Vulnerablecode Versions Save

What's Changed

• Add weakness in unique content ID in advisories by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1245

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v33.1.0...v33.2.0

This is a major new release

Highlights are:

• We have dropped unresolved_vulnerabilities from /api/package endpoint API response.
• We have added missing quotes for href values in template.
• We have fixed merge functionality of AffectedPackage.

This is a major new release

The highlights are:

• We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
• We added support for CWE.
• We added migrations to remove corrupted advisories as described in https://github.com/nexB/vulnerablecode/issues/1086.
• We added aliases at package level in the API.
• We added support for conan related vulnerabilities.
• We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.
• We fixed Apache HTTPD and Apache Kafka importer.
• We added documentation for version 32.0.0.

What's Changed

• Migrate mozilla importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1043
• Migrate gentoo importer #1055 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1056
• Migrate istio importer #1059 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1058
• Migrate projectkbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1066
• Migrate suse scoring importer #1052 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1050
• Migrate elixir security importer #1060 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1061
• Migrate apache tomcat importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1057
• Add support for CWE by @ziadhany in https://github.com/nexB/vulnerablecode/pull/782
• Add migrations to remove corrupted advisories #1086 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1087
• Prepare for release v32.0.0rc1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1096
• Add migration for adding apache tomcat option in severity scoring by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1097
• Prepare for release v32.0.0rc2 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1098
• Drop safetydb importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1099
• Migrate xen importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1044
• Use for_purl instead of for_package_url in package detail view by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1101
• Add istio improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1103
• Migrate ubuntu usn importer #1051 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1049
• Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1035
• Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1070
• Add apache_httpd improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1102
• Remove redundant API tests #1005 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1091
• Add fireeye vulnerabilities #487 by @ziadhany in https://github.com/nexB/vulnerablecode/pull/795
• use public VulnerableCode instance in VulnTotal by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1075
• Add vulnerability aliases at package level in API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1104
• Modify apache_kafka.py and related tests for migration by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1042
• Prepare for release v32.0.0rc3 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1123
• minor fix: load env for GitHub DataSource by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1118
• Fix github importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1149
• Add valid version improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1138
• Add env variables for throttling by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1140
• Fix kbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1158
• Add support for conan advisories by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1155
• Prepare for release of v32.0.0rc4 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1159
• fix ecosystem mappings and filter out fixed and affected package based on purl.type in VCIO by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1139
• Support query using CVE in VulnTotal by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1160
• Remove excessive network calls from redhat importer #1161 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1162
• Fix Apache kafka and Apache httpd importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1176
• Add documentation for v32.0.0 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1169
• Bump cryptography from 36.0.2 to 39.0.1 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1120
• Update deps according to dependabot PRs by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1183
• Bump django from 4.0.7 to 4.1.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1131
• Bump ipython from 8.0.1 to 8.10.0 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1124
• Prepare for release v32.0.0 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1184

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.1...v32.0.0

This is the fourth release candidate for version 32. The highlights are:

• We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
• We added support for CWE.
• We added migrations to remove corrupted advisories as described in https://github.com/nexB/vulnerablecode/issues/1086.
• We added aliases at package level in the API.
• We added support for conan related vulnerabilities.
• We added valid versions improver to get all versions in a vulnerable range for all ecosystems that we support in vulnerablecode.

What's Changed

• Migrate mozilla importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1043
• Migrate gentoo importer #1055 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1056
• Migrate istio importer #1059 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1058
• Migrate projectkbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1066
• Migrate suse scoring importer #1052 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1050
• Migrate elixir security importer #1060 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1061
• Migrate apache tomcat importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1057
• Add support for CWE by @ziadhany in https://github.com/nexB/vulnerablecode/pull/782
• Add migrations to remove corrupted advisories #1086 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1087
• Prepare for release v32.0.0rc1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1096
• Add migration for adding apache tomcat option in severity scoring by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1097
• Prepare for release v32.0.0rc2 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1098
• Drop safetydb importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1099
• Migrate xen importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1044
• Use for_purl instead of for_package_url in package detail view by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1101
• Add istio improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1103
• Migrate ubuntu usn importer #1051 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1049
• Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1035
• Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1070
• Add apache_httpd improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1102
• Remove redundant API tests #1005 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1091
• Add fireeye vulnerabilities #487 by @ziadhany in https://github.com/nexB/vulnerablecode/pull/795
• use public VulnerableCode instance in VulnTotal by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1075
• Add vulnerability aliases at package level in API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1104
• Modify apache_kafka.py and related tests for migration by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1042
• Prepare for release v32.0.0rc3 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1123
• minor fix: load env for GitHub DataSource by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1118
• Fix github importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1149
• Add valid version improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1138
• Add env variables for throttling by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1140
• Fix kbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1158
• Add support for conan advisories by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1155
• Prepare for release of v32.0.0rc4 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1159

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.1...v32.0.0rc4

This is the third release candidate for version 32. The highlights are:

• We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat, xen, istio, ubuntu usn, apache httpd, fireye, apache kafka security advisories importers.
• We added support for CWE.
• We added migrations to remove corrupted advisories as described in https://github.com/nexB/vulnerablecode/issues/1086.
• We added aliases at package level in the API.

