You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "Aliases" section for vulnerability reports should make CVE and GHSA IDs into links.
We should also stop adding these links to the "References" section of the OSV data by default. We do want to manually include advisory links on occasion, but we shouldn't put a CVE/GHSA link in the references just because the advisory aliases reference it; that's redundant and it's better to generate the link at display time if desired.
The text was updated successfully, but these errors were encountered:
OSV records reference CVEs and GHSAs via the 'aliases' field.
Don't generate an additional reference link in the 'references' field;
if we want a link, we can generate it at display time.
Also don't put the GHSA permalink in the suggested context links
when generating a new report; while we do sometimes want to link
the GHSA when it's the canonical source of information on a
vulnerability, that's not the usual case.
For golang/go#54700.
Change-Id: I2e9b4f77f6caf9473fd2c62274bf5ffe790f836c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/426034
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
The "Aliases" section for vulnerability reports should make CVE and GHSA IDs into links.
We should also stop adding these links to the "References" section of the OSV data by default. We do want to manually include advisory links on occasion, but we shouldn't put a CVE/GHSA link in the references just because the advisory aliases reference it; that's redundant and it's better to generate the link at display time if desired.
The text was updated successfully, but these errors were encountered: