What's Changed

• Changed DataVersion for CVE records from 5.2.0 to 5.2 by @jdaigneau5 in #1550
• Resolves issues #1554, #1555, #1556, #1557 Various purl validation fixes by @jdaigneau5 in #1560
• Implemented CVE Record Schema version 5.2.0 5.2.0 Schema Release Candidate
• Added syntactic PURL validation to CVE-Services
• Added PURL validation unit tests

Full Changelog: v2.5.4...v2.6.0

What's Changed

• Aug 21 - Release by @david-rocca in #1477
• Closes #1495 - Fixes onlyOrgwithPartner role, and an issue in the migrate / populate… by @david-rocca in #1508
• Resolves #1496 - user validation middleware fixes by @david-rocca in #1509
• ORG_CREATE_SINGLE tests and ADP Schema Validation by @david-rocca in #1510
• Removing .only. by @david-rocca in #1511
• Resolves issue #1503, Fix the userCreateTest.js unittest by @emathew5 in #1514
• Resolves #1504, Fix userGetAllTest.js unittest by @emathew5 in #1515
• Fixing tests and update user bug fixes by @david-rocca in #1513
• Resolves issue 1501, fix orgGetSingleTest.js by @emathew5 in #1516
• Fixed idQuota tests by @david-rocca in #1517
• Resolves issue #1499 - fix GET /org unit tests by @cberger8 in #1518
• Resolves #1506 - Fixed tests for resetting secret by @david-rocca in #1519
• Closes #1502 and #1505 by @david-rocca in #1521
• Resolves #1481, #1484 - Added swagger docs for registry org GET endpoints by @cberger8 in #1523
• Resolves issues #1489, #1488, #1485, OpenAPI comments for /registry/org/user endpoints by @emathew5 in #1524
• Closes #1483 - id_quota documentation by @david-rocca in #1522
• Closes - #1482 #1487 #1486 by @david-rocca in #1525

Full Changelog: ur-v0.2.0-beta.1...ur-v0.2.0-beta.3

Release Notes:

• This is an incremental release of proposals 1 through 3 discussed at the the AWG.
• This is NOT the intended to PR to go to production. There are known issues and work still to be done.
• We originally intended to deploy this to test on Thursday, August 21st. However, due to some pipeline issues and failing tests we decided to take Thursday to ensure we were stable enough. Deploying on Fridays is bad karma, so as of right now we will plan to deploy this PR to the staging (test) branch on Monday, August 25th.

What is this release

1. Migration from using query parameter api/org/x/y?registry=true to url path parameter format api/registry/org/x/y/z to signal the opt in usage of the new registry options
2. Iteration of the User and Org Model for user Registry
   • Removed bi-directional relationships, Orgs now own all relationships.
   • Simplified some field values (removing items that were nested for no reason) and field names.
3. Implementation of JSON Schema Validation for Users and Organizations
   • Includes new Schema files!
   • Implements Mongoose Automatic Validation on writes.
4. Repository updates, to handle the "Discriminator" Mongoose paradigm
5. Repositories, now handle "backwards compatibility" instead of the controllers themselves.
   • Reduced Controller complexity. Controllers Now only call the repository to check for known errors to return to the user OR to perform the actual CRUD Action. The controllers are agnostic of if you are dealing in "Legacy or Registry" formats.
   • Allowed more streamline usage with the Mongoose ORM instead of raw Mongo Based Queries
   • Allows for multiple routes to call the same endpoint, with flags set to control repository functions

Known Issues

• Only Secretariat and CNA org types are implemented. Bulkdownload and ADP are not completed.
• The active flag on users is not disabling access correctly when set to false
• In an effort to work incrementally, the "BaseOrg" and "BaseUser" models have been made to replace "registry-org" and "registry-user" models. However, these will eventually be named to keep the "registry" name.
• Black box tests still need to be migrated
• Unit tests still need to be migrated.

