Skip to content

grype

v0.113.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 10h Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

container-image containers cyclonedx docker go openvex
+5 more
security static-analysis vex vulnerabilities vulnerability

Affected surfaces

crypto_tls

Summary

AI summary

Updates Bug Fixes, Added Features, and https://github.com/anchore/grype/pull/3397 across a mixed release.

Changes in this release

Feature Low

Adds support for Ubuntu 26.04 "resolute" codename.

Adds support for Ubuntu 26.04 "resolute" codename.

Source: llm_adapter@2026-06-03

Confidence: high
Feature Low

Adds source RPM filtering on Hummingbird.

Adds source RPM filtering on Hummingbird.

Source: llm_adapter@2026-06-03

Confidence: high
Feature Low

Adds aarch64 architecture support for Ruby gem version parsing in lockfiles.

Adds aarch64 architecture support for Ruby gem version parsing in lockfiles.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Uses relatedVulnerabilities description as fallback in SARIF output.

Uses relatedVulnerabilities description as fallback in SARIF output.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Improves platform CPE determination logic.

Improves platform CPE determination logic.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Normalizes uppercase V in semantic version comparison.

Normalizes uppercase V in semantic version comparison.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Handles purl correctly for Maven libraries in cgr.

Handles purl correctly for Maven libraries in cgr.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Treats uppercase V prefixes same as lowercase v in fuzzy version comparison.

Treats uppercase V prefixes same as lowercase v in fuzzy version comparison.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Fixes zsh completion failures.

Fixes zsh completion failures.

Source: llm_adapter@2026-06-03

Confidence: high
Bugfix Medium

Adds runtime warnings when TLS verification is disabled or HTTP is enabled.

Adds runtime warnings when TLS verification is disabled or HTTP is enabled.

Source: llm_adapter@2026-06-03

Confidence: low
Full changelog

Added Features

  • Include Ubuntu 26.04 "resolute" in distro codenames [#3397 @anchore-oss-update-bot]
  • source RPM filtering on Hummingbird [#3410 @willmurphyscode]

Bug Fixes

  • use relatedVulnerabilities description as fallback in SARIF output [#3271 @axidex]
  • improve platform CPE determination logic [#3470 @westonsteimel]
  • normalize uppercase V in semantic version comparison [#3461 @immanuwell]
  • purl handling in cgr maven libs [#3420 @willmurphyscode]
  • Treat uppercase V prefixes the same as lowercase v prefixes in fuzzy version comparison [#3037 #3089 @wasup-yash]
  • Add Runtime Warnings When TLS Verification Is Disabled or HTTP Is Enabled [#3101 #3396 @Dashtid]
  • Add support for the aarch64 architecture when parsing the version of Ruby gems in lockfiles [#3442 #3475 @msnandhis]
  • zsh completion fails [#2933 #3433 @brandtkeller]

(Full Changelog)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track grype

Get notified when new releases ship.

Sign up free

About grype

A vulnerability scanner for container images and filesystems

All releases →

Related context

Beta — feedback welcome: [email protected]