Skip to content

CPE Editor v1.1.0 released with many improvements in UI, APIs, performance

Latest

Choose a tag to compare

@adulau adulau released this 24 Jun 09:12
v1.1.0
c250f48

Release notes

CPE Editor v1.1.0

CPE Editor v1.1.0 is a substantial feature and operations release focused on making curated CPE data easier to explore, review, publish, and run in production. It expands the public contribution workflow, adds richer APIs and feeds, improves dataset portability, and delivers major performance and reliability improvements for larger catalogs.

Screenshot from 2026-06-24 11-12-31

Highlights

  • Richer public contribution workflows: contributors can now propose CPE changes, entity notes, vendor/product metadata, relationship updates, vulnerability references, and product aliases through more focused forms and review flows.
  • Approved-change transparency: accepted changes are visible through public change pages, scoped vendor/product/CPE feeds, RSS/Atom feeds, and API endpoints, making downstream synchronization and audit trails easier.
  • Better CPE intelligence: product pages now surface aliases, duplicate-detection signals, PURL mappings, vulnerability references, GCVE/db.gcve.eu lookup links, and combined views for related products.
  • Expanded API coverage: the read-only OpenAPI interface now includes approved changes, vulnerability references, product aliases, statistics, PURL search filters, and BCP-10-friendly change bundle output.
  • Portable curated datasets: dataset export/import now preserves relationships, metadata, aliases, vulnerability references, and PURL mappings, with JSON, NDJSON, and git-friendly export tooling for larger instances.
  • Production-ready deployment: a dedicated WSGI entry point and hardened Gunicorn start script provide safer defaults for concurrency, request handling, logging, IPv4/IPv6 binding, and proxy-aware access logs.
  • Large-catalog performance: search, prefix filtering, pagination, statistics, and export paths were optimized with better indexes, lower memory use, Valkey-backed statistics caching, and more selective expensive lookups.
  • Polished user experience: the UI received improved navigation, layout, dark mode, clearer GCVE collaboration messaging, JSON download affordances, refreshed imagery, and more consistent page actions.

New and improved features

Contribution and moderation

  • Added dedicated note, metadata, relationship, vulnerability-reference, and product-alias proposal workflows.
  • Added admin review improvements, metadata creation/editing screens, alias management, duplicate detection, false-positive dismissal, proposal source user-agent tracking, and bulk spam deletion.
  • Added public approved-change list/detail pages and linked approved changes back to affected vendors, products, CPE records, aliases, and newly created entities.

APIs, feeds, and integrations

  • Added a broader OpenAPI-documented read-only API, including endpoints for vendors, products, CPEs, approved changes, vulnerability references, aliases, statistics, and scoped search filters.
  • Added RSS and Atom feeds for all approved changes and for individual vendor, product, and CPE scopes.
  • Added BCP-10-compatible deterministic UUID handling and optional change bundle output for integration workflows.
  • Added import support for NVD CPE Match data, PURL-to-CPE mappings, and GCVE enriched CVE dumps.

Dataset portability

  • Added portable dataset export/import coverage for curated entities and relationships.
  • Added JSON entity downloads, streaming NDJSON export, and git-friendly export tooling that can update an existing dataset repository in place.
  • Improved import robustness for UUID conflicts, orphaned PURL mappings, cvelistv5 payloads, and single-object admin JSON recovery.

Performance and reliability

  • Added SQLite production safeguards such as WAL/busy-timeout support, schema alteration helpers, reindexing, and planner analysis support.
  • Optimized vendor, product, CPE, PURL, and prefix searches with better query shapes and indexes.
  • Reduced unnecessary counts and expensive lookups on large result sets.
  • Added Valkey-backed statistics caching and fixed cached vendor name rendering.
  • Reduced memory usage for dataset export.

Deployment and operations

  • Added wsgi.py for production app loading without debug mode.
  • Added start.py as a production Gunicorn launcher with sensible worker, thread, timeout, backlog, recycle, logging, and IPv4/IPv6 defaults.
  • Documented production startup, GCVE enriched CVE imports, dataset export tooling, and the current API/test workflow.

Fixes and polish

  • Improved search form behavior, vendor pagination, product lookup tables, relationship proposal defaults, CPE API pagination counts, dark-mode link readability, and header/footer branding.
  • Fixed several importer, export/import, template, and admin review edge cases.
  • Added API and workflow regression tests plus GitHub Actions coverage.

Upgrade notes

  • Run the database migration helper before serving an existing instance: python -m flask --app run init-db --alter.
  • Rebuild indexes after upgrading large SQLite-backed deployments: python -m flask --app run reindex-db.
  • For production deployments, prefer ./start.py or another WSGI server targeting wsgi:app rather than the Flask development server.