Revision history for Perl extension CPAN-Audit

20241208.001 2024-12-08T21:10:30Z
	* The database of advisories now exists as a separate distribution so
	it can update itself frequently without requiring new releases of this
	distribution. The code will look for CPANSA::DB or CPAN::Audit::DB, and
	the CPAN::Audit::DB now comes with CPANSA:DB. CPAN::Audit::DB will
	eventually be phased out.
	* The `installed` command now looks only at the versions you have 
	installed. This changes the comparison from '>=' to '=='. (#62)
	* The default range operator is now `==` instead of `>=`. You can 
	always specify which way you want the check to work by using an
	explicit range operator
	* Since these are significant changes, please report any weird
	situations that might arise.

20241121.001_001 2024-11-21T22:45:15Z
	* test release to move CPAN::Audit::DB to a separate module so it
	can be updated independently. 

20240911.001_01 2024-09-10T16:51:05Z
	* check `cpan-audit dist perl 5.024004` for #62

20240910.001 2024-09-10T15:07:37Z
	* data update for 2024-09-10
	* fix --version message for cpan-audit so it does not show warning

20240908.001 2024-09-09T08:35:55Z
	* Data upate for 2024-09-08. This inclues CVE-2024-45321 for 
	App::cpanminus.

20240826.002 2024-08-26T06:11:07Z
	* data update for 2024-08-26
	* new report for Mozilla::CA (briandfoy/cpan-security-advisory#161)

20240824.003 2024-08-24T06:51:28Z
	* data update for 2024-08-24
	* now uses the v2 version of the cpan-security-advisory, which allows
	for arrays of values for affected_versions and fixed versions.
	* this is the first step toward breaking out the CPAN::Audit::DB module
	into a separate distribution

20240824.001 2024-08-23T16:06:49Z
	* data update for 2024-08-24
	* some additional reports for Image::ExifTool

20240822.001 2024-08-22T06:32:12Z
	* Data update for 2024-08-22

20240718.001 2024-07-18T17:32:37Z
	* data update, and fix for briandfoy/cpan-security-advisory#157

20240715.001 2024-07-15T05:54:32Z
	* data update for 2024-07-15

20240626.001 2024-06-26T14:35:29Z
	* data update for 2024-06-26 (mainly polyfill.io compromise)
	https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/

20240615.002 2024-06-15T15:57:57Z
	* update the POSIX::2008 advisories

20240615.001 2024-06-15T05:41:25Z
	* Data update for 2024-06-15
	* Added advisory for POSIX::2008 (briandfoy/cpan-security-advisory#154)

20240601.001 2024-06-01T20:15:25Z
	* data update for 2024-06-01

20240503.001 2024-05-03T17:25:39Z
	* Data update for 2024-05-03; inlcudes CVE-2024-4140 for Email::MIME

20240430.001 2024-04-30T23:00:42Z
	* data update for 2024-04-30
	* includes CVE-2024-2467 - Crypt::OpenSSL::RSA

20240414.001 2024-04-15T00:01:30Z
	* data update for 2024-04-14

20240410.001 2024-04-10T17:51:12Z
	* data update for 2024-04-10

20240401.002 2024-04-01T12:27:17Z
	* Fix some incorrect data in CPANSA-HTTP-Body-2013-4407 (CVE report
	is wrong). From Stig in briandfoy/cpan-security-advisory#150 .

20240401.001 2024-04-01T11:50:11Z
	* data update for 2024-04-01
	* fix data issue for Mojolicious report (briandfoy/cpan-security-advisory#149)
	(Timothy Legge)

20240329.002 2024-03-29T12:08:01Z
	* Data update for 2024-03-29

20240318.001 2024-03-19T01:54:37Z
	* Data update for 2024-03-18
	* CVE-2013-4184 for Data::UUID is resolved by 1.227

20240307.001 2024-03-09T01:47:48Z
	* Latest updates to reports and CPAN versions

20240302.001 2024-03-03T00:40:47Z
	* Data update for 2024-03-02

20240215.001 2024-02-16T04:10:22Z
	* data update for 2024-02-15
	* add --exit-zero option to always exit with unix true even if there
	are advisories (#57 from Mario Minati)

20240209.001 2024-02-10T06:44:21Z
	* Fix docs for the --fresh option (mariominati22, #56)

20240117.001 2024-01-17T18:00:26Z
	* Update for Spreadsheet::ParseXLSX XXE bug. (GitHub #134)

20240110.002 2024-01-10T21:33:57Z
	* data update for 2024-01-10
	* A CVE was assigned for Spreadsheet::Parse::XLSX, so a report was
	updated (briandfoy/cpan-security-advisory#131)

20240110.001 2024-01-10T16:22:34Z
	* Data update for 2024-01-10

20240103.002 2024-01-04T02:55:45Z
	* Update database (#55)

20240103.001 2024-01-03T18:23:43Z
	* Database update for 2024-01-03

20231226.001 2023-12-26T12:58:18Z
	Data update for 2023-12-26

20231129.001 2023-11-29T20:14:52Z
	* Update for 2023-11-29. This includes the CVE-2023-47038 and
	CVE-2023-47039, both on perl.

