Releases: future-architect/vuls
Releases · future-architect/vuls
v0.25.2
This release includes one additional feature and some bug fixes.
If you use Amazon Linux 2023, you have to harry to update.
New feature
- Some enterprise features of WPScan are now added to scan results.
(Potential) Incompatibilities
- Names and Versions of JAR-like files of scan results can be overwritten at
vuls result
phase.
Bug fixes
- Amazon Linux 2023 have changed its release version format in
/etc/amazon-linux-release
- It causes inability of EOL detection at
vuls scan
phase and failure of vulnerability detection atvuls report
phase. - No vulnerabilities are detected unless this bug fix, please update quickly if you use Amazon Linux 2023.
- e1df74c fix(amazon): use major version for checking eol, security advisories (#1873)
- It causes inability of EOL detection at
Misc Changes
- e25ec99 chore(deps): bump github.com/aws/aws-sdk-go from 1.49.21 to 1.51.5 (#1881)
- 472df0e chore(deps): update dictionary modules (#1877)
- 7d5a47b chore(deps): bump github.com/docker/docker (#1880)
- 426eb53 chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.4 (#1872)
- bda089b chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1871)
- 02d1f6f chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1868)
New Contributors
- @future-ryunosuketanai made their first contribution in #1875
Full Changelog: v0.25.1...v0.25.2
v0.25.1
Caution
Version 0.25.0 is SKIPped. DON'T USE 0.25.0.
Highlights
-
Trivy dependency is updated, 0.35.0 to 0.49.1
- Dart's pubspec.lock, Elixir's mix.lock, Swift's Podfile.lock and Package.resolved are newly
detected by lockfile scan, these can be auto detected (findLock = true) - Rust's binary can also be scanned as lockfile, but not auto detected
- Related PRs
- Dart's pubspec.lock, Elixir's mix.lock, Swift's Podfile.lock and Package.resolved are newly
-
Add PURL (Package URL) in scan results
- feat(PackageURL):add package URL for library scan result by @TsubasaKanemitsu in #1862
(Potential) Incompatibilities
-
In previous versions, vuls did not output results when all scans had failed, now outputs results
even when all scans failed- Related PRs
- fix(scanner): output all results even if all fail by @MaineK00n in #1866
- refactor(config): move syslogconf to config/syslog package by @MaineK00n in #1865
- Related PRs
-
Due to Trivy dependency update (in Highlights), some of scan logic previously
executed invuls scan
phase are moved tovuls report
phase- If new vuls binary is used in
vuls scan
and older ones invuls report
, there can be
missing vulnerabilities, don't do that - This only affects JAR-like lockfile scan
- If new vuls binary is used in
Misc changes
- fix(ci): use go version of go.mod by @MaineK00n in #1858
- fix(build): Change timeout to 60 minutes by @shino #1867
- chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #1849
- chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 by @dependabot in #1854
- chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.2 by @dependabot in #1856
- chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #1861
New Contributors
- @TsubasaKanemitsu made their first contribution in #1862
Full Changelog: v0.24.9...v0.25.1
v0.25.1-beta2
Changelog
- 5af3226 fix(build): Change timeout to 60 minutes
v0.25.1-beta1
Changelog
- 18b4cbb Add 2 hour timeout
v0.25.0
v0.24.9
Changelog
- b9ebcf3 fix(scanner/windows): support when default shell is powershell (#1844)
- 7e91f5e fix(contrib/trivy): fix convert for src package (#1842)
- 76267a5 delete: cab validation (#1843)
- ea84385 fix(scanner/macos): remove unnecessary error check (#1836)
- d6589c2 chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1837)
- 6e07103 chore(deps): bump github.com/emersion/go-smtp from 0.20.1 to 0.20.2 (#1838)
- b7e5bb2 chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#1831)
- 91ed768 chore(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 (#1833)
- 098f308 chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1829)
- 0e04d21 chore(deps): bump github.com/emersion/go-smtp from 0.20.0 to 0.20.1 (#1826)
- f1005e5 chore(deps): bump github.com/emersion/go-smtp from 0.19.0 to 0.20.0 (#1824)
- 1acc4d8 chore(deps): bump github.com/c-robinson/iplib from 1.0.7 to 1.0.8 (#1819)
- eee6441 chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1818)
v0.24.8
What's Changed
- fix(scanner/redhat): do not make cache when offline of redhat fast by @MaineK00n in #1814
- chore(deps): bump dictionaries by @MaineK00n in #1815
Full Changelog: v0.24.7...v0.24.8
v0.24.7
What's Changed
- feat(os): add FreeBSD 14 EOL by @MaineK00n in #1797
- chore(deps): bump github.com/gosnmp/gosnmp from 1.36.1 to 1.37.0 by @dependabot in #1798
- chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 by @dependabot in #1799
- chore(deps): bump go-cve-dictionary to 0.10.0 by @MaineK00n in #1803
- feat(models/nvd): group by source by @MaineK00n in #1805
- fix(scanner/redhat): make cache before detect dnf modules by @wadda0714 in #1812
Full Changelog: v0.24.6...v0.24.7
v0.24.6
v0.24.5
Changelog
- cbece1d add: Setenv HTTPS_PROXY for aws sdk (#1794)
- 4ffa067 chore(deps): bump github.com/emersion/go-smtp from 0.18.1 to 0.19.0 (#1790)
- 53317ee chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (#1789)
- fc74356 chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#1791)
- bced16f fix(scanner): parsing apt cache policy for nvidia-container-toolkit (#1786)
- f3f8e26 chore(deps): bump github.com/emersion/go-smtp from 0.16.0 to 0.18.1 (#1771)
- cd8f6e1 feat(os): add fedora 39 (#1788)
- 323f0ae feat(windows): add Windows 11 23H2 (#1751)
- 5d1c365 chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#1782)
- d8fa000 chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1785)
- 9f1e090 chore(deps): bump github.com/docker/docker (#1777)
- 8d5765f chore(deps): bump go.etcd.io/bbolt from 1.3.7 to 1.3.8 (#1780)
- 3a5c332 chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#1781)
- cef4ce4 chore(config):Modification of AmazonLinux 1 maintenance deadline (#1776)
- 264a82e chore(deps): bump github.com/vulsio/gost to v0.4.6-0.20231027050036-c963bd83e7e5 (#1775)
- fed731b chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1774)
- 5e2ac5a chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#1773)