v0.25.3
This release includes recently released Ubuntu 24.04 support, some additional features, and several bug fixes.
We strongly recommend update to this version for Red Hat-like distribution users.
Watch out corresponding goval-dictionary and gost updates!
New feature
- Ubuntu 24.04 support comes in
- Depends on new gost, vulsio/gost#249
- feat(ubuntu): add 24.04 noble by @MaineK00n in #1878
- TLS insecure flag is added for SMTP notification
(Potential) Incompatibilities
- Use new gost for Ubuntu 24.04 support (#1878)
- Use new goval-dictionary for detection on Red Hat-like distributions (#1907)
Bug fixes
- For Red Hat-like distributions, there were false-positives and false negatives in detection results
- See #1906 for details
- Now fixed by the PR: feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost by @MaineK00n in #1907
- style(log) config.toml template docs url by @future-ryunosuketanai in #1894
- style: fix some typos in comments by @deferdeter in #1897
- (fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint by @shino in #1893
- fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations by @MaineK00n in #1899
- style(log) fix trivy docs link by @future-ryunosuketanai in #1902
Misc Changes
- chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 by @dependabot in #1903
- chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1898
- chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 by @dependabot in #1888
- chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in #1891
- chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1890
- chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 by @dependabot in #1896
- chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 by @dependabot in #1885
- chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 by @dependabot in #1908
- chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1909
- chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in #1910
New Contributors
- @Koodt made their first contribution in #1220
- @deferdeter made their first contribution in #1897
Full Changelog: v0.25.2...v0.25.3