Skip to content

Releases: CERTCC/VINCE

Version 2.1.6

25 Oct 19:18
c7f5391
Compare
Choose a tag to compare

ixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page
Dependabot update recommendations: urllib3 1.26.12 to 1.26.18
Fixed bug that obstrcuted case assignment process for VINCETrack users with identical preferred usernames
Adjusted code for asynchronous loading on ticket page to ensure it works on all ticket pages, including case request tickets
Set up periodic autorefresh feature for VINCE Track ticket page
Reformulated misleading UI labels for case transfer request process
Resolved Issue by simpifying/correcting search code & disambiguating labels in report views
Added AI/ML systems checkbox to public & VINCE Comm vul report form, routing of AI/ML-related tickets

Version 2.1.5

21 Sep 23:16
b71081b
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v2.1.2...v2.1.5

VINCE v2.1.2

12 Jun 18:24
bdce39e
Compare
Choose a tag to compare
  • VinceTrack CaseView,VinceCommUserView updated for Asynchronous calls for tab-based browsing.
  • Fixed GH Issue #111 PDF Links not working
  • Updated Vendor approval workflow with time lapse of 2 weeks of no-response from Vendor Admin
  • Fix bounce issues of creating tickets for dead/disabled users.
  • Dependabot security recommendations PyPi cryptography 39.0.1 to 41.0.0, requests 2.281 to 2.31.0, django-ses from 3.2.2 to 3.5.0
  • Fixed vincepubviews multiple choice field Years to be dynamic

VINCE v2.1.1

17 May 19:46
dd211fd
Compare
Choose a tag to compare

Version 2.1.1 2023-05-02

  • Security updates fixing a number of dependencies - sqlparse, redis (GHSA-rrm6-wvj7-cwh2,CVE-2023-28859,CVE-2023-28858)
  • Updates (UAR) workflow for User joining Vendor Group GH Issue #94
  • INL Code updates to perform Product/Version for CVE records GH PR #104
  • INL Code updates for PDF download of VulNote GH PR #104
  • Async requests for VinceTrack Contacts to reduce page wait times
  • Check for Bounces before sending emails from vince/mailer.py
  • Add TERMS_URL to ensure Terms & Conditions are flexible
  • Fix CVSS Translator GH Issue #105
  • Check for notification-only addresses and provide error on Signup

VINCE v2.0.7

30 Mar 20:35
9728c05
Compare
Choose a tag to compare
  • Security updates Django to 3.2.18 CVE-2023-24580
  • Remove python-futures (no longer used) GH Issues #91 #90 (Dependabot)
  • Support User Approve Request (UAR) new workflow for User joining Vendor Group GH Issue #94
  • Allow Tracking ID's to be added to Cases when user belongs to multiple groups (CaseTracking) reported by VINCE user.
  • Move from initial to instance on Form Class inits() to modify existing data in Models/Forms pair
  • Move more browser UI information to async data requests, less templates.
  • Remove marquee, command and style tags from supported markdown_helpers lib.vince.markdown_helpers - reported by VINCE user.

What's Changed

Full Changelog: v2.0.6...v2.0.7

VINCE v2.0.6

30 Mar 20:34
2bed565
Compare
Choose a tag to compare
  • Removed Edit Vulnerability button superfluous GHIssue #77
  • Updates to CVE publish buttons and automatic close of CVE modal on error
  • Modify CVEAffectedProduct.version_affected vince models.py for CVE5JSON
  • Bug fix newcomment not new_comment in vince/views.py
  • Add "Notify anyway" button routine for already notified vendor.

What's Changed

Full Changelog: v2.0.5...v2.0.6

VINCE v2.0.5

30 Mar 20:32
9ff7d0f
Compare
Choose a tag to compare
  • Update to CVE2.1 Services Publish using CVE5 JSON
  • More Async functions for vendor status views
  • Added more common libraries to lib/vince/utils
  • Added a mute_lib.py to support mute a Case for a user in automated way
  • Fixed a number of small bugs in max length in FORM submissions and S3 sensitive filenames

Also includes changes from 2.0.4 2022-12-20

  • Added Filter to CaseView in VinceComm
  • Addition of more Async functions for non-interactive queries
  • Fixing of slow performance on allvendors view to use Django Aggregate and Filter/Q functions
  • Friendly errors and fixes for logging to add IP address of remote client

What's Changed

Full Changelog: v2.0.3...v2.0.5

VINCE v2.0.3

30 Mar 20:30
d0dbbc9
Compare
Choose a tag to compare
  • Major upgrade to Django 3.2 LTS target end by 2024. Fixes related to Django upgrade in all libraries.
  • Added new QuerySet Paging library for performance extend chain with chains for QuerySet
  • Asynchronous calls for most vinny/views via JSON through asyncLoad class
  • Provide API Views 404 with JSON generic error
  • Allow Session or API Token authentication to support API access from browser
  • Provide better HTML text on access/permission violations by User.
  • Fixes to CVE management API with CVE services 2.1 and CVEJSON5 support
  • CSAF enchancements including TLP setup. Pending Customer engagement details publishing.
  • Fix number of logging to include relevant data as part of log message

What's Changed

Full Changelog: v1.50.6...v2.0.3

VINCE v1.50.6

30 Mar 20:29
11a590c
Compare
Choose a tag to compare
  • Allow Vendor Association when Ticket is associated with a Case
  • Adding Download HTML per INL request GH Issue #60
  • Avoid Alert severity colors to buttons that don't do deletes/sensitive actions - UI feedback.
  • Show MFA type for users in VinceTrack to support troubleshooting Users
  • Catch errors on failure to email when a Post is submitted.

What's Changed

Full Changelog: v1.50.5...v1.50.6

VINCE v1.50.5

30 Mar 20:28
213dcd9
Compare
Choose a tag to compare
  • Updates to settings_.py to match public GitHub
  • UI tweaks for Loading div, asynchronous search via delaySearch
  • Add Access-Control-Origin header to CSAF output for Secvisogram
  • Fix Python Pickle Code Injection vulnerability reported by Rapid7 researcher Marcus Chang CVE-2022-40238
  • Address reported failure with better error reporting from Encrypt-and-Send
  • Avoid TimeZone spurious warning errors flooding logs

What's Changed

Full Changelog: v1.50.4...v1.50.5