cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FlexNet Code Insight Electronic Update Release Notes

FlexNet Code Insight Electronic Update Release Notes

The following are the Release Notes available for FlexNet Code Insight Electronic Update releases:

2024 2023 2022 2021 2020

28-Mar-2024

13-Mar-2024

01-Mar-2024

05-Feb-2024

03-Jan-2024

28-Nov-2023
10-Nov-2023
27-Oct-2023
13-Oct-2023
14-Sep-2023
10-Aug-2023
23-Jun-2023
31-May-2023
04-May-2023
17-Apr-2023
24-Mar-2023
10-Mar-2023
24-Feb-2023
20-Feb-2023
30-Jan-2023
12-Jan-2023

22-Dec-2022
08-Dec-2022
29-Nov-2022
11-Nov-2022
02-Nov-2022
21-Oct-2022
18-Oct-2022
23-Sep-2022
13-Sep-2022
09-Sep-2022
29-Aug-2022
12-Aug-2022
18-Jul-2022
07-Jul-2022
28-Jun-2022
15-Jun-2022
13-May-2022
28-Apr-2022
13-Apr-2022
25-Mar-2022
14-Mar-2022
24-Feb-2022
10-Feb-2022
28-Jan-2022
13-Jan-2022
23-Dec-2021
16-Dec-2021
26-Nov-2021
11-Nov-2021
28-Oct-2021
18-Oct-2021
01-Oct-2021
13-Sep-2021
30-Aug-2021
27-Jul-2021
24-Jun-2021
11-Jun-2021
28-May-2021
14-May-2021
22-Apr-2021
10-Apr-2021
25-Mar-2021
11-Mar-2021
20-Oct-2020
11-Sep-2020
28-Aug-2020
14-Aug-2020
03-Aug-2020
17-Jul-2020
30-Jun-2020
15-Jun-2020
01-Jun-2020
18-May-2020
04-May-2020
17-Apr-2020
03-Apr-2020



Changes in Update Released on 28-March-2024

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
FLEX-4584

Github Security Advisory is an addition to our list of vulnerability feeds.

SCA-52359

Update license mappings for GNU GCC component

SCA-51961

License detection automation for licenses like Simple Public License 2.0, SleepyCat License etc

SCA-52405

Updated incorrect Apache licenses for components in Pypi forge

SCA-52301,  SCA-52623

Addition/Update component, version and license details for below mentioned components

New/Update component requests:

New/Update license requests: 

Collector Status

Name Date of Last Successful Run
npm 3/27/2024
crates 8/25/2022
cpan 3/21/2024
cocoapods 3/26/2024
clojars 3/21/2024
rubygems 3/21/2024
maven-google 3/22/2024
cran 3/23/2024
hackage 3/24/2024
packagist 3/24/2024
go 3/25/2024
pypi 3/25/2024
nuget gallery 3/21/2024
maven2-ibiblio 3/21/2024
github 3/26/2024
fedora-koji 3/21/2024
alpine 3/27/2024
gitlab 6/6/2023
debian 3/25/2024

Changes in Update Released on 13-March-2024

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-52086

Fixed false positive vulnerability for the component snappy-java.

SCA-51389

Publishing EPSS scores to PDL update package

Collector Status

Name Date of Last Successful Run
npm 3/08/2024
crates 8/25/2022
cpan 3/07/2024
cocoapods 3/05/2024
clojars 3/07/2024
rubygems 3/07/2024
maven-google 3/08/2024
cran 3/09/2024
hackage 3/10/2024
packagist 3/03/2024
go 3/06/2024
pypi 3/04/2024
nuget gallery 2/29/2024
maven2-ibiblio 2/27/2024
github 3/11/2024
fedora-koji 3/08/2024
alpine 3/06/2024
gitlab 6/6/2023
debian 3/11/2024




Changes in Update Released on 01-March-2024

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-52077

Fixed False Negative Vulnerability for PostGres SQL driver 

SCA-51813,  SCA-51823, SCA-51828

Updated license detection and license evidence mechanism for licenses like CDDL , Public Domain, BSD, GPL-2.0

SCA-51814

Updated component detection mechanism for libtommath component

SCA-51907

Added/Updated components, versions and license mappings for components like Json in Java, async etc

SCA-52018

Fixed license mappings for component "justmock" from Nuget forge

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • CDDL-1.0
  • CDDL-1.1
  • GPL-2.0
  • BSD-Style
  • Public Domain

New/Update component requests:

  • libtommath
  • async
  • Json in Java

New/Update license requests: 

Collector Status

Name Date of Last Successful Run
npm 2/26/2024
crates 8/25/2022
cpan 2/22/2024
clojars 2/22/2024
rubygems 2/22/2024
maven-google 2/23/2024
cran 2/24/2024
hackage 2/25/2024
packagist 2/25/2024
go 2/26/2024
pypi 2/26/2024
nuget gallery 2/22/2024
maven2-ibiblio 2/14/2024
github 2/27/2024
fedora-koji 2/23/2024
alpine 2/28/2024
gitlab 6/6/2023
debian 2/26/2024




Changes in Update Released on 05-February-2024

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-51559

Fix to handle "rejected" cves from NVD in data library.

SCA-38151, 

SCA-51747,  SCA-51959

Addition/update license evidence mechanism and license detection capability for licenses like Yahoo! Public License, Open Software License, NASA Open Source Agreement, Sleepycat License etc

SCA-51269,  SCA-51036,  SCA-51858

 

Added/updated component, version, license or license mappings in data library for the requested components, details are in the separate sections below.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • SIL Open Font License 1.1

  • Yahoo! Public License v1.0

  • Yahoo! Public License v1.1

  • Open Software License 1.0

  • Open Software License 1.1

  • Open Software License 2.0

  • Open Software License 2.1

  • Open Software License 3.0

  • Multics License

  • NASA Open Source Agreement 1.3

  • Naumen Public License

  • Apple Public Source License 1.0

  • CUA Office Public License v1.0

  • Simple Public License 2.0

  • Sleepycat License

  • SugarCRM Public License v1.1.3

  • Independent JPEG Group License

New/Update component requests:

  • ljharb-define-data-property (Component_id:31686787)

  • editd-jquery-menu-aim (Component_id:31686788)

  • ljharb-set-function-length (Component_id:31686789)

  • imagegear-net-samples (Component_id: 31490027)

  • The-Ultimate-Toolbox-Application-Skins (Component_id: 31490026)
  • SNMP4j (Component_id: 31490028)
  • OpenSSL Project (Component_id: 58316)
  • Bouncy Castle Crypto Csharp (Component_id: 11253334)

New/Update license requests: 

Collector Status

Name Date of Last Successful Run
npm 1/24/2024
crates 8/25/2022
cpan 1/18/2024
clojars 1/18/2024
rubygems 1/18/2024
maven-google 1/19/2024
cran 1/20/2024
hackage 1/21/2024
packagist 1/21/2024
go 1/22/2024
pypi 1/08/2024
nuget gallery 1/11/2024
maven2-ibiblio 1/10/2024
github 1/23/2024
fedora-koji 1/17/2024
alpine 1/24/2024
gitlab 6/6/2023
debian 1/22/2024




Changes in Update Released on 03-January-2024

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to Apache Struts Components

Added vulnerability information to the following apache-struts components:

Component ID Name URL
33042 apache-struts http://struts.apache.org
565248 struts2-core https://repo1.maven.org/maven2/org/apache/struts/struts2-core
738786 apache-struts https://github.com/apache/struts
5398957 struts http://struts.apache.org/

Related to Vulnerability CVEs

CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164).

Issues/Bugs Addressed

Issue ID Issue Summary

SCA-51793

Addition of vulnerability mappings for Apache struts component for CVE-2023-50164 (https://nvd.nist.gov/vuln/detail/CVE-2023-50164).

Updated component/version info for the below components

SCA-51532

Addition of new licenses to data library MICROSOFT.WEB.XDT and MICROSOFT ASP.NET SIGNALR and also updating component/version information for Nuget components

SCA-51265,  SCA-51033

Updating component/version information for Npmjs/Pypi components.

Collector Status

Name Date of Last Successful Run
npm 12/28/2023
crates 8/25/2022
cpan 12/28/2023
clojars 12/28/2023
rubygems 12/21/2023
maven-google 12/22/2023
cran 12/23/2023
hackage 12/24/2023
packagist 12/24/2023
go 12/27/2023
pypi 12/27/2023
nuget gallery 12/21/2023
maven2-ibiblio 12/06/2023
github 12/27/2023
fedora-koji 12/13/2023
alpine 12/27/2023
gitlab 6/6/2023
debian 12/25/2023




Changes in Update Released on 28-November-2023

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-48882

Addition of Cocoapods forge to our list of forge collection

SCA-51152

Addition of new component detection capability for the component NTAP/Quant

New Component Detection Rules

  • NTAP/Quant

Collector Status

Name Date of Last Successful Run
npm 8/15/2023
crates 8/25/2022
cpan 11/16/2023
clojars 11/16/2023
rubygems 11/16/2023
maven-google 11/17/2023
cran 11/18/2023
hackage 11/19/2023
packagist 11/19/2023
go 11/17/2023
pypi 11/13/2023
nuget gallery 11/09/2023
maven2-ibiblio 11/23/2023
github 11/24/2023
fedora-koji 11/26/2023
alpine 11/15/2023
gitlab 6/6/2023
debian 11/20/2023

Changes in Update Released on 10-November-2023

This update includes the changes described in the following sections.

Updates to Apache Activemq Components

Added vulnerability information to the following activemq components:

Component ID Component Name URL
58129 apache-activemq http://activemq.apache.org/ 
173954 apache-activemq https://github.com/apache/activemq 
573649 activemq-all https://repo1.maven.org/maven2/org/apache/activemq/activemq-all 
581532 apache-activemq https://repo1.maven.org/maven2/org/apache/activemq/apache-activemq 
596014 activemq-openwire-legacy https://repo1.maven.org/maven2/org/apache/activemq/activemq-openwire-legacy 
30391285 activemq https://tracker.debian.org/pkg/activemq 

Related to Vulnerability CVEs

CVE-2023-46604 (https://nvd.nist.gov/vuln/detail/CVE-2023-46604)

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-50558

License Evidence - "OpenSSL License" Evidence is missing on scanning "attribution-file.zip" file.

SCA-38149

Addition of License evidence mechanism and license detection capabilities to licenses like "Sax Public Domain Notice", "The unlicense" etc

SCA-50018

Updated license evidence mechanism and license detection capability for "IBM Public License v1.0" as the License evidence was missing on scanning "autoglyph.c" file

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Sax Public Domain Notice

  • University of Illinois/NCSA Open Source License

  • The Unlicense

  • Vovida Software License v1.0

  • W3C Software Notice and License (2002-12-31)

  • X.Net  License

  • XFree86 License 1.1

  • Zend License v2.0

  • Zope Public License 1.1

  • Zope Public License 2.0

  • Zope Public License 2.1

Collector Status

Name Date of Last Successful Run
npm 8/15/2023
crates 8/25/2022
cpan 11/02/2023
clojars 11/09/2023
rubygems 11/02/2023
maven-google 11/03/2023
cran 11/04/2023
hackage 11/05/2023
packagist 11/05/2023
go 11/06/2023
pypi 11/06/2023
nuget gallery 11/02/2023
maven2-ibiblio 11/01/2023
github 11/08/2023
fedora-koji 11/03/2023
alpine 11/08/2023
gitlab 6/6/2023
debian 11/06/2023

Changes in Update Released on 27-October-2023

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-50609

Resolved False Positive vulnerabilities being detected for Component ckan (Id: 21948217) with version 0.6 (Id: 117793043).

SCA-49864

Addition of vulnerability mappings to Chart.js 1.0.2 for CVE-2020-7746

SCA-49752

Enhanced the Debian collector to collect more packages from different folders like non-free, non-free-firmware, contrib

SCA-48039

Resolved False Positive vulnerabilities for components like "bootstrap" and "commons-collections"

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Reciprocal Public License 1.1

  • Reciprocal Public License 1.5

  • Red Hat eCos Public License v1.1

  • SGI Free Software License B v1.0

  • SGI Free Software License B v1.1

  • SGI Free Software License B v2.0

  • SHL-2.0

  • SHL-2.1

  • SWI-exception

  • Swift-exception

  • Universal-FOSS-exception-1.0

  • vsftpd-openssl-exception

  • Autoconf-exception-generic

  • Autoconf-exception-macro

  • Asterisk-exception

  • cryptsetup-OpenSSL-exception

  • LLGPL

  • OCaml-LGPL-linking-exception

  • PS-or-PDF-font-exception-20170817

  • QPL-1.0-INRIA-2004-exception

  • GNAT-exception

  • x11vnc-openssl-exception

  • Qt-GPL-exception-1.0

  • Qt-LGPL-exception-1.1

Collector Status

Name Date of Last Successful Run
npm 8/15/2023
crates 8/25/2022
cpan 10/19/2023
clojars 10/19/2023
rubygems 10/19/2023
maven-google 10/13/2023
cran 10/21/2023
hackage 10/22/2023
packagist 10/22/2023
go 10/23/2023
pypi 10/16/2023
nuget gallery 10/15/2023
maven2-ibiblio 9/27/2023
github 10/23/2023
fedora-koji 10/20/2023
alpine 10/18/2023
gitlab 6/6/2023
debian 10/23/2023

Changes in Mini Update Released on 13-October-2023

This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-50859

Addition of vulnerabilities "CVE-2023-38545" and "CVE-2023-38546" to curl/libcurl and related components

Updates to Curl and Libcurl Components

Added vulnerability information to the following Curl/Libcurl components:

Component ID Component Name URL
372 curl https://sourceforge.net/projects/curl
63745 libcurl https://directory.fsf.org/wiki?title=Libcurl&oldid=416 
5400074 libcurl http://curl.haxx.se/
5406656 curl http://curl.haxx.se/ 
7466892 curl http://curl.haxx.se 
12395199 curl-curl https://github.com/curl/curl
12960352 curl https://directory.fsf.org/wiki?title=Curl&oldid=17934
27213212 curl https://koji.fedoraproject.org/koji/packageinfo?packageID=curl
29960949 libcurl https://pkgs.alpinelinux.org/package/v3.18/main/x86_64/libcurl 
29968624 curl https://pkgs.alpinelinux.org/package/v3.18/main/x86_64/curl
30362751 curl https://tracker.debian.org/pkg/curl
22012687 pycurl https://pypi.org/pypi/pycurl 
4595372 pycurl-pycurl https://github.com/pycurl/pycurl 
8180 pycurl https://sourceforge.net/projects/pycurl 
21868341 pycurl https://directory.fsf.org/wiki?title=PycURL&oldid=2278 
3518205 curl https://www.nuget.org/packages/curl
22329315 curl-vc140-static-32_64 https://www.nuget.org/packages/curl-vc140-static-32_64 

 

Related to vulnerability CVEs:

  1. CVE - 2023-38545 (https://nvd.nist.gov/vuln/detail/CVE-2023-38545)
  2. CVE - 2023-38546 (https://nvd.nist.gov/vuln/detail/CVE-2023-38546)
Issue ID Issue Summary

SCA-50859

Addition of vulnerabilities "CVE-2023-38545" and "CVE-2023-38546" to curl/libcurl and related components

Changes in Update Released on 14-September-2023

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-49924

Enhanced the SPDX collector to collect license exceptions from spdx.org and add to our data library.

SCA-49081, SCA-49078

Added License detection capability and license evidence mechanism (licenses mentioned below)

SCA-48734

Updated version for Npm component content-type (https://www.npmjs.com/package/content-type) and license information for nuget component castle.core (https://www.nuget.org/packages/Castle.Core)

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • i2p-gpl-java-exception
  • u-boot-exception-2.0
  • Qwt-exception-1.0
  • Linux-syscall-note
  • LLVM-exception
  • LZMA-exception
  • mif-exception
  • OCCT-exception-1.0
  • OpenJDK-assembly-exception-1.0
  • openvpn-openssl-exception
  • WxWindows-exception-3.1
  • DigiRule-FOSS-exception
  • eCos-exception-2.0
  • Fawkes-Runtime-exception
  • FLTK-exception<
  • Font-exception-2.0
  • freertos-exception-2.0
  • GCC-exception-2.0
  • GCC-exception-3.1
  • gnu-javamail-exception
  • Libtool Exception
  • GPL-3.0-interface-exception
  • GPL-3.0-linking-exception
  • GPL-3.0-linking-source-exception
  • GPL-CC-1.0
  • GStreamer-exception-2005
  • GStreamer-exception-2008
  • KiCad-libraries-exception
  • LGPL-3.0-linking-exception
  • libpri-OpenH323-exception
  • SHL-2.0
  • SHL-2.1
  • SWI-exception
  • Swift-exception
  • Universal-FOSS-exception-1.0
  • vsftpd-openssl-exception
  • Autoconf-exception-generic
  • Autoconf-exception-macro
  • Asterisk-exception
  • cryptsetup-OpenSSL-exception

Collector Status

Name Date of Last Successful Run
npm 8/15/2023
crates 8/25/2022
cpan 9/07/2023
clojars 9/07/2023
rubygems 9/07/2023
maven-google 9/08/2023
cran 9/09/2023
hackage 9/10/2023
packagist 9/10/2023
go 9/11/2023
pypi 9/11/2023
nuget gallery 9/07/2023
maven2-ibiblio 8/30/2023
github 8/25/2023
fedora-koji 9/11/2023
alpine 9/13/2023
gitlab 6/6/2023
debian 9/11/2023




Changes in Update Released on 10-August-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-49244

Detection of OpenSC component.

SCA-49077, SCA-49076, SCA-49074, SCA-49072

Added License detection capability and license evidence mechanism.

SCA-48974

Alpine Zlib Missing Vulnerability

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • AdaCore-doc

  • Bitstream-Charter

  • Brian-Gladman-3-Clause

  • BSD-4.3RENO

  • BSD-4.3TAHOE

  • CFITSIO

  • checkmk

  • CMU-Mach

  • Cornell-Lossless-JPEG

  • DRL-1.0

  • FSFULLRWD

  • Graphics-Gems

  • HPND-Markus-Kuhn

  • HPND-export-US

  • IEC-Code-Components-EULA

  • IJG-short

  • JPL-image

  • Kazlib

  • Knuth-CTAN

  • libutil-David-Nugent

  • Linux-syscall-note

  • snprintf

  • Symlinks

  • TPDL

  • TTWL

  • w3m

  • xlock

  • Loop

  • Martin-Birgmeier

  • Minpack

  • MIT-Wu

  • mpi-permissive

  • NICTA-1.0

  • OFFIS

  • 389-exception

  • Autoconf-exception-2.0

  • Autoconf-exception-3.0

  • Bison-exception-2.2

  • Bootloader-exception

  • Classpath-exception-2.0

  • CLISP-exception-2.0

New Component Detection Rules

  • OpenSC

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • Zlib (Alpine)

Collector Status

Name Date of Last Successful Run
npm 8/7/2023
crates 8/25/2022
cpan 8/3/2023
clojars 8/3/2023
rubygems 8/3/2023
maven-google 8/4/2023
cran 8/5/2023
hackage 8/6/2023
packagist 8/6/2023
go 8/7/2023
pypi 7/31/2023
nuget gallery 8/1/2023
maven2-ibiblio 6/14/2023
github 7/14/2023
fedora-koji 8/8/2023
alpine 8/2/2023
gitlab 6/6/2023
debian 8/7/2023




Changes in Update Released on 23-June-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-44211

Enhancements for License text extraction to improve the Third Party Notices text reports

SCA-48496

Fixed the false positive vulnerability CVE-2017-15288 for scala-java8-compat_2.12

SCA-48430

Updated vulnerability information for 7-zip component

SCA-44156

License cleanup for Bitstream license in our data library

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Apache-2.0
  • Apache-1.0
  • Nethack General Public License
  • Netizen Open Source License
  • Nokia Open Source License
  • Non-Profit Open Software License 3.0
  • OCLC Research Public License 2.0
  • Open Data Commons Open Database License v1.0
  • Open Data Commons Public Domain Dedication & License 1.0
  • Open Group Test Suite License
  • Open Public License v1.0
  • OpenSSL License

New Component Detection Rules

  • Lua
  • Linux Kernel

Collector Status

Name Date of Last Successful Run
npm 6/19/2023
crates 8/25/2022
cpan 6/22/2023
clojars 6/15/2023
rubygems 6/15/2023
maven-google 6/15/2023
cran 6/17/2023
hackage 6/18/2023
packagist 6/18/2023
go 6/21/2023
pypi 2/13/2023
nuget gallery 6/1/2023
maven2-ibiblio 6/14/2023
github 6/3/2023
fedora-koji 6/21/2023
alpine 6/21/2023
gitlab 6/6/2023
debian 6/19/2023




