http://open-source-security-software.net/project/cve-search/releases.atom 2024-11-15T14:53:47.969484+00:00 python-feedgen cve-search V1.0 2015-10-20T13:36:54+00:00 First official CVE-Search Stable release 2015-10-20T13:36:54+00:00 cve-search v2.1 2016-06-14T10:04:07+00:00 - Plug-in manager bugfixes and features - Use datetime objects in the database - password change option in web interface - code revision Find the releas notes [here](https://github.com/cve-search/UpdateLog/blob/master/README.md) 2016-06-14T10:04:07+00:00 cve-search v2.3 2019-09-18T19:54:40+00:00 cve-search v2.3 has been released including many bugs fixed and a new support to the NVD/NIST format in JSON. The new NVD/NIST JSON replaces the XML format which will be deprecated very soon. We welcome feedback or contribution to improve the support of the new JSON format. The current support includes all the original functionality from the original XML format with some improvements. Thanks a lot to all contributions who helped us by reporting issues, proposing pull-request or supporting us. Don't hesitate to review the [cve-search Changelog](https://www.cve-search.org/Changelog.txt) to have a detailed overview of what changes in 2.3. 2019-09-18T19:54:40+00:00 cve-search v2.4 2019-10-06T21:27:32+00:00 cve-search v2.4 has been released including many bugs fixed and improvements to the web interface pagination. A huge thank to [Ján Doboš](https://github.com/janidetiger) for the updates in the web interface pagination. This update was performed during the [CyberExchange](https://ec.europa.eu/inea/en/connecting-europe-facility/cef-telecom/2017-eu-ia-0118) program where staff exchange within the CSIRTs/CERTs (for this contribution between [CIRCL](https://www.circl.lu/) and [SK-CERT](https://www.sk-cert.sk). This program is funded by the EC under the CEF program (2017-EU-IA-0118). [cve-search is now on Twitter](https://twitter.com/cve_search). We will publish software updates, projects and activities of cve-search project on our account. Don't hesitate to [follow us](https://twitter.com/cve_search). Thanks a lot to all contributors who helped us by reporting issues, proposing pull-request or supporting us. Don't hesitate to review the [cve-search Changelog](https://www.cve-search.org/Changelog.txt) to have a detailed overview of what changes in 2.4. 2019-10-06T21:27:32+00:00 cve-search v2.5 2019-10-29T14:48:28+00:00 cve-search v2.5 has been released including bugs fixed and improvement in the CPE/CWE JSON import. [cve-search is on Twitter](https://twitter.com/cve_search). We will publish software updates, projects and activities of cve-search project on our account. Don't hesitate to [follow us](https://twitter.com/cve_search). Thanks a lot to all contributors who helped us by reporting issues, proposing pull-request or supporting us. Don't hesitate to review the [cve-search Changelog](https://www.cve-search.org/Changelog.txt) to have a detailed overview of what changes in 2.5. 2019-10-29T14:48:28+00:00 cve-search v2.6 2020-01-12T16:58:36+00:00 # cve-search v2.6 (2019-11-08) released ## Changes - [web] template vulnerable_product and assigner is a default field. [Alexandre Dulaunoy] - [sources] revert back CAPEC XML source (parser is broken with recent version) [Alexandre Dulaunoy] - [db_mgmt_json] use of format. [Alexandre Dulaunoy] ## Fix - [db_mgmt_json] if cpe_name is missing from original CPE then use default cpe23 URI. [Alexandre Dulaunoy] - [minimal] link result is now using the proper cve result key. [Alexandre Dulaunoy] ## Other - Merge pull request #391 from kairis/master. [Alexandre Dulaunoy] CPE and CVE fixes - Drop CPE and CVE databases if force populating. [Sami Kairajarvi] This is done in db_updater, but if someone calls either CPE or CVE updaters directly with "-pa", it will duplicate the data - Change order of updating CVE and CPE. [Sami Kairajarvi] CPE needs to be updated first, as CVE uses CPE data - Add fields to CVE only if they don't exist already. [Sami Kairajarvi] - Fix CPE matching for vulnerable children. [Sami Kairajarvi] - Add warning to product search. [Sami Kairajarvi] - Remove non_vulnerable_configuration. [Sami Kairajarvi] - Add all vulnerable products to vulnerable_products, not only applications. [Sami Kairajarvi] - Merge pull request #386 from kairis/master. [Alexandre Dulaunoy] Append all items of CVE description field into summary - Append all items of CVE description field into summary. [Sami Kairajarvi] 2020-01-12T16:58:36+00:00 cve-search v2.7 2020-01-12T17:00:17+00:00 # Changes - [cpe/bulkUpdate] use format instead of concat. [Alexandre Dulaunoy] - [db] all regex queries are now case insensitive. [Alexandre Dulaunoy] # Other - Merge pull request #401 from Agh42/feature/improve-bulk-updates. [Alexandre Dulaunoy] Speed up bulk update (i.e. CPE update) operations. - Speed up bulk update operations. [Agh42] 2020-01-12T17:00:17+00:00 cve-search v2.8 2020-06-03T13:18:24+00:00 # v2.8 (2020-06-03) Changes ~~~~~~~ - [source] default to nvd cve 1.1. [Alexandre Dulaunoy] - [cve source] now officially use nvd 1.1 version. [Alexandre Dulaunoy] - [config] download CVE JSON feed in version 1.1. [Alexandre Dulaunoy] - [DatabaseLayer] access field missing added - Fix #404. [Alexandre Dulaunoy] - [DatabaseLayer] add missing impact field in the update. [Alexandre Dulaunoy] Thanks to the good report in issue #403. Other ~~~~~ - Merge pull request #429 from tydeu/master. [Alexandre Dulaunoy] Drop the `cves` (not the `cve`) collection when repopulating - Drop the `cves` (not the `cve`) collection. [Mac Malone] - Merge branch 'master' of github.com:cve-search/cve-search. [Alexandre Dulaunoy] - Merge pull request #423 from eaydin/master. [Alexandre Dulaunoy] Resolve issue #375 - Resolve issue #375. [eaydin] - Update README.md. [Pidgey] - Merge pull request #415 from guiguitodelperuu/fix-capec-v3.2. [Alexandre Dulaunoy] Add support for the latest CAPEC XML file version (3.2). - Add support for the lastest CAPEC XML file version (3.2). Issue #414. [Guillaume Petit] - Merge pull request #412 from Schuilnaam/master. [Alexandre Dulaunoy] notification bug fix - Revert "Update .travis.yml" [rocco] This reverts commit ea3059c7344f76748d42ccd1747b085d736cdfcf. - Update .travis.yml. [Rocc00] python 3.3 is not available - Notification bug fix. [rocco] - Merge pull request #409 from jgilman99/jgilman99-patch-1. [Alexandre Dulaunoy] Typo - `access` spelled `acccess` - Typo - `access` spelled `acccess` [John] 2020-06-03T13:18:24+00:00 cve-search v2.9 2020-07-29T12:20:17+00:00 v2.9 (2020-07-29) ----------------- # Changes - [doc] reference to the ChangeLog updated. [Alexandre Dulaunoy] # Other - Merge pull request #436 from noraj/patch-2. [Alexandre Dulaunoy] add docker ref - Update README.md. [Alexandre Dulaunoy] Make it more markdown friendly. - Add docker ref. [Alexandre ZANNI] - Merge pull request #442 from P-T-I/fix_cpe_other. [Alexandre Dulaunoy] fix #441 - Fix #441. [Paul Tikken Laptop] - Merge pull request #444 from P-T-I/capec. [Alexandre Dulaunoy] fix #443 and #402 and #414 - Fix #443. [Paul Tikken Laptop] - Merge pull request #445 from P-T-I/version_bumps. [Alexandre Dulaunoy] version bump of cwe and capec - Version bump of cwe. [Paul Tikken Laptop] - Merge pull request #438 from AndreC10002/patch-2. [Alexandre Dulaunoy] Redis password parameter - Redis password parameter. [AndreC10002] Redis password parameter 2020-07-29T12:20:17+00:00 cve-search v3.0 2020-10-01T11:30:43+00:00 # cve-search v3.0 (2020-10-01) released with a rewritten import process, unit tests and many bugs fixed. # Changes - [travis] fix to use JSON NVD source + removed unsupported Python version. [Alexandre Dulaunoy] - Merge pull request #451 from P-T-I/import_impr. [Alexandre Dulaunoy] Initial import restructure - Final fix for missing field. [Paul Tikken Laptop] - Fix for missing last-modified field in cve documents. [Paul Tikken Laptop] - Fix for missing last-modified field in cve documents. [Paul Tikken Laptop] - Minor adjustment travis.yml. [Paul Tikken Laptop] - Merge from master. [Paul Tikken Laptop] - Merge pull request #478 from P-T-I/unit_tests. [Alexandre Dulaunoy] Unit tests - Added specific parser to BeautifulSoup. [Paul Tikken Laptop] - Added build arguments to travis file. [Paul Tikken Laptop] - Final travis file. [Paul Tikken Laptop] - Working on tests. [Paul Tikken Laptop] - Working on tests. [Paul Tikken Laptop] - Working on tests. [Paul Tikken Laptop] - Working on tests. [Paul Tikken Laptop] - Added BeautifulSoup to requirements. [Paul Tikken Laptop] - Working on unit tests. [Paul Tikken Laptop] - Working on unit tests. [Paul Tikken Laptop] - Added dict to xml requirement. [Paul Tikken Laptop] - Fix search.py not returning xml. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing_travis. [Paul Tikken Laptop] - Testing with travis. [Paul Tikken Laptop] - Testing travis file. [Paul Tikken Laptop] - Testing travis file. [Paul Tikken Laptop] - Testing travis file. [Paul Tikken Laptop] - Fixed -p switch travis file. [Paul Tikken Laptop] - Change to unit_tests. [Paul Tikken Laptop] - Change to unit_tests. [Paul Tikken Laptop] - Change to unit_tests. [Paul Tikken Laptop] - Change in unit_tests. [Paul Tikken Laptop] - Change in unit_tests. [Paul Tikken Laptop] - Change in unit_tests. [Paul Tikken Laptop] - Requirements.txt fix. [Paul Tikken Laptop] - Altered travis for pytest support. [Paul Tikken Laptop] - Setup unit testing scripts. [Paul Tikken Laptop] - Init files added when needed for unit_tests. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Added nltk to requirements.txt as it was not covered. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Config files added for testing. [Paul Tikken Laptop] - Added pytest requirements. [Paul Tikken Laptop] - Removed old testing file. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Testing with travis. [Paul Tikken Laptop] - Merge remote-tracking branch 'origin/master' [Paul Tikken Laptop] - Create stale.yml. [PT] - Merge branch 'up_master' into import_impr. [Paul Tikken Laptop] - Merge pull request #470 from P-T-I/cve-search-469. [Alexandre Dulaunoy] cve-search-469; fix for not deplaying results - Cve-search-469; fix for not deplaying results. [Paul Tikken Laptop] - Merge branch 'up_master' into import_impr. [Paul Tikken Laptop] - Merge pull request #468 from P-T-I/regex_options. [Alexandre Dulaunoy] fix #464; corrects bad fix from #465 - Fix #464; corrects bad fix from #465. [Paul Tikken Laptop] - Merging. [Paul Tikken Laptop] - Merge pull request #465 from P-T-I/regex_fail. [Alexandre Dulaunoy] Regex fail - Alter .gitignore. [Paul Tikken] - Fixes #464; double options (IGNORE_CASE) declaration for a regex search. [Paul Tikken] - Altered .gitignore. [Paul Tikken] - Fixed syntax warnings. [Paul Tikken Laptop] - Added jsonpickle requirement. [Paul Tikken Laptop] - Added auto creation of log dir. [Paul Tikken Laptop] - Troubleshooting build error on feedformatter version. [Paul Tikken Laptop] - Merge branch 'master' into import_impr. [Paul Tikken Laptop] - Merge pull request #459 from P-T-I/docker_version. [Alexandre Dulaunoy] fix #205; official dockerized version of CVE-Search added - Fix #205; official dockerized version of CVE-Search added. [Paul Tikken Laptop] - Merge pull request #460 from P-T-I/cve_search_#395. [Alexandre Dulaunoy] fix #395; Fixed warning message Mongoclient create pre-fork - Fix #395; Fixed warning message Mongoclient create pre-fork. [Paul Tikken Laptop] - Added variable interval counter for debug logging. [Paul Tikken Laptop] - Corrected update error. [Paul Tikken Laptop] - Rebase. [Paul Tikken Laptop] - Merge pull request #456 from P-T-I/syntax_warnings. [Alexandre Dulaunoy] Fixed Tornado's syntax warnings - Fixed Tornado's syntax warnings. [Paul Tikken Laptop] - Merge pull request #454 from P-T-I/cve_search-449. [Alexandre Dulaunoy] fix #449; Added stricter regex for matching CVE on CPE - Fix #449; added stricter cpe regex when matching CVEs on CPEs. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Merge branch 'master' into cve_search-449. [Paul Tikken Laptop] - Merge pull request #453 from P-T-I/doc_update. [Alexandre Dulaunoy] fix #452; Documentation update - Fix #452; Documentation update to bring the docs in line with the readme.md in the root. [Paul Tikken Laptop] - Cleanup. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Missing sys import and black formatting. [Paul Tikken Laptop] - Moved DatabaseIndexer to separate class in Sources_process.py. [Paul Tikken Laptop] - Moved DatabaseIndexer to separate class in Sources_process.py. [Paul Tikken Laptop] - Added additional log entries. [Paul Tikken Laptop] - Changed logger name. [Paul Tikken Laptop] - Added description to tqdm progressbar from CPERedisBrowser class. [Paul Tikken Laptop] - Unified logging with updater and black formatting. [Paul Tikken Laptop] - Import refactor and minor edit. [Paul Tikken Laptop] - Set JSON file progress debug logging to every 5000 items. [Paul Tikken Laptop] - Moved logic to process class. [Paul Tikken Laptop] - Added CPERedisBrowser class. [Paul Tikken Laptop] - Added logging and tqdm progressbar. [Paul Tikken Laptop] - Added logging. [Paul Tikken Laptop] - Fixed misspelled method (getCVEID instead of getCVEIDs) and black formatting. [Paul Tikken Laptop] - Added debug counter from processing items from file every 1000 items. [Paul Tikken Laptop] - Added debug counter from processing items from file. [Paul Tikken Laptop] - Refactor and unified logging with process classes. [Paul Tikken Laptop] - Refactor and unified logging with process classes. [Paul Tikken Laptop] - Modified update doc versus insert doc. [Paul Tikken Laptop] - Moved process classes to separate file. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Separate file for source process classes. [Paul Tikken Laptop] - Separate file for xml Content Handlers. [Paul Tikken Laptop] - Methods refactor. [Paul Tikken Laptop] - Added process methods to class instead. [Paul Tikken Laptop] - Changed process_item method. [Paul Tikken Laptop] - Added process_item to DownloadHandler class. [Paul Tikken Laptop] - Added method to retrieve the entire redis list. [Paul Tikken Laptop] - Added process_item to XMLFileHandler class. [Paul Tikken Laptop] - Added db (9) for redis queue. [Paul Tikken Laptop] - Added RedisQueue. [Paul Tikken Laptop] - Moved download_site method to DownloadHandler.py. [Paul Tikken Laptop] - Added redis queue as a replacement of multiprocessing queue. [Paul Tikken Laptop] - Added database action class. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Added additional logging. [Paul Tikken Laptop] - Minor changes. [Paul Tikken Laptop] - Reset insert to original. [Paul Tikken Laptop] - Added different handlers. [Paul Tikken Laptop] - Added different handlers. [Paul Tikken Laptop] - Added different handlers. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Set debug print to every 10 cycles. [Paul Tikken Laptop] - Added venv and .idea folders to ignore. [Paul Tikken Laptop] - Set exit code on errors to 1. [Paul Tikken Laptop] - Added VIADownloads class for update optimalization. [Paul Tikken Laptop] - Moved updates of info collection to DownloadHandler. [Paul Tikken Laptop] - Added requirements ijson and tqdm. [Paul Tikken Laptop] - Added logging and file extension specific classes. [Paul Tikken Laptop] - Added tqdm and ijson requirements. [Paul Tikken Laptop] - Added queues and multiprocessing. [Paul Tikken Laptop] - Added further multiprocessing. [Paul Tikken Laptop] - Added speed improvements for initial import. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Speed improvements for initial import of data. [Paul Tikken Laptop] - Merge pull request #450 from P-T-I/web_impr. [Alexandre Dulaunoy] minor admin page gui adjustments - Minor admin page gui adjustments. [Paul Tikken Laptop] - Merge pull request #448 from P-T-I/query_opt. [Alexandre Dulaunoy] small http query optimalization and black formatting - Small http query optimalization and black formatting. [Paul Tikken Laptop] 2020-10-01T11:30:43+00:00 cve-search v4.0 2020-12-17T15:23:44+00:00 # cve-search v4.0 (2020-12-17) released with a major change in the web interface, a new ReST API and many many improvements. cve-search has been significantly improved and especially the Web interface has been rewritten from scratch. Many additional improvements in the importer script which allow to reimport the full dataset in a fast way. The [documentation has been also improved](https://cve-search.github.io/cve-search/) to ease the installation process for new users. A huge thanks to all the contributors. You can have a look at all the changes on the public instance running at [https://cvepremium.circl.lu/](https://cvepremium.circl.lu/) and the [API documentation](http://cvepremium.circl.lu/api_docs). # Changes - [copyright] add Paul as co-author. [Alexandre Dulaunoy] # Other - Merge pull request #562 from P-T-I/cve-search-560. [PT] Cve search 560 - Added cvss version selector. [Paul Tikken Laptop] - Added cvss3 filter logic. [Paul Tikken Laptop] - Added data column for cvss3. [Paul Tikken Laptop] - Added column for cvss3. [Paul Tikken Laptop] - Added index for cvss3. [Paul Tikken Laptop] - Merge pull request #561 from P-T-I/cve-search-559. [PT] Cve search 559 - Merge up_master. [Paul Tikken Laptop] - Merge pull request #522 from AZobec/cvssV3. [PT] Add CVSS v3.1 in db and WebUI - Adding conditions if cvssV3 is None. [AZobec] - Rebase and adjust web/VERSION. [AZobec] - Rebase + adjust web/VERSION. [AZobec] - Modify Version. [AZobec] - Change version CVSS V3. [AZobec] - Remove comments. [AZobec] - Merge remote-tracking branch 'upstream/master' [AZobec] - CVSSv3 handling - fixing None for absence of V3 score. [AZobec] - Fix CVSSv3 Handling. [AZobec] - Add CVSS v3.1 handling. [AZobec] - Merge pull request #557 from cve-search/dependabot/pip/pytest-6.2.1. [PT] Bump pytest from 6.2.0 to 6.2.1 - Bump pytest from 6.2.0 to 6.2.1. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.0...6.2.1) - Fix #559; added api support for cvssV3 fields. [Paul Tikken Laptop] - Merge pull request #556 from P-T-I/cve-search-555. [PT] fix #555; Double entries in cwe related_weaknesses field - Fix #555; Double entries in cwe related_weaknesses field. [Paul Tikken Laptop] - Update query.py. [PT] - Update ApiRequests.py. [PT] - Merge pull request #552 from cve-search/dependabot/pip/flask- socketio-5.0.0. [PT] Bump flask-socketio from 4.3.2 to 5.0.0 - Bump flask-socketio from 4.3.2 to 5.0.0. [dependabot[bot]] Bumps [flask-socketio](https://github.com/miguelgrinberg/Flask-SocketIO) from 4.3.2 to 5.0.0. - [Release notes](https://github.com/miguelgrinberg/Flask-SocketIO/releases) - [Changelog](https://github.com/miguelgrinberg/Flask-SocketIO/blob/master/CHANGES.md) - [Commits](https://github.com/miguelgrinberg/Flask-SocketIO/compare/v4.3.2...v5.0.0) - Merge pull request #553 from cve-search/dependabot/pip/pytest-6.2.0. [PT] Bump pytest from 6.1.2 to 6.2.0 - Bump pytest from 6.1.2 to 6.2.0. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.1.2 to 6.2.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.1.2...6.2.0) - Merge pull request #551 from RoccovanAsselt/bugfix-search-without- via4. [PT] added via4 check in getSearchResults() function - Added via4 check. [Rocco van Asselt] - Testing auto deploy github pages. [Paul Tikken Laptop] - Testing auto deploy github pages. [Paul Tikken Laptop] - Testing auto deploy github pages. [Paul Tikken Laptop] - Merge pull request #550 from P-T-I/cve-search-548. [PT] fix #548; new cwe version release - Fix #548; new cwe version release. [Paul Tikken Laptop] - Added queues clear to all classes. [Paul Tikken Laptop] - Merge pull request #547 from RoccovanAsselt/Clearing_queue. [PT] clear queues to prevent duplicates - Use self.queue. [RoccovanAsselt] - Moved clearing to populate() function. [RoccovanAsselt] - Clear queues. [RoccovanAsselt] - Merge pull request #549 from P-T-I/docs_updates. [PT] Docs updates - Minor. [Paul Tikken Laptop] - Old doc folder cleanup. [Paul Tikken Laptop] - Doc alteration. [Paul Tikken Laptop] - Merge pull request #545 from cve-search/dependabot/pip/tqdm-4.54.1. [PT] Bump tqdm from 4.54.0 to 4.54.1 - Bump tqdm from 4.54.0 to 4.54.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.54.0 to 4.54.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.54.0...v4.54.1) - Delete certificate.crt. [PT] - Delete certificate.key. [PT] - Setting up sphinx docs. [Paul Tikken Laptop] - Rebuild pages. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Merge pull request #544 from P-T-I/new_docs. [PT] New docs; first setup - Setting up sphinx docs. [Paul Tikken Laptop] - Merge up_master. [Paul Tikken Laptop] - Finished migrating unit tests from travis to github actions. [Paul Tikken Laptop] - Merge pull request #543 from P-T-I/master. [PT] testing web test default branch - Testing web test default branch. [Paul Tikken Laptop] - Testing web test default branch. [Paul Tikken Laptop] - Merge pull request #542 from P-T-I/master. [PT] testing web test default branch - Testing web test default branch. [Paul Tikken Laptop] - Merge pull request #541 from P-T-I/master. [PT] Testing PR - Testing web test default branch. [Paul Tikken Laptop] - Merge branch 'up_master' [Paul Tikken Laptop] - Testing web test default branch. [Paul Tikken Laptop] - Testing web test default branch. [Paul Tikken Laptop] - Testing web test default branch. [Paul Tikken Laptop] - Testing web test default branch. [Paul Tikken Laptop] - Setting up web page tests. [Paul Tikken Laptop] - Setting up web page tests. [Paul Tikken Laptop] - Added gh action badge to README.md. [Paul Tikken Laptop] - Splitting build and test. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Testing cache. [Paul Tikken Laptop] - Uploading pytest reports to gh actions. [Paul Tikken Laptop] - Uploading pytest reports to gh actions. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Splitting build and test jobs. [Paul Tikken Laptop] - Merge branch 'master' of https://github.com/cve-search/cve-search into up_master. [Paul Tikken Laptop] - Merge pull request #540 from cve-search/dependabot/pip/tqdm-4.54.0. [PT] Bump tqdm from 4.50.2 to 4.54.0 - Bump tqdm from 4.50.2 to 4.54.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.50.2 to 4.54.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.50.2...v4.54.0) - Merge pull request #539 from cve-search/dependabot/pip/pymongo-3.11.2. [PT] Bump pymongo from 3.11.0 to 3.11.2 - Bump pymongo from 3.11.0 to 3.11.2. [dependabot[bot]] Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 3.11.0 to 3.11.2. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/3.11.2/doc/changelog.rst) - [Commits](https://github.com/mongodb/mongo-python-driver/compare/3.11.0...3.11.2) - Merge pull request #538 from cve- search/dependabot/pip/jsonpickle-1.4.2. [PT] Bump jsonpickle from 1.4.1 to 1.4.2 - Bump jsonpickle from 1.4.1 to 1.4.2. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.4.1...v1.4.2) - Splitting build and test jobs. [Paul Tikken Laptop] - Merge branch 'up_master' [Paul Tikken Laptop] - Merge branch 'up_master' [Paul Tikken Laptop] - Base coverage file. [Paul Tikken Laptop] - Working on new_docs. [Paul Tikken Laptop] - Merge branch 'up_master' into new_docs. [Paul Tikken Laptop] - Merge pull request #537 from cve-search/dependabot/pip/flask-jwt- extended-3.25.0. [PT] Bump flask-jwt-extended from 3.24.1 to 3.25.0 - Bump flask-jwt-extended from 3.24.1 to 3.25.0. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 3.24.1 to 3.25.0. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/3.24.1...3.25.0) - Merge pull request #535 from cve-search/dependabot/pip/ijson-3.1.3. [PT] Bump ijson from 3.1.2 to 3.1.3 - Bump ijson from 3.1.2 to 3.1.3. [dependabot[bot]] Bumps [ijson](https://github.com/ICRAR/ijson) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/ICRAR/ijson/releases) - [Changelog](https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md) - [Commits](https://github.com/ICRAR/ijson/compare/v3.1.2...v3.1.3) - Merge pull request #536 from cve- search/dependabot/pip/requests-2.25.0. [PT] Bump requests from 2.24.0 to 2.25.0 - Bump requests from 2.24.0 to 2.25.0. [dependabot[bot]] Bumps [requests](https://github.com/psf/requests) from 2.24.0 to 2.25.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.24.0...v2.25.0) - Merge pull request #534 from cve-search/dependabot/pip/pytest-6.1.2. [PT] Bump pytest from 6.1.1 to 6.1.2 - Bump pytest from 6.1.1 to 6.1.2. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.1.1 to 6.1.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.1.1...6.1.2) - Merge pull request #533 from cve-search/dependabot/pip/flask- socketio-4.3.2. [PT] Bump flask-socketio from 4.3.1 to 4.3.2 - Bump flask-socketio from 4.3.1 to 4.3.2. [dependabot[bot]] Bumps [flask-socketio](https://github.com/miguelgrinberg/Flask-SocketIO) from 4.3.1 to 4.3.2. - [Release notes](https://github.com/miguelgrinberg/Flask-SocketIO/releases) - [Changelog](https://github.com/miguelgrinberg/Flask-SocketIO/blob/master/CHANGES.md) - [Commits](https://github.com/miguelgrinberg/Flask-SocketIO/compare/v4.3.1...v4.3.2) - Dependabot. [PT] - Merge branch 'up_master' into new_docs. [Paul Tikken Laptop] - Cleanup. [Paul Tikken Laptop] - Disabling travis ci. [Paul Tikken Laptop] - Merge pull request #532 from P-T-I/master. [PT] Added base coverage report - Merge branch 'master' into new_docs. [Paul Tikken Laptop] - Base coverage file. [Paul Tikken Laptop] - Merge master. [Paul Tikken Laptop] - Merge pull request #531 from P-T-I/code_cov_test. [PT] Code cov test - Code_cov_test. [Paul Tikken Laptop] - Merge branch 'master' into code_cov_test. [Paul Tikken Laptop] - Code_cov_test. [Paul Tikken Laptop] - Code_cov_test. [Paul Tikken Laptop] - Merge pull request #530 from P-T-I/code_cov_test. [PT] moved unit tests to github actions - Moved unit tests to github actions. [Paul Tikken Laptop] - Merge pull request #529 from P-T-I/master. [PT] Switched unit tests to github actions - Moved unit tests to github actions. [Paul Tikken Laptop] - Testing with gh_actions. [Paul Tikken Laptop] - Testing with gh_actions. [Paul Tikken Laptop] - Testing with gh_actions. [Paul Tikken Laptop] - Testing with gh_actions. [Paul Tikken Laptop] - Merge pull request #2 from P-T-I/GH_action_test. [PT] testing with gh_actions - Testing with gh_actions. [Paul Tikken Laptop] - Update unit_tests.yml. [PT] - Update unit_tests.yml. [PT] - Update unit_tests.yml. [PT] - Update unit_tests.yml. [PT] - Merge pull request #1 from P-T-I/gh_action_test. [PT] testing with gh_actions - Testing with gh_actions. [Paul Tikken Laptop] - Merge branch 'up_master' into new_docs. [Paul Tikken Laptop] - Merge pull request #528 from P-T-I/cve-search-523. [PT] Duplicate id in cpe collection - Fix #523; Duplicate id in cpe collection. [Paul Tikken Laptop] - Merge branch 'up_master' [Paul Tikken Laptop] - Merge branch 'up_master' [Paul Tikken Laptop] - Bump. [Paul Tikken Laptop] - Merge pull request #526 from P-T-I/travis_new_test. [PT] updated the sleep time for PR - Updated the sleep time for PR. [Paul Tikken Laptop] - Delete dependabot.yml. [PT] - Merge pull request #525 from RoccovanAsselt/set-index-on-populating. [PT] new pr: create index on populating cpe and cve - Rebase. [RoccovanAsselt] - Merge. [RoccovanAsselt] - Added functionaly to create index on specific collection and call it on populating cpe and cves. [RoccovanAsselt] - Added functionaly to create index on specific collection and call it on populating cpe and cves. [RoccovanAsselt] - Merge pull request #519 from P-T-I/travis_test. [PT] gevent support checking - Setting sleep value higher to allow docker to fully load. [Paul Tikken Laptop] - Merge branch 'up_master' into travis_test. [Paul Tikken Laptop] - Added logline. [Paul Tikken Laptop] - Gevent support checking. [Paul Tikken Laptop] - Create dependabot.yml. [PT] - Setting up sphinx docs. [Paul Tikken Laptop] - Merge branch 'master' into new_docs. [Paul Tikken Laptop] - Bump. [Paul Tikken Laptop] - Merge pull request #521 from FafnerKeyZee/patch-1. [PT] Starting flask without SSL - Starting flask without SSL. [Fafner [_KeyZee_]] Starting flask without SSL - Merge pull request #508 from P-T-I/cve-search-399. [Alexandre Dulaunoy] Cve search 399 - Fix #513; added two exception handlers; one for the absence of the last_modified header and one for general download failure which will solve issue 513. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Added limit and skip integer checking and exception handling. [Paul Tikken Laptop] - Fix for search field. [Paul Tikken Laptop] - Added comment. [Paul Tikken Laptop] - Removed added additional fields from cve display. [Paul Tikken Laptop] - Moved vendor table to DataTable with ajax processing. [Paul Tikken Laptop] - Removed websockets. [Paul Tikken Laptop] - Added htmlescape function. [Paul Tikken Laptop] - Fix for not displaying results on api/cvefor. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Query optimalization on cvesForCPE query. [Paul Tikken Laptop] - Working on new indexes and import fields. [Paul Tikken Laptop] - Possible fix for travis failing to build. [Paul Tikken Laptop] - Moved user functions to mongodb.py. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Removed allow_disk_use to query_docs queries. [Paul Tikken Laptop] - Added allow_disk_use to query_docs queries. [Paul Tikken Laptop] - Disabled loggers. [Paul Tikken Laptop] - Fix for python path. [Paul Tikken Laptop] - Fix for python path. [Paul Tikken Laptop] - Fix for python path. [Paul Tikken Laptop] - Merge up_master. [Paul Tikken Laptop] - Bump. [Paul Tikken Laptop] - Cleanup. [Paul Tikken Laptop] - Cleanup & black formatting. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Working on websockets. [Paul Tikken Laptop] - Moved to gevent as webserver. [Paul Tikken Laptop] - Defined limit and skip as integers. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Moved old files to _old_ folder. [Paul Tikken Laptop] - Finished porting admin api to new api. [Paul Tikken Laptop] - Finished porting admin api to new api. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Working on admin api. [Paul Tikken Laptop] - Working on admin part. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Status adjustments. [Paul Tikken Laptop] - Working on admin api. [Paul Tikken Laptop] - Reformatted admin, login with local database fixed; working on white and black list handling. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Password check fix. [Paul Tikken Laptop] - Added sweetalert2.min.js. [Paul Tikken Laptop] - Added sweetalert2.min.js. [Paul Tikken Laptop] - Bump. [Paul Tikken Laptop] - Merge branch 'up_master' into cve-search-399. [Paul Tikken Laptop] - Bump. [Paul Tikken Laptop] - Minimal setting ignoring admin blueprint. [Paul Tikken Laptop] - Login forms formatting. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Working on login. [Paul Tikken Laptop] - Altered hashing mechanism's. [Paul Tikken Laptop] - Renamed master-page to master-page.html. [Paul Tikken Laptop] - Added requirements. [Paul Tikken Laptop] - Removed clipboard. [Paul Tikken Laptop] - Added socket.io scripts. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Reformatting. [Paul Tikken Laptop] - Added separate breadcrumbs.html subpage to ease breadcrumbs import into templates. [Paul Tikken Laptop] - Alterations made to facilitate port to bootstrap 4. [Paul Tikken Laptop] - Reformatted to bootstrap 4. [Paul Tikken Laptop] - Working on website restructure. [Paul Tikken Laptop] - Typo. [Paul Tikken Laptop] - Added api docs link to default menubar. [Paul Tikken Laptop] - Req update. [Paul Tikken Laptop] - Merge branch 'up_master' into cve-search-399. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Formatted admin page and index page. [Paul Tikken Laptop] - Setup logging. [Paul Tikken Laptop] - Setup datatables and filtering. [Paul Tikken Laptop] - Setup datatables and filtering. [Paul Tikken Laptop] - Setup datatables and filtering. [Paul Tikken Laptop] - Restructured logging. [Paul Tikken Laptop] - Restructured logging. [Paul Tikken Laptop] - Restructured logging. [Paul Tikken Laptop] - Updated requirements.txt. [Paul Tikken Laptop] - Refactor. [Paul Tikken Laptop] - Alterations for datatables server side processing. [Paul Tikken Laptop] - Added formatting and javascript code. [Paul Tikken Laptop] - Version bump. [Paul Tikken Laptop] - Rewritten POST query endpoint to make use of the database plugin method instead of a fixed connection to mongodb. [Paul Tikken Laptop] - Renamed mongo to database to make it more backend agnostic. [Paul Tikken Laptop] - Updated requirements.txt. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Basic API functionality done. [Paul Tikken Laptop] - Working on api. [Paul Tikken Laptop] - Moved to _old_ [Paul Tikken Laptop] - Working on restructure API. [Paul Tikken Laptop] - Working on API. [Paul Tikken Laptop] - Working on converting api into a flask-restx documented api. [Paul Tikken Laptop] - Updated requirements.txt to latest versions and refactor after changes. [Paul Tikken Laptop] - Added cve logo to all versions of web gui. [Paul Tikken Laptop] - Restructure of webgui. [Paul Tikken Laptop] - New jquery, bootstrap and font-awesome. [Paul Tikken Laptop] - Black formatting and swithed to central logging. [Paul Tikken Laptop] - Black formatting and swithed to central logging. [Paul Tikken Laptop] - Unignored plugin folder in web. [Paul Tikken Laptop] - Remodelling web interface to facilitate new api. [Paul Tikken Laptop] - Rebase. [Paul Tikken Laptop] - Initial setup for a post query endpoint via json body. [Paul Tikken Laptop] - Moved update scripts to separate log file handler. [Paul Tikken Laptop] - Working on sphinx docs. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Setting up sphinx docs. [Paul Tikken Laptop] - Setting up shinx docs. [Paul Tikken Laptop] - Setting up shinx docs. [Paul Tikken Laptop] - Merge pull request #503 from RoccovanAsselt/getCWEstype. [PT] bug - "/api/cwe/<int:cwe_id>" always returns null - Different solution to fix bug. [RoccovanAsselt] - Bug fix getCWEs function. [RoccovanAsselt] - Merge pull request #502 from hack3r-0m/master. [PT] fix #494 - Update requirements.txt. [hack3r-0m] updated PyMongo to 3.11.0 to use `allow_disk_use` - Fixing #494. [hack3r-0m] - added `allow_disk_use` for mongoDB > 4.4 - changed -1 to pymongo.DESCENDING wherever required - Merge pull request #1 from cve-search/master. [hack3r-0m] making it up to date - Fixed typo when comparing passwords. [PT] - Merge pull request #497 from RoccovanAsselt/ConfigBugFix. [Alexandre Dulaunoy] Config bug - Added reloadConfiguration() function to make sure all configs are reloaded. [RoccovanAsselt] - Merge pull request #495 from P-T-I/cve-search-390. [Alexandre Dulaunoy] fixes cve-search-390 - Debugged after failing unit tests. [Paul Tikken Laptop] - Fixes cve-search-390. [Paul Tikken Laptop] - Merge pull request #493 from P-T-I/cve-search-492. [Alexandre Dulaunoy] Fix #cve-search-492; api regex searches - Fix #cve-search-492; CVE mathching not returning the correct amount of results. [Paul Tikken Laptop] - Merge pull request #491 from P-T-I/unit_tests. [Alexandre Dulaunoy] Unit tests - Merge master. [Paul Tikken Laptop] - Merge pull request #490 from P-T-I/cleanup. [Alexandre Dulaunoy] General Cleanup and black formatting - Local coverage and test report. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Excluded bot's and fulltext from unit_tests. [Paul Tikken Laptop] - Reformat and moved cve class from 'last' to CveHandler. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Optimized imports. [Paul Tikken Laptop] - Black formatting and removed timing attack on password comparison. [Paul Tikken Laptop] - Deleted unused code. [Paul Tikken Laptop] - Switched to tqdm instead of custom progressbar. [Paul Tikken Laptop] - Merge pull request #489 from P-T-I/cve-search-393. [Alexandre Dulaunoy] fix for #cve-search-393; added limit for the cve_for api endpoint - Fix for #cve-search-393; added limit for the cve_for api endpoint. [Paul Tikken Laptop] - Fix for #cve-search-393; added limit for the cve_for api endpoint. [Paul Tikken Laptop] - Added unit_tests. [Paul Tikken Laptop] - Local coverage and test report. [Paul Tikken Laptop] - Merge branch 'up_master' into unit_tests. [Paul Tikken Laptop] - Merge pull request #488 from P-T-I/cve-search-487. [Alexandre Dulaunoy] Cve search 487 - Adjusted methods for capec and cwe retrieval. [Paul Tikken Laptop] - Fix #cve-search-487; api endpoint returned the wrong values. Added additional endpoints to request a single capec. [Paul Tikken Laptop] - Api documentation update. [Paul Tikken Laptop] - Merge branch 'master' into unit_tests. [Paul Tikken Laptop] - Merge pull request #486 from P-T-I/readme_update. [Alexandre Dulaunoy] update readme - Update readme. [Paul Tikken Laptop] - Merge branch 'master' into unit_tests. [Paul Tikken Laptop] - Merge pull request #485 from P-T-I/travis_test. [Alexandre Dulaunoy] possible fix for travis failing on master commit - Possible fix for travis failing on master commit. [Paul Tikken Laptop] - Possible fix for travis failing on master commit. [Paul Tikken Laptop] - Merge pull request #483 from P-T-I/cve-search-462. [Alexandre Dulaunoy] Cve search 462 - Set default cvss score to None instead of 5 when no score is present. [Paul Tikken Laptop] - Syntax errors fixed. [Paul Tikken Laptop] - Local coverage. [Paul Tikken Laptop] - Added .coverage. [Paul Tikken Laptop] - Black formatting. [Paul Tikken Laptop] - Minor. [Paul Tikken Laptop] - Merge pull request #482 from P-T-I/capec_cwe. [Alexandre Dulaunoy] Capec cwe - Added website entries to capec site for newly parsed entries in capec collection. [Paul Tikken Laptop] - [CAPEC] removed unused code; filtered out DEPRECATED entries added additional parsing for mitre attack and execution flow. [Paul Tikken Laptop] - [CWE] removed unused code; filtered out DEPRECATED entries and reparsed relationships for categories and weaknesses. [Paul Tikken Laptop] - Changed sources to latest versions. [Paul Tikken Laptop] 2020-12-17T15:23:44+00:00 cve-search v4.1.0 2021-04-24T08:01:13+00:00 [cve-search](https://github.com/cve-search/cve-search) v4.1.0 (2021-04-24) released including many improvements and bug fixes. Thanks to all the contributors including bugs reporters who helped us to improve cve-search. ## v4.1.0 (2021-04-24) ### Changes * [version] v4.1.0 released. [Alexandre Dulaunoy] ### Fix * [doc] fix the default link of the public cvepremium.circl.lu. [Alexandre Dulaunoy] * [view/capec] Non existing CAPEC value was not properly handled. [Alexandre Dulaunoy] Fix #648 * [json import] ASSIGNER not always present (required) in NVD json feed. [Alexandre Dulaunoy] Fix #650 ### Other * Merge pull request #664 from P-T-I/cve-search-659. [PT] fix #cve-search-659; wrong date format disables effective sorting on … * Fix #cve-search-659; wrong date format disables effective sorting on table + inserted cvss3 score to vendor search table. [Paul Tikken Laptop] * Merge pull request #663 from P-T-I/cve-search-660. [PT] fix #cve-search-660; fixed the back to top button covering the datata… * Fix #cve-search-660; fixed the back to top button covering the datatables buttons. [Paul Tikken Laptop] * Merge pull request #662 from P-T-I/master. [PT] Proxies fix * Proxies fix. [Paul Tikken Laptop] * Proxies fix. [Paul Tikken Laptop] * Merge pull request #661 from P-T-I/master. [PT] proxies fix * Proxies fix. [Paul Tikken Laptop] * Merge pull request #657 from P-T-I/cve-search-586. [PT] Fix #cve-search-586; created possibility to set download worker size … * Merge branch 'master' into cve-search-586. [Paul Tikken Laptop] * Merge pull request #615 from EXXETA/downloadHandlerProxy. [PT] Use http proxy in download handler * Move proxy setting to a more central place (get_session) [Justin Kromlinger] * Move configuration to a class variable and import statement to the top of the file. [Justin Kromlinger] * Use http proxy in download handler. [Justin Kromlinger] * Fix #cve-search-586; created possibility to set download worker size via environment variable. [Paul Tikken Laptop] * Merge pull request #656 from FafnerKeyZee/patch-2. [Alexandre Dulaunoy] dirty patch for #651 * Update Sources_process.py. [Fafner [_KeyZee_]] * Update Sources_process.py. [Fafner [_KeyZee_]] * Update Sources_process.py. [Fafner [_KeyZee_]] Yeah it's a dirty fix, but it does the job for the moment. * Merge pull request #644 from EXXETA/vendor-search. [Alexandre Dulaunoy] Added endpoints to search for the CPE fields vendor, product and version * Added endpoints to search for the CPE fields vendor, product and version. [weigeltj] * Merge pull request #647 from cve-search/dependabot/pip/nltk-3.6.2. [PT] * Bump nltk from 3.6.1 to 3.6.2. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.6.1 to 3.6.2. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.6.1...3.6.2) * Merge pull request #643 from cve-search/dependabot/pip/sphinx-3.5.4. [PT] * Bump sphinx from 3.5.3 to 3.5.4. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.3 to 3.5.4. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/commits/v3.5.4) * Merge pull request #642 from cve-search/dependabot/pip/nltk-3.6.1. [PT] Bump nltk from 3.5 to 3.6.1 * Bump nltk from 3.5 to 3.6.1. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.5 to 3.6.1. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.5...3.6.1) * Merge pull request #641 from P-T-I/cve-search-625. [PT] update to cwe4.4 * Update to cwe4.4. [Paul Tikken Laptop] * Merge pull request #640 from P-T-I/new_redoc. [PT] New redoc version added * New redoc version added. [Paul Tikken Laptop] * Merge pull request #639 from P-T-I/cve-search-612. [PT] Cve search 612 * Version bump. [Paul Tikken Laptop] * Merge branch 'master' into cve-search-612. [Paul Tikken Laptop] * Merge pull request #635 from cve-search/dependabot/pip/tqdm-4.60.0. [PT] Bump tqdm from 4.59.0 to 4.60.0 * Bump tqdm from 4.59.0 to 4.60.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.59.0 to 4.60.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.59.0...v4.60.0) * Merge pull request #634 from cve-search/dependabot/pip/sphinx-rtd-theme-0.5.2. [PT] Bump sphinx-rtd-theme from 0.5.1 to 0.5.2 * Bump sphinx-rtd-theme from 0.5.1 to 0.5.2. [dependabot[bot]] Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.1...0.5.2) * Merge pull request #632 from cve-search/dependabot/pip/pytest-6.2.3. [PT] * Bump pytest from 6.2.2 to 6.2.3. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.2 to 6.2.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.2...6.2.3) * Merge pull request #631 from cve-search/dependabot/pip/flask-restx-0.3.0. [PT] Bump flask-restx from 0.2.0 to 0.3.0 * Bump flask-restx from 0.2.0 to 0.3.0. [dependabot[bot]] Bumps [flask-restx](https://github.com/python-restx/flask-restx) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/python-restx/flask-restx/releases) - [Changelog](https://github.com/python-restx/flask-restx/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-restx/flask-restx/compare/0.2.0...0.3.0) * Create codeql-analysis.yml. [PT] * Merge pull request #630 from oh2fih/patch-1. [PT] Correct installation order * Correct installation order. [oh2fih] Because `python3` & `python3-pip` are part of `requirements.system`, the system requirements must be installed before installing CVE-Search and its Python dependencies. * Merge pull request #629 from jorgectf/fix-regex-injection. [PT] * Fix Regular Expression injection. [jorgectf] * Merge pull request #628 from cve-search/dependabot/pip/sphinx-3.5.3. [PT] * Bump sphinx from 3.5.2 to 3.5.3. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/commits) * Merge pull request #627 from cve-search/dependabot/pip/docs/source/jinja2-2.11.3. [PT] Bump jinja2 from 2.11.2 to 2.11.3 in /docs/source * Bump jinja2 from 2.11.2 to 2.11.3 in /docs/source. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3) * Fix #612; add min-length attribute to search input box. [Paul Tikken Laptop] * Merge pull request #624 from P-T-I/cve-search-622. [PT] fix #622; skip processing files when file failes to download... * Fix #622; skip processing files when file failes to download... [Paul Tikken Laptop] * Merge pull request #621 from cve-search/dependabot/pip/flask-jwt-extended-4.1.0. [PT] * Bump flask-jwt-extended from 4.0.2 to 4.1.0. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/4.0.2...4.1.0) * Merge pull request #619 from cve-search/dependabot/pip/tqdm-4.59.0. [PT] * Bump tqdm from 4.58.0 to 4.59.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.58.0 to 4.59.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.58.0...v4.59.0) * Merge pull request #620 from cve-search/dependabot/pip/sphinx-3.5.2. [PT] * Bump sphinx from 3.5.1 to 3.5.2. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.5.1...v3.5.2) * Merge pull request #618 from EXXETA/cpeBrowseAPI. [PT] Provide /browse endpoint to list product CPEs * Fix field description. [Justin Kromlinger] * Provide /browse endpoint to list product CPEs. [Justin Kromlinger] The vendor isn't really required here, but it fits the current API style and represents the same functionality as the webinterface. * Merge pull request #616 from cve-search/dependabot/pip/ijson-3.1.4. [PT] Bump ijson from 3.1.3 to 3.1.4 * Bump ijson from 3.1.3 to 3.1.4. [dependabot[bot]] Bumps [ijson](https://github.com/ICRAR/ijson) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/ICRAR/ijson/releases) - [Changelog](https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md) - [Commits](https://github.com/ICRAR/ijson/compare/v3.1.3...v3.1.4) * Merge pull request #614 from cve-search/dependabot/pip/tqdm-4.58.0. [PT] * Bump tqdm from 4.57.0 to 4.58.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.57.0 to 4.58.