Skip to content

Release 2.3.0

Latest
Latest
Compare
Choose a tag to compare
@cedricbonhomme cedricbonhomme released this 17 Dec 09:09
· 52 commits to main since this release
v2.3.0
This tag was signed with the committer’s verified signature.
cedricbonhomme Cédric Bonhomme
GPG key ID: A1CB94DE57B7A70D
Learn about vigilant mode.
814801a
This commit was signed with the committer’s verified signature.
cedricbonhomme Cédric Bonhomme
GPG key ID: A1CB94DE57B7A70D
Learn about vigilant mode.

🎉 We’re really excited to unveil Vulnerability-Lookup 2.3.0—our festive Christmas Release! 🎄

It includes new features, new importers, improvements and fixes.

✨ What's New

  • Pub/Sub Mechanism:
    A streaming service implemented using a Publish/Subscribe (Pub/Sub) pattern powered by Valkey.
    Available channels: vulnerability, comment, bundle, and sighting.
    For more details, see the documentation (#92).

    • FediVuln now supports streaming information from a Valkey Pub/Sub service or an authenticated HTTP event-stream (both provided by Vulnerability-Lookup internals) to the Fediverse. Templates are used to render statuses, with the appropriate template selected based on the channel where the event originates.

  • CISA Vulnrichment importer (as meta for CVE):
    The CISA Vulnrichment project is the public repository of CISA's enrichment
    of public CVE records through CISA's ADP (Authorized Data Publisher) container.
    In this phase of the project, CISA is assessing new and recent CVEs and adding
    key Stakeholder-Specific Vulnerability Categorization (SSVC)
    decision points. Once scored, some higher-risk CVEs will also receive
    enrichment of CWE and/or CVSS data points, where possible.
    The web interface will highlight this information related to the CVEs in the next release
    More information. (#42)

  • CWE (Common Weakness Enumeration) and CAPEC (Common Attack Pattern Enumeration and Classification) importers (#97)

  • New NCSC-NL CSAF Importer: (#94)

  • New Route:
    /api/vulnerability/cpesearch/<string:cpe> to retrieve vulnerabilities by CPE (Common Platform Enumeration). (41f8471)

  • New Website:
    A brand-new website featuring announcements and official documentation:
    https://www.vulnerability-lookup.org

🛠️ Changes

  • Improved lookup for the cvelistv5_view macro description. (f4a929c)

  • Added the ability for users to specify a source for sightings. (2be4eef)

  • Updated kvrocks configuration with Docker support. (f864138)

  • Added new with_linked, with_comments, with_bundles, and with_sightings arguments to the Vulnerability resource for the GET method. (8cb595)

Fixes

  • Fail fast if Valkey/Redis fails to start. (#93)

  • Fixed various minor issues in the HTML templates.

🙏 Thank you very much to all the contributors and testers!

custom-sighting
fediverse
NCSCNL

Funding

ngsoti-small
eu_funded_en

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.

Assets 2
Loading