LVFS Releases

1.5.2 (2024-05-07

This release adds the following features:
  • Add an API endpoint to get firmware status

  • Add documentation for firmware testing using Moblab and ChromeOS

  • Add support for mirroring PULP remotes

  • Add support for multiple project licenses

  • Add support for not_hardware requirements

  • Add support for SHA-384

  • Add support for zstd metadata

  • Add the firmware SBOM specification

  • Allow adding positive vendor relationships in the vendor list

  • Allow exporting SWID and SPDX from the SBOM helper

  • Allow QA users to list and delete thier own signed reports

  • Allow SPDX license aliases

  • Allow uploading offline reports

  • Include <developer_name> in the archive

  • Put the component install duration in the metadata if provided

  • Require vendors to set the Username and Password when downloading embargoed metadata

  • Save the BT logindex in the JCat file

  • Show anonymous success reports in the device page

  • Show if the release has verified reports on the OEM device page

  • Show the release gating on the device page

  • Show which problems block what remote

  • Sign the SHA256 hash as well as the payload

  • Support per-release priorities

This release removes the following features:
  • Do not allow adding duplicate requirements

  • Do not allow over-long sumary text

  • Do not allow the GUID tests to be waived

  • Do not offer updates to very old fwupd versions

  • Enforce that UEFI devices have the vendor-id set in the embargo metadata

  • Remove support for PSPTool

  • Remove the ‘unrestricted’ vendor feature

This release fixes the following bugs:
  • Add 6 bytes of random data to the JcatFile to fix a CDN issue

  • Add an fsck action for the component download size

  • Allow 100% generic components as we’re using them for metadata

  • Allow accepting reports for DoNotTrack firmware

  • Allow cancelling lvfs.reports.utils.task_regenerate

  • Allow more revisions in the gz and xz embargo remotes

  • Allow searching by GUID in the public search

  • Allow showing firmware supporting a specific protocol

  • Allow the admin to unwaive a test

  • Auto-demote firmwares uploaded to embargo with problems

  • Automatically add a fwupd requirement when adding a CHID

  • Catch a DER decode error when looking for certs

  • Check the useragent before the ClientAcl

  • Correctly add device checksums on upload

  • Do not crash when searching for a device with NUL chars

  • Do not fail to sign firmware if services.nvd.nist.gov is unavailable

  • Do not purge deleted immutable firmware

  • Do not show a ‘Move here’ button when embargo rebuilt would fail

  • Do not use absolute URIs in the xz metadata

  • Do the abuse check before the GeoIP lookup

  • Fix a backtrace when clamav isn’t installed

  • Fix a worker crash when claims are not present

  • Fix certificates with UTF-16 RFC-2459 descriptions

  • Fix invalid metadata licenses

  • Fix the task worker when trying to parse invalid NIST NVD payload data

  • Handle the VINCE server exploding

  • Include a fwupd requirement for a CHID requirement

  • Lower the number of concurrent db connections

  • Migrate from Owl to Swiper for quotes

  • Never add duplicate content to PULP_MANIFEST

  • Never use the CDN for firmware images

  • Only add AppStream prefixes when required

  • Port the NIST NVD plugin to new API

  • Ramp up the warning about pushing updates without test reports

  • Reduce the scope of the CSP

  • Regenerate the metadata less frequently

  • Rename com.intel.Uefi to org.uefi

  • Re-run the tests when changing the AppStream ID

  • Run the local development instance with SSL

  • Sort the devices by version in the device pages

  • Update the firmware failure count when adding known issues

  • Update the firmware report count when deleting a report

  • Use the CDN for many more public files

1.5.1 (2023-05-05

This release adds the following features:

  • Add a nudge to people using obsolete fwupd versions to upgrade

  • Add --cleanup to sync-pulp.py to remove old archives

  • Add documentation for testing on ChromeOS

  • Add HSI attribute downloads in JSON format

  • Add the ability to block abusive clients by IP address

  • Allow adding per-protocol device flag values

  • Allow downloading firmware and uploading reports with basic auth

  • Allow uploading firmware assets like emulation data

  • Block clients automatically when abuse is detected

  • Require a User-Agent header to serve archives

  • Set the FromOEM report key in the metadata

  • Show category icons on the device list page

  • Show if a vendor has a PSIRT team and show the link in more places

This release removes the following features:

  • Remove firmware limits feature as it was unused and complicated the code

  • Remove inf parsing as it is no longer required and was a footgun for vendors

This release fixes the following bugs:

  • Actually save a firmware.xml.xz newest file to make debugging easier

  • Add more banned things to the name checks

  • Add ne to the simple component requirements page

  • Allow users to export the SWID data for public firmware

  • Block the generic useragent of Mozilla/5.0

  • Convert icon battery into category X-Battery

  • Do GeoIP lookups on IPv6 data too

  • Do not store broken report attributes

  • Ensure that the newest metadata files are invalidated

  • Fix a crash when using %00 in URLs

  • Never include empty <client/> requirements

  • Only dedupe the requirements exactly

  • Resign any files with artifact type=binary

  • Show a link to the firmware when uploading a duplicate

  • Store all firmware container checksums

  • Update requirements to fix security bugs in dependencies

  • Use newline for multiline settings values

  • Use the display version to sort components in the search results

1.5.0 (2023-01-03)

This release adds the following features:

  • Add a fsck action for the VersionFormat, release_tag, shard info GUIDs and key checksum

  • Add a user-visible claim for a detected SBOM

  • Add a waiveable test failure on system integrity report failure

  • Add BootGuard shards when extracting UEFI firmware

  • Add interesting public test failures to the mdsync export

  • Add new update categories like X-UsbDock and X-UsbReceiver

  • Allow filtering by tag when using sync-pulp.py

  • Allow setting the update message and image per-protocol

  • Cache the public pages to reduce load

  • Do not allow all protocols to use the X-Device category

  • Enforce no duplicate objects in the db layer

  • Enforce that release timestamp is not >2 years in the future or past

  • Generate additional xz metadata for a 25% size saving

  • Generate the PULP_MANIFEST at remote regeneration time

  • Only allow custom update messages for specific protocols

  • Remove the client useragent and country code after 3 years

  • Replace Celery with a built-in task scheduler and remove the beat ECS service

  • Replace uefi_r2 with fwhunt_scan to support new rules format

  • Show the HSI number in more places

  • Use a Flask application factory pattern

  • Verify the upload was written on EFS

  • Warn the QA user when promoting a firmware with no success reports

This release fixes the following bugs:

  • Add a more indexes to speed up database access

  • Allow choosing non-public protocols in the component view

  • Allow running local.py without a database set up

  • Allow the QA user to modify the component release date

  • Always ignore the first section in the reverse-DNS validation

  • Bind to all IPv4 and IPv6 interfaces

  • Build the docker container on CentOS 9 Stream

  • Check that previous CHIDs are always included in new firmware

  • Dedeupe URIs when sending report response

  • Detect and fix duplicate users

  • Do not assume every AppStream ID with 4 dashes is a GUID

  • Do not clear the waived timestamp when retrying a test

  • Do not disable 2FA when changing the users password

  • Do not export the metadata_license in the AppStream metadata

  • Do not fail the UEFI capsule test when using a valid FMP GUID

  • Do not garbage-collect old revisions when the latest revision is new

  • Do not include empty <device> tags in the metadata

  • Do not include the component description in the AppStream metadata

  • Do not mark the OTP textbox as ‘password’

  • Do not require admin login to download a known shard

  • Do not show problems in the search view to fix performance issues

  • Do not store the firmware or remote dirty state and use runtime state instead

  • Do not use a HTML 404 page when downloading from a client

  • Do not use ; to split URIs, it’s a valid char in RFC3986

  • Fix a crash when parsing very old HSI reports

  • Fix a warning when a PE file has no authenticode signature

  • Fix the displayed URLs and display name in the LVFS emails

  • Include the vendor name in the mdsync output

  • Increase the pulp download timeout to 60s

  • Make all the icons symbolic to match gnome-firmware

  • Make the eventlog address field more than 40 chars

  • Make the HSI aggregated data public

  • Move firmware promote and nuke to an async action

  • Only add <testing> elements when using artifacts

  • Only include the sizes for the artifact

  • Prevent duplicate usernames

  • Prevent the human user from being the same as the username

  • Relax the backdated checks to include older firmware

  • Remove all users of _error_internal()

  • Remove some unused database columns and obsolete migration scripts

  • Remove the hardcoded and duplicated release description text

  • Remove the IPFS functionality as it was almost completely unused

  • Remove the per-vendor event-log page

  • Remove the tests overview page, as this does not scale

  • Show a warning when doing an async promotion

  • Show the OEM firmware in ‘State :: Embargo’ for ODMs

  • Show when a user waived the test in the UI

  • Speed up downloading cab archives and most page loads

  • Update uSWID to fix reading and writing compressed payloads

  • Use less whitespace in the AppStream metadata file

  • Use the checksum as the shard absolute path as the name is not always unique

  • Use the correct artifact type for metainfo.xml files

  • Use the correct status code for mdsync export

  • Use the flask debug toolbar when running locally

1.4.0 (2022-05-24)

This release adds the following features:
  • Add a progress indicator to the Yara scan

  • Add ‘fwupd friendly firmware’ certification

  • Add information about what models are EOL

  • Add new categories of X-Mouse and X-BaseboardManagementController

  • Add support for asynchronous uploads

  • Add support for external uSWID+CoSWID sections

  • Add the concept of vendor subgroups

  • Add device icons of usb-hub and usb-receiver

  • Add XLIFF v2 import and export for translation

  • Allow auto-moving firmware on defined dates

  • Allow creating a GUID from an instance ID

  • Allow creating a uSWID blob from form data

  • Allow firmware to have multiple ODMs

  • Allow importing, exporting and modifying localized update release notes

  • Allow marking firmware revisions as immutable

  • Allow updates to specify a level of device integrity

  • Allow uploading firmware using a username and token

  • Analyze Intel microcode versions

  • Build metadata into a firmware transparency log

  • Export the LVFS component ID into the AppStream metadata

  • Get the CVE descriptions description from VINCE and NIST NVD

  • Show the metadata upload failures in the UI

  • Use name_variant_suffix in the public metadata

  • Use signed reports for firmware QA

  • Use the CDN to distribute firmware

This release fixes the following bugs:
  • Add client requirements to the metadata

  • Add more JCat blob kinds

  • Allow modifications in the testing target

  • Allow OAuth users to modify subgroup and notification settings

  • Allow QA users to delete limits

  • Allow security researchers to run UEFI R2 scripts

  • Allow specifying file:// images that are copied from the archive

  • Allow users to share the [possibly private] signed report data

  • Check for the duplicate remote before checking problems

  • Detect more vendors pasting in Intel SA issues

  • Do no merge component with different self requirements

  • Do not allow an unsigned report to adjust the output of a signed one

  • Do not allow some name_variant_suffix content

  • Do not backtrace when trying to compare UTF-8 and UTF-16 text

  • Do not export optional component data XML

  • Do not force ‘number’ verfmts to hex in the metainfo

  • Do not show test passes in uefi_scanner

  • Do not split search terms on the hyphen

  • Do not use Google Fonts

  • Fix a crash when a component description was not set

  • Fix crash when old stable firmware has no update description

  • Fix runtime exception when checking inactive users

  • Ignore markdown elements with control chars

  • Make autoimporting issues CSRF-safe

  • Make Claim.allow_embargo per-instance, not per-class

  • Make the license have an optional clickable URL

  • Make the recovery email case insensitive

  • Make the update useful word requirement lower

  • Move some upload issues to runtime component problems

  • Never include ampersands in the revision filename

  • Never try to escape missing paragraph text

  • No longer detect Intel BIOSGuard

  • Remove parsing the developer_name tag

  • Remove the vendor description

  • Save non-empty UEFI padding sections as shards

  • Set a max-age when sending chunked files

  • Show a notification if unable to change component values

  • Show a warning when a security update is detected without any issues

  • Show better verified report output

  • Use a bubble graph for the CVE timeline

  • Use a volume guids to make UEFI R2 queries much, much faster

  • Use the AppStream ID when deduping uploaded firmware

  • Use the mirrored release image in more cases

  • Verify the AppStream ID was valid if modified

1.3.2 (2021-06-22)

This release adds the following features:

  • Add an optional PSIRT URL for each vendor

  • Add a plugin which uses uefi_r2 to add shard attributes

  • Add support for component soft-requirements

  • Allow exporting the embargoed firmware using PULP_MANIFEST

  • Allow searching for files by checksum on the internal dashboard

  • Allow vendor managers to purge firmware without asking an admin

  • Do not overwrite when resigning and use unique filenames for each revision

This release fixes the following bugs:

  • Be more helpful when failing to load invalid XML

  • Dedupe the component requirements where allowed

  • Do not allow the update description to contain the firmware name

  • Do not autodecode content when mirroring using sync-pulp.py

  • Explicitly set the CDN Cache-Control to be 4 hours by default

  • Ask vendors to provide 10 useful release description words

  • Include the update images in the PULP_MANIFEST file

  • Resign any files that do not include the PKCS#7 certificate

1.3.1 (2021-04-06)

This release adds the following features:

  • Add a firmware timestamp that specifies the CVE embargo date

  • Add a LVFS component problem if the version format is inconsistent

  • Hard require the version format to allow pushing to stable

  • Record the reason for moving a firmware to a new remote

  • Record the user and when a component issue was added

  • Support VINCE security advisory IDs

This release fixes the following bugs:

  • Allow setting a vendor default for the .inf firmware parsing

  • Allow uploading files with all issue types

  • Fix some checksum confusion for duplicate firmware

  • Fix unpinning files using Pinata

  • Fix warnings with new SQLAchemy versions

  • Never include generic components in the mdsync data

  • Return JSON for robot uploaders

  • Store the old remote ID in the FirmwareEvent

  • Use the remote name, not the icon name for mdsync export

  • Write the <issue> tags into the AppStream metadata

1.3.0 (2021-02-08)

This release adds the following features:

  • Add new page for the latest devices supported

  • Add support for the <artifact> AppStream tag

  • Add support for the Intel technical advisory issue tags

  • Allow adding optional default icons to categories and protocols

  • Allow components to specify an optional branch

  • Allow exporting the component back to MetaInfo XML format

  • Assign a release tag style for specific vendor per-category

  • Mirror non-export-controlled public firmware to IPFS

  • Provide a healthcheck endpoint

  • Send a monthly email about firmware left in embargo or testing

  • Show a device status page showing all the versions in all remotes

This release fixes the following bugs:

  • Add missing support for LVFS::UpdateImage and Verfmt('number')

  • Add some documentation on adding screenshots and using the LVFS offline

  • Allow adding and removing component GUIDs on the web UI

  • Allow a <project_license> of BSD

  • Allow changing firmware licenses without re-uploading firmware

  • Allow non-admin users to resign firmware

  • Allow QA users to change the component name, ID and summary

  • Allow searching by filename, requirement or CVE when logged in

  • Allow supplying a generic ‘overview’ component for composite devices

  • Allow vendors to specify client requirements

  • Change the dropped-GUID from an upload flash() to a waivable test

  • Check for more sneaky CVEs in update descriptions

  • De-duplicate the requirements where appropriate

  • Do not allow the vendor name “BIOS”, “fwupd” or “LVFS” in the firmware <name>

  • Do not do the GUID check against firmware uploaded to private

  • Do not ever store the client hashed IP address in the database

  • Do not use send_from_directory() to send large files

  • Fix all CSRF issues after some security review

  • Fix performance issue when getting recent firmware downloads

  • Include the copyright information for MIT licenses

  • Increase the upload timeout to 10 minutes

  • Move the disable 2FA slider to a button

  • Parse the AMI FPAT firmware prior to scanning with UEFIExtract

  • Provide a nudge when editing a component if required values are unset

  • Purge firmware that is deleted after just 30 days

  • Record the client country code for analytics

  • Reduce the number of buttons on the component overview

  • Regenerate embargo remotes when modifying restrictions

  • Run any pending tests every 60 minutes

  • Update the bundled version of Chart.js

  • Update the README.txt file during package signing

  • Use a non-predictable vendor icon filename

  • Use PyGnuTLS rather than using certtool when signing files

  • Use python-cabarchive rather than GCab for parsing

  • Use the CDN to serve public static files

  • Write the PULP_MANIFEST with a predicatable order

1.2.0 (2020-06-09)

This release adds the following features:

  • Add a filter view for user uploaded firmware

  • Add a plugin to identify old microcode versions

  • Add cached public stats of useful metrics

  • Add support for LVFS::UpdateMessage

  • Allow clients to upload anonymous HSI attrs

  • Allow re-signing binaries

  • Create Jcat files in archives and for metadata

  • Delete firmware in embargo with newer public versions

  • Disable unused user accounts for GDPR compliance

  • Export the success confidence to the mdsync vendor

  • Include LVFS::UpdateProtocol in the metadata

  • Rewrite the AppStream screenshot URL to use the server CDN

  • Rewrite the metainfo when signing the firmware

  • Save metadata about Intel microcode blobs

  • Support Lenovo, Dell and Intel specific security tags

  • Use celery to process async operations

This release fixes the following bugs:

  • Allow all users to view the profile page

  • Allow a protocol to have no defined version format

  • Allow QA users to see all ODM firmware uploaded

  • Allow setting the category to ‘Unknown’

  • Allow specifying firmware versions when using the advanced requires editor

  • Do not allow component modification when in testing and stable

  • Do not backtrace if a component does not have a <name>

  • Do not include a CSRF for public search queries

  • Do not include the VersionFormat fallbacks if the fw requires a new enough fwupd

  • Do not make the database server explode with a query like ‘value=+foo’

  • Do not save duplicate <requires>vendor-id</> tags to the metadata

  • Ensure firmware again when it changes state

  • Fix a regression when component claims were not being added

  • Fix regression when getting security level of component

  • Improve the report query speed by several orders of magnitude

  • Include the vendor tag in the rewritten metainfo and AppStream XML

  • Invalidate ODM remotes when a firmware is demoted back to private

  • List <id> requires first in the metadata

  • Make it more obvious that the firmware is waiting to be signed

  • Make the LVFS username case insensitive

  • Make the markdown to root function more robust

  • Parse the <metadata_license> even when not in strict mode

  • Set the SHA256 content checksum in the metadata

  • Show a disabled button when the user has no ACL to move the firmware

1.1.6 (2020-01-28)

This release adds the following features:

  • Add a atom feed to public device page

  • Add a claim for systems supporting Intel BiosGuard and BootGuard

  • Add a dell-bios version format

  • Add a page to list consultants that can work on the LVFS

  • Add a plugin to add component claims for specific shard GUIDs

  • Add a release tag to store the vendor-specific firmware identifier

  • Allow adding component claims based on the hash of a shard

  • Allow syncing with other firmware databases

  • Move the formal documentation to Sphinx

This release fixes the following bugs:

  • Add many more database indexes to improve performance

  • Add some missing vendor checks when proxying to the user ACL

  • Allow vendor managers to see a read-only view of the restrictions page

  • Always use the vendor-id restrictions of the ODM, not the OEM

  • Fix support for multiple LVFS::VersionFormat tags

  • Include a vendor ID by default for testing accounts

  • Make more queries compatible with PostgreSQL

  • Never include firmware in private in any embargo remote

  • Only show vendors with LVFS users on the vendorlist

  • Reduce the memory consumption when running cron and doing yara queries

  • Update the firmware report count at upload time

  • Use SHA256 when storing the upload checksum

  • Use the correct filename for a PKCS-7 payload signature

  • Use UEFIExtract rather than chipsec to extract shards

1.1.5 (2019-11-15)

This release adds the following features:

  • Add support for matching firmware requirements on device parents

  • Allow researchers to run YARA queries on the public firmware

  • Allow the blocklist plugin to add persistent claims

  • Use PSPTool to parse the AMD PSP section

This release fixes the following bugs:

  • Add the Dell PFS as a component shard

  • Allow the owner of the firmware to always change update details

  • Convert to Blueprints to improve page loading time

  • Do not hardcode the list of version formats in various places

  • Do not share the shard name between GUIDs

  • Only auto-demote stable-to-testing, not testing-to-embargo or stable-to-embargo

  • Show the version format versions with no trailing zeros

1.1.4 (2019-09-26)

This release adds the following features:

  • Add component issues such as CVEs in a structured way

  • Add more OEM notification emails for ODM actions

  • Add support for name variant suffixes

  • Add vendor namespaces to enforce ODM relationships

  • Allow searching for CVEs when logged in

  • Allow the OEM to better control what the ODM is able to do

This release fixes the following bugs:

  • Allow vendors to optionally disable the inf parsing

  • Blacklist generic GUIDs like ‘main-system-firmware’

  • Check the source and release URLs are valid if provided

  • Do not show deleted firmware on the recent list on the dashboard

  • Don’t auto-demote firmware because of old reports

  • Enforce the VersionFormat if the version is an integer

  • Fix a crash if uploading a file with a missing metadata_license tag

  • Provide a way to un-disable users as a vendor manager

  • Regenerate embargo remotes ever 5 minutes

  • Use a sane error message on upload when a component drops a GUID

1.1.3 (2019-08-06)

This release adds the following features:

  • Show a nag message for admin or manager account without 2FA

  • Do not use AppStream-glib to parse the metainfo file

  • Automatically demote firmware with more than 5 failures and a success rate of %lt;70%

  • Allow firmware or vendors to enable DoNotTrack functionality

  • Show the user capabilities in the headerbar

  • Protect all forms against CSRF

This release fixes the following bugs:

  • Retry all existing tests if the category or protocol is changed

  • Do not allow forward slashes in AppStream ID values

  • Use a proper AppStream ID for the CHIPSEC shards

  • Show flashed messages on the landing page

  • Better support firmware requires without conditions or versions

  • Do not allow AppStream markup in non description elements

1.1.2 (2019-05-28)

This release adds the following features:

  • Add a new plugin to check portable executable files

  • Save the shards in an on-disk cache which allows re-running tests

  • Add a failure for any firmware that is signed with a 3-year expired certificate

  • Add shard certificates to the database and show them in the component view

This release fixes the following bugs:

  • Make it easier to enter multiline text as plugin settings

1.1.1 (2019-05-21)

This release adds the following features:

  • Allow managers to edit their own list of embargoed countries

  • Record the size and entropy of the component shards when parsing

  • Analyze Intel ME firmware when it is uploaded

This release fixes the following bugs:

  • Do not expect device checksums for ME or EC firmware

1.1.0 (2019-05-14)

This release adds the following features:

  • Run CHIPSEC on all UEFI firmware files

  • Show details of UEFI firmware volumes for capsule updates

  • Show differences between public revisions of firmware

  • Provide some extra information about detected firmware shards

This release fixes the following bugs:

  • Only decompress the firmware once when running tests

  • Make the component detail page a bit less monolithic

  • Never leave tests in the running state if a plugin crashes

1.0.0 (2019-05-02)

This release adds the following features:

  • Allow the admin to change the AppStream ID or name of components

This release fixes the following bugs:

  • Do not allow the telemetry card title to overflow

  • Ensure the firmware-flashed value is a valid lowercase GUID

  • Make the component requirements page easier to use

  • Do not add duplicate <hardware> values

  • Remove the hard-to-use breadcrumb and use a single back button