Vuls v0.4.0 Release Notes
Release Date: 2017-08-25 // over 6 years ago-
Implemented enhancements:
- Output changelog in report, TUI and JSON for RHEL #367
- ๐ง Output changelog in report, TUI and JSON for Amazon Linux #366
- ๐ Improve scanning accuracy by checking package versions #256
- ๐ Improve SSH #415
- Enable to scan even if target server can not connect to the Internet #258
- SSH Hostkey check #417 (kotakanbe)
- v0.4.0 #449 (kotakanbe)
- ๐ Change default ssh method from go library to external command #416 (kotakanbe)
- โ Add containers-only option to configtest #411 (knqyf263)
๐ Fixed bugs:
- Running Vuls tui before vuls report does not show vulnerabilities checked by CPE #396
- ๐ฆ With a long package name, Local shell mode (stty dont' work) #444
- ๐ Improve SSH #415
- ๐ฆ Report that a vulnerability exists in the wrong package #408
- ๐ฆ With a long package name, a parse error occurs. #391
- ๐ฆ Ubuntu failed to scan vulnerable packages #205
- CVE-ID in changelog can't be picked up. #154
- v0.4.0 #449 (kotakanbe)
- ๐ Fix SSH dial error #413 (kotakanbe)
- โก๏ธ Update deps, Change deps tool from glide to dep #412 (kotakanbe)
- ๐ fix report option Loaded error-info #406 (hogehogehugahuga)
- โ Add --user root to docker exec command #389 (PaulFurtado)
Closed issues:
- ๐ง README.md.ja not include "Oracle Linux, FreeBSD" #465
- โก๏ธ Can't scan remote server - (centos 7 - updated) #451
- An abnormality in the result of vuls tui #439
- compile faild #436
- Can't install vuls on CentOS 7 #432
- ๐ฆ Vuls scan doesn't show severity score in any of the vulnerable packages #430
- Load config failedtoml: cannot load TOML value of type string into a Go slice #429
- โก๏ธ vuls scan not running check-update with sudo for Centos 7 #428
- โ options for configtest not being activated #422
- "could not find project Gopkg.toml, use dep init to initiate a manifest" when installing vuls #420
- go get not get #407
- ๐ณ Failed to scan via docker. err: Unknown format #404
- โก๏ธ Failed to scan - kernel-xxx is an installed security update #403
- 169.254.169.254 port 80: Connection refused #402
- vuls scan --debug cause
invalid memory address
error #397 - ๐ป Provide a command line flag that will automatically install aptitude on debian? #390
๐ Merged pull requests:
- export fill cve info #467 (sadayuki-matsuno)
- โ add oval docker #466 (sadayuki-matsuno)
- ๐ fix typos in commands. #464 (ymomoi)
- โก๏ธ Update README #463 (kotakanbe)
- export FillWithOval #462 (sadayuki-matsuno)
- โ add serveruuid field #458 (sadayuki-matsuno)
- โ add s3 dirctory option #457 (sadayuki-matsuno)
- Extract Advisory.Description on RHEL, Amazon, Oracle #450 (kotakanbe)
- ๐ nosudo on CentOS and Fetch Changelogs on Amazon, RHEL #448 (kotakanbe)
- โก๏ธ change logrus package to lowercase and update other packages #446 (sadayuki-matsuno)
- โ add db backend redis #445 (sadayuki-matsuno)
- โ fast test #435 (sadayuki-matsuno)
- ๐ fix typo #433 (sadayuki-matsuno)
- โ Add support for PostgreSQL as a DB storage back-end #431 (sadayuki-matsuno)
- typo README.js.md #426 (ryurock)
- โ Add TOC to README #425 (kotakanbe)
- ๐ Fixing #420 where lock and manifest have moved to TOML #421 (elfgoh)
- โฑ Define timeout for vulnerabilities scan and platform detection #414 (s7anley)
- โฑ Enable -timeout option when detecting OS #410 (knqyf263)
- โ Remove duplicate command in README #401 (knqyf263)
- ๐ Fix to read config.toml at tui #441 (usiusi360)
- ๐ Change NVD URL to new one #419 (kotakanbe)
- โ Add some testcases #418 (kotakanbe)
Previous changes from v0.3.0
-
Implemented enhancements:
- ๐ Changelog parsing fails when package maintainers aren't consistent regarding versions #327
- ๐ณ Docker scan doesn't report image name #325
- vuls report -to-email only one E-Mail #295
- ๐ Support RHEL5 #286
- Continue scanning even when some hosts have tech issues? #264
- Normalization of JSON output #259
- โ Add report subcommand, change scan subcommand options #239
- scan localhost? #210
- โก๏ธ Can Vuls show details about updateable packages #341
- Scan all containers except #285
- ๐ Notify the difference from the previous scan result #255
- ๐ EC2RoleCreds support? #250
- Output confidence score of detection accuracy and detection method to JSON or Reporting #350 (kotakanbe)
- Avoid null slice being null in JSON #345 (kotakanbe)
- โ Add -format-one-email option #331 (knqyf263)
- ๐ Support Raspbian #330 (knqyf263)
- โ Add leniancy to the version matching for debian to account for versioโฆ #328 (jsulinski)
