Releases: RedHatProductSecurity/cvelib
1.7.1
Changes:
- Fixed unnecessarily requiring authentication option to be specified for
validate
subcommand (#99).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.7.0
Changes:
- Updated CVE record schemas to version 5.1.1 (#96).
- Added a new subcommand,
validate
, to verify that a CVE record (or a specific container of a record) is valid
against a specific CVE v5 schema (#95). - Switched to a stricter version of the CVE ID matching regex (6f18918).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.6.0
Changes:
- Subcommands that not require authentication credentials no longer require
-u/-o/-a
options to be set (#93).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.5.0
Changes:
- The
-u/--username
option is now required when updating a user or resetting the token of a user (#86). - Updated CVE record schemas to final 5.1.0 version; the previous 5.1.0 were still RC versions that later changed (#87).
- The called command is shown in an error message that refers users to read help text (#84).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.4.0
Changes:
- Updated CVE JSON schema to version 5.1.0, which makes it compatible with CVE Services 2.3.x (#79).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.3.0
Changes:
- Fixed displaying timestamps for older records (#66).
- Added auto-completion of sub-commands (#73).
- Added support for ADP containers (#70):
- A new
publish-adp
command is added that allows publishing of ADP containers into an existing CVE record (this is
only possible if a CVE is in the published state). - The
show
subcommand now allows displaying a CNA container or all/subset of existing ADP containers (identified by
the org's name that created it). - ADP containers can only be published and updated, so there is no functionality to remove them.
- A new
- CVE state constants were updated to match the case used by CVE Services, e.g.
rejected
->REJECTED
(#75). - Fixed displaying CVE ID reservations for records that are missing the
user
attribute (#76).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.2.1
Changes:
- Improved
CveRecordValidationError
exception error message.
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.2.0
Changes:
- The
list
andusers
commands have a new-N/--no-header
option that skips printing a header in the table output. (#55). - The bundled CNA Published JSON schema is used by default when calling
CveRecord.validate()
(#57). - The
jsonschema
required dependency was relaxed to an older version (#54).
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.1.0
Changes:
- The
publish
andreject
subcommands have a new-f/--cve-json-file
option that allows submitting CVE records from
a file (#18). - Added CVE v5 JSON schema (5.0.0) validation when publishing a CVE record (#39).
- Full CVE v5 records can now be used when publishing a CVE; the CNA container is parsed from the CVE record
automatically (#42). - Automatically add
providerMetadata
from the org used when authenticating against CVE Services if it is missing in
the supplied CVE record (#19). - Added CVE v5 JSON 5.0.0 schemas under
cvelib/schemas
along with a script that extracts container-level sub-schemas. cve show --show-record --raw
now outputs a valid CVE record only (#44).- Dropped support for Python 3.6.
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib
1.0.0
Changes:
- Added support for CVE Services 2.1:
- New subcommands:
publish
,reject
,undo-reject
. - The
show
subcommand now indluced a--show-record
option to view a CVE's record. - Added several new methods in the
CveApi
interface to reflect new CVE Services API endpoints.
- New subcommands:
- Fixed sorting by the reserved timestamp when using the
list
subcommand.
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib