CERTCC VINCE Versions Save

VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.

v2.1.6

7 months ago

ixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page Dependabot update recommendations: urllib3 1.26.12 to 1.26.18 Fixed bug that obstrcuted case assignment process for VINCETrack users with identical preferred usernames Adjusted code for asynchronous loading on ticket page to ensure it works on all ticket pages, including case request tickets Set up periodic autorefresh feature for VINCE Track ticket page Reformulated misleading UI labels for case transfer request process Resolved Issue by simpifying/correcting search code & disambiguating labels in report views Added AI/ML systems checkbox to public & VINCE Comm vul report form, routing of AI/ML-related tickets

v2.1.5

8 months ago

What's Changed

Assert expected behavior when handling a bounce when all bounced reci… by @qwestduck in https://github.com/CERTCC/VINCE/pull/116
Bump django from 3.2.19 to 3.2.20 by @dependabot in https://github.com/CERTCC/VINCE/pull/117
Bump cryptography from 41.0.0 to 41.0.2 by @dependabot in https://github.com/CERTCC/VINCE/pull/118
Upgrade to version 2.1.3 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/121
Updates to 2.1.4 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/123
VINCE upgrade to 2.1.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/124

New Contributors

@qwestduck made their first contribution in https://github.com/CERTCC/VINCE/pull/116

Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.1.2...v2.1.5

v2.1.2

11 months ago

VinceTrack CaseView,VinceCommUserView updated for Asynchronous calls for tab-based browsing.
Fixed GH Issue #111 PDF Links not working
Updated Vendor approval workflow with time lapse of 2 weeks of no-response from Vendor Admin
Fix bounce issues of creating tickets for dead/disabled users.
Dependabot security recommendations PyPi cryptography 39.0.1 to 41.0.0, requests 2.281 to 2.31.0, django-ses from 3.2.2 to 3.5.0
Fixed vincepubviews multiple choice field Years to be dynamic

v2.1.1

1 year ago

Version 2.1.1 2023-05-02

Security updates fixing a number of dependencies - sqlparse, redis (GHSA-rrm6-wvj7-cwh2,CVE-2023-28859,CVE-2023-28858)
Updates (UAR) workflow for User joining Vendor Group GH Issue #94
INL Code updates to perform Product/Version for CVE records GH PR #104
INL Code updates for PDF download of VulNote GH PR #104
Async requests for VinceTrack Contacts to reduce page wait times
Check for Bounces before sending emails from vince/mailer.py
Add TERMS_URL to ensure Terms & Conditions are flexible
Fix CVSS Translator GH Issue #105
Check for notification-only addresses and provide error on Signup

v2.0.7

1 year ago

Security updates Django to 3.2.18 CVE-2023-24580
Remove python-futures (no longer used) GH Issues #91 #90 (Dependabot)
Support User Approve Request (UAR) new workflow for User joining Vendor Group GH Issue #94
Allow Tracking ID's to be added to Cases when user belongs to multiple groups (CaseTracking) reported by VINCE user.
Move from initial to instance on Form Class inits() to modify existing data in Models/Forms pair
Move more browser UI information to async data requests, less templates.
Remove marquee, command and style tags from supported markdown_helpers lib.vince.markdown_helpers - reported by VINCE user.

What's Changed

Version 2.0.6a by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/89
Bump django from 3.2.17 to 3.2.18 by @dependabot in https://github.com/CERTCC/VINCE/pull/92
License, Copyright fixes and dependabot security updates by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/93
Version 2.0.7 updates and enhancements. by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/95

Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.6...v2.0.7

v2.0.6

1 year ago

Removed Edit Vulnerability button superfluous GHIssue #77
Updates to CVE publish buttons and automatic close of CVE modal on error
Modify CVEAffectedProduct.version_affected vince models.py for CVE5JSON
Bug fix newcomment not new_comment in vince/views.py
Add "Notify anyway" button routine for already notified vendor.

What's Changed

Updates to 2.0.6 related updates by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/81

Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.5...v2.0.6

v2.0.5

1 year ago

Update to CVE2.1 Services Publish using CVE5 JSON
More Async functions for vendor status views
Added more common libraries to lib/vince/utils
Added a mute_lib.py to support mute a Case for a user in automated way
Fixed a number of small bugs in max length in FORM submissions and S3 sensitive filenames

Also includes changes from 2.0.4 2022-12-20

Added Filter to CaseView in VinceComm
Addition of more Async functions for non-interactive queries
Fixing of slow performance on allvendors view to use Django Aggregate and Filter/Q functions
Friendly errors and fixes for logging to add IP address of remote client

What's Changed

Version 2.0.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/80

Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.3...v2.0.5

v2.0.3

1 year ago

Major upgrade to Django 3.2 LTS target end by 2024. Fixes related to Django upgrade in all libraries.
Added new QuerySet Paging library for performance extend chain with chains for QuerySet
Asynchronous calls for most vinny/views via JSON through asyncLoad class
Provide API Views 404 with JSON generic error
Allow Session or API Token authentication to support API access from browser
Provide better HTML text on access/permission violations by User.
Fixes to CVE management API with CVE services 2.1 and CVEJSON5 support
CSAF enchancements including TLP setup. Pending Customer engagement details publishing.
Fix number of logging to include relevant data as part of log message

What's Changed

Version 2.0.3 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/76

Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.6...v2.0.3

v1.50.6

1 year ago

Allow Vendor Association when Ticket is associated with a Case
Adding Download HTML per INL request GH Issue #60
Avoid Alert severity colors to buttons that don't do deletes/sensitive actions - UI feedback.
Show MFA type for users in VinceTrack to support troubleshooting Users
Catch errors on failure to email when a Post is submitted.

What's Changed

Updates to version 1.50.6 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/68

Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.5...v1.50.6

v1.50.5

1 year ago

Updates to settings_.py to match public GitHub
UI tweaks for Loading div, asynchronous search via delaySearch
Add Access-Control-Origin header to CSAF output for Secvisogram
Fix Python Pickle Code Injection vulnerability reported by Rapid7 researcher Marcus Chang CVE-2022-40238
Address reported failure with better error reporting from Encrypt-and-Send
Avoid TimeZone spurious warning errors flooding logs

What's Changed

Version 1.50.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/62

Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.4...v1.50.5