Release notes
The objective of this release is to support the 2.0 API endpoints of the NVD instead of the old data feeds.
Important note: this is the last minor version of the 1.x major one (meaning no 1.6 release will be done). The next major version (2.0.0) is a complete refactoring of the stack (from Flask & Celery to Django & Airflow). You can find information on this page to find out more about this new version and the changes compared to the v1.
NVD CVE 4.0 to CVE 5.0 Transition
At the beginning of November 2023, the NVD started to migrate their datasets from CVE 4.0 to CVE 5.0 format. The list of changes for the users can be found here.
The OpenCVE 1.5.0 release uses the 2.0 API of the NVD, therefore the CVE 5.0 format will be now used. Consequently the OpenCVE API users have to notice that the raw_nvd_data field of the GET /cve/<string:id> endpoint is impacting by this change (its content now returns the CVE 5.0 payload).
Upgrade Process
For the new installation this release has no impact, the process (manual or using docker) remains the same.
For existing installation the users need to follow this process:
- stop the Celery beat process
- check the logs of the Celery worker process and stop it too when no task is active
- backup your database
- launch the database migration using the upgrade-db command
- launch the NVD data migration using the migrate-nvd command
- restart the Celery worker and beat processes