Releases: RedHatProductSecurity/cvelib
Releases · RedHatProductSecurity/cvelib
1.4.0
Changes:
- Updated CVE JSON schema to version 5.1.0, which makes it compatible with CVE Services 2.3.x (#79).
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib1.3.0
Changes:
- Fixed displaying timestamps for older records (#66).
- Added auto-completion of sub-commands (#73).
- Added support for ADP containers (#70):
- A new
publish-adpcommand is added that allows publishing of ADP containers into an existing CVE record (this is
only possible if a CVE is in the published state). - The
showsubcommand now allows displaying a CNA container or all/subset of existing ADP containers (identified by
the org's name that created it). - ADP containers can only be published and updated, so there is no functionality to remove them.
- A new
- CVE state constants were updated to match the case used by CVE Services, e.g.
rejected->REJECTED(#75). - Fixed displaying CVE ID reservations for records that are missing the
userattribute (#76).
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib1.2.1
Changes:
- Improved
CveRecordValidationErrorexception error message.
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib1.2.0
Changes:
- The
listanduserscommands have a new-N/--no-headeroption that skips printing a header in the table output. (#55). - The bundled CNA Published JSON schema is used by default when calling
CveRecord.validate()(#57). - The
jsonschemarequired dependency was relaxed to an older version (#54).
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib1.1.0
Changes:
- The
publishandrejectsubcommands have a new-f/--cve-json-fileoption that allows submitting CVE records from
a file (#18). - Added CVE v5 JSON schema (5.0.0) validation when publishing a CVE record (#39).
- Full CVE v5 records can now be used when publishing a CVE; the CNA container is parsed from the CVE record
automatically (#42). - Automatically add
providerMetadatafrom the org used when authenticating against CVE Services if it is missing in
the supplied CVE record (#19). - Added CVE v5 JSON 5.0.0 schemas under
cvelib/schemasalong with a script that extracts container-level sub-schemas. cve show --show-record --rawnow outputs a valid CVE record only (#44).- Dropped support for Python 3.6.
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib1.0.0
Changes:
- Added support for CVE Services 2.1:
- New subcommands:
publish,reject,undo-reject. - The
showsubcommand now indluced a--show-recordoption to view a CVE's record. - Added several new methods in the
CveApiinterface to reflect new CVE Services API endpoints.
- New subcommands:
- Fixed sorting by the reserved timestamp when using the
listsubcommand.
Update your existing cvelib package with:
pip install --user --upgrade cvelibor update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib0.7.0
0.6.0
0.5.0
0.4.0
This release adds support for CVE Services 1.1.0, the changes in which are documented at https://github.com/CVEProject/cve-services/wiki/Release-Cycle-Report-3-23-2021-v1.1.0.
- Added
cve orgcommand. - Added
cve usercommand. - Refactored
Idrinterface into a generalCveApiinterface. - Fixed error when showing a CVE that is owned by a different CNA.