Vulnerability Static Analysis for Containers
Highlights:
rhcc, rhel: support compression of sideband data
datastore: add "delta" update interface
java: size buffers correctly before use
postgres: remove internal timeouts
integration: make PGVERSION
a pattern
Additionally, the version used is now read from the distributed manifest, rather than hard-coded versions. Other than occasional network calls to fetch this manifest, users shouldn't notice any difference.
alpine: add edge support
rpm: support PGP V4 signatures
jsonblob: add a disk buffering step
This makes the API trickier but given that there's a single (known and intended) user, this should be fine.
tarfs: check a potential interger overflow
The possibility of exploiting this is effectively 0, as it would require more bytes to represent a sufficiently large integer than is available in the tar header.
See also: https://github.com/quay/claircore/security/code-scanning/5
gobin: take into account package replacements
all: purge http.DefaultClient
usage
This change breaks some API in exchange for unifying the *http.Client
handling. The practical upshot is that it's much easier to control the
network contact surface.
all: share single FS implementation
This change should improve memory usage.
libindex: move to O_TMPFILE fetcher
admin: add pre v4.7.3 admin command to create index
contrib: add grafana dashboards for deletion metrics
docs: add dropins to prose documentation
admin
subcommandcmd.LoadConfig
cmd.LoadConfig
go get
commandset-output
clairctl
binariesrequest_id
to logsdocker-compose
version