Releases · RedHatProductSecurity/cvelib

11 Oct 15:25

mprpic

1.6.0

c690e18

1.6.0 Latest

Latest

Changes:

Subcommands that not require authentication credentials no longer require -u/-o/-a options to be set (#93).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

18 Jul 17:55

mprpic

1.5.0

c4129f9

1.5.0

Changes:

The -u/--username option is now required when updating a user or resetting the token of a user (#86).
Updated CVE record schemas to final 5.1.0 version; the previous 5.1.0 were still RC versions that later changed (#87).
The called command is shown in an error message that refers users to read help text (#84).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

15 May 18:14

mprpic

1.4.0

061b3ae

1.4.0

Changes:

Updated CVE JSON schema to version 5.1.0, which makes it compatible with CVE Services 2.3.x (#79).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

26 Jan 20:15

mprpic

1.3.0

ff1ef82

1.3.0

Changes:

Fixed displaying timestamps for older records (#66).
Added auto-completion of sub-commands (#73).
Added support for ADP containers (#70):
- A new publish-adp command is added that allows publishing of ADP containers into an existing CVE record (this is
  only possible if a CVE is in the published state).
- The show subcommand now allows displaying a CNA container or all/subset of existing ADP containers (identified by
  the org's name that created it).
- ADP containers can only be published and updated, so there is no functionality to remove them.
CVE state constants were updated to match the case used by CVE Services, e.g. rejected -> REJECTED (#75).
Fixed displaying CVE ID reservations for records that are missing the user attribute (#76).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

16 Feb 18:06

mprpic

1.2.1

2011356

1.2.1

Changes:

Improved CveRecordValidationError exception error message.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

02 Dec 13:47

mprpic

1.2.0

254fc36

1.2.0

Changes:

The list and users commands have a new -N/--no-header option that skips printing a header in the table output. (#55).
The bundled CNA Published JSON schema is used by default when calling CveRecord.validate() (#57).
The jsonschema required dependency was relaxed to an older version (#54).

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

11 Nov 18:22

mprpic

1.1.0

37c98bf

1.1.0

Changes:

The publish and reject subcommands have a new -f/--cve-json-file option that allows submitting CVE records from
a file (#18).
Added CVE v5 JSON schema (5.0.0) validation when publishing a CVE record (#39).
Full CVE v5 records can now be used when publishing a CVE; the CNA container is parsed from the CVE record
automatically (#42).
Automatically add providerMetadata from the org used when authenticating against CVE Services if it is missing in
the supplied CVE record (#19).
Added CVE v5 JSON 5.0.0 schemas under cvelib/schemas along with a script that extracts container-level sub-schemas.
cve show --show-record --raw now outputs a valid CVE record only (#44).
Dropped support for Python 3.6.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

03 Oct 17:29

mprpic

1.0.0

b8a4db6

1.0.0

Changes:

Added support for CVE Services 2.1:
- New subcommands: publish, reject, undo-reject.
- The show subcommand now indluced a --show-record option to view a CVE's record.
- Added several new methods in the CveApi interface to reflect new CVE Services API endpoints.
Fixed sorting by the reserved timestamp when using the list subcommand.

Update your existing cvelib package with:

pip install --user --upgrade cvelib

or update your container image with:

podman pull quay.io/prodsecdev/cvelib
# OR
docker pull quay.io/prodsecdev/cvelib

Assets 2

06 Feb 13:20

mprpic

0.7.0

158666d

0.7.0

Reverted commit c1f5ede, which is (for now) incompatible with the currently available version of CVE Services.

Assets 2

17 Dec 18:40

mprpic

0.6.0

869d951

0.6.0

Added prompt for API key if not specified via env var or option (#13).
Updated list of environments to include "test".
Renamed reset_token subcommand to reset_key.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: RedHatProductSecurity/cvelib

1.6.0

1.5.0

1.4.0

1.3.0

1.2.1

1.2.0

1.1.0

1.0.0

0.7.0

0.6.0