Tags

Tags give the ability to mark specific points in history as being important

  • v3.0.0

    7bf4454f · add recommendation and published data to vulns ·
    Release: Release Binaries v3.0.0 
    - Added `published date` entry to vulnerability data
- Added `recommendation` entry to vulnerability data

  • v2.0.1

    e49a3f5b · fix gitlab ci issue with some tests ·
    Release: Release Binaries v2.0.1 
    This release is exactly the same as the, now yanked, v2.0.0 with a major bugfix  that prevented compilation with certain compile-time features

- **BREAKING**: Removed deprecated fields from `PdfGenerator` struct that were deprecated in v0.9.0:
  - Removed `_report_title`, `_pdf_meta_name`, `_show_novulns_msg`, `_pure_bom_novulns`, `_show_components`
  - All configuration now exclusively through `Config` struct
- **BREAKING**: Removed lifetime parameter from `PdfGenerator` (changed from `PdfGenerator<'a>` to `PdfGenerator`)
- **BREAKING**: Removed internal concurrency module (`src/lib_utils/concurrency/`)
  - Concurrency now requires explicit `concurrency` feature flag (enabled by default)
  - Users relying on `--no-default-features` will now get sequential processing
- **BREAKING**: Changed default features from `["cli"]` to `["cli", "concurrency"]`
- **BREAKING**: Removed deprecated environment variables (both were deprecated in v0.9.0):
  - Removed `VEX2PDF_SHOW_OSS_LICENSES` environment variable (use `--license` CLI flag instead)
  - Removed `VEX2PDF_VERSION_INFO` environment variable (use `--version` CLI flag instead)
- Removed internal threadpool, worker, and concurrency common modules
- Removed all deprecated `PdfGenerator` struct fields (deprecated since v0.9.0)
- Removed lifetime parameter from `PdfGenerator` struct
- Removed deprecated environment variable enum variants: `ShowOssLicenses` and `VersionInfo`

- Added `concurrency` feature flag to make concurrent processing optional
- Added `jlizard-simple-threadpool` crate as external dependency for thread pool management
- Added sequential processing fallback when `concurrency` feature is disabled
- Added feature gating to `max_jobs` CLI argument (requires `concurrency` feature)
- Added `cargo-deny` configuration file for auditing purposes

- Replaced internal threadpool implementation with external `jlizard-simple-threadpool` crate
- Updated `log` dependency from 0.4.28 to 0.4.29
- Moved `opt-level = 3` from `release-optimized` profile to base `release` profile for better default performance
- Updated README.md with clearer installation instructions for different feature combinations
- Simplified library architecture by removing internal concurrency code
- Expanded CI test coverage to test all feature flag combinations (no-default, cli-only, concurrency-only, all features)
- Changed CI to run tests on all branch pushes including master (previously skipped master)

  • v2.0.0

    30603c91 · refactor concurrency code and gate it under its own feature ·
    Release: Release Binaries v2.0.0 
    - **BREAKING**: Removed deprecated fields from `PdfGenerator` struct that were deprecated in v0.9.0:
  - Removed `_report_title`, `_pdf_meta_name`, `_show_novulns_msg`, `_pure_bom_novulns`, `_show_components`
  - All configuration now exclusively through `Config` struct
- **BREAKING**: Removed lifetime parameter from `PdfGenerator` (changed from `PdfGenerator<'a>` to `PdfGenerator`)
- **BREAKING**: Removed internal concurrency module (`src/lib_utils/concurrency/`)
  - Concurrency now requires explicit `concurrency` feature flag (enabled by default)
  - Users relying on `--no-default-features` will now get sequential processing
- **BREAKING**: Changed default features from `["cli"]` to `["cli", "concurrency"]`
- **BREAKING**: Removed deprecated environment variables (both were deprecated in v0.9.0):
  - Removed `VEX2PDF_SHOW_OSS_LICENSES` environment variable (use `--license` CLI flag instead)
  - Removed `VEX2PDF_VERSION_INFO` environment variable (use `--version` CLI flag instead)

- Added `concurrency` feature flag to make concurrent processing optional
- Added `jlizard-simple-threadpool` crate as external dependency for thread pool management
- Added sequential processing fallback when `concurrency` feature is disabled
- Added feature gating to `max_jobs` CLI argument (requires `concurrency` feature)
- Added `cargo-deny` configuration file for auditing purposes

- Replaced internal threadpool implementation with external `jlizard-simple-threadpool` crate
- Updated `log` dependency from 0.4.28 to 0.4.29
- Moved `opt-level = 3` from `release-optimized` profile to base `release` profile for better default performance
- Updated README.md with clearer installation instructions for different feature combinations
- Simplified library architecture by removing internal concurrency code
- Expanded CI test coverage to test all feature flag combinations (no-default, cli-only, concurrency-only, all features)
- Changed CI to run tests on all branch pushes including master (previously skipped master)

- Removed internal threadpool, worker, and concurrency common modules
- Removed all deprecated `PdfGenerator` struct fields (deprecated since v0.9.0)
- Removed lifetime parameter from `PdfGenerator` struct
- Removed deprecated environment variable enum variants: `ShowOssLicenses` and `VersionInfo`

  • v1.0.2

    9b46fb0d · update dependencies and fix failing tests ·
    Release: Release Binaries v1.0.2 
    - added MSRV afuter testing with `cargo-msrv`. This is **NOT** a breaking change as installs with incompatible compilers would fail with or without this setting

- Updated dependencies
- Improved CHANGELOG.md readability by adding horizontal rules between version sections

- Fixed test failing due to title override fix

  • v1.0.1

    b420c404 · fix issue with cli args for title overrides not working ·
    Release: Release Binaries v1.0.1 
    - Added warning to README.md and DEVELOPER_NOTES.md about PDF checksum differences between debug and release builds
- Added integration tests for new CLI argument parsing and title override functionality

- Fixed CLI arguments not being parsed correctly in `config.rs` (`Config::build_from_env_cli()` method)
- Fixed logic bug in `tests/common.rs::copy_directory_files()` where ignore patterns were not properly skipping files (inner loop `continue` did not break outer loop)

- Updated README.md installation section with separate instructions for CLI tool vs library usage
- Added library installation documentation with `cargo add --no-default-features` for pure library use without CLI dependencies

  • v1.0.0

    c5e7054f · make cli and clap feature-only activated and freeze api ·
    Release: Release Binaries v1.0.0 
    api freeze major release

  • v0.9.1

    ff9ff53f · fixed minor documentation and linting issues ·
    Release: Release Binaries v0.9.1 
    - Added builder pattern methods to `Config` struct for flexible configuration:
  - `working_path()` - Set input directory
  - `output_dir()` - Set output directory
  - `show_novulns_msg()` - Control "no vulnerabilities" message display
  - `file_types_to_process()` - Control JSON/XML processing
  - `pure_bom_novulns()` - Treat as pure BOM
  - `show_components()` - Show/hide components list
  - `report_title()` - Set custom report title
  - `pdf_meta_name()` - Set custom PDF metadata
  - `max_jobs()` - Set concurrent job limit
- Added `Config::build_from_env_cli()` method for CLI applications to parse arguments and environment variables
- Added comprehensive documentation for builder pattern usage with examples
- Added unit tests for `Config` builder pattern methods
- Added PDF examples section to [README](README.md)
- Added `--license` / `-L` CLI argument to display OSS licenses and exit, replacing `VEX2PDF_SHOW_OSS_LICENSES` environment variable
- Added `long_version` text to clap showing copyright notice on `--version`
- Added `Default` derive to `CliArgs` struct for simplified test setup
- Added `VoluntaryLicenseDisplayInterruption` error variant to signal voluntary execution interruption (e.g., for license display)
- Added `show_full_licenses()` as public function in lib.rs for CLI use
- Added `get_version_info()` const function in `run_utils` to provide shared version/copyright text for both CLI and startup logs
- Added integration tests for `--license` flag output and error handling
- Added integration tests for `--version` output and version info display on startup

- Removed `show_oss_licenses` field from `Config` struct (deprecated in 0.8.2, now replaced with `--license` CLI flag)
- Removed `show_oss_licenses()` builder method from `Config` (deprecated in 0.8.2, now replaced with `--license` CLI flag)
- Removed `print_copyright()` function from `run_utils` (replaced with clap's `long_version` text)
- Removed `VEX2PDF_SHOW_OSS_LICENSES` environment variable support (deprecated in 0.8.2, now replaced with `--license` CLI flag)
- Removed `VEX2PDF_VERSION_INFO` environment variable support (deprecated in 0.8.2, use `--version` flag instead)
- Removed automatic version/copyright printing on startup

- Updated `Config` module documentation to feature builder pattern as primary API for library users
- Updated `lib.rs` Quick Start example to demonstrate builder pattern
- Updated documentation to clarify separation between CLI and library usage patterns
- Changed `Config::build()` to delegate to new `build_from_env_cli()` implementation
- Simplified test code in `cli_args.rs` using `CliArgs::default()` with struct update syntax

- Deprecated `Config::build()` in favor of builder pattern and `Config::build_from_env_cli()` to avoid forcing CLI behavior on library users (will be removed in a future release)

- Fixed integration tests note in [README](README.md)
- Fixed minor documentation and linting issues

  • v0.9.0

    7de82cbf · adjust crate ignore patterns to optimize for size ·
    Release: Release Binaries v0.9.0 
    Added
------

- Added cli arguments without changing the default behaviour of the application which is to automatically scan the current directory upon execution and work in one depth
- Added cli arguments to env variable handling making cli arguments override environment variables
- Added support for single-file processing instead of automatic batch processing. The default is still to scan automatically and batch process all files in the working directory
- Added aggressive optimization profile for CI builds in Cargo.toml
- Added re-export paths for some crate paths to simplify things for consumers
- Added `VEX2PDF_OUTPUT_DIR` environment variable to override destination directory
- Added Processor and Renderer trait system for improved extensibility
- Added `--max-jobs` CLI argument to control concurrent processing (1 for single-threaded, 2-255 for specific job count, 0 or unset for max parallelism)
- Added `VEX2PDF_MAX_JOBS` environment variable to configure concurrency (CLI argument takes precedence)
- Added custom threadpool implementation for fine-grained control over worker lifecycle, logging, and error handling
- Added single-threaded mode (`--max-jobs 1`) for debugging and sequential processing with graceful fallback
- Added graceful threadpool shutdown that waits for all jobs to complete
- Added handling for working with single files
- Added handling for a distinct working directory definition
- Added handling for passing an input path or file whichever is needed. This is optional and the tool reverts to default behaviour if this option is not used
- Added integration tests for PDF generation covering JSON/XML inputs, VEX/VDR formats, analysis states, and edge cases
- Added threading integration tests (`tests/threading_integration_tests.rs`) to verify concurrency modes from user perspective via CLI
- Added unit tests for threadpool module (creation modes, single/multi-threaded execution, graceful shutdown)
- Added unit tests for worker module (creation, job execution, shutdown on channel close)
- Added unit tests for processor module (creation, state management, Send trait verification)
- Added test helper utilities in `tests/common.rs` to reduce code duplication across test files
- Added conditional PDF content comparison in tests using `#[cfg(debug_assertions)]` to handle binary differences between debug and release builds
- Added `#![forbid(unsafe_code)]` to library code to enforce memory safety
- Added a vulnerability analysis section to PDF reports displaying CycloneDX analysis data with color-coded states and responses
- Added color-coded analysis state indicators (Exploitable=red, Resolved=green, In Triage=orange, False Positive=blue, Not Affected=green, Resolved With Pedigree=dark green)
- Added color-coded response action indicators (Update/Rollback=blue, Workaround Available=orange, Can Not Fix/Will Not Fix=red)
- Added utility functions for analysis formatting (`get_style_analysis_state`, `get_style_analysis_response`, `get_styled_vector_as_paragraph`, `get_formatted_key_val_text`, `prettify_string_analysis`)
- Added unit tests for analysis utility functions in generator module
- Added structured logging system using `log` and `env_logger` crates with intelligent output routing (info/debug → stdout, warn/error → stderr)
- Added compile-time debug log stripping in release builds for improved performance and binary size
- Added default info-level logging without requiring RUST_LOG environment variable configuration

Fixed
------

- Fixed GitLab CI not able to test due to missing rustup dependencies
- Fixed GitLab CI test failures when running as root by skipping readonly directory permission test in gitlab-ci environments
- Fixed the rendering issue for the newline character

Changed
--------

- Changed Env_vars as_str() method to be const to allow some compile time operations
- Changed signature of `vex2pdf::pdf::generator::PdfGenerator::new(Option<'a str>, Option<'a str>, bool, bool, bool)` to `PdfGenerator::new(Arc<crate::lib_utils::config::Config>)`
- Changed signature of `vex2pdf::run(config: &Config)` to `crate::run(config::Config)`, i.e. run now owns the configuration struct
- Changed signature of `vex2pdf::utils::get_output_pdf_path` to return a `Result<T,E>`
- Migrated from `println!`/`eprintln!` statements to structured logging with log levels (error, warn, info, debug)
- Changed log output routing: informational logs now go to stdout, errors and warnings to stderr for better Unix compatibility
- Updated README.md with `--max-jobs` CLI argument documentation, usage examples, and `VEX2PDF_MAX_JOBS` environment variable details
- Updated DEVELOPER_NOTES.md with threading implementation details, test structure documentation, and debug vs release testing behavior

Deprecated
-----------

- `VEX2PDF_VERSION_INFO` is now replaced with a cli argument and has entered a deprecation phase (will be removed by the next minor release)
- `VEX2PDF_SHOW_OSS_LICENSES` is now replaced with a cli argument and has entered a deprecation phase (will be removed by the next minor release)

  • v0.8.2

    89f9780b · add version rendering in metadata section ·
    Release: Release Binaries v0.8.2 
    - Added
  - Added GitLab CI yml file for automatic binary releases
  - Added VEX2PDF CycloneDX Bill of Materials
- Changed
  - Added version string rendering for Metadata Tools
  - Added version string rendering for Metadata Component
  - Added various updates and fixes to the README.md

  • v0.8.1

    88b1339e · fix gitlab job ·
    Release: Release Binaries v0.8.1 
    - Release v0.8.1
  - Restore VEX2PDF_SHOW_COMPONENTS environment variable and set it by
    default to true to show a full flat list of components after the vulnerabilities and
affected components section in cases where this is needed
  - Add information about VDR alongside VEX in the Readme.md

  • v0.8.0

    01cfbdaa · fix formatting and linter issues ·
    Release: Release v0.8.0 
    - Add affected component handling
- Improve formatting
- Add Pure-VEX and Pure-BoM modes

  • v0.7.1

    f862f005 · add source details information for severity ratings ·
    Release: Release Binaries v0.7.1 
    - Added Source Detail information for the severity rating output

- Removed License.md file and integrated it in the README.md due to dual licensing
  (LICENSE-MIT and LICENSE-APACHE files now take that role)

- Updated Readme.md with dual-licensing details

- Fix formatting of Apache 2.0 license text
- Fix minor typo and missing date in Changelog.md
- Fixed `VEX2PDF_SHOW_OSS_LICENSES` env variable handlers to show updated license information

  • v0.7.0

    5b4ab4d2 · upgrade license to MIT OR Apache 2.0 ·
    Release: Release Binaries v0.7.0 
    - Added `VEX2PDF_REPORT_TITLE` environment variable to override the default report title
- Added `VEX2PDF_PDF_META_NAME` environment variable to override the PDF metadata title
- Added ability to customize report titles via environment variables

- Removed old fonts handling completely which has been replaced with embedded fonts
- Removed deprecated functions from documentation

- Upgraded license from MIT to `MIT OR Apache 2.0` at the user's discretion

  • v0.6.2

    4c6352a0 · fix minor documentation issue ·
    Release: Release Binaries v0.6.2 
    - fixed minor documentation issue

  • v0.6.1

    e26ee1af · embed liberation-fonts in binary and simplify font handling · 
    - Updated [Readme](README.md)

- Made liberation-fonts embedded in the binary
- Added the VEX2PDF_SHOW_OSS_LICENSES environment variable for showing relevant OSS Licenses
- Added the VEX2PDF_VERSION_INFO environment variable in order to make version info optional

- the VEX2PDF_FONTS_PATH environment variable is now deprecated. Starting from 0.7.0 we will only rely on embedded fonts to make
the software more portable and simplify the code

  • v0.6.0

    cb394cf5 · add handling for XML file and refactor code ·
    Release: Release Binaries v0.6.0 
    - Major internal code reorganization for better maintainability
- Added XML parsing capability
- Added centralized configuration in preperation for extending environment variables to provide further options
- No changes to the public API

  • v0.5.0

    e82d9f68 · centralize env vars and add "No Vulnerabilities" message control ·
    Release: Release Binaries v0.5.0 
    - Added VEX2PDF_NOVULNS_MSG environment variable to control visibility of 'No Vulnerabilities reported' message
- Standardized and centralized environment variable naming and handling

  • v0.4.3

    6c522e2c · remove rust-version spec ·
    Release: Release Binaries v0.4.3 
    Patch release for minor Cargo.toml modification

- Removed rust-version specification in Cargo.toml to avoid any unintended breakages

  • v0.4.2

    7e975930 · add font env variable handling ·
    Release: Release Binaries v0.4.2 
    This release improves font configuration with environment variable support and clearer documentation.

- Added Environment variable override for font patby setting via VEX2PDF_FONTS_PATH
- Added detailed environment variable instructions to README
- Updated error messages with clearer font path information
- Improved documentation in lib.rs for font configuration
- Made font path instructions consistent across all documentation"

  • v0.4.1

    e1c1d58c · improve formatting with fmt ·
    Release: Release Binaries v0.4.1 
    add verbose error output for font failures