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.57.0...v4.58.0) * Merge pull request #613 from RoccovanAsselt/display_help. [PT] * Print_help if no parameters. [Rocco van Asselt] * Merge pull request #610 from cve-search/dependabot/pip/tqdm-4.57.0. [PT] Bump tqdm from 4.56.2 to 4.57.0 * Bump tqdm from 4.56.2 to 4.57.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.2 to 4.57.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.2...v4.57.0) * Merge pull request #609 from cve-search/dependabot/pip/sphinx-3.5.1. [PT] * Bump sphinx from 3.5.0 to 3.5.1. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.5.0...v3.5.1) * Merge pull request #608 from P-T-I/cve-search-607. [PT] fix #607; updated the renamed jwt functions * Fix #607; updated the renamed jwt functions. [Paul Tikken Laptop] * Merge pull request #606 from cve-search/dependabot/pip/sphinx-3.5.0. [PT] * Bump sphinx from 3.4.3 to 3.5.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.3 to 3.5.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.3...v3.5.0) * Merge pull request #605 from cve-search/dependabot/pip/flask-jwt-extended-4.0.2. [PT] * Bump flask-jwt-extended from 3.25.0 to 4.0.2. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 3.25.0 to 4.0.2. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/3.25.0...4.0.2) * Merge pull request #603 from cve-search/dependabot/pip/tqdm-4.56.2. [PT] * Bump tqdm from 4.56.1 to 4.56.2. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.1 to 4.56.2. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.1...v4.56.2) * Merge pull request #602 from cve-search/dependabot/pip/tqdm-4.56.1. [PT] * Bump tqdm from 4.56.0 to 4.56.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.0 to 4.56.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.0...v4.56.1) * Merge pull request #601 from cve-search/dependabot/pip/jsonpickle-2.0.0. [PT] * Bump jsonpickle from 1.5.1 to 2.0.0. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.5.1 to 2.0.0. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.5.1...v2.0.0) * Merge pull request #600 from cve-search/dependabot/pip/pymongo-3.11.3. [PT] * Bump pymongo from 3.11.2 to 3.11.3. [dependabot[bot]] Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 3.11.2 to 3.11.3. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/3.11.3/doc/changelog.rst) - [Commits](https://github.com/mongodb/mongo-python-driver/compare/3.11.2...3.11.3) * Merge pull request #599 from cve-search/dependabot/pip/jsonpickle-1.5.1. [PT] Bump jsonpickle from 1.5.0 to 1.5.1 * Bump jsonpickle from 1.5.0 to 1.5.1. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.5.0...v1.5.1) * Merge pull request #598 from cve-search/dependabot/pip/jinja2-2.11.3. [PT] Bump jinja2 from 2.11.2 to 2.11.3 * Bump jinja2 from 2.11.2 to 2.11.3. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3) * Merge pull request #596 from cve-search/dependabot/pip/pytest-6.2.2. [PT] Bump pytest from 6.2.1 to 6.2.2 * Bump pytest from 6.2.1 to 6.2.2. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.1...6.2.2) * Merge pull request #593 from cve-search/dependabot/pip/gevent-21.1.2. [PT] Bump gevent from 21.1.1 to 21.1.2 * Bump gevent from 21.1.1 to 21.1.2. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 21.1.1 to 21.1.2. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/21.1.1...21.1.2) * Merge pull request #594 from cve-search/dependabot/pip/pytest-cov-2.11.1. [PT] Bump pytest-cov from 2.11.0 to 2.11.1 * Bump pytest-cov from 2.11.0 to 2.11.1. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.11.0...v2.11.1) * Merge pull request #592 from cve-search/dependabot/pip/gevent-21.1.1. [PT] Bump gevent from 21.1.0 to 21.1.1 * Bump gevent from 21.1.0 to 21.1.1. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 21.1.0 to 21.1.1. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/21.1.0...21.1.1) * Merge pull request #591 from P-T-I/cve-search-587. [PT] fix #587; allowing local files to be set in the sources.ini file via … * Fix #587; allowing local files to be set in the sources.ini file via a file:///PATH/TO/FILE.json; this is applicable for all different sources; which creates the possibility to update cve-search completely off line. [Paul Tikken Laptop] * Merge pull request #590 from cve-search/dependabot/pip/gevent-21.1.0. [PT] Bump gevent from 20.12.1 to 21.1.0 * Bump gevent from 20.12.1 to 21.1.0. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.12.1 to 21.1.0. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.12.1...21.1.0) * Merge pull request #589 from cve-search/dependabot/pip/jsonpickle-1.5.0. [PT] Bump jsonpickle from 1.4.2 to 1.5.0 * Bump jsonpickle from 1.4.2 to 1.5.0. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.4.2 to 1.5.0. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.4.2...v1.5.0) * Merge pull request #588 from cve-search/dependabot/pip/pytest-cov-2.11.0. [PT] Bump pytest-cov from 2.10.1 to 2.11.0 * Bump pytest-cov from 2.10.1 to 2.11.0. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.10.1...v2.11.0) * Merge pull request #584 from cve-search/dependabot/pip/tqdm-4.56.0. [PT] Bump tqdm from 4.55.1 to 4.56.0 * Bump tqdm from 4.55.1 to 4.56.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.55.1 to 4.56.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.55.1...v4.56.0) * Merge pull request #583 from cve-search/dependabot/pip/sphinx-3.4.3. [PT] Bump sphinx from 3.4.2 to 3.4.3 * Bump sphinx from 3.4.2 to 3.4.3. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.2 to 3.4.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.2...v3.4.3) * Merge pull request #582 from P-T-I/cve-search-579. [PT] added retry policy to request.session() and removed the sys.exit(1) o… * Added retry policy to request.session() and removed the sys.exit(1) on error. [Paul Tikken Laptop] * Merge pull request #580 from cve-search/dependabot/pip/sphinx-rtd-theme-0.5.1. [PT] Bump sphinx-rtd-theme from 0.5.0 to 0.5.1 * Bump sphinx-rtd-theme from 0.5.0 to 0.5.1. [dependabot[bot]] Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.0...0.5.1) * Merge pull request #581 from cve-search/dependabot/pip/sphinx-3.4.2. [PT] Bump sphinx from 3.4.1 to 3.4.2 * Bump sphinx from 3.4.1 to 3.4.2. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.1...v3.4.2) * Merge pull request #578 from cve-search/dependabot/pip/tqdm-4.55.1. [PT] Bump tqdm from 4.55.0 to 4.55.1 * Bump tqdm from 4.55.0 to 4.55.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.55.0 to 4.55.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.55.0...v4.55.1) * Merge pull request #577 from cve-search/dependabot/pip/gevent-20.12.1. [PT] Bump gevent from 20.12.0 to 20.12.1 * Bump gevent from 20.12.0 to 20.12.1. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.12.0 to 20.12.1. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.12.0...20.12.1) * Merge pull request #576 from cve-search/dependabot/pip/tqdm-4.55.0. [PT] Bump tqdm from 4.54.1 to 4.55.0 * Bump tqdm from 4.54.1 to 4.55.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.54.1 to 4.55.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.54.1...v4.55.0) * Merge pull request #575 from cve-search/dependabot/pip/sphinx-3.4.1. [PT] Bump sphinx from 3.4.0 to 3.4.1 * Bump sphinx from 3.4.0 to 3.4.1. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.0...v3.4.1) * Update .schema_version. [PT] Update schema for new capec version * Merge pull request #574 from P-T-I/new_capec_version. [PT] fix #572: parsing new capec version * Fix #572: parsing new capec version. [Paul Tikken Laptop] * Merge pull request #573 from cve-search/dependabot/pip/gevent-20.12.0. [PT] Bump gevent from 20.9.0 to 20.12.0 * Bump gevent from 20.9.0 to 20.12.0. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.9.0 to 20.12.0. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.9.0...20.12.0) * Merge pull request #570 from P-T-I/schema_checker. [PT] fix #564; database schema version checker added * Fix #564; database schema version checker added. [Paul Tikken Laptop] * Merge pull request #569 from P-T-I/cvss_impact_exploit. [PT] added exploit and impact scores to api endpoints; cleanup code and re… * Added exploit and impact scores to api endpoints; cleanup code and removal of unused functions. [Paul Tikken Laptop] * Merge pull request #565 from AZobec/cvssV3. [PT] add impactScore and exploitabilityScore for CVSS v3.1 * Rebase. [AZobec] * Add impactScore and exploitabilityScore for CVSS v3.1. [AZobec] * Merge pull request #568 from cve-search/dependabot/pip/sphinx-3.4.0. [PT] Bump sphinx from 3.3.1 to 3.4.0 * Bump sphinx from 3.3.1 to 3.4.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.3.1...v3.4.0) * Merge pull request #567 from cve-search/dependabot/pip/flask-socketio-5.0.1. [PT] Bump flask-socketio from 5.0.0 to 5.0.1 * Bump flask-socketio from 5.0.0 to 5.0.1. [dependabot[bot]] Bumps [flask-socketio](https://github.com/miguelgrinberg/Flask-SocketIO) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/miguelgrinberg/Flask-SocketIO/releases) - [Changelog](https://github.com/miguelgrinberg/Flask-SocketIO/blob/master/CHANGES.md) - [Commits](https://github.com/miguelgrinberg/Flask-SocketIO/compare/v5.0.0...v5.0.1) * Merge pull request #566 from cve-search/dependabot/pip/codecov-2.1.11. [PT] Bump codecov from 2.1.10 to 2.1.11 * Bump codecov from 2.1.10 to 2.1.11. [dependabot[bot]] Bumps [codecov](https://github.com/codecov/codecov-python) from 2.1.10 to 2.1.11. - [Release notes](https://github.com/codecov/codecov-python/releases) - [Changelog](https://github.com/codecov/codecov-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-python/compare/v2.1.10...v2.1.11) * Merge pull request #563 from cve-search/dependabot/pip/requests-2.25.1. [PT] Bump requests from 2.25.0 to 2.25.1 * Bump requests from 2.25.0 to 2.25.1. [dependabot[bot]] Bumps [requests](https://github.com/psf/requests) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.25.0...v2.25.1) * Update VERSION. [PT] 2021-04-24T08:01:13+00:00 cve-search v4.2 2022-03-21T07:59:20+00:00 ## cve-search version 4.2 released including many bugs fixed and improvements. (2022-03-21) ### New * [config] changelogrc configuration + updated pattern for tag matching. [Alexandre Dulaunoy] ### Other * Merge pull request #854 from oh2fih/master. [PT] * Remove logrotate as logging to syslog. [Esa Jokinen] * A more complete set of CVE-Search systemd services. [Esa Jokinen] * Merge pull request #831 from FafnerKeyZee/patch-1. [PT] * Sending parameters to make uwsgi happy ;) [Fafner [_KeyZee_]] * Merge pull request #830 from FafnerKeyZee/master. [PT] * Adding systemd and logrotate. [Olivier Ferrand] * Merge pull request #824 from cve-search/dependabot/pip/sphinx-4.3.1. [Alexandre Dulaunoy] Bump sphinx from 4.3.0 to 4.3.1 * Bump sphinx from 4.3.0 to 4.3.1. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-patch ... * Merge pull request #816 from kawtar01/feature/setup_oidc_auth_flow. [PT] * Update doc to elaborate idp discovery url. [Kawtar.ahaggach.e] * Update requirements.txt. [Paul Tikken Laptop] * Rebase. [Paul Tikken Laptop] * Merge pull request #823 from P-T-I/api_doc_fix. [PT] Redoc dependency removal * Removed redoc as dependency. [Paul Tikken Laptop] * Merge pull request #822 from P-T-I/update_reqs. [PT] Updated requirements * Updated requirements. [Paul Tikken Laptop] * Fix for always showing the bottom plugin toolbar. [Paul Tikken Laptop] * Merge pull request #819 from P-T-I/cve-search-801. [PT] Updates capec version * Fix #cve-search-801; update capec version. [Paul Tikken Laptop] * Changed print statements to logger statements. Added function to retrieve a requests session instead of a plain request method. This function also respects proxies from the config. Added verify possibility to ignore requests made with/to self signed certificates OIDC servers. Black formatting enforced. [Paul Tikken Laptop] * Black formatting and cleanup imports. [Paul Tikken Laptop] * Added SSL_Verify to Config.py and corresponding method to retrieve the value. Added this value into the configuration.ini.sample as well. [Paul Tikken Laptop] * Setup OIDC login flow. [Kawtar.ahaggach.e] * Merge pull request #814 from FafnerKeyZee/master. [PT] * Update bookmarked.html. [Fafner [_KeyZee_]] * Update linked.html. [Fafner [_KeyZee_]] * Merge pull request #806 from oh2fih/master. [PT] Enhance sanitation #796 + black formatting. * Black formatting. [Esa Jokinen] * Enhance sanitation #796 + black formatting. [Esa Jokinen] * Merge pull request #796 from P-T-I/cve-search-795. [PT] Reflected server-side cross-site scripting * Update requirements. [Paul Tikken Laptop] * Fix #795; server side XSS vulnerability. [Paul Tikken Laptop] * Merge pull request #784 from cve-search/dependabot/pip/jinja2-3.0.2. [PT] * Bump jinja2 from 3.0.1 to 3.0.2. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.0.1...3.0.2) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #786 from cve-search/dependabot/pip/werkzeug-2.0.2. [PT] * Bump werkzeug from 2.0.1 to 2.0.2. [dependabot[bot]] Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.0.1...2.0.2) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #783 from cve-search/dependabot/pip/flask-2.0.2. [PT] * Bump flask from 2.0.1 to 2.0.2. [dependabot[bot]] Bumps [flask](https://github.com/pallets/flask) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/flask/compare/2.0.1...2.0.2) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #782 from cve-search/dependabot/pip/pytest-cov-3.0.0. [PT] * Bump pytest-cov from 2.12.1 to 3.0.0. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.12.1 to 3.0.0. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.12.1...v3.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-major ... * Merge pull request #789 from oh2fih/master. [PT] * Merge branch 'cve-search:master' into master. [Esa Jokinen] * Merge pull request #785 from oh2fih/master. [PT] * Remove IRC and XMPP from documentation (#787) [Esa Jokinen] * Remove requirements for IRC and XMPP (#787) [Esa Jokinen] * Remove broken feature: XMPP bot (#787) [Esa Jokinen] * Remove broken feature: IRC bot (#787) [Esa Jokinen] * Add "Logging: True/False" in sample config (#774) [Esa Jokinen] * Improve logging: config & fault tolerance (#774) [Esa Jokinen] * Merge pull request #778. [PT] update redoc * Redoc update. [Paul Tikken Laptop] * Merge pull request #777. [PT] req update * Docs update. [Paul Tikken Laptop] * Merge pull request #776. [PT] docs update * Docs update. [Paul Tikken Laptop] * Merge pull request #775. [PT] update requirements * Update requirements.txt. [Paul Tikken Laptop] * Merge pull request #771 from cve-search/dependabot/pip/tqdm-4.62.3. [PT] Bump tqdm from 4.62.2 to 4.62.3 * Bump tqdm from 4.62.2 to 4.62.3. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.62.2 to 4.62.3. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.62.2...v4.62.3) --- updated-dependencies: - dependency-name: tqdm dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #772 from cve-search/dependabot/pip/nltk-3.6.3. [PT] Bump nltk from 3.6.2 to 3.6.3 * Bump nltk from 3.6.2 to 3.6.3. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.6.2 to 3.6.3. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.6.2...3.6.3) --- updated-dependencies: - dependency-name: nltk dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #766 from oh2fih/master. [PT] Ajaxify searches & adjust search result reason priority * Merge branch 'cve-search:master' into master. [Esa Jokinen] * Merge pull request #768 from cve-search/dependabot/pip/sphinx-rtd-theme-1.0.0. [PT] Bump sphinx-rtd-theme from 0.5.2 to 1.0.0 * Bump sphinx-rtd-theme from 0.5.2 to 1.0.0. [dependabot[bot]] Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.2 to 1.0.0. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.2...1.0.0) --- updated-dependencies: - dependency-name: sphinx-rtd-theme dependency-type: direct:development update-type: version-update:semver-major ... * Merge pull request #769 from cve-search/dependabot/pip/sphinx-4.2.0. [PT] Bump sphinx from 4.1.2 to 4.2.0 * Bump sphinx from 4.1.2 to 4.2.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.1.2 to 4.2.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.1.2...v4.2.0) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-minor ... * Fix breadcrumb for freetext search. [Esa Jokinen] * Update search tooltip. [Esa Jokinen] * Change freetext search path (removing '?search=') [Esa Jokinen] * Remove unused template static_table.html (#758) [Esa Jokinen] * Breadcrumb for freetext search (#758) [Esa Jokinen] * Expand Ajax search to vendor browsing (#758) [Esa Jokinen] * Merge branch 'cve-search:master' into master. [Esa Jokinen] * Merge pull request #764 from oh2fih/master. [PT] * Adjust search result reason priority. [Esa Jokinen] * Show 'reason' only if exists. Fix indentation. [Esa Jokinen] * Shared functions: better on the same file. (#758) [Esa Jokinen] * Ajaxify freetext search (#758) [Esa Jokinen] * Merge branch 'cve-search:master' into master. [Esa Jokinen] * Merge pull request #762 from oh2fih/master. [PT] * Filter validation for an authenticated user (#763) [Esa Jokinen] * Authenticated user defaults for the filter (#763) [Esa Jokinen] * Backend state for the auth user filter form (#763) [Esa Jokinen] * CSS for Bootstrap v4.5.2 -> v4.6.0. [Esa Jokinen] * Update Bootstrap v4.5.2 -> v4.6.0 (#761) [Esa Jokinen] * Popper required by Bootstrap must be before it. [Esa Jokinen] * Merge branch 'web-cleanup' [Esa Jokinen] * Update clipboard.js v2.0.6 -> v2.0.8 (#761) [Esa Jokinen] * Update Popper (?? 2019 version) -> v2.10.1 (#761) [Esa Jokinen] * Update DataTables 1.10.22 -> 1.11.2 (#761) [Esa Jokinen] * Remove legacy Flash (#761) [Esa Jokinen] * Uniform style with master-page layout (#761) [Esa Jokinen] * Remove unused HTML5 Shiv v3.6.2 (#761) [Esa Jokinen] * Abandon IE 6-8 support. (#761) [Esa Jokinen] * CSS for Font Awesome Free 5.13.0 -> 5.15.4 (#761) [Esa Jokinen] * Remove unused jQuery v3.5.1 (#761) [Esa Jokinen] * Use jQuery v3.6.0 (replacing jQuery v3.5.1) (#761) [Esa Jokinen] * Add jQuery v3.6.0 (#761) [Esa Jokinen] * Remove unused fonts (glyphicons-halflings) (#761) [Esa Jokinen] * Update Font Awesome Free 5.13.0 -> 5.15.4 (#761) [Esa Jokinen] * Enable Font Awesome Free (ref. all.min.js) (#761) [Esa Jokinen] * Remove unused jQuery v1.11.2 (#761) [Esa Jokinen] * Remove unreferenced template api.html (#761) [Esa Jokinen] * Remove unreferenced template filters2.html (#761) [Esa Jokinen] * Merge pull request #760 from oh2fih/master. [PT] * Merge branch 'cve-search:master' into master. [Esa Jokinen] * Merge pull request #755 from cve-search/dependabot/pip/beautifulsoup4-4.10.0. [PT] Bump beautifulsoup4 from 4.9.3 to 4.10.0 * Bump beautifulsoup4 from 4.9.3 to 4.10.0. [dependabot[bot]] Bumps [beautifulsoup4](http://www.crummy.com/software/BeautifulSoup/bs4/) from 4.9.3 to 4.10.0. --- updated-dependencies: - dependency-name: beautifulsoup4 dependency-type: direct:production update-type: version-update:semver-minor ... * Fix indentation. [Esa Jokinen] * Rename the function to be less general. (#758) [Esa Jokinen] * One more MountPath fix for (#759) [Esa Jokinen] * Merge branch 'cve-search:master' into master. [oh2fih] * Merge pull request #756 from oh2fih/master. [PT] Minor improvements to the filter functionality. Fixed search. * Merge pull request #757 from DocArmoryTech/patch-1. [PT] Fix typo in production installation * Fix typo in production installation. [DocArmoryTech] Added missing redirects `>` to the `cat` commands in the instructions for production installation * Facilitate mounting with JS var MountPath (#759) [Esa Jokinen] * Dynamically generate URL for mounting. [Esa Jokinen] * These were already fixed in #728 but got reverted. [Esa Jokinen] * Add global JS variable for MountPath (#759) [Esa Jokinen] * Removed duplicate // from favicon URL. [Esa Jokinen] * Beautify indentation etc. [Esa Jokinen] * This is redundant, too. [Esa Jokinen] * Fix freetext search form; simplified GET-redirect. [Esa Jokinen] * /search to support both GET & POST. Fix redirect. [Esa Jokinen] * Delete invalid cookie more aggressively. [Esa Jokinen] * Make the "Filter" buttons behave equally. [Esa Jokinen] * Show the filter box if a warning is displayed. [Esa Jokinen] * Merge pull request #754 from oh2fih/master. [PT] Fix the server-side filter date validation * Merge branch 'cve-search:master' into master. [oh2fih] * Merge pull request #753 from oh2fih/master. [PT] Move inline JavaScript from the HTML template to static .js files * Fix the server-side date validation. (#733) [Esa Jokinen] * Added newline in the end of file. [Esa Jokinen] * Move all possible inline JS to static files. [Esa Jokinen] * Uniform indentation. [Esa Jokinen] * Move filter related JS from template to /static. [Esa Jokinen] * Not used anywhere; setFilters() always empty. [Esa Jokinen] * Merge pull request #752 from P-T-I/cve-search-751. [PT] * Dropping all collections when forced. [Paul Tikken Laptop] * Reconfigured wsgi mount path to be configurable via the configuration settings. [Paul Tikken Laptop] * Merge pull request #749 from P-T-I/cve-search-742. [PT] Web GUI filters always filtering on CVSS3 (despite CVSS2 chosen) * Fix #742; fixed gui performing wrong CVSS filter and fixed filtering on dates which where performed on the wrong date format. [Paul Tikken Laptop] * Merge branch 'up_master' into cve-search-742. [Paul Tikken Laptop] * Merge pull request #748 from oh2fih/master. [PT] Client-side filter handling with cookies * More responsive user interactions (#747) [Esa Jokinen] * Client-side filter validation (#747) [Esa Jokinen] * Better look for warning (same size when empty). [Esa Jokinen] * Merge branch 'cve-search:master' into master. [oh2fih] * Reduce requests to /fetch_cve_data (#747) [Esa Jokinen] * No need for server-side logging anymore (#747) [Esa Jokinen] * Move filter handling client-side (#747) [Esa Jokinen] * Fixed bug where datestrings where not handled correctly. [Paul Tikken Laptop] * Merge pull request #746. [PT] UX enhancements related to the previous fixes on bug #733 * UX: hilight active drop-down menu options. (#733) [Esa Jokinen] * UX: replace JS alerts with inline warnings (#733) [Esa Jokinen] * Update installation.rst. [PT] * Merge pull request #743 from oh2fih/master. [PT] Added backend filter validation and pre-filling of the filter form data * Beautify console errors & reduce verbosity. (#733) [Esa Jokinen] * Update filter form with the backend state. (#733) [Esa Jokinen] * Fix a typo; making 'equals' & 'below' work (#733) [Esa Jokinen] * Make frontend aware of the backend state (#733) [Esa Jokinen] * Backend filter validation for /set_filter (#733) [Esa Jokinen] * Merge pull request #744 from DocArmoryTech/wsgi-doc. [PT] UWSGI documentation update * Fixed rst reference to Config section. [DocArmoryTech] * Added note to highlight end of standard install. [DocArmoryTech] Added note to highlight end of standard install and direct the reader on to the Configuration section (hoping to avoid people trying to perform both installations * Renamed 'basic' to 