2.23.1

Full Changelog: 2.23.0...2.23.1

2.23.0

What's Changed

• ROX-8402: Append Scanner Version to API responses by @RTann in #515
• Use easyjson for v1.LayerEnvelope by @connorgorman in #599
• Drop Fedora Support by @RTann in #601
• ROX-7520: Add Busybox namespace detector by @jvdm in #587
• Update testcases for newly triaged Ubuntu vulns by @RTann in #615
• Revert "Adaptively allocate in lazy_reader (#591)" by @c-du in #620
• Read first 8 bytes instead of 7 for npm analysis by @RTann in #624
• Use the length of "function" instead of hardcoding the length for NPM analysis by @RTann in #625
• Bump the docker registry client to avoid the connection leak by @misberner in #629
• matcher cleanup by @RTann in #605
• Add Diskbased lazy reader to address scanner OOM by @c-du in #626
• Fix absolute path symbol link by @c-du in #632
• Add Severity to Image Scan gRPC by @RTann in #627
• RHACS-64: Update opencontainers/image-spec to >= v1.0.2 by @RTann in #633
• Stablize scale-test with increased timeout and failure check by @c-du in #631
• Add ELF file upper limit and lazy reader upper limit config by @c-du in #606
• Check for Sensor CN in slim mode by @RTann in #635
• RS-381: Drop retagging with -rhel by @vikin91 in #643
• ROX-9491: Validate both Central and Sensor peer certificates by @RTann in #640
• Update expectation in tests for CVE-2020-9488 by @RTann in #646
• New Genesis Dump 2022-03-07 by @jvdm in #647

New Contributors

• @jvdm made their first contribution in #587

Full Changelog: 2.22.0...2.23.0

2.21.5

• Bump the docker registry client to avoid the connection leak

Full Changelog: 2.21.4...2.21.5

2.21.4

What's Changed

• Add script for updating certs (#549)
• Update builds to go1.17.2 (#537)
• Update Ubuntu tests for re-triaged vulns by @RTann in #614

Full Changelog: 2.21.3...2.21.4

2.22.1

• Drop Fedora Support (#601)

2.22.0

What's Changed

• Remove Alpine reference from trust-root-ca script by @RTann in #530
• RS-322: Unify uninstall commands by @vikin91 in #526
• Update builds to go1.17.2 by @RTann in #537
• Update Ubuntu vuln link by @RTann in #536
• ROX-8450: Extract elf metadata with matcher by @c-du in #535
• Filter out invalid application products by @RTann in #542
• Support Alpine 3.15 by @RTann in #543
• Fix API configuration parsing by @RTann in #534
• ROX-8467: Implement lite-mode by @RTann in #532
• Add scripts for updating certs by @RTann in #549
• ROX-8403: Add Image Analysis API by @RTann in #540
• remove dev license by @RTann in #548
• Filter out CPEs with no product by @connorgorman in #551
• Manually enrich CVE-2021-44228 by @connorgorman in #552
• ROX-8451: Generate dependency graph and derived active components with Debian by @c-du in #541
• Update entry for CVE-2021-44228 by @RTann in #555
• ROX-8779: Fix python attributes panic for author email by @connorgorman in #557
• Remove rpm rebuild logic due to supporting RHEL-based images only by @connorgorman in #558
• Manually add CVE-2021-45046 by @RTann in #560
• ROX-8766: Fix library regex by @c-du in #561
• Add namespace to image analysis results by @RTann in #559
• Update Genesis Manifest by @RTann in #564
• RS-369: Move artifacts to GCS by @gavin-stackrox in #563
• Update CVE 2021-44228 and CVE-45046 by @RTann in #566
• Create models_language file to separate language functions out by @RTann in #567
• Update rox-ci-image to 0.3.21 by @vikin91 in #550
• Update CVE-2021-45046 score to 9.0 by @RTann in #568
• ROX-8153: Support dynamic library dependency for rpm and RHEL by @c-du in #547
• ROX-8155: Generate exec and library dependencies for Alpine by @c-du in #546
• Add CVE-2021-45105 by @RTann in #569
• lite -> slim by @RTann in #570
• ROX-8697: Vulnerability Matching API by @RTann in #556
• Rename protobuf path for external usability by @RTann in #574
• extract note and image from image_scan_service.proto by @RTann in #575
• Update manual entries for log4j CVEs by @RTann in #573
• add FixedBy to proto Feature by @RTann in #576
• ROX-8468: Create "slim" images by @RTann in #544
• Update log4j entries by @RTann in #580
• Update rox-ci-image to 0.3.24 by @Roxbot in #581
• ROX-8896: Close ELF file after getting metadata by @c-du in #583
• GetMetadataIfELFExecutable --> GetMetadata by @RTann in #584
• ROX-8803: Resolve symbolic links before checking the files map by @c-du in #577
• Update rox-ci-image by @Roxbot in #585
• Store profile even if scale tests fail by @RTann in #588
• Don't save .so file contents in files map by @connorgorman in #590
• Be more conservative about closing bodies/ReadClosers by @misberner in #594
• Adaptively allocate in lazy_reader by @connorgorman in #591
• Remove unused Extract function by @RTann in #596
• Improve http.Transport hygiene by @misberner in #595
• Update Genesis Dump by @RTann in #597

New Contributors

• @vikin91 made their first contribution in #526

Full Changelog: 2.21.0...2.22.0

2.21.3

• Filter out invalid application products (#542)
• Filter out CPEs with no product (#551)

2.21.2

• Fix python attributes panic for invalid author email

2.21.1

• Update Genesis Manifest to embed CVE-2021-44228 and CVE-2021-45046 in the database from the start.

2.21.0

• Rewrite language analyzers to operate in a streaming fashion (#506)
• ROX-7171: Check specific language or empty in post validation (#513)
• Change base image to UBI 8.5 (#521)
• ROX-8396: Make Central the single-source of vuln updates (#512)
• Update PG download to RHEL 8.5 (#522)
• Support Ubuntu 21.10 (#524)