Vulnerability-Lookup 2.11.0 released

We’re excited to announce the release of Vulnerability-Lookup 2.11.0 — and it comes with a major milestone for decentralized vulnerability publication!

What’s New

GCVE-BCP-03 - Decentralized Publication Standard

The GCVE BCP-03 Decentralized Publication Standard has now been implemented for the first time.

This standard enables GCVE Numbering Authority (GNA) organizations to publish their vulnerability information directly—without relying on a centralized system.

As a first step, version 2.10.0 of Vulnerability-Lookup introduced support for maintaining a local copy of the GCVE registry. With the latest release, it’s now possible to synchronize the list of local organizations in a Vulnerability-Lookup instance with this local GCVE registry.

This new capability provides a simple way to maintain an up-to-date list of GNA organizations in any Vulnerability-Lookup deployment.

Administrators can then choose which advisories, published by these GNA organizations, they want to import into their instance. This is possible thanks to a new feeder. (151)

Security Advisories from the Local Vulnerability-Lookup Instance (gna-65535.private.circl.lu)

This view displays advisories published on the current local instance.

Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance (gna-65535.private.circl.lu)

This view shows advisories retrieved from a remote GNA instance (GNA-1) using the new feeder system.

Security Advisories from GNA-1 Retrieved in the Local Vulnerability-Lookup Instance (vulnerability.circl.lu)

This screenshot displays the same advisory as in the previous example, but as seen on its originating instance.

Dashboard

The dashboard where administrators manage the local GCVE registry.

Organization Management

This section allows the management of both GNA and non-GNA organizations.

Editing an Organization

Editing details for a specific organization.

The distributed GCVE network

Changes

• Added pagination in the API to the endpoint which list EMB3D objects. (a669461)
• Vendor and Product management in vulnerability-lookup (#105)
• Improvements to the view of recent vulnerabilities. The navigation menu is now automatically updated based on the list of GNAs the local instance is subscribed to.
• Various improvements to the admin dashboard.
• Various improvements to the documentation.

Fixes

• Multiple comments share same UUID (#158)
• GCVE data/feed is missing (#155)
• Dockerfile change by P-T-I (#153)
• Fixes to installation instructions by jeroenh (#154)
• doc fix by jeroenh (#156)
• Small fixes on containers by claudex (#157)
• Fixed a test in the disculosure.html template. The description of approved diclosures was never displayed. (1ec3e55)

Changelog

📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.11.0

Feedback and Support

If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/

Follow us on Fediverse/Mastodon

You can follow us on Mastodon and get real time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/