diff --git a/modules/about-clair.adoc b/modules/about-clair.adoc index 2f3e1504d..49cb4465f 100644 --- a/modules/about-clair.adoc +++ b/modules/about-clair.adoc @@ -15,6 +15,24 @@ New versions of Clair are regularly released. The source code needed to build Cl Release artifacts also include the `clairctl` command line interface tool, which obtains updater data from the internet by using an open host. +[discrete] +[id="clair-releases-471"] +=== Clair 4.7.1 + +Clair 4.7.1 was released as part of {productname} 3.9.1. The following changes have been made: + +* This release enables the ingestion of unpatched vulnerabilities from {rhel} sources, which results in a large change for all RHEL vulnerability reports. If you want to view unpatched vulnerabilities, update your Clair `config.yaml` file and set `ignore_unpatched` to `false`. For example: ++ +[source,terminal] +---- +updaters: + config: + rhel: + ignore_unpatched: false +---- ++ +To disable this feature, you can set `ignore_unpatched` to `true`. + [discrete] [id="clair-releases-47"] === Clair 4.7 @@ -38,7 +56,7 @@ Clair supports identifying and managing the following dependencies: * Python * Ruby -This means it can analyze and report on the third-party libraries and packages that a project in these languages relies on to work correctly. +This means that it can analyze and report on the third-party libraries and packages that a project in these languages relies on to work correctly. [id="clair-containers"] == Clair containers diff --git a/modules/clair-vulnerability-scanner-hosts.adoc b/modules/clair-vulnerability-scanner-hosts.adoc index 4857eb947..04233fbd1 100644 --- a/modules/clair-vulnerability-scanner-hosts.adoc +++ b/modules/clair-vulnerability-scanner-hosts.adoc @@ -9,14 +9,14 @@ Clair uses the following vulnerability databases to report for issues in your images: * Ubuntu Oval database -* Debian Oval database +* * Debian Security Tracker * {rhel} Oval database * SUSE Oval database * Oracle Oval database * Alpine SecDB database * VMWare Photon OS database * Amazon Web Services (AWS) UpdateInfo -* Pyup.io (Python) database +* link:https://osv.dev/[Open Source Vulnerability (OSV) Database] For information about how Clair does security mapping with the different databases, see link:https://quay.github.io/claircore/concepts/severity_mapping.html[ClairCore Severity Mapping]. \ No newline at end of file diff --git a/modules/config-fields-clair-updaters.adoc b/modules/config-fields-clair-updaters.adoc index fcd0e6d8c..deba078fe 100644 --- a/modules/config-fields-clair-updaters.adoc +++ b/modules/config-fields-clair-updaters.adoc @@ -5,7 +5,6 @@ The following updaters configuration fields are available for Clair. [cols="3a,1a,2a",options="header"] - |=== | Field | Type | Description | **updaters** | Object | Provides configuration for the matcher's update manager. @@ -28,4 +27,16 @@ config: ignore_distributions: - cosmic ---- + +| **..ignore_unpatched** | Boolean | Whether to enable reporting of unpatched vulnerabilities. + +**Default:** `false` + +[source,terminal] +---- +updaters: + config: + rhel: + ignore_unpatched: false +---- |=== \ No newline at end of file diff --git a/modules/rn_3_90.adoc b/modules/rn_3_90.adoc index be01f648c..9cd2fe089 100644 --- a/modules/rn_3_90.adoc +++ b/modules/rn_3_90.adoc @@ -4,7 +4,7 @@ Issued 2023-09-05 -{productname} release 3.9.1 is now available. The bug fixes that are included in the update are listed in the link:https://access.redhat.com/errata/RHBA-2023:4974[RHBA-2023:4974] advisory. +{productname} release 3.9.1 is now available with Clair 4.7.1. The bug fixes that are included in the update are listed in the link:https://access.redhat.com/errata/RHBA-2023:4974[RHBA-2023:4974] advisory. [id="bug-fixes-391"] == Bug fixes