1.1.0
Changes:
- The
publish
andreject
subcommands have a new-f/--cve-json-file
option that allows submitting CVE records from
a file (#18). - Added CVE v5 JSON schema (5.0.0) validation when publishing a CVE record (#39).
- Full CVE v5 records can now be used when publishing a CVE; the CNA container is parsed from the CVE record
automatically (#42). - Automatically add
providerMetadata
from the org used when authenticating against CVE Services if it is missing in
the supplied CVE record (#19). - Added CVE v5 JSON 5.0.0 schemas under
cvelib/schemas
along with a script that extracts container-level sub-schemas. cve show --show-record --raw
now outputs a valid CVE record only (#44).- Dropped support for Python 3.6.
Update your existing cvelib
package with:
pip install --user --upgrade cvelib
or update your container image with:
podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib