- Revenera Community
- :
- Code Insight
- :
- Code Insight Knowledge Base
- :
- FlexNet Code Insight Electronic Update Release Notes
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
FlexNet Code Insight Electronic Update Release Notes
FlexNet Code Insight Electronic Update Release Notes
Available Release Notes
The following are the Release Notes available for FlexNet Code Insight Electronic Update releases:
Changes in Update Released on 24-March-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|
SCA-44498, SCA-44503, SCA-45457 |
Integration of PURL to Alpine, Rubygems, Go in the data library |
|
SCA-46214 |
Generic Mapper is an addition to our vulnerability mappers . This is an enhancement to the existing NPMJS mapper to include Maven and Packagist and make it a generic one. |
Updated/Added license detection capability and license evidence mechanism for:
- 3dfx Glide License
- Academic Free License v1.1
- Academic Free License v1.2
- Academic Free License v2.0
- Academic Free License v2.1
- Academic Free License v3.0
- Adaptive Public License 1.0
- Adobe Systems Incorporated Source Code License Agreement
- Giftware License
- Adobe Glyph List License
- Apple Public Source License 1.0
- Apple Public Source License 1.1
- Apple Public Source License 1.2
- Apple Public Source License 2.0
- Artistic License 1.0
- Artistic License 2.0
- Beerware License
- eCos license version 2.0
- Educational Community License v1.0
- Educational Community License v2.0
- Educational Community License v2.0
- Attribution Assurance License
- Apache License 1.0
- Apache License 1.1
- Apache License 2.0
- Eiffel Forum License v1.0
- Eiffel Forum License v2.0
- Amazon Digital Services License
- ANTLR Software Rights Notice
- ANTLR Software Rights Notice with license fallback
- Adobe Postscript AFM License
Collector Status :
| Name |
Date of Last Successful Run |
| npm | 1/31/2023 |
| crates | 8/25/2022 |
| cpan | 3/23/2023 |
| clojars | 2/9/2023 |
| rubygems | 3/23/2023 |
| maven-google | 2/10/2023 |
| cran | 3/18/2023 |
| hackage | 2/12/2023 |
| packagist | 2/5/2023 |
| go | 3/24/2023 |
| pypi | 2/13/2023 |
| nuget gallery | 3/16/2023 |
| maven2-ibiblio | 1/18/2023 |
| github | 2/14/2023 |
| fedora-koji | 2/13/2023 |
| alpine | 3/22/2023 |
| gitlab | 11/19/2022 |
Changes in Update Released on 10-March-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-44820 |
NPM Notices Text : Fixing the Missing release_license_text mappings for Npm components |
|
SCA-46203, SCA-44502 |
Integration of PURL to the collectors Npmjs and Nuget |
|
SCA-47061 |
Addition of cocoapods forge to our data library |
|
SCA-46161, SCA-46144, SCA-42593, SCA-46477 |
Fixed false positive vulnerabilities for components like android-json, prometheus_client 0.15.0, jqueryui , Microsoft Reportviewer and Microsoft vcruntime etc |
Updated/Added license detection capability and license evidence mechanism for:
- Sendmail
- SISSL
- SISSL-1.2
- SMLNJ
- SMPPL
- SNIA
- Spencer-86
- Spencer-94
- Spencer-99
- TCL
- TCP-wrappers
- TORQUE-1.1
- TOSL
- u-boot-exception-2.0
- Unicode-DFS-2015
- Unicode-DFS-2016
- Unicode-TOU
- UPL-1.0
- VOSTROM
- W3C-20150513
- W3C-19980720
- Wsuipa
- WTFPL
- X11
- Xerox
- Xpp
- XSkat
- Zed
- Zimbra-1.4
- Zimbra-1.3
- zlib-acknowledgement
- zlib
- UCL-1.0
- SSPL-1.0
- SHL-0.5
- SHL-0.51
- Sendmail-8.23
- PSF-2.0
- TAPR-OHL-1.0
- PolyForm-Small-Business-1.0.0
- PolyForm-Noncommercial-1.0.0
- Parity-7.0.0
- Parity-6.0.0
- OGL-UK-1.0
- OGL-UK-2.0
- OGL-UK-3.0
- OGL-Canada-2.0
- OGDL-Taiwan-1.0
- TU-Berlin-1.0
- TU-Berlin-2.0
- SSH-OpenSSH
- SSH-short
Collector Status :
| Name |
Date of Last Successful Run |
| npm | 1/31/2023 |
| crates | 8/25/2022 |
| cpan | 2/9/2023 |
| clojars | 2/9/2023 |
| rubygems | 2/10/2023 |
| maven-google | 2/10/2023 |
| cran | 2/11/2023 |
| hackage | 2/12/2023 |
| packagist | 2/13/2023 |
| go | 2/14/2023 |
| pypi | 2/15/2023 |
| nuget gallery | 2/15/2023 |
| maven2-ibiblio | 1/18/2023 |
| github | 2/15/2023 |
| fedora-koji | 2/15/2023 |
| alpine | 2/15/2023 |
| gitlab | 11/19/2022 |
Changes in Update Released on 24-February-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-46545 |
Update License URL of OpenPBS License v2.3 in the data library |
|
SCA-44499 |
Integration of Purl to Cran collector |
Collector Status :
| Name |
Date of Last Successful Run |
| gitlab | 11/19/2022 |
| npm | 1/31/2023 |
| crates | 8/25/2022 |
| cpan | 2/9/2023 |
| clojars | 2/9/2023 |
| rubygems | 2/10/2023 |
| maven-google | 2/10/2023 |
| cran | 2/11/2023 |
| hackage | 2/12/2023 |
| packagist | 2/13/2023 |
| go | 2/14/2023 |
| alpine | 2/15/2023 |
| fedora-koji | 2/15/2023 |
| pypi | 2/15/2023 |
| github | 2/15/2023 |
| nuget gallery | 2/15/2023 |
| maven2-ibiblio | 1/18/2023 |
Changes in Update Released on 20-February-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to OpenSSL component:
Added vulnerability information to the following openSSL components
- openssl(id: 58316) - https://www.openssl.org
- openssl-openssl (id: 416271) - https://github.com/openssl/openssl
- openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl
related to vulnerability CVEs
- CVE-2023-0286 (https://nvd.nist.gov/vuln/detail/CVE-2023-0286)
- CVE-2022-4304 (https://nvd.nist.gov/vuln/detail/CVE-2022-4304)
- CVE-2023-0215 (https://nvd.nist.gov/vuln/detail/CVE-2023-0215)
- CVE-2022-4450 (https://nvd.nist.gov/vuln/detail/CVE-2022-4450)
- CVE-2023-0216 (https://nvd.nist.gov/vuln/detail/CVE-2023-0216)
- CVE-2023-0217 (https://nvd.nist.gov/vuln/detail/CVE-2023-0217)
- CVE-2023-0401 (https://nvd.nist.gov/vuln/detail/CVE-2023-0401)
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-45980 |
Review and add the license priority for "commercial license" in licenses table |
Updated/Added license detection capability and license evidence mechanism for:
- PostgreSQL
- psfrag
- psutils
- Qhull
- QPL-1.0
- Rdisc
- RSA-MD
- Saxpath
- SCEA
New/Update Component Requests:
- krig-parallax
- inuitcss-generic.normalize
Collector Status :
| Name |
Date of Last Successful Run |
| gitlab | 11/19/2022 |
| maven2-ibiblio | 1/18/2023 |
| alpine | 2/8/2023 |
| npm | 1/31/2023 |
| crates | 8/25/2022 |
| cpan | 2/9/2023 |
| clojars | 2/9/2023 |
| rubygems | 2/10/2023 |
| maven-google | 2/10/2023 |
| cran | 2/11/2023 |
| hackage | 2/12/2023 |
| fedora-koji | 2/12/2023 |
| packagist | 2/13/2023 |
| go | 2/14/2023 |
| pypi | 2/15/2023 |
| github | 2/15/2023 |
| nuget gallery | 2/15/2023 |
Changes in Update Released on 30-January-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-45333 |
SPDX Collector: Populate license_attribute values for all the licenses |
Updated/Added license detection capability and license evidence mechanism for:
- NetCDF
- Newsletr
- NLOD-1.0
- NLOD-2.0
- NLPL
- OLDAP-1.1
- OLDAP-1.2
- OLDAP-1.3
- OLDAP-1.4
- OLDAP-2.0
- OLDAP-2.0.1
- OLDAP-2.1
- OLDAP-2.2
- OLDAP-2.2.1
- OLDAP-2.2.2
- OLDAP-2.4
- OLDAP-2.5
- OLDAP-2.6
- OLDAP-2.7
Addition of missing vulnerability mappings for the following components:
- Tcexam
Collector Status :
|
Name |
Date of Last Successful Run |
|
crates |
8/25/2022 |
|
gitlab |
11/19/2022 |
|
maven2-ibiblio |
1/18/2023 |
|
go |
1/23/2023 |
|
cpan |
1/19/2023 |
|
fedora-koji |
1/23/2023 |
|
clojars |
1/19/2023 |
|
rubygems |
1/20/2023 |
|
maven-google |
1/20/2023 |
|
cran |
1/21/2023 |
|
hackage |
1/22/2023 |
|
packagist |
1/23/2023 |
|
npm |
1/23/2023 |
|
nuget gallery |
1/18/2023 |
|
alpine |
1/18/2023 |
|
pypi |
1/18/2023 |
|
github |
1/23/2023 |
Changes in Update Released on 12-January-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-45214 |
Fixed missing vulnerability issue for component dom4j |
| SCA-44820 |
Fixed the missing release_license_text mappings for Npm components |
Updated/Added license detection capability and license evidence mechanism for:
-
MITNFA
-
mpich2
-
MTLL
-
Mup
-
NBPL-1.0
-
OSET-PL-2.1
-
Plexus
-
Artistic-1.0
-
Artistic-1.0-cl8
-
Artistic-1.0-Perl
-
Artistic-2.0
-
Noweb
-
NRL
-
Nunit
-
OCCT-PL
-
OML
New/Update Component Requests:
- Microsoft Capicom
- Microsoft Enterprise Library 5
- Microsoft .NET Framework
Collector Status :
| Name | Date of Last Successful Run |
| crates | 8/25/2022 |
| gitlab | 11/19/2022 |
| maven2-ibiblio | 12/22/2022 |
| go | 1/4/2023 |
| cpan | 1/5/2023 |
| fedora-koji | 1/5/2023 |
| clojars | 1/5/2023 |
| rubygems | 1/6/2023 |
| maven-google | 1/6/2023 |
| cran | 1/7/2023 |
| hackage | 1/8/2023 |
| packagist | 1/9/2023 |
| npm | 1/10/2023 |
| nuget gallery | 1/10/2023 |
| alpine | 1/11/2023 |
| pypi | 1/11/2023 |
| github | 1/11/2023 |
Changes in Update Released on 22-December-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44946 |
Nuget version level licenses - Support for new licenses |
| SCA-44702 |
Update the Component versions for nvuillam-npm-groovy-lint |
Updated/Added license detection capability and license evidence mechanism for:
-
Leptonica
-
LGPLLR
-
libtiff
-
LiLiQ-P-1.1
-
LiLiQ-Rplus-1.1
-
LiLiQ-R-1.1
-
MakeIndex
-
Net-SNMP
Collector Status :
| Name | Date of Last Successful Run |
| crates | 8/25/2022 |
| gitlab | 11/19/2022 |
| cpan | 12/15/2022 |
| clojars | 12/15/2022 |
| rubygems | 12/16/2022 |
| maven-google | 12/16/2022 |
| cran | 12/17/2022 |
| hackage | 12/18/2022 |
| packagist | 12/19/2022 |
| alpine | 12/21/2022 |
| fedora-koji | 12/21/2022 |
| npm | 12/21/2022 |
| pypi | 12/21/2022 |
| nuget gallery | 12/21/2022 |
| go | 12/22/2022 |
| github | 12/22/2022 |
| maven2-ibiblio | 12/22/2022 |
Changes in Update Released on 08-December-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44052 |
Added Spice Software License and detection rules. |
| SCA-43599 |
Nuget Collector: Enhancement to collect version level licenses. |
| SCA-44396 |
Invalid URL's in the description for some of the components. |
| SCA-44439 |
Alpine Collector Enhancements - Version Level Date Enhancements. |
| SCA-44438 |
Alpine Collector Enhancements - RepoURL Enhancements. |
Updated/Added license detection capability and license evidence mechanism for:
- ICU
- ImageMagick
- Intel-ACPI
- Interbase-1.0
- JasPer-2.0
- LAL-1.2
- LAL-1.3
- GL2PS
- Glulxe
- Gnuplot
- FSFUL
- HaskellReport
- IBM-pibs
- Latex2e
New/Update Component Requests
- None
Collector Status :
| Name | Date of Last Successful Run |
| crates | 8/25/2022 |
| npm | 12/08/2022 |
| pypi | 10/18/2022 |
| alpine | 11/30/2022 |
| gitlab | 11/19/2022 |
| cpan | 12/08/2022 |
| rubygems | 12/08/2022 |
| clojars | 12/08/2022 |
| github | 12/07/2022 |
| maven-google | 12/02/2022 |
| fedora-koji | 12/07/2022 |
| cran | 12/03/2022 |
| nuget gallery | 12/01/2022 |
| hackage | 12/04/2022 |
| packagist | 12/04/2022 |
| go | 12/07/2022 |
| maven2-ibiblio | 11/28/2022 |
Changes in Update Released on 29-November-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44021 |
Addition of Go vulnerability mapper to the list of our automated vulnerability mappers |
| SCA-44283 |
Added the license Microsoft .Net Compiler Platform Redistributable Packages Preview to the data library |
| SCA-44290 |
Updated the invalid urls of few Go forge components like Alamofire/AlamofireImage, BoltsFramework/Bolts-Swift and bitstadium/hockeykit. |
| SCA-44376 |
Updating license information for the components jquery (id: 3526090) |
| SCA-44397, SCA-43635 |
Fixed false positive vulnerability for the components like system.threading.tasks nuget package and MySQL NPM module. |
Updated/Added license detection capability and license evidence mechanism for:
-
Qt-GPL-exception-1.0.txt
-
SchemeReport.txt
-
SWL.txt
-
Universal-FOSS-exception-1.0.txt
-
X11-distribute-modifications-variant.txt
-
XSkat.txt
-
CECILL-1.0
-
CECILL-1.1
-
CECILL-2.0
-
CECILL-2.1
-
CECILL-B
-
CECILL-C
-
MPL-1.0
-
MPL-1.1
-
MPL-2.0
-
MPL-2.0-no-copyleft-exception
-
NPL-1.0
-
NPL-1.1
-
MIT License
-
MIT-open-group
-
X11
-
X11-distribute-modifications-variant
-
XSkat
-
SWL
-
SchemeReport
New/Update Component Requests
- XIPH Flac
- XORG XServer
Collector Status :
| Name | Date of Last Successful Run |
| crates | 8/25/2022 |
| npm | 10/11/2022 |
| pypi | 10/18/2022 |
| alpine | 11/8/2022 |
| gitlab | 11/19/2022 |
| cpan | 11/24/2022 |
| rubygems | 11/24/2022 |
| clojars | 11/24/2022 |
| github | 11/24/2022 |
| maven-google | 11/25/2022 |
| fedora-koji | 11/26/2022 |
| cran | 11/26/2022 |
| nuget gallery | 11/26/2022 |
| hackage | 11/27/2022 |
| packagist | 11/28/2022 |
| go | 11/28/2022 |
| maven2-ibiblio | 11/28/2022 |
Changes in Update Released on 11-November-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44237 |
Addition of missing vulnerabilities for junit(componentId: 437385) |
| SCA-44183 |
Addition of missing vulnerabilities for xercesimpl and spring-data-mongodb |
| SCA-44075 |
Update license text for the license Microsoft .NET Library License |
| SCA-44065 | Fixing license evidences for net-tools component |
| SCA-41333 | Addition of Alpine forge to list of our forge data collection |
