ReARM 26.03.124: Historical VDR Snapshots
2026-03-23
We're excited to announce a major release of ReARM v26.03.124. Detailed information is available on its release view on the ReARM Demo instance.
Note that this release introduces breaking change in the connectivity with ReARM CLI. This is due to the fact that we switching to using stateless CSRF protection and also added additional gzip configuration. Please make sure to upgrade to ReARM CLI version 26.03.12 or newer. We have also upgraded ReARM GitHub Actions and Azure DevOps extension to include this new version of ReARM CLI.
Also note that all ReARM Pro installations have already been upgraded to this version of ReARM and the latest version of ReARM CLI. However, if you are using ReARM CE, action is required on your side.
Historical VDR Snapshots
To support more audit requirements, ReARM now allows creating historical snapshots of VDR (Vulnerability Disclosure Report) data. Particularly, it is now possible to select a date for which you would like to export VDR for a particular release. Alternatively, you can also select a lifecycle event, for example, when the release was marked as "Ready to Ship" or "Shipped".
ReARM Pro users can additionally choose approval-based events. So it is possible to create VDR export for the time when specific approval was given for a release. This functionality will be further improved in future versions of ReARM where it would be possible to create an automated output event that would create VDR snapshot on configured input events. Later with introduction of VEX (Vulnerability Exploitability eXchange) support, same approach would be extended to VEX documents.
Improved User Management
We added further improvements to user management. Particularly, it is now possible to inactivate users and reactivate them. Inactive users are still visible in the system, but they cannot log in or perform any actions. In ReARM Pro, inactive users are not counted towards the license limit.
Error handling when updating user permissions has also been improved.
Performance, Monitoring and Security Improvements
On the performance side, analytics queries went through significant optimizations. Another performance improvement was made to the nginx settings, particular wide use of gzip compression.
On the security side, ReARM now verifies artifact digests as stored in the database before downloading them as an additional layer of protection against tampering.
We also added better logging support, and extended JSON'ised logs to more services.
Dependency Updates
This release contains number of dependency updates, including those fixing underlying CVEs in dependencies. ReARM users are encouraged to upgrade to this release to benefit from these fixes.
Release Identification
We are continuing to publish TEIs for all ReARM releases. TEI for this release: urn:tei:purl:demo.rearmhq.com:pkg:github/relizaio/rearm@26.03.124.