News
Vulnerability-Lookup 2.3.0 released

Vulnerability-Lookup 2.3.0 released

December 17, 2024

 #Vulnerability-Lookup#release

🎉 We’re really excited to unveil Vulnerability-Lookup 2.3.0—our festive Christmas Release! 🎄🎁

It includes new features, new importers, improvements and fixes.

✨ What’s New

  • Pub/Sub Mechanism: A streaming service implemented using a Publish/Subscribe (Pub/Sub) pattern powered by Valkey. Available channels: vulnerability, comment, bundle, and sighting. For more details, see the documentation (#92).

    • FediVuln now supports streaming information from a Valkey Pub/Sub service or an authenticated HTTP event-stream (both provided by Vulnerability-Lookup internals) to the Fediverse. Templates are used to render statuses, with the appropriate template selected based on the channel where the event originates.

  • CISA Vulnrichment importer (as meta for CVE): The CISA Vulnrichment project is the public repository of CISA’s enrichment of public CVE records through CISA’s ADP (Authorized Data Publisher) container. In this phase of the project, CISA is assessing new and recent CVEs and adding key Stakeholder-Specific Vulnerability Categorization (SSVC) decision points. Once scored, some higher-risk CVEs will also receive enrichment of CWE and/or CVSS data points, where possible. The web interface will highlight this information related to the CVEs in the next release More information. (#42)

  • CWE (Common Weakness Enumeration) and CAPEC (Common Attack Pattern Enumeration and Classification) importers (#97)

  • New NCSC-NL CSAF Importer: (#94)

  • New Route: /api/vulnerability/cpesearch/<string:cpe> to retrieve vulnerabilities by CPE (Common Platform Enumeration). (41f8471)

  • New Website: A brand-new website featuring announcements and official documentation: https://www.vulnerability-lookup.org

🛠️ Changes

  • Improved lookup for the cvelistv5_view macro description. (f4a929c)

  • Added the ability for users to specify a source for sightings. (2be4eef)

  • Updated kvrocks configuration with Docker support. (f864138)

  • Added new with_linked, with_comments, with_bundles, and with_sightings arguments to the Vulnerability resource for the GET method. (8cb595)

Fixes

  • Fail fast if Valkey/Redis fails to start. (#93)

  • Fixed various minor issues in the HTML templates.

Custom sighting Publish events to Fediverse NCSC-NL feeder

🙏 Thank you very much to all the contributors and testers!

Vulnerability-Lookup 2.2.0 releasedVulnerability-Lookup 2.4.0 released 🚀