Updated/Added license detection capability and license evidence mechanism for:
-
mplus.txt
-
MulanPSL-1.0.txt
-
MulanPSL-2.0.txt
-
NAIST-2003.txt
-
NCGL-UK-2.0.txt
-
NIST-PD-fallback.txt
-
NIST-PD.txt
-
NTP-0.txt
-
O-UDA-1.0.txt
-
ODC-By-1.0.txt
-
OpenJDK-assembly-exception-1.0.txt
-
OPUBL-1.0.txt
-
MIT-0
-
MIT-CMU
-
MIT-enna
-
MIT-feh
-
MIT-Modern-Variant.txt
-
MIT-open-group.txt
New/Update Component Requests
- Google Play Services Android
- android-support-library-v13
- TrafficWatcher
- ata-project
- Telerik UI for ASP.NET MVC Components
- Microsoft.Data.SqlClient.SNI.runtime
- microsoft.aspnet.webapi.tracing
- Microsoft SQL Server Compact 3.5 Service Pack 2
Collector Status :
| Name | Date of Last Successful Run |
| alpine | 11/8/2022 |
| crates | 8/25/2022 |
| npm | 10/11/2022 |
| pypi | 10/18/2022 |
| cran | 10/22/2022 |
| maven2-ibiblio | 10/27/2022 |
| clojars | 11/3/2022 |
| rubygems | 11/3/2022 |
| maven-google | 11/4/2022 |
| cpan | 11/4/2022 |
| nuget gallery | 11/5/2022 |
| hackage | 11/6/2022 |
| packagist | 11/7/2022 |
| go | 11/9/2022 |
| github | 11/9/2022 |
| gitlab | 11/9/2022 |
| fedora-koji | 11/10/2022 |
Changes in Mini Update Released on 02-November-2022
This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to OpenSSL component:
Added vulnerability information to the following openSSL components
- openssl(id: 58316) - https://www.openssl.org
- openssl-openssl (id: 416271) - https://github.com/openssl/openssl
- openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl
related to vulnerability CVEs
- CVE - 2022-3786 (https://nvd.nist.gov/vuln/detail/CVE-2022-3786 )
- CVE - 2022-3602 (https://nvd.nist.gov/vuln/detail/CVE-2022-3602 )
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44311 |
Addition of new vulnerabilities related to OpenSSL component |
Changes in Mini Update Released on 21-October-2022
This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache Commons Text component:
Added vulnerability information to the apache-commons-text component (https://github.com/apache/commons-text ) related to vulnerability cve
- CVE-2022-42889 (https://nvd.nist.gov/vuln/detail/CVE-2022-42889 )
|
Issue ID |
Issue Summary |
|---|---|
| SCA-44223 |
Mapping new vulnerability CVE-2022-42889 to the component apache-commons-text |
Changes in Update Released on 18-October-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-43662 |
Addition of latest versions for the component Akka |
| SCA-43253 |
Fixing the version information for the component https://github.com/Sequel-Ace/Sequel-Ace. |
| SCA-42544 |
Fixing false positive vulnerabilities for the component jquery UI |
Updated/Added license detection capability and license evidence mechanism for:
-
CERN-OHL-1.1.txt
-
CERN-OHL-1.2.txt
-
CERN-OHL-P-2.0.txt
-
CERN-OHL-S-2.0.txt
-
CERN-OHL-W-2.0.txt
-
CC-BY-3.0-AT.txt
-
CC-BY-3.0-DE.txt
-
CC-BY-3.0-NL.txt
-
CC-BY-NC-3.0-DE.txt
-
CC-BY-NC-ND-3.0-DE.txt
-
CC-BY-NC-SA-2.0-FR.txt
-
CC-BY-NC-SA-3.0-DE.txt
-
CC-BY-ND-3.0-DE.txt
-
CC-BY-SA-2.1-JP.txt
-
CC-BY-SA-3.0-AT.txt
-
CC-BY-SA-3.0-DE.txt
-
CDLA-Permissive-2.0.txt
-
COIL-1.0.txt
-
DL-DE-BY-2.0.txt
-
FDK-AAC.txt
-
Jam.txt
-
Linux-man-pages-copyleft.txt
-
KiCad-libraries-exception.txt
New/Update Component Requests
- zyantific/zycore-c
New Component Detection Rules
- aide/aide
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 8/5/2022 |
| crates | 8/25/2022 |
| hackage | 10/9/2022 |
| maven2-ibiblio | 10/10/2022 |
| npm | 10/11/2022 |
| pypi | 10/12/2022 |
| clojars | 10/13/2022 |
| cpan | 10/13/2022 |
| rubygems | 10/13/2022 |
| maven-google | 10/14/2022 |
| fedora-koji | 10/14/2022 |
| cran | 10/15/2022 |
| go | 10/17/2022 |
| github | 10/17/2022 |
| nuget gallery | 10/17/2022 |
| packagist | 10/17/2022 |
Changes in Update Released on 23-September-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-43521 |
Fixed false positives in license detection and license evidence mechanism for licenses like 0BSD, ISC and MIT. |
| SCA-42852 |
Updated version information for NPMJS components like @aws-sdk/client-dynamodb and @aws-sdk/client-dynamodb-streams |
Addition of missing vulnerability mappings for the following components :
- atomic
- crypto-utils
- fedmsg
- fedora-arm-installer
- python-fedora
- sectool
- coolkey
- sssd
- anaconda
- newsx
- rpmdevtools
- cronie
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 8/5/2022 |
| crates | 8/25/2022 |
| clojars | 9/15/2022 |
| maven2-ibiblio | 9/15/2022 |
| cpan | 9/15/2022 |
| rubygems | 9/15/2022 |
| maven-google | 9/16/2022 |
| cran | 9/17/2022 |
| nuget gallery | 9/18/2022 |
| hackage | 9/18/2022 |
| packagist | 9/18/2022 |
| npm | 9/20/2022 |
| go | 9/21/2022 |
| pypi | 9/21/2022 |
| github | 9/21/2022 |
| fedora-koji | 9/21/2022 |
Changes in Mini Update Released on 13-September-2022
This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to commons_configuration2 component:
- Added vulnerability information to the commons_configuration2 maven component (https://mvnrepository.com/artifact/org.apache.commons/commons-configuration2 ) related to vulnerability cves,
- CVE-2022-33980 (https://nvd.nist.gov/vuln/detail/CVE-2022-33980 )
- CVE-2020-1953 (https://nvd.nist.gov/vuln/detail/CVE-2020-1953)
|
Issue ID |
Issue Summary |
|---|---|
| SCA-43592 |
Missing vulnerabilityCVE-2022-33980 for the component commons_configuration2 |
| SCA-43114 |
Updating component information for components like entityframework, mailbee.net and microsoft.sqlserver.sqlmanagementobjects. |
Changes in Update Released on 09-September-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-43115 |
Addition of new licenses to reflib like AfterLogic Software License Agreement , Entity Framework 5.0 For Microsoft Windows Operating System and Microsoft SQL SERVER 2017 Shared Management Objects. |
Updated/Added license detection capability and license evidence mechanism for:
-
EPICS.txt
-
etalab-2.0.txt
-
copyleft-next-0.3.0.txt
-
copyleft-next-0.3.1.txt
-
GD.txt
-
GLWTPL.txt
-
Hippocratic-2.1.txt
-
HPND-sell-variant.txt
-
HTMLTIDY.txt
-
JPNIC.txt
-
libpng-2.0.txt
-
libselinux-1.0.txt
-
Linux-OpenIB.txt
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 8/5/2022 |
| maven2-ibiblio | 8/22/2022 |
| clojars | 9/1/2022 |
| crates | 8/25/2022 |
| cpan | 9/1/2022 |
| rubygems | 9/1/2022 |
| maven-google | 9/2/2022 |
| hackage | 9/4/2022 |
| nuget gallery | 9/5/2022 |
| packagist | 9/5/2022 |
| go | 9/6/2022 |
| pypi | 9/6/2022 |
| cran | 9/7/2022 |
| github | 9/7/2022 |
| fedora-koji | 9/7/2022 |
| npm | 9/7/2022 |
Changes in Update Released on 29-August-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-42217 |
BSD 3-Clause license text not detected |
| SCA-43300 |
Fixed license detection and license evidence mechanism for dvipdfm license to avoid false positives |
Updated/Added license detection capability and license evidence mechanism for:
-
0BSD
-
BSD-1-Clause
-
BSD-3-Clause-Modification
-
BSD-3-Clause-No-Military-License
-
BSD-3-Clause-Open-MPI.txt
New/Update Component Requests
- jridgewell/gen-mapping
- jridgewell/set-array
- jridgewell/sourcemap-codec
- CPUID CPU-Z
- get-image-file-type-programmatically-in-swift
- swift-5-4-hex-to-nscolor
- SNMP++ API
- supports-preserve-symlinks-flag
Addition of missing vulnerability mappings for the following components :
- bwm-ng
- mattermost_server
- snipe-it
- cgal
- caldera-forms
Collector Status :
| Name | Date of Last Successful Run |
| fedora-koji | 8/2/2022 |
| gitlab | 8/5/2022 |
| cpan | 8/18/2022 |
| rubygems | 8/18/2022 |
| maven-google | 8/19/2022 |
| cran | 8/20/2022 |
| nuget gallery | 8/21/2022 |
| hackage | 8/21/2022 |
| maven2-ibiblio | 8/22/2022 |
| packagist | 8/22/2022 |
| go | 8/23/2022 |
| github | 8/24/2022 |
| crates | 8/24/2022 |
| npm | 8/24/2022 |
| clojars | 8/25/2022 |
| pypi | 8/26/2022 |
Changes in Update Released on 12-August-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-42725 |
Fixed False positive vulnerabilities related to SQL Lite |
| SCA-31133 |
Addition of Nuget vulnerability mapper to the list of vulnerability mappers |
| SCA-42767 | Updated license information for the components datatables-fixedcolumns and datatables-tabletools in our data library |
| SCA-43007 |
GNU Library General Public License v2 or later (LGPL-2.0-or-later) License Evidence is not being detected for gettext.c file |
Updated/Added license detection capability and license evidence mechanism for:
- LGPL-2.0-or-later
- SPDX licenses with additional clauses
-
App-s2p
-
Baekmuk
-
blessing
-
BlueOak-1.0.0
-
C-UDA-1.0
New/Update Component Requests
- FixedColumns
- Autofill
- Tabletools
New Component Detection Rules:
- Tabletools.js and Tabletools.min.js
- FixedColumns.js and FixedColumns.min.js
Collector Status :
| Name | Date of Last Successful Run |
| maven2-ibiblio | 7/28/2022 |
| fedora-koji | 8/2/2022 |
| clojars | 8/4/2022 |
| cpan | 8/4/2022 |
| rubygems | 8/4/2022 |
| maven-google | 8/5/2022 |
| gitlab | 8/5/2022 |
| cran | 8/6/2022 |
| nuget gallery | 8/6/2022 |
| hackage | 8/7/2022 |
| packagist | 8/8/2022 |
| go | 8/9/2022 |
| pypi | 8/10/2022 |
| github | 8/10/2022 |
| crates | 8/10/2022 |
| npm | 8/10/2022 |
Changes in Update Released on 18-July-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
GPL-AGPL-LGPL License Cleanup
There are three issues we are addressing as part of this GPL-AGPL-LGPL License data cleanup project:
Example: jquery 6.2.0 (GPL-1.0)
Here GPL-1.0 is the license with the short name associated with the component jquery.
1. Short Name Change
When a particular license short name is changed and released as part of an electronic update, the short name is not automatically propagated to the inventory items with that selected license. For example, when we change the short name of license id 343 from "GPL-1.0” to “GPL-1.0-only” in an electronic update, the existing inventory items names with that selected license will not be updated.
2. Component to License Mapping Change
When the component to license mapping is changed, let’s say jquery is mapped with "Apache-2.0" in the electronic update, then this new mapping wouldn’t be propagated to existing inventory items. This results in inconsistency between the license mapping, existing inventory items, and future inventory items using the new license mapping.
3. Duplicate entry cleanup
After running the cleanup scripts, there are possibility of having duplicate entries for the licenses which had mappings in component table and versions table. In our case, we have mappings for 3 licenses, i.e LGPL-2.1-or-later(License_id=704), AGPL-1.0-only(License_id=1654) and AGPL-3.0-only(License_id=229).
Note : Around 16 GPL-AGPL-LGPL related licenses are updated and workaround has been provided for necessary scenarios.
Please refer the article on GPL-LGPL-AGPL License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-GPL-LGPL-AGPL-License-Data-Cleanup-Project/ta-p/240679
|
Issue ID |
Issue Summary |
|---|---|
| SCA-40135 |
Updating the GPL related licenses in the data library according to SPDX |
| SCA-40180, SCA-41672 |
Preparation of scripts related to changes made to GPL, LGPL and AGPL licenses. |
| SCA-42149 |
Updated version information for the component minimist. |
Updated/Added license detection capability and license evidence mechanism for GPL-LGPL-AGPL related licenses (part of GPL-AGPL-LGPL license cleanup activity):
- AGPL-1.0-only
- AGPL-1.0-or-later
- AGPL-3.0-only
- AGPL-3.0-or-later
- GPL-1.0-only
- GPL-1.0-or-later
- GPL-2.0-only
- GPL-2.0-or-later
- GPL-3.0-only
- GPL-3.0-or-later
- LGPL-2.0-only
- LGPL-2.0-or-later
- LGPL-2.1-only
- LGPL-2.1-or-later
- LGPL-3.0-only
- LGPL-3.0-or-later
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 5/13/2022 |
| maven2-ibiblio | 6/30/2022 |
| nuget gallery | 7/4/2022 |
| clojars | 7/7/2022 |
| cpan | 7/7/2022 |
| rubygems | 7/7/2022 |
| cran | 7/9/2022 |
| maven-google | 7/9/2022 |
| hackage | 7/10/2022 |
| packagist | 7/11/2022 |
| go | 7/12/2022 |
| pypi | 7/13/2022 |
| github | 7/13/2022 |
| crates | 7/13/2022 |
| fedora-koji | 7/13/2022 |
| npm | 1/30/2022 |
Changes in Update Released on 07-July-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-42146 |
Addition of the license EDL 1.0 to PDL. |
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 5/13/2022 |
| npm | 1/30/2022 |
| pypi | 6/29/2022 |
| crates | 6/29/2022 |
| clojars | 6/30/2022 |
| maven2-ibiblio | 6/30/2022 |
| cpan | 6/30/2022 |
| rubygems | 6/30/2022 |
| maven-google | 7/1/2022 |
| go | 7/1/2022 |
| cran | 7/2/2022 |
| fedora-koji | 7/2/2022 |
| hackage | 7/3/2022 |
| github | 7/4/2022 |
| nuget gallery | 7/4/2022 |
| packagist | 7/4/2022 |
Changes in Mini Update Released on 28-June-2022
This is a Mini PDL update release which is considerably smaller in size, containing data related to a specific component and a CVE.
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to jenkins component:
- Added the latest vulnerability information for jenkins component (Component id : 191327) related to vulnerability CVE-2022-34175 (https://nvd.nist.gov/vuln/detail/CVE-2022-34175)
|
Issue ID |
Issue Summary |
|---|---|
| SCA-39993 |
Miniature PDL package creation and processing in product |
Changes in Update Released on 15-June-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-40437 |
Addition of Go Collector to the list of collectors Collected Batch 1- 50000 packages. |
| SCA-42001 |
Fixed license information for the component 'setuptools'. |
| SCA-42030 |
Fixed license information for the component 'react-leaflet'. |
| SCA-42040 |
Fixed license information for the component 'pillow'. |
| SCA-42108 |
Updated component-version information for the component 'url-parse'. |
Collector Status :
| Name | Date of Last Successful Run |
| gitlab | 5/13/2022 |
| crates | 5/28/2022 |
| npm | 1/30/2022 |
| pypi | 6/8/2022 |
| clojars | 6/9/2022 |
| cpan | 6/9/2022 |
| rubygems | 6/10/2022 |
| cran | 6/11/2022 |
| maven2-ibiblio | 6/11/2022 |
| maven-google | 6/11/2022 |
| hackage | 6/12/2022 |
| nuget gallery | 6/12/2022 |
| packagist | 6/13/2022 |
| github | 6/14/2022 |
| fedora-koji | 6/14/2022 |
| go | 6/14/2022 |
Changes in Update Released on 13-May-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-41730 | Addition of vulnerability mappings to zlib component (CVE-2018-25032). |
Collector Status :
| Name | Date of Last Successful Run |
| hackage | 5/8/2022 |
| npm | 1/30/2022 |
| crates | 4/26/2022 |
| clojars | 5/5/2022 |
| cpan | 5/5/2022 |
| rubygems | 5/6/2022 |
| maven-google | 5/6/2022 |
| cran | 5/7/2022 |
| nuget gallery | 5/8/2022 |
| maven2-ibiblio | 5/9/2022 |
| packagist | 5/10/2022 |
| github | 5/11/2022 |
| gitlab | 5/11/2022 |
| pypi | 5/11/2022 |
| fedora-koji | 5/11/2022 |
Changes in Update Released on 28-Apr-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-41430 | Addition and Updating components and license information for components like JakartaFtpWrapper, nsftools.com Standard Disclaimer etc. |
| SCA-41268 | Fixed the incorrect license mapping for hibernate-core component. |
Addition of license detection capability and license evidence mechanism for the following licenses :
- FreeImage
- freertos-exception-2.0
- FSFAP
- FSFULLR
Collector Status :
| Name | Date of Last Successful Run |
| hackage | 4/24/2022 |
| npm | 1/30/2022 |
| maven2-ibiblio | 4/12/2022 |
| cpan | 4/14/2022 |
| fedora-koji | 4/19/2022 |
| rubygems | 4/21/2022 |
| cran | 4/22/2022 |
| maven-google | 4/22/2022 |
| nuget gallery | 4/23/2022 |
| crates | 4/26/2022 |
| clojars | 4/27/2022 |
| github | 4/27/2022 |
| packagist | 4/27/2022 |
| gitlab | 4/27/2022 |
| pypi | 4/27/2022 |
Changes in Update Released on 13-Apr-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to spring-framework component:
- Added vulnerability information for spring-framework component ( CVE-2022-22950 and CVE-2022-22965).
|
Issue ID |
Issue Summary |
|---|---|
| SCA-41311 | Fix incorrect vulnerability mapping to the component POI. |
| SCA-41305 | Addition of vulnerabilities to xmlbeans 2.6.0 component. |
| SCA-41141 | Enhancement to collect missing licenses for Pypi components. |
| SCA-40144 |
Addition of Components from https://gitlab.xiph.org/xiph |
Changes in Update Released on 25-Mar-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-40941 | Update license information for npm component- pixrem. |
| SCA-40777 | Map Fair license to "Assert" component. |
| SCA-40872 | License information for jquery 1.12.4 - MIT or GPL-2.0 license? |
Addition of missing vulnerability mappings for the following components :
- jhuisi-charm
- pear-archive_tar
- zopefoundation-accesscontrol
- nextcloud-richdocuments
- pear-archive_tar
- 3xxx-engineercms
- isomorphic-git-isomorphic-git
- justarchinet-archisteamfarm
- matanui159-replaysorcery
- xmldom-xmldom
- util-linux-util-linux
Addition of license detection capability and license evidence mechanism for the following licenses :
- dvipdfm
- mif-exception
- eCos-exception-2.0
- eGenix
- EPL-2.0
- EUPL-1.2
- FLTK-exception
Collector Status :
| Name | Date of Last Successful Run |
| packagist | 2/27/2022 |
| maven2-ibiblio | 3/7/2022 |
| npm | 1/30/2022 |
| gitlab | 3/8/2022 |
| clojars | 3/16/2022 |
| rubygems | 3/17/2022 |
| cpan | 3/17/2022 |
| cran | 3/18/2022 |
| maven-google | 3/18/2022 |
| nuget gallery | 3/19/2022 |
| hackage | 3/20/2022 |
| github | 3/22/2022 |
| crates | 3/23/2022 |
| pypi | 3/23/2022 |
| fedora-koji | 3/23/2022 |
Changes in Update Released on 14-Mar-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-32308 | Pypi forge vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. |
| SCA-40984 | Fix false positive vulnerabilities for Mono.Cecil |
Addition of missing vulnerability mappings for the following components :
- glances
- video.js
- nukeviet
- lavalite-cms
- evolution-cms-evolution
- flatpress
- yzmcms
- elfinder.aspnet
Collector Status :
| Name | Date of Last Successful Run |
| packagist | 2/27/2022 |
| cran | 3/4/2022 |
| maven-google | 3/5/2022 |
| hackage | 3/6/2022 |
| maven2-ibiblio | 3/7/2022 |
| nuget gallery | 3/7/2022 |
| crates | 3/8/2022 |
| npm | 1/30/2022 |
| gitlab | 3/8/2022 |
| clojars | 3/9/2022 |
| pypi | 3/9/2022 |
| rubygems | 3/10/2022 |
| github | 3/10/2022 |
| cpan | 3/10/2022 |
| fedora-koji | 3/10/2022 |
Changes in Update Released on 24-Feb-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-40339 | Fixed license mappings for hangfire.core nuget component . |
| SCA-40332 |
Fixed license mappings for microsoft.net.workload.emscripten.manifest nuget component |
| SCA-40215 |
Fixed false positive CVE for system.threading.tasks.extensions 4.5.4 component |
Addition of missing vulnerability mappings for the following components :
- stuk-jszip
- firefly-iii
- pjsip-pjproject
- oisf-suricata
- gitlogplus
- velociraptor
- contour
- stmicroelectronics-stm32cubeh7
- mod_auth_openidc
New/Update Component Requests
- Microsoft Infographic Designer
- Microsoft Advance Card
Collector Status :
| Name | Date of Last Successful Run |
| npm | 12/3/2021 |
| gitlab | 1/13/2022 |
| maven2-ibiblio | 2/15/2022 |
| rubygems | 2/17/2022 |
| cran | 2/18/2022 |
| maven-google | 2/18/2022 |
| nuget gallery | 2/19/2022 |
| hackage | 2/20/2022 |
| packagist | 2/20/2022 |
| crates | 2/22/2022 |
| clojars | 2/23/2022 |
| github | 2/23/2022 |
| pypi | 2/23/2022 |
| fedora-koji | 2/23/2022 |
| cpan | 2/24/2022 |
Changes in Update Released on 10-Feb-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-40131 |
Fixing false positive component_cpe mappings |
|
SCA-40004 |
Fix for "Unable to load or add component version libssh 0.7.3" |
| SCA-39146 |
GPL 3.0 or later and GPL 3.0 Only - both licenses are reported when the source clearly has only one SPDX ID |
| SCA-38096 |
Fixing redirecting urls for clojars collector |
Addition of missing vulnerability mappings for the following components :
- mosquitto
- lwip
- folly
- matio
- libheif
- manageiq
- redis
Addition of license detection capability and license evidence mechanism for the following licenses :
- D-FSL-1.0
- diffmark
- DigiRule-FOSS-exception
- Dotseqn
- DSDP
New/Update Component Requests
- windowsazure.servicebus
- microsoft.azure.servicebus.eventprocessorhost
- mesa
- sharpmimetools
Changes in Update Released on 28-Jan-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
MIT License Cleanup
There are two licenses in Code Insight for MIT – MIT License and MIT-Style License. While most licenses declared by open-source developers fall into the MIT License, the MIT-Style License is more of a template license consisting of various ways of how MIT license can be declared.
