from cedric@lemmy.ml to security@lemmy.ml on 09 Apr 13:15
https://lemmy.ml/post/45682810
We are pleased to announce the release of Vulnerability-Lookup 4.4.0!
This release introduces public disclosure list views, enhanced sightings with automatic creation and heatmap navigation controls, toggleable chart events, and configurable CVD policy alerts. It also includes numerous fixes for database stability and performance, notification reliability, and Meilisearch error handling.
The technical documentation has been revamped for greater clarity and expanded with deployment guidance for high-traffic environments, validated in our production setup handling 15,000β20,000 queries per second (public API + Web pages).
Whatβs New
- new: [views] Add public disclosures list view and improve disclosure detail template. ac97550
- new: [heatmap] Add navigation and zoom controls to sightings heatmap. 57c1fb8
- new: [sightings] Add toggleable extra events (published, reserved, KEV) to sightings charts. 1ae5cdf
- new: [sightings] Add backfill_sightings script to create sightings from existing data. 3c036b3
- new: [sightings] Automatically create sightings when bundles, comments, or KEV entries are created. 5676730, eb20f85, 351d538
Disclosed Vulnerabilities (CVD process)
Disclosures part of the CVD process are now listed on a dedicated page once they are disclosed (the CVD feature can be disabled in Vulnerability-Lookup). Previously, they were publicly accessible but not listed in a single view.
Comments as a sighting
Creating a comment on a vulnerability now automatically generates a sighting.
Displaying reserved and published dates in the sightings visualisations
CVE-2026-23456 was mentioned in the list of Ghost CVEs in our February Vulnerability Report. The CVE record is now available, and the visualisations show our sightings predating the publication date.
KEV entry as exploited sightings
Creating a KEV entry β whether directly, via synchronisation from another Vulnerability-Lookup instance, or by pulling from the CISA or ENISA catalogs β now automatically generates a sighting.
Zoom feature for the sightings visualisations
Changes
- chg: [config] Make CVD policy alert messages configurable (CVD_POLICY_TITLE, CVD_POLICY_URL, CVD_POLICY_LOGIN_MESSAGE). 38a9fc8
- chg: [views] Set disclosed_timestamp when admin transitions disclosure state to disclosed. b1265ca
- chg: [templates] Link vulnerability ID, affected products, and CWEs in disclosure detail page. 0b57f62, c7f750e, 24512cf, 7dde7dc
- chg: [templates] GCVE vulnerabilities show a parenthesized link to the associated CVE ID. 2944a32
- chg: [templates] Vulnerabilities from FSTEC use the severity classification model. 9896c18
- chg: [documentation] Convert documentation to Markdown and improvements. af2de56, ba70b69, 54d004b, 497c45a
- chg: [dependencies] Updated Python and JavaScript dependencies. 81ea0d7, af81a41, ab94807, 7706a5c, b7cfab2
Fixes
- fix: [views] Skip timestamp check for disclosed state in disclosures query. 88f8fe9
- fix: [models] Handle None values in Product and Organization field validators. 3f56d34, 078eb1d
- fix: [fulltext] Auto-purge Meilisearch tasks on no_space_left_on_device error. e7ffbfa
- fix: [database] Fix DetachedInstanceError and idle-in-transaction timeouts. 801eefd, 9b89ce3, 028da84
- fix: [notifications] Release DB transaction before slow email rendering/sending. 1c1a552, 913ecc1
- fix: [tags] Sync comment tags with upstream MISP vulnerability taxonomy. 5b3d08f
- fix: [forms] Align SignupForm login max length with database constraint. 210594a
- fix: [bundle] Use JSONB contains operator for bundle vuln_id filter. 80c7295
- fix: [sightings] Use KEV asserted_at date for backfilled sighting timestamp. 8c7d455
Changelog
π For the full list of changes, check the GitHub release:
github.com/vulnerability-lookup/β¦/v4.4.0
π Thank you to all contributors and testers!
Feedback and Support
If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
github.com/vulnerability-lookup/β¦/issues/
Your feedback is always appreciated!
Follow Us on Fediverse/Mastodon
You can follow us on Mastodon and get real-time information about security advisories:
social.circl.lu/@vulnerability_lookup/
threaded - newest