Skip to content

v0.25.3

Compare
Choose a tag to compare
@github-actions github-actions released this 10 May 10:04
· 128 commits to master since this release
ef2be3d

This release includes recently released Ubuntu 24.04 support, some additional features, and several bug fixes.
We strongly recommend update to this version for Red Hat-like distribution users.
Watch out corresponding goval-dictionary and gost updates!

New feature

  • Ubuntu 24.04 support comes in
  • TLS insecure flag is added for SMTP notification

(Potential) Incompatibilities

  • Use new gost for Ubuntu 24.04 support (#1878)
  • Use new goval-dictionary for detection on Red Hat-like distributions (#1907)

Bug fixes

  • For Red Hat-like distributions, there were false-positives and false negatives in detection results
    • See #1906 for details
    • Now fixed by the PR: feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost by @MaineK00n in #1907
  • style(log) config.toml template docs url by @future-ryunosuketanai in #1894
  • style: fix some typos in comments by @deferdeter in #1897
  • (fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint by @shino in #1893
  • fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations by @MaineK00n in #1899
  • style(log) fix trivy docs link by @future-ryunosuketanai in #1902

Misc Changes

  • chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 by @dependabot in #1903
  • chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1898
  • chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 by @dependabot in #1888
  • chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 by @dependabot in #1891
  • chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1890
  • chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 by @dependabot in #1896
  • chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 by @dependabot in #1885
  • chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 by @dependabot in #1908
  • chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1909
  • chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 by @dependabot in #1910

New Contributors

Full Changelog: v0.25.2...v0.25.3