2.12.0

• DSOP-related logic is removed
• Expose the minimum required fixedBy version for a component to resolve all fixable vulnerabilities
• Fix Distroless support

2.11.1

• Adds support for OCI versioned manifests

2.11.0

• No longer match kernel/linux vulns in images
• Fix Docker matching to account for Docker version format xx.yy.z
• Officially add alpine:v3.13 support and mark oracle:5 as stale
• Update kernel component support to return correct package name
• Bug fixes

2.10.0

Adds support for OS-specific linux kernel vulnerabilities. OSes include: Amazon 2, Debian, Garden Linux, CentOS, RHEL, Ubuntu, etc

2.9.0

• Blocklist Python pip

2.8.1

• Add gRPC Ping to version control
  • Removes need for multiple empty.protos and fixes issue with registration

2.8.0

• Add K8s vulns to offline dump
• Add new gRPC endpoint: GetVulnerabilities
• Fix .NET and ASP.NET vulnerability updating
• Add shared generated protos to git
• Update .NET and ASP.NET vulnerabilities to only include runtime vulns
• Add vuln def metadata gRPC and HTTP endpoints

2.7.1

• Fix CVE-2020-28928

2.7.0

• Add ubuntu:20.10 support
• Add distroless support
• Add k8s vulns to definitions.stackrox.io
• Fix .NET and ASP.NET vulnerability CPEs

2.6.0

• Return exact (x.y.z) .NET Core runtime and ASP.NET Core runtime versions (opposed to x.y)
• Reduce false-positive rate of Java and Ruby vulnerabilities