Releases: aboutcode-org/vulnerablecode
Releases · aboutcode-org/vulnerablecode
Release list
v40.0.1
Immutable
release. Only release title and notes can be modified.
What's Changed
- Add support for CVSS severity curation by @keshav-space in #2359
- Refine package curation workflow by @keshav-space in #2365
- Avoid converting None to "None" in AdvisorySeverity by @keshav-space in #2366
- Add throttling info in docs by @TG1999 in #2368
- Prepare for release v40.0.1 by @TG1999 in #2370
Full Changelog: v40.0.0...v40.0.1
v40.0.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- Fix malformed CVSS severity scores by @keshav-space in #2360
- Disable v1 API, UI & pipelines by @TG1999 in #2358
- Prepare for v40.0.0 release by @TG1999 in #2362
- Fix templates for package search by @TG1999 in #2363
Full Changelog: v39.0.0...v40.0.0
VulnerableCode V1/V2 EOL - Database Dump
Immutable
release. Only release title and notes can be modified.
This is the final release supporting the V1 and V2 API formats.
As announced in January 2026, support for the V1 and V2 APIs ended on June 20, 2026.
If you need to continue using the V1 or V2 formats, use this release together with the database dump: vulnerablecode_v1-2026-07-01.sql.zst
All future releases will support the V3 format only.
v39.0.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- fix: add migration to clean VERS with no constraints by @keshav-space in #2295
- fix: add data migration to fix alpine version range by @keshav-space in #2297
- Refactor doc to restructure and improve #1943 by @DennisClark in #2257
- feat: detect advisory conflicts at package alias intersections and compute partially curated advisories by @keshav-space in #2276
- Remove ubuntu OVAL importer and set remove dupe advisories to run as once by @TG1999 in #2301
- Add support for Reference Fix Commits improver by @ziadhany in #2163
- Add support for glib importer by @ziadhany in #2118
- Create a pipeline to continuously collect various URLs and archive them. by @ziadhany in #2233
- Add GitHub PoC collector by @ziadhany in #2024
- Collect existing fix commits for Linux Kernel by @ziadhany in #1989
- Update federated library to work with the latest federation config by @keshav-space in #2310
- Add datasource ID by @TG1999 in #2309
- feat: add UI to expose curation queue by @keshav-space in #2314
- Add curation dashboard to resolve conflicting package version range by @keshav-space in #2316
- Change architecture to import and marking advisories as usable by @TG1999 in #2287
- Correct logic for non vuln versions by @TG1999 in #2335
- Update API V3 docs by @TG1999 in #2336
- docs: update installation guide by @keshav-space in #2337
- Fix exploit ehancement pipelines by @TG1999 in #2340
- Add API/ UI support for Patch/PackageCommitPatch by @ziadhany in #2179
- Rename introduced_in_patch/fixed_in_patch to introduced_in_patches/fixed_in_patches by @ziadhany in #2343
- Optimize api v3 next by @TG1999 in #2345
- Add ALTCHA verification in UI by @TG1999 in #2346
- Increase frequency and priority for critical pipelines by @keshav-space in #2344
- Add a user agent with documentation by @TG1999 in #2347
- Update changelog for next release by @TG1999 in #2349
- Fix failing V2 pipelines by @TG1999 in #2350
- Improve altcha challenge flow and reduce session timeout by @keshav-space in #2348
- Bump version for v39.0.0 by @TG1999 in #2351
- fix(ui): remove typo in column class by @keshav-space in #2352
- Return context for package views by @TG1999 in #2353
Full Changelog: v38.6.0...v39.0.0
v38.6.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- fix: fix AdvisoryDataV2 deserialization and validate version ranges correctly by @keshav-space in #2285
- fix: add missing clean_downloads step for alpine_linux v2 importer by @ziadhany in #2282
- fix: validate aliases for alpine linux, mattermost, fireeye, istio by @ziadhany in #2274
- fix: ignore conflicts while bulk creating v2 packages by @keshav-space in #2289
- fix: delete AdvisorySet associated with malformed aliases by @keshav-space in #2291
- fix: use shared cache backend across WSGI workers by @keshav-space in #2290
- Release v38.6.0 by @TG1999 in #2292
Full Changelog: v38.5.0...v38.6.0
v38.5.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- feat: add new field to track latest version of v2 advisory by @keshav-space in #2268
- fix: use is_latest field to get latest advisory for an avid by @keshav-space in #2270
- Optimize V3 API by @TG1999 in #2269
- make package_url field unique for PackageV2 by @TG1999 in #2273
Full Changelog: v38.4.0...v38.5.0
v38.4.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- fix: run pipeline scheduling jobs in respective queues by @keshav-space in #2263
- feat: show queue load factors on the pipeline dashboard by @keshav-space in #2264
- chore: prepare v38.4.0 release by @keshav-space in #2265
Full Changelog: v38.3.0...v38.4.0
v38.3.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- feat: add high priority queue and run version range unfurling pipeline more frequently by @keshav-space in #2256
- chore: prepare v38.2.0 release by @keshav-space in #2259
- chore: enable verbose logging release ci and prepare v38.3.0 release by @keshav-space in #2260
Full Changelog: v38.1.0...v38.3.0
v38.1.0
Immutable
release. Only release title and notes can be modified.
v38.0.0
Immutable
release. Only release title and notes can be modified.
What's Changed
- Store advisory content hash by @TG1999 in #2207
- Bump fetchcode to v0.8.2 by @keshav-space in #2222
- Publish vulnerablecode to pypi using trusted publisher by @keshav-space in #2223
- chore(security): pin down dependencies and workflow actions by @keshav-space in #2236
- Group advisories with common identifiers and same affected range by @TG1999 in #2206
Full Changelog: v37.0.0...v38.0.0