'standard' installation. [DocArmoryTech] * Update webgui.rst. [DocArmoryTech] Decomposed the "starting the webserver" section into two parts one for a standard installation, and one for a production installation that covers setup of uwsgi and nginx * Update webgui.rst. [DocArmoryTech] * Removed UWSGI and NGINX setup. [DocArmoryTech] Removed UWSGI and NGINX setup with the intention of replacing it under the webgui section of the docs * Corrected type in virtualenv. [DocArmoryTech] * Added virtualenv parameter. [DocArmoryTech] Added a `virtualenv` parameter to tally with that specified in the docs * Copied mongo-db install to Prod. Install. [DocArmoryTech] Copied the instructions for installing mongodb to the "Production Installation" section * Updated docs to use requirements.prod file. [DocArmoryTech] * Create requirements.prod. [DocArmoryTech] * Update installation.rst. [DocArmoryTech] * Fixed formatting of new section. [DocArmoryTech] Fixed md formatting of new "Production Installation" section * Create nginx.conf.sample. [DocArmoryTech] * Update installation.rst. [DocArmoryTech] * Merge pull request #741 from P-T-I/cleanup. [PT] query published date * Fixed bug where datestrings posted to the api/query endpoint where not handled correctly. [Paul Tikken Laptop] * Merge pull request #738 from P-T-I/plugin_rewrite. [PT] Plugin rewrite * Documentation update and first release for Cve-Search plugin. [Paul Tikken Laptop] * Rebase merge. [Paul Tikken Laptop] * Merge pull request #737 from P-T-I/cve-search-709. [PT] /api/dbInfo missing in the new API * Restructure dbinfo in documentation. [Paul Tikken Laptop] * Merge pull request #736 from P-T-I/cve-search-734. [PT] Issues using the REST API * Added cvssVersion header. [Paul Tikken Laptop] * Updated requirements and fixed headers with underscore no longer being processed by the REST API. [Paul Tikken Laptop] * Merge pull request #732 from P-T-I/cve-search-714. [PT] Support for MongoDB 5.0 * Black formatting. [Paul Tikken Laptop] * Rebase. [Paul Tikken Laptop] * Merge pull request #728 from DocArmoryTech/mounty. [PT] Dynamically generate all URLs to facilitate mounting * Small error with cwe breadcrumb. [Paul Tikken Laptop] * Merge branch 'mounty' of https://github.com/DocArmoryTech/cve-search into mounty. [dotsie] * Updated fixed to masterLogin. [DocArmoryTech] Reverted changes made to masterLogin function to make use of the *local* (and not absent) `verifyPass` function. * Version change for rebase. [DocArmoryTech] * Corrected version. [DocArmoryTech] * Update VERSION. [DocArmoryTech] * Update wsgi.ini.sample. [DocArmoryTech] * Fixed path of wsgi-file. [DocArmoryTech] * Removed beforeSend hook. [dotsie] * Prefix XHR urls with url_for. [dotsie] * Fixed typo in chaneg_pass url. [dotsie] * Moved XHR js functions to admin template. [dotsie] * Modified URL generation in stand UI. [dotsie] * Fixed urls in admin or full webui. [dotsie] * Fixed db mgmt admin scripts ref to non-existent function. [dotsie] db_mgmt_admin.py attempted to make use of the mongodb plugin's verifyPass function. Assuming a refactoring oversight, and changing the function call to verifyUser(user, pass) * Merge branch 'mounty' of https://github.com/DocArmoryTech/cve-search into mounty. [dotsie] * Create wsgi.ini.sample. [DocArmoryTech] A minimal example of a uwsgi ini that runs cve-search listening on a socket * Removed leading slash from constructed breadcrumb urls. [dotsie] - Modified dynamic list constructors so as to not return a leading `/` in generated URLs - Modified the loop body that generates the page breadcrumb so as to include the url_for('home.index') todo: - modify admin 'views' - admin/account testing * Dynamically generated urls to static resources for app mounting /_get_plugins. [dotsie] In order to faciliate 'mounting' of cve-search as a web app, or alteration of the application root: - Modified the 'hard coded' urls to static resources (css, imgs, js) to use the url_for() function to generate urls dynamically - Added a new `<script>` in the `<head>` of `web/templates/layouts/master-page.html` - moved the ~search~ `redirect()` function from `web/static/js/custom/scripts.js` to a new `<script>` in the _master_ layout template - modified the `redirect()` function to use `url_for()` when generating urls and redirecting - configured ajax to prepend the web_root to XHR requets using the `beforeSend` hook Todo: - Breadcrumbs are broken - Admin functions need testing * Update wsgi.ini.sample. [DocArmoryTech] * Fixed path of wsgi-file. [DocArmoryTech] * Removed beforeSend hook. [dotsie] * Prefix XHR urls with url_for. [dotsie] * Fixed typo in chaneg_pass url. [dotsie] * Moved XHR js functions to admin template. [dotsie] * Modified URL generation in stand UI. [dotsie] * Fixed urls in admin or full webui. [dotsie] * Create wsgi.ini.sample. [DocArmoryTech] A minimal example of a uwsgi ini that runs cve-search listening on a socket * Removed leading slash from constructed breadcrumb urls. [dotsie] - Modified dynamic list constructors so as to not return a leading `/` in generated URLs - Modified the loop body that generates the page breadcrumb so as to include the url_for('home.index') todo: - modify admin 'views' - admin/account testing * Dynamically generated urls to static resources for app mounting /_get_plugins. [dotsie] In order to faciliate 'mounting' of cve-search as a web app, or alteration of the application root: - Modified the 'hard coded' urls to static resources (css, imgs, js) to use the url_for() function to generate urls dynamically - Added a new `<script>` in the `<head>` of `web/templates/layouts/master-page.html` - moved the ~search~ `redirect()` function from `web/static/js/custom/scripts.js` to a new `<script>` in the _master_ layout template - modified the `redirect()` function to use `url_for()` when generating urls and redirecting - configured ajax to prepend the web_root to XHR requets using the `beforeSend` hook Todo: - Breadcrumbs are broken - Admin functions need testing * Black formatting. [Paul Tikken Laptop] * Change is not backwards compatible with earlier create indexes in mongodb; so rebuild is needed. [Paul Tikken Laptop] * Removed weights from indexes for mongodb 5.0 compatibility and black formatting. [Paul Tikken Laptop] * Merge pull request #731 from P-T-I/cve-search-680. [PT] db update throws error message after creating user * Fixed errors when inserting a user into the database. [Paul Tikken Laptop] * Black formatting and requirement added. [Paul Tikken Laptop] * Merge master. [Paul Tikken Laptop] * Merge pull request #730 from P-T-I/cve-search-712. [PT] Update source to capec3.5 * Fix #712; updated to capec3.5 and upped schema version. [Paul Tikken Laptop] * Merge pull request #729 from P-T-I/master. [PT] updated docs and updated requirements * Updated docs and updated requirements. [Paul Tikken Laptop] * Merge pull request #720 from cve-search/dependabot/pip/requests-2.26.0. [PT] * Bump requests from 2.25.1 to 2.26.0. [dependabot[bot]] Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.26.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.25.1...v2.26.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... * Merge pull request #715 from cve-search/dependabot/pip/sphinx-4.0.3. [PT] * Bump sphinx from 4.0.2 to 4.0.3. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.0.2 to 4.0.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.0.2...v4.0.3) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-patch ... * Merge pull request #716 from cve-search/dependabot/pip/flask-jwt-extended-4.2.3. [PT] * Bump flask-jwt-extended from 4.2.1 to 4.2.3. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 4.2.1 to 4.2.3. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/4.2.1...4.2.3) --- updated-dependencies: - dependency-name: flask-jwt-extended dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #717 from cve-search/dependabot/pip/tqdm-4.61.2. [PT] * Bump tqdm from 4.61.1 to 4.61.2. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.61.1 to 4.61.2. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.61.1...v4.61.2) --- updated-dependencies: - dependency-name: tqdm dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #707 from cve-search/dependabot/pip/tqdm-4.61.1. [PT] * Bump tqdm from 4.61.0 to 4.61.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.61.0 to 4.61.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.61.0...v4.61.1) --- updated-dependencies: - dependency-name: tqdm dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #705 from cve-search/dependabot/pip/pytest-cov-2.12.1. [PT] * Bump pytest-cov from 2.12.0 to 2.12.1. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.12.0 to 2.12.1. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.12.0...v2.12.1) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #699 from cve-search/dependabot/pip/tqdm-4.61.0. [PT] Bump tqdm from 4.60.0 to 4.61.0 * Bump tqdm from 4.60.0 to 4.61.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.60.0 to 4.61.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.60.0...v4.61.0) * Merge pull request #703 from cve-search/dependabot/pip/flask-wtf-0.15.1. [PT] * Bump flask-wtf from 0.14.3 to 0.15.1. [dependabot[bot]] Bumps [flask-wtf](https://github.com/wtforms/flask-wtf) from 0.14.3 to 0.15.1. - [Release notes](https://github.com/wtforms/flask-wtf/releases) - [Changelog](https://github.com/wtforms/flask-wtf/blob/main/docs/changes.rst) - [Commits](https://github.com/wtforms/flask-wtf/compare/0.14.3...v0.15.1) * Merge pull request #702 from hashier/fix/dependencies. [PT] * Fix(dependencies): dowgrade flask. [Christopher Loessl] because flask-restx is not yet compatible * Merge pull request #697 from P-T-I/cve-search-690. [PT] fixed double entries in the CWE description (and also notic… * Fix #690; fixed double entries in the CWE description (and also noticed that the wrong description is in the CWE description) [Paul Tikken Laptop] * Merge pull request #696 from P-T-I/cve-search-679. [PT] Let data tables respond to PageLength setting * Fix #679; Let data tables respond to PageLength setting in configuration.ini. [Paul Tikken Laptop] * Merge pull request #695 from P-T-I/master. [PT] Update requirements files * Updated requirements.txt. [Paul Tikken Laptop] * Merge branch 'up_master' [Paul Tikken Laptop] * Merge pull request #691 from cve-search/dependabot/pip/sphinx-4.0.2. [PT] Bump sphinx from 3.5.4 to 4.0.2 * Bump sphinx from 3.5.4 to 4.0.2. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.4 to 4.0.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.5.4...v4.0.2) * Updated requirements.txt. [Paul Tikken Laptop] * Updated requirements.txt. [Paul Tikken Laptop] * Merge pull request #678 from cve-search/dependabot/pip/pytest-6.2.4. [PT] * Bump pytest from 6.2.3 to 6.2.4. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.3 to 6.2.4. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.3...6.2.4) * Merge pull request #677 from cve-search/dependabot/pip/pymongo-3.11.4. [PT] * Bump pymongo from 3.11.3 to 3.11.4. [dependabot[bot]] Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 3.11.3 to 3.11.4. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/3.11.4/doc/changelog.rst) - [Commits](https://github.com/mongodb/mongo-python-driver/compare/3.11.3...3.11.4) * Merge branch 'up_master' into plugin_rewrite. [Paul Tikken Laptop] * Merge pull request #676 from cve-search/dependabot/pip/flask-jwt-extended-4.2.0. [PT] Bump flask-jwt-extended from 4.1.0 to 4.2.0 * Bump flask-jwt-extended from 4.1.0 to 4.2.0. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/4.1.0...4.2.0) * Merge remote-tracking branch 'origin/plugin_rewrite' into plugin_rewrite. [Paul Tikken Laptop] # Conflicts: # web/VERSION * Merge up_master. [Paul Tikken Laptop] * Merge up_master. [Paul Tikken Laptop] * Merge pull request #673 from P-T-I/redoc_update. [PT] redoc update * Redoc update. [Paul Tikken Laptop] * Merge pull request #671 from M0dEx/master. [PT] Search in 'vendors' and 'products' fields * Search in 'vendors' and 'products' fields - earching using only fulltext searches misses a lot of obvious matches (search for "trendmicro" or "trend micro" returns a lot less CVEs than it should (<150, when there are 300+ CVEs for Trend Micro) [M0dEx] * Merge pull request #668 from M0dEx/master. [PT] * Convert WORKER_SIZE from ENV to int as it can cause issues when not converted (in CVE-Search-Docker, for example) [M0dEx] * Working on flask-plugins. [Paul Tikken Laptop] * Working on flask-plugins. [Paul Tikken Laptop] * Refactored the CVE page. [Paul Tikken Laptop] * Cleanup old plugin framework. [Paul Tikken Laptop] * Cleanup old plugin framework. [Paul Tikken Laptop] * Merge branch 'up_master' into plugin_rewrite. [Paul Tikken Laptop] * Merge. [Paul Tikken Laptop] * Working on new plugin framework. [Paul Tikken Laptop] 2022-03-21T07:59:20+00:00 cve-search v4.2.1 2022-05-27T09:02:12+00:00 ## v4.2.1 (2022-05-27) cve-search v4.2.1 released including multiple bugs fixed and improvements. - Configurable max limits & reasonable defaults for /api/cvefor & /api/last - Fix CPE conversions - Capec 3.7 update - Various improvements in the JS dependencies - Add Database connectivity using MONGODB+SRV connection string Thanks to @eengelking, @P-T-I and @oh2fih for all the hard work and contributions! ### Changelog * [release] version 4.2.1. [Alexandre Dulaunoy] ### Other * Merge pull request #888 from oh2fih/master. [PT] * Black formatting for lib/Config.py. [Esa Jokinen] * Use CVEMaxLimit in /api/cvefor and /api/last. [Esa Jokinen] * Add configurable [API] CVEMaxLimit. [Esa Jokinen] * Black formatting (web/) [Esa Jokinen] * Rename the maximum limit variable. [Esa Jokinen] * Set default limit & max limit for /api/cvefor. [Esa Jokinen] * Merge pull request #884 from oh2fih/master. [PT] * Merge branch 'update-js-dependencies' [Esa Jokinen] * Update Bootstrap v4.6.0 -> v4.6.1. [Esa Jokinen] * Update clipboard.js v2.0.8 -> v2.0.10. [Esa Jokinen] * Update Popper v2.10.1 -> v2.11.5. [Esa Jokinen] * Update DataTables 1.11.2 -> 1.11.3. [Esa Jokinen] Not changed: - [1.11.3]/js/dataTables.bootstrap4.min.js - [1.11.3]/css/dataTables.bootstrap4.min.css * Merge pull request #883 from oh2fih/master. [PT] * Update rest api documentation to meet with PR #880. [Esa Jokinen] * Merge pull request #880 from oh2fih/master. [PT] Fix CPE conversions * Use cpe_conversion library in Toolkit.py. [Esa Jokinen] * Black formatting. [Esa Jokinen] * Rename library to match its purpose. [Esa Jokinen] * Merge pull request #2 from rg-atte/master. [Esa Jokinen] Added cve conversion library * EOF newline. [Atte] * Functionality to correctly convert CPE versions. [Atte] * Merge pull request #878 from AlphaBravoCompany/master. [PT] * Add authentication database variables (#3) [Ed Engelking] * Added authSource to DB connection call. Updated configuration sample with variable. * Updated documentation * Updated documentation wording * Updated github actions python versions to 3.8. [Paul Tikken Laptop] * Updated github actions python versions to 3.8. [Paul Tikken Laptop] * Merge pull request #869 from P-T-I/cve-search-858. [PT] Capec 3.7 update * Capec sources updated to 3.7. [Paul Tikken Laptop] * Update requirements.txt. [Paul Tikken Laptop] * Merge pull request #848 from cve-search/dependabot/pip/nltk-3.7. [PT] Bump nltk from 3.6.5 to 3.7 * Bump nltk from 3.6.5 to 3.7. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.6.5 to 3.7. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.6.5...3.7) --- updated-dependencies: - dependency-name: nltk dependency-type: direct:production update-type: version-update:semver-minor ... * Merge pull request #856 from cve-search/dependabot/pip/pytest-7.1.1. [PT] Bump pytest from 6.2.5 to 7.1.1 * Bump pytest from 6.2.5 to 7.1.1. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.5 to 7.1.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.5...7.1.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-major ... * Merge pull request #862 from cve-search/dependabot/pip/requests-2.27.1. [PT] Bump requests from 2.26.0 to 2.27.1 * Bump requests from 2.26.0 to 2.27.1. [dependabot[bot]] Bumps [requests](https://github.com/psf/requests) from 2.26.0 to 2.27.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.27.1) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... * Merge pull request #865 from cve-search/dependabot/pip/docs/source/nltk-3.6.6. [PT] Bump nltk from 3.6.5 to 3.6.6 in /docs/source * Bump nltk from 3.6.5 to 3.6.6 in /docs/source. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.6.5 to 3.6.6. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.6.5...3.6.6) --- updated-dependencies: - dependency-name: nltk dependency-type: direct:production ... * Merge pull request #864 from AlphaBravoCompany/master. [PT] Database connectivity using MONGODB+SRV connection string * Database connectivity using MONGO+SRV connection string (#2) [Ed Engelking] * Added feature to use mongodb-srv URI records in mongodb plugin. Added URI configuration options in Config.py. Updated sample configuration to include ability to enable mongodb-srv URI. Added dnspython to pip requirements.txt. * Updating database documentation to explain how to use the new configuration options for SRV syntax. * Fixed a word. * Updated Config.py and mongodb.py to allow calls for SRV connections. * Update VERSION. [PT] 2022-05-27T09:02:12+00:00 cve-search v4.2.2 2023-08-08T06:09:04+00:00 ## v4.2.2 (2023-08-08) ### Other * Merge pull request #990 from oh2fih/master. [PT] * Black formatting (23.7.0) [Esa Jokinen] * DownloadHandler.store_file() accept "text/xml" [Esa Jokinen] The CAPEC source uses this Content-Type now instead of "application/xml" * Merge pull request #956 from cve-search/dependabot/pip/redis-4.5.4. [PT] * Bump redis from 4.5.3 to 4.5.4. [dependabot[bot]] Bumps [redis](https://github.com/redis/redis-py) from 4.5.3 to 4.5.4. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v4.5.3...v4.5.4) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production ... * Merge pull request #957 from cve-search/dependabot/pip/docs/source/redis-4.4.4. [PT] * Bump redis from 3.5.3 to 4.4.4 in /docs/source. [dependabot[bot]] Bumps [redis](https://github.com/redis/redis-py) from 3.5.3 to 4.4.4. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/3.5.3...v4.4.4) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production ... * Merge pull request #954 from cve-search/dependabot/pip/redis-4.5.3. [PT] * Bump redis from 4.2.2 to 4.5.3. [dependabot[bot]] Bumps [redis](https://github.com/redis/redis-py) from 4.2.2 to 4.5.3. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v4.2.2...v4.5.3) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production ... * Merge pull request #952 from dbarzin/patch-3. [PT] * Add mercator. [Didier Barzin] * Merge pull request #939 from cve-search/dependabot/pip/nested-lookup-0.2.25. [Alexandre Dulaunoy] Bump nested-lookup from 0.2.23 to 0.2.25 * Bump nested-lookup from 0.2.23 to 0.2.25. [dependabot[bot]] Bumps [nested-lookup](https://git.unturf.com/python/nested-lookup) from 0.2.23 to 0.2.25. --- updated-dependencies: - dependency-name: nested-lookup dependency-type: direct:production update-type: version-update:semver-patch ... * Merge pull request #938 from cve-search/dependabot/pip/jsonpickle-3.0.1. [Alexandre Dulaunoy] Bump jsonpickle from 2.1.0 to 3.0.1 * Bump jsonpickle from 2.1.0 to 3.0.1. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 2.1.0 to 3.0.1. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/main/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v2.1.0...v3.0.1) --- updated-dependencies: - dependency-name: jsonpickle dependency-type: direct:production update-type: version-update:semver-major ... * Merge pull request #931 from cve-search/dependabot/pip/sphinx-5.3.0. [PT] * Bump sphinx from 4.3.1 to 5.3.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.1 to 5.3.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.3.1...v5.3.0) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-major ... * Merge pull request #920 from oh2fih/master. [PT] * Black formatting. [Esa Jokinen] * Merge pull request #919 from GalaxyGamingBoy/master. [PT] * Merge pull request #4 from GalaxyGamingBoy/CORS. [GalaxyGamingBoy] Reformatted * Reformatted. [GalaxyGamingBoy] * Merge pull request #3 from GalaxyGamingBoy/CORS. [GalaxyGamingBoy] Simplified IF clause * Simplified. [GalaxyGamingBoy] * Merge pull request #2 from GalaxyGamingBoy/CORS. [GalaxyGamingBoy] Limited CORS to API * Limited CORS to API. [GalaxyGamingBoy] * Merge pull request #1 from GalaxyGamingBoy/CORS. [GalaxyGamingBoy] Added CORS Support, can be changed via config * Added CORS Support, can be changed via config. [GalaxyGamingBoy] * Merge pull request #904 from dbarzin/patch-2. [PT] * Update README.md. [Didier Barzin] Add link to Mercator * Merge pull request #896 from dbarzin/master. [PT] * Update install documentation for Ubuntu 22.04. [dbarzin] * Merge pull request #895 from dbarzin/patch-1. [PT] * Upgrade README.md. [Didier Barzin] show all options of search.py 2023-08-08T06:09:04+00:00 cve-search v5.0.0 2023-12-18T21:49:48+00:00 cve-search v5.0.0 released with major improvements for the NVD NIST API import, other improvements and many bugs fixed. The update is now done via [CveXplore](https://github.com/cve-search/CveXplore). Thanks to all the contributors to make this release a reality. ## What's Changed * Configurable DownloadMaxWorkers (#890) by @oh2fih in https://github.com/cve-search/cve-search/pull/998 * Update requirements.txt by @nsmfoo in https://github.com/cve-search/cve-search/pull/1002 * Rewrite of database update to use NVD NIST API from cvexplore lib by @P-T-I in https://github.com/cve-search/cve-search/pull/1010 * wrong key when populating redis cache by @P-T-I in https://github.com/cve-search/cve-search/pull/1019 * mongodb connections by @P-T-I in https://github.com/cve-search/cve-search/pull/1022 * Pass mongodb connection string when initialize CveXplore by @baonq-me in https://github.com/cve-search/cve-search/pull/1030 * Use count_documents() to count mongo documents instead of old and deprecated count() by @baonq-me in https://github.com/cve-search/cve-search/pull/1032 * Fixed Inappropriate Logical Expression by @fazledyn-or in https://github.com/cve-search/cve-search/pull/1031 * Improve CVEs search speed in bin/search.py by @baonq-me in https://github.com/cve-search/cve-search/pull/1033 * Fix counting results when searching for CVE using cli by @baonq-me in https://github.com/cve-search/cve-search/pull/1034 ## New Contributors * @nsmfoo made their first contribution in https://github.com/cve-search/cve-search/pull/1002 * @baonq-me made their first contribution in https://github.com/cve-search/cve-search/pull/1030 * @fazledyn-or made their first contribution in https://github.com/cve-search/cve-search/pull/1031 **Full Changelog**: https://github.com/cve-search/cve-search/compare/v4.2.2...v5.0.0 2023-12-18T21:49:48+00:00