search

ZOSOpenTools / meta

Meta repository to tie together the various underlying z/OS Open Source tools repositories here
https://zosopentools.github.io/meta/
Apache License 2.0
37 stars 25 forks source link

Add links to releases and latest releases on vulnerabilities docs page #781

Closed KeplerBoyce closed 3 weeks ago

KeplerBoyce commented 3 weeks ago

Closes #777.

Adds links to each package release and the latest releases on the vulnerabilities docs page. This also adds notes under vulnerabilities that can be resolved by upgrading to the latest version.

Example:

vulns

KeplerBoyce commented 3 weeks ago

Also, the osv.dev api no longer returns any vulnerabilities for those three packages (caddy, logrotate, and grafana) which previously returned vulnerabilities. This seems like it might have been a bug in the osv.dev api, as the versions of the packages shouldn't be affected by those CVEs (e.g. grafana build 2266 used grafana version 10.4.2, but the CVE says it only affects up through version 7.0.1. I just used the previous zopen_vulnerability.json that had CVEs for those three packages to see an example of what the markdown would look like.

IgorTodorovskiIBM commented 3 weeks ago

Great additions!

v1gnesh commented 3 weeks ago

If possible, please add placeholders to begin using package names in this format. Either in this PR or later. Example: zstd-1.5.5-4.zos.s390x.pax.zst