All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Use keywords from ps-constants in CVEorg collector (OSIDB-3694)
- Fix not enough general CVE Severity/Severity error fallback (OSIDB-3767)
- Update field
updated_dt
on queryset update (OSIDB-3573) - Introduce purl to Affect (OSIDB-3409)
- Implement field
embargoed
for advanced search (OSIDB-3549) - Implement no-week-ending SLA policy support (OSIDB-3500)
- Implement complex logic in workflow state requirements (OSIDB-3524)
- Validate and set ps_component from purl (OSIDB-3410)
- Set Jira Severity and maintain the transition from CVE Severity (OSIDB-3697)
- Add history to several other models: AffectCVSS, FlawAcknowledgment, FlawComment, FlawCVSS, FlawReference, Snippet and Tracker. (OSIDB-3466)
- Moved metadata creation during tests to root level conftest and automatically set envs during VCR recording (OSIDB-3492)
- Exclude component and version from Jira tracker updates (OSIDB-3677)
- Allow moving a flaw to state DONE if it has no trackers but impact is moderate or low (OSIDB-3524)
- Set hard limit of paginated results (OSIDB-643)
- Add all references as links when creating Jira trackers (OSIDB-3733)
- Set security level together with embargo status (OSIDB-3598)
- Remove UBI handler special treatment (OSIDB-3728)
- Properly save updated flaw in NVD collector (OSIDB-3661)
- Publish internal flaws only when the triage is completed (OSIDB-3669)
- Adjust the NIST flag instead of removing on NIST score deletion and relieve the NIST flag validation to account for it (OSIDB-3672)
- Adjust flaw impact if NIST CVSS is changed (OSIDB-3661)
- Moved envs monkeypatches to root conftest for reusability (OSIDB-3491)
- Fix conversion of CVSS severity to impact (OSIDB-3661)
- Ignore invalid CVSS from OSV collector (OSIDB-3663)
- Implement resolution steps for duplicate tracker validation (OSIDB-3588)
- Add upstream references to Jira trackers on creation (OSIDB-3148)
- Change ACL mixin serializer to support internal ACLs (OSIDB-3578)
- Make product definitions collector atomic (OSIDB-3590)
- Validate that the CVSSv3 score is zero for flaws with impact "None" (OSIDB-3581)
- Reduced count of requests to Jira for task management
- Implement validation of PS module and PS update stream correspondance (OSIDB-3584)
- Avoid tracker creation conflicts by async tracker sync (OSIDB-3593)
- Skip flaws with CVE ID in OSV collector (OSIDB-3351)
- Fix Bugzilla flaw summary exceeding (OSIDB-3551)
- Add new flaw reference type "UPSTREAM"
- Check title for keywords in CVEorg collector (OSIDB-3545)
- Update delegated resolution mapping so low impact won't fix changes to fix deferred (OSIDB-3575)
- ValidationError constraint “unique_external_system_id” during tracker filing (OSIDB-3589)
- Auto-reset CVSS validation flag on NVD CVSS removal (OSIDB-3407)
- Restrict tracker file offer by ProdSec support instead of general one (OSIDB-3559)
- Do not add private tracker CC to flaws (OSIDB-3558)
- Introduce moderate tracker streams pre-selection (OSIDB-3346)
- Introduce minor and 0-day incident types (OSIDB-3390)
- Collect CVSSv4 in OSV collector (OSIDB-3487)
- Set Impact for collector flaws based on CVSS severity (OSIDB-3487)
- Disable flaw drafts creation for NVD collector (OSIDB-3256)
- Select most relevant CVE, CVSS, CWE, Source for Vulnerability trackers (OSIDB-3348)
- Tracker validations show affect's module/component (OSIDB-3439)
- Rework and complete the tracker stream pre-selection module to fix it
- Exclude unsupported PS modules from tracker file offer (OSIDB-3498)
- Update flaw timestamp after updating NIST CVSS
- Deprecate field "order" in the "comments" endpoint (OSIDB-3547)
- Create custom DjangoQL lookup field for Flaw.components (OSIDB-3479)
- Collect NIST CVSSv4 in NVD collector (OSIDB-2300)
- Record last impact increase in trackers (OSIDB-3448)
- Remove duplicate results from advanced search (OSIDB-3482)
- Collect Jira field metadata for only one issuetype for each project (OSIDB-3485)
- parent_uuid field in Alert had wrong type in OpenAPI schema (OSIDB-3451)
- Fix Jira Tracker collector to account for Vulnerability issue type (OSIDB-3489)
- IntegrityError duplicate key during tracker filing (OSIDB-3433)
- Update Vulnerability trackers on components change (OSIDB-3323)
- Enable CVEorg collector in production
- Alert users when Bugzilla sync failed (OSIDB-3252)
- Remove infinite recursion when SYNC_FLAWS_TO_BZ is disabled (OSIDB-3430)
- Update the release documentation (OSIDB-3384)
- Create new API endpoints for DjangoQL (OSIDB-3338)
- Implement Jira collector sync managers (OSIDB-3177)
- Unable to unembargo flaws with trackers (OSIDB-3398)
- Remove obsoleted contract priority support (OSIDB-3399)
- Remove obsoleted comliance priority support (OSIDB-3335)
- Add CVEorg collector (OSIDB-2234)
- Allow trackers to have manually set SLAs (OSIDB-3374)
- Handle frequent Taskman, Trackers and Collectors exceptions instead of internal server error 500 (OSIDB-3280)
- Sync trackers on impact decrease (OSIDB-3350)
- Tracker validations skipping (OSIDB-3336)
- Implement DjangoQL for Flaw filtering (OSIDB-3337)
- Support Vulnerability issuetype for Trackers (OSIDB-2980)
- Set requires_cve_description to REQUESTED when unset and the flaw has cve_description (OSIDB-3349)
- Extend CVSS vector length (OSIDB-3362)
- Taskman throwing away logs upon JSON decode error (OSIDB-3296)
- Wrong due date when filing new Jira tracker (OSIDB-3376)
- Fix date format error (OSIDB-3364)
- Command for manual syncing Jira metadata (OSIDB-3219)
- Saving models only triggers validations once (OSIDB-3108)
- Update ACLs of linked objects to match collector flaw (OSIDB-3253)
- Allow start dates to come from multiple sources in SLA (OSIDB-3221)
- Update public date for collector flaws (OSIDB-3212)
- Tracker collector ignores up-to-date entries (OSIDB-3244)
- Adjust BBSync to work in one-way mode (OSIDB-3251)
- Show only official collectors at the collector status endpoint
- Use OSIDB Bugzilla service account API key for majority of bzsync instead of user ones (OSIDB-3261)
- Adjust synchronous bzsync to only work one-way
- Move DEFER from historical to current possible affect resolution (OSIDB-3281)
- Cannot modify CVE of existing flaws (OSIDB-3102)
- Jira metadata collector is not deleting metadata on failure (OSIDB-3219)
- Avoid deadlocks by not triggering nested validations in m2m relationships (OSIDB-3244)
- Manually run validation avoiding duplicated trackers (OSIDB-3234)
- Add delay between Jira metadata fetch calls to prevent rate limiting (OSIDB-3298)
- Stop syncing Bugzilla SRT notes to Bugzilla flaw bugs
- Cannot fill trackers concurrently (OSIDB-3230)
- Remove message throttling in the API
- Implement message throttling in the API (OSIDB-894)
- Added contract priority description in trackers (OSIDB-3165)
- special_handling_flaw_missing_cve_description Alert to special_consideration_flaw_missing_cve_description (OSIDB-2955)
- special_handling_flaw_missing_statement Alert to special_consideration_flaw_missing_statement (OSIDB-2955)
- Allow setting empty impact value on flaw (OSIDB-3128)
- Temporarily move has trackers workflow requirement (OSIDB-3098)
- Handle Bugzilla errors in API request as 422 instead of 500 internal server error (OSIDB-3126)
- Handle DB deadlock errors triggered by concurrent API requests as 409 instead of 500 internal server error (OSIDB-3048)
- Propagate Jira errors to the user (OSIDB-3184)
- Fix duplicate comment issue leading in internal server error (OSIDB-3086)
- Handle flaw comments with&without bzimport or bifurcated history (OSIDB-3030)
- Alerts constrained unique so that bzimport doesn't block user requests (OSIDB-3048)
- Duplicate Alerts created concurrently in multiple threads handled correctly (OSIDB-3048)
- Make task collector ignore outdated issues (OSIDB-3085)
- Allow Flaw API to properly unassign owner in Jira (OSIDB-3145)
- Remove sync from Bugzilla from the async sync to Bugzilla (OSIDB-3199)
- Do not save to backend systems in JiraTaskSaver (OSIDB-3087)
- UnackedHandler only recommends active unacked streams (OSIDB-3160)
- Extend flaw-task linking to primarily use the CVE ID
- Fix Jira task collector (OSIDB-3064)
- Fix OSIDB-Bugzilla mid-air collision issues (OSIDB-3083)
- Null version of PsUpdateStream is not sent to Jira when creating a tracker (OSIDB-3078)
- Prefetch Alerts related models for each API endpoint (OSIDB-3053)
- Keep vulnerability-draft BZ component when rejecting flaw draft (OSIDB-3023)
- Fix external sync order in serializers (OSIDB-3029)
- Make Taskman service validate Jira token (OSIDB-2203)
- Implement a way to switch off each collector (OSIDB-2884)
- Generate Jira tracker "components" field (OSIDB-2988)
- Rudimentary API request logging (OSIDB-2514)
- Add query param to force creation of Jira task for old flaws on update (OSIDB-2882)
- Add collector for Jira tasks manually edited (OSIDB-1930)
- Update the SLA policy
- Workflow state of flaws without task automatically changes to 'NEW' (OSIDB-2989)
- Fixed Flaw CC list builder to generate CCs in Bugzilla format for both Bugzilla and Jira tracked PS modules (OSIDB-2985)
- Flaw comments create action respects is_private (OSIDB-3003)
- Add new OSV option into FlawSource
- Allow searching by CVE similarity (OSIDB-2482)
- Add CC lists to Jira trackers and to Bugzilla trackers (OSIDB-2191)
- Enable flaw draft creation in BZ (OSIDB-2261)
- Add support for UAT (OSIDB-2447)
- Added API for Alerts (OSIDB-325)
- Add bulk PUT for Affects (OSIDB-2407)
- Add Bugzilla token to promote API (OSIDB-2262)
- Enable creation of Jira tasks for collector flaws (OSIDB-2649)
- Add temporary JIRA stage http forwarder passing in params and headers (OSIDB-2734)
- Add link between trackers to flaws without CVE (OSIDB-2848)
- Support Bugzilla tracker creation/linking for non-Bugzilla flaws (OSIDB-2845)
- Add bulk-enabling parameter "sync_to_bz" to POST for Trackers (OSIDB-2609)
- Add bulk POST, DELETE for Affects (OSIDB-2722)
- Add audit history to Flaws and Affects (OSIDB-2269)
- Implement search on emptiness for several fields (OSIDB-2815)
- Add major_incident_start_dt field (OSIDB-2728)
- Add empty value to workflow_state (OSIDB-2881)
- Make workflows API RESTful (OSIDB-1716)
- Collect errata not linked to any flaws (OSIDB-1527)
- Minor change to enable perf tests to run in CI (OSIDB-2447)
- Allow editing flaws without affects in NEW state (OSIDB-2452)
- Fixed read replica to perform HTTP requests as atomic transactions (OSIDB-2585)
- Fixed Bugzilla sync not working when Jira task sync is enabled (OSIDB-2628)
- Ignore SLA if update stream specifies it's not applicable (OSIDB-2612)
- Allow filtering by empty or null CVE IDs (OSIDB-2625)
- Redesign of flaw comments to make them independent of Bugzilla (OSIDB-2760)
- Allow filling trackers for flaws without bz_id (OSIDB-2819)
- Split BBSync enablement switch into flaw and tracker ones (OSIDB-2820)
- Set "Target Release" field in Jira trackers (OSIDB-2727)
- Tracker resolution is now readonly (OSIDB-2746)
- Enable tracker suggestions for affects with new affectedness (OSIDB-2843)
- Correct endpoint for tracker filing schema (OSIDB-2847)
- Renamed Flaw "description" to "comment_zero" and "summary" to "cve_description" (OSIDB-2740)
- Update the workflow check of filed trackers (OSIDB-2799)
- Improve affect validation error messages (OSIDB-2893)
- Fix incorrect ACLs for flaw drafts (OSIDB-2263)
- Fix workflow rejection endpoint (OSIDB-2456)
- Fix FlawReference article count validation (OSIDB-2651)
- Fix not being able to set CVE ID to an empty string through the API (OSIDB-2702)
- Comments not properly updating when syncing from Bugzilla (OSIDB-1385)
- Account for empty string in target release of PS update stream (OSIDB-2909)
- CVSS "comment" field accepts null (OSIDB-2907)
- Remove "type" field from Affect (OSIDB-2743)
- Remove "type" field from Flaw (OSIDB-2735)
- Remove "state" field from Flaw (OSIDB-2736)
- Remove "resolution" field from Flaw (OSIDB-2737)
- Remove several cvss fields from Flaw (OSIDB-2749)
- Remove several cvss fields from Affect (OSIDB-2749)
- Remove "type" field from FlawComment (OSIDB-2745)
- Remove FlawMeta (OSIDB-2744)
- Remove "is_major_incident" field from Flaw (OSIDB-2741)
- Remove "meta_attr" field from FlawReference (OSIDB-2854)
- Remove "meta_attr" field from FlawAcknowledgment (OSIDB-2854)
- Remove "component" field from Flaw (OSIDB-2839)
- Remove "meta_attr" field from FlawComment (OSIDB-2747)
- Fix erratum-tracker linking (OSIDB-2752)
- Fix JiraTrackerConvertor linking of multi-CVE flaws (OSIDB-2708)
- Move flaw-affect-tracker linking to the tracker sync (OSIDB-1012, OSIDB-2587)
- Implement flaw unembargo mechanism (OSIDB-1177)
- Make ps_product property available in affect API
- Add Fedramp stream preselection handler (OSIDB-1876)
- Introduce CVSS v4 (OSIDB-528)
- Change tests to have default urls strings where it can't be blank (OSIDB-1679)
- Add label compliance-priority to jira trackers based on ps-constants compliance_priority.yml (OSIDB-2062)
- Expose alerts on API for every model alert supported model, mainly Flaw, Affect, Tracker (OSIDB-2065)
- Add support for additional_fields in Jira BTS (OSIDB-696)
- Add scripts/restore_pg.sh script for restoring sql dump
- Ignore hosts on VCR recording (OSIDB-1678)
- Included workflow fields in OpenAPI document for filtering (OSIDB-2083)
- Set migrated/duplicated delegated resolution to be ignored (OSIDB-1406)
- Update valid affectedness-resolution combinations (OSIDB-2143)
- Change Flaw API filter to allow a list of workflow_state (OSIDB-2208)
- SLA for compliance priority brought to parity with SFM2 (OSIDB-2257)
- Migrate data with outdated workflow_state values to the current ones (OSIDB-1718)
- Flaw CVSS score and Affect CVSS score are now readonly (OSIDB-2347)
- Fix Jira sync when bugzilla token is present (OSIDB-2171)
- Fix Bugzilla summary for first flaw creation (OSIDB-2190)
- Fix Jira tracker security level not being set based on embargo (OSIDB-2082)
- Removed writing operations in workflows when READ_ONLY is enabled (OSIDB-2336)
- Fix Flaw API allowing to sort by all fields (OSIDB-2367)
- Fix FlawCVSS and AffectCVSS "cvss_version" on API to show version enum
- Fix issue with tracker updates through Affect objects (OSIDB-2059)
- Ensure invalid fields passed to include_fields filter are ignored (OSIDB-2048)
- Fix issue with Flaw updates through collector (OSIDB-2050)
- Implement writable tracker API (OSIDB-1180)
- Command for manual sync of Flaws now also accepts CVEs (OSIDB-1544)
- Add new SOURCE option into FlawReferenceType (OSIDB-1556)
- Add new NVD option into FlawSource
- Implement SLA definition parsing and timestamp computation (OSIDB-1428)
- Implement tracker SLA start date setting (OSIDB-1393)
- Implement tracker SLA end date setting (OSIDB-96)
- Properly link Jira trackers to flaws on creation and update (OSIDB-1426)
- Add OSV collector (OSIDB-677)
- Added GIN indexes for Row Based Security performance on models
- Added MAX_CONNS to django db conf to enable better concurrency
- Workflow fields added into Flaw endpoints (OSIDB-1819)
- Implement after-flaw-update tracker update mechanism (OSIDB-97)
- Add label verification-requested to jira trackers with NEW affects (OSIDB-1185)
- Implement after-affect-update tracker update mechanism (OSIDB-97)
- Keep jira tracker labels added by people or other tools (OSIDB-1440)
- Add label contract-priority to jira trackers based on ps-constants contract_priority.yml (OSIDB-1709)
- Fix incorrect type bool of is_up2date field in /collectors/api/v1/status endpoint
- fix schema to reflect Erratum shipped_dt to be nullable
- Ensured serializer db calls are read_only
- Expose git commit id via OPENSHIFT_BUILD_COMMIT env var
- Fix Jira metadata collector to get all pages from a query (OSIDB-1124)
- Renamed OSIM module to Workflows (OSIDB-1395)
- Change settings to allow regex in CORS policy in stage environment (OSIDB-1737)
- Enhanced prefetches on Flaw, Affect, and Tracker api querysets
- Change default pg configs
- Adjust CONN_MAX_AGE and CONN_MAX_CONNS to maintain a minimal pool of idle db conns (OSIDB-1620)
- Tracker status field is read-only (OSIDB-1780)
- Change Bugzilla collector and Flaw model to allow multiple components in bz_summary (OSIDB-1420)
- Remove daily monitoring email for failed tasks / collectors (OSIDB-1215)
- Remove not used taskman APIs and services that has been intregated in OSIM (OSIDB-1321)
- Limit Celery worker to maximum amount of tasks (OSIDB-1540)
- Add Celery worker concurrency
- Maximum Bugzilla and Jira connection age (OSIDB-1592, OSIDB-1593)
- Made Querier objects independent on Collector objects (OSIDB-1592, OSIDB-1593)
- fix PS contact model (OSIDB-1445)
- Improve EPSS collector memory consumption
- Implement collector for ps-constants project (OSIDB-1199)
- Validate summary and requires_summary (OSIDB-1164)
- Validate impact and summary (OSIDB-1164)
- Implement tracker description generation (OSIDB-1173)
- Implement endpoint for suggesting trackers to file (OSIDB-90)
- Add shipped date to erratum model (OSIDB-1197)
- Flaw creation and update triggers a Jira task sync (OSIDB-861)
- Config gunicorn access log file depending on environment (OSIDB-879)
- Link tracker to flaw(s) on create/update (OSIDB-1182)
- Implement FlawCVSS and AffectCVSS APIs with filters (OSIDB-1105)
- Implement package_versions API (OSIDB-1066)
- is_up2date to collector status API (OSIDB-1328)
- Implement flaw filtering based on erratum id in API (OSIDB-1330)
- Implement filters for flaw references in API (OSIDB-1368)
- Reactivate OSIM module unit tests (OSIDB-1320)
- Deprecate various cvss fields in Flaw and Affect APIs (OSIDB-1105)
- Update CORS policy to allow bugzilla-api-key request header (OSIDB-1425)
- Change workflows to reflect current IR workflow (OSIDB-1319)
- Fix schema wrongly showing status code for DELETE methods being 204 whereas the actual returned status code is 200
- Remove the Django admin interface (OSIDB-1188)
- Reduce the total amount of records per page when querying Bugzilla (OSIDB-1232)
- Set AFFECTED as highest precedence resolution when calculating Affect.delegated_resolution (OSIDB-1230)
- Fix FlawCollector to account for an empty acknowledgment affiliation (OSIDB-1195)
- Implement major_incident_state in Flaw API (OSIDB-266)
- Implement a new FlawAcknowledgment API (OSIDB-1002)
- Implement requires_summary in Flaw API (OSIDB-1005)
- Implement ps_update_stream in Tracker API (OSIDB-1064)
- Implement daily monitoring email for failed tasks / collectors
- Implement nist_cvss_validation in Flaw API (OSIDB-1006)
- Implement additional tracker validations (OSIDB-787)
- Validate NIST RH CVSS feedback loop (OSIDB-334)
- Validate nist_cvss_validation and cvss_scores (OSIDB-1165)
- Implement tracker summary generation (OSIDB-1172)
- Change article link validation to be blocking (OSIDB-1060)
- Deprecate the "is_major_incident" field in Flaw (OSIDB-1103)
- Change CORS policy to allow credentials (OSIDB-1115)
- Validate MI and CISA MI separately (OSIDB-1104)
- Fix auto-timestamp issues (OSIDB-1171)
- Implement a new FlawReference API (OSIDB-71)
- Implement adding new flaw comments (OSIDB-81)
- Erratum advisory name to flaw filter (OSIDB-922)
- CORS allow-list functionality (OSIDB-967, OSIDB-965)
- Raw bugzilla summary to Flaw.meta_attr (OSIDB-1016)
- Set Jira trackers as public instead of embargoed when private (OSIDB-1013)
- Account for TRIAGE in the title/summary (OSIDB-999)
- Fix creation of references on flaw ingestion from Bugzilla
- Introduce flaw ownership through task management system (OSIDB-69)
- Implement task rejection in Taskman (OSIDB-74)
- Implement article validation for Major Incident flaw (OSIDB-655)
- Implement mitigation validation for Major Incident flaw (OSIDB-656)
- Implement statement validation for Major Incident flaw (OSIDB-657)
- Introduce new module for creating trackers in Jira (OSIDB-93)
- Introduce aditional metadata in tasks generated from Taskman (OSIDB-861)
- Integrate Jira tracker collector with collector framework (OSIDB-576)
- Make CVSSv3 score mandatory no more (OSIDB-901)
- Make Bugzilla collector aware of migration of old style acks to SRT notes (OSIDB-904)
- Fix BBSync flaw summary composition (OSIDB-902, OSIDB-909)
- Fix Bugzilla import not reflecting some attribute removals (OSIDB-910)
- Make flaw Bugzilla children entities respect flaw visibility (OSIDB-914)
- Git revision information on each request is fault-tolerant
- Retry mechanism for bzimport collector
- General performance improvements
- Fix Jira tracker collection bug (OSIDB-848)
- Introduce mitigation field into Flaw and update SRT notes generator (OSIDB-584)
- Introduce flaw component attribute
- Implement validation for allowed flaw sources (OSIDB-73)
- Implement task management module (Taskman) to keep and update task workflow in Jira (OSIDB-228, OSIDB-684, OSIDB-685, OSIDB-754)
- Expose task management module (Taskman) REST API (OSIDB-811)
- More granular filtering for Flaw, Affect and Tracker API endpoints (OSIDB-667)
- Ordering (ascending/descending) for Flaw, Affect and Tracker API endpoints (OSIDB-668)
- Implement proper NVD CVSS score collector (OSIDB-632)
- Rework the mapping from Bugzilla sumary to OSIDB title and vice versa (OSIDB-694)
- Allow updates of flaws with multiple CVE IDs in Bugzilla (OSIDB-382)
- Deprecate "state" and "resolution" in Flaw (OSIDB-73)
- Increase the maximum length of "cwe_id" field in Flaw to 255 (OSIDB-73)
- Make API requests transactional (OSIDB-232)
- Rename REQUIRES_DOC_TEXT to REQUIRES_SUMMARY in FlawMeta (OSIDB-73)
- Minimize mid-air collisions (OSIDB-765)
- API delete methods now returns HTTP 200 status instead of 204 upon succesful delete
- Remove "state" and "resolution" from FlawHistory (OSIDB-73)
- Implement Bugzilla SRT notes builder in Bugzilla Backwards Sync (OSIDB-384)
- Implement validation for flaw without affect (OSIDB-353)
- Implement validation for changes in flaws with high criticicity with open tracker (OSIDB-347)
- Implement validation for components affected by flaws closed as NOTABUG (OSIDB-363)
- Implement validation for invalid components in software collection (OSIDB-356)
- Implement Bugzilla metadata collector
- Implement validation for services related products with WONTREPORT resolution (OSIDB-362)
- Implement validation for combinations of affectedness and resolution (OSIDB-360)
- Implement a new API for getting a list of all supported products (PSINSIGHTS-593)
- Implement CC list builder in Bugzilla backwards sync (OSIDB-386)
- Implement validation for affects with exceptional combination of affectedness and resolution (OSIDB-361)
- Implement validation for affects marked as WONTFIX or NOTAFFECTED with open trackers (OSIDB-364)
- Implement validation for affected special handled modules without summary or statement (OSIDB-328)
- Implement validation for flaws with private source without ACK (OSIDB-339)
- Implement validation for unknown component (OSIDB-355)
- Implement temporary NVD collector (OSIDB-632)
- Implement Exploits report data API endpoint (PSINSIGHTS-764)
- Implement ACL validations (OSIDB-691)
- Implement non-empty impact validation (OSIDB-758)
- Integrate Bugzilla backwards sync into the flaw and affect save (OSIDB-240)
- Introduce Bugzilla API key as a serializer attribute (OSIDB-368)
- Implement non-empty source validation (OSIDB-759)
- Local development instance is now able to switch between stage and production easily via env variables
- Change logging of celery and django to filesystem (OSIDB-418)
- Implement validation for CWE ID chain in a Flaw (OSIDB-357)
- Implement validation for embargoed flaws not be able to have public trackers (OSIDB-350)
- Fix Jira tracker created and updated timestamps (OSIDB-14)
- Fix errata created and updated timestamps (OSIDB-453)
- Restrict write operations on placeholder flaws (OSIDB-388)
- Avoid recreating flaws on CVE ID changes whenever possible (OSIDB-392)
- Remove unsused data prestage_eligible_date from schemas (OSIDB-695)
- Revise the allowed API view HTTP methods on models restricting flaw deletion and all tracker write methods (OSIDB-748)
- Bugzilla API key is send via Bugzilla-Api-Key HTTP header
- Remove deprecated mitigated_by field (OSIDB-753)
- Make sure the unacked PS update stream is always linked to PS module (OSIDB-637)
- Link unacked PS update stream to PS module on product definitions sync (OSIDB-629)
- Increase PS component name length from 100 to 255 characters (OSIDB-635)
- Catch tracker sync exceptions individually (OSIDB-580)
- Implement complete Bugzilla groups handling in Bugzilla Backwards Sync (OSIDB-387)
- Support (CISA) Major Incident label in tracker description (OSIDB-579)
- Fix Errata collector saving to handle advisory name change (OSIDB-565)
- Fix Errata collector design to periodically refresh data (OSIDB-433)
- Flaw mitigated_by field is now deprecated and will be completely removed in the next major release (OSIDB-126)
- Fix component matching from tracker description (OSIDB-464)
- Store FlawMeta alerts on FlawMeta instead of on Flaw
- Prevent pgtrigger recreating triggers (OSIDB-429)
- Helper for manual flaw synchronization (OSIDB-389)
- Usage of django-deprecate-fields package for model field deprecation (OSIDB-126)
- Fix an issue with FlawSource validation for sources that can be both public and private (OSIDB-450)
- Fix an issue with CVSSv3 validation that was preventing some flaws from being synchronized in OSIDB (OSIDB-426, OSIDB-427)
- Authentication is no longer compulsory for read-only requests against the main OSIDB endpoints such as /flaws, /affects and /trackers (OSIDB-313)
- Fix an issue in which the Jiraffe collector was calling Tracker.affect instead of Tracker.affects (ManyToMany field) which resulted in some failed JIRA tracker synchronizations.
- Treat collector failures due to already running collectors or due to waiting for dependencies as celery Retry exceptions.
- OSIDB now uses publicly available images from docker.io (OSIDB-170)
- fix bug that Major Incident can be unset by unrelated BZ flag (OSIDB-416)
- CISA collector to run hourly rather than daily (PSINSIGHTS-635)
- support for CVE-less flaws (OSIDB-25)
- unified logging across the whole OSIDB
- validate hightouch and hightouch-lite flag value combinations (OSIDB-329)
- validate differences between Red Hat and NVD CVSS score and severity (OSIDB-333)
- validate that embargoed flaws do not have public sources (OSIDB-337)
- validate that flaws from public sources don't contain ack FlawMetas (OSIDB-338)
AlertMixin
for the creation of easily-serializable alerts on a per-record basis for any model that inherits from said mixin (OSIDB-324)- validate that an Affect's
ps_module
exists in product definitions (OSIDB-342) - EPSS data API for Red Hat vulnerabilities (PSINSIGHTS-636)
- disable krb5 log redirection in stage and production playbooks.
- disable opportunistic_auth when contacting Errata Tool and removed the authentication call from the constants file which meant that ET authentication would happen every time the code was loaded, generating a lot of auth calls and logs.
- change the way that data is synchronized to be more fault-tolerant, things like tracker fetching will no longer make the entire flaw sync fail.
- fix a bug where only certain metadata were being correctly synchronized between BZ and OSIDB which resulted in things like typos in acknowledgments persisting in OSIDB despite being removed from BZ.
- fix a bug in which the scheme in next/previous links in paginated responses was http:// and not https://.
- fix a bug with the way that the collector framework parsed crontab strings.
- fix various bugs with the collector framework instantiation process.
- fix a bug with the way that collector dependencies were being handled.
- fix a bug in which FlawMeta were not being updated correctly due to an ACL issue.
- update product exclusion lists.
- fix a bug in which the exploit collectors were not working properly due to an ACL issue.
- fix an issue with duplicate affects generating database errors.
- add various Dockerfile optimizations.
- add API for exploit report processing.
- add a mechanism to reflect CVE changes and/or removals.
- remove audit mechanisms and tables from main models.
- remove obsoleted bzload.py script.
- remove outdated service schema.
- remove obsoleted funcspec.
- remove prodsec lib dependency.
- fix an issue with existing FlawMeta objects not being updated if the parent Flaw was itself updated, meaning that FlawMeta could be kept as embargoed if the Flaw was unembargoed.
- fix a change that broke backwards compatibility with IRD, this fix reverts the changes to the empty value of enumerations from "" back to "NONE", only IRD clients should be affected.
- fix an issue with objects not being saved to the database due to a bad interaction between FlawSaver and TrackerBugConvertor (OSIDB-142)
- add tracker timestamps (OSIDB-62)
- provide erratum ID on API together with advisory ID (OSIDB-128)
- create flaw draft (OSIDB-68)
- API for Insights Vulnerability application (PSINSIGHTS-608)
- start using the "Keep a Changelog" format for the CHANGELOG.md
- reviewed and unified the database fields accross all the models (OSIDB-16)
- fix and unify creation and modification timestamps handling (OSIDB-62, OSIDB-82)
- major Bugzilla collection reliability rework (OSIDB-17, OSIDB-130)
- ignore and remove testing Bugzilla bugs (OSIDB-111)
- reflect related entity removal on flaw sync (OSIDB-78)
- improve flaw source handling (OSIDB-61)
- remove Flawzilla testing app (OSIDB-18)
- remove old collector APIs (OSIDB-20)
- ensure API ordering is reproducible - fixes pagination issue (OSIDB-133)
- add /osidb/whoami endpoint to expose currently logged in user information
- add /affects, /trackers endpoints and allow CRUD operations
- add collector for Errata Tool IDs and expose "errata that fix this tracker"
- track OSIDB users' bugzilla and jira usernames
- unify metadata across all api responses
- fix Bugzilla flag syncing causing Major Incident update issues (PSDEVOPS-3406)
- fix collector ACLs causing unembargo staleness (PSDEVOPS-3449)
- fix flaw source typos causing minor sync issues (PSDEVOPS-3373)
- remove status metadata from responses
- add CPaaS pipeline credential mapping (PSDEVOPS-2569)
- update version to 1.1.2
- apply correct update/create dates to flaws, affects, and trackers (PSDEVOPS-3365)
- move DEVELOP.md and TUTORIAL.md to docs directory
- update version to 1.1.1
- do not pass uuid as groups to set_user_acls
- add update schema step to OSIDB release docs
- add schema extension for custom auth class
- add exploit collectors (PSINSIGHTS-538, PSINSIGHTS-541)
- implement more granular LDAP control groups (PSDEVOPS-2664)
- implement Product Definitions collector
- add tracker QE owner attribute (PSDEVOPS-3219)
- implement read-only mode and enable for prod (PSDEVOPS-3203)
- raise OSIDB version to 1.1.0
- update documentation regarding LDAP groups
- increase osidb-service route timeout from 30s to 300s
- update django version to fix known vulnerabilities
- validate peer cert chain and hostname for LDAP connections
- allow bzimport to import testing embargoed data to stage
- provide redis credentials and certificates for osidb-service
- implement kerberos authentication via SPNEGO protocol
- document OSIDB versioning
- add sections about more advanced Flaw queries in tutorial
- implement collector framework API
- implement example collector
- implement collector framework
- update version to 1.0.0
- enable krb5_auth in stage
- fix CVSS string storing
- migrate from DRF tokens to JWT for auth (PSDEVOPS-3140)
- load Bugzilla dates as timezone aware
- use osidb-service image for flower instead of dockerhub image
- secure redis instance by enabling TLS (PSDEVOPS-3128)
- secure redis instance with basic authentication (PSDEVOPS-3128)
- enable TLS endpoint verification in ansible playbooks (PSDEVOPS-3110)
- improve flaws endpoint performance for cve_id and change_after params (PSDEVOPS-3209)
- refactor URLs and the landing page
- fix changed_after and changed_before filters
- fix or refactor attribute validations
- fix schema definition
- accommodate flawdb->osidb rename in openshift
- fix OSIDB name on the main page
- modify tracker_ids query param to filter out non relevant affects
- update query parameters description in API schema
- update LDAP groups docs
- turn off CWE validation as it is too simple
- deprecate Basic and Session auth for API endpoints (PSDEVOPS-3126)
- update version to 0.0.2
- enable service accounts in prod
- this is the initial OSIDB version
- see git repo for the older changes