We are pleased to announce the release of Vulnerability-Lookup 4.3.0!
This release brings compliance with the updated GCVE BCP-03 specification (discussion), introducing a dedicated API endpoint for exposing GCVEs published by a local Vulnerability-Lookup instance.
It also includes improvements to the GCVE feeder, email notification reliability fixes, and updated dependencies.
What’s New
GCVE Publication Endpoint
A new /api/gcve/publication endpoint lets external consumers discover all GCVEs published by the local instance.
This is the standard mechanism defined in the updated GCVE BCP-03 for federated vulnerability sharing between Vulnerability-Lookup deployments and GCVE-compatible tools. c931b95
GCVE new endpoint
GCVE publications on db.gcve.eu
GNA-1 publications
Changes
- chg: [feeder] GCVE feeder now uses /api/gcve/publication with two fallbacks for retro-compatibility. 96aaed6
- chg: [bin] Also dump KEV entries. 5523cb7
- chg: [bin] Updated footer of the dump page. 3260682
- chg: [templates] Added a link to the list of sources from the /recent page. 89723f2
- chg: [dependencies] Updated Python and JavaScript dependencies. a135d86, 1fcc515, d163c5f
Fixes
- fix: [notifications] Remove jitter from last_execution_time to prevent missed notifications. When multiple users subscribed to the same product, the random jitter on last_execution_time created different blind windows, causing some users to miss vulnerability notifications. a02a9fe
- fix: [typing] Fixed a typing issue in the aggregator parameter of the CSAFAggregatorHelper class. 860ead7
Changelog
For the full list of changes, check the GitHub release:
Thank you to all contributors and testers!
Feedback and Support
If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
Your feedback is always appreciated!
Follow Us on Fediverse/Mastodon
You can follow us on Mastodon and get real-time information about security advisories: