Revision history for Perl extension CPAN-Audit
20241208.001 2024-12-08T21:10:30Z
* The database of advisories now exists as a separate distribution so
it can update itself frequently without requiring new releases of this
distribution. The code will look for CPANSA::DB or CPAN::Audit::DB, and
the CPAN::Audit::DB now comes with CPANSA:DB. CPAN::Audit::DB will
eventually be phased out.
* The `installed` command now looks only at the versions you have
installed. This changes the comparison from '>=' to '=='. (#62)
* The default range operator is now `==` instead of `>=`. You can
always specify which way you want the check to work by using an
explicit range operator
* Since these are significant changes, please report any weird
situations that might arise.
20241121.001_001 2024-11-21T22:45:15Z
* test release to move CPAN::Audit::DB to a separate module so it
can be updated independently.
20240911.001_01 2024-09-10T16:51:05Z
* check `cpan-audit dist perl 5.024004` for #62
20240910.001 2024-09-10T15:07:37Z
* data update for 2024-09-10
* fix --version message for cpan-audit so it does not show warning
20240908.001 2024-09-09T08:35:55Z
* Data upate for 2024-09-08. This inclues CVE-2024-45321 for
App::cpanminus.
20240826.002 2024-08-26T06:11:07Z
* data update for 2024-08-26
* new report for Mozilla::CA (briandfoy/cpan-security-advisory#161)
20240824.003 2024-08-24T06:51:28Z
* data update for 2024-08-24
* now uses the v2 version of the cpan-security-advisory, which allows
for arrays of values for affected_versions and fixed versions.
* this is the first step toward breaking out the CPAN::Audit::DB module
into a separate distribution
20240824.001 2024-08-23T16:06:49Z
* data update for 2024-08-24
* some additional reports for Image::ExifTool
20240822.001 2024-08-22T06:32:12Z
* Data update for 2024-08-22
20240718.001 2024-07-18T17:32:37Z
* data update, and fix for briandfoy/cpan-security-advisory#157
20240715.001 2024-07-15T05:54:32Z
* data update for 2024-07-15
20240626.001 2024-06-26T14:35:29Z
* data update for 2024-06-26 (mainly polyfill.io compromise)
https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/
20240615.002 2024-06-15T15:57:57Z
* update the POSIX::2008 advisories
20240615.001 2024-06-15T05:41:25Z
* Data update for 2024-06-15
* Added advisory for POSIX::2008 (briandfoy/cpan-security-advisory#154)
20240601.001 2024-06-01T20:15:25Z
* data update for 2024-06-01
20240503.001 2024-05-03T17:25:39Z
* Data update for 2024-05-03; inlcudes CVE-2024-4140 for Email::MIME
20240430.001 2024-04-30T23:00:42Z
* data update for 2024-04-30
* includes CVE-2024-2467 - Crypt::OpenSSL::RSA
20240414.001 2024-04-15T00:01:30Z
* data update for 2024-04-14
20240410.001 2024-04-10T17:51:12Z
* data update for 2024-04-10
20240401.002 2024-04-01T12:27:17Z
* Fix some incorrect data in CPANSA-HTTP-Body-2013-4407 (CVE report
is wrong). From Stig in briandfoy/cpan-security-advisory#150 .
20240401.001 2024-04-01T11:50:11Z
* data update for 2024-04-01
* fix data issue for Mojolicious report (briandfoy/cpan-security-advisory#149)
(Timothy Legge)
20240329.002 2024-03-29T12:08:01Z
* Data update for 2024-03-29
20240318.001 2024-03-19T01:54:37Z
* Data update for 2024-03-18
* CVE-2013-4184 for Data::UUID is resolved by 1.227
20240307.001 2024-03-09T01:47:48Z
* Latest updates to reports and CPAN versions
20240302.001 2024-03-03T00:40:47Z
* Data update for 2024-03-02
20240215.001 2024-02-16T04:10:22Z
* data update for 2024-02-15
* add --exit-zero option to always exit with unix true even if there
are advisories (#57 from Mario Minati)
20240209.001 2024-02-10T06:44:21Z
* Fix docs for the --fresh option (mariominati22, #56)
20240117.001 2024-01-17T18:00:26Z
* Update for Spreadsheet::ParseXLSX XXE bug. (GitHub #134)
20240110.002 2024-01-10T21:33:57Z
* data update for 2024-01-10
* A CVE was assigned for Spreadsheet::Parse::XLSX, so a report was
updated (briandfoy/cpan-security-advisory#131)
20240110.001 2024-01-10T16:22:34Z
* Data update for 2024-01-10
20240103.002 2024-01-04T02:55:45Z
* Update database (#55)
20240103.001 2024-01-03T18:23:43Z
* Database update for 2024-01-03
20231226.001 2023-12-26T12:58:18Z
Data update for 2023-12-26
20231129.001 2023-11-29T20:14:52Z
* Update for 2023-11-29. This includes the CVE-2023-47038 and
CVE-2023-47039, both on perl.