What's Changed

• Migrate mozilla importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1043
• Migrate gentoo importer #1055 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1056
• Migrate istio importer #1059 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1058
• Migrate projectkbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1066
• Migrate suse scoring importer #1052 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1050
• Migrate elixir security importer #1060 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1061
• Migrate apache tomcat importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1057
• Add support for CWE by @ziadhany in https://github.com/nexB/vulnerablecode/pull/782
• Add migrations to remove corrupted advisories #1086 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1087
• Prepare for release v32.0.0rc1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1096
• Add migration for adding apache tomcat option in severity scoring by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1097
• Prepare for release v32.0.0rc2 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1098
• Drop safetydb importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1099
• Migrate xen importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1044
• Use for_purl instead of for_package_url in package detail view by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1101
• Add istio improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1103
• Migrate ubuntu usn importer #1051 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1049
• Bump certifi from 2021.10.8 to 2022.12.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1035
• Bump gitpython from 3.1.27 to 3.1.30 by @dependabot in https://github.com/nexB/vulnerablecode/pull/1070
• Add apache_httpd improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1102
• Remove redundant API tests #1005 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1091
• Add fireeye vulnerabilities #487 by @ziadhany in https://github.com/nexB/vulnerablecode/pull/795
• use public VulnerableCode instance in VulnTotal by @keshav-space in https://github.com/nexB/vulnerablecode/pull/1075
• Add vulnerability aliases at package level in API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1104
• Modify apache_kafka.py and related tests for migration by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1042
• Prepare for release v32.0.0rc3 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1123

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.1...v32.0.0rc3second

This is the second release candidate for version 32. The highlights are:

• We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat security advisories importers.
• We added support for CWE.
• We added migrations to remove corrupted advisories as described in #1086.

What's Changed

• Migrate mozilla importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1043
• Migrate gentoo importer #1055 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1056
• Migrate istio importer #1059 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1058
• Migrate projectkbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1066
• Migrate suse scoring importer #1052 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1050
• Migrate elixir security importer #1060 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1061
• Migrate apache tomcat importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1057
• Add support for CWE by @ziadhany in https://github.com/nexB/vulnerablecode/pull/782
• Add migrations to remove corrupted advisories #1086 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1087
• Prepare for release v32.0.0rc1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1096
• Add migration for adding apache tomcat option in severity scoring by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1097
• Prepare for release v32.0.0rc2 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1098

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.1...v32.0.0rc2

This is the first release candidate for version 32. The highlights are:

• We re-enabled support for the mozilla, gentoo, istio, kbmsr2019, suse score, elixir, apache tomcat security advisories importers.
• We added support for CWE.
• We added migrations to remove corrupted advisories as described in #1086.

What's Changed

• Migrate mozilla importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1043
• Migrate gentoo importer #1055 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1056
• Migrate istio importer #1059 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1058
• Migrate projectkbmsr2019 importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1066
• Migrate suse scoring importer #1052 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1050
• Migrate elixir security importer #1060 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1061
• Migrate apache tomcat importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1057
• Add support for CWE by @ziadhany in https://github.com/nexB/vulnerablecode/pull/782
• Add migrations to remove corrupted advisories #1086 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1087
• Prepare for release v32.0.0rc1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1096

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.1...v32.0.0rc1

What's Changed

• Migrate apache httpd importer#971 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1014
• Support incomplete versions for a valid purl in search by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1065
• Prepare for release v31.1.1 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1073

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.1.0...v31.1.1

What's Changed

• Migrate npm importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/960
• Migrate retiredotnet importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1041
• Link sanity by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/1048
• Handle purl fragments in package search #1032 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1033
• Ingest npm data through github api #1025 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1027
• Prepare for release v31.1.0 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1062

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v31.0.0...v31.1.0

This is a major new release with data changes that are API breaking: The way we store CVSS scores has changed. There is a major new feature with Vulntotal which is like https://www.virustotal.com/ for comparing vulnerability databases. We also re-enabled PostgreSQL advisory imports.

What's Changed

• Add initial config for vulntotal by @keshav-space in https://github.com/nexB/vulnerablecode/pull/777
• Add support for calculating CVSS score from the CVSS vector by @ziadhany in https://github.com/nexB/vulnerablecode/pull/747
• Add Vulntotal CLI by @keshav-space in https://github.com/nexB/vulnerablecode/pull/801
• Add GitHubDataSource by @keshav-space in https://github.com/nexB/vulnerablecode/pull/804
• Add OSS-Index DataSource by @keshav-space in https://github.com/nexB/vulnerablecode/pull/829
• Add Gitlab datasource by @keshav-space in https://github.com/nexB/vulnerablecode/pull/883
• Register available datasources by @keshav-space in https://github.com/nexB/vulnerablecode/pull/901
• Add Vulntotal by @pombredanne in https://github.com/nexB/vulnerablecode/pull/1009
• Migrate postgresql.py by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/985
• Fix the API key request form UI and make it consistent with rest of UI by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1004
• Explicitly state app name in TestMigration by @JonoYang in https://github.com/nexB/vulnerablecode/pull/1012
• Make bulk search fast by @TG1999 in https://github.com/nexB/vulnerablecode/pull/1017

New Contributors

• @JonoYang made their first contribution in https://github.com/nexB/vulnerablecode/pull/1012

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.3.1...v31.0.0