Added Features
- Add string severity to db search json results [#2730 @wagoodman]
- Add package specifier overrides for
kb,dpkg, andapkg[#2742 @westonsteimel]
Bug Fixes
- show related NVD records for non-NVD matches [#2755 @kzantow]
- assume that a vulnerability with no ranges is always vulnerable [#2759 @wagoodman]
- DB should hydrate for when the client has new features [#2758 @wagoodman]
- show relationship back to NVD for all CVE ids [#2756 @westonsteimel]
- properly escape CPE segments [#2731 @kzantow]
- msrc matcher should search by package ecosystem, not by distro [#2748 @westonsteimel]
- Grype does not report any vulnerabilities for CPEs with target_sw field set to value that does not correspond to known package type [#2768 #2772 @willmurphyscode]
- malformed CPE in grype db search output [#2767 #2769 @westonsteimel]
- vex documents from the --vex flag do get processed or applied to the output correctly [#1836 #2741 @willmurphyscode]
Additional Changes
- replace deprecated GoReleaser configurations [#2729 @emmanuel-ferdman]
- specify types for all match details [#2762 @wagoodman]
- Refactor the version package [#2735 @wagoodman]
Contributors
wagoodman, westonsteimel, and 3 other contributors