Help shape the future of Grype! Share your thoughts in our quick 5-question survey. Your feedback will guide our development priorities and help us better serve your needs. Thank you!
Release Notes:
Version v0.95.0
Added Features
- Add string severity to db search json results #2730 @wagoodman
- Add package specifier overrides for
kb
,dpkg
, andapkg
#2742 @westonsteimel
Bug Fixes
- show related NVD records for non-NVD matches #2755 @kzantow
- assume that a vulnerability with no ranges is always vulnerable #2759 @wagoodman
- DB should hydrate for when the client has new features #2758 @wagoodman
- show relationship back to NVD for all CVE ids #2756 @westonsteimel
- properly escape CPE segments #2731 @kzantow
- msrc matcher should search by package ecosystem, not by distro #2748 @westonsteimel
- Grype does not report any vulnerabilities for CPEs with target_sw field set to value that does not correspond to known package type #2768 #2772 @willmurphyscode
- malformed CPE in grype db search output #2767 #2769 @westonsteimel
- vex documents from the --vex flag do get processed or applied to the output correctly #1836 #2741 @willmurphyscode
Additional Changes
- replace deprecated GoReleaser configurations #2729 @emmanuel-ferdman
- specify types for all match details #2762 @wagoodman
- Refactor the version package #2735 @wagoodman