@@ -1095,7 +1095,7 @@ <h4>Overall Summary</h4>
10951095 const data = await response . json ( ) ;
10961096
10971097 // Separate releases from release branches
1098- if ( version . startsWith ( 'release_' ) || version . startsWith ( 'release/' ) ) {
1098+ if ( version . startsWith ( 'release_' ) || version . startsWith ( 'release/' ) || version . startsWith ( 'master-' ) ) {
10991099 branches [ version ] = data ;
11001100 } else {
11011101 releases [ version ] = data ;
@@ -1289,7 +1289,7 @@ <h4>Overall Summary</h4>
12891289
12901290 function updateBranchFilter ( ) {
12911291 const select = document . getElementById ( 'branchFilter' ) ;
1292- const branches = Object . keys ( dashboardData . branches || { } ) . sort ( ) ;
1292+ const branches = Object . keys ( dashboardData . branches || { } ) . sort ( ) . reverse ( ) ;
12931293
12941294 // Clear existing options except "All Branches"
12951295 select . innerHTML = '<option value="all">All Branches</option>' ;
@@ -1363,6 +1363,13 @@ <h4>Overall Summary</h4>
13631363 const severity = summary . by_severity || { } ;
13641364 const scanDate = new Date ( data . scan_date ) . toLocaleDateString ( ) ;
13651365
1366+ // Check if this is a v5.0 version (including release branch)
1367+ const isV50 = version . startsWith ( 'v5.0' ) || version . includes ( 'release/v5.0' ) || version . includes ( 'release_v5.0' ) ;
1368+
1369+ // Check if this version has no SBOM support
1370+ const unsupportedSBOMVersions = [ 'v5.1' , 'v5.0.3' , 'v5.0.2' , 'v5.0.1' , 'v5.0' ] ;
1371+ const hasNoSBOMSupport = unsupportedSBOMVersions . includes ( version ) ;
1372+
13661373 const vulnSummaryHtml = [
13671374 severity . CRITICAL && `<span class="vuln-badge critical">Critical: ${ severity . CRITICAL } ,
13681375 severity . HIGH && `<span class="vuln-badge high">High: ${ severity . HIGH } ,
@@ -1399,8 +1406,12 @@ <h4>Overall Summary</h4>
13991406 </div>
14001407 </div>
14011408 <div class="vulnerability-summary">
1402- ${ vulnSummaryHtml || '<span class="vuln-badge" style="background: rgba(40, 167, 69, 0.1); color: var(--success-color);">No known vulnerabilities</span>' }
1403- ${ vulnerabilities . length > 0 ? `<button class="toggle-btn" onclick="toggleDetails('${ version } : '' }
1409+ ${ hasNoSBOMSupport
1410+ ? '<span class="vuln-badge" style="background: rgba(108, 117, 125, 0.1); color: var(--dark-gray);">No SBOM support available</span>'
1411+ : ( vulnSummaryHtml || '<span class="vuln-badge" style="background: rgba(40, 167, 69, 0.1); color: var(--success-color);">No known vulnerabilities</span>' )
1412+ }
1413+ ${ isV50 ? '<span class="vuln-badge" style="background: rgba(220, 53, 69, 0.1); color: var(--danger-color); font-size: 0.7rem;">EOL</span>' : '' }
1414+ ${ vulnerabilities . length > 0 && ! hasNoSBOMSupport ? `<button class="toggle-btn" onclick="toggleDetails('${ version } : '' }
14041415 </div>
14051416 <div class="vulnerability-details" id="details-${ version }
14061417 ${ vulnerabilityDetailsHtml }
@@ -1447,7 +1458,7 @@ <h4>Overall Summary</h4>
14471458 branches = branches . filter ( ( [ version , data ] ) => version === branchFilter ) ;
14481459 }
14491460
1450- branches . sort ( ( [ a ] , [ b ] ) => a . localeCompare ( b ) ) ;
1461+ branches . sort ( ( [ a ] , [ b ] ) => b . localeCompare ( a ) ) ;
14511462
14521463 const branchesHtml = branches . map ( ( [ version , data ] ) => {
14531464 const vulnerabilities = data . vulnerabilities || [ ] ;
@@ -1501,7 +1512,7 @@ <h4>Overall Summary</h4>
15011512
15021513 // Generate cross-reference content similar to releases
15031514 const content = document . getElementById ( 'branchCveAnalysisContent' ) ;
1504- const allVersions = Object . keys ( dashboardData . branches || { } ) . sort ( ) ;
1515+ const allVersions = Object . keys ( dashboardData . branches || { } ) . sort ( ) . reverse ( ) ;
15051516
15061517 if ( cveMap . size === 0 ) {
15071518 content . innerHTML = '<p>No CVE data available for branch analysis.</p>' ;
@@ -1599,12 +1610,21 @@ <h5>${cveId}
15991610 // Find ESP-IDF versions where this CVE is NOT present (i.e., fixed)
