Releases: quay/claircore
Releases · quay/claircore
v1.5.48 Release
v1.5.47 Release
v1.5.46 Release
v1.5.45 Release
v1.5.44 Release
v1.5.43 Release
v1.5.43 - 2025-09-29
-
enrichment: don't consider vulnerability.Description for enrichments
Descriptions can often refer to different CVEs or multiple CVEs to the actual CVE that is associated to the vulnerability leading to erroneous scores. We should only consider the Name and Links fields. -
postgres: better GetEnrichments query
The new query is in "normal" `JOIN`-and-`WHERE` form and does not use the `latest_update_operations` view. In testing, this was much quicker to execute.
v1.5.42 Release
v1.5.41 Release
v1.5.41 - 2025-09-18
- rpm: fix use of
unique.Handlepinningfs.FSPrevious code wouldn't allow memory resources to be reclaimed and could lead to excessive memory consumption by the indexer in v1.5.40.
v1.5.40 Release
v1.5.40 - 2025-09-16
-
vex: account for new VEX RPM module logic
The Red Hat security data team are updating how modules are represented in VEX files, this change accounts for that update. Specifically, module relationships are no longer formally expressed through VEX relationships but rather as PURL qualifiers. -
cvss: switch to NVD 2.0 JSON feeds
NVD deprecated their 1.1 JSON feed which claircore relied on for CVSS enrichment data. This change updates the CVSS enricher updater to use the 2.0 feeds.
v1.5.39 Release
v1.5.39 - 2025-06-12
- chore: upgrade from pgx v4 to v5
In July 2025 v4 will reach end of life. This change updates claircore to use v5.