20230826.001 2023-08-26T08:48:19Z
* Update for CVE-2022-48522 (perl)
20230709.001 2023-07-09T23:24:24Z
* Renée Bäcker added 'queried_module' to the JSON output so yoou
can tie what you asked about to the distribution the report gave
you. GitHub #50.
20230601.002 2023-06-02T15:43:55Z
* Fix a problem that masked some reports from Mojolicious
* Fixed a report for PGObject::Util::DBAdmin that used the wrong namespace
* Moved MojoX::Dispatch::Static report to Mojolicious
* Data update for 2023-06-02
20230601.001 2023-06-02T01:21:17Z
* Database update up to 2023-06-01
* Many improvements to util/generate from the Perl Toolchain Summit
and garu
20230309.004 2023-03-09T12:01:45Z
* Fix the GPG signature
20230309.003 2023-03-09T11:52:21Z
* Fix the GPG signature
20230309.002 2023-03-09T10:13:33Z
* Data cleansing for HTTP::Daemon and App::cpanminus. Thanks to
Salve Nilsen and Robert Rothenberg.
20230309.001 2023-03-09T06:44:23Z
* Make the 'dist' option do the same thing as 'release', from
Salve Nilsen.
* No updates to the database
20230308.001 2023-03-08T23:49:32Z
* Latest database with some new reports and some fixes to existing
reports. Thanks to Salve Nilsen, Robert Rothenberg, and others for
the updates.
20230205.001 2023-02-05T14:20:15Z
* fix test that checks for exit value of advisory count. Max is now
126 so we don't bump into 127.
20230202.003 2023-02-03T02:48:17Z
* Advisories for Apache-Session-Browseable and Apache-Session-LDAP
20230125.002 2023-01-26T00:55:49Z
* fixes a test and a missing method. The previous 202301* releases
are no good.
20230125.001_002 2023-01-25T19:18:38Z
* Github #34 - missing message() method (Robert Rothenberg)
20230125.001_001 2023-01-25T18:03:16Z
* Fix json testing bug (Robert Rothenberg, #35)
* no updates to DB
20230104.001 2023-01-24T19:56:41Z
* January update
20230104.001 2023-01-04T20:58:18Z
* Add --json to get output in JSON (Renée Bäcker, #24)
* Updated for latest advisories
20220817.001 2022-08-18T22:27:26Z
* Added the --exclude-file option to cpan-audit (Graham TerMarsch)
* No database updates just yet as we straighten out some things in
cpan-security-advisory
20220729.001 2022-07-29T06:29:54Z
* Added feature to exclude reports, mostly for those persistent
vulnerabilities, such as File::Temp, that won't go away.
* Added a freshness check. You can check if your database is
old.
* There's no database update in this release. That's coming soon.
20220713.001_001 2022-07-15T16:38:39Z
* Try out a way to exclude some reports (say, like File::Temp)
from Graham TerMarsch (Github #5). This feature might change.
* No database updates in this release.
20220708.001 2022-07-08T08:51:14Z
* Many more reports (thanks to Robert Rothenberg)
20220705.001 2022-07-05T16:44:45Z
* check for simple "freshness" of DB with `cpan-audit -f`
* weekly update for the data - too many additions to list (thanks
to Robert Rothenberg)
20220629.003 2022-06-29T17:56:53Z
* This is the same as the last release, where I forgot to update the
version in CPAN::Audit to match that in CPAN::Audit::DB.
20220627.003 2022-06-29T15:44:34Z
* Updates for CPANSA-App-revealup, Mozilla-CA, Plack-Middleware-StaticShared,
and CPANSA-Socket (Robert Rothenberg)
* Starting to track which problems are embedded, non-Perl libraries
(Robert Rothenberg)
* The lib/CPAN/Audit/DB.pm file is now GPG-signed, although we don't do
anything with that just yet. See GPG_README.md.
* There are several discussions on GitHub where people can note their
preferences on future development.
20220625.001 2022-06-25T19:44:05Z
* Updates to File::Slurp and JavaScript::Duktape(::XS)?
* New reports for Crypt
20220624.001 2022-06-25T00:35:07Z
* reports for JavaScript-Duktape-XS, File-Slurp, RPC-XML, CBOX-XS,
IPC-Run, XML-Simple, Sys-Syslog, WWW-Mechanize, LWP, Imager, GD,
CryptX, Mojolicious, all from Robert Rothenberg.
20220622.002 2022-06-22T23:33:43Z
* I put the docs in the wrong file!
20220622.001 2022-06-22T20:59:18Z
* Advisories for Plack, DBD::SQLite from Robert Rothenberg
* Refactored and documented util/generated - can now output JSON,
although that probably isn't useful yet
20220620.001 2022-06-21T03:14:25Z
* Add CVE-2020-8927 for IO-Compress-Brotli (Robert Rothenberg)
briandfoy/cpan-security-advisory#18
* Fix to perl versions so they don't appear as if they are in
the future (#4)
20220613.001 2022-06-13T18:10:47Z
* Fix DB for Perl versions by specify all versions as semantic versions
(noted by Robert Rothenberg)
20220611 2022-06-12T22:58:50Z
* Use GNU tar instead of bsdtar. Upgrading macOS apparently breaks
the established way of avoiding weird Mac tarballs.
* Added a couple of ancient security reports to CPANSA.
20220608 2022-06-08T15:08:53Z
* Update for the latest CVEs
* Now also tracks CVEs in perl too
* now maintained by brian d foy
0.15 2019-03-09T09:47:36Z
- regenerate database fixing Plack-Middleware-Session distribution name
0.14 2019-01-26T10:23:21Z
[ADVISORIES]
CPANSA-Dancer2
CPANSA-HTTP-Session2
CPANSA-Plack-Middleware-Session-Cookie
0.13 2018-11-22T20:38:09Z
- --no-corelist option by MCRayRay
- test fixes
0.12 2018-11-11T19:43:25Z
- require Module::CoreList latest version
0.11 2018-11-11T18:57:53Z
- check core modules by James Raspass
0.10 2018-11-07T20:17:30Z
- --quiet option
- small refactoring
- require the latest version of Pod::Usage
0.09 2018-11-05T21:17:35Z
- do not hide db from pause (#7)
0.08 2018-10-17T18:10:41Z
[ADVISORIES]
- CPANSA-Net-DNS
- CPANSA-PAR
- CPANSA-PAR-Packer
- CPANSA-RT-Authen-ExternalAuth
- CPANSA-Tk
- CPANSA-UI-Dialog (updated)
- CPANSA-XML-LibXML
0.07 2018-10-16T21:37:20Z
- test fixes
0.06 2018-10-16T19:19:22Z
- use name instead of fullname
- fix installed modules discovery
0.05 2018-10-15T19:36:39Z
[ADVISORIES]
- CPANSA-MHonArc
- CPANSA-Module-Signature
- CPANSA-libapreq2
- CPANSA-mod_perl
- CPANSA-Compress-Raw-Bzip2
- CPANSA-Compress-Raw-Zlib
[IMPROVEMENTS]
- kritika.io and metacpan badges
0.04 2018-10-14T10:56:27Z
[FEATURES]
- install command accepts path to installations
[IMPROVEMENTS]
- get rid of Carton dependency
- more test coverage
- CI integrations
- perl 5.8 compat
0.03 2018-10-13T12:59:36Z
[ADVISORIES]
- CPANSA-App-Github-Email
- CPANSA-Crypt-OpenSSL-DSA
- CPANSA-Crypt-Passwd-XS
- CPANSA-DBD-MariaDB
- CPANSA-Dancer
- CPANSA-Data-Dumper
- CPANSA-Email-Address
- CPANSA-Encode
- CPANSA-ExtUtils-MakeMaker
- CPANSA-FCGI
- CPANSA-Fake-Encode
- CPANSA-Fake-Our
- CPANSA-File-DataClass
- CPANSA-File-Path
- CPANSA-HTTP-Tiny
- CPANSA-Imager
- CPANSA-PathTools
[FEATURES]
- new installed command to audit all installed modules
- cpan.snapshot support by Takumi Akiyama (github.com/akiym)
0.02 2018-10-09T08:24:36Z
- support perl 5.8
0.01 2018-10-08T06:39:07Z
- original version