16001611 const allVersions = Object . keys ( dashboardData . releases ) . sort ( ( a , b ) => compareVersions ( a , b ) ) ;
16011612 const affectedVersions = cveData . affectedVersions ;
1602- const fixedInVersions = allVersions . filter ( version => ! affectedVersions . includes ( version ) ) ;
1613+ const allFixedVersions = allVersions . filter ( version => ! affectedVersions . includes ( version ) ) ;
1614+
1615+ // Only show incremental releases (newer than the latest affected version)
1616+ const latestAffectedVersion = affectedVersions . length > 0
1617+ ? affectedVersions . sort ( ( a , b ) => compareVersions ( b , a ) ) [ 0 ] // Get newest affected
1618+ : null ;
1619+
1620+ const fixedInVersions = latestAffectedVersion
1621+ ? allFixedVersions . filter ( version => compareVersions ( version , latestAffectedVersion ) > 0 )
1622+ : allFixedVersions ;
16031623
16041624 if ( fixedInVersions . length === 0 ) {
16051625 return `
16061626 <div class="no-fix-info">
1607- ⚠️ CVE ${ cveId } appears to be present in all scanned ESP-IDF releases .
1627+ ⚠️ CVE ${ cveId } is not fixed in any ESP-IDF release newer than the latest affected version .
16081628 Consider updating component to version: ${ cveData . fixedVersions . join ( ', ' ) || 'Check component documentation' }
16091629 </div>
16101630 ` ;
@@ -1677,13 +1697,24 @@ <h5>${cveId}
16771697
16781698 const crossRefHtml = `
16791699 <div style="margin-bottom: 1rem; color: var(--dark-gray);">
1680- This analysis shows which ESP-IDF releases contain each CVE and which releases have fixes.
1700+ This analysis shows which ESP-IDF releases contain each CVE and which newer releases have fixes.
1701+ Only incremental releases (newer than the latest affected version) are shown as fix targets.
16811702 Use this information to plan migrations and understand security improvements across versions.
16821703 </div>
16831704
16841705 ${ cveList . map ( ( [ cveId , cveData ] ) => {
16851706 const affectedVersions = cveData . affectedVersions . sort ( ( a , b ) => compareVersions ( a , b ) ) ;
1686- const fixedVersions = allVersions . filter ( v => ! affectedVersions . includes ( v ) ) ;
1707+ const allFixedVersions = allVersions . filter ( v => ! affectedVersions . includes ( v ) ) ;
1708+
1709+ // Only show incremental releases (newer than the latest affected version)
1710+ const latestAffectedVersion = affectedVersions . length > 0
1711+ ? affectedVersions . sort ( ( a , b ) => compareVersions ( b , a ) ) [ 0 ] // Get newest affected
1712+ : null ;
1713+
1714+ const fixedVersions = latestAffectedVersion
1715+ ? allFixedVersions . filter ( version => compareVersions ( version , latestAffectedVersion ) > 0 )
1716+ : allFixedVersions ;
1717+
16871718 const severityClass = ( cveData . severity || 'unknown' ) . toLowerCase ( ) ;
16881719
16891720 return `
@@ -1708,7 +1739,7 @@ <h5>${cveId}
17081739 <div style="margin-top: 0.5rem;">
17091740 ${ fixedVersions . length > 0
17101741 ? fixedVersions . map ( v => `<span class="idf-version-badge">${ v } ) . join ( ' ' )
1711- : '<span style="color: var(--danger-color);">Not fixed in scanned releases </span>'
1742+ : '<span style="color: var(--danger-color);">No newer releases with fix available </span>'
17121743 }
17131744 </div>
17141745 </div>
@@ -1726,7 +1757,7 @@ <h5>${cveId}
17261757 <div style="margin-top: 2rem; padding: 1rem; background: #f8f9fa; border-radius: 4px; font-size: 0.9rem; color: var(--dark-gray);">
17271758 <strong>Legend:</strong><br>
17281759 • <span style="color: var(--danger-color);">Affected Releases</span>: ESP-IDF versions where the CVE is present<br>
1729- • <span style="color: var(--success-color);">Fixed Releases</span>: ESP-IDF versions where the CVE has been resolved<br>
1760+ • <span style="color: var(--success-color);">Fixed Releases</span>: ESP-IDF versions newer than the latest affected version where the CVE has been resolved<br>
17301761 • Component fixes refer to the specific library version that resolves the CVE
17311762 </div>
17321763 ` ;
0 commit comments