project-zot · rchincha · Mar 13, 2024 · Mar 13, 2024
diff --git a/.wordlist.txt b/.wordlist.txt
@@ -172,6 +172,7 @@ onboarding
 Onboarding
 onDemand
 onlySigned
+openjdk
 OpenAPI
 OpenID
 oras

diff --git a/docs/general/whats-new.md b/docs/general/whats-new.md
@@ -1,5 +1,31 @@
 # What's New
 
+## [v2.0.2](https://github.com/project-zot/zot/releases/tag/v2.0.2)
+
+### CVE Query Enhancements
+
+It is now possible to bisect CVEs (`zli cve diff`) between two image
+tags/versions in the same repository. Furthermore, a CVE query for a particular
+image tag can return a detailed description of CVEs.
+
+### Documentation for "Immutable Image Tags"
+
+A new article has been added to document how image tags can be made
+[immutable](../articles/immutable-tags.md).
+
+### Cross-repo tag search in UI
+
+You can now search for a tag across all repos by starting your query as
+':<tag>' in the UI, which will return all images that have that tag.
+
+### Support for [ORAS Artifacts](https://github.com/oras-project/artifacts-spec) removed
+
+[OCI distribution spec](https://github.com/opencontainers/distribution-spec)
+1.1.0 has added support "artifacts" which is likely to gain wider adoption.
+ORAS artifacts are not widely used or supported.
+
+    :warning:  Support is removed starting from this version.
+
 ## [v2.0.1](https://github.com/project-zot/zot/releases/tag/v2.0.1)
 
 ### Support for hot reloading of LDAP credentials file

diff --git a/docs/user-guides/zli.md b/docs/user-guides/zli.md
@@ -102,6 +102,16 @@ This example displays a list of all CVEs affecting a specific image:
     CVE-2015-8540     LOW       libpng: underflow read in png_check_keyword()
     CVE-2017-16826    LOW       binutils: Invalid memory access in the coff_s...
 
+This example (--verbose) displays a list of all CVEs affecting a specific image with details:
+
+    $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot --verbose
+    LOW 2, UNKNOWN 1, TOTAL 3
+
+    CVE-2015-8540
+    ...
+
+  Note that the details may display the package path in the image when the information is available.
+
 This example displays the detailed CVEs in JSON format:
 
     $ bin/zli cve list c3/openjdk-dev:0.3.19 --config remote-zot -f json
@@ -148,6 +158,16 @@ This example lists all images on a specific zot server where the CVE has been fi
     c3/openjdk-dev    commit-2674e8a-squashfs   b545b8ba  321MB
     c3/openjdk-dev    commit-d5024ec-squashfs   cd45f8cf  321MB
 
+This example lists all CVEs that have been found in one image and not the other:
+
+    $ bin/zli cve diff c3/openjdk-dev:1.0.0 c3/openjdk-dev:2.0.0 --config remote-zot
+
+    ID                SEVERITY  TITLE
+    CVE-2015-8540     LOW       libpng: underflow read in png_check_keyword()
+    CVE-2017-16826    LOW       binutils: Invalid memory access in the coff_s...
+
+  For example, the above query lists all CVEs that have been found in
+  c3/openjdk-dev:1.0.0 but not in c3/openjdk-dev:2.0.0
 
 ### Listing repositories
-Original file line number
+Diff line change
@@ Expand Up / @@ -172,6 +172,7 @@ onboarding @@
     Onboarding
     onDemand
     onlySigned
+    openjdk
     OpenAPI
     OpenID
     oras
@@ Expand Down @@