Changes in Update Released on 31-May-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-41334

Addition of Debian Packages Collection to our list of forge collections

SCA-47928

Extracting License Text from .py files

SCA-46100

Adding the missing priority to licenses and updating the incorrect ones in data library

SCA-47100

Updated vulnerabilities and versiosn for openssh component

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • libpng License

  • Lucent Public License Version 1.0

  • Lucent Public License v1.02

  • Microsoft Public License

  • Microsoft Reciprocal License

  • The MirOS Licence

  • Motosoto License

  • Eurosym License

  • Fair License

  • Frameworx Open License 1.0

  • FreeBSD Documentation License

  • Freetype Project License

  • gSOAP Public License v1.3b

  • Historical Permission Notice and Disclaimer

  • IBM Public License v1.0

  • iMatix Standard Function Library Agreement

  • Imlib2 License

Collector Status

Name Date of Last Successful Run
npm 1/31/2023
crates 8/25/2022
cpan 5/25/2023
clojars 5/25/2023
rubygems 5/25/2023
maven-google 5/26/2023
cran 5/27/2023
hackage 5/28/2023
packagist 5/28/2023
go 5/29/2023
pypi 2/13/2023
nuget gallery 4/6/2023
maven2-ibiblio 1/18/2023
github 5/29/2023
fedora-koji 5/25/2023
alpine 5/4/2023
gitlab 5/30/2023
debian 5/4/2023




Changes in Update Released on 04-May-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-47510 Enhancement to Nuget Collector to extract Notices Text from .cpp and .h files.
SCA-47790 Updated license mappings, license evidence and license detection capabilities for iText Commercial License related to the component itext7.

Collector Status

Name Date of Last Successful Run
npm 1/31/2023
crates 8/25/2022
cpan 4/6/2023
clojars 2/9/2023
rubygems 4/6/2023
maven-google 4/7/2023
cran 4/8/2023
hackage 4/9/2023
packagist 2/13/2023
go 4/10/2023
pypi 2/13/2023
nuget gallery 4/6/2023
maven2-ibiblio 1/18/2023
github 2/14/2023
fedora-koji 2/13/2023
alpine 4/5/2023
gitlab 11/19/2022




Changes in Update Released on 17-April-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-44500

Integration of PURL to collector - Github

SCA-46813

Enhancement to Npmjs to extract Notices Text from .mkd file.

SCA-47062

Updated vulnerabilities for the component Xstream 1.4.19.

SCA-47493

Fixed the false positive license evidences related to Baekmuk License

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Clarified Artistic License
  • Code Project Open License 1.02
  • Common Development and Distribution License 1.0
  • Common Development and Distribution License 1.1
  • Common Public Attribution License 1.0
  • Common Public License 1.0
  • Computer Associates Trusted Open Source License 1.1
  • Condor Public License v1.1
  • LaTeX Project Public License v1.0
  • LaTeX Project Public License v1.1
  • LaTeX Project Public License v1.2
  • LaTeX Project Public License v1.3a
  • LaTeX Project Public License v1.3c

New/Update Component Requests

  • microsoft-sql-server-2017-reporting-services
  • microsoft-sql-server-2019-reporting-services
  • microsoft-sql-server-2022-reporting-services
  • Windows 10 SDK

Collector Status

Name Date of Last Successful Run

crates

8/25/2022

gitlab

11/19/2022

maven2-ibiblio

01/10/2022

go

04/10/2023

cpan

04/06/2023

fedora-koji

02/13/2023

clojars

02/09/2023

rubygems

04/06/2023

maven-google

04/07/2023

cran

04/08/2023

hackage

04/09/2023

packagist

02/05/2023

npm

1/31/2023

nuget gallery

04/06/2023

alpine

04/05/2023

pypi

02/13/2023

github

02/14/2023




Changes in Update Released on 24-March-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-44498, SCA-44503, SCA-45457

Integration of PURL to Alpine, Rubygems, Go in the data library

SCA-46214

Generic Mapper is an addition to our vulnerability mappers . This is an enhancement to the existing NPMJS mapper to include Maven and Packagist and make it a generic one.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • 3dfx Glide License
  • Academic Free License v1.1
  • Academic Free License v1.2
  • Academic Free License v2.0
  • Academic Free License v2.1
  • Academic Free License v3.0
  • Adaptive Public License 1.0
  • Adobe Systems Incorporated Source Code License Agreement
  • Giftware License
  • Adobe Glyph List License
  • Apple Public Source License 1.0
  • Apple Public Source License 1.1
  • Apple Public Source License 1.2
  • Apple Public Source License 2.0
  • Artistic License 1.0
  • Artistic License 2.0
  • Beerware License
  • eCos license version 2.0
  • Educational Community License v1.0
  • Educational Community License v2.0
  • Educational Community License v2.0
  • Attribution Assurance License
  • Apache License 1.0
  • Apache License 1.1
  • Apache License 2.0
  • Eiffel Forum License v1.0
  • Eiffel Forum License v2.0
  • Amazon Digital Services License
  • ANTLR Software Rights Notice
  • ANTLR Software Rights Notice with license fallback
  • Adobe Postscript AFM License

Collector Status

Name Date of Last Successful Run
npm 1/31/2023
crates 8/25/2022
cpan 3/23/2023
clojars 2/9/2023
rubygems 3/23/2023
maven-google 2/10/2023
cran 3/18/2023
hackage 2/12/2023
packagist 2/5/2023
go 3/24/2023
pypi 2/13/2023
nuget gallery 3/16/2023
maven2-ibiblio 1/18/2023
github 2/14/2023
fedora-koji 2/13/2023
alpine 3/22/2023
gitlab 11/19/2022




Changes in Update Released on 10-March-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-44820

NPM Notices Text: Fixing the Missing release_license_text mappings for Npm components

SCA-46203, SCA-44502

Integration of PURL to the collectors Npmjs and Nuget

SCA-47061

Addition of cocoapods forge to our data library

SCA-46161, SCA-46144, SCA-42593, SCA-46477

Fixed false positive vulnerabilities for components like android-json, prometheus_client 0.15.0, jqueryui, Microsoft Reportviewer and Microsoft vcruntime etc.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Sendmail
  • SISSL
  • SISSL-1.2
  • SMLNJ
  • SMPPL
  • SNIA
  • Spencer-86
  • Spencer-94
  • Spencer-99
  • TCL
  • TCP-wrappers
  • TORQUE-1.1
  • TOSL
  • u-boot-exception-2.0
  • Unicode-DFS-2015
  • Unicode-DFS-2016
  • Unicode-TOU
  • UPL-1.0
  • VOSTROM
  • W3C-20150513
  • W3C-19980720
  • Wsuipa
  • WTFPL
  • X11
  • Xerox
  • Xpp
  • XSkat
  • Zed
  • Zimbra-1.4
  • Zimbra-1.3
  • zlib-acknowledgement
  • zlib
  • UCL-1.0
  • SSPL-1.0
  • SHL-0.5
  • SHL-0.51
  • Sendmail-8.23
  • PSF-2.0
  • TAPR-OHL-1.0
  • PolyForm-Small-Business-1.0.0
  • PolyForm-Noncommercial-1.0.0
  • Parity-7.0.0
  • Parity-6.0.0
  • OGL-UK-1.0
  • OGL-UK-2.0
  • OGL-UK-3.0
  • OGL-Canada-2.0
  • OGDL-Taiwan-1.0
  • TU-Berlin-1.0
  • TU-Berlin-2.0
  • SSH-OpenSSH
  • SSH-short

Collector Status

Name Date of Last Successful Run
npm 1/31/2023
crates 8/25/2022
cpan 2/9/2023
clojars 2/9/2023
rubygems 2/10/2023
maven-google 2/10/2023
cran 2/11/2023
hackage 2/12/2023
packagist 2/13/2023
go 2/14/2023
pypi 2/15/2023
nuget gallery 2/15/2023
maven2-ibiblio 1/18/2023
github 2/15/2023
fedora-koji 2/15/2023
alpine 2/15/2023
gitlab 11/19/2022




Changes in Update Released on 24-February-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-46545

Update License URL of OpenPBS License v2.3 in the data library

SCA-44499

Integration of Purl to Cran collector

Collector Status

Name Date of Last Successful Run
gitlab 11/19/2022
npm 1/31/2023
crates 8/25/2022
cpan 2/9/2023
clojars 2/9/2023
rubygems 2/10/2023
maven-google 2/10/2023
cran 2/11/2023
hackage 2/12/2023
packagist 2/13/2023
go 2/14/2023
alpine 2/15/2023
fedora-koji 2/15/2023
pypi 2/15/2023
github 2/15/2023
nuget gallery 2/15/2023
maven2-ibiblio 1/18/2023




Changes in Update Released on 20-February-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to OpenSSL Component

Added vulnerability information to the following openSSL components:

Related to Vulnerability CVEs:

 

Issue ID Issue Summary

SCA-45980

Review and add the license priority for "commercial license" in licenses table

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • PostgreSQL
  • psfrag
  • psutils
  • Qhull
  • QPL-1.0
  • Rdisc
  • RSA-MD
  • Saxpath
  • SCEA

New/Update Component Requests

  • krig-parallax
  • inuitcss-generic.normalize

Collector Status

Name Date of Last Successful Run
gitlab 11/19/2022
maven2-ibiblio 1/18/2023
alpine 2/8/2023
npm 1/31/2023
crates 8/25/2022
cpan 2/9/2023
clojars 2/9/2023
rubygems 2/10/2023
maven-google 2/10/2023
cran 2/11/2023
hackage 2/12/2023
fedora-koji 2/12/2023
packagist 2/13/2023
go 2/14/2023
pypi 2/15/2023
github 2/15/2023
nuget gallery 2/15/2023




Changes in Update Released on 30-January-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-45333

SPDX Collector: Populate license_attribute values for all the licenses

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • NetCDF
  • Newsletr
  • NLOD-1.0
  • NLOD-2.0
  • NLPL
  • OLDAP-1.1
  • OLDAP-1.2
  • OLDAP-1.3
  • OLDAP-1.4
  • OLDAP-2.0
  • OLDAP-2.0.1
  • OLDAP-2.1
  • OLDAP-2.2
  • OLDAP-2.2.1
  • OLDAP-2.2.2
  • OLDAP-2.4
  • OLDAP-2.5
  • OLDAP-2.6
  • OLDAP-2.7

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • Tcexam

Collector Status

Name Date of Last Successful Run

crates

8/25/2022

gitlab

11/19/2022

maven2-ibiblio

1/18/2023

go

1/23/2023

cpan

1/19/2023

fedora-koji

1/23/2023

clojars

1/19/2023

rubygems

1/20/2023

maven-google

1/20/2023

cran

1/21/2023

hackage

1/22/2023

packagist

1/23/2023

npm

1/23/2023

nuget gallery

1/18/2023

alpine

1/18/2023

pypi

1/18/2023

github

1/23/2023




Changes in Update Released on 12-January-2023

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-45214

Fixed missing vulnerability issue for component dom4j

SCA-44820

Fixed the missing release_license_text mappings for Npm components

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • MITNFA
  • mpich2
  • MTLL
  • Mup
  • NBPL-1.0
  • OSET-PL-2.1
  • Plexus
  • Artistic-1.0
  • Artistic-1.0-cl8
  • Artistic-1.0-Perl
  • Artistic-2.0
  • Noweb
  • NRL
  • Nunit
  • OCCT-PL
  • OML

New/Update Component Requests

  • Microsoft Capicom
  • Microsoft Enterprise Library 5
  • Microsoft .NET Framework

Collector Status

Name Date of Last Successful Run
crates 8/25/2022
gitlab 11/19/2022
maven2-ibiblio 12/22/2022
go 1/4/2023
cpan 1/5/2023
fedora-koji 1/5/2023
clojars 1/5/2023
rubygems 1/6/2023
maven-google 1/6/2023
cran 1/7/2023
hackage 1/8/2023
packagist 1/9/2023
npm 1/10/2023
nuget gallery 1/10/2023
alpine 1/11/2023
pypi 1/11/2023
github 1/11/2023




Changes in Update Released on 22-December-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-44946

Nuget version level licenses - Support for new licenses

SCA-44702

Update the Component versions for nvuillam-npm-groovy-lint

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Leptonica

  • LGPLLR

  • libtiff

  • LiLiQ-P-1.1

  • LiLiQ-Rplus-1.1

  • LiLiQ-R-1.1

  • MakeIndex

  • Net-SNMP

Collector Status

Name Date of Last Successful Run
crates 8/25/2022
gitlab 11/19/2022
cpan 12/15/2022
clojars 12/15/2022
rubygems 12/16/2022
maven-google 12/16/2022
cran 12/17/2022
hackage 12/18/2022
packagist 12/19/2022
alpine 12/21/2022
fedora-koji 12/21/2022
npm 12/21/2022
pypi 12/21/2022
nuget gallery 12/21/2022
go 12/22/2022
github 12/22/2022
maven2-ibiblio 12/22/2022




Changes in Update Released on 08-December-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-44052

Added Spice Software License and detection rules.

SCA-43599

Nuget Collector: Enhancement to collect version level licenses.

SCA-44396

Invalid URL's in the description for some of the components.

SCA-44439

Alpine Collector Enhancements - Version Level Date Enhancements.

SCA-44438

Alpine Collector Enhancements - RepoURL Enhancements.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • ICU
  • ImageMagick
  • Intel-ACPI
  • Interbase-1.0
  • JasPer-2.0
  • LAL-1.2
  • LAL-1.3
  • GL2PS
  • Glulxe
  • Gnuplot
  • FSFUL
  • HaskellReport
  • IBM-pibs
  • Latex2e

New/Update Component Requests

  • None

Collector Status

Name Date of Last Successful Run
crates 8/25/2022
npm 12/08/2022
pypi 10/18/2022
alpine 11/30/2022
gitlab 11/19/2022
cpan 12/08/2022
rubygems 12/08/2022
clojars 12/08/2022
github 12/07/2022
maven-google 12/02/2022
fedora-koji 12/07/2022
cran 12/03/2022
nuget gallery 12/01/2022
hackage 12/04/2022
packagist 12/04/2022
go 12/07/2022
maven2-ibiblio 11/28/2022




Changes in Update Released on 29-November-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-44021

Addition of Go vulnerability mapper to the list of our automated vulnerability mappers

SCA-44283

Added the license Microsoft .Net Compiler Platform Redistributable Packages Preview to the data library

SCA-44290

Updated the invalid urls of few Go forge components like Alamofire/AlamofireImage, BoltsFramework/Bolts-Swift and bitstadium/hockeykit.

SCA-44376

Updating license information for the components jquery (id: 3526090)

SCA-44397, SCA-43635

Fixed false positive vulnerability for the components like system.threading.tasks nuget package and MySQL NPM module.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Qt-GPL-exception-1.0.txt

  • SchemeReport.txt

  • SWL.txt

  • Universal-FOSS-exception-1.0.txt

  • X11-distribute-modifications-variant.txt

  • XSkat.txt

  • CECILL-1.0

  • CECILL-1.1

  • CECILL-2.0

  • CECILL-2.1

  • CECILL-B

  • CECILL-C

  • MPL-1.0

  • MPL-1.1

  • MPL-2.0

  • MPL-2.0-no-copyleft-exception

  • NPL-1.0

  • NPL-1.1

  • MIT License

  • MIT-open-group

  • X11

  • X11-distribute-modifications-variant

  • XSkat

  • SWL

  • SchemeReport

New/Update Component Requests

  • XIPH Flac
  • XORG XServer

Collector Status

Name Date of Last Successful Run
crates 8/25/2022
npm 10/11/2022
pypi 10/18/2022
alpine 11/8/2022
gitlab 11/19/2022
cpan 11/24/2022
rubygems 11/24/2022
clojars 11/24/2022
github 11/24/2022
maven-google 11/25/2022
fedora-koji 11/26/2022
cran 11/26/2022
nuget gallery 11/26/2022
hackage 11/27/2022
packagist 11/28/2022
go 11/28/2022
maven2-ibiblio 11/28/2022




Changes in Update Released on 11-November-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-44237

Addition of missing vulnerabilities for junit(componentId: 437385)

SCA-44183

Addition of missing vulnerabilities for xercesimpl and spring-data-mongodb

SCA-44075

Update license text for the license Microsoft .NET Library License

SCA-44065 Fixing license evidences for net-tools component
SCA-41333 Addition of Alpine forge to list of our forge data collection

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • mplus.txt

  • MulanPSL-1.0.txt

  • MulanPSL-2.0.txt

  • NAIST-2003.txt

  • NCGL-UK-2.0.txt

  • NIST-PD-fallback.txt

  • NIST-PD.txt

  • NTP-0.txt

  • O-UDA-1.0.txt

  • ODC-By-1.0.txt

  • OpenJDK-assembly-exception-1.0.txt

  • OPUBL-1.0.txt

  • MIT-0

  • MIT-CMU

  • MIT-enna

  • MIT-feh

  • MIT-Modern-Variant.txt

  • MIT-open-group.txt

New/Update Component Requests

  • Google Play Services Android
  • android-support-library-v13
  • TrafficWatcher
  • ata-project
  • Telerik UI for ASP.NET MVC Components
  • Microsoft.Data.SqlClient.SNI.runtime
  • microsoft.aspnet.webapi.tracing
  • Microsoft SQL Server Compact 3.5 Service Pack 2

Collector Status

Name Date of Last Successful Run
alpine 11/8/2022
crates 8/25/2022
npm 10/11/2022
pypi 10/18/2022
cran 10/22/2022
maven2-ibiblio 10/27/2022
clojars 11/3/2022
rubygems 11/3/2022
maven-google 11/4/2022
cpan 11/4/2022
nuget gallery 11/5/2022
hackage 11/6/2022
packagist 11/7/2022
go 11/9/2022
github 11/9/2022
gitlab 11/9/2022
fedora-koji 11/10/2022




Changes in Mini Update Released on 02-November-2022

This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to OpenSSL Component

Added vulnerability information to the following openSSL components:

Related to vulnerability CVEs:

  1. CVE - 2022-3786 (https://nvd.nist.gov/vuln/detail/CVE-2022-3786 )
  2. CVE - 2022-3602 (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 )

 

Issue ID Issue Summary
SCA-44311

Addition of new vulnerabilities related to OpenSSL component




Changes in Mini Update Released on 21-October-2022

This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to Apache Commons Text Component

Added vulnerability information to the apache-commons-text component (https://github.com/apache/commons-text ) related to vulnerability cve

  1. CVE-2022-42889 (https://nvd.nist.gov/vuln/detail/CVE-2022-42889 )
Issue ID Issue Summary
SCA-44223

Mapping new vulnerability CVE-2022-42889 to the component apache-commons-text




Changes in Update Released on 18-October-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-43662

Addition of latest versions for the component Akka

SCA-43253

Fixing the version information for the component https://github.com/Sequel-Ace/Sequel-Ace.

SCA-42544

Fixing false positive vulnerabilities for the component jquery UI

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • CERN-OHL-1.1.txt

  • CERN-OHL-1.2.txt

  • CERN-OHL-P-2.0.txt

  • CERN-OHL-S-2.0.txt

  • CERN-OHL-W-2.0.txt

  • CC-BY-3.0-AT.txt

  • CC-BY-3.0-DE.txt

  • CC-BY-3.0-NL.txt

  • CC-BY-NC-3.0-DE.txt

  • CC-BY-NC-ND-3.0-DE.txt

  • CC-BY-NC-SA-2.0-FR.txt

  • CC-BY-NC-SA-3.0-DE.txt

  • CC-BY-ND-3.0-DE.txt

  • CC-BY-SA-2.1-JP.txt

  • CC-BY-SA-3.0-AT.txt

  • CC-BY-SA-3.0-DE.txt

  • CDLA-Permissive-2.0.txt

  • COIL-1.0.txt

  • DL-DE-BY-2.0.txt

  • FDK-AAC.txt

  • Jam.txt

  • Linux-man-pages-copyleft.txt

  • KiCad-libraries-exception.txt

New/Update Component Requests

  • zyantific/zycore-c

New Component Detection Rules

  • aide/aide

Collector Status

Name Date of Last Successful Run
gitlab 8/5/2022
crates 8/25/2022
hackage 10/9/2022
maven2-ibiblio 10/10/2022
npm 10/11/2022
pypi 10/12/2022
clojars 10/13/2022
cpan 10/13/2022
rubygems 10/13/2022
maven-google 10/14/2022
fedora-koji 10/14/2022
cran 10/15/2022
go 10/17/2022
github 10/17/2022
nuget gallery 10/17/2022
packagist 10/17/2022




Changes in Update Released on 23-September-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-43521

Fixed false positives in license detection and license evidence mechanism for licenses like 0BSD, ISC and MIT.

SCA-42852

Updated version information for NPMJS components like @aws-sdk/client-dynamodb and @aws-sdk/client-dynamodb-streams

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • atomic
  • crypto-utils
  • fedmsg
  • fedora-arm-installer
  • python-fedora
  • sectool
  • coolkey
  • sssd
  • anaconda
  • newsx
  • rpmdevtools
  • cronie

Collector Status

Name Date of Last Successful Run
gitlab 8/5/2022
crates 8/25/2022
clojars 9/15/2022
maven2-ibiblio 9/15/2022
cpan 9/15/2022
rubygems 9/15/2022
maven-google 9/16/2022
cran 9/17/2022
nuget gallery 9/18/2022
hackage 9/18/2022
packagist 9/18/2022
npm 9/20/2022
go 9/21/2022
pypi 9/21/2022
github 9/21/2022
fedora-koji 9/21/2022




Changes in Mini Update Released on 13-September-2022

This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to commons_configuration2 Component

Issue ID Issue Summary
SCA-43592

Missing vulnerability CVE-2022-33980 for the component commons_configuration2

SCA-43114

Updating component information for components like entityframework, mailbee.net and microsoft.sqlserver.sqlmanagementobjects.




Changes in Update Released on 09-September-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-43115

Addition of new licenses to reflib like AfterLogic Software License Agreement , Entity Framework 5.0 For Microsoft Windows Operating System and Microsoft SQL SERVER 2017 Shared Management Objects.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • EPICS.txt

  • etalab-2.0.txt

  • copyleft-next-0.3.0.txt

  • copyleft-next-0.3.1.txt

  • GD.txt

  • GLWTPL.txt

  • Hippocratic-2.1.txt

  • HPND-sell-variant.txt

  • HTMLTIDY.txt

  • JPNIC.txt

  • libpng-2.0.txt

  • libselinux-1.0.txt

  • Linux-OpenIB.txt

Collector Status

<

Name Date of Last Successful Run
gitlab 8/5/2022
maven2-ibiblio 8/22/2022
clojars 9/1/2022
crates 8/25/2022
cpan 9/1/2022
rubygems 9/1/2022
maven-google 9/2/2022
hackage 9/4/2022
nuget gallery 9/5/2022
packagist 9/5/2022
go 9/6/2022
pypi 9/6/2022
cran 9/7/2022
github 9/7/2022
fedora-koji 9/7/2022
npm 9/7/2022




Changes in Update Released on 29-August-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-42217

BSD 3-Clause license text not detected

SCA-43300

Fixed license detection and license evidence mechanism for dvipdfm license to avoid false positives

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • 0BSD

  • BSD-1-Clause

  • BSD-3-Clause-Modification

  • BSD-3-Clause-No-Military-License

  • BSD-3-Clause-Open-MPI.txt

New/Update Component Requests

  • jridgewell/gen-mapping
  • jridgewell/set-array
  • jridgewell/sourcemap-codec
  • CPUID CPU-Z
  • get-image-file-type-programmatically-in-swift
  • swift-5-4-hex-to-nscolor
  • SNMP++ API
  • supports-preserve-symlinks-flag

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • bwm-ng
  • mattermost_server
  • snipe-it
  • cgal
  • caldera-forms

Collector Status

<

Name Date of Last Successful Run
fedora-koji 8/2/2022
gitlab 8/5/2022
cpan 8/18/2022
rubygems 8/18/2022
maven-google 8/19/2022
cran 8/20/2022
nuget gallery 8/21/2022
hackage 8/21/2022
maven2-ibiblio 8/22/2022
packagist 8/22/2022
go 8/23/2022
github 8/24/2022
crates 8/24/2022
npm 8/24/2022
clojars 8/25/2022
pypi 8/26/2022




Changes in Update Released on 12-August-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-42725

Fixed False positive vulnerabilities related to SQL Lite

SCA-31133
Addition of Nuget vulnerability mapper to the list of vulnerability mappers
SCA-42767 Updated license information for the components datatables-fixedcolumns and datatables-tabletools in our data library
SCA-43007
GNU Library General Public License v2 or later (LGPL-2.0-or-later) License Evidence is not being detected for gettext.c file

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • LGPL-2.0-or-later
  • SPDX licenses with additional clauses
  • App-s2p

  • Baekmuk

  • blessing

  • BlueOak-1.0.0

  • C-UDA-1.0

New/Update Component Requests

  • FixedColumns
  • Autofill
  • Tabletools

New Component Detection Rules

  • Tabletools.js and Tabletools.min.js
  • FixedColumns.js and FixedColumns.min.js

Collector Status

Name Date of Last Successful Run
maven2-ibiblio 7/28/2022
fedora-koji 8/2/2022
clojars 8/4/2022
cpan 8/4/2022
rubygems 8/4/2022
maven-google 8/5/2022
gitlab 8/5/2022
cran 8/6/2022
nuget gallery 8/6/2022
hackage 8/7/2022
packagist 8/8/2022
go 8/9/2022
pypi 8/10/2022
github 8/10/2022
crates 8/10/2022
npm 8/10/2022




Changes in Update Released on 18-July-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

GPL-AGPL-LGPL License Cleanup

There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project:

Example: jquery 6.2.0 (GPL-1.0)

Here GPL-1.0 is the license with the short name associated with the component jquery.

1. Short Name Change

When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated.

2. Component to License Mapping Change

When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping.

3. Duplicate entry cleanup

After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229).

Note: Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios.

Please refer the article on GPL-LGPL-AGPL License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-GPL-LGPL-AGPL-License-Data-Cleanup-Project/ta-p/240679

Issue ID Issue Summary
SCA-40135

Updating the GPL related licenses in the data library according to SPDX

SCA-40180, SCA-41672

Preparation of scripts related to changes made to GPL, LGPL and AGPL licenses.

SCA-42149

Updated version information for the component minimist.

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity) was updated/added for the following components:

  • AGPL-1.0-only
  • AGPL-1.0-or-later
  • AGPL-3.0-only
  • AGPL-3.0-or-later
  • GPL-1.0-only
  • GPL-1.0-or-later
  • GPL-2.0-only
  • GPL-2.0-or-later
  • GPL-3.0-only
  • GPL-3.0-or-later
  • LGPL-2.0-only
  • LGPL-2.0-or-later
  • LGPL-2.1-only
  • LGPL-2.1-or-later
  • LGPL-3.0-only
  • LGPL-3.0-or-later

Collector Status

Name Date of Last Successful Run
gitlab 5/13/2022
maven2-ibiblio 6/30/2022
nuget gallery 7/4/2022
clojars 7/7/2022
cpan 7/7/2022
rubygems 7/7/2022
cran 7/9/2022
maven-google 7/9/2022
hackage 7/10/2022
packagist 7/11/2022
go 7/12/2022
pypi 7/13/2022
github 7/13/2022
crates 7/13/2022
fedora-koji 7/13/2022
npm 1/30/2022




Changes in Update Released on 07-July-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-42146

Addition of the license EDL 1.0 to PDL.

Collector Status

Name Date of Last Successful Run
gitlab 5/13/2022
npm 1/30/2022
pypi 6/29/2022
crates 6/29/2022
clojars 6/30/2022
maven2-ibiblio 6/30/2022
cpan 6/30/2022
rubygems 6/30/2022
maven-google 7/1/2022
go 7/1/2022
cran 7/2/2022
fedora-koji 7/2/2022
hackage 7/3/2022
github 7/4/2022
nuget gallery 7/4/2022
packagist 7/4/2022




Changes in Mini Update Released on 28-June-2022

This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to jenkins Component

Issue ID Issue Summary
SCA-39993

Miniature PDL package creation and processing in product




Changes in Update Released on 15-June-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-40437

Addition of Go Collector to the list of collectors

Collected Batch 1- 50000 packages.

SCA-42001

Fixed license information for the component 'setuptools'.

SCA-42030

Fixed license information for the component 'react-leaflet'.

SCA-42040

Fixed license information for the component 'pillow'.

SCA-42108

Updated component-version information for the component 'url-parse'.

Collector Status

Name Date of Last Successful Run
gitlab 5/13/2022
crates 5/28/2022
npm 1/30/2022
pypi 6/8/2022
clojars 6/9/2022
cpan 6/9/2022
rubygems 6/10/2022
cran 6/11/2022
maven2-ibiblio 6/11/2022
maven-google 6/11/2022
hackage 6/12/2022
nuget gallery 6/12/2022
packagist 6/13/2022
github 6/14/2022
fedora-koji 6/14/2022
go 6/14/2022




Changes in Update Released on 13-May-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-41730 Addition of vulnerability mappings to zlib component (CVE-2018-25032).

Collector Status

Name Date of Last Successful Run
hackage 5/8/2022
npm 1/30/2022
crates 4/26/2022
clojars 5/5/2022
cpan 5/5/2022
rubygems 5/6/2022
maven-google 5/6/2022
cran 5/7/2022
nuget gallery 5/8/2022
maven2-ibiblio 5/9/2022
packagist 5/10/2022
github 5/11/2022
gitlab 5/11/2022
pypi 5/11/2022
fedora-koji 5/11/2022




Changes in Update Released on 28-Apr-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-41430 Addition and Updating components and license information for components like JakartaFtpWrapper, nsftools.com Standard Disclaimer etc.
SCA-41268 Fixed the incorrect license mapping for hibernate-core component.

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • FreeImage
  • freertos-exception-2.0
  • FSFAP
  • FSFULLR

Collector Status

Name Date of Last Successful Run
hackage 4/24/2022
npm 1/30/2022
maven2-ibiblio 4/12/2022
cpan 4/14/2022
fedora-koji 4/19/2022
rubygems 4/21/2022
cran 4/22/2022
maven-google 4/22/2022
nuget gallery 4/23/2022
crates 4/26/2022
clojars 4/27/2022
github 4/27/2022
packagist 4/27/2022
gitlab 4/27/2022
pypi 4/27/2022




Changes in Update Released on 13-Apr-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to spring-framework Component

Issue ID Issue Summary
SCA-41311 Fix incorrect vulnerability mapping to the component POI.
SCA-41305 Addition of vulnerabilities to xmlbeans 2.6.0 component.
SCA-41141 Enhancement to collect missing licenses for Pypi components.
SCA-40144
Addition of Components from https://gitlab.xiph.org/xiph




Changes in Update Released on 25-Mar-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-40941 Update license information for npm component- pixrem.
SCA-40777 Map Fair license to "Assert" component.
SCA-40872 License information for jquery 1.12.4 - MIT or GPL-2.0 license?

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • jhuisi-charm
  • pear-archive_tar
  • zopefoundation-accesscontrol
  • nextcloud-richdocuments
  • pear-archive_tar
  • 3xxx-engineercms
  • isomorphic-git-isomorphic-git
  • justarchinet-archisteamfarm
  • matanui159-replaysorcery
  • xmldom-xmldom
  • util-linux-util-linux

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • dvipdfm
  • mif-exception
  • eCos-exception-2.0
  • eGenix
  • EPL-2.0
  • EUPL-1.2
  • FLTK-exception

Collector Status

<

Name Date of Last Successful Run
packagist 2/27/2022
maven2-ibiblio 3/7/2022
npm 1/30/2022
gitlab 3/8/2022
clojars 3/16/2022
rubygems 3/17/2022
cpan 3/17/2022
cran 3/18/2022
maven-google 3/18/2022
nuget gallery 3/19/2022
hackage 3/20/2022
github 3/22/2022
crates 3/23/2022
pypi 3/23/2022
fedora-koji 3/23/2022




Changes in Update Released on 14-Mar-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-32308 Pypi forge vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism.
SCA-40984 Fix false positive vulnerabilities for Mono.Cecil

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • glances
  • video.js
  • nukeviet
  • lavalite-cms
  • evolution-cms-evolution
  • flatpress
  • yzmcms
  • elfinder.aspnet

Collector Status

Name Date of Last Successful Run
packagist 2/27/2022
cran 3/4/2022
maven-google 3/5/2022
hackage 3/6/2022
maven2-ibiblio 3/7/2022
nuget gallery 3/7/2022
crates 3/8/2022
npm 1/30/2022
gitlab 3/8/2022
clojars 3/9/2022
pypi 3/9/2022
rubygems 3/10/2022
github 3/10/2022
cpan 3/10/2022
fedora-koji 3/10/2022




Changes in Update Released on 24-Feb-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-40339 Fixed license mappings for hangfire.core nuget component .
SCA-40332

Fixed license mappings for microsoft.net.workload.emscripten.manifest nuget component

SCA-40215

Fixed false positive CVE for system.threading.tasks.extensions 4.5.4 component

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • stuk-jszip
  • firefly-iii
  • pjsip-pjproject
  • oisf-suricata
  • gitlogplus
  • velociraptor
  • contour
  • stmicroelectronics-stm32cubeh7
  • mod_auth_openidc

New/Update Component Requests

  • Microsoft Infographic Designer
  • Microsoft Advance Card

Collector Status

Name Date of Last Successful Run
npm 12/3/2021
gitlab 1/13/2022
maven2-ibiblio 2/15/2022
rubygems 2/17/2022
cran 2/18/2022
maven-google 2/18/2022
nuget gallery 2/19/2022
hackage 2/20/2022
packagist 2/20/2022
crates 2/22/2022
clojars 2/23/2022
github 2/23/2022
pypi 2/23/2022
fedora-koji 2/23/2022
cpan 2/24/2022




Changes in Update Released on 10-Feb-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-40131

Fixing false positive component_cpe mappings

SCA-40004

Fix for "Unable to load or add component version libssh 0.7.3"

SCA-39146

GPL 3.0 or later and GPL 3.0 Only - both licenses are reported when the source clearly has only one SPDX ID

SCA-38096

Fixing redirecting urls for clojars collector

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • mosquitto
  • lwip
  • folly
  • matio
  • libheif
  • manageiq
  • redis

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • D-FSL-1.0
  • diffmark
  • DigiRule-FOSS-exception
  • Dotseqn
  • DSDP

New/Update Component Requests

  • windowsazure.servicebus
  • microsoft.azure.servicebus.eventprocessorhost
  • mesa
  • sharpmimetools




Changes in Update Released on 28-Jan-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

MIT License Cleanup

There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared.

We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided.

Note:

Please refer the article on MIT License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-MIT-License-Data-Cleanup-Project/ta-p/214451/jump-to/first-unread-message

Known issue:

A script "MIT-CleanupQueries.sql" is provided which has to be run after the PDL update.

This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above.

There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup.

Ex: jQuery (MIT, MIT License)

In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan.

The detailed issue description and workaround are provided in the jira: https://jira.flexera.com/browse/SCA-40194

Issue ID Issue Summary

SCA-39812

Map vulnerabilities for gnu components

SCA-39748

Update version information for pilotmoon-scroll-reverser

SCA-38553

License detection XML detects both MIT and MIT-Style as evidence for MIT License

SCA-28851

MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses.

SCA-28766

Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level.

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • Itop
  • Mupdf
  • Anchrome

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • CNRI-Jython
  • CNRI-Python
  • CNRI-Python-GPL-Compatible
  • Crossword
  • CrystalStacker
  • PSF-2.0
  • Python-2.0




Changes in Update Released on 13-Jan-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to log4j Component

  • Added component detection capabilities to identify log4j components in "ivy.xml".
Issue ID Issue Summary
SCA-39360 Fixed the license evidence mechanism to eliminate false positive findings.
SCA-39579 Addition of gnu vulnerable components to the data library
SCA-38160 GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism.
SCA-38159 Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism.

<

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • xml_database
  • graphhopper
  • Openvswitch-ovs
  • osgeo-gdal
  • unicorn-engine-unicorn
  • open62541-open62541
  • racket-racket
  • mozilla-geckodriver
  • gnuaspell-aspell
  • libsndfile-libsndfile
  • libarchive
  • matio

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • CC-BY-NC-ND-1.0
  • CC-BY-NC-ND-4.0
  • CC-BY-NC-SA-4.0
  • CC-BY-NC-4.0
  • CC-BY-ND-4.0
  • CC-BY-SA-4.0
  • CC-BY-4.0
  • Cube
  • curl
  • CDLA-Permissive-1.0
  • CDLA-Sharing-1.0
  • CECILL-2.1
  • CLISP-exception-2.0

New Component Requests

  • Windows SDK for Windows Server 2008 and .NET Framework 3.5
  • Strictly Software htmlencode




Changes in Update Released on 23-Dec-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to Apache log4j2 Component

  • Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104).
  • Updated versions for the log4j2 components.
Issue ID Issue Summary
SCA-38791 Updated missing vulnerabilities for nuget top 100 component
SCA-35846 Enhancements to Nuget Collector for Version-Level License Collection

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • consul
  • uri.js
  • chatwoot
  • bat
  • cgm-remote-monitor
  • connect
  • muwire
  • containerd
  • discourse
  • micronaut
  • gatsby-source-wordpress
  • venus_os

Updated Components List

  • world-clock-and-the-timezoneinformation-class




Changes in Update Released on 16-Dec-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to Apache log4j2 Component

  • Updated versions for the log4j2 components from different forges like github, maven and fedora.
  • Updated vulnerabilities for log4j2 component (CVE-2021-44228).
Issue ID Issue Summary
SCA-38864 Analysis & update license for jaxen component.
SCA-38669 AutoWriteup Rules: Map licenses to AutoWriteup Rules with no licenses.
SCA-38521 Increasing Component CPE mappings in Data Library.
SCA-38479 Updated version information for 27208706.
SCA-38791 Update missing license for top 100 Nuget components.

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • falco
  • manageengine_admanager_plus
  • esp32_firmware
  • libvips-libvips
  • junos
  • rancher
  • sheetjs
  • etherpad
  • stealth

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • bzip2-1.0
  • bzip2-1.0.5
  • Caldera
  • BSD-3-Clause-Attribution
  • BSD-3-Clause-Clear
  • BSD-3-Clause-LBNL
  • BSD-3-Clause-No-Nuclear-License-2014
  • BSD-3-Clause-No-Nuclear-License
  • BSD-3-Clause-No-Nuclear-Warranty
  • BSD-4-Clause-UC
  • BSD-Protection
  • BSD-1-Clause
  • BSD-Source-Code
  • BSD-2-Clause-Patent
  • BSD-2-Clause-NetBSD
  • BSD-2-Clause-FreeBSD




Update Release on 26-Nov-2021 has been postponed

This update has been postponed to 9 Dec 2021 due to some technical issues.

Changes in Update Released on 11-Nov-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-38476 Add component GenericDataExchangeFrameworkwithAJAX and ASP.NET Outlook-like Time Field to PDL library
SCA-38352 Enhancement to license mapping mechanism for Nuget Collector based on License Expression provided by Nuget Rest API
SCA-38223 Add missing vulnerability mappings to components like umeditor, thinkcmf, xuperchain, ok-file-formats, radare2-extras, polipo, gthumb.




Changes in Update Released on 28-Oct-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

<

Issue ID Issue Summary
SCA-38246 Add missing versions for openssl, net-snmp and system.data.sqlite components.
SCA-38221 Add missing vulnerability mappings to components like varnish_cache, elfinder.net. core, ectouch, is-email, booking_core, wolfssl.
SCA-37996 Invalid license for highcharts - npmjs component.
SCA-37673 Added license evidence and detection capability for licenses like Bahyph, Barr, Borceux, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-Source-Code etc.
SCA-37671 Added license evidence and detection capability for licenses like 0BSD, 389-exception, Abstyles, Adobe-Glyph, Afmparse, AGPL-1.0, Aladdin, AMDPLPA, AML, AMPAS etc.
SCA-37461 Add missing vulnerability mappings to components like delta, xo-server, putil-merge, harmonyos, ant etc.
SCA-37459 Add missing vulnerability mappings to components like yop-poll, restsharp, event_streams, sshd, talk, nextcloud_mail, nextcloud, icinga etc.
SCA-37348 Github Vulnerabilities mapped to Java components.




Changes in Update Released on 18-Oct-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-38185

Fixing invalid versions of lm_sensors.
SCA-38030 Update reference to component_mapping.csv to new github.com from git.palamida.com in update service.
SCA-37884 Missing vulnerabilities for Valeo.
SCA-37758 Adding spdx-license-identifier to the license-detection.xml and license-finder.json.
SCA-37658 Update license-names in the license evidence mechanism.
SCA-37447 Add missing vulnerabilty mappings to components like retty, everything, brave, node.js, total.js, total4, prismatic.
SCA-37442 Add missing vulnerabilty mappings to components like halo, pfsense, exiv2, caldera, jsish, moddable, mujs.
SCA-38254 Add license evidence capability for licenses like LLVM-exception,APAFML,Artistic-1.0-cl8,Artistic-1.0-Perl.




Changes in Update Released on 01-Oct-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-37896

Validate and update Maven forge details in PDL library.
SCA-37837 Add new component ms-intune-app-sdk-android and Microsoft Intune App Software Development Kit For iOS license.
SCA-37651 Add Microsoft Windows Driver Kit For Windows 8.1 License and Updated versions for Microsoft windows driver kit.
SCA-37604 Update manually maintained component versions. Please refer list below
SCA-37376 Add the missing vulnerability mappings for components like cszcms, switch, fortimail, putty, emissary-ingress-emissary.
SCA-29724 Enhance License detection for Nuget forge components.
SCA-37544 Update versions and vulnerability mappings for oracle-jre component
SCA-37449 Add CWEs to PDL library.
SCA-38018 Update versions for Google Maven repository components.

Updated Components List

  • glibmm24
  • libsm
  • wpa_supplicant
  • cairo
  • dmidecode
  • chrony
  • libxrandr
  • libice
  • networkmanager
  • gobject-introspection
  • glib-networking
  • dnsmasq
  • mesa
  • elfutils
  • dbus
  • sudo
  • libsoup
  • libtalloc
  • rpm-package-manager
  • PowerTop
  • libldb
  • libxft
  • openssl
  • pygobject3
  • gnutls
  • libx11
  • libnl3
  • tzdata
  • alsa-lib
  • atk
  • libxcb
  • binutils
  • ethtool
  • libfontenc




Changes in Update Released on 13-Sep-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-37290

Validate and update invalid versions for kong-insomnia component.

SCA-36444

License Finder rules for OGC-1.0,OFL-1.1-RFN.

SCA-35816

Addition of Gitlab forge to the list of forge collection.

SCA-33593

Enhance license mapping capability for Nuget collector.

SCA-31981

Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library .

SCA-37371

Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp.

New Component Detection Rules

  • liblouis




Changes in Update Released on 30-Aug-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-35866

Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0.

SCA-35970

Data - Vulnerability Dates update. "Publication Date" and 'Modified Date".

SCA-36442

License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc.

SCA-36894

License Mappings for "pylouis" component.

SCA-36946

Data: Forge detail is incorrect for log4php component.

SCA-37030

False Positive Vulnerabilities for "file - npmjs" component.

SCA-37147

Handle URL discrepancies & case sensitive titles for FSF forge.

SCA-36815

Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms.

SCA-37171

Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk.

SCA-37176

Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo.

SCA-37200

Update right URLs and title for code.google forge components.

SCA-37206

Mapping Vulnerability for json-smart-v1 and json-smart-v2.

SCA-35877

Updated components having URL discrepancies.




Changes in Update Released on 27-Jul-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-35948 NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge
SCA-35924 License mapping for the Pypi component "louis"
SCA-27819 Fixing nongnu.org 404 URL's
SCA-36610 Minio version license mapping
SCA-36607 Grafana version license mapping
SCA-36110 Update matplotlib license text
SCA-36128 Manual Collector: Kernel: lvm2 versions are wrongly added
SCA-35933 False Positive vulnerabilities in mariadb-java-client
SCA-35908 Invalid versions for microsoft-azuredatastudio component




Changes in Update Released on 24-Jun-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-34531 Update Matplotlib license text to version 3.4.1.
SCA-35177 New requests.
SCA-34953 Add components & license to reflib.
SCA-33894 CVE-2020-11971 associated with wrong components.
SCA-29232 Request to add component: logrotate.
SCA-30698 License Finder Rules for Matplotlib License.
SCA-35286 Unicode Terms of Use license not found in file.
SCA-35680 False positive GPL license detected for LGPL license text
SCA-25368 Request for identifying SPDX IDs.




Changes in Update Released on 11-Jun-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-35178 Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component.
SCA-35087 Deprecating invalid versions of Apache projects on github.
SCA-35022 SPDX license collection. (Around 87 new licenses).
SCA-33894 License Name and SPDX License Name should be the same.
SCA-33805 Elastic Kibana: Add License Finder Rules for Elastic License 2.0
SCA-30698 License Finder Rules for Matplotlib License




Changes in Update Released on 28-May-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-34581 Add component Microsoft JDBC Driver for SQL Server and licenses.
SCA-34431 Deprecating invalid version vulnerability Mapping which are protected
SCA-33541 Vulnerabilities for Netmask and PHP git server
SCA-33251 Vulnerability Dates: Addition/correction of columns for publication date and last modified date.
SCA-30785 SPDX license collection to staging db. (Not yet released).




Changes in Update Released on 14-May-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-34508 PYPI URL's format are not consistent throughout in PDL_Component .
SCA-34395 False positive vulnerabilities for tomcat components - False PDL Mappings in PDL_COMP_VER_VULNERABILITY
SCA-34213 Deprecating the version for Apache project invalid versions-Set2
SCA-33485 The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult
SCA-32592 Deprecating the version for Apache project invalid versions.
SCA-30879 Linux Kernel versions release which was obsolete by an year and a half.
SCA-34289 Libstdcpp component
SCA-34183 Add new licenses to license seed and schema.




Changes in Update Released on 22-Apr-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-32074 License mismatch for popular components.
SCA-31667 License Acronym Data Changes for auto writeup rules.
SCA-29799 Inventory created with auto-writeup rules don't create with SPDX license ID
SCA-26931 Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *.

New Component Requests

  • lsof(Component ID: 27350567)
  • ntp(Component ID: 207771)
  • libtiff(Component ID:27350365)
  • gtk(Component ID: 27350362)
  • gnome-shell-extensions(Component ID: 27350363)
  • libgpg-error(Component ID: 27350364)
  • dracut(Component ID: 123809)
  • openssl-fips(Component ID: 27350368)
  • lvm2(Component ID: 27350367)
  • kbd(Component ID: 27350366)
  • lzo(Component ID: 63041)
  • treeview-with-columns(Component ID: 27350359)
  • replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360)
  • step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361)
  • strawberry-perl - 27344198)
  • run-postinsts - 27344199)
  • packagegroup-core-boot - 27344200)
  • sha-1-in-C-by-steve-reID: - 27344201)
  • zlib - 27344202)
  • watchdog(Component ID: 5403203)
  • perfmon2(Component ID: 53555)
  • ust(Component ID: 186075)
  • newmat(Component ID: 129995)
  • netbase(Component ID: 207639)
  • xml-pull-parser3(Component ID: 226748)
  • shadow-utils(Component ID: 5403445)
  • lipro-libftdi(Component ID: 7872851)
  • csha1(Component ID: 27341784)
  • timezonemap(Component ID: 27344433)




Changes in Update Released on 10-Apr-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-33801 License detection.xml changes for PDL-2021-04-R1
SCA-31855 AutoWriteUp rules having outdated URLs
SCA-33557 Adding License - Purdue BSD-Style License
SCA-32649 Wrong (and hence fix) DOC Software License name and url
SCA-32983 Missing Elastic License for Elastic Kibana

New Component Requests

  • File-file (component ID: 3102572)
  • Cquicklist (component ID: 27337962)
  • Nfs-utils (component ID: 27336321)
  • Eglibc (component ID: 27337963)
  • Lcms (component ID: 7597)
  • Ti-rtos-mcu (component ID: 27336320)
  • High-speed-charting-control (component ID: 27330960)
  • Progress-control-with-text (component ID: 27330961)
  • Oscilloscope-stripchart-control (component ID: 27330962)
  • Skinx (component ID: 27330963)
  • Keymaps (component ID: 27333199)
  • Getprimarymacaddress (component ID: 27333200)
  • Sampleds (component ID: 27333201)
  • Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733)
  • Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779)
  • Trafficwatcher (component ID: 27334780)
  • Using-colors-in-cedit-and-cstatic (component ID: 27335822)
  • Gnu-which (component ID: 705519)
  • Eclipse-aspectj (component ID: 55748)




Changes in Update Released on 25-Mar-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-32971 URL fix for DOC License
SCA-32253 Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline
SCA-31926 Update the missing license mappings for components-Phase1.
SCA-31800 Exception looking up rules' in FNCI Logs

New Component Requests

  • mph-2b-damase
  • simpleping
  • twain-developer-toolkit
  • texas-instruments-msp-430-lib-files
  • CppSQLite
  • CStdioFile
  • CTrayIcon
  • CXml
  • CXPGroupBox
  • A class to combine Slider Control and Progress Bar
  • A very simple solution for partial bitmap encryption
  • Adobe InDesign CC SDK
  • libcomposite
  • pango
  • Microsoft Windows Driver Kit - WDK




Changes in Update Released between 20-Oct-2020 to 11-Mar-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-27739 False Positives when scanned Oracle OpenJDK
SCA-28603 Unable to find a component that is identified as first level dependency
SCA-26834 Sun (Restricted) and Sun-IP Licenses not detected
SCA-29523 License discrepancy for CURL component
SCA-27024 Gnutls component missing vulnerabilities, versions and wrong url
SCA-30866 Hdf5 license (ID: 1224) is not correct
SCA-30797 Incorrect Licensing Detection for Microsoft .Net
SCA-30525 Component gpg-gnupg missing encryption flag
SCA-27722 Incorrect vulnerabilities matched with component versions for Rust
SCA-32271 PDL_VULNERABILITY table is empty in the latest PDL update
SCA-33031 BOM: Discrepancies due to search term rule basics-vector

New Component Detection Rules

  • Setup.js
  • MD% algorithm class library
  • PhantomJs
  • Cefsharp
  • Virtual-dom v2.1.1
  • Named-js-regexp
  • MarkupSafe
  • OCHamcrest
  • OCMockito
  • Libsrtp
  • Ans_up
  • HockeySDK
  • Aimage
  • Ua-parser-js v0.7.10.
  • Autofac.Wcf
  • Vector.js
  • Untildify v3.0.2
  • Post-robot v7.0.15.
  • Axios
  • JSONTestSuite
  • Rpc-server.js

New Features incorporated.

Issue ID Issue Summary
SCA-26848 CVSS 3.1 - Data Collection
SCA-26808 Add Vulnerability dates to PDL tables
SCA-26181 Component CPE Mapping

New Component Requests released.

