Skip to content

0.3.0-rc.2

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Jun 14:25
· 144 commits to main since this release
v0.3.0-rc.2
89a0c3e

Changelog

v0.3.0-rc.2 (2025-06-06)

⚠ BREAKING-CHANGE

  • The /vulnerabilities search paramteres are changed from 'average_severity'and 'average_score' to 'base_severity' and 'base_score'

  • The upgraded parser aligns with RFC 9535, and notlonger supports the $.[] notation. It must be converted into $[].
    This is important for the group extraction with OIDC, specifically
    with AWS Cognito.

Features

  • implement validation of labels (6ff25c9), closes #1708
  • implement PURL extraction endpoint (1b53d51), closes #1665
  • Setting compression to None will remove the header (745191b), closes #1682
  • allow using path style for S3 (1672635), closes #1678
  • parse and store cvss3 scores for cve files (474f82e)
  • allow string arrays to be queried in the q= syntax (42f99b9), closes #1558
  • refactored license type management in CSV license export (#10) (3cf0d1a),
    closes #10
  • analysis: log cache eviction note on info level (895a360)
  • allow control populating the cache after ingestion (cc8d4ff)
  • allow providing the format type during the upload (advisory) (4c2ab4c)
  • allow providing the format type during the upload (99fbae2)
  • filter SBOM's and Advisories by labels (7bcb993), closes #491
  • now supporting json objects for in-memory queries (16f6a57)
  • support unlimited multi-part field names for json columns (513bcdc)
  • support nested fields within in-memory query contexts (c4d3661)
  • query json objects with ':' to delimit column name and key (ad808aa), closes
    #491
  • return a list of valid fields in a query error message (6978eb1)
  • add api/v2/analyis/latest/component (a61b511)
  • allow upload gzip compressed files (16d6066)
  • a new dataset containing a few sboms and osv advisories that had issues in
    correlation (8f150ce)
  • collect and report SBOM supplier information (26c0bf2)
  • add analyze endpoint for purl-based vulnerability scan (0709de3)
  • add score to response (6718869), closes #1473
  • add pg_stats to the compose database (9a2efbc)

Fixes

  • storage: urlencode bucket name (89a0c3e)
  • align the embedded postgres version with the CI (f1ba554), closes #1674
  • set vulnerability score from cve advisory (c21c65b)
  • delete advisory performance (a605ad6)
  • add sorting and pagination to importer report endpoint (5f1a927), closes
    #1636
  • return 404 when /weakness has no results (a00a709)
  • use correct env variable (29feec1)
  • remove duplicate UNION in gc_purls SELECT (9297a06)
  • properly evaluate the UpdateSbom permission (a0cee9f)
  • show null severity in vuln when it's null in advisory (e542e2b), closes
    #1374
  • support custom trust anchors, fix a "not found" issue (34274f3)
  • remove advisory_vulnerability gist index (ac0c728)
  • don't queue work on the worker queue if there is none (57146a1)
  • fully-qualify table names in json filters (6f419f5)
  • when deleting an entity, delete also a source document (and scores for the
    advisory) (4cb8ceb)
  • prevent panic when handling non YAML content (d6d37cb)
  • ensure that container build aligns with deployment architecture (6316078)
  • Python versions PLSQL comparator (TC-2469) (ffce45d)
  • ensure that an invalid CVSS does not panic (a5eceda), closes #1547
  • scale test references the PR number commented (76e2d7d)
  • scale test references the PR number (583d39b)
  • return 400 instead of 500 in case of validation errors (a0d052c)
  • correct documentation of API (1584c6a)
  • prevent deadlock when inserting in parallel (0a75ac4), closes #1531
  • reap crashed jobs so they don't appear "stuck" in the UI (d418222), closes
    #1499
  • pythonver_cmp function to properly handle local versions (12fb17e)
  • cvss scores with I:N and A:N score properly now (f5fe0c5), closes #1519
  • mavenver_cmp add logic to compare builds (6992b4e)
  • mavenver_cmp function fail to compare versions with build numbers properly
    (df0afbe)
  • add a migration to fix null values for suppliers (8b0d1fe)
  • ensure load order does not impact analysis graph dependency queries
    (55bb20d)
  • TC-2388 OSV range with last_affected (564ec89)
  • allow setting devmode with container keycloak (3fb1032)
  • get_purl now deals with missing ns properly (9209645), closes #1456
  • set title for vunerabilities with non typical description language code
    (a0de6e1)
  • use patched version of spdx-rs until the fix is merged and released
    (8f1cab6), closes #1492
  • /sbom/by-package api can now sort results by name (0099fb3), closes #1476
  • add vulnerability details in purl details for product statuses (0f1f780)
  • purl components now properly encoded in Display impl (1997349)
Assets 42
Loading