This is minor fix correcting a wrong validation test around the name and version of the engine.

What's Changed

• fix: engine is invalid when name is missing by @benja-M-1 in #710
• Update 3rd party libraries in #711

New Contributors

• @benja-M-1 made their first contribution in #710

Full Changelog: v3.5.0...v3.5.1

ROLIE feed entries are extended to map all defined optional properties. This enables to parse the category properties of ROLIE entries again, which was broken since v3.4.0 by stricter checks. (The BSI feed is a prominent example of using the these properties.)

Commit history: v3.4.0...v3.5.0

What's Changed

• provider-setup.md: Fix create URL in curl command by @wagner-intevation in #670
• Fix #669 in #671
• Fix csaf checker listed check #674
• fix minor docs typo in #667
• Doc: Highlight the reason for the rate options existence in #662
• improve docs/csaf_downloader.md (minor) time_range in #675
• Add arm64 builds for windows and linux in #663
• improve calculated version numbers in #651
• improve docs (minor) for csaf_provider in #668
• Remove unnecessary URL joins in #676
• fix doc comment: remove untrue claim of disallowing unknown fields by @mgoetzegb in #677
• fix incorrect usage of formatted string by @mgoetzegb in #678
• Rename workflow go_legacy to "Go Test (oldstable)" in #680
• Re-add unknown fields check by in #681
• Improve LoadCertificate unit test in #692
• upgrade dependencies, including go in #695
• fix: Documentation about supported options in #697
• silence revive linter warnings in #696

New Contributors

• @wagner-intevation made their first contribution in #670

Full Changelog: v3.3.0...v3.4.0

What's Changed

• Stricter JSON-parsing disallowing trailing data in #655
• Use folder name as version if git describe failed in #650
• csaf_checker: Always generate report by in #647
• Check if canonical url prefix is valid in #633
• Print warning if no config file was found in #656

Full Changelog: v3.2.0...v3.3.0

This a mainly a bug fix release (mostly memory leaks and broken URLs) over the last version.
We also add some usage examples and improved the checker.

What's Changed

• fix: Content-Type header for JSON responses (minor) in #605
• Fix typo in error message in #611
• Warn if no remote validator was specified in #602
• Add Apache 2.0 license to root folder in #599
• Update README.md to exchange csaf.io until it is fixed in #612
• Errors for lookup checks in #613
• update runner for release to 22.04, other actions and go version, thus also newer glibc in #615
• Add example for iterating product id and product helper in #617
• Add documentation for externally signed documents in #619
• Fix potential leak of HTTP response body in downloadJSON in #618
• Improve SHA* marking in #554
• Report error in checker if content type is not correct in #621
• Compare changes dates by in #609
• feat: add access-control-allow-origin header in #624
• Move advisory downloading to download context method in #625
• Extend structured logging usage in aggregator in #622
• Update lint by in #626
• Avoid memory leak by in #629
• Fix aggregator URL handling in #631

New Contributors

• @marcusperlick made their first contribution in #618

Full Changelog: v3.1.1...v3.2.0

Release 3.1.1

• ensure HTTP requests use proxy env vars (Thanks to @ncsc-ie-devs)

Release 3.1.0

• The repository has been moved to github.com/gocsaf/csaf and thus uses a new go module path.
• Uses a custom HTTP user-agent header by default.
• Avoids a race condition when downloading in parallel (#546).
• Turns missing an OpenPGP fingerprint into a warning (#555).
• Checking several domains in one command line call works better (#523).
• Utilizes currently maintained go version 1.22 (#573).
• Switched licenses of original content from MIT to Apache2.0.
• 13 Issues were closed.
• 28 PRs were merged.

Highlights

• Require only Go 1.20 (was Go 1.21) to support broader library usage.
• Fixed time filtering when downloading advisories.
• Added support for legacy security.txt location.
• Added function to find product identification (Thanks to @juan131)
• Smaller improvements in the documention.

PRs

• #519 Advisories: Time filter download by 'updated' field in ROLIE entries.
• #516 Go 1.20 compat: Remove usage of slices in enum generator.
• #514 Support Go 1.20
• #513 Older version
• #512 Downloader: Add tlp label to path if no custom directory is configured. Refactor accordingly
• #510 Add GH Action execution on PRs
• #506 PMD: Support legacy security.txt location as fallback.
• #505 feat: Add function to find^ product identification helpers inspecting the tree
• #502 docs: underline that we are not offering an API yet
• #501 docs: move link to final CSAF 2.0 in README

Highlights

• Breaking: All command line and configuration file options are now unified to use snake_case notation.
  You may need to update your configuration files or calling shell scripts.
• Add a model to serialize/deserialize advisories.
• Add an example how to use this to find PURLs by product IDs.
• Use our own fork of the JSONPath library as upstream patches are still pending.
• Improve the docs.
• Add community support for building the tools on macOS (thanks to @fjd-anh).

PRs

• #502: docs: underline that we are not offering an API yet
• #501: docs: move link to final CSAF 2.0 in README
• #499: API examples: Improved wording in examples/README.md
• #498: Convert a lot of command line arguments to snake case
• #497: API: Fix pattern matching of purls and document categories in advisory model
• #496: Dependencies: Update 3rd-party dependencies
• #495: Docs: Fix link to development doc page.
• #493: Docs: Add Development.md
• #492: Checker: Fix doc of TOML config of validator
• #490: Use Intevation's JSONPath fork
• #489: API examples: move csaf_searcher to a lower prio place
• #483: Time ranges: Accept days, months and years
• #482: docs: improve timerange documentation
• #481: Fix: improve logging for downloader and aggregator
• #476: Add build for macOS
• #475: Schema validation: Add AssertFormat flag to schema compiler
• #473: Adding advisory model

Highlights

• This is a mainly a bug fix release with no new features.
• The documentation was slightly improved.
• The unit test coverage for the new parts of the downloader was extended.
• The used third party libraries were brought up to date.

PRs

• #470: Downloader: unit test forwarder
• #475: Schema validation: Add AssertFormat flag to schema compiler
• #472: Checker: Fix year folder check
• #469: docs: update main README
• #468: Update 3rd-party dependencies