  • Isc bind
  • Canvas-toblob.js
  • Newrelic.opentracing.amazonlambda.tracer
  • Libepoxy
  • Tags
  • Json.net
  • Jquery-menu-aim-fw
  • Microsoft.appcenter for macos
  • Microsoft.appcenter.analytics for macos
  • Apache-apr
  • Cyan4973-lz4
  • Gnu-screen
  • Jamesflorentino-nanoscrollerjs
  • Mtd-utils
  • Npth
  • Pam
  • Eeepc-acpi-scripts
  • Sharpziplib
  • Mahapps.metro.simplechildwindow - nuget gallery
  • Wpfnotification - nuget gallery
  • Microsoft-windowsapicodepack-shellextensions - nuget gallery
  • Controlzex/controlzex - github
  • Mahapps.metro.iconpacks - nuget gallery
  • Mvvmlight - nuget gallery
  • Ini-parser - nuget gallery
  • Mahapps/mahapps.metro - github
  • Angular/angular-cli - github
  • System.data.sqlite.core - nuget gallery
  • System.data.sqlite.ef6.migrations - nuget gallery
  • Microsoft asp.net mvc 4 (***deprecated***)
  • Wxwindows library license
  • Wxwidgets
  • Karma-runner karma
  • Openssh - in c
  • Base-passwd
  • Init-ifupdown
  • Procps
  • Binutils
  • 7-zip
  • Kmod
  • Matplotlib
  • Scons - a software construction tool - scons
  • Tagish library
  • Qos-ch-slf4j
  • Flex - lexical scanner generator
  • Application insights persisted http channel
  • Cairo-pixman
  • Flat_hash_map
  • Fontconfig
  • Free type
  • Gnutls library
  • Tianmajs/libm - github
  • Libsoup
  • Microsoft.applicationinsights - nuget gallery
  • Slodge/mvvmcross - github
  • Pdfsharp - nuget gallery
  • Sharppdf
  • Twain data source manager
  • Twain sample data source and application - twain 2.0 sample data source
  • Windows driver kit (wdk) 8.0 samples for visual studio 2012
  • Microsoft/windows-universal-samples - github
  • Html agility pack
  • Microsoft.extensions.caching.abstractions
  • Microsoft.extensions.caching.memory
  • Microsoft.extensions.dependencyinjection.abstractions
  • Microsoft.extensions.options
  • Microsoft.extensions.primitives
  • Microsoft.netcore.platforms
  • System.componentmodel.annotations
  • System.runtime.compilerservices.unsafe
  • System.security.cryptography.xml
  • Microsoft.owin
  • Microsoft.owin.host.systemweb
  • Microsoft.owin.security
  • Mimemapping
  • Nconfiguration
  • Nlog
  • Nuget.commandline
  • Nunit
  • Restsharp
  • Closedxml
  • Apache cxf buildtools
  • Apache neethi
  • Weblinc-matchmedia
  • Twain/twain-dsm
  • Twain-twain-samples
  • Windows driver kit (wdk) 8.0 samples for visual studio 2012




Changes in Update Released on 20-Oct-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 20-Oct-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-28504

Components information

SCA-28691

NVD Feed: Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1)

SCA-27621

Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component

SCA-28970

NVD-Feed Fix and client release to Codeaware

SCA-17974

Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong

SCA-28740

With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4.

SCA-27773

Search terms need to be improved for few components

SCA-28288

False Positives for zlib and libjpeg

SCA-28508

Components information

SCA-22072

Stunnel support in DL

SCA-27119

Missing versions

SCA-29156

Pycryptodomex missing encryption flag

New Component Detection Rules in the 20-Oct-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Retry.js
  • Jquery-mobile for react
  • Expat (version released 2.2.6)
  • Novell.Directory.ldap
  • Spawn.js
  • Jquery-vsdoc.js
  • CodeMirror
  • NUnit.Framework.dll
  • Rsvp.js
  • Twbs-bootstrap and Mathiasbynens-jquery-placeholder
  • Libwebsockets
  • Globalize 1.1.1
  • CPU Topology
  • JSON v3.3.0
  • Pyomo v5.0.1
  • CPU Topology 1.2.8 Class library
  • Text-markdown
  • Json v2.1.1
  • V8
  • Libuv




Changes in Update Released on 11-Sep-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 11-Sep-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-27585

Add component " History-event"(JQuery.history.js)

SCA-27738

URL not working for freetype (Id: 1149) component

New Component Detection Rules in the 11-Sep-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • 7za.exe
  • Jazzy
  • D3.js
  • JSQR
  • Doube-conversion
  • HistoryEvent
  • Bind
  • Punycode.js
  • Gaearon-Redux




Changes in Update Released on 28-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 28-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-27456

Missing OSS component-udev

SCA-27203

Missing components – bind and jsqr

New Component Detection Rules in the 28-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Whiskas.py
  • ProtectedData
  • Dmidecode
  • Libsmbios




Changes in Update Released on 14-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 14-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-27191

Add tungsten fabric components to Data Library

SCA-27024

Gnutls component missing vulnerabilities, versions and wrong url.

SCA-27084

Libtiff license url needs to be updated

New Component Detection Rules in the 14-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • SWIG v3.0.2
  • VC Redistributable
  • Apple Installer Plugin
  • Appcenter-sdk-apple-3.0.0.tar.gz
  • Code Project - WSE 3 Deployment: MSI and ClickOnce
  • Wdksetup.exe
  • MobileNumericUpDown
  • Apple/cups
  • Mhook
  • GridAnimationDemo




Changes in Update Released on 03-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 03-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-26931 Missing vulnerabilities.
SCA-26666 Missing Vulnerabilities for Apache Thrift 0.7.0

New Component Detection Rules in the 03-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • JQuery Mobile
  • JortSort
  • CLR Security Class library
  • BrockAllenCookieBasedTempdata.dll
  • StackExchange.Redis
  • Readline.js




Changes in Update Released on 17-Jul-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 17-Jul-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-25108 Detection of xmlbeans 2.6.0 occurs twice
SCA-25905 Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later
SCA-25907

New components added

SCA-26134

The component "app.min.js" is incorrectly mapped to the component "App( 62839)"

New Component Detection Rules in the 17-Jul-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Console.js
  • LowPriorityWarning.js
  • Nameddefine.js
  • Prettier.js
  • SQLite DLL
  • Pacman Unicode
  • D3 DES algorithm 5.09 Class library
  • JCanvas
  • Libxslt
  • Node-tmp
  • Libxml2




Changes in Update Released on 30-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 30-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-25608 component "jodaorg-joda-time" has invalid license in list
SCA-25587 Review licenses for timescale DB GitHub components
SCA-23003

Collectors for bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh, openbsd,openflow,openssl.

New Component Detection Rules in the 30-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Node-Semver
  • Speex
  • Node-Static
  • node-tree-kill
  • node-winreg
  • node-xml2js




Changes in Update Released on 15-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 15-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary
SCA-24724 Haproxy component missing 2.0.x versions

SCA-25348

Add missing vulnerabilities to u-boot component

SCA-25416

Errors in Oracle db during PDL Update
SCA-24986 UltrVNC - Missing latest versions and some versions are invalid
SCA-20156 Update component 302760 to important = true
SCA-22232 Missing component versions
SCA-24984 Component versions out of date

New Component Detection Rules in the 15-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Cross-BrowserSplit.
  • Chromium-Breakpad.
  • Request.js
  • Sauce.js
  • IsEventSupported.js
  • Pubsuffix.js
  • Node-ssl-root-cas(test-tunnel.js)




Changes in Update Released on 01-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 01-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-24867

[Juniper Networks, Inc.] gnu-gcc component is showing invalid versions

SCA-25010

AMD: CodeAware Improper Identification of License for JQUERY Component.

New Component Detection Rules in the 01-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Connect-nocache.
  • typescript.js
  • aphrodite.js
  • Newtonsoft.Json.dll
  • tipsy v1.0.0a(jquery.tipsy.js,tipsy.css).
  • prism.js
  • systemjs
  • Microsoft Ajax Minifier




Changes in Update Released on 18-May-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 18-May-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-23316

OGIS: License detection is different in CodeAware and Auto-Analysis

SCA-22382

OGIS: Request to Add New Components and Versions

SCA-24622

Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL

SCA-24711

Citrix: False positives CVEs

New Component Detection Rules in the 18-May-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • bootstrap-select.js
  • bootstrap-toggle.min.js
  • React-pull-to-referesh
  • rx.all.js
  • narwhal.js
  • bootstrap-checkbox v1.4.0
  • IKVM.NET(IKVM.Reflection.dll).




Changes in Update Released on 04-May-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 04-May-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-22381

Component 'ring' from crates.io forge missing license and encryption flag

SCA-22542

Encryption flag not set for 'rust-openssl' component

SCA-24708

Incorrect discovery of 'Primefaces-PrimeNG' component

New Component Detection Rules in the 04-May-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • jquery.scrollTo-min.js, MatrixMath.js, jQuery.tmpl.js, lws-common.js
  • React Router
  • jsDump
  • Reflect-Metadata
  • NDesk.Options(.dll)
  • MSBuild Community Tasks(.dll)




Changes in Update Released on 17-Apr-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 17-Apr-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-23823

Few vulnerabilities not reported

SCA-24365

Invalid URL for 'lyceum' component

SCA-20305

Component 'apache-cordova-plugin-inappbrowser' has incorrect versions

SCA-18198

Incorrect vulnerability mapping for 'Docker' component

SCA-23837

Added rdklib (pypi) to the library

New Component Detection Rules in the 17-Apr-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • webperftest
  • jquery.color.js
  • knockout
  • Irrlicht(.dll file)
  • jQuery(build_markdown.js)
  • React Developer Tools(getReactData.js)
  • moment.js,regex.js, moment-with-locales.js




Changes in Update Released on 3-Apr-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 3-Apr-2020 Release

The following issues were addressed in the Update:

Issue ID Issue Summary

SCA-22116

Invalid version specified for 'tpm2-tss-engine'

SCA-23712

Added 'SunPro' license to the library

SCA-22982

Incorrect URLs for few Ibiblio Maven2 components

SCA-20314

Licenses are not mapped for latest versions of 'pygresql' component (22014048)

SCA-21928

Component 'pycountry-convert' needs to be updated with latest details

SCA-19891

Invalid versions associated to the component 'c-ares'

SCA-15411

Incorrect details for component 'systemd-systemd'

New Component Detection Rules in the 13-Mar-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • vector.js
  • webcomponent.js
  • globalize.js
  • OCMock
  • Bezier-Easing
  • Punycode(.js File)
  • Sphinx
  • StructureMap
  • cors
  • jQuery validation plug-in v1.6
  • jQuery Easing v1.3
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Mar 28, 2024 05:03 AM
Updated by: