Releases: guacsec/trustify
Releases · guacsec/trustify
0.5.0-beta.2
Changelog
v0.5.0-beta.2 (2026-04-20)
⚠ BREAKING-CHANGE
- Querying for NULL fields is now achieved using anASCII NUL value, percent-encoded as %00, instead of the literal string
"null".
Features
- add ability to retrieve scores of authoritative advisory (d7b7c73)
- server: add OIDC_LOAD_USER configuration support (d24c0ae)
- API endpoint for fetching an SBOM's AI models (010de0d), closes #2254
- add support for CSAF advisories with CPE-based product IDs instead of PURLs
(5e0d887) - advisory’s query and pruning functionality (e02553a)
- SBOM pruning functionality (50b9e82)
- add btrfs and squashfs tools to the xtask image (d83bec6)
- Add unit tests for the command. (bd592f1)
- Completed the SBOM delete logic and added unit tests. (cedc894)
- add auth token command (203f814)
- implement sbom cli (0ed8e5f)
- implement SBOM group assignments during upload (8420281)
- implement SBOM group assignments (24b7e46)
- add xz to the xtask container (083ccfe)
- ingest cryptographic assets into the database (1423a9b), closes #2198
- ingest AI components into the database (b0606c0), closes #2199
- ingest & expose CSAF remediation data in API (9a62e32)
- support querying fields containing the literal string, "null" (cc7472d),
closes #2230 - add SBOM group permissions (5b6ffc9)
- migrate API consumers to read from advisory_vulnerability_score table
(2d72cb1), closes #1913 - include all scores in PurlStatus (015cb9e)
- reduce psql noise in build/test output (4212d2b)
- Better support for CycloneDX component types (06364ad), closes #2205
- implement osv vector parsing (e88c7a5)
- use cvss library to parse cve scores (cee5371)
- ingest scores (0bcac1e)
- allow spreading load across runners (35ee026)
- add way to run data migrations from main binary (73685c7)
- add a way to run data migrations individually (b951eb4)
- allow running data migrations as part of migrations (0be9473)
- Fix ENV variable in helper conf (63dc503)
- search by all CPE components in analysis queries (b6c3137)
- include AdvisoryHead in PurlStatus (b10c2f1)
- process reference loops gracefully (2ba8e4a)
- add version range to purl status (53e6492)
- delete orphaned PURLs (TC-3020) (ea316fe)
- refactor from suggestion and update docs (ae42f03)
- allow arbitrary devmode clientids (26c4b69)
- allow dump generator to consume files directly (d4b9f50)
- api: recommendations api (fac608a)
- license filter consistent for SBOM packages tab (8f4eaba)
- Add support for aibom and cbom detection (2c357b0)
- disable GC for orphaned packages by default (df18dbb)
- fundamental: return all scores in addition for sbom advisories
(a6381d2) - enhance correlation for SBOMs without CPE (8f4bacb)
- SBOM license filtering with refactoring for SBOM and PURL services (TC-2832)
(340528b) - license list endpoint with filtering (TC-2922) (97eb2a4)
Fixes
- inherit information for workspace (62993e0)
- handle a case where scores where requested but not present (5d6132c)
- validate CVSS v2 score range (0ca2293)
- apply UNION subquery license filter fix to SBOM endpoints (0ddb8ca)
- create an index actually on advisories (be6c068)
- increase performance of "list sbom" (bedbcb7)
- scope product_ids in remediations to the specific CPE of that vulnerability
(dc92da7) - update cvss-rs version to 0.3.0 to resolve parsing issues (fa9cdfd)
- recursion limit issue (309aca3)
- license: add missing test data file for partial LicenseRef- match test
(TC-3591) (dd31dae) - license: prevent partial LicenseRef- matches in license expression
expansion (TC-3591) (a26b814) - container: install tzdata for xtask container (6ff50ba)
- implement numeric sorting for vulnerability IDs (8e912cf), closes #1811
- accept SHA-256 identifiers in SBOM packages and related endpoints (0f779a8)
- migration: add PARALLEL SAFE to version_matches function in m0002080
(3ebda89) - align openapi.yaml spec to actual response of read sbom group (43287b2)
- fundamental: return IDs instead of names when returning parents
(c63d7fc) - add an SBOM revision field (a1d5cbe)
- entity: fix the sbom -> sbom_group relationship (94123a4)
- validate labels (218dfc6)
- add APIs for managing group assignments after uploading (518ba14)
- ensure %2F in purl names is handled properly (665f115), closes #2146
- skip inserting when empty, leads to faulty SQL (73f30f3)
- metrics matching routes with path params first (809b6d4)
- add CPE part to context to fix failing test (c1422ef)
- add 'purl:type' alias to context to fix failing test (606b919)
- deduplicate vulnerabilities in recommend endpoint (eaaf627)
- analysis: resolve the ancestor loading (d0660a1)
- add missing sbom_node FROM clause (1f839ab)
- reinstate original /v2/vulnerability/analyze and introduce
/v3/vulnerability/analyze (6b9d483) - Add missing build context (ac5e846), closes #2136
- more resilient model shape matching & tests (9d2ec6b)
- deduplicate (advisory,version range) (7af434e)
- upgrade cve library to support 5.2 scheme version (77e02e6)
- add OrganizationCreator to fix deadlock (TC-3176) (d0ad528)
- SBOM and Vulnerability deadlocks fix (TC-3176) (68b8b26)
- ensure content is fully written (04612b9)
- SBOM details filters out the deprecated advisories (TC-3191) (8af5206)
- PurlStatusCreator to take PurlStatusEntry ownership (TC-3152) (f7f88ad)
- PurlStatusCreator to avoid package ingestion race condition (TC-3152)
(5bf2651) - package ingestion race condition (TC-3152) (ede909e)
- remove check for previously ingested SBOM from gensbom script (80947f5)
- avoid formatting errors with query markdown docs (87c7df4), closes #2081
- PurlCreator::create race condition (TC-3152) (2381bef)
- remove useless async from SbomStatus::new (TC-3085) (330d696)
- optimize data in memory (TC-3085) (9457862)
- add log to track pre-fetched data (TC-3085) (053ca39)
- DatabaseExt as a blanket implementation on TransactionTrait (TC-3085)
(62ad6ba) - remove DB stream usage (TC-3085) (d9a5005)
- make GET endpoint working with repeatable read transaction (TC-3085)
(583dc19) - update TRUSTD_DEVMODE_ADDITIONAL_CLIENTS env var (1ae7fd2)
- more scalable license filtering condition (TC-3006) (4c07d4a)
- metrics: add DefaultRootRouteFormatter for empty paths (0218951)
- analysis: properly escape when exporting to graphviz (a79f708)
- ingestor: also consider direct versions (0c73c44)
- source document id must be non-null (877a6b8)
- VersionedPurlStatus doesn't find the status (ce1537c)
