LVFS Releases¶
1.5.2 (2024-05-07¶
- This release adds the following features:
Add an API endpoint to get firmware status
Add documentation for firmware testing using Moblab and ChromeOS
Add support for mirroring PULP remotes
Add support for multiple project licenses
Add support for not_hardware requirements
Add support for SHA-384
Add support for zstd metadata
Add the firmware SBOM specification
Allow adding positive vendor relationships in the vendor list
Allow exporting SWID and SPDX from the SBOM helper
Allow QA users to list and delete thier own signed reports
Allow SPDX license aliases
Allow uploading offline reports
Include <developer_name> in the archive
Put the component install duration in the metadata if provided
Require vendors to set the Username and Password when downloading embargoed metadata
Save the BT logindex in the JCat file
Show anonymous success reports in the device page
Show if the release has verified reports on the OEM device page
Show the release gating on the device page
Show which problems block what remote
Sign the SHA256 hash as well as the payload
Support per-release priorities
- This release removes the following features:
Do not allow adding duplicate requirements
Do not allow over-long sumary text
Do not allow the GUID tests to be waived
Do not offer updates to very old fwupd versions
Enforce that UEFI devices have the vendor-id set in the embargo metadata
Remove support for PSPTool
Remove the ‘unrestricted’ vendor feature
- This release fixes the following bugs:
Add 6 bytes of random data to the JcatFile to fix a CDN issue
Add an fsck action for the component download size
Allow 100% generic components as we’re using them for metadata
Allow accepting reports for DoNotTrack firmware
Allow cancelling lvfs.reports.utils.task_regenerate
Allow more revisions in the gz and xz embargo remotes
Allow searching by GUID in the public search
Allow showing firmware supporting a specific protocol
Allow the admin to unwaive a test
Auto-demote firmwares uploaded to embargo with problems
Automatically add a fwupd requirement when adding a CHID
Catch a DER decode error when looking for certs
Check the useragent before the ClientAcl
Correctly add device checksums on upload
Do not crash when searching for a device with NUL chars
Do not fail to sign firmware if services.nvd.nist.gov is unavailable
Do not purge deleted immutable firmware
Do not show a ‘Move here’ button when embargo rebuilt would fail
Do not use absolute URIs in the xz metadata
Do the abuse check before the GeoIP lookup
Fix a backtrace when clamav isn’t installed
Fix a worker crash when claims are not present
Fix certificates with UTF-16 RFC-2459 descriptions
Fix invalid metadata licenses
Fix the task worker when trying to parse invalid NIST NVD payload data
Handle the VINCE server exploding
Include a fwupd requirement for a CHID requirement
Lower the number of concurrent db connections
Migrate from Owl to Swiper for quotes
Never add duplicate content to PULP_MANIFEST
Never use the CDN for firmware images
Only add AppStream prefixes when required
Port the NIST NVD plugin to new API
Ramp up the warning about pushing updates without test reports
Reduce the scope of the CSP
Regenerate the metadata less frequently
Rename com.intel.Uefi to org.uefi
Re-run the tests when changing the AppStream ID
Run the local development instance with SSL
Sort the devices by version in the device pages
Update the firmware failure count when adding known issues
Update the firmware report count when deleting a report
Use the CDN for many more public files
1.5.1 (2023-05-05¶
This release adds the following features:
Add a nudge to people using obsolete fwupd versions to upgrade
Add
--cleanup
tosync-pulp.py
to remove old archivesAdd documentation for testing on ChromeOS
Add HSI attribute downloads in JSON format
Add the ability to block abusive clients by IP address
Allow adding per-protocol device flag values
Allow downloading firmware and uploading reports with basic auth
Allow uploading firmware assets like emulation data
Block clients automatically when abuse is detected
Require a
User-Agent
header to serve archivesSet the
FromOEM
report key in the metadataShow category icons on the device list page
Show if a vendor has a PSIRT team and show the link in more places
This release removes the following features:
Remove firmware limits feature as it was unused and complicated the code
Remove inf parsing as it is no longer required and was a footgun for vendors
This release fixes the following bugs:
Actually save a
firmware.xml.xz
newest file to make debugging easierAdd more banned things to the name checks
Add
ne
to the simple component requirements pageAllow users to export the SWID data for public firmware
Block the generic useragent of
Mozilla/5.0
Convert icon battery into category
X-Battery
Do GeoIP lookups on IPv6 data too
Do not store broken report attributes
Ensure that the newest metadata files are invalidated
Fix a crash when using
%00
in URLsNever include empty
<client/>
requirementsOnly dedupe the requirements exactly
Resign any files with artifact type=binary
Show a link to the firmware when uploading a duplicate
Store all firmware container checksums
Update requirements to fix security bugs in dependencies
Use newline for multiline settings values
Use the display version to sort components in the search results
1.5.0 (2023-01-03)¶
This release adds the following features:
Add a fsck action for the VersionFormat, release_tag, shard info GUIDs and key checksum
Add a user-visible claim for a detected SBOM
Add a waiveable test failure on system integrity report failure
Add BootGuard shards when extracting UEFI firmware
Add interesting public test failures to the mdsync export
Add new update categories like X-UsbDock and X-UsbReceiver
Allow filtering by tag when using sync-pulp.py
Allow setting the update message and image per-protocol
Cache the public pages to reduce load
Do not allow all protocols to use the X-Device category
Enforce no duplicate objects in the db layer
Enforce that release timestamp is not >2 years in the future or past
Generate additional xz metadata for a 25% size saving
Generate the PULP_MANIFEST at remote regeneration time
Only allow custom update messages for specific protocols
Remove the client useragent and country code after 3 years
Replace Celery with a built-in task scheduler and remove the beat ECS service
Replace uefi_r2 with fwhunt_scan to support new rules format
Show the HSI number in more places
Use a Flask application factory pattern
Verify the upload was written on EFS
Warn the QA user when promoting a firmware with no success reports
This release fixes the following bugs:
Add a more indexes to speed up database access
Allow choosing non-public protocols in the component view
Allow running local.py without a database set up
Allow the QA user to modify the component release date
Always ignore the first section in the reverse-DNS validation
Bind to all IPv4 and IPv6 interfaces
Build the docker container on CentOS 9 Stream
Check that previous CHIDs are always included in new firmware
Dedeupe URIs when sending report response
Detect and fix duplicate users
Do not assume every AppStream ID with 4 dashes is a GUID
Do not clear the waived timestamp when retrying a test
Do not disable 2FA when changing the users password
Do not export the metadata_license in the AppStream metadata
Do not fail the UEFI capsule test when using a valid FMP GUID
Do not garbage-collect old revisions when the latest revision is new
Do not include empty <device> tags in the metadata
Do not include the component description in the AppStream metadata
Do not mark the OTP textbox as ‘password’
Do not require admin login to download a known shard
Do not show problems in the search view to fix performance issues
Do not store the firmware or remote dirty state and use runtime state instead
Do not use a HTML 404 page when downloading from a client
Do not use ; to split URIs, it’s a valid char in RFC3986
Fix a crash when parsing very old HSI reports
Fix a warning when a PE file has no authenticode signature
Fix the displayed URLs and display name in the LVFS emails
Include the vendor name in the mdsync output
Increase the pulp download timeout to 60s
Make all the icons symbolic to match gnome-firmware
Make the eventlog address field more than 40 chars
Make the HSI aggregated data public
Move firmware promote and nuke to an async action
Only add <testing> elements when using artifacts
Only include the sizes for the artifact
Prevent duplicate usernames
Prevent the human user from being the same as the username
Relax the backdated checks to include older firmware
Remove all users of _error_internal()
Remove some unused database columns and obsolete migration scripts
Remove the hardcoded and duplicated release description text
Remove the IPFS functionality as it was almost completely unused
Remove the per-vendor event-log page
Remove the tests overview page, as this does not scale
Show a warning when doing an async promotion
Show the OEM firmware in ‘State :: Embargo’ for ODMs
Show when a user waived the test in the UI
Speed up downloading cab archives and most page loads
Update uSWID to fix reading and writing compressed payloads
Use less whitespace in the AppStream metadata file
Use the checksum as the shard absolute path as the name is not always unique
Use the correct artifact type for metainfo.xml files
Use the correct status code for mdsync export
Use the flask debug toolbar when running locally
1.4.0 (2022-05-24)¶
- This release adds the following features:
Add a progress indicator to the Yara scan
Add ‘fwupd friendly firmware’ certification
Add information about what models are EOL
Add new categories of X-Mouse and X-BaseboardManagementController
Add support for asynchronous uploads
Add support for external uSWID+CoSWID sections
Add the concept of vendor subgroups
Add device icons of usb-hub and usb-receiver
Add XLIFF v2 import and export for translation
Allow auto-moving firmware on defined dates
Allow creating a GUID from an instance ID
Allow creating a uSWID blob from form data
Allow firmware to have multiple ODMs
Allow importing, exporting and modifying localized update release notes
Allow marking firmware revisions as immutable
Allow updates to specify a level of device integrity
Allow uploading firmware using a username and token
Analyze Intel microcode versions
Build metadata into a firmware transparency log
Export the LVFS component ID into the AppStream metadata
Get the CVE descriptions description from VINCE and NIST NVD
Show the metadata upload failures in the UI
Use name_variant_suffix in the public metadata
Use signed reports for firmware QA
Use the CDN to distribute firmware
- This release fixes the following bugs:
Add client requirements to the metadata
Add more JCat blob kinds
Allow modifications in the testing target
Allow OAuth users to modify subgroup and notification settings
Allow QA users to delete limits
Allow security researchers to run UEFI R2 scripts
Allow specifying file:// images that are copied from the archive
Allow users to share the [possibly private] signed report data
Check for the duplicate remote before checking problems
Detect more vendors pasting in Intel SA issues
Do no merge component with different self requirements
Do not allow an unsigned report to adjust the output of a signed one
Do not allow some name_variant_suffix content
Do not backtrace when trying to compare UTF-8 and UTF-16 text
Do not export optional component data XML
Do not force ‘number’ verfmts to hex in the metainfo
Do not show test passes in uefi_scanner
Do not split search terms on the hyphen
Do not use Google Fonts
Fix a crash when a component description was not set
Fix crash when old stable firmware has no update description
Fix runtime exception when checking inactive users
Ignore markdown elements with control chars
Make autoimporting issues CSRF-safe
Make Claim.allow_embargo per-instance, not per-class
Make the license have an optional clickable URL
Make the recovery email case insensitive
Make the update useful word requirement lower
Move some upload issues to runtime component problems
Never include ampersands in the revision filename
Never try to escape missing paragraph text
No longer detect Intel BIOSGuard
Remove parsing the developer_name tag
Remove the vendor description
Save non-empty UEFI padding sections as shards
Set a max-age when sending chunked files
Show a notification if unable to change component values
Show a warning when a security update is detected without any issues
Show better verified report output
Use a bubble graph for the CVE timeline
Use a volume guids to make UEFI R2 queries much, much faster
Use the AppStream ID when deduping uploaded firmware
Use the mirrored release image in more cases
Verify the AppStream ID was valid if modified
1.3.2 (2021-06-22)¶
This release adds the following features:
Add an optional PSIRT URL for each vendor
Add a plugin which uses uefi_r2 to add shard attributes
Add support for component soft-requirements
Allow exporting the embargoed firmware using PULP_MANIFEST
Allow searching for files by checksum on the internal dashboard
Allow vendor managers to purge firmware without asking an admin
Do not overwrite when resigning and use unique filenames for each revision
This release fixes the following bugs:
Be more helpful when failing to load invalid XML
Dedupe the component requirements where allowed
Do not allow the update description to contain the firmware name
Do not autodecode content when mirroring using sync-pulp.py
Explicitly set the CDN Cache-Control to be 4 hours by default
Ask vendors to provide 10 useful release description words
Include the update images in the PULP_MANIFEST file
Resign any files that do not include the PKCS#7 certificate
1.3.1 (2021-04-06)¶
This release adds the following features:
Add a firmware timestamp that specifies the CVE embargo date
Add a LVFS component problem if the version format is inconsistent
Hard require the version format to allow pushing to stable
Record the reason for moving a firmware to a new remote
Record the user and when a component issue was added
Support VINCE security advisory IDs
This release fixes the following bugs:
Allow setting a vendor default for the .inf firmware parsing
Allow uploading files with all issue types
Fix some checksum confusion for duplicate firmware
Fix unpinning files using Pinata
Fix warnings with new SQLAchemy versions
Never include generic components in the mdsync data
Return JSON for robot uploaders
Store the old remote ID in the FirmwareEvent
Use the remote name, not the icon name for mdsync export
Write the <issue> tags into the AppStream metadata
1.3.0 (2021-02-08)¶
This release adds the following features:
Add new page for the latest devices supported
Add support for the
<artifact>
AppStream tagAdd support for the Intel technical advisory issue tags
Allow adding optional default icons to categories and protocols
Allow components to specify an optional branch
Allow exporting the component back to MetaInfo XML format
Assign a release tag style for specific vendor per-category
Mirror non-export-controlled public firmware to IPFS
Provide a healthcheck endpoint
Send a monthly email about firmware left in embargo or testing
Show a device status page showing all the versions in all remotes
This release fixes the following bugs:
Add missing support for
LVFS::UpdateImage
andVerfmt('number')
Add some documentation on adding screenshots and using the LVFS offline
Allow adding and removing component GUIDs on the web UI
Allow a
<project_license>
of BSDAllow changing firmware licenses without re-uploading firmware
Allow non-admin users to resign firmware
Allow QA users to change the component name, ID and summary
Allow searching by filename, requirement or CVE when logged in
Allow supplying a generic ‘overview’ component for composite devices
Allow vendors to specify client requirements
Change the dropped-GUID from an upload
flash()
to a waivable testCheck for more sneaky CVEs in update descriptions
De-duplicate the requirements where appropriate
Do not allow the vendor name “BIOS”, “fwupd” or “LVFS” in the firmware
<name>
Do not do the GUID check against firmware uploaded to private
Do not ever store the client hashed IP address in the database
Do not use
send_from_directory()
to send large filesFix all CSRF issues after some security review
Fix performance issue when getting recent firmware downloads
Include the copyright information for MIT licenses
Increase the upload timeout to 10 minutes
Move the disable 2FA slider to a button
Parse the AMI FPAT firmware prior to scanning with UEFIExtract
Provide a nudge when editing a component if required values are unset
Purge firmware that is deleted after just 30 days
Record the client country code for analytics
Reduce the number of buttons on the component overview
Regenerate embargo remotes when modifying restrictions
Run any pending tests every 60 minutes
Update the bundled version of Chart.js
Update the
README.txt
file during package signingUse a non-predictable vendor icon filename
Use PyGnuTLS rather than using certtool when signing files
Use python-cabarchive rather than GCab for parsing
Use the CDN to serve public static files
Write the
PULP_MANIFEST
with a predicatable order
1.2.0 (2020-06-09)¶
This release adds the following features:
Add a filter view for user uploaded firmware
Add a plugin to identify old microcode versions
Add cached public stats of useful metrics
Add support for LVFS::UpdateMessage
Allow clients to upload anonymous HSI attrs
Allow re-signing binaries
Create Jcat files in archives and for metadata
Delete firmware in embargo with newer public versions
Disable unused user accounts for GDPR compliance
Export the success confidence to the mdsync vendor
Include LVFS::UpdateProtocol in the metadata
Rewrite the AppStream screenshot URL to use the server CDN
Rewrite the metainfo when signing the firmware
Save metadata about Intel microcode blobs
Support Lenovo, Dell and Intel specific security tags
Use celery to process async operations
This release fixes the following bugs:
Allow all users to view the profile page
Allow a protocol to have no defined version format
Allow QA users to see all ODM firmware uploaded
Allow setting the category to ‘Unknown’
Allow specifying firmware versions when using the advanced requires editor
Do not allow component modification when in testing and stable
Do not backtrace if a component does not have a <name>
Do not include a CSRF for public search queries
Do not include the VersionFormat fallbacks if the fw requires a new enough fwupd
Do not make the database server explode with a query like ‘value=+foo’
Do not save duplicate <requires>vendor-id</> tags to the metadata
Ensure firmware again when it changes state
Fix a regression when component claims were not being added
Fix regression when getting security level of component
Improve the report query speed by several orders of magnitude
Include the vendor tag in the rewritten metainfo and AppStream XML
Invalidate ODM remotes when a firmware is demoted back to private
List <id> requires first in the metadata
Make it more obvious that the firmware is waiting to be signed
Make the LVFS username case insensitive
Make the markdown to root function more robust
Parse the <metadata_license> even when not in strict mode
Set the SHA256 content checksum in the metadata
Show a disabled button when the user has no ACL to move the firmware
1.1.6 (2020-01-28)¶
This release adds the following features:
Add a atom feed to public device page
Add a claim for systems supporting Intel BiosGuard and BootGuard
Add a
dell-bios
version formatAdd a page to list consultants that can work on the LVFS
Add a plugin to add component claims for specific shard GUIDs
Add a release tag to store the vendor-specific firmware identifier
Allow adding component claims based on the hash of a shard
Allow syncing with other firmware databases
Move the formal documentation to Sphinx
This release fixes the following bugs:
Add many more database indexes to improve performance
Add some missing vendor checks when proxying to the user ACL
Allow vendor managers to see a read-only view of the restrictions page
Always use the vendor-id restrictions of the ODM, not the OEM
Fix support for multiple
LVFS::VersionFormat
tagsInclude a vendor ID by default for testing accounts
Make more queries compatible with PostgreSQL
Never include firmware in private in any embargo remote
Only show vendors with LVFS users on the vendorlist
Reduce the memory consumption when running cron and doing yara queries
Update the firmware report count at upload time
Use SHA256 when storing the upload checksum
Use the correct filename for a PKCS-7 payload signature
Use UEFIExtract rather than chipsec to extract shards
1.1.5 (2019-11-15)¶
This release adds the following features:
Add support for matching firmware requirements on device parents
Allow researchers to run YARA queries on the public firmware
Allow the blocklist plugin to add persistent claims
Use PSPTool to parse the AMD PSP section
This release fixes the following bugs:
Add the Dell PFS as a component shard
Allow the owner of the firmware to always change update details
Convert to Blueprints to improve page loading time
Do not hardcode the list of version formats in various places
Do not share the shard name between GUIDs
Only auto-demote stable-to-testing, not testing-to-embargo or stable-to-embargo
Show the version format versions with no trailing zeros
1.1.4 (2019-09-26)¶
This release adds the following features:
Add component issues such as CVEs in a structured way
Add more OEM notification emails for ODM actions
Add support for name variant suffixes
Add vendor namespaces to enforce ODM relationships
Allow searching for CVEs when logged in
Allow the OEM to better control what the ODM is able to do
This release fixes the following bugs:
Allow vendors to optionally disable the inf parsing
Blacklist generic GUIDs like ‘main-system-firmware’
Check the source and release URLs are valid if provided
Do not show deleted firmware on the recent list on the dashboard
Don’t auto-demote firmware because of old reports
Enforce the VersionFormat if the version is an integer
Fix a crash if uploading a file with a missing metadata_license tag
Provide a way to un-disable users as a vendor manager
Regenerate embargo remotes ever 5 minutes
Use a sane error message on upload when a component drops a GUID
1.1.3 (2019-08-06)¶
This release adds the following features:
Show a nag message for admin or manager account without 2FA
Do not use AppStream-glib to parse the metainfo file
Automatically demote firmware with more than 5 failures and a success rate of %lt;70%
Allow firmware or vendors to enable DoNotTrack functionality
Show the user capabilities in the headerbar
Protect all forms against CSRF
This release fixes the following bugs:
Retry all existing tests if the category or protocol is changed
Do not allow forward slashes in AppStream ID values
Use a proper AppStream ID for the CHIPSEC shards
Show flashed messages on the landing page
Better support firmware requires without conditions or versions
Do not allow AppStream markup in non description elements
1.1.2 (2019-05-28)¶
This release adds the following features:
Add a new plugin to check portable executable files
Save the shards in an on-disk cache which allows re-running tests
Add a failure for any firmware that is signed with a 3-year expired certificate
Add shard certificates to the database and show them in the component view
This release fixes the following bugs:
Make it easier to enter multiline text as plugin settings
1.1.1 (2019-05-21)¶
This release adds the following features:
Allow managers to edit their own list of embargoed countries
Record the size and entropy of the component shards when parsing
Analyze Intel ME firmware when it is uploaded
This release fixes the following bugs:
Do not expect device checksums for ME or EC firmware
1.1.0 (2019-05-14)¶
This release adds the following features:
Run CHIPSEC on all UEFI firmware files
Show details of UEFI firmware volumes for capsule updates
Show differences between public revisions of firmware
Provide some extra information about detected firmware shards
This release fixes the following bugs:
Only decompress the firmware once when running tests
Make the component detail page a bit less monolithic
Never leave tests in the running state if a plugin crashes
1.0.0 (2019-05-02)¶
This release adds the following features:
Allow the admin to change the AppStream ID or name of components
This release fixes the following bugs:
Do not allow the telemetry card title to overflow
Ensure the
firmware-flashed
value is a valid lowercase GUIDMake the component requirements page easier to use
Do not add duplicate
<hardware>
valuesRemove the hard-to-use breadcrumb and use a single back button