Releases: CERTCC/VINCE
Version 2.1.6
ixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page
Dependabot update recommendations: urllib3 1.26.12 to 1.26.18
Fixed bug that obstrcuted case assignment process for VINCETrack users with identical preferred usernames
Adjusted code for asynchronous loading on ticket page to ensure it works on all ticket pages, including case request tickets
Set up periodic autorefresh feature for VINCE Track ticket page
Reformulated misleading UI labels for case transfer request process
Resolved Issue by simpifying/correcting search code & disambiguating labels in report views
Added AI/ML systems checkbox to public & VINCE Comm vul report form, routing of AI/ML-related tickets
Version 2.1.5
What's Changed
- Assert expected behavior when handling a bounce when all bounced reci… by @qwestduck in #116
- Bump django from 3.2.19 to 3.2.20 by @dependabot in #117
- Bump cryptography from 41.0.0 to 41.0.2 by @dependabot in #118
- Upgrade to version 2.1.3 by @sei-vsarvepalli in #121
- Updates to 2.1.4 by @sei-vsarvepalli in #123
- VINCE upgrade to 2.1.5 by @sei-vsarvepalli in #124
New Contributors
- @qwestduck made their first contribution in #116
Full Changelog: v2.1.2...v2.1.5
VINCE v2.1.2
- VinceTrack CaseView,VinceCommUserView updated for Asynchronous calls for tab-based browsing.
- Fixed GH Issue #111 PDF Links not working
- Updated Vendor approval workflow with time lapse of 2 weeks of no-response from Vendor Admin
- Fix bounce issues of creating tickets for dead/disabled users.
- Dependabot security recommendations PyPi
cryptography
39.0.1 to 41.0.0,requests
2.281 to 2.31.0,django-ses
from 3.2.2 to 3.5.0 - Fixed vincepubviews multiple choice field Years to be dynamic
VINCE v2.1.1
Version 2.1.1 2023-05-02
- Security updates fixing a number of dependencies - sqlparse, redis (GHSA-rrm6-wvj7-cwh2,CVE-2023-28859,CVE-2023-28858)
- Updates (UAR) workflow for User joining Vendor Group GH Issue #94
- INL Code updates to perform Product/Version for CVE records GH PR #104
- INL Code updates for PDF download of VulNote GH PR #104
- Async requests for VinceTrack Contacts to reduce page wait times
- Check for Bounces before sending emails from vince/mailer.py
- Add TERMS_URL to ensure Terms & Conditions are flexible
- Fix CVSS Translator GH Issue #105
- Check for notification-only addresses and provide error on Signup
VINCE v2.0.7
- Security updates Django to 3.2.18 CVE-2023-24580
- Remove python-futures (no longer used) GH Issues #91 #90 (Dependabot)
- Support User Approve Request (UAR) new workflow for User joining Vendor Group GH Issue #94
- Allow Tracking ID's to be added to Cases when user belongs to multiple groups (CaseTracking) reported by VINCE user.
- Move from initial to instance on Form Class inits() to modify existing data in Models/Forms pair
- Move more browser UI information to async data requests, less templates.
- Remove
marquee
,command
andstyle
tags from supported markdown_helpers lib.vince.markdown_helpers - reported by VINCE user.
What's Changed
- Version 2.0.6a by @sei-vsarvepalli in #89
- Bump django from 3.2.17 to 3.2.18 by @dependabot in #92
- License, Copyright fixes and dependabot security updates by @sei-vsarvepalli in #93
- Version 2.0.7 updates and enhancements. by @sei-vsarvepalli in #95
Full Changelog: v2.0.6...v2.0.7
VINCE v2.0.6
- Removed Edit Vulnerability button superfluous GHIssue #77
- Updates to CVE publish buttons and automatic close of CVE modal on error
- Modify
CVEAffectedProduct.version_affected
vincemodels.py
for CVE5JSON - Bug fix
newcomment
notnew_comment
invince/views.py
- Add "Notify anyway" button routine for already notified vendor.
What's Changed
- Updates to 2.0.6 related updates by @sei-vsarvepalli in #81
Full Changelog: v2.0.5...v2.0.6
VINCE v2.0.5
- Update to CVE2.1 Services Publish using CVE5 JSON
- More Async functions for vendor status views
- Added more common libraries to lib/vince/utils
- Added a mute_lib.py to support mute a Case for a user in automated way
- Fixed a number of small bugs in max length in FORM submissions and S3 sensitive filenames
Also includes changes from 2.0.4 2022-12-20
- Added Filter to CaseView in VinceComm
- Addition of more Async functions for non-interactive queries
- Fixing of slow performance on allvendors view to use Django Aggregate and Filter/Q functions
- Friendly errors and fixes for logging to add IP address of remote client
What's Changed
- Version 2.0.5 by @sei-vsarvepalli in #80
Full Changelog: v2.0.3...v2.0.5
VINCE v2.0.3
- Major upgrade to Django 3.2 LTS target end by 2024. Fixes related to Django upgrade in all libraries.
- Added new QuerySet Paging library for performance extend chain with chains for QuerySet
- Asynchronous calls for most vinny/views via JSON through asyncLoad class
- Provide API Views 404 with JSON generic error
- Allow Session or API Token authentication to support API access from browser
- Provide better HTML text on access/permission violations by User.
- Fixes to CVE management API with CVE services 2.1 and CVEJSON5 support
- CSAF enchancements including TLP setup. Pending Customer engagement details publishing.
- Fix number of logging to include relevant data as part of log message
What's Changed
- Version 2.0.3 by @sei-vsarvepalli in #76
Full Changelog: v1.50.6...v2.0.3
VINCE v1.50.6
- Allow Vendor Association when Ticket is associated with a Case
- Adding Download HTML per INL request GH Issue #60
- Avoid Alert severity colors to buttons that don't do deletes/sensitive actions - UI feedback.
- Show MFA type for users in VinceTrack to support troubleshooting Users
- Catch errors on failure to email when a Post is submitted.
What's Changed
- Updates to version 1.50.6 by @sei-vsarvepalli in #68
Full Changelog: v1.50.5...v1.50.6
VINCE v1.50.5
- Updates to
settings_.py
to match public GitHub - UI tweaks for Loading div, asynchronous search via delaySearch
- Add Access-Control-Origin header to CSAF output for Secvisogram
- Fix Python Pickle Code Injection vulnerability reported by Rapid7 researcher Marcus Chang CVE-2022-40238
- Address reported failure with better error reporting from Encrypt-and-Send
- Avoid TimeZone spurious warning errors flooding logs
What's Changed
- Version 1.50.5 by @sei-vsarvepalli in #62
Full Changelog: v1.50.4...v1.50.5