V2.8.2
Pre-release
Pre-release
What's Changed
- Resolves #1883: Fixing hung sessions by @david-rocca in #1871
- Resolves #1884: fixes oversized JSON request handling so 413 responses do not throw by @david-rocca in #1872
- Resolves #1878 validation fixes by @david-rocca in #1873
- Resolves issue #1881, future-proofs registry-only user org reassignment. by @david-rocca in #1887
- Resolves issue #1874, Preserve both CNA modified-date bounds in CVE query filters. by @david-rocca in #1888
- Resolves issue #1875, fixes the CNA provider metadata
dateUpdatedindex for CVE records. by @david-rocca in #1889 - Resolves issue #1880, fixes JSON whitespace trimming for nested null values and error control flow. by @david-rocca in #1890
- Resolves issue #1882, Prevent append-audit requests without history from returning a 500. by @david-rocca in #1891
- Resolves issue #1877, validates cursor pagination limits as numeric request input. by @david-rocca in #1892
- Resolves issue #1879, fixes date-only query filter sanitization. by @david-rocca in #1893
- Resolves issue #1868, hardens CVE ID modification against unauthenticated org short-name fallback. by @david-rocca in #1895
- Resolves issue #1669, Limits CVE-API-USER header length before authentication logging. by @david-rocca in #1896
- Resolves issue #1870, hardens auth context helpers so unauthenticated requests cannot use unvalidated requester header context for identity or role decisions. by @david-rocca in #1897
- Updating some documentation by @david-rocca in #1898
Full Changelog: v2.8.1...v2.8.2