What's Changed

• Rename ProductDependency is_resolved to is_pinned #189 by @tdruez in #190
• Upgrade the RQ stack to latest version by @tdruez in #197
• Upgrade HTMX to version 2.0.3 by @tdruez in #198
• Store and display new Package.risk_score field in the UI by @tdruez in #194
• Add ProductVulnerabilityAnalysis model implementation #98 by @tdruez in #187
• Add ability to select affected products for analysis data propagation by @tdruez in #201
• Add ldap as requirements for dev install doc by @pombredanne in #204
• Update makefile and docs for dev setup by @pombredanne in #205
• Add vulnerabilities REST API endpoint #104 by @tdruez in #203
• Add is_reachable field on the VulnerabilityAnalysis model #103 by @tdruez in #206
• Refine the available settings for RQ_QUEUES #103 by @tdruez in #208
• Add override_unknown option in update_from_data method #202 by @tdruez in #209
• Update "unknown" ProductPackage.license_expression from Package #202 by @tdruez in #211
• Add vulnerabilities_risk_threshold fields #97 by @tdruez in #210
• Add reference documentation about Vulnerability Management #109 by @tdruez in #212
• Implement the CSAF VEX output view #107 by @tdruez in #213
• 110 tutorial vulnerabilities by @tdruez in #217
• Add exposure_factor field to the ProductItemPurpose model #102 by @tdruez in #218
• Add vulnerabilities notification #106 by @tdruez in #220
• Fix error when Request comment contains curly braces by @tdruez in #224
• Fix minor typo in SBOM load form by @pombredanne in #228
• Add a new "Working with SBOMs in a Product" tutorial #225 by @tdruez in #231
• Add a new "Create a Product Vulnerability Report" tutorial #226 by @tdruez in #232
• Dependencies upgrade by @tdruez in #246
• Use the "disable" label in place of "delete" in User admin #245 by @tdruez in #247
• Truncate the display of very long PURLs #227 by @tdruez in #248
• Enable the delete_selected action on RequestTemplateAdmin #243 by @tdruez in #259
• Add user time zone and use consistent rendering of date across the app #240 by @tdruez in #260
• Django 5.1.x by @tdruez in #261
• Fix package usage policy not getting set automatically from the license #200 by @tdruez in #262
• Upgrade multiple dependencies to their latest versions by @tdruez in #265
• Create missing Owner from the Product/Component form #239 by @tdruez in #264
• Add "Find vulnerabilities" workflow based on scancode-action by @tdruez in #267
• Refine the consistency of Product import actions #241 by @tdruez in #268
• Refine the GitHub workflows by @tdruez in #269
• Use deterministic UID/GID in Dockerfile #230 by @tdruez in #270
• Improve Evaluation Sign Up UX #233 by @tdruez in #274
• Add "CRAVEX support in DejaCode" reference documentation #242 by @tdruez in #277
• Fix the ProductDependencyAdmin form by @tdruez in #287
• Add PURL fragment search in ProductDependencyAdmin #286 by @tdruez in #288
• Fix an issue with urlize_target_blank when the URL contains curly braces by @tdruez in #292
• Replace hCaptcha with Altcha #235 by @tdruez in #278
• Upgrade Django to latest 5.1.8 security release by @tdruez in #294
• Add the ability to download Product "Imports" input file by @tdruez in #296
• Fix the unique_together_lookups in import_package #295 by @tdruez in #298
• Prevent the creation of duplicated "resolved" dependencies during imp… by @tdruez in #299
• Refactor the package lookups into a function #295 by @tdruez in #300
• Improve exception support in improve_packages_from_purldb task #303 by @tdruez in #304
• Add a new "Package Set" tab to the Package details view #276 by @tdruez in #305
• Add the ability to delete a Scan from Product inventory #222 by @tdruez in #281
• Refine get_purldb_entries to compare on plain PURL #307 by @tdruez in #308
• Release v5.3.0 by @tdruez in #309

Full Changelog: v5.2.1...v5.3.0