v37.0.0

What's Changed

• Bump django from 4.2.21 to 4.2.22 by @dependabot[bot] in #1901
• Add back navigation link to vulnerability details page by @rajanarahul93 in #1875
• Add pipeline to compute Advisory ToDos by @keshav-space in #1764
• Add advisory v2 by @TG1999 in #1866
• Throttle API requests based on user permissions by @keshav-space in #1909
• Allow all package types in Github V2 importer by @TG1999 in #1925
• Pipeline Dashboard improvements by @keshav-space in #1920
• Add advisory codefix V2 URL by @TG1999 in #1926
• Prepare for release v37.0.0 by @TG1999 in #1927
• Replace reference with V2 by @TG1999 in #1928
• Fix gitlab and elixir security importer by @TG1999 in #1934
• Fix incorrect pluralization of model names by @keshav-space in #1930
• Preserve field values on unsuccessful form submission by @keshav-space in #1937
• Add Altcha hmac key to settings by @keshav-space in #1938
• Support optional inputs for pipeline steps by @keshav-space in #1951
• Migrate Xen, Curl, Istio and OSS-Fuzz importer by @TG1999 in #1946
• Add avid for gitlab by @TG1999 in #1952
• Add ImpactedPackage model to track affected and fixed packages by @keshav-space in #1970
• Migrate advisory todo to v2 by @TG1999 in #1966
• Add ArchLinux AdvisoryV2 importer pipeline by @keshav-space in #1942
• Add v2 pipeline for importing Red Hat advisories by @keshav-space in #1971
• Bump django from 4.2.22 to 4.2.24 by @dependabot[bot] in #1996
• Add pipeline to unfurl affected VERS range in V2 impacts by @keshav-space in #1995
• Disable Redis AOF persistence by @keshav-space in #1997
• Bump django from 4.2.24 to 4.2.25 by @dependabot[bot] in #1998
• Add affected and fixed_by commit to the ImpactedPackage model by @ziadhany in #2007
• Add CVSSv4 scoring support to OSV parser by @ziadhany in #1974
• Create new aboutcode.federated library #747 by @pombredanne in #2006
• Add workflow to publish aboutcode.federated by @keshav-space in #2045
• Collect SSVC trees by @TG1999 in #2050
• Add support for introduced and fixed commits in AdvisoryData by @ziadhany in #2017
• Restore severity details tab by @TG1999 in #2059
• Fix incorrect default starting year in NVD importer by @Adityakk9031 in #2085
• Migrate EPSS importer for advisory V2 by @ziadhany in #2067
• Migrate Ruby importer to advisory V2 by @ziadhany in #2086
• Handle multiple advisories with same AVID by @TG1999 in #2092
• Make sure we have extra space to store long CVSSv4 values correctly. by @ziadhany in #2094
• Migrate mattermost importer to V2 by @TG1999 in #2095
• Migrate Fireeye importer to advisory V2 by @ziadhany in #2087
• Migrate the NVD importer to use the 2.0 API schema by @ziadhany in #2012
• Check advisory ID is not in aliases by @TG1999 in #2107
• Migrate Importer to Advisory v2 & Collect Existing Fix Commits for Project KB by @ziadhany in #1987
• Support running pipeline only once by @keshav-space in #2112
• Include PackageCommitPatch and Patch in AdvisoryV2 serialization by @keshav-space in #2117
• Migrate Nginx importer to advisory V2 by @ziadhany in #2109
• Add v2 pipeline collect OpenSSL advisory by @keshav-space in #2119
• Add V2 pipeline to collect Kafka advisory by @keshav-space in #2125
• Fix OSV to handle affected_packages correctly & add support to collect commits by @ziadhany in #2080
• Migrate Apache Tomcat V2 importer by @TG1999 in #2128
• Show unstable features warning on staging instance by @keshav-space in #2133
• Fix incorrect OSV-to-PURL mapping for Cargo by @ziadhany in #2131
• Migrate debian importer to v2 by @TG1999 in #2137
• Use full available screen width in run details view by @keshav-space in #2142
• Update README.rst to simplify structure by @DennisClark in #2149
• Add v2 pipeline to collect Ubuntu OSV advisories by @keshav-space in #2145
• Introduce AdvisoryDataV2 class by @TG1999 in #2155
• Add throttling to V3 API by @TG1999 in #2156
• Migrate RetireDotnet to Advisory V2 by @ziadhany in #2141
• Update technologies in VCIO by @TG1999 in #2157
• Migrate Alpine importer to advisory V2 by @ziadhany in #2111
• Add support for parsing Git commit messages by @ziadhany in #1992
• Avoid producing identical hashes for different advisory IDs. by @ziadhany in #2164
• Migrate Suse Scores importer to advisory V2 by @ziadhany in #2101
• Group related advisories on basis of content by @TG1999 in #2169
• Fix package details page by @TG1999 in #2171
• CI Fix: Ignore nixos.wiki in linkcheck by @Samk1710 in #2161
• Relate severity scores with advisories by @TG1999 in #2174
• Fix views bug by @TG1999 in #2175
• Add pipeline to federate package vulnerabilities by @keshav-space in #2159
• Migrate Gentoo importer to advisory V2 by @ziadhany in #2090
• Resolve SyntaxWarning in Fireeye Importer by @ziadhany in #2181
• Use related advisory severity to calculate exploitibility, weighted severity and risk scores by @TG1999 in #2182
• Export incremental updates on subsequent runs of FederatedCode pipeline by @keshav-space in #2183
• Compute content_id from all fields of AdvisoryV2 by @keshav-space in #2191
• Do not update related field of an immutable AdvisoryV2 by @keshav-space in #2192
• Fix null constraint violations in multiple v1 exploit pipelines by @ziadhany in #2189
• Review all v2 pipelines by @TG1999 in #2196

New Contributors

• @rajanarahul93 made their first contribution in #1875
• @Adityakk9031 made their first contribution in #2085
• @DennisClark made their first contribution in #2149
• @Samk1710 made their first contribution in #2161

Full Changelog: v36.1.3...v37.0.0

v36.1.3

This is a minor release.

What's Changed

• Increase docker shared memory size by @TG1999 in #1896
• Prepare for release v36.1.3 by @TG1999 in #1900

Full Changelog: v36.1.2...v36.1.3

v36.1.2

What's Changed

• Get tag from VERSION manifest by @keshav-space in #1895

Full Changelog: v36.1.1...v36.1.2

v36.1.1

What's Changed

• Migrate Advisory aliases field to M2M relationship by @keshav-space in #1784
• Fillup missing vulnerabilities summary by @TG1999 in #1767
• Bump django from 4.2.17 to 4.2.20 by @dependabot in #1797
• Stop github OSV importer crashes by @TG1999 in #1853
• Reorder importing order by @TG1999 in #1854
• Fix alpine linux importer by @TG1999 in #1861
• Make advisory content_id a unique field by @keshav-space in #1863
• Optimize export management command by @keshav-space in #1868
• Support running pipelines in scheduled task queue by @keshav-space in #1871
• Remove admin panel by @TG1999 in #1885
• Bump django from 4.2.20 to 4.2.21 by @dependabot in #1872
• Prepare for v36.1.0 by @TG1999 in #1886
• Update is_active help text in pipeline migration by @keshav-space in #1887
• Run release CI on Ubuntu 22.04 by @keshav-space in #1888

Full Changelog: v36.0.0...v36.1.1

v36.0.0

What's Changed

• Add indexes for models by @TG1999 in #1701
• Add fixed by package in V2 API by @TG1999 in #1706
• Add tests for num queries for views by @TG1999 in #1730
• Add postgresql conf in docker-compose by @TG1999 in #1733
• Add default postgresql.conf for local docker build by @keshav-space in #1735
• Add models for CodeFix by @TG1999 in #1704
• Migrate Alpine Linux importer to aboutcode pipeline by @keshav-space in #1737
• VCIO-next: Allow CVSS3.1 Severities in NVD by @TG1999 in #1738
• Add Pipeline to add missing CVSSV3.1 scores by @TG1999 in #1740
• Add description and reference to the latest release on the homepage by @keshav-space in #1743
• Use proper apk package type for Alpine by @keshav-space in #1739
• Optimize vulnerabilities view by @TG1999 in #1728
• Add CWE support in multiple importers by @ambuj-1211 in #1526
• Fast content ID migration by @keshav-space in #1795
• Add captcha for user signup by @TG1999 in #1822
• Move the package search box to the top by @keshav-space in #1832

Important

After upgrading to v36.0.0, run the pipeline shown below to migrate advisories to the new unique_content_id and remove duplicate advisories.

 python3 manage.py improve remove_duplicate_advisories

Full Changelog: v35.1.0...v36.0.0

v35.1.0

What's Changed

• Use AboutCode mirror for collecting CISA KEV by @keshav-space in #1685
• VCIO-next: Do not report ghost package as a fix for vulnerability by @keshav-space in #1679
• Prepare aboutcode.hashid v0.2.0 release by @keshav-space in #1687
• Add pipeline to sort packages by @TG1999 in #1686
• Fix urls for API by @TG1999 in #1678

v35.0.0

What's Changed

• Add support for storing exploitability and weighted severity by @ziadhany in #1646
• Avoid migrations on version bumps by @keshav-space in #1660
• Prepare v35.0.0rc1 by @TG1999 in #1664
• Add scores in bulk search V1 API by @TG1999 in #1675
• Prepare for release v35.0.0 by @TG1999 in #1677

Full Changelog: v34.3.2...v35.0.0

v35.0.0rc1

What's Changed

• Add improver pipeline to flag ghost packages #644 #917 #1395 by @keshav-space in #1533
• Add base pipeline for importers and migrate PyPa importer to aboutcode pipeline by @keshav-space in #1559
• Remove dupe Package.get_non_vulnerable_versions by @pombredanne in #1570
• Import data from GSD #706 by @ziadhany in #787
• Add curl advisories importer by @ambuj-1211 in #1439
• Update dependencies by @TG1999 in #1590
• Bump django from 4.2.0 to 4.2.15 by @dependabot in #1591
• Bump cryptography from 42.0.4 to 43.0.1 by @dependabot in #1582
• Bump actions/download-artifact from 3 to 4.1.7 in /.github/workflows by @dependabot in #1581
• Improve export command by @pombredanne in #1571
• Fix typo in Kev requests import by @ziadhany in #1594
• Prepare for release v34.0.1 by @TG1999 in #1595
• Bump upload-artifact to v4 by @keshav-space in #1596
• Migrate Npm importer to aboutcode pipeline by @keshav-space in #1574
• Use correct regex for CVE by @pombredanne in #1599
• Migrate Nginx importer to aboutcode pipeline by @keshav-space in #1575
• Migrate GitLab importer to aboutcode pipeline by @keshav-space in #1580
• Migrate GitHub importer to aboutcode pipeline by @keshav-space in #1584
• Migrate NVD importer to aboutcode pipeline by @keshav-space in #1587
• Match affected and fixed-by Packages by @johnmhoran in #1528
• Add management command to commit exported data by @keshav-space in #1600
• Add support to Exploits model by @ziadhany in #1562
• Fix 500 Server Error with DRF browsable API and resolve blank Swagger API documentation by @keshav-space in #1603
• Release v34.0.2 by @TG1999 in #1604
• Bump VCIO version by @TG1999 in #1605
• Bump django from 4.2.15 to 4.2.16 by @dependabot in #1608
• Bump fetchcode from v0.3.0 to v0.6.0 by @keshav-space in #1607
• Use 4-tier system for storing package metadata by @keshav-space in #1609
• Fix vers range crash by @pombredanne in #1598
• Add GitHub action to publish aboutcode.hashid PyPI by @keshav-space in #1615
• Segregate PackageRelatedVulnerability model to new models by @TG1999 in #1612
• Add documentation for new pipeline design by @keshav-space in #1621
• Fix 500 error in /api/cpes endpoint by @keshav-space in #1629
• Migrate pysec importer to aboutcode pipeline by @keshav-space in #1628
• Avoid memory exhaustion during data migration by @keshav-space in #1630
• Add support for Calculating Risk in VulnerableCode by @ziadhany in #1593
• Bulk create in migrations by @TG1999 in #1640
• Update README.rst by @TG1999 in #1641
• Prepare for release v34.1.0 by @TG1999 in #1642
• Add V2 API endpoints by @TG1999 in #1631
• Prepare for release v34.2.0 by @TG1999 in #1647
• Refactor severity score model and fix incorrect suse scores by @keshav-space in #1636
• Add bulk search in v2 by @TG1999 in #1649
• Prepare release v34.3.0 by @TG1999 in #1652
• Add on_failure to handle cleanup during pipeline failure by @keshav-space in #1651
• Fix API bug by @TG1999 in #1654
• Add reference score to package endpoint by @keshav-space in #1655
• Prepare for release v34.3.2 by @TG1999 in #1656
• Add support for storing exploitability and weighted severity by @ziadhany in #1646
• Avoid migrations on version bumps by @keshav-space in #1660
• Prepare v35.0.0rc1 by @TG1999 in #1664

New Contributors

• @ambuj-1211 made their first contribution in #1439

Full Changelog: v34.0.0...v35.0.0rc1

v34.3.2

What's Changed

• Add reference score to package endpoint by @keshav-space in #1655

Full Changelog: v34.3.1...v34.3.2

v34.3.1

What's Changed

• Add on_failure to handle cleanup during pipeline failure by @keshav-space in #1651
• Fix API bug by @TG1999 in #1654

Full Changelog: v34.3.0...v34.3.1