PRs Closed

• User registry initial Implementation. by @david-rocca in #1392
• Resolves issue 1412 Create Registry Tests - createUserTest.js by @afoote-mitre in #1420
• Resolves issue 1413 Create Registry Tests - updateUserTest.js by @afoote-mitre in #1422
• Resolves issue #1414, Creating node registry tests replacing the ones in org_as_org_admin.py by @david-rocca in #1421
• Add integration test for regularUser trying to make Org and User requests with registry=true by @emathew5 in #1424
• Resolves issue #1410 - registry tests for postOrgTest, and issue #1426 - improper handling of contact_info for registry org by @cberger8 in #1429
• Resolves issue #1411 - integration tests for creating org users with registry enabled by @cberger8 in #1430
• Resolves issue 1417, Testing User Get Request for /api/org with the registry=true flag by @emathew5 in #1431
• Closes: 1415 / Bug 1425 / Bug 1427 - Org.py New tests for Registry by @david-rocca in #1428
• Resolves issue 1401, Validates the request body for registryOrg POST request by @emathew5 in #1432
• Resolves issue #1402 - updated swagger docs for registry endpoints by @cberger8 in #1439
• Fixed line endings for swagger doc by @cberger8 in #1440
• Resolves Issue #1399 - Update getOrg in registry-org controller to allow for uuid or shortname by @david-rocca in #1438
• Resolves issue #1408 and #1407 - Fixes Session Closures by @david-rocca in #1437
• Resolves issue #1409, Make Argon2 calls consistant by @david-rocca in #1436
• Resolves issue #1406 - fixed error handling when UUID provided for registry org/user creation by @cberger8 in #1443
• Resolves issue 1400, Add createUserByOrg registryOrg/ endpoint by @emathew5 in #1441
• Resolves issue #1447, Create Registry User Schema by @emathew5 in #1475

New Contributors

• @afoote-mitre made their first contribution in #1420

Full Changelog: ur-v0.1.1...ur-v0.2.0-beta.1

What's Changed

• Resolves issue #1378, creates new /cve_count endpoint by @emathew5 in #1379
• Resolving incorrect return flow & mongoose n usage removal by @david-rocca in #1384

Full Changelog: v2.5.3...v2.5.4

What's Changed

• No tls mongo update by @david-rocca in #1365
• Dealing with multiple connection types. by @david-rocca in #1367
• Trying to get more info out of this by @david-rocca in #1369
• Update to 2.5.3 by @david-rocca in #1371
• Bump prismjs from 1.29.0 to 1.30.0 by @dependabot in #1366
• Workflow updates by @david-rocca in #1372
• 2.5.3 by @david-rocca in #1373
• fixing docdb connection string by @david-rocca in #1375

Full Changelog: v2.5.2...v2.5.3

What's Changed

• Added missing dateRejected field to be converted to UTC by @david-rocca in #1332
• Bulkdownload redaction by @david-rocca in #1333

Full Changelog: v2.5.1...v2.5.2

What's Changed

• Fixing Version Number by @david-rocca in #1295
• updating version to 2.5.0 by @david-rocca in #1306
• ERLCheck - Vulnrichment validator by @david-rocca in #1307
• Standardize all timestamps values to UTC by @david-rocca in #1308
• Removed Unconditionally editing of cve-id collection in cve endpoints by @david-rocca in #1309
• Resolves #577 - Automatic reservation of new year within 90 days by @david-rocca in #1310
• Resolves #1236: Updated examples to have cvssv4_0 by @david-rocca in #1313
• Resolves #1121 - Rate limiting return codes by @david-rocca in #1312
• Updating version number to 2.5.1 by @david-rocca in #1316
• Resolves #1321 - Fixed issue allowing auto reservations for years in the past by @david-rocca in #1323

Full Changelog: v2.5.0...v2.5.1

What's Changed

• Update workflow to no longer use unsupported action/upload-artifact by @david-rocca in #1280
• Bump braces from 3.0.2 to 3.0.3 by @dependabot in #1239
• Bump vue-template-compiler and depcheck by @dependabot in #1259
• Bump serve-static and express by @dependabot in #1275
• Bump webpack from 5.76.1 to 5.95.0 by @dependabot in #1281
• Migrate to the 5.1.1 schemas by @david-rocca in #1287

Full Changelog: v2.3.3...v2.5.0

What's Changed

• Updated github actions to use docker compose instead of docker-compose by @jdaigneau5 in #1265
• Resolved issue #1258, adds feature to PUT /org/{shortname} to update new last_active field. by @jack-flores in #1262
• Update openapi.json to reflect changes from CVEProject/cve-schema@b83c668 by @M-nj in #1263

Full Changelog: v2.3.3...v2.4.0

What's Changed

• Resolves #1125 trim leading and trailing whitespace from JSON values by @jdaigneau5 in #1222
• Resolves #1131 and #1210 Updated documentation to explain server populated, optional fields, removed unused files by @jdaigneau5 in #1223
• Resolves #808 Updated docs to warn of possible race condition by @jdaigneau5 in #1224
• Resolves #1163 Added datePublic validator with 24 hour grace period by @jdaigneau5 in #1240
• Resolves #1133 updated post/put cna container docs by @jdaigneau5 in #1245
• Resolves #1251 fixed incorrect paths passed to validateDatePublic middleware #1252
• Bump express from 4.18.2 to 4.19.2 by @dependabot in #1217
• Bump tar from 6.1.14 to 6.2.1 by @dependabot in #1220
• Updated issue triage action by @jdaigneau5 in #1242

Full Changelog: v2.3.2...v2.3.3