Skip to content

Latest commit

 

History

History
376 lines (230 loc) · 16.1 KB

CHANGELOG.md

File metadata and controls

376 lines (230 loc) · 16.1 KB
Raw

Changelog

v1.11.1 (2024-10-01)

Fix

  • Revert appendUniq due to performance hit (cda7483)

v1.11.0 (2024-10-01)

Feature

v1.10.3 (2024-09-30)

Fix

  • Skip processing of duplicate products (2cc6f3c)

v1.10.2 (2024-09-27)

Fix

  • Iterate over all fixable and manually fixable errata (5767402)

v1.10.1 (2024-09-25)

Fix

  • udpates: Slice allocation (214fb7a)

v1.10.0 (2024-09-25)

Feature

  • Return manually fixable cves from repositories in vulnerabilities receiver (986be63)
  • Return only fixable updates from updates receiver (357badd)
  • Find updates in repos with newer releasever (cb5df58)

Fix

  • csaf: Use cpes from newer release ver for eus updates (f6f726e)

v1.9.2 (2024-09-24)

Fix

  • Skip cves missing in mapping (bfc8561)

v1.9.1 (2024-08-27)

Fix

  • csaf: Duplicate cpes while processing (f4fde94)

v1.9.0 (2024-08-22)

Feature

  • opts: Add option to exclude package names from csaf (f297f3d)

Fix

  • csaf: Make sure cpes are unique (74d142f)
  • csaf: Exclude packages names in csaf eval (1d47bfb)

v1.8.0 (2024-08-19)

Feature

v1.7.2 (2024-08-09)

Fix

  • fixed_cves: Use modules of fixed products in evaluation (4af5b69)

v1.7.1 (2024-07-04)

Fix

  • Detect all affected packages for unfixed vulns in CSAF (20214f7)
  • Detect all affected packages for unfixed vulns in OVAL (d4139cc)

v1.7.0 (2024-07-02)

Feature

  • Report affected module for unfixed CVEs in CSAF (126ee49)
  • Report affected module for unfixed CVEs in OVAL (1bbfbbc)

v1.6.1 (2024-06-27)

Fix

  • Match cpe pattern substrings (c64a4d1)

v1.6.0 (2024-06-19)

Feature

  • csaf: Manually fixable cves from csaf (ec9262b)
  • load: Load csaf errata (c1c7905)

Fix

  • csaf: Show only first package with unpatched cve (aa8d0f0)

v1.5.1 (2024-06-17)

Fix

  • Evaluate module tests for unfixed CVEs (9d93a0f)

v1.5.0 (2024-05-28)

Feature

v1.4.2 (2024-05-28)

Fix

  • csaf: Products for package names built from the same source (bb89ec7)

v1.4.1 (2024-04-30)

Fix

  • concurrency: Goroutines per package instead of package-update (1e1a033)
  • Check to verify that update exists in repo (1cfa9ee)

v1.4.0 (2024-04-25)

Feature

  • csaf: Evaluate unfixed cves from csaf (d6692e9)

Fix

  • csaf_load: Load null values to CSAFCVEs cache (5b17153)
  • csaf: Cpe comparison (621855b)

v1.3.0 (2024-04-04)

Feature

  • Add Csaf load and cache (efc388e)

v1.2.0 (2024-02-22)

Feature

  • Consider evaluating definitions from newer eus/aus/e4s streams (16acc19)

Fix

  • Map definition to first matched CPE (8d694aa)

v1.1.2 (2023-11-24)

Fix

  • Don't evaluate module tests for unfixed CVE definitions, we're not looking for package updates anyway (a01b3c1)

v1.1.1 (2023-11-22)

Fix

  • Update go to 1.20 and update dependencies (7b4efce)

v1.1.0 (2023-10-17)

Feature

  • Load last_change column from cache (ed9ec90)

v1.0.7 (2023-08-31)

Fix

  • Sort updates also by other fields (5631339)

v1.0.6 (2023-08-24)

Fix

  • Display all affected_packages and errata for cves evaluated by repositories (91f9e53)

v1.0.5 (2023-08-14)

Fix

  • updates: Sort availableUpdates (af06bec)

v1.0.4 (2023-07-18)

Fix

  • semantic-release: Use older python-semantic-release (5ebef9e)
  • Make sure definition list is in fixed order (eff45d5)
  • Make sure CPE list is in fixed order (a57484d)
  • Make sure input package list is in fixed order (6a3b4ad)

v1.0.3 (2023-07-04)

Fix

  • Check whether pkg update exists in enabled repo (ba3b4cc)

v1.0.2 (2023-06-28)

Fix

  • Bump version to release code to pkg.go.dev (59585f6)

v1.0.1 (2023-06-28)

Fix

  • Nil pointer dereference (215d328)

v1.0.0 (2023-06-27)

Feature

  • Add functional options (0e751b9)
  • Return package name and evra in updates (d7b62c8)

Fix

  • Improve cases when cache should be reloaded (f93129a)
  • Remove unnecessary pointer to a mutex (f2c9493)
  • Custom error when processing of input fails (96850f0)

Breaking

  • methods cannot be exported since options is unexported (25bf738)

v0.9.0 (2023-05-31)

Feature

  • config: Api config instead of using env vars (b57e28b)

v0.8.1 (2023-05-26)

Fix

v0.8.0 (2023-05-16)

Feature

  • Add epoch_required request option (a091b25)

v0.7.1 (2023-05-15)

Fix

  • modules: Package from module with disabled repo (b6e7155)

v0.7.0 (2023-05-10)

Feature

  • oval: Show package name, evra, cpe for unpatched cves (9cfe7d8)

v0.6.0 (2023-05-09)

Feature

  • oval: Unpatched cves take precedence over fixable and manually fixable (d01c877)

Fix

  • load: Load oval definition id (04e746b)

v0.5.1 (2023-05-03)

Fix

  • oval: Check module stream in evaluateModuleTest (20be8ac)
  • oval: Remove duplicates from UnpatchedCves list (9c48307)
  • modules: Find updates in modular errata for package from module when module is enabled (cd99eef)

v0.5.0 (2023-04-18)

Feature

  • Remove releasever check when finding updates (009fc1b)
  • Always use optimistic updates (a892a8b)

v0.4.3 (2023-04-03)

Fix

  • Allow empty string for modules only in request (427829d)

v0.4.2 (2023-04-03)

Fix

  • Use *string for module name and stream to allow empty strings (ca5be5f)

v0.4.1 (2023-03-30)

Fix

  • Make sure lock is unlocked in case of error (a3af86a)

v0.4.0 (2023-03-27)

Feature

  • Return multiple erratas for manually fixable cve (14b59ed)
  • Update vmaas.db with oval_definition_errata feed (8588b31)
  • Return errata for manually fixable cves (972a273)

v0.3.5 (2023-03-20)

Fix

  • Re-use logging logic from patchman (e5af24b)

v0.3.4 (2023-03-20)

Fix

  • Stream downloaded dump to a file (0f49948)

v0.3.3 (2023-02-07)

Fix

v0.3.2 (2023-02-06)

Fix

  • Return errata: [] instead of null (9549f8a)

v0.3.1 (2023-01-19)

Fix

v0.3.0 (2023-01-11)

Feature

v0.2.6 (2023-01-05)

Fix

  • Detail load, unnecessary cve iteration (a83a6e6)

v0.2.5 (2023-01-04)

Fix

v0.2.4 (2022-12-16)

Fix

  • Pre-alloc maps in cache (8f4eba6)

v0.2.3 (2022-12-14)

Fix

  • Use nevra pointer for receiver (e0d8a9f)
  • Close db after cache read (a9486e3)
  • Optimize oval load (b6d7e01)
  • Reduce number of allocations (38d1be5)

v0.2.2 (2022-12-09)

Fix

  • Updates when releasever in repo is empty (3ec8712)

v0.2.1 (2022-12-08)

Fix

v0.2.0 (2022-12-08)

Feature

  • rhui: Look up updates by repository path (044abab)

v0.1.4 (2022-12-01)

Fix

v0.1.3 (2022-11-30)

Fix

  • Issues found with unit tests (43beb51)

v0.1.2 (2022-11-28)

Fix

  • Don't iter UpdatesIndex in processInputPackages (8f2fc92)

v0.1.1 (2022-11-28)

Fix

  • RepoID slice, simplify intersection, gorpm build (1611883)

v0.1.0 (2022-11-28)

Feature

  • test: Introduce unit tests (27584fb)
  • Setup semantic release from vuln4shift (01ccb51)