Releases: chainguard-dev/malcontent
Releases · chainguard-dev/malcontent
v1.14.1
Contributors
egibs and octo-sts
Assets 2
v1.14.0
Tool Improvements
- Clean up Generate function in report.go by @Ritish134 in #992
- Bump yara-x to 1.3.0; refactor slow rules to account for MAX_ATOMS_PER_REGEXP increase by @egibs in #1030
- Add nil checks for slice pointers; filter invalid overrides from reports by @egibs in #1031
Rule Improvements
Developer Improvements
New Contributors
- @Ritish134 made their first contribution in #992
Full Changelog: v1.13.1...v1.14.0
Contributors
antitree, egibs, and 2 other contributors
Assets 2
v1.13.1
Tool Improvements
Full Changelog: v1.13.0...v1.13.1
Contributors
egibs
Assets 2
v1.13.0
Tool Improvements
- Bump yara-x to 1.2.1 by @egibs in #1009
- Ensure tar pool is initialized even when going the deb route by @markusthoemmes in #1013
- Reduce memory accumulation for long-running scans by @egibs in #1017
Rule Improvements
- Add FPR for coraza-corerulesets by @egibs in #999
- Add exception for php_image_include rule by @egibs in #1000
- Update third-party rules as of 2025-06-16 by @octo-sts in #1003
- Update third-party rules as of 2025-06-17 by @octo-sts in #1007
- Address false positives with knative and new x86 third-party rule by @egibs in #1008
- Update third-party rules as of 2025-06-19 by @octo-sts in #1011
- Update third-party rules as of 2025-06-23 by @octo-sts in #1015
- Address false positives with dojo.js and YUI by @egibs in #1018
New Contributors
- @markusthoemmes made their first contribution in #1013
Full Changelog: v1.12.2...v1.13.0
Contributors
markusthoemmes, egibs, and octo-sts
Assets 2
v1.12.2
Rule Improvements
- Add overrides for standard, unpacked .so files by @egibs in #993
- Update third-party rules as of 2025-06-09 by @octo-sts in #995
Full Changelog: v1.12.1...v1.12.2
Contributors
egibs and octo-sts
Assets 2
v1.12.1
Rule Improvements
- Ignore Python comments within two rules by @egibs in #985
- Update third-party rules as of 2025-06-05 by @octo-sts in #987
- Clean up false positives for EOL Go and Linux Test Project by @egibs in #989
- Fix overridden Go rule by @egibs in #991
Developer Improvements
Full Changelog: v1.12.0...v1.12.1
Contributors
egibs and octo-sts
Assets 2
v1.12.0
Tool Improvements
- Avoid failing scans outright when encountering extraction failures by @egibs in #962
- Add application/jar to zipMIME map by @egibs in #965
- Remove overly-aggressive filetype guards when extracting archives by @egibs in #966
- Address extraction edge cases re: duplicate file names by @egibs in #967
- Migrate tablewriter from 0.0.5 to 1.0.7 by @egibs in #968
- Fix partial read edge cases by @egibs in #969
- [StepSecurity] Apply security best practices by @stepsecurity-app in #971
- Update yara-x to 1.0.0 by @egibs in #981
Rule Improvements
- Update third-party rules as of 2025-05-26 by @octo-sts in #959
- 2025/06/02 false positive reduction by @egibs in #976
- Hide noisy error logs; final rule tweaks by @egibs in #977
- 2025/06/04 false positive reduction by @egibs in #980
- Tweak tokenizer strings by @egibs in #982
Developer Improvements
- tests: generate coverage info report by @stevebeattie in #972
New Contributors
- @stepsecurity-app made their first contribution in #971
Full Changelog: v1.11.3...v1.12.0
Contributors
stevebeattie, egibs, and octo-sts
Assets 2
v1.11.3
Tool Improvements
Full Changelog: v1.11.2...v1.11.3
Contributors
egibs
Assets 2
v1.11.2
Contributors
egibs
Assets 2
v1.11.1
Contributors
egibs and octo-sts