CHANGELOG.md

Changelog

v1.14.6 (2024-12-12)

Fix

• Improve cves req missing property err message (b8b3513)

v1.14.5 (2024-12-04)

Fix

• Condition for skipping seen package names (b5da97d)

v1.14.4 (2024-12-04)

Fix

• Remove unused nameID2SrcNameIDs map (7404e32)
• Don't process same name ids multiple times (d7f45c0)
• Get source pkg from installed nevra for unfixed cves (4863dfa)

v1.14.3 (2024-12-02)

Fix

• Implement various cves endpoint fixes (197a925)

v1.14.2 (2024-11-28)

Fix

• Ignore updates from rhel-alt el7a release (a20c900)

v1.14.1 (2024-11-14)

Fix

• Revert "fix: upgrade go version" (1d7b125)

v1.14.0 (2024-11-13)

Feature

• Rewrite errata endpoint in go (89e593f)

v1.13.1 (2024-11-12)

Fix

• Upgrade go version (89020ab)

v1.13.0 (2024-10-31)

Feature

• Implement cves pagination (482d3ab)
• Implement expanding cves by regex (ecb2e42)
• Rewrite basic cves endpoint in go (ad285fb)

Fix

• Move cache utils and their tests (9ebc21e)

v1.12.0 (2024-10-15)

Feature

• Remove use_csaf from request struct (41aeae1)

v1.11.3 (2024-10-15)

Fix

• Options to disable newerReleasever from repos and csaf (f737060)

v1.11.2 (2024-10-15)

Fix

• Reuse product struct for products with unfixed cves (986885f)

v1.11.1 (2024-10-01)

Fix

• Revert appendUniq due to performance hit (cda7483)

v1.11.0 (2024-10-01)

Feature

• Remove oval evaluation (1ec86dc)

v1.10.3 (2024-09-30)

Fix

• Skip processing of duplicate products (2cc6f3c)

v1.10.2 (2024-09-27)

Fix

• Iterate over all fixable and manually fixable errata (5767402)

v1.10.1 (2024-09-25)

Fix

• udpates: Slice allocation (214fb7a)

v1.10.0 (2024-09-25)

Feature

• Return manually fixable cves from repositories in vulnerabilities receiver (986be63)
• Return only fixable updates from updates receiver (357badd)
• Find updates in repos with newer releasever (cb5df58)

Fix

• csaf: Use cpes from newer release ver for eus updates (f6f726e)

v1.9.2 (2024-09-24)

Fix

• Skip cves missing in mapping (bfc8561)

v1.9.1 (2024-08-27)

Fix

• csaf: Duplicate cpes while processing (f4fde94)

v1.9.0 (2024-08-22)

Feature

• opts: Add option to exclude package names from csaf (f297f3d)

Fix

• csaf: Make sure cpes are unique (74d142f)
• csaf: Exclude packages names in csaf eval (1d47bfb)

v1.8.0 (2024-08-19)

Feature

• Remove oval evaluation (a018f4b)

v1.7.2 (2024-08-09)

Fix

• fixed_cves: Use modules of fixed products in evaluation (4af5b69)

v1.7.1 (2024-07-04)

Fix

• Detect all affected packages for unfixed vulns in CSAF (20214f7)
• Detect all affected packages for unfixed vulns in OVAL (d4139cc)

v1.7.0 (2024-07-02)

Feature

• Report affected module for unfixed CVEs in CSAF (126ee49)
• Report affected module for unfixed CVEs in OVAL (1bbfbbc)

v1.6.1 (2024-06-27)

Fix

• Match cpe pattern substrings (c64a4d1)

v1.6.0 (2024-06-19)

Feature

• csaf: Manually fixable cves from csaf (ec9262b)
• load: Load csaf errata (c1c7905)

Fix

• csaf: Show only first package with unpatched cve (aa8d0f0)

v1.5.1 (2024-06-17)

Fix

• Evaluate module tests for unfixed CVEs (9d93a0f)

v1.5.0 (2024-05-28)

Feature

• Update go version (a93743a)

v1.4.2 (2024-05-28)

Fix

• csaf: Products for package names built from the same source (bb89ec7)

v1.4.1 (2024-04-30)

Fix

• concurrency: Goroutines per package instead of package-update (1e1a033)
• Check to verify that update exists in repo (1cfa9ee)

v1.4.0 (2024-04-25)

Feature

• csaf: Evaluate unfixed cves from csaf (d6692e9)

Fix

• csaf_load: Load null values to CSAFCVEs cache (5b17153)
• csaf: Cpe comparison (621855b)

v1.3.0 (2024-04-04)

Feature

• Add Csaf load and cache (efc388e)

v1.2.0 (2024-02-22)

Feature

• Consider evaluating definitions from newer eus/aus/e4s streams (16acc19)

Fix

• Map definition to first matched CPE (8d694aa)

v1.1.2 (2023-11-24)

Fix

• Don't evaluate module tests for unfixed CVE definitions, we're not looking for package updates anyway (a01b3c1)

v1.1.1 (2023-11-22)

Fix

• Update go to 1.20 and update dependencies (7b4efce)

v1.1.0 (2023-10-17)

Feature

• Load last_change column from cache (ed9ec90)

v1.0.7 (2023-08-31)

Fix

• Sort updates also by other fields (5631339)

v1.0.6 (2023-08-24)

Fix

• Display all affected_packages and errata for cves evaluated by repositories (91f9e53)

v1.0.5 (2023-08-14)

Fix

• updates: Sort availableUpdates (af06bec)

v1.0.4 (2023-07-18)

Fix

• semantic-release: Use older python-semantic-release (5ebef9e)
• Make sure definition list is in fixed order (eff45d5)
• Make sure CPE list is in fixed order (a57484d)
• Make sure input package list is in fixed order (6a3b4ad)

v1.0.3 (2023-07-04)

Fix

• Check whether pkg update exists in enabled repo (ba3b4cc)

v1.0.2 (2023-06-28)

Fix

• Bump version to release code to pkg.go.dev (59585f6)

v1.0.1 (2023-06-28)

Fix

• Nil pointer dereference (215d328)

v1.0.0 (2023-06-27)

Feature

• Add functional options (0e751b9)
• Return package name and evra in updates (d7b62c8)

Fix

• Improve cases when cache should be reloaded (f93129a)
• Remove unnecessary pointer to a mutex (f2c9493)
• Custom error when processing of input fails (96850f0)

Breaking

• methods cannot be exported since options is unexported (25bf738)

v0.9.0 (2023-05-31)

Feature

• config: Api config instead of using env vars (b57e28b)

v0.8.1 (2023-05-26)

Fix

• Update to go1.19 (0d7d810)

v0.8.0 (2023-05-16)

Feature

• Add epoch_required request option (a091b25)

v0.7.1 (2023-05-15)

Fix

• modules: Package from module with disabled repo (b6e7155)

v0.7.0 (2023-05-10)

Feature

• oval: Show package name, evra, cpe for unpatched cves (9cfe7d8)

v0.6.0 (2023-05-09)

Feature

• oval: Unpatched cves take precedence over fixable and manually fixable (d01c877)

Fix

• load: Load oval definition id (04e746b)

v0.5.1 (2023-05-03)

Fix

• oval: Check module stream in evaluateModuleTest (20be8ac)
• oval: Remove duplicates from UnpatchedCves list (9c48307)
• modules: Find updates in modular errata for package from module when module is enabled (cd99eef)

v0.5.0 (2023-04-18)

Feature

• Remove releasever check when finding updates (009fc1b)
• Always use optimistic updates (a892a8b)

v0.4.3 (2023-04-03)

Fix

• Allow empty string for modules only in request (427829d)

v0.4.2 (2023-04-03)

Fix

• Use *string for module name and stream to allow empty strings (ca5be5f)

v0.4.1 (2023-03-30)

Fix

• Make sure lock is unlocked in case of error (a3af86a)

v0.4.0 (2023-03-27)

Feature

• Return multiple erratas for manually fixable cve (14b59ed)
• Update vmaas.db with oval_definition_errata feed (8588b31)
• Return errata for manually fixable cves (972a273)

v0.3.5 (2023-03-20)

Fix

• Re-use logging logic from patchman (e5af24b)

v0.3.4 (2023-03-20)

Fix

• Stream downloaded dump to a file (0f49948)

v0.3.3 (2023-02-07)

Fix

• Third_party json field (c991822)

v0.3.2 (2023-02-06)

Fix

• Return errata: [] instead of null (9549f8a)

v0.3.1 (2023-01-19)

Fix

• Allow nil repolist (96f4b79)

v0.3.0 (2023-01-11)

Feature

• Add goroutines (7eb7548)

v0.2.6 (2023-01-05)

Fix

• Detail load, unnecessary cve iteration (a83a6e6)

v0.2.5 (2023-01-04)

Fix

• Cache reload (9a8a676)

v0.2.4 (2022-12-16)

Fix

• Pre-alloc maps in cache (8f4eba6)

v0.2.3 (2022-12-14)

Fix

• Use nevra pointer for receiver (e0d8a9f)
• Close db after cache read (a9486e3)
• Optimize oval load (b6d7e01)
• Reduce number of allocations (38d1be5)

v0.2.2 (2022-12-09)

Fix

• Updates when releasever in repo is empty (3ec8712)

v0.2.1 (2022-12-08)

Fix

• Arch compatibility (b18e816)

v0.2.0 (2022-12-08)

Feature

• rhui: Look up updates by repository path (044abab)

v0.1.4 (2022-12-01)

Fix

• Minor fixes (9c06686)

v0.1.3 (2022-11-30)

Fix

• Issues found with unit tests (43beb51)

v0.1.2 (2022-11-28)

Fix

• Don't iter UpdatesIndex in processInputPackages (8f2fc92)

v0.1.1 (2022-11-28)

Fix

• RepoID slice, simplify intersection, gorpm build (1611883)

v0.1.0 (2022-11-28)

Feature

• test: Introduce unit tests (27584fb)
• Setup semantic release from vuln4shift (01ccb51)