github txlog/server v1.24.1
on GitHub

7 hours ago

What's Changed

✨ New Features

  • Detailed Vulnerability Endpoints: Added GET /v1/vulnerabilities API endpoint to retrieve detailed CVE information (ID, summary, severity, CVSS score, package, version, status) for a given transaction.
  • Dedicated Vulnerabilities UI: Introduced a dedicated vulnerabilities modal, accessible via a split button dropdown on each transaction row, showing summary cards (fixed, introduced, critical, high) and a comprehensive table of CVEs with direct links to OSV.
  • In-App Context: Added explanatory text to the vulnerabilities modal describing how counts are calculated and what fixed/introduced statuses mean.
  • Documentation: Documented vulnerability counting logic, security patch badge behavior, and the new vulnerabilities modal in the OSV how-to guide.

🔄 Changed

  • Split Button Design: Replace the single "Details" button on transaction rows with a split button dropdown, where the main button opens transaction details and the dropdown provides access to the vulnerabilities modal.

🐛 Fixed

  • Accurate CVE Counting: Fix vulnerability counting inflating numbers by counting the same CVE once per affected sub-package. Now uses COUNT(DISTINCT vulnerability_id) so each CVE is counted once regardless of how many packages it affects.
  • Vulnerability Patch Detection: Fix OSV vulnerability fetching not querying old package versions for removed or upgraded packages, causing vulns_fixed to show 0 when vulnerabilities were actually fixed.

Docker Image

docker pull ghcr.io/txlog/server:v1.24.1

Full Changelog: v1.24.0...v1.24.1

Check out latest releases or
releases around txlog/server v1.24.1

Don't miss a new server release

NewReleases is sending notifications on new releases.

Get notifications