Skip to content

Releases: RedHatProductSecurity/cvelib

1.7.1

06 Dec 19:24
e66dc75
Compare
Choose a tag to compare

Changes:

  • Fixed unnecessarily requiring authentication option to be specified for validate subcommand (#99).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.7.0

05 Dec 19:06
3a6642c
Compare
Choose a tag to compare

Changes:

  • Updated CVE record schemas to version 5.1.1 (#96).
  • Added a new subcommand, validate, to verify that a CVE record (or a specific container of a record) is valid
    against a specific CVE v5 schema (#95).
  • Switched to a stricter version of the CVE ID matching regex (6f18918).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.6.0

11 Oct 15:25
Compare
Choose a tag to compare

Changes:

  • Subcommands that not require authentication credentials no longer require -u/-o/-a options to be set (#93).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.5.0

18 Jul 17:55
Compare
Choose a tag to compare

Changes:

  • The -u/--username option is now required when updating a user or resetting the token of a user (#86).
  • Updated CVE record schemas to final 5.1.0 version; the previous 5.1.0 were still RC versions that later changed (#87).
  • The called command is shown in an error message that refers users to read help text (#84).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.4.0

15 May 18:14
Compare
Choose a tag to compare

Changes:

  • Updated CVE JSON schema to version 5.1.0, which makes it compatible with CVE Services 2.3.x (#79).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.3.0

26 Jan 20:15
Compare
Choose a tag to compare

Changes:

  • Fixed displaying timestamps for older records (#66).
  • Added auto-completion of sub-commands (#73).
  • Added support for ADP containers (#70):
    • A new publish-adp command is added that allows publishing of ADP containers into an existing CVE record (this is
      only possible if a CVE is in the published state).
    • The show subcommand now allows displaying a CNA container or all/subset of existing ADP containers (identified by
      the org's name that created it).
    • ADP containers can only be published and updated, so there is no functionality to remove them.
  • CVE state constants were updated to match the case used by CVE Services, e.g. rejected -> REJECTED (#75).
  • Fixed displaying CVE ID reservations for records that are missing the user attribute (#76).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.2.1

16 Feb 18:06
2011356
Compare
Choose a tag to compare

Changes:

  • Improved CveRecordValidationError exception error message.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.2.0

02 Dec 13:47
Compare
Choose a tag to compare

Changes:

  • The list and users commands have a new -N/--no-header option that skips printing a header in the table output. (#55).
  • The bundled CNA Published JSON schema is used by default when calling CveRecord.validate() (#57).
  • The jsonschema required dependency was relaxed to an older version (#54).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.1.0

11 Nov 18:22
Compare
Choose a tag to compare

Changes:

  • The publish and reject subcommands have a new -f/--cve-json-file option that allows submitting CVE records from
    a file (#18).
  • Added CVE v5 JSON schema (5.0.0) validation when publishing a CVE record (#39).
  • Full CVE v5 records can now be used when publishing a CVE; the CNA container is parsed from the CVE record
    automatically (#42).
  • Automatically add providerMetadata from the org used when authenticating against CVE Services if it is missing in
    the supplied CVE record (#19).
  • Added CVE v5 JSON 5.0.0 schemas under cvelib/schemas along with a script that extracts container-level sub-schemas.
  • cve show --show-record --raw now outputs a valid CVE record only (#44).
  • Dropped support for Python 3.6.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

1.0.0

03 Oct 17:29
b8a4db6
Compare
Choose a tag to compare

Changes:

  • Added support for CVE Services 2.1:
    • New subcommands: publish, reject, undo-reject.
    • The show subcommand now indluced a --show-record option to view a CVE's record.
    • Added several new methods in the CveApi interface to reflect new CVE Services API endpoints.
  • Fixed sorting by the reserved timestamp when using the list subcommand.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib