Skip to content

Releases: gocsaf/csaf

v3.0.0 - Beta 1

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 27 Sep 15:32
7a8cdb6

Highlights

  • All tools are now able to store their configurations in .toml files.
  • Breaking change: Support for .ini files in the uploader is dropped.
  • The checker, downloader and aggreator are now able to filter down the fetched advisories by time ranges and regular expressions of their URLs.
  • Breaking change: The legacy -years flag is removed from the checker.
  • The downloader now uses structured logging to make it easier to process the resulting logs.
  • The downloader is now able to use a configurable folder to download into.
  • Breaking change: The -verbose flag was removed. The level of detail is now handled by the configurable log level.
  • The downloader is now able to forward the downloaded advisories to a configurable endpoint.
  • Breaking change: To compile the tools at least Go 1.21 is needed.

To reflect the breaking changes we bumped the major version from v2 to v3.

PRs

  • #467: Lift distribution from v2 to v3
  • #466: Integration Tests: Remove verbose flag from downloader
  • #465: Downloader: Document the implementes forward API
  • #464: Downloader: Remove verbose flag
  • #463: Downloader: unit tests for stats
  • #461: Change release action to use elder Ubuntu runner
  • #460: Unit tests of internal packages
  • #458: feat: log redirects
  • #450: downloader: Drop time precision below seconds in log output.
  • #447: downloader: Fix logging docs and some comments
  • #445: Improve code comment
  • #444: downloader: improve code comments
  • #443: Downloader: Add structured logging, fails storing and statistics
  • #442: Downloader: Add forwarding to HTTP endpoint
  • #441: Checker: Fix checking of missing files
  • #440: aggregator: Look for config files in similiar places like the other tools
  • #439: uploader: use the TOML config file infrastructure, too.
  • #436: Update dependencies
  • #435: Document potential security issue with plain PEM passwords.
  • #443: Document regular expression syntax used for filtering URLs.
  • #442: Aggregator: Add time range filtering
  • #431: No longer set timestamp of version as part of go version in prepareUbuntuInstanceForITests
  • #430: Checker: remove years flag
  • #429: Error to explaining warning when loading lpmd messages in checker
  • #424: Aggregator: Add support for client certificates and extra header
  • #423: Downloader: Add support for client certificates
  • #422: Checker: Add time range to report
  • #421: Aggregator: ignore advisories by given patterns
  • #420: Checker: ignore advisories by given patterns
  • #419: Downloader: ignore advisories by given patterns
  • #418: Add option to specify download folder
  • #416: Fix version config and make aggreator use new command line parser.
  • #414: Checker: Make time range configurable to check advisories from
  • #413: Downloader: Make time range configurable to download advisories from
  • #412: Add TOML config to checker
  • #409: Make rolie or directory listing mandatory
  • #406: Track whether files could not be accessed and report it when reporting about accessibility of TLP:WHITE advisories
  • #405: Use TOML as config file format in downloader
  • #404: Add support for config files in downloader.

Release 2.2.0

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 14 Jul 09:16
de27a66

Highlights

  • Role based reporting in the checker.
  • Improved output in error cases and in the checker report.
  • The downloader is now able to fetch more than one advisory at once.
  • Needs at least Go 1.20 to build the tools.
  • Various bug fixes.

PRs

  • #391: Complete requirement 4 (ROLIE)
  • #401: Add info for Req 8-10 if direct url was given and as such no checks were performed.
  • #400: Allow http redirects
  • #393: Dont use string comparison to rank labels.
  • #390: Check for advisoryLabel instead of feedlabel.
  • #388: Use Set type
  • #389: Update third party libraries
  • #382: Improve error message if filename does not match document/tracking/id and let it be reported by the proper reporter
  • #357: Empty rolie
  • #373: Role requirements 11-14 or 15-17
  • #378: Burn v2 version into binaries.
  • #370: Fix pmd crash
  • #369: Simplified requirement 15
  • #372: We need at least Go 1.20
  • #371: Fix go.mod and internal dependencies for major verison v2
  • #366: Prepare infrastructure for role based reporting
  • #365: Check that filename matches /document/tracking/id
  • #361: Be more verbose in case of signature check failures
  • #363: Add concurrent downloads to downloader.
  • #362: Update 3rd party libraries.
  • #364: doc: improve rate default documentation
  • #355: Add revive action to workflows
  • #328: Enforce application/json when uploading advisories to provider.

2.1.0

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 28 Feb 16:48

For changes see milestone "Release 2.1.0"

2.0.0

Choose a tag to compare

@tschmidtb51 tschmidtb51 released this 26 Sep 16:13
1189d53
  • BREAKING CHANGE: code can now only be compiled with Go versions newer than 1.19.1
  • add a .gitignore

First stable release

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 31 Aug 14:57

This is considered the first stable version as it has passed the internal testings. :-)

v0.9.6

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 26 Aug 15:11
70b4e18
  • Interim mode of aggregator should work now.
  • Publishers are now llisted in aggregator.json correctly.
  • Columns in changes.csv are now always written in double quotes.
  • Various bug fixes.

v0.9.5

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 01 Aug 13:41
892a0b9

More bug fixes.

v0.9.4

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 25 Jul 15:22
dce0a9b
  • Fixed some issue

v0.9.3

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 11 Jul 12:45
3ed1d3a
  • Extended ROLIE services and category documents.
  • Prefer ROLIE in provider.

v0.9.2

Choose a tag to compare

@s-l-teichmann s-l-teichmann released this 23 Jun 15:43
38d3679
  • Add support for external advisory validation
  • Add csaf_downloader