CERTCC/VINCE
VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform.
17 Releases
Latest: 1mo ago
Version 3.0.36v3.0.36Latest
SEI-gstromΒ·1mo agoΒ·May 12, 2026π Changes
- dependabot update recommendation: `sqlparse` 0.5.0 to 0.5.4, `PyJWT` 2.6.0 to 2.12.0, `markdown` 3.5 to 3.8.1, `pyasn1` 0.4.8 to 0.6.3, `awscli` 1.26.85 to 1.44.38, `Django` 4.2.28 to 4.2.30, `cryptography` 46.0.6 to 46.0.7
- updated `python-jose` 3.4.0 to 3.5.0, `botocore` 1.31.85 to 1.42.48, `docutils` 0.16 to 0.18.1, `s3transfer` 0.7.0 to 0.16.0, `boto3` 1.28.85 to 1.42.48, `typing-extensions` 4.4.0 to 4.9.0, `M2Crypto` 0.38.0 to 0.47.0 (Internal-841)
- added `setuptools` >=65.0.0,<81 (Internal-841)
- tweaked code in various files to prepare for upgrade to Python 3.12 (Internal-841)
Version 2.1.6v2.1.6
sei-vsarvepalliΒ·2y agoΒ·October 25, 2023ixed bug that interfered in certain circumstances with the operation of the vendor filter button on the VINCEComm case page Dependabot update recommendations: urllib3 1.26.12 to 1.26.18 Fixed bug that obstrcuted case assignment process for VINCETrack users with identical preferred usernames Adjusted code for asynchronous loading on ticket page to ensure it works on all ticket pages, including case request tickets Set up periodic autorefresh feature for VINCE Track ticket page Reformulated misleading UI labels for case transfer request process Resolved Issue by simpifying/correcting search code & disambiguating labels in report views Added AI/ML systems checkbox to public & VINCE Comm vul report form, routing of AI/ML-related tickets
Version 2.1.5v2.1.5
sei-vsarvepalliΒ·2y agoΒ·September 21, 2023π What's Changed
- Assert expected behavior when handling a bounce when all bounced reci⦠by @qwestduck in https://github.com/CERTCC/VINCE/pull/116
- Bump django from 3.2.19 to 3.2.20 by @dependabot in https://github.com/CERTCC/VINCE/pull/117
- Bump cryptography from 41.0.0 to 41.0.2 by @dependabot in https://github.com/CERTCC/VINCE/pull/118
- Upgrade to version 2.1.3 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/121
- Updates to 2.1.4 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/123
- VINCE upgrade to 2.1.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/124
β¨ New Contributors
- @qwestduck made their first contribution in https://github.com/CERTCC/VINCE/pull/116
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.1.2...v2.1.5
VINCE v2.1.2v2.1.2
sei-vsarvepalliΒ·3y agoΒ·June 12, 2023π Changes
- VinceTrack CaseView,VinceCommUserView updated for Asynchronous calls for tab-based browsing.
- Fixed GH Issue #111 PDF Links not working
- Updated Vendor approval workflow with time lapse of 2 weeks of no-response from Vendor Admin
- Fix bounce issues of creating tickets for dead/disabled users.
- Dependabot security recommendations PyPi `cryptography` 39.0.1 to 41.0.0, `requests` 2.281 to 2.31.0, `django-ses` from 3.2.2 to 3.5.0
- Fixed vincepubviews multiple choice field Years to be dynamic
VINCE v2.1.1v2.1.1
sei-vsarvepalliΒ·3y agoΒ·May 17, 2023π Changes
- Security updates fixing a number of dependencies - sqlparse, redis (GHSA-rrm6-wvj7-cwh2,CVE-2023-28859,CVE-2023-28858)
- Updates (UAR) workflow for User joining Vendor Group GH Issue #94
- INL Code updates to perform Product/Version for CVE records GH PR #104
- INL Code updates for PDF download of VulNote GH PR #104
- Async requests for VinceTrack Contacts to reduce page wait times
- Check for Bounces before sending emails from vince/mailer.py
- Add TERMS_URL to ensure Terms & Conditions are flexible
- Fix CVSS Translator GH Issue #105
- + 1 more
VINCE v2.0.7v2.0.7
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Security updates Django to 3.2.18 CVE-2023-24580
- Remove python-futures (no longer used) GH Issues #91 #90 (Dependabot)
- Support User Approve Request (UAR) new workflow for User joining Vendor Group GH Issue #94
- Allow Tracking ID's to be added to Cases when user belongs to multiple groups (CaseTracking) reported by VINCE user.
- Move from initial to instance on Form Class inits() to modify existing data in Models/Forms pair
- Move more browser UI information to async data requests, less templates.
- Remove `marquee`, `command` and `style` tags from supported markdown_helpers lib.vince.markdown_helpers - reported by VINCE user.
π What's Changed
- Version 2.0.6a by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/89
- Bump django from 3.2.17 to 3.2.18 by @dependabot in https://github.com/CERTCC/VINCE/pull/92
- License, Copyright fixes and dependabot security updates by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/93
- Version 2.0.7 updates and enhancements. by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/95
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.6...v2.0.7
VINCE v2.0.6v2.0.6
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Removed Edit Vulnerability button superfluous GHIssue #77
- Updates to CVE publish buttons and automatic close of CVE modal on error
- Modify `CVEAffectedProduct.version_affected` vince `models.py` for CVE5JSON
- Bug fix `newcomment` not `new_comment` in `vince/views.py`
- Add "Notify anyway" button routine for already notified vendor.
π What's Changed
- Updates to 2.0.6 related updates by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/81
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.5...v2.0.6
VINCE v2.0.5v2.0.5
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Update to CVE2.1 Services Publish using CVE5 JSON
- More Async functions for vendor status views
- Added more common libraries to lib/vince/utils
- Added a mute_lib.py to support mute a Case for a user in automated way
- Fixed a number of small bugs in max length in FORM submissions and S3 sensitive filenames
- Added Filter to CaseView in VinceComm
- Addition of more Async functions for non-interactive queries
- Fixing of slow performance on allvendors view to use Django Aggregate and Filter/Q functions
- + 1 more
π What's Changed
- Version 2.0.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/80
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v2.0.3...v2.0.5
VINCE v2.0.3v2.0.3
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Major upgrade to Django 3.2 LTS target end by 2024. Fixes related to Django upgrade in all libraries.
- Added new QuerySet Paging library for performance extend chain with chains for QuerySet
- Asynchronous calls for most vinny/views via JSON through asyncLoad class
- Provide API Views 404 with JSON generic error
- Allow Session or API Token authentication to support API access from browser
- Provide better HTML text on access/permission violations by User.
- Fixes to CVE management API with CVE services 2.1 and CVEJSON5 support
- CSAF enchancements including TLP setup. Pending Customer engagement details publishing.
- + 1 more
π What's Changed
- Version 2.0.3 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/76
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.6...v2.0.3
VINCE v1.50.6v1.50.6
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Allow Vendor Association when Ticket is associated with a Case
- Adding Download HTML per INL request GH Issue #60
- Avoid Alert severity colors to buttons that don't do deletes/sensitive actions - UI feedback.
- Show MFA type for users in VinceTrack to support troubleshooting Users
- Catch errors on failure to email when a Post is submitted.
π What's Changed
- Updates to version 1.50.6 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/68
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.5...v1.50.6
VINCE v1.50.5v1.50.5
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Updates to `settings_.py` to match public GitHub
- UI tweaks for Loading div, asynchronous search via delaySearch
- Add Access-Control-Origin header to CSAF output for Secvisogram
- Fix Python Pickle Code Injection vulnerability reported by Rapid7 researcher Marcus Chang CVE-2022-40238
- Address reported failure with better error reporting from Encrypt-and-Send
- Avoid TimeZone spurious warning errors flooding logs
π What's Changed
- Version 1.50.5 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/62
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.4...v1.50.5
VINCE v1.50.4v1.50.4
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- UI improvements for vincetrack for search experience
- Performance tweaks for Tickets search use `$queryset.count()` instead of `len($queryset)` when pagination is used
- Fix HTML injection vulnerabilities reported by Rapid7 researcher Nick Sanzotta (CVE-2022-40248, CVE-2022-40257)
π What's Changed
- Fixes and Updates to 1.50.4 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/56
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.3...v1.50.4
VINCE v1.50.3v1.50.3
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Full support for CSAF 2.0 export of vulnerability Case
- Fix for a number of Views to avoid digit parameter confusion
- Add view CSAF and VINCE JSON to support download of Case data in machine-readable format
- If upgrading, make sure you verify `settings.py` has new variables `CONTACT_PHONE ORG_POLICY_URL` and `ORG_AUTHORITY` populated.
π What's Changed
- Updates to support full CSAF capability by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/53
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.2...v1.50.3
VINCE v1.50.2v1.50.2
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- Resolves issue of enumerating user_id and group_id - reported by Sharon Brizinov of Claroty Research https://github.com/CERTCC/VINCE/issues/51
- Removed lxml library no longer in use in requirements.txt - reported by dependabot via https://github.com/CERTCC/VINCE/pull/38
- Add [DISABLED] Keyword for users in inactive status in vincetrack Teams menu view.
π What's Changed
- mention the vuln that was fixed #transparency by @attritionorg in https://github.com/CERTCC/VINCE/pull/50
- Resolves issue of privacy of URLs v1.50.2 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/52
β¨ New Contributors
- @attritionorg made their first contribution in https://github.com/CERTCC/VINCE/pull/50
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.1...v1.50.2
VINCE v1.50.1v1.50.1
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- BugFix for API key generation issue. The generate_key method was disabled accidentally
π What's Changed
- BugFix for API key generation issue. The generate_key method was disa⦠by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/44
- Errors in last PR #44 by @sei-vsarvepalli in https://github.com/CERTCC/VINCE/pull/49
- Full Changelog: https://github.com/CERTCC/VINCE/compare/v1.50.0...v1.50.1
VINCE v1.50.0v1.50.0
ahouseholderΒ·3y agoΒ·March 30, 2023π Changes
- New MFA reset workflow
- Allow comments when re-assigning tickets
- Sorting improvements on VINCEComm Dashboard
- Add Vul Note download button in VINCETrack
- Fixed open redirect vulnerability CVE-2022-25799 reported by Jonathan Leitschuh
- Bug Fixes
- Contact Management Updates
- Dependency Upgrades
- + 1 more
VINCE v1.48.0v1.48.0
ahouseholderΒ·3y agoΒ·March 30, 2023Initial open source release of VINCE **Full Changelog**: https://github.com/CERTCC/VINCE/commits/v1.48.0