- โ Add image information for docker containers #326 (jsulinski)
- Continue scanning even when some hosts have tech issues #309 (kotakanbe)
- โ Add -log-dir option #301 (knqyf263)
- ๐ Use --assumeno option #300 (knqyf263)
- โ Add local scan mode(Scan without SSH when target server is localhost) #291 (kotakanbe)
- ๐ Support RHEL5 #289 (kotakanbe)
- โ Add LXD support #288 (jiazio)
- โ Add timeout option to configtest #400 (kotakanbe)
- ๐ Notify the difference from the previous scan result #392 (knqyf263)
- โ Add Oracle Linux support #386 (Djelibeybi)
- ๐ Change container scan format in config.toml #381 (kotakanbe)
- ๐ Obsolete CentOS5 support #378 (kotakanbe)
- ๐ Deprecate prepare subcommand to minimize the root authority defined by /etc/sudoers #375 (kotakanbe)
- ๐ Support IAM role for report to S3. #370 (ohsawa0515)
- โ Add .travis.yml #363 (knqyf263)
- Output changelog in report, TUI and JSON for Ubuntu/Debian/CentOS #356 (kotakanbe)
๐ Fixed bugs:
- ๐ณ Debian scans failing in docker #323
- Local CVE DB is still checked, even if a CVE Dictionary URL is defined #316
- vuls needs gmake. #313
- patch request for FreeBSD #312
- ๐ณ Report: failed to read from json (Docker) #294
- -report-mail option does not output required mail header #282
- PackInfo not found error when vuls scan. #281
- Normalize character set #279
- โก๏ธ The number of Updatable Packages is different from the number of yum check-update #373
- โก๏ธ sudo is needed when exec yum check-update on RHEL7 #371
123-3ubuntu4
should be marked as ChangelogLenientMatch #362- ๐ฆ CentOS multi package invalid result #360
- โก๏ธ Parse error after check-update. (Unknown format) #359
- ๐ Fix candidate to confidence. #354 (kotakanbe)
- ๐ Bug fix: not send e-mail to cc address #346 (knqyf263)
- ๐ Change the command used for os detection from uname to freebsd-version #340 (kotakanbe)
- ๐ Fix error handling of detectOS #337 (kotakanbe)
- ๐ Fix infinite retry at size overrun error in Slack report #329 (kotakanbe)
- 0๏ธโฃ aptitude changelog defaults to using more, which is not interactive aโฆ #324 (jsulinski)
- Do not use sudo when echo #322 (knqyf263)
- โฌ๏ธ Reduce privilege requirements for commands that don't need sudo on Ubuntu/Debian #319 (jsulinski)
- Don't check for a CVE DB when CVE Dictionary URL is defined #317 (jsulinski)
- ๐ Fix typo contianer -> container #314 (justyns)
- ๐ Fix the changelog cache logic for ubuntu/debian #305 (kotakanbe)
- ๐ Fix yum updateinfo options #304 (kotakanbe)
- โก๏ธ Update glide.lock to fix create-log-dir error. #303 (kotakanbe)
- ๐ Fix a bug in logging (file output) at scan command #302 (kotakanbe)
- โ Add -pipe flag #294 #299 (kotakanbe)
- ๐ Fix RHEL5 scan stopped halfway #293 (kotakanbe)
- ๐ Fix amazon linux scan stopped halfway #292 (kotakanbe)
- ๐ Fix nil-ponter in TUI #388 (kotakanbe)
- ๐ Fix Bug of Mysql Backend #384 (kotakanbe)
- ๐ Fix scan confidence on Ubuntu/Debian/Raspbian #362 #379 (kotakanbe)
- ๐ Fix updatalbe packages count #373 #374 (kotakanbe)
- โก๏ธ sudo yum check-update on RHEL #372 (kotakanbe)
- ๐ Change ssh option from -t to -tt #369 (knqyf263)
- Increase the width of RequestPty #364 (knqyf263)
Closed issues:
- โ vuls configtest --debugใsudoใฎใใงใใฏใงๆญขใพใฃใฆใใพใ #395
- โ Add support for Oracle Linux #385
- error on install - Ubuntu 16.04 #376
- Unknown OS Type #335
- mac os 10.12.3 make install error #334
- assumeYes doesn't work because there is no else condition #320
- Debian scan uses sudo where unnecessary #318
- โ Add FreeBSD 11 to supported OS on documents. #311
- ๐ณ docker fetchnvd failing #274
- โ Latest version of labstack echo breaks installation #268
- fetchnvd Fails using example loop #267
๐ Merged pull requests:
- ๐ fix typo in README.ja.md #394 (lv7777)
- โก๏ธ Update Tutorial in README #387 (kotakanbe)
- ๐ Fix README #383 (usiusi360)
- s/dictinary/dictionary typo #382 (beuno)
- ๐ Fix Japanese typo #377 (IMAI-Yuji)
- ๐ Improve kanji character #351 (hasegawa-tomoki)
- Add PULL_REQUEST_TEMPLATE.md #348 (knqyf263)
- โก๏ธ Update README #347 (knqyf263)
- ๐ Fix test case #344 (kotakanbe)
- ๐ Fix typo #343 (knqyf263)
- ๐ Rename Makefile to GNUmakefile #313 #339 (kotakanbe)
- โก๏ธ Update README #338 (kotakanbe)
- โ add error handling #332 (kazuminn)
- โก๏ธ Update readme #308 (lapthorn)
- โก๏ธ Update glide.lock to fix import error #306 (knqyf263)
- Check whether echo is executable with nopasswd #298 (knqyf263)
- โก๏ธ Update docker README #297 (knqyf263)
- โก๏ธ update readme #296 (galigalikun)
- โ remove unused import line. #358 (ymomoi)