FlexNet Code Insight Electronic Update Release Notes

FlexNet Code Insight Electronic Update Release Notes

Available Release Notes

The following are the Release Notes available for FlexNet Code Insight Electronic Update releases:

Changes in Update Released on 13-Sep-2021

Changes in Update Released on 30-Aug-2021

Changes in Update Released on 27-Jul-2021

Changes in Update Released on 24-Jun-2021

Changes in Update Released on 11-Jun-2021 

Changes in Update Released on 28-May-2021

Changes in Update Released on 14-May-2021

Changes in Update Released on 22-Apr-2021

Changes in Update Released on 10-Apr-2021

Changes in Update Released on 25-Mar-2021 

Changes in Update Released BET 20-Oct-2020  to 12-Mar-2021

Changes in Update Released on 20-Oct-2020 

Changes in Update Released on 11-Sep-2020 

Changes in Update Released on 28-Aug-2020

Changes in Update Released on 14-Aug-2020 

Changes in Update Released on 03-Aug-2020

Changes in Update Released on 17-Jul-2020   

Changes in Update Released on 30-Jun-2020    

Changes in Update Released on 15-Jun-2020  

Changes in Update Released on 01-Jun-2020  

Changes in Update Released on 18-May-2020  

Changes in Update Released on 04-May-2020  

Changes in Update Released on 17-Apr-2020  

Changes in Update Released on 3-Apr-2020  

Changes in Update Released on 13-Sep-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

 The following issues were addressed in the Update:

Issue ID

 Issue Summary

 SCA-37290

Validate and update invalid versions for kong-insomnia component.

SCA-36444

License Finder rules for OGC-1.0,OFL-1.1-RFN.

SCA-35816

Addition of Gitlab forge to the list of forge collection.

SCA-33593

Enhance license mapping capability for Nuget collector.

SCA-31981

Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library .

SCA-37371

Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp.

 New Component Detection Rules  

  • liblouis

Changes in Update Released on 30-Aug-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

 The following issues were addressed in the Update:

Issue ID

 Issue Summary

SCA-35866

Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0.

SCA-35970

Data - Vulnerability Dates update. "Publication Date" and 'Modified Date".

SCA-36442

License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc.

SCA-36894

License Mappings for "pylouis" component.

SCA-36946

Data : Forge detail is incorrect for log4php component.

SCA-37030

False Positive Vulnerabilities for "file - npmjs" component.

SCA-37147

Handle URL discrepancies & case sensitive titles for FSF forge.

SCA-36815

Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms.

SCA-37171

Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk.

SCA-37176

Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo.

SCA-37200

Update right URLs and title for code.google forge components.

SCA-37206

Mapping Vulnerability for json-smart-v1 and json-smart-v2.

SCA-35877

Updated components having URL discrepancies.

  

Changes in Update Released on 27-Jul-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-35948 NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge
SCA-35924 License mapping for the Pypi component "louis"
SCA-27819 Fixing nongnu.org 404 URL's
SCA-36610  Minio version license mapping
SCA-36607 Grafana version license mapping
SCA-36110 Update matplotlib license text
SCA-36128 Manual Collector: Kernel : lvm2 versions are wrongly added
SCA-35933 False Positive vulnerabilities in mariadb-java-client
SCA-35908 Invalid versions for microsoft-azuredatastudio component

Changes in Update Released on 24-Jun-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-34531  Update Matplotlib license text to version 3.4.1.
SCA-35177  New requests.
SCA-34953  Add components & license to reflib.
SCA-33894  CVE-2020-11971 associated with wrong components.
SCA-29232  Request to add component: logrotate.
SCA-30698  License Finder Rules for Matplotlib License.
SCA-35286  Unicode Terms of Use license not found in file.
SCA-35680  False positive GPL license detected for LGPL license text
SCA-25368  Request for identifying SPDX IDs.

Changes in Update Released on 11-Jun-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-35178 Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component.
SCA-35087 Deprecating invalid versions of Apache projects on github.
SCA-35022 SPDX license collection. (Around 87 new licenses).
SCA-33894 License Name and SPDX License Name should be the same.
SCA-33805 Elastic Kibana: Add License Finder Rules for Elastic License 2.0
SCA-30698 License Finder Rules for Matplotlib License

Changes in Update Released on 28-May-2021

This Update includes the changes described in the following sections.

 Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-34581 Add component Microsoft JDBC Driver for SQL Server and licenses.
SCA-34431 Deprecating invalid version vulnerability Mapping which are protected
SCA-33541 Vulnerabilities for Netmask and PHP git server
SCA-33251 Vulnerability Dates : Addition/correction of columns for publication date and last modified date.
SCA-30785 SPDX license collection to staging db. (Not yet released).

Changes in Update Released on 14-May-2021

This Update includes the changes described in the following sections.

 Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-34508  PYPI URL's format are not consistent throughout in PDL_Component .
SCA-34395  False positive vulnerabilities for tomcat components -  False PDL Mappings in PDL_COMP_VER_VULNERABILITY 
SCA-34213  Deprecating the version for Apache project invalid versions-Set2 
SCA-33485  The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult
SCA-32592  Deprecating the version for Apache project invalid versions.
SCA-30879  Linux Kernel versions release which was obsolete by an year and a half.
SCA-34289  Libstdcpp component 
SCA-34183  Add new licenses to license seed and schema.

Changes in Update Released on 22-Apr-2021

This Update includes the changes described in the following sections.

 Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-32074
License mismatch for popular components.
SCA-31667
License Acronym Data Changes for auto writeup rules..
SCA-29799
Inventory created with auto-writeup rules don't create with SPDX license ID
SCA-26931
Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *.

New Component Requests

  • lsof(Component ID: 27350567)
  • ntp(Component ID: 207771)
  • libtiff(Component ID:27350365)
  • gtk(Component ID: 27350362)
  • gnome-shell-extensions(Component ID: 27350363)
  • libgpg-error(Component ID: 27350364)
  • dracut(Component ID: 123809)
  • openssl-fips(Component ID: 27350368)
  • lvm2(Component ID: 27350367)
  • kbd(Component ID: 27350366)
  • lzo(Component ID: 63041)
  • treeview-with-columns(Component ID: 27350359)
  • replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360)
  • step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361)
  • strawberry-perl - 27344198)
  • run-postinsts - 27344199)
  • packagegroup-core-boot - 27344200)
  • sha-1-in-C-by-steve-reID: - 27344201)
  • zlib - 27344202)
  • watchdog(Component ID: 5403203)
  • perfmon2(Component ID: 53555)
  • ust(Component ID: 186075)
  • newmat(Component ID: 129995)
  • netbase(Component ID: 207639)
  • xml-pull-parser3(Component ID: 226748)
  • shadow-utils(Component ID: 5403445)
  • lipro-libftdi(Component ID: 7872851)
  • csha1(Component ID: 27341784)
  • timezonemap(Component ID: 27344433)

Changes in Update Released on 10-Apr-2021

  This Update includes the changes described in the following sections.

 Issues/Bugs Addressed

 The following issues were addressed in the Update:   

Issue ID

 Issue Summary

SCA-33801 License detection.xml changes for  PDL-2021-04-R1
SCA-31855 AutoWriteUp rules having outdated URLs
SCA-33557 Adding License - Purdue BSD-Style License
SCA-32649 Wrong (and hence fix) DOC Software License name and url
SCA-32983 Missing Elastic License for Elastic Kibana

New Component Requests

  • File-file (component ID: 3102572)
  • Cquicklist (component ID: 27337962)
  • Nfs-utils (component ID: 27336321)
  • Eglibc (component ID: 27337963)
  • Lcms (component ID: 7597)
  • Ti-rtos-mcu (component ID: 27336320)
  • High-speed-charting-control (component ID: 27330960)
  • Progress-control-with-text (component ID: 27330961)
  • Oscilloscope-stripchart-control (component ID: 27330962)
  • Skinx (component ID: 27330963)
  • Keymaps (component ID: 27333199)
  • Getprimarymacaddress (component ID: 27333200)
  • Sampleds (component ID: 27333201)
  • Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733)
  • Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779)
  • Trafficwatcher (component ID: 27334780)
  • Using-colors-in-cedit-and-cstatic (component ID: 27335822)
  • Gnu-which (component ID: 705519)
  • Eclipse-aspectj (component ID: 55748)

Changes in Update Released on 25-Mar-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:  

Issue ID

Issue Summary

SCA-32971  URL fix for DOC License
SCA-32253  Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline
SCA-31926  Update the missing license mappings for components-Phase1.
SCA-31800  Exception looking up rules' in FNCI Logs