20230826.001 2023-08-26T08:48:19Z
	* Update for CVE-2022-48522 (perl)

20230709.001 2023-07-09T23:24:24Z
	* Renée Bäcker added 'queried_module' to the JSON output so yoou
	can tie what you asked about to the distribution the report gave
	you. GitHub #50.

20230601.002 2023-06-02T15:43:55Z
	* Fix a problem that masked some reports from Mojolicious
	* Fixed a report for PGObject::Util::DBAdmin that used the wrong namespace
	* Moved MojoX::Dispatch::Static report to Mojolicious
	* Data update for 2023-06-02

20230601.001 2023-06-02T01:21:17Z
	* Database update up to 2023-06-01
	* Many improvements to util/generate from the Perl Toolchain Summit
	and garu

20230309.004 2023-03-09T12:01:45Z
	* Fix the GPG signature

20230309.003 2023-03-09T11:52:21Z
	* Fix the GPG signature

20230309.002 2023-03-09T10:13:33Z
	* Data cleansing for HTTP::Daemon and App::cpanminus. Thanks to
	Salve Nilsen and Robert Rothenberg.

20230309.001 2023-03-09T06:44:23Z
	* Make the 'dist' option do the same thing as 'release', from
	Salve Nilsen.
	* No updates to the database

20230308.001 2023-03-08T23:49:32Z
	* Latest database with some new reports and some fixes to existing
	reports. Thanks to Salve Nilsen, Robert Rothenberg, and others for
	the updates.

20230205.001 2023-02-05T14:20:15Z
	* fix test that checks for exit value of advisory count. Max is now
	126 so we don't bump into 127.

20230202.003 2023-02-03T02:48:17Z
	* Advisories for Apache-Session-Browseable and Apache-Session-LDAP

20230125.002 2023-01-26T00:55:49Z
	* fixes a test and a missing method. The previous 202301* releases
	are no good.

20230125.001_002 2023-01-25T19:18:38Z
	* Github #34 - missing message() method (Robert Rothenberg)

20230125.001_001 2023-01-25T18:03:16Z
	* Fix json testing bug (Robert Rothenberg, #35)
	* no updates to DB

20230104.001 2023-01-24T19:56:41Z
	* January update

20230104.001 2023-01-04T20:58:18Z
	* Add --json to get output in JSON (Renée Bäcker, #24)
	* Updated for latest advisories

20220817.001 2022-08-18T22:27:26Z
	* Added the --exclude-file option to cpan-audit (Graham TerMarsch)
	* No database updates just yet as we straighten out some things in
	cpan-security-advisory

20220729.001 2022-07-29T06:29:54Z
	* Added feature to exclude reports, mostly for those persistent
	vulnerabilities, such as File::Temp, that won't go away.
	* Added a freshness check. You can check if your database is
	old.
	* There's no database update in this release. That's coming soon.

20220713.001_001 2022-07-15T16:38:39Z
	* Try out a way to exclude some reports (say, like File::Temp)
	from Graham TerMarsch (Github #5). This feature might change.
	* No database updates in this release.

20220708.001 2022-07-08T08:51:14Z
	* Many more reports (thanks to Robert Rothenberg)

20220705.001 2022-07-05T16:44:45Z
	* check for simple "freshness" of DB with `cpan-audit -f`
	* weekly update for the data - too many additions to list (thanks
	to Robert Rothenberg)

20220629.003 2022-06-29T17:56:53Z
	* This is the same as the last release, where I forgot to update the
	version in CPAN::Audit to match that in CPAN::Audit::DB.

20220627.003 2022-06-29T15:44:34Z
	* Updates for CPANSA-App-revealup, Mozilla-CA, Plack-Middleware-StaticShared,
	and CPANSA-Socket (Robert Rothenberg)
	* Starting to track which problems are embedded, non-Perl libraries
	(Robert Rothenberg)
	* The lib/CPAN/Audit/DB.pm file is now GPG-signed, although we don't do
	anything with that just yet. See GPG_README.md.
	* There are several discussions on GitHub where people can note their
	preferences on future development.

20220625.001 2022-06-25T19:44:05Z
	* Updates to File::Slurp and JavaScript::Duktape(::XS)?
	* New reports for Crypt

20220624.001 2022-06-25T00:35:07Z
	* reports for JavaScript-Duktape-XS, File-Slurp, RPC-XML, CBOX-XS,
	IPC-Run, XML-Simple, Sys-Syslog, WWW-Mechanize, LWP, Imager, GD,
	CryptX, Mojolicious, all from Robert Rothenberg.

20220622.002 2022-06-22T23:33:43Z
	* I put the docs in the wrong file!

20220622.001 2022-06-22T20:59:18Z
	* Advisories for Plack, DBD::SQLite from Robert Rothenberg
	* Refactored and documented util/generated - can now output JSON,
	although that probably isn't useful yet

20220620.001 2022-06-21T03:14:25Z
	* Add CVE-2020-8927 for IO-Compress-Brotli (Robert Rothenberg)
	briandfoy/cpan-security-advisory#18
	* Fix to perl versions so they don't appear as if they are in
	the future (#4)

20220613.001 2022-06-13T18:10:47Z
	* Fix DB for Perl versions by specify all versions as semantic versions
	(noted by Robert Rothenberg)

20220611 2022-06-12T22:58:50Z
	* Use GNU tar instead of bsdtar. Upgrading macOS apparently breaks
	the established way of avoiding weird Mac tarballs.
	* Added a couple of ancient security reports to CPANSA.

20220608 2022-06-08T15:08:53Z
	* Update for the latest CVEs
	* Now also tracks CVEs in perl too
	* now maintained by brian d foy

0.15 2019-03-09T09:47:36Z

    - regenerate database fixing Plack-Middleware-Session distribution name

0.14 2019-01-26T10:23:21Z

    [ADVISORIES]
    CPANSA-Dancer2
    CPANSA-HTTP-Session2
    CPANSA-Plack-Middleware-Session-Cookie

0.13 2018-11-22T20:38:09Z

    - --no-corelist option by MCRayRay
    - test fixes

0.12 2018-11-11T19:43:25Z

    - require Module::CoreList latest version

0.11 2018-11-11T18:57:53Z

    - check core modules by James Raspass

0.10 2018-11-07T20:17:30Z

    - --quiet option
    - small refactoring
    - require the latest version of Pod::Usage

0.09 2018-11-05T21:17:35Z

    - do not hide db from pause (#7)

0.08 2018-10-17T18:10:41Z

    [ADVISORIES]
    - CPANSA-Net-DNS
    - CPANSA-PAR
    - CPANSA-PAR-Packer
    - CPANSA-RT-Authen-ExternalAuth
    - CPANSA-Tk
    - CPANSA-UI-Dialog (updated)
    - CPANSA-XML-LibXML

0.07 2018-10-16T21:37:20Z

    - test fixes

0.06 2018-10-16T19:19:22Z

    - use name instead of fullname
    - fix installed modules discovery

0.05 2018-10-15T19:36:39Z

    [ADVISORIES]
    - CPANSA-MHonArc
    - CPANSA-Module-Signature
    - CPANSA-libapreq2
    - CPANSA-mod_perl
    - CPANSA-Compress-Raw-Bzip2
    - CPANSA-Compress-Raw-Zlib

    [IMPROVEMENTS]
    - kritika.io and metacpan badges

0.04 2018-10-14T10:56:27Z

    [FEATURES]
    - install command accepts path to installations

    [IMPROVEMENTS]
    - get rid of Carton dependency
    - more test coverage
    - CI integrations
    - perl 5.8 compat

0.03 2018-10-13T12:59:36Z

    [ADVISORIES]
    - CPANSA-App-Github-Email
    - CPANSA-Crypt-OpenSSL-DSA
    - CPANSA-Crypt-Passwd-XS
    - CPANSA-DBD-MariaDB
    - CPANSA-Dancer
    - CPANSA-Data-Dumper
    - CPANSA-Email-Address
    - CPANSA-Encode
    - CPANSA-ExtUtils-MakeMaker
    - CPANSA-FCGI
    - CPANSA-Fake-Encode
    - CPANSA-Fake-Our
    - CPANSA-File-DataClass
    - CPANSA-File-Path
    - CPANSA-HTTP-Tiny
    - CPANSA-Imager
    - CPANSA-PathTools

    [FEATURES]
    - new installed command to audit all installed modules
    - cpan.snapshot support by Takumi Akiyama (github.com/akiym)

0.02 2018-10-09T08:24:36Z

    - support perl 5.8

0.01 2018-10-08T06:39:07Z

    - original version