@@ -4,37 +4,50 @@ Release notes
44Version v30.0.0
55----------------
66
7- - Refactor core processing with Importers that import data and Improvers that
8- get the imported data and convert that in Vulnerabilities and Packages and can
9- also improve and refine imported and existing data. The migration to this new
10- architecture is under way.
7+ - We refactored the core processing with Importers that import data and Improvers that
8+ transform imported data and convert that in Vulnerabilities and Packages. Improvers can
9+ also improve and refine imported and existing data as well as enrich data using external
10+ data sources. The migration to this new architecture is under way and not all importers
11+ are available. You can track the progress in this issue: https://github.com/nexB/vulnerablecode/issues/597
12+ Because of these extensive changes, it is not possible to migrate existing imported
13+ data to the new schema. You will need instead to restart imports from an empty database
14+ or request access to the new vulnerablecode.io live instance.
1115
12- - Add new data sources including OSV , GitHub and GitLab.
16+ - We added new data sources including PYSEC , GitHub and GitLab.
1317
14- - Improve documentation including adding examples for importers and improvers
18+ - We improved the documentation including adding development examples for importers and improvers.
1519
16- - Remove the ability to edit relationships from the UI. The UI is now read-only
17- and we will need to design a different UI for proper review and curation of
18- vulnerabilities.
20+ - We removed the ability to edit relationships from the UI. The UI is now read-only
21+ and we will need to design a different UI for proper review and curation of vulnerabilities.
1922
20- - Add support for nix as a Linux deployment target.
23+ - We added support for NixOS as a Linux deployment target.
2124
22- - Lookup vulnerabilities from CPE through API
25+ - The aliases of a vulnerabily are reported in the API vulnerabilities/ endpoint
2326
24- - Breaking Changes at API level
25- - /api/vulnerabilities
26- - Replace `resolved_packages ` by `fixed_packages `
27- - Replace `unresolved_packages ` by `affected_packages `
28- - Replace `url ` by `reference_url ` in the reference list
29- - /api/packages
30- - Replace `unresolved_vulnerabilities ` by `affected_by_vulnerabilities `
31- - Replace `resolved_vulnerabilities ` by `fixing_vulnerabilities `
32- - Replace `url ` by `reference_url ` in the reference list
3327
34- - Add alias to the /api/vulnerabilities
28+ - There are breaking Changes at API level with changes in the data structure:
3529
36- - Lookup vulnerabilities from aliases
30+ - in the /api/ vulnerabilities/ endpoint:
3731
32+ - Rename `resolved_packages ` to `fixed_packages `
33+ - Rename `unresolved_packages ` to `affected_packages `
34+ - Rename `url ` to `reference_url ` in the reference list
35+
36+ - in the /api/packages/ endpoint:
37+
38+ - Rename `unresolved_vulnerabilities ` to `affected_by_vulnerabilities `
39+ - Rename `resolved_vulnerabilities ` to `fixing_vulnerabilities `
40+ - Rename `url ` to `reference_url ` in the reference list
41+
42+ - There is a new experimental cpe/ API endpoint to lookup for vulnerabilities by CPE and
43+ another aliases/ endpoint to lookup for vulnerabilities by aliases. These two endpoints will be
44+ replaced by query parameters on the main vulnerabilities/ endpoint when stabilized.
45+
46+
47+ Other:
48+
49+ - we dropped calver to use a plain semver.
50+ - we adopted vers and the new univers library to handle version ranges.
3851
3952
4053Version v20.10
0 commit comments