New Component Requests

  • mph-2b-damase
  • simpleping
  • twain-developer-toolkit
  • texas-instruments-msp-430-lib-files
  • CppSQLite
  • CStdioFile
  • CTrayIcon
  • CXml
  • CXPGroupBox
  • A class to combine Slider Control and Progress Bar
  • A very simple solution for partial bitmap encryption
  • Adobe InDesign CC SDK
  • libcomposite
  • pango
  • Microsoft Windows Driver Kit - WDK

Changes in Update Released between 20-Oct-2020 to 11-Mar-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update: 

Issue ID

Issue Summary

SCA-27739  False Positives when scanned Oracle OpenJDK
SCA-28603  Unable to find a component that is identified as first level dependency
SCA-26834  Sun (Restricted) and Sun-IP Licenses not detected
SCA-29523  License discrepancy for CURL component
SCA-27024  Gnutls component missing vulnerabilities, versions and wrong url
SCA-30866  Hdf5 license (ID: 1224) is not correct
SCA-30797  Incorrect Licensing Detection for Microsoft .Net
SCA-30525  Component gpg-gnupg missing encryption flag
SCA-27722  Incorrect vulnerabilities matched with component versions for Rust 
SCA-32271  PDL_VULNERABILITY table is empty in the latest PDL update
SCA-33031  BOM: Discrepancies due to search term rule basics-vector

 New Component Detection Rules  

  • Setup.js
  • MD% algorithm class library
  • PhantomJs
  • Cefsharp
  • Virtual-dom v2.1.1
  • Named-js-regexp
  • MarkupSafe
  • OCHamcrest
  • OCMockito
  • Libsrtp
  • Ans_up
  • HockeySDK
  • Aimage
  • Ua-parser-js v0.7.10.
  • Autofac.Wcf
  • Vector.js
  • Untildify v3.0.2
  • Post-robot v7.0.15.
  • Axios
  • JSONTestSuite
  • Rpc-server.js

New Features incorporated.

Issue ID

Issue Summary

SCA-26848 CVSS 3.1 - Data Collection
SCA-26808 Add Vulnerability dates to PDL tables
SCA-26181 Component CPE Mapping

New Component Requests released. 

  • Isc bind
  • Canvas-toblob.js
  • Newrelic.opentracing.amazonlambda.tracer
  • Libepoxy
  • Tags
  • Json.net
  • Jquery-menu-aim-fw
  • Microsoft.appcenter for macos
  • Microsoft.appcenter.analytics for macos
  • Apache-apr
  • Cyan4973-lz4
  • Gnu-screen
  • Jamesflorentino-nanoscrollerjs
  • Mtd-utils
  • Npth
  • Pam
  • Eeepc-acpi-scripts
  • Sharpziplib
  • Mahapps.metro.simplechildwindow - nuget gallery
  • Wpfnotification - nuget gallery
  • Microsoft-windowsapicodepack-shellextensions - nuget gallery
  • Controlzex/controlzex - github
  • Mahapps.metro.iconpacks - nuget gallery
  • Mvvmlight - nuget gallery
  • Ini-parser - nuget gallery
  • Mahapps/mahapps.metro - github
  • Angular/angular-cli - github
  • System.data.sqlite.core - nuget gallery
  • System.data.sqlite.ef6.migrations - nuget gallery
  • Microsoft asp.net mvc 4 (***deprecated***)
  • Wxwindows library license
  • Wxwidgets
  • Karma-runner karma
  • Openssh - in c
  • Base-passwd
  • Init-ifupdown
  • Procps
  • Binutils
  • 7-zip
  • Kmod
  • Matplotlib
  • Scons - a software construction tool - scons
  • Tagish library
  • Qos-ch-slf4j
  • Flex - lexical scanner generator
  • Application insights persisted http channel
  • Cairo-pixman
  • Flat_hash_map
  • Fontconfig
  • Free type
  • Gnutls library
  • Tianmajs/libm - github
  • Libsoup
  • Microsoft.applicationinsights - nuget gallery
  • Slodge/mvvmcross - github
  • Pdfsharp - nuget gallery
  • Sharppdf
  • Twain data source manager
  • Twain sample data source and application - twain 2.0 sample data source
  • Windows driver kit (wdk) 8.0 samples for visual studio 2012
  • Microsoft/windows-universal-samples - github
  • Html agility pack
  • Microsoft.extensions.caching.abstractions
  • Microsoft.extensions.caching.memory
  • Microsoft.extensions.dependencyinjection.abstractions
  • Microsoft.extensions.options
  • Microsoft.extensions.primitives
  • Microsoft.netcore.platforms
  • System.componentmodel.annotations
  • System.runtime.compilerservices.unsafe
  • System.security.cryptography.xml
  • Microsoft.owin
  • Microsoft.owin.host.systemweb
  • Microsoft.owin.security
  • Mimemapping
  • Nconfiguration
  • Nlog
  • Nuget.commandline
  • Nunit
  • Restsharp
  • Closedxml
  • Apache cxf buildtools
  • Apache neethi
  • Weblinc-matchmedia
  • Twain/twain-dsm
  • Twain-twain-samples
  • Windows driver kit (wdk) 8.0 samples for visual studio 2012

