG1999 in #1101
- Add istio improver by @TG1999 in #1103
- Migrate ubuntu usn importer #1051 by @TG1999 in #1049
- Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in #1035
- Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in #1070
- Add apache_httpd improver by @TG1999 in #1102
- Remove redundant API tests #1005 by @TG1999 in #1091
- Add fireeye vulnerabilities #487 by @ziadhany in #795
- use public VulnerableCode instance in VulnTotal by @keshav-space in #1075
- Add vulnerability aliases at package level in API by @TG1999 in #1104
- Modify apache_kafka.py and related tests for migration by @johnmhoran in #1042
- Prepare for release v32.0.0rc3 by @TG1999 in #1123
Full Changelog: v31.1.1...v32.0.0rc3second
Contributors
johnmhoran, dependabot, and 3 other contributors
Assets 4
v32.0.0rc2
This is the second release candidate for version 32.
The highlights are:
- We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat security advisories importers.
- We added support for CWE.
- We added migrations to remove corrupted advisories as described in #1086.
What's Changed
- Migrate mozilla importer by @TG1999 in #1043
- Migrate gentoo importer #1055 by @TG1999 in #1056
- Migrate istio importer #1059 by @TG1999 in #1058
- Migrate projectkbmsr2019 importer by @TG1999 in #1066
- Migrate suse scoring importer #1052 by @TG1999 in #1050
- Migrate elixir security importer #1060 by @TG1999 in #1061
- Migrate apache tomcat importer by @johnmhoran in #1057
- Add support for CWE by @ziadhany in #782
- Add migrations to remove corrupted advisories #1086 by @TG1999 in #1087
- Prepare for release v32.0.0rc1 by @TG1999 in #1096
- Add migration for adding apache tomcat option in severity scoring by @TG1999 in #1097
- Prepare for release v32.0.0rc2 by @TG1999 in #1098
Full Changelog: v31.1.1...v32.0.0rc2
Contributors
johnmhoran, ziadhany, and TG1999