Skip to content

v0.25.3
Compare
Choose a tag to compare
@github-actions github-actions released this 10 May 10:04
· 10 commits to master since this release
v0.25.3
ef2be3d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This release includes recently released Ubuntu 24.04 support, some additional features, and several bug fixes.
We strongly recommend update to this version for Red Hat-like distribution users.
Watch out corresponding goval-dictionary and gost updates!

New feature

  • Ubuntu 24.04 support comes in
  • TLS insecure flag is added for SMTP notification

(Potential) Incompatibilities

  • Use new gost for Ubuntu 24.04 support (#1878)
  • Use new goval-dictionary for detection on Red Hat-like distributions (#1907)

Bug fixes

  • For Red Hat-like distributions, there were false-positives and false negatives in detection results
    • See #1906 for details
    • Now fixed by the PR: feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost by @MaineK00n in #1907
  • style(log) config.toml template docs url by @future-ryunosuketanai in #1894
  • style: fix some typos in comments by @deferdeter in #1897
  • (fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint by @shino in #1893
  • fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations by @MaineK00n in #1899
  • style(log) fix trivy docs link by @future-ryunosuketanai in #1902

Misc Changes

  • chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 by @dependabot in #1903
  • chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1898
  • chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 by @dependabot in #1888
  • chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in #1891
  • chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1890
  • chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 by @dependabot in #1896
  • chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 by @dependabot in #1885
  • chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 by @dependabot in #1908
  • chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1909
  • chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in #1910

New Contributors

Full Changelog: v0.25.2...v0.25.3

Contributors

shino, MaineK00n, and 4 other contributors
Assets 49