Changes in Update Released on 20-Oct-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 20-Oct-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-28504

 Components information

SCA-28691

 NVD Feed : Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1)

SCA-27621

 Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component

SCA-28970

 NVD-Feed Fix and client release to Codeaware

SCA-17974

 Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong

SCA-28740

 With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4.

SCA-27773

 Search terms need to be improved for few components

SCA-28288

 False Positives for zlib and libjpeg

SCA-28508

 Components information

SCA-22072

 Stunnel support in DL

SCA-27119

 Missing versions

SCA-29156

 Pycryptodomex missing encryption flag

New Component Detection Rules in the 20-Oct-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Retry.js
  • Jquery-mobile for react
  • Expat (version released 2.2.6)
  • Novell.Directory.ldap
  • Spawn.js
  • Jquery-vsdoc.js
  • CodeMirror
  • NUnit.Framework.dll
  • Rsvp.js
  • Twbs-bootstrap and Mathiasbynens-jquery-placeholder
  • Libwebsockets
  • Globalize 1.1.1
  • CPU Topology
  • JSON v3.3.0
  • Pyomo v5.0.1
  • CPU Topology 1.2.8 Class library
  • Text-markdown
  • Json v2.1.1
  • V8
  • Libuv

Changes in Update Released on 11-Sep-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 11-Sep-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-27585

 Add component " History-event"(JQuery.history.js)

SCA-27738

 URL not working for freetype (Id: 1149) component

New Component Detection Rules in the 11-Sep-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • 7za.exe
  • Jazzy
  • D3.js
  • JSQR
  • Doube-conversion
  • HistoryEvent
  • Bind
  • Punycode.js
  • Gaearon-Redux

Changes in Update Released on 28-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 28-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-27456

 Missing OSS component-udev

SCA-27203

 Missing components – bind and jsqr

New Component Detection Rules in the 28-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Whiskas.py
  • ProtectedData
  • Dmidecode
  • Libsmbios

Changes in Update Released on 14-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 14-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-27191

 Add tungsten fabric components to Data Library

SCA-27024 

 Gnutls component missing vulnerabilities, versions and wrong url.

SCA-27084

 Libtiff license url needs to be updated

New Component Detection Rules in the 14-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • SWIG v3.0.2
  • VC Redistributable
  • Apple Installer Plugin
  • Appcenter-sdk-apple-3.0.0.tar.gz
  • Code Project - WSE 3 Deployment: MSI and ClickOnce
  • Wdksetup.exe
  • MobileNumericUpDown
  • Apple/cups
  • Mhook
  • GridAnimationDemo

Changes in Update Released on 03-Aug-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 03-Aug-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-26931
 Missing vulnerabilities.
SCA-26666
 
Missing Vulnerabilities for Apache Thrift 0.7.0

New Component Detection Rules in the 03-Aug-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • JQuery Mobile
  • JortSort
  • CLR Security Class library
  • BrockAllenCookieBasedTempdata.dll
  • StackExchange.Redis
  • Readline.js

Changes in Update Released on 17-Jul-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 17-Jul-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-25108
 Detection of xmlbeans 2.6.0 occurs twice
SCA-25905
 Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later
SCA-25907

 New components added

SCA-26134

 The component "app.min.js" is incorrectly mapped to the component "App( 62839)"

 

New Component Detection Rules in the 17-Jul-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Console.js
  • LowPriorityWarning.js
  • Nameddefine.js
  • Prettier.js
  • SQLite DLL
  • Pacman Unicode
  • D3 DES algorithm 5.09 Class library
  • JCanvas
  • Libxslt
  • Node-tmp
  • Libxml2

Changes in Update Released on 30-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 30-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-25608
 component "jodaorg-joda-time" has invalid license in list
SCA-25587
 Review licenses for timescale DB GitHub components
SCA-23003

 Collectors for  bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh,         openbsd,openflow,openssl.

 

New Component Detection Rules in the 30-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Node-Semver
  • Speex
  • Node-Static
  • node-tree-kill
  • node-winreg
  • node-xml2js

Changes in Update Released on 15-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 15-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-24724  Haproxy component missing 2.0.x versions

SCA-25348

 Add missing vulnerabilities to u-boot component

SCA-25416

 Errors in Oracle db during PDL Update
SCA-24986  UltrVNC - Missing latest versions and some versions are invalid
SCA-20156  Update component 302760 to important = true
SCA-22232  Missing component versions
SCA-24984  Component versions out of date

 

New Component Detection Rules in the 15-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Cross-BrowserSplit.
  • Chromium-Breakpad.
  • Request.js
  • Sauce.js
  • IsEventSupported.js
  • Pubsuffix.js
  • Node-ssl-root-cas(test-tunnel.js)

Changes in Update Released on 01-Jun-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 01-Jun-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-24867

[Juniper Networks, Inc.] gnu-gcc component is showing invalid versions

SCA-25010

AMD: CodeAware Improper Identification of License for JQUERY Component.

 

New Component Detection Rules in the 01-Jun-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • Connect-nocache.
  • typescript.js
  • aphrodite.js
  • Newtonsoft.Json.dll
  • tipsy v1.0.0a(jquery.tipsy.js,tipsy.css).
  • prism.js
  • systemjs
  • Microsoft Ajax Minifier

Changes in Update Released on 18-May-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 18-May-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-23316

OGIS: License detection is different in CodeAware and Auto-Analysis

SCA-22382

OGIS: Request to Add New Components and Versions

SCA-24622

Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL

SCA-24711

Citrix: False positives CVEs

 

New Component Detection Rules in the 18-May-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • bootstrap-select.js
  • bootstrap-toggle.min.js
  • React-pull-to-referesh
  • rx.all.js
  • narwhal.js
  • bootstrap-checkbox v1.4.0
  • IKVM.NET(IKVM.Reflection.dll).

Changes in Update Released on 04-May-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 04-May-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-22381

Component 'ring' from crates.io forge missing license and encryption flag

SCA-22542

Encryption flag not set for 'rust-openssl' component

SCA-24708

Incorrect discovery of 'Primefaces-PrimeNG' component

 

New Component Detection Rules in the 04-May-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • jquery.scrollTo-min.js, MatrixMath.js,  jQuery.tmpl.js, lws-common.js
  • React Router
  • jsDump
  • Reflect-Metadata
  • NDesk.Options(.dll)
  • MSBuild Community Tasks(.dll)

Changes in Update Released on 17-Apr-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 17-Apr-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-23823

Few vulnerabilities not reported

SCA-24365

Invalid URL for 'lyceum' component

SCA-20305

Component 'apache-cordova-plugin-inappbrowser' has incorrect versions

SCA-18198

Incorrect vulnerability mapping for 'Docker' component

SCA-23837

Added rdklib (pypi) to the library

 

New Component Detection Rules in the 17-Apr-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • webperftest
  • jquery.color.js
  • knockout
  • Irrlicht(.dll file)
  • jQuery(build_markdown.js)
  • React Developer Tools(getReactData.js)
  • moment.js,regex.js, moment-with-locales.js

Changes in Update Released on 3-Apr-2020

This Update includes the changes described in the following sections.

Issues Addressed in the 3-Apr-2020 Release

The following issues were addressed in the Update:

Issue ID

Issue Summary

SCA-22116

Invalid version specified for 'tpm2-tss-engine'

SCA-23712

Added 'SunPro' license to the library

SCA-22982

Incorrect URLs for few Ibiblio Maven2 components

SCA-20314

Licenses are not mapped for latest versions of 'pygresql' component (22014048)

SCA-21928

Component 'pycountry-convert' needs to be updated with latest details

SCA-19891

Invalid versions associated to the component 'c-ares'

SCA-15411

Incorrect details for component 'systemd-systemd'

 

New Component Detection Rules in the 13-Mar-2020 Release

This Update introduces new Automated Analysis rules for the following components:

  • vector.js
  • webcomponent.js
  • globalize.js
  • OCMock
  • Bezier-Easing
  • Punycode(.js File)
  • Sphinx
  • StructureMap
  • cors
  • jQuery validation plug-in v1.6
  • jQuery Easing v1.3

 

 

Was this article helpful? Yes No
No ratings
Version history
Revision #:
44 of 44
Last update:
‎Sep 13, 2021 08:37 AM
Updated by: