Vulnerablecode Versions Save

This is a minor bug fix release.

• We enabled proper CSRF configuration for deployments
• We improved the content of API key request emails

What's Changed

• Fix csrf by @pombredanne in https://github.com/nexB/vulnerablecode/pull/998

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.3.0...v30.3.1

This is a feature update release including minor bug fixes and the introduction of API keys and API throttling.

What's Changed

• Enable throttling by @TG1999 in https://github.com/nexB/vulnerablecode/pull/988
• Override throttle rate for each endpoint by @TG1999 in https://github.com/nexB/vulnerablecode/pull/993
• Add API authentication, key request and documentation by @pombredanne in https://github.com/nexB/vulnerablecode/pull/987
• Improve NVD handling and more by @pombredanne in https://github.com/nexB/vulnerablecode/pull/997

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.2.1...v30.3.0

This is a critical bug fix release including features updates.

• We fixed critical performance issues that made the web UI unusable. This include removing some less interesting redundant details displayed in the web UI for vulnerabilities.
• We made minor documentation updates.
• We re-enabled support for Arch linux, Debian, and Ubuntu security advisories importers
• We added a new improver for Oval data sources
• We improved Alpine linux and Gitlab security advisories importers

The summary of performance improvements include these fixes:

• Cascade queries from exact to approximate searches to avoid full table scans in all cases. This is a band-aid for now. The proper solution will likely require using full text search instead.
• Avoid iceberg queries with "prefetch related" to limit the number of queries that are needed in the UI
• Do not recreate querysets from scratch but instead allow these to be chained for simpler and correct code.
• Remove extra details from the vulnerability pacge: each package was further listing its related vulnerabilities creating an iceberg query.
• Enable the django-debug-toolbar with a setting to easily profile queries on demand by setting both VULNERABLECODE_DEBUG and VULNERABLECODE_DEBUG_TOOLBAR enviroment variables.

What's Changed

• Refactor Gitimporter using fetchcode by @ziadhany in https://github.com/nexB/vulnerablecode/pull/817
• test redhat importer performance by profiling by @ziadhany in https://github.com/nexB/vulnerablecode/pull/843
• Migrate archlinux importer by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/935
• Fix gitlab importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/959
• Migrate debian-oval and ubuntu importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/740
• Make search for vulnerabilities faster by @pombredanne in https://github.com/nexB/vulnerablecode/pull/955
• Update RTD overview by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/964
• Prepare release 30.2.0 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/968

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.1.1...v30.2.0

What's Changed

• Add API link/info to navbar by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/948
• Prepare release 30.1.1 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/951

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.1.0...v30.1.1

What's Changed

• Add a PyPa importer, organize the code using a shared osv.py by @ziadhany in https://github.com/nexB/vulnerablecode/pull/780
• Merge Release 30.0.0 branch in main by @pombredanne in https://github.com/nexB/vulnerablecode/pull/934
• Add API endpoint to get all vulnerable packages #929 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/932
• Prepare for v30.1.0 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/938

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.0.0...v30.1.0

Version v30.0.0

This is a major version that is not backward compatible.

• We refactored the core processing with Importers that import data and Improvers that transform imported data and convert that in Vulnerabilities and Packages. Improvers can also improve and refine imported and existing data as well as enrich data using external data sources. The migration to this new architecture is under way and not all importers are available.

  Because of these extensive changes, it is not possible to migrate existing imported data to the new schema. You will need instead to restart imports from an empty database or access the new public.vulnerablecode.io live instance. We also provide a database dump.

• You can track the progress of this refactoring in this issue: https://github.com/nexB/vulnerablecode/issues/597

• We added new data sources including PYSEC, GitHub and GitLab.

• We improved the documentation including adding development examples for importers and improvers.

• We removed the ability to edit relationships from the UI. The UI is now read-only.

• We replace the web UI with a brand new UI based on the same overall look and feel as ScanCode.io.

• We added support for NixOS as a Linux deployment target.

• The aliases of a vulnerabily are reported in the API vulnerabilities/ endpoint

• There are breaking Changes at API level with changes in the data structure:

  • in the /api/vulnerabilities/ endpoint:

    • Rename resolved_packages to fixed_packages
    • Rename unresolved_packages to affected_packages
    • Rename url to reference_url in the reference list
    • Add is_vulnerable property in fixed and affected_packages.

  • in the /api/packages/ endpoint:

    • Rename unresolved_vulnerabilities to affected_by_vulnerabilities
    • Rename resolved_vulnerabilities to fixing_vulnerabilities
    • Rename url to reference_url in the reference list
    • Add new attribute is_resolved
    • Add namespace filter

• We have provided backward compatibility for url and unresolved_vulnerabilities for now. These will be removed in the next major version and should be considered as deprecated.

• There is a new experimental cpe/ API endpoint to lookup for vulnerabilities by CPE and another aliases/ endpoint to lookup for vulnerabilities by aliases. These two endpoints will be replaced by query parameters on the main vulnerabilities/ endpoint when stabilized.

• Added filters for vulnerabilities endpoint to get fixed packages in accordance to the details given in filters: For example, when you call the endpoint this way /api/vulnerabilities?type=pypi&namespace=foo&name=bar, you will receive only fixed versioned purls of the type pypi, namespace foo and name bar.

• Package endpoint will give fixed packages of only those that matches type, name, namespace, subpath and qualifiers of the package queried.

• Paginated initial listings to display a small number of records and provided page per size with a maximum limit of 100 records per page.

• Add fixed packages in vulnerabilities details in packages endpoint.

• Add bulk search support for CPEs.

• Add authentication for REST API endpoint. The autentication is disabled by default and can be enabled using the VULNERABLECODEIO_REQUIRE_AUTHENTICATION settings. When enabled, users have to authenticate using their API Key in the REST API. Users can be created using the Django "createsuperuser" management command.

• The data license is now CC-BY-SA-4.0 as this is the highest common denominator license among all the data sources we collect and aggregate.

Other:

• We dropped calver to use a plain semver.
• We adopted vers and the new univers library to handle version ranges.

What's Changed

• Improve error handling and other misc. updates by @pombredanne in https://github.com/nexB/vulnerablecode/pull/267
• Fixed the spelling mistakes and grammatical errors by @Abhigyankrsingh in https://github.com/nexB/vulnerablecode/pull/269
• Add Apache HTTPD advisory importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/261
• Add kaybee statement importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/263
• Use packageurl version 0.9.3 and Add nginx importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/264
• Add postgresql importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/265
• Use skeleton project structure by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/274
• Added faq section by @tushar912 in https://github.com/nexB/vulnerablecode/pull/283
• Update docs by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/271
• Adapt rust importer to new advisory format by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/281
• Use GH action instead travis for CI. by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/295
• Add SOURCES.rst to document data sources being used by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/298
• Cleanup codebase and fix minor bugs and other improvements by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/278
• Import apache tomcat by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/292
• Improve GitHub importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/291
• Stop debian importer from collecting temp vulnerabilities by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/285
• Add tests for nginx and postgres importers by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/301
• Elixir Security Importer by @tushar912 in https://github.com/nexB/vulnerablecode/pull/294
• Bump lxml from 4.3.3 to 4.6.2 by @dependabot in https://github.com/nexB/vulnerablecode/pull/306
• Verbose name plural for 'PackageRelatedVulnerability' by @Shivam-316 in https://github.com/nexB/vulnerablecode/pull/309
• Use drf-spectacular instead of drf-yasg for API docs by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/310
• Add endpoints for bulk requesting vulnerabilities and packages by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/303
• Don't allow null values for qualifiers by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/313
• Add nix support by @rolfschr in https://github.com/nexB/vulnerablecode/pull/275
• Fix package result count in web ui by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/329
• Collect references from github importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/331
• Add django admin functionality for searching and filtering objects by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/330
• Add message when no vulnerabilities are found for a vuln_id by @tushar912 in https://github.com/nexB/vulnerablecode/pull/337
• Change Alpine data source to use new source by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/339
• Store severity scores by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/290
• Improve UI by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/335
• Fix regex in schema validator in alpine importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/347
• Improve docs by @pombredanne in https://github.com/nexB/vulnerablecode/pull/316
• Collect kafka cves by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/342
• Make trailing slash optional in apis by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/350
• Update Nix deps to incorporate latest Python packages by @rolfschr in https://github.com/nexB/vulnerablecode/pull/352
• Disable schema validation for alpine linux to fix nix test by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/353
• Collect suse scores by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/354
• Collect archlinux severity scores by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/355
• Handle vulnerabilities which don't have any vulnerability ids by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/259
• Collect ghsa severity by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/358
• Use case insensitive inexact lookups for search views by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/360
• Make RedHat CVE import more robust by @pombredanne in https://github.com/nexB/vulnerablecode/pull/319
• Refactor codebase and tests to treat Advisory class mutable by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/363
• Improve Ubuntu OVAL importer by @pombredanne in https://github.com/nexB/vulnerablecode/pull/322
• Bump aiohttp from 3.6.2 to 3.7.4 by @dependabot in https://github.com/nexB/vulnerablecode/pull/364
• Update nix deps by @rolfschr in https://github.com/nexB/vulnerablecode/pull/367
• UI compress vuln view by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/368
• Update pypi deps db to 2021-03-06. by @rolfschr in https://github.com/nexB/vulnerablecode/pull/370
• Update README.rst by @InLaw in https://github.com/nexB/vulnerablecode/pull/371
• Send severity data along with vulnerability in bulk api by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/369
• Use a more specific url for cvss qualitative severity system. by @tushar912 in https://github.com/nexB/vulnerablecode/pull/373
• Add istio importer and tests by @tushar912 in https://github.com/nexB/vulnerablecode/pull/336
• [Refactor] Rename vuln_references to references by @imnitishng in https://github.com/nexB/vulnerablecode/pull/377
• Explicity provide lxml parser to beautifulsoup by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/382
• Correct API docs path and fix pytest invocation by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/379
• Sanity Checks for redhat import response by @savish28 in https://github.com/nexB/vulnerablecode/pull/387
• Make sure vulnerability id is_cve or is_vulcoid by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/389
• Fix various importer errors by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/378
• Bump pyyaml from 5.3.1 to 5.4 by @dependabot in https://github.com/nexB/vulnerablecode/pull/401
• Bump djangorestframework from 3.11.0 to 3.11.2 by @dependabot in https://github.com/nexB/vulnerablecode/pull/392
• Add me to AUTHORS by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/405
• Bump pygments from 2.6.1 to 2.7.4 by @dependabot in https://github.com/nexB/vulnerablecode/pull/414
• Fix istio by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/395
• Update nix deps. by @rolfschr in https://github.com/nexB/vulnerablecode/pull/406
• enable aiohttp client to trust environement for proxy by @tardyp in https://github.com/nexB/vulnerablecode/pull/411
• import: continue upon failure by @tardyp in https://github.com/nexB/vulnerablecode/pull/412
• Misc fixes for deploying vulnerablecode on a container platform by @tardyp in https://github.com/nexB/vulnerablecode/pull/413
• enable configuration of allowed host by @tardyp in https://github.com/nexB/vulnerablecode/pull/404
• Bump lxml from 4.6.2 to 4.6.3 by @dependabot in https://github.com/nexB/vulnerablecode/pull/402
• Fix redhat import failure by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/418
• Add unspecified scoring system by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/415
• Add tests to check upstream data by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/365
• Resolves #399: Rectify invalid id in msr2019 by @Pushpit07 in https://github.com/nexB/vulnerablecode/pull/428
• Fixes #312 : Added solution for ModuleNotFoundError by @Pushpit07 in https://github.com/nexB/vulnerablecode/pull/427
• remove duplicate import in importers by @sify21 in https://github.com/nexB/vulnerablecode/pull/430
• Drop dephell specifier by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/421
• Bump django from 3.0.13 to 3.0.14 by @dependabot in https://github.com/nexB/vulnerablecode/pull/435
• Fix ubuntu_usn importer for invalid CVE by @AmitGupta7580 in https://github.com/nexB/vulnerablecode/pull/432
• Fix nix Github workflow by @rolfschr in https://github.com/nexB/vulnerablecode/pull/444
• expose find_all_cve helper by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/439
• Add patched package by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/436
• add blank=True to fields of Vulnerability and Package by @sify21 in https://github.com/nexB/vulnerablecode/pull/433
• Switch data_source dependency to GitPython by @tardyp in https://github.com/nexB/vulnerablecode/pull/409
• Resolves #380: Added severity in the view at http://127.0.0.1:8000/vulnerabilities/<… by @Pushpit07 in https://github.com/nexB/vulnerablecode/pull/390
• Add a management command for creating cpe2purl mapping by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/450
• Update Apache_httpd importer from XML to JSON Advisory by @AmitGupta7580 in https://github.com/nexB/vulnerablecode/pull/425
• Reduce queries in UI by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/453
• Dump yaml in favor of saneyaml by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/452
• Improve actions time by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/459
• Add support for setting Postgres port via env var by @kipz in https://github.com/nexB/vulnerablecode/pull/471
• Improve import time by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/478
• Add summary in bulk api by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/479
• Remove old code and organize deps by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/480
• helper: split_markdown_front_matter by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/443
• Ignore legacy pypi package versions in github importer by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/491
• Time travel to the date of advisory publish time when importing by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/467
• Refactor package_managers by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/495
• Speed up upstream tests by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/490
• Importers bugfix [nginx, debian_oval, ubuntu] by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/505
• Improve Docker configuration by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/497
• Add docker docs by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/521
• Use svn to collects tags in GitHubTagsAPI by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/508
• Make upstream tests use makefile by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/523
• Make docs RTD compatible by @AyanSinhaMahapatra in https://github.com/nexB/vulnerablecode/pull/527
• Gsoc report by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/529
• Fix GitHub CI badge by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/539
• Ensure Debian test are passing by @pombredanne in https://github.com/nexB/vulnerablecode/pull/538
• Fixed the broken Docker Installation Link by @Lawful2002 in https://github.com/nexB/vulnerablecode/pull/548
• Stop using drf-spectacular by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/542
• Fix several problems with the nix setup. by @rolfschr in https://github.com/nexB/vulnerablecode/pull/546
• DebianVersionAPI: automatic support for proxy by @tardyp in https://github.com/nexB/vulnerablecode/pull/558
• use github api to find github releases by @tardyp in https://github.com/nexB/vulnerablecode/pull/555
• Docker: set STATIC_ROOT to /var/vulnerablecode/static/ by @vbisserie in https://github.com/nexB/vulnerablecode/pull/569
• Fix istio importer by skipping UI metadata files. by @sbs2001 in https://github.com/nexB/vulnerablecode/pull/570
• Fix deprecated Django API by @yilmi in https://github.com/nexB/vulnerablecode/pull/592
• Separate import and improve operations by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/525
• Correct notes for cvssv3.1_qr by @keshav-space in https://github.com/nexB/vulnerablecode/pull/599
• Dump importer_yielder in favor of IMPORTER_REGISTRY and drop Etags by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/600
• Collect Mozilla by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/393
• Collect Mattermost by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/397
• Collect xen by @Pushpit07 in https://github.com/nexB/vulnerablecode/pull/464
• Sort imports by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/476
• validation for page_no and fix presentation url . by @ziadhany in https://github.com/nexB/vulnerablecode/pull/618
• Collect go vulnerabilities from github api by @sify21 in https://github.com/nexB/vulnerablecode/pull/578
• Initial Documentation by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/624
• Fix nix setup by @rolfschr in https://github.com/nexB/vulnerablecode/pull/635
• Improve RTD documentation by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/631
• Make sure fixed purl is optional in Inference by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/639
• migrate current alpine importer to alpine importer-improver model by @TG1999 in https://github.com/nexB/vulnerablecode/pull/623
• Migrate github importer to importer improver model by @TG1999 in https://github.com/nexB/vulnerablecode/pull/642
• Work around PosgreSQL index issue by @TG1999 in https://github.com/nexB/vulnerablecode/pull/653
• Fix github improver by @TG1999 in https://github.com/nexB/vulnerablecode/pull/663
• Fix API crash due to model changes by @TG1999 in https://github.com/nexB/vulnerablecode/pull/669
• Add tests for checking the API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/671
• Fix improver framework not accepting severities by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/684
• Migrate nvd importer to importer-improver model by @TG1999 in https://github.com/nexB/vulnerablecode/pull/664
• Improve test run by @pombredanne in https://github.com/nexB/vulnerablecode/pull/687
• Enable deployment by @pombredanne in https://github.com/nexB/vulnerablecode/pull/677
• Migrate OpenSSL importer to importer-improver model by @keshav-space in https://github.com/nexB/vulnerablecode/pull/690
• Add example importer and improver by @Hritik14 in https://github.com/nexB/vulnerablecode/pull/672
• Fix typing error by @TG1999 in https://github.com/nexB/vulnerablecode/pull/696
• Add nginx tests and other related improvements by @pombredanne in https://github.com/nexB/vulnerablecode/pull/691
• Remove null from string based fields by @TG1999 in https://github.com/nexB/vulnerablecode/pull/699
• Allow default improver to improve without affected packages by @TG1999 in https://github.com/nexB/vulnerablecode/pull/693
• Update command-line-interface.rst by @aydinnyunus in https://github.com/nexB/vulnerablecode/pull/703
• Amend to_dict function for inferences by @TG1999 in https://github.com/nexB/vulnerablecode/pull/702
• Bump django from 4.0.3 to 4.0.4 by @dependabot in https://github.com/nexB/vulnerablecode/pull/709
• Lookup Vulnerabilities by CPE by @TG1999 in https://github.com/nexB/vulnerablecode/pull/667
• test openssl improve and import by @keshav-space in https://github.com/nexB/vulnerablecode/pull/710
• Fix UI by @TG1999 in https://github.com/nexB/vulnerablecode/pull/700
• Fix typos in CHANGELOG by @keshav-space in https://github.com/nexB/vulnerablecode/pull/724
• https://github.com/nexB/vulnerablecode/issues/725 by @markrouz in https://github.com/nexB/vulnerablecode/pull/726
• Migrate redhat importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/719
• Add PyPI OSV by @ziadhany in https://github.com/nexB/vulnerablecode/pull/632
• Migrate debian importer to importer-improver model by @TG1999 in https://github.com/nexB/vulnerablecode/pull/723
• Update debian NOTICE by @TG1999 in https://github.com/nexB/vulnerablecode/pull/734
• Fix pysec importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/739
• Fix severity model by @TG1999 in https://github.com/nexB/vulnerablecode/pull/731
• Add gitlab importer by @TG1999 in https://github.com/nexB/vulnerablecode/pull/662
• Add firstPatchedVersion in github API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/748
• Put network calls in try/except block by @TG1999 in https://github.com/nexB/vulnerablecode/pull/757
• doc: Adviory -> Advisory by @armijnhemel in https://github.com/nexB/vulnerablecode/pull/762
• Search from alias in UI by @TG1999 in https://github.com/nexB/vulnerablecode/pull/765
• Add search in API via alias by @TG1999 in https://github.com/nexB/vulnerablecode/pull/766
• Add changelog by @TG1999 in https://github.com/nexB/vulnerablecode/pull/773
• Prepare release by @pombredanne in https://github.com/nexB/vulnerablecode/pull/776
• Add backward compatibility for url and unresolved_vulnerabilities by @TG1999 in https://github.com/nexB/vulnerablecode/pull/779
• Add URLs to CPEs by @TG1999 in https://github.com/nexB/vulnerablecode/pull/785
• Add fixed packages in packages endpoint by @TG1999 in https://github.com/nexB/vulnerablecode/pull/784
• Bump lxml from 4.8.0 to 4.9.1 by @dependabot in https://github.com/nexB/vulnerablecode/pull/794
• Bump django from 4.0.4 to 4.0.6 by @dependabot in https://github.com/nexB/vulnerablecode/pull/793
• Prepare Release 30.0.0rc2 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/797
• Delete references to CPEs with empty URLs #818 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/827
• Paginate initial listings to display a small number of or records by @TG1999 in https://github.com/nexB/vulnerablecode/pull/830
• Add fixed packages in vulnerabilities details in packages endpoint. by @TG1999 in https://github.com/nexB/vulnerablecode/pull/831
• Bump django from 4.0.6 to 4.0.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/840
• Add bulk search support for CPEs #808 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/844
• Add authentication by @TG1999 in https://github.com/nexB/vulnerablecode/pull/848
• Fix typos in API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/853
• Add is_vulnerable property in fixed and affected_packages by @TG1999 in https://github.com/nexB/vulnerablecode/pull/869
• Add namespace filter in packages api by @TG1999 in https://github.com/nexB/vulnerablecode/pull/893
• Improve web user interface #798 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/847
• Modernize UI #798 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/813
• Implement initial set of RTD updates #885 #886 #887 #888 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/890
• Allow case insensitive search for VCIDs #875 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/898
• Make URLs mandatory for references #891 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/899
• Improve UI by @pombredanne in https://github.com/nexB/vulnerablecode/pull/894
• Migrate from VULCOID to VCID #811 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/896
• Prepare release 30 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/909
• Prepare v30.rc6 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/914
• Fix UI wrap issue in Reference table #916 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/919
• Bump package-url version #918 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/921
• Add TOS and API key contact info by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/933

New Contributors

• @pombredanne made their first contribution in https://github.com/nexB/vulnerablecode/pull/267
• @Abhigyankrsingh made their first contribution in https://github.com/nexB/vulnerablecode/pull/269
• @tushar912 made their first contribution in https://github.com/nexB/vulnerablecode/pull/283
• @Shivam-316 made their first contribution in https://github.com/nexB/vulnerablecode/pull/309
• @rolfschr made their first contribution in https://github.com/nexB/vulnerablecode/pull/275
• @InLaw made their first contribution in https://github.com/nexB/vulnerablecode/pull/371
• @imnitishng made their first contribution in https://github.com/nexB/vulnerablecode/pull/377
• @Hritik14 made their first contribution in https://github.com/nexB/vulnerablecode/pull/382
• @savish28 made their first contribution in https://github.com/nexB/vulnerablecode/pull/387
• @tardyp made their first contribution in https://github.com/nexB/vulnerablecode/pull/411
• @Pushpit07 made their first contribution in https://github.com/nexB/vulnerablecode/pull/428
• @sify21 made their first contribution in https://github.com/nexB/vulnerablecode/pull/430
• @AmitGupta7580 made their first contribution in https://github.com/nexB/vulnerablecode/pull/432
• @kipz made their first contribution in https://github.com/nexB/vulnerablecode/pull/471
• @AyanSinhaMahapatra made their first contribution in https://github.com/nexB/vulnerablecode/pull/527
• @Lawful2002 made their first contribution in https://github.com/nexB/vulnerablecode/pull/548
• @vbisserie made their first contribution in https://github.com/nexB/vulnerablecode/pull/569
• @yilmi made their first contribution in https://github.com/nexB/vulnerablecode/pull/592
• @TG1999 made their first contribution in https://github.com/nexB/vulnerablecode/pull/623
• @aydinnyunus made their first contribution in https://github.com/nexB/vulnerablecode/pull/703
• @markrouz made their first contribution in https://github.com/nexB/vulnerablecode/pull/726
• @armijnhemel made their first contribution in https://github.com/nexB/vulnerablecode/pull/762
• @johnmhoran made their first contribution in https://github.com/nexB/vulnerablecode/pull/847

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v20.10...v30.0.0

What's Changed

• Prepare v30.rc6 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/914

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.0.0rc5...v30.0.0rc6

What's Changed

• Implement initial set of RTD updates #885 #886 #887 #888 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/890
• Allow case insensitive search for VCIDs #875 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/898
• Make URLs mandatory for references #891 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/899
• Improve UI by @pombredanne in https://github.com/nexB/vulnerablecode/pull/894
• Migrate from VULCOID to VCID #811 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/896
• Prepare release 30 by @pombredanne in https://github.com/nexB/vulnerablecode/pull/909

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.0.0rc4...v30.0.0rc5

This is a release candidate for v30.

What's Changed

• Add is_vulnerable property in fixed and affected_packages by @TG1999 in https://github.com/nexB/vulnerablecode/pull/869
• Add namespace filter in packages api by @TG1999 in https://github.com/nexB/vulnerablecode/pull/893
• Improve web user interface #798 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/847
• Modernize UI #798 by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/813

New Contributors

• @johnmhoran made their first contribution in https://github.com/nexB/vulnerablecode/pull/847

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.0.0rc3...v30.0.0rc4

This is a release candidate for v30.

What's Changed

• Delete references to CPEs with empty URLs #818 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/827
• Paginate initial listings to display a small number of or records by @TG1999 in https://github.com/nexB/vulnerablecode/pull/830
• Add fixed packages in vulnerabilities details in packages endpoint. by @TG1999 in https://github.com/nexB/vulnerablecode/pull/831
• Bump django from 4.0.6 to 4.0.7 by @dependabot in https://github.com/nexB/vulnerablecode/pull/840
• Add bulk search support for CPEs #808 by @TG1999 in https://github.com/nexB/vulnerablecode/pull/844
• Add authentication by @TG1999 in https://github.com/nexB/vulnerablecode/pull/848
• Fix typos in API by @TG1999 in https://github.com/nexB/vulnerablecode/pull/853

Full Changelog: https://github.com/nexB/vulnerablecode/compare/v30.0.0rc2...v30.0.0rc3