Revision history for Perl extension CPAN-Audit 20240307.001 2024-03-09T01:47:48Z * Latest updates to reports and CPAN versions 20240302.001 2024-03-03T00:40:47Z * Data update for 2024-03-02 20240215.001 2024-02-16T04:10:22Z * data update for 2024-02-15 * add --exit-zero option to always exit with unix true even if there are advisories (#57 from Mario Minati) 20240209.001 2024-02-10T06:44:21Z * Fix docs for the --fresh option (mariominati22, #56) 20240117.001 2024-01-17T18:00:26Z * Update for Spreadsheet::ParseXLSX XXE bug. (GitHub #134) 20240110.002 2024-01-10T21:33:57Z * data update for 2024-01-10 * A CVE was assigned for Spreadsheet::Parse::XLSX, so a report was updated (briandfoy/cpan-security-advisory#131) 20240110.001 2024-01-10T16:22:34Z * Data update for 2024-01-10 20240103.002 2024-01-04T02:55:45Z * Update database (#55) 20240103.001 2024-01-03T18:23:43Z * Database update for 2024-01-03 20231226.001 2023-12-26T12:58:18Z Data update for 2023-12-26 20231129.001 2023-11-29T20:14:52Z * Update for 2023-11-29. This includes the CVE-2023-47038 and CVE-2023-47039, both on perl. 20230826.001 2023-08-26T08:48:19Z * Update for CVE-2022-48522 (perl) 20230709.001 2023-07-09T23:24:24Z * Renée Bäcker added 'queried_module' to the JSON output so yoou can tie what you asked about to the distribution the report gave you. GitHub #50. 20230601.002 2023-06-02T15:43:55Z * Fix a problem that masked some reports from Mojolicious * Fixed a report for PGObject::Util::DBAdmin that used the wrong namespace * Moved MojoX::Dispatch::Static report to Mojolicious * Data update for 2023-06-02 20230601.001 2023-06-02T01:21:17Z * Database update up to 2023-06-01 * Many improvements to util/generate from the Perl Toolchain Summit and garu 20230309.004 2023-03-09T12:01:45Z * Fix the GPG signature 20230309.003 2023-03-09T11:52:21Z * Fix the GPG signature 20230309.002 2023-03-09T10:13:33Z * Data cleansing for HTTP::Daemon and App::cpanminus. Thanks to Salve Nilsen and Robert Rothenberg. 20230309.001 2023-03-09T06:44:23Z * Make the 'dist' option do the same thing as 'release', from Salve Nilsen. * No updates to the database 20230308.001 2023-03-08T23:49:32Z * Latest database with some new reports and some fixes to existing reports. Thanks to Salve Nilsen, Robert Rothenberg, and others for the updates. 20230205.001 2023-02-05T14:20:15Z * fix test that checks for exit value of advisory count. Max is now 126 so we don't bump into 127. 20230202.003 2023-02-03T02:48:17Z * Advisories for Apache-Session-Browseable and Apache-Session-LDAP 20230125.002 2023-01-26T00:55:49Z * fixes a test and a missing method. The previous 202301* releases are no good. 20230125.001_002 2023-01-25T19:18:38Z * Github #34 - missing message() method (Robert Rothenberg) 20230125.001_001 2023-01-25T18:03:16Z * Fix json testing bug (Robert Rothenberg, #35) * no updates to DB 20230104.001 2023-01-24T19:56:41Z * January update 20230104.001 2023-01-04T20:58:18Z * Add --json to get output in JSON (Renée Bäcker, #24) * Updated for latest advisories 20220817.001 2022-08-18T22:27:26Z * Added the --exclude-file option to cpan-audit (Graham TerMarsch) * No database updates just yet as we straighten out some things in cpan-security-advisory 20220729.001 2022-07-29T06:29:54Z * Added feature to exclude reports, mostly for those persistent vulnerabilities, such as File::Temp, that won't go away. * Added a freshness check. You can check if your database is old. * There's no database update in this release. That's coming soon. 20220713.001_001 2022-07-15T16:38:39Z * Try out a way to exclude some reports (say, like File::Temp) from Graham TerMarsch (Github #5). This feature might change. * No database updates in this release. 20220708.001 2022-07-08T08:51:14Z * Many more reports (thanks to Robert Rothenberg) 20220705.001 2022-07-05T16:44:45Z * check for simple "freshness" of DB with `cpan-audit -f` * weekly update for the data - too many additions to list (thanks to Robert Rothenberg) 20220629.003 2022-06-29T17:56:53Z * This is the same as the last release, where I forgot to update the version in CPAN::Audit to match that in CPAN::Audit::DB. 20220627.003 2022-06-29T15:44:34Z * Updates for CPANSA-App-revealup, Mozilla-CA, Plack-Middleware-StaticShared, and CPANSA-Socket (Robert Rothenberg) * Starting to track which problems are embedded, non-Perl libraries (Robert Rothenberg) * The lib/CPAN/Audit/DB.pm file is now GPG-signed, although we don't do anything with that just yet. See GPG_README.md. * There are several discussions on GitHub where people can note their preferences on future development. 20220625.001 2022-06-25T19:44:05Z * Updates to File::Slurp and JavaScript::Duktape(::XS)? * New reports for Crypt 20220624.001 2022-06-25T00:35:07Z * reports for JavaScript-Duktape-XS, File-Slurp, RPC-XML, CBOX-XS, IPC-Run, XML-Simple, Sys-Syslog, WWW-Mechanize, LWP, Imager, GD, CryptX, Mojolicious, all from Robert Rothenberg. 20220622.002 2022-06-22T23:33:43Z * I put the docs in the wrong file! 20220622.001 2022-06-22T20:59:18Z * Advisories for Plack, DBD::SQLite from Robert Rothenberg * Refactored and documented util/generated - can now output JSON, although that probably isn't useful yet 20220620.001 2022-06-21T03:14:25Z * Add CVE-2020-8927 for IO-Compress-Brotli (Robert Rothenberg) briandfoy/cpan-security-advisory#18 * Fix to perl versions so they don't appear as if they are in the future (#4) 20220613.001 2022-06-13T18:10:47Z * Fix DB for Perl versions by specify all versions as semantic versions (noted by Robert Rothenberg) 20220611 2022-06-12T22:58:50Z * Use GNU tar instead of bsdtar. Upgrading macOS apparently breaks the established way of avoiding weird Mac tarballs. * Added a couple of ancient security reports to CPANSA. 20220608 2022-06-08T15:08:53Z * Update for the latest CVEs * Now also tracks CVEs in perl too * now maintained by brian d foy 0.15 2019-03-09T09:47:36Z - regenerate database fixing Plack-Middleware-Session distribution name 0.14 2019-01-26T10:23:21Z [ADVISORIES] CPANSA-Dancer2 CPANSA-HTTP-Session2 CPANSA-Plack-Middleware-Session-Cookie 0.13 2018-11-22T20:38:09Z - --no-corelist option by MCRayRay - test fixes 0.12 2018-11-11T19:43:25Z - require Module::CoreList latest version 0.11 2018-11-11T18:57:53Z - check core modules by James Raspass 0.10 2018-11-07T20:17:30Z - --quiet option - small refactoring - require the latest version of Pod::Usage 0.09 2018-11-05T21:17:35Z - do not hide db from pause (#7) 0.08 2018-10-17T18:10:41Z [ADVISORIES] - CPANSA-Net-DNS - CPANSA-PAR - CPANSA-PAR-Packer - CPANSA-RT-Authen-ExternalAuth - CPANSA-Tk - CPANSA-UI-Dialog (updated) - CPANSA-XML-LibXML 0.07 2018-10-16T21:37:20Z - test fixes 0.06 2018-10-16T19:19:22Z - use name instead of fullname - fix installed modules discovery 0.05 2018-10-15T19:36:39Z [ADVISORIES] - CPANSA-MHonArc - CPANSA-Module-Signature - CPANSA-libapreq2 - CPANSA-mod_perl - CPANSA-Compress-Raw-Bzip2 - CPANSA-Compress-Raw-Zlib [IMPROVEMENTS] - kritika.io and metacpan badges 0.04 2018-10-14T10:56:27Z [FEATURES] - install command accepts path to installations [IMPROVEMENTS] - get rid of Carton dependency - more test coverage - CI integrations - perl 5.8 compat 0.03 2018-10-13T12:59:36Z [ADVISORIES] - CPANSA-App-Github-Email - CPANSA-Crypt-OpenSSL-DSA - CPANSA-Crypt-Passwd-XS - CPANSA-DBD-MariaDB - CPANSA-Dancer - CPANSA-Data-Dumper - CPANSA-Email-Address - CPANSA-Encode - CPANSA-ExtUtils-MakeMaker - CPANSA-FCGI - CPANSA-Fake-Encode - CPANSA-Fake-Our - CPANSA-File-DataClass - CPANSA-File-Path - CPANSA-HTTP-Tiny - CPANSA-Imager - CPANSA-PathTools [FEATURES] - new installed command to audit all installed modules - cpan.snapshot support by Takumi Akiyama (github.com/akiym) 0.02 2018-10-09T08:24:36Z - support perl 5.8 0.01 2018-10-08T06:39:07Z - original version