Changelog

These pages list all changes introduced to BOMnipoten Server and Client by various versions. The versions follow semantic versioning , meaning that all version have the form MAJOR.MINOR.PATCH, and

  • the MAJOR version is increased when there is a breaking change for the user. Which ideally never happens.
  • the MINOR version is increased for new, non-breaking features.
  • the PATCH version is increased for bug fixes.
  • a MAJOR version of 0 is used during the betaphase. Here everything shifts to the right: a new MINOR versions means a breaking change, and a new PATCH version any non-breaking change.

It is recommended to always use the latest version.

Subsections of Changelog

0.4.0 (2025-03-24)

BREAKING

  • User accounts now need to exist before they can be assigned any role.
  • Explicitly providing an id when modifying a CSAF document is now optional.
  • Overhauled logging:
    • The option “–output-mode” / “-o” now only takes values “normal”, “code” and “raw”.
    • New option “–log-level” / “-l” takes “error”, “warn”, etc.
    • Log file is now specified via “–log-file” / “-f”.
    • Streamlined which combination logs how much to which output.
    • The “raw” output mode now processes the data like everyone else.

Changed

  • During download, the new flag “–overwrite” allows to locally overwrite BOM and CSAF documents that have been modified on the server.

Fixed

  • The server can now handle the case where an uploaded BOM contains several vulnerabilities with the same ID.
Mar 24, 2025

0.3.1 (2025-03-17)

Added

  • Implemented “bom get” and “csaf get” command to print the contents of a single document directly to stdout. This makes it easier to integrate BOMnipotent into scripting.
  • Added options “–name” and “–version” to “vulnerability update” command, allowing to provide or overwrite the name or version of the corresponding product.

Changed

  • The output of “subscription status” now contains the proper name of the product instead of the (internal) product id.