v2.40.8

v2.40.8 (2024-09-24)

Chore

• chore(deps): update grafana/grafana docker tag to v11

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> (efeb90d)

• chore(deps): update pre-commit hook pre-commit/pre-commit-hooks to v4.6.0

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> (70935e2)

• chore(deps): update pre-commit hook psf/black to v23.12.1

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> (52ee91e)

• chore(deps): update pre-commit hook asottile/reorder-python-imports to v3.13.0

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> (a88782b)

• chore: use ubi9

RHINENG-12543

RHINENG-12556 (ee5c78f)

• chore: update dependencies

RHINENG-12514 (32aeb37)

Fix

• fix: handle error when inserting empty cve name into db

RHINENG-12773 (bb5813e)

Unknown

• Red Hat Konflux update vulnerability-engine
  Signed-off-by: red-hat-konflux <[email protected]> (5f5e9c1)

v2.40.7

v2.40.7 (2024-09-12)

Chore

• chore(ephemeral): remove --no-remove-resources

RHINENG-11573 (4cc5da1)

Fix

• fix: workaround cve_cache issue with inventory groups

When there are 2 users with different inventory groups in the same account, they can be invalidating cache for each other which will cause that api is slow for both of them.
Cache only access to all inventory hosts. When a user doesn't have any inventory groups, then the query will be used without cache.

Stats from DB:
count of accounts | inventory groups
31581 | [] // access to all hosts
1 | [[]] // access to ungrouped hosts only
6 | access to only 1 inventory group
1 | access to 1 group and to ungrouped hosts
1 | access to multiple groups and ungrouped hosts

RHINENG-12465 (6b529e7)

v2.40.6

v2.40.6 (2024-08-19)

Fix

• fix(vmaas-sync): make sure event row is commited before sending it in kafka messages (c1f4017)

v2.40.5

v2.40.5 (2024-08-19)

Fix

• fix(evaluator): compare offset-aware datetimes (0fe5d0e)

v2.40.4

v2.40.4 (2024-08-16)

Fix

• fix(evaluator): skip by message timestamp only in recalcs, recalcs are not full evaluations like uploads (32fd70f)

v2.40.3

v2.40.3 (2024-08-16)

Fix

• fix(evaluator): missing await (a7cb275)

v2.40.2

v2.40.2 (2024-08-16)

Fix

• fix(evaluator): JSONB column doesn't need to be parsed here (3f40003)

v2.40.1

v2.40.1 (2024-08-15)

Chore

• chore: split some evaluator graphs to upload and recalc (f421656)

• chore: drop cves_without_errata_evaluator FF (e33dd18)

• chore: fix RDS metrics and system count graph (7823de4)

• chore: measure loading system profile duration (ee8630c)

• chore: update dependencies

mainly gunicorn and aiohttp (4e1aa2e)

• chore: add new evaluator skipped metrics (a06b318)

Performance

• perf(evaluator): re-evaluations should handle only CVEs with errata (as they are triggered by errata release)

this makes re-evaluations partial and unfixed CVEs changes will be handled by evaluator_upload only (a6f5cbd)

v2.40.0

v2.40.0 (2024-08-13)

Feature

• feat(evaluator): skip re-evaluation for systems without packages changed in repos

RHINENG-10107 (2650903)

Refactor

• refactor: move evaluator message types to single place

RHINENG-10107 (2e27c78)

v2.39.0

v2.39.0 (2024-08-06)

Feature

• feat(vmaas-sync): cleanup old recalc events

RHINENG-10107 (bb2bc00)

• feat(vmaas-sync): save updated packages to the DB to be re-used in evaluator later

RHINENG-10107 (5d895e0)

• feat(database): table for storing recalc events

RHINENG-10107 (13b871b)

Fix

• fix(vmaas-sync): need to increase timeout due to large responses with changed pkgs

RHINENG-10107 (a016204)

Refactor

• refactor(vmaas-sync): remove feature flag to disable repo-based recalc (199283c)