We noticed that the license mapping to majority of components are mapped incorrectly to the MIT-Style License. This is being resolved via an electronic update where the mappings are corrected and for existing projects that need mappings change a script will be provided.
Note:
Please refer the article on MIT License Cleanup for detailed information and workarounds: https://community.flexera.com/t5/Code-Insight-Knowledge-Base/Code-Insight-MIT-License-Data-Cleanup-Project/ta-p/214451/jump-to/first-unread-message
Known issue:
A script "MIT-CleanupQueries.sql" is provided which has to be run after the PDL update.
This script updates the license names and the incorrect license mappings in the existing system-generated inventories with the updated data changes as mentioned above.
There is a known issue for a particular set of inventories which have comma separated license names. This is observed in the inventories generated by AutoWriteup.
Ex: jQuery (MIT, MIT License)
In this case, the script provided to update the existing inventory names would not work. This causes a duplicate inventory on rescan.
The detailed issue description and workaround are provided in the jira: https://jira.flexera.com/browse/SCA-40194
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-39812 |
Map vulnerabilities for gnu components |
|
SCA-39748 |
Update version information for pilotmoon-scroll-reverser |
|
SCA-38553 |
License detection XML detects both MIT and MIT-Style as evidence for MIT License |
|
SCA-28851 |
MIT License cleanup: Enhancement to collector level license mappings mechanism to update invalid mappings for MIT and MIT-Style licenses. |
|
SCA-28766 |
Perform entire sequence of MIT License Cleanup-License short_name changes and license remapping at component and version level. |
Addition of missing vulnerability mappings for the following components :
- Itop
- Mupdf
- Anchrome
Addition of license detection capability and license evidence mechanism for the following licenses :
- CNRI-Jython
- CNRI-Python
- CNRI-Python-GPL-Compatible
- Crossword
- CrystalStacker
- PSF-2.0
- Python-2.0
Changes in Update Released on 13-Jan-2022
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to log4j component:
- Added component detection capabilities to identify log4j components in "ivy.xml".
|
Issue ID |
Issue Summary |
|---|---|
| SCA-39360 | Fixed the license evidence mechanism to eliminate false positive findings. |
| SCA-39579 | Addition of gnu vulnerable components to the data library |
| SCA-38160 | GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. |
| SCA-38159 | Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism. |
Addition of missing vulnerability mappings for the following components :
- xml_database
- graphhopper
- Openvswitch-ovs
- osgeo-gdal
- unicorn-engine-unicorn
- open62541-open62541
- racket-racket
- mozilla-geckodriver
- gnuaspell-aspell
- libsndfile-libsndfile
- libarchive
- matio
Addition of license detection capability and license evidence mechanism for the following licenses :
- CC-BY-NC-ND-1.0
- CC-BY-NC-ND-4.0
- CC-BY-NC-SA-4.0
- CC-BY-NC-4.0
- CC-BY-ND-4.0
- CC-BY-SA-4.0
- CC-BY-4.0
- Cube
- curl
- CDLA-Permissive-1.0
- CDLA-Sharing-1.0
- CECILL-2.1
- CLISP-exception-2.0
New Component Requests
- Windows SDK for Windows Server 2008 and .NET Framework 3.5
- Strictly Software htmlencode
Changes in Update Released on 23-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 component:
- Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104).
- Updated versions for the log4j2 components.
|
Issue ID |
Issue Summary |
|---|---|
| SCA-38791 | Updated missing vulnerabilities for nuget top 100 component |
| SCA-35846 | Enhancements to Nuget Collector for Version-Level License Collection |
Addition of missing vulnerability mappings for the following components :
- consul
- uri.js
- chatwoot
- bat
- cgm-remote-monitor
- connect
- muwire
- containerd
- discourse
- micronaut
- gatsby-source-wordpress
- venus_os
Updated Components List :
- world-clock-and-the-timezoneinformation-class
Changes in Update Released on 16-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 component:
- Updated versions for the log4j2 components from different forges like github, maven and fedora.
- Updated vulnerabilities for log4j2 component (CVE-2021-44228).
|
Issue ID |
Issue Summary |
|---|---|
| SCA-38864 | Analysis & update license for jaxen component. |
| SCA-38669 | AutoWriteup Rules : Map licenses to AutoWriteup Rules with no licenses. |
| SCA-38521 | Increasing Component CPE mappings in Data Library. |
| SCA-38479 | Updated version information for 27208706. |
| SCA-38791 | Update missing license for top 100 Nuget components. |
Addition of missing vulnerability mappings for the following components :
- falco
- manageengine_admanager_plus
- esp32_firmware
- libvips-libvips
- junos
- rancher
- sheetjs
- etherpad
- stealth
Addition of license detection capability and license evidence mechanism for the following licenses :
- bzip2-1.0
- bzip2-1.0.5
- Caldera
- BSD-3-Clause-Attribution
- BSD-3-Clause-Clear
- BSD-3-Clause-LBNL
- BSD-3-Clause-No-Nuclear-License-2014
- BSD-3-Clause-No-Nuclear-License
- BSD-3-Clause-No-Nuclear-Warranty
- BSD-4-Clause-UC
- BSD-Protection
- BSD-1-Clause
- BSD-Source-Code
- BSD-2-Clause-Patent
- BSD-2-Clause-NetBSD
- BSD-2-Clause-FreeBSD
Update Release on 26-Nov-2021 has been postponed
This update has been postponed to 9 Dec 2021 due to some technical issues.
Changes in Update Released on 11-Nov-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-38476 | Add component GenericDataExchangeFrameworkwithAJAX and ASP.NET Outlook-like Time Field to PDL library |
| SCA-38352 | Enhancement to license mapping mechanism for Nuget Collector based on License Expression provided by Nuget Rest API |
| SCA-38223 | Add missing vulnerability mappings to components like umeditor, thinkcmf, xuperchain, ok-file-formats, radare2-extras, polipo, gthumb. |
Changes in Update Released on 28-Oct-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-38246 | Add missing versions for openssl, net-snmp and system.data.sqlite components. |
| SCA-38221 | Add missing vulnerability mappings to components like varnish_cache, elfinder.net. core, ectouch, is-email, booking_core, wolfssl. |
| SCA-37996 | Invalid license for highcharts - npmjs component. |
| SCA-37673 | Added license evidence and detection capability for licenses like Bahyph, Barr, Borceux, BSD-1-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-2-Clause-Patent, BSD-Source-Code etc. |
| SCA-37671 | Added license evidence and detection capability for licenses like 0BSD, 389-exception, Abstyles, Adobe-Glyph, Afmparse, AGPL-1.0, Aladdin, AMDPLPA, AML, AMPAS etc. |
| SCA-37461 | Add missing vulnerability mappings to components like delta, xo-server, putil-merge, harmonyos, ant etc. |
| SCA-37459 | Add missing vulnerability mappings to components like yop-poll, restsharp, event_streams, sshd, talk, nextcloud_mail, nextcloud, icinga etc. |
| SCA-37348 | Github Vulnerabilities mapped to Java components. |
Changes in Update Released on 18-Oct-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-38185 |
Fixing invalid versions of lm_sensors. |
| SCA-38030 | Update reference to component_mapping.csv to new github.com from git.palamida.com in update service. |
| SCA-37884 | Missing vulnerabilities for Valeo. |
| SCA-37758 | Adding spdx-license-identifier to the license-detection.xml and license-finder.json. |
| SCA-37658 | Update license-names in the license evidence mechanism. |
| SCA-37447 | Add missing vulnerabilty mappings to components like retty, everything, brave, node.js, total.js, total4, prismatic. |
| SCA-37442 | Add missing vulnerabilty mappings to components like halo, pfsense, exiv2, caldera, jsish, moddable, mujs. |
| SCA-38254 | Add license evidence capability for licenses like LLVM-exception,APAFML,Artistic-1.0-cl8,Artistic-1.0-Perl. |
Changes in Update Released on 01-Oct-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-37896 |
Validate and update Maven forge details in PDL library. |
| SCA-37837 | Add new component ms-intune-app-sdk-android and Microsoft Intune App Software Development Kit For iOS license. |
| SCA-37651 | Add Microsoft Windows Driver Kit For Windows 8.1 License and Updated versions for Microsoft windows driver kit. |
| SCA-37604 | Update manually maintained component versions. Please refer list below |
| SCA-37376 | Add the missing vulnerability mappings for components like cszcms, switch, fortimail, putty, emissary-ingress-emissary. |
| SCA-29724 | Enhance License detection for Nuget forge components. |
| SCA-37544 | Update versions and vulnerability mappings for oracle-jre component |
| SCA-37449 | Add CWEs to PDL library. |
| SCA-38018 | Update versions for Google Maven repository components. |
Updated Components List :
- glibmm24
- libsm
- wpa_supplicant
- cairo
- dmidecode
- chrony
- libxrandr
- libice
- networkmanager
- gobject-introspection
- glib-networking
- dnsmasq
- mesa
- elfutils
- dbus
- sudo
- libsoup
- libtalloc
- rpm-package-manager
- PowerTop
- libldb
- libxft
- openssl
- pygobject3
- gnutls
- libx11
- libnl3
- tzdata
- alsa-lib
- atk
- libxcb
- binutils
- ethtool
- libfontenc
Changes in Update Released on 13-Sep-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-37290 |
Validate and update invalid versions for kong-insomnia component. |
| SCA-36444 |
License Finder rules for OGC-1.0,OFL-1.1-RFN. |
| SCA-35816 |
Addition of Gitlab forge to the list of forge collection. |
| SCA-33593 |
Enhance license mapping capability for Nuget collector. |
| SCA-31981 |
Add new non-spdx licenses like Parity Public Licence 3.0,Server Side Public License,Yoctopuce-License,Prosperity Public License,MS-ASP.NET-Web-Pages-2 License,MS-ASP.NET-WOF License to the library . |
| SCA-37371 |
Mapping the missing vulnerabilty-CVE's for various components like Tinydtls, Misp, Libxml2, Vapor, Grpc_swift, Linuxptp. |
New Component Detection Rules
- liblouis
Changes in Update Released on 30-Aug-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-35866 |
Grafana License changed from Apache License 2.0 to AGPL 3.0 from version 8.0. |
| SCA-35970 |
Data - Vulnerability Dates update. "Publication Date" and 'Modified Date". |
| SCA-36442 |
License-Finder.json rules for PSF-2.0,Parity-7.0.0,OGL-UK-3.0 etc. |
| SCA-36894 |
License Mappings for "pylouis" component. |
| SCA-36946 |
Data : Forge detail is incorrect for log4php component. |
| SCA-37030 |
False Positive Vulnerabilities for "file - npmjs" component. |
| SCA-37147 |
Handle URL discrepancies & case sensitive titles for FSF forge. |
| SCA-36815 |
Mapping of missing CVE's for components like thinksaas, routeros, alpinelinux-aports, gu, sansanyun-mipcms, hnaoyun-pbootcms. |
| SCA-37171 |
Mapping of missing CVE's for components like wp-plugins-wp-downloadmanager, benmonro-android, johnhaldeman-guarddetap, wp-plugins-cm-download-manager, just-safe-set, members, tizen, webclient, prusa3d-prusaslicer, webclient, webkitgtk. |
| SCA-37176 |
Mapping of missing CVE's for components like sanos, hyper, server, storage-manager, password-manager, ninjarmm, xevo. |
| SCA-37200 |
Update right URLs and title for code.google forge components. |
| SCA-37206 |
Mapping Vulnerability for json-smart-v1 and json-smart-v2. |
| SCA-35877 |
Updated components having URL discrepancies. |
Changes in Update Released on 27-Jul-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-35948 | NPMJS: Project Discovery is not Up to date with respect to NPMJS Forge |
| SCA-35924 | License mapping for the Pypi component "louis" |
| SCA-27819 | Fixing nongnu.org 404 URL's |
| SCA-36610 | Minio version license mapping |
| SCA-36607 | Grafana version license mapping |
| SCA-36110 | Update matplotlib license text |
| SCA-36128 | Manual Collector: Kernel : lvm2 versions are wrongly added |
| SCA-35933 | False Positive vulnerabilities in mariadb-java-client |
| SCA-35908 | Invalid versions for microsoft-azuredatastudio component |
Changes in Update Released on 24-Jun-2021
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-34531 | Update Matplotlib license text to version 3.4.1. |
| SCA-35177 | New requests. |
| SCA-34953 | Add components & license to reflib. |
| SCA-33894 | CVE-2020-11971 associated with wrong components. |
| SCA-29232 | Request to add component: logrotate. |
| SCA-30698 | License Finder Rules for Matplotlib License. |
| SCA-35286 | Unicode Terms of Use license not found in file. |
| SCA-35680 | False positive GPL license detected for LGPL license text |
| SCA-25368 | Request for identifying SPDX IDs. |
Changes in Update Released on 11-Jun-2021
This Update includes the changes described in the following sections.Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-35178 | Add OTN license and map missing license for oracle.manageddataaccess - NuGet Gallery component. |
| SCA-35087 | Deprecating invalid versions of Apache projects on github. |
| SCA-35022 | SPDX license collection. (Around 87 new licenses). |
| SCA-33894 | License Name and SPDX License Name should be the same. |
| SCA-33805 | Elastic Kibana: Add License Finder Rules for Elastic License 2.0 |
| SCA-30698 | License Finder Rules for Matplotlib License |
Changes in Update Released on 28-May-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-34581 | Add component Microsoft JDBC Driver for SQL Server and licenses. |
| SCA-34431 | Deprecating invalid version vulnerability Mapping which are protected |
| SCA-33541 | Vulnerabilities for Netmask and PHP git server |
| SCA-33251 | Vulnerability Dates : Addition/correction of columns for publication date and last modified date. |
| SCA-30785 | SPDX license collection to staging db. (Not yet released). |
Changes in Update Released on 14-May-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-34508 | PYPI URL's format are not consistent throughout in PDL_Component . |
| SCA-34395 | False positive vulnerabilities for tomcat components - False PDL Mappings in PDL_COMP_VER_VULNERABILITY |
| SCA-34213 | Deprecating the version for Apache project invalid versions-Set2 |
| SCA-33485 | The "Visual C++ Redistributable for Visual Studio" component name contains spaces making keyword search difficult |
| SCA-32592 | Deprecating the version for Apache project invalid versions. |
| SCA-30879 | Linux Kernel versions release which was obsolete by an year and a half. |
| SCA-34289 | Libstdcpp component |
| SCA-34183 | Add new licenses to license seed and schema. |
Changes in Update Released on 22-Apr-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-32074 |
License mismatch for popular components.
|
| SCA-31667 |
License Acronym Data Changes for auto writeup rules..
|
| SCA-29799 |
Inventory created with auto-writeup rules don't create with SPDX license ID
|
| SCA-26931 |
Missing vulnerabilities (CPES with *) and wrong mappings for CPEs with *.
|
New Component Requests
- lsof(Component ID: 27350567)
- ntp(Component ID: 207771)
- libtiff(Component ID:27350365)
- gtk(Component ID: 27350362)
- gnome-shell-extensions(Component ID: 27350363)
- libgpg-error(Component ID: 27350364)
- dracut(Component ID: 123809)
- openssl-fips(Component ID: 27350368)
- lvm2(Component ID: 27350367)
- kbd(Component ID: 27350366)
- lzo(Component ID: 63041)
- treeview-with-columns(Component ID: 27350359)
- replace-a-windows-internal-scrollbar-with-a-customdraw-scrollbar-control(Component ID: 27350360)
- step-by-step-calling-c-dlls-from-vc-and-vb-part-1(Component ID: 27350361)
- strawberry-perl - 27344198)
- run-postinsts - 27344199)
- packagegroup-core-boot - 27344200)
- sha-1-in-C-by-steve-reID: - 27344201)
- zlib - 27344202)
- watchdog(Component ID: 5403203)
- perfmon2(Component ID: 53555)
- ust(Component ID: 186075)
- newmat(Component ID: 129995)
- netbase(Component ID: 207639)
- xml-pull-parser3(Component ID: 226748)
- shadow-utils(Component ID: 5403445)
- lipro-libftdi(Component ID: 7872851)
- csha1(Component ID: 27341784)
- timezonemap(Component ID: 27344433)
Changes in Update Released on 10-Apr-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-33801 | License detection.xml changes for PDL-2021-04-R1 |
| SCA-31855 | AutoWriteUp rules having outdated URLs |
| SCA-33557 | Adding License - Purdue BSD-Style License |
| SCA-32649 | Wrong (and hence fix) DOC Software License name and url |
| SCA-32983 | Missing Elastic License for Elastic Kibana |
New Component Requests
- File-file (component ID: 3102572)
- Cquicklist (component ID: 27337962)
- Nfs-utils (component ID: 27336321)
- Eglibc (component ID: 27337963)
- Lcms (component ID: 7597)
- Ti-rtos-mcu (component ID: 27336320)
- High-speed-charting-control (component ID: 27330960)
- Progress-control-with-text (component ID: 27330961)
- Oscilloscope-stripchart-control (component ID: 27330962)
- Skinx (component ID: 27330963)
- Keymaps (component ID: 27333199)
- Getprimarymacaddress (component ID: 27333200)
- Sampleds (component ID: 27333201)
- Microsoft Windows SDK for Windows 7 and .NET Framework 4 (component ID: 27334733)
- Csha1-a-c-class-implementation-of-the-sha-1-hash-a (component ID: 27334779)
- Trafficwatcher (component ID: 27334780)
- Using-colors-in-cedit-and-cstatic (component ID: 27335822)
- Gnu-which (component ID: 705519)
- Eclipse-aspectj (component ID: 55748)
Changes in Update Released on 25-Mar-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-32971 | URL fix for DOC License |
| SCA-32253 | Map MICROSOFT SQL SERVER DATA-TIER APPLICATION FRAMEWORK to SQLpackage.commandline |
| SCA-31926 | Update the missing license mappings for components-Phase1. |
| SCA-31800 | Exception looking up rules' in FNCI Logs |
New Component Requests
- mph-2b-damase
- simpleping
- twain-developer-toolkit
- texas-instruments-msp-430-lib-files
- CppSQLite
- CStdioFile
- CTrayIcon
- CXml
- CXPGroupBox
- A class to combine Slider Control and Progress Bar
- A very simple solution for partial bitmap encryption
- Adobe InDesign CC SDK
- libcomposite
- pango
- Microsoft Windows Driver Kit - WDK
Changes in Update Released between 20-Oct-2020 to 11-Mar-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-27739 | False Positives when scanned Oracle OpenJDK |
| SCA-28603 | Unable to find a component that is identified as first level dependency |
| SCA-26834 | Sun (Restricted) and Sun-IP Licenses not detected |
| SCA-29523 | License discrepancy for CURL component |
| SCA-27024 | Gnutls component missing vulnerabilities, versions and wrong url |
| SCA-30866 | Hdf5 license (ID: 1224) is not correct |
| SCA-30797 | Incorrect Licensing Detection for Microsoft .Net |
| SCA-30525 | Component gpg-gnupg missing encryption flag |
| SCA-27722 | Incorrect vulnerabilities matched with component versions for Rust |
| SCA-32271 | PDL_VULNERABILITY table is empty in the latest PDL update |
| SCA-33031 | BOM: Discrepancies due to search term rule basics-vector |
New Component Detection Rules
- Setup.js
- MD% algorithm class library
- PhantomJs
- Cefsharp
- Virtual-dom v2.1.1
- Named-js-regexp
- MarkupSafe
- OCHamcrest
- OCMockito
- Libsrtp
- Ans_up
- HockeySDK
- Aimage
- Ua-parser-js v0.7.10.
- Autofac.Wcf
- Vector.js
- Untildify v3.0.2
- Post-robot v7.0.15.
- Axios
- JSONTestSuite
- Rpc-server.js
New Features incorporated.
|
Issue ID |
Issue Summary |
|---|---|
| SCA-26848 | CVSS 3.1 - Data Collection |
| SCA-26808 | Add Vulnerability dates to PDL tables |
| SCA-26181 | Component CPE Mapping |
New Component Requests released.
- Isc bind
- Canvas-toblob.js
- Newrelic.opentracing.amazonlambda.tracer
- Libepoxy
- Tags
- Json.net
- Jquery-menu-aim-fw
- Microsoft.appcenter for macos
- Microsoft.appcenter.analytics for macos
- Apache-apr
- Cyan4973-lz4
- Gnu-screen
- Jamesflorentino-nanoscrollerjs
- Mtd-utils
- Npth
- Pam
- Eeepc-acpi-scripts
- Sharpziplib
- Mahapps.metro.simplechildwindow - nuget gallery
- Wpfnotification - nuget gallery
- Microsoft-windowsapicodepack-shellextensions - nuget gallery
- Controlzex/controlzex - github
- Mahapps.metro.iconpacks - nuget gallery
- Mvvmlight - nuget gallery
- Ini-parser - nuget gallery
- Mahapps/mahapps.metro - github
- Angular/angular-cli - github
- System.data.sqlite.core - nuget gallery
- System.data.sqlite.ef6.migrations - nuget gallery
- Microsoft asp.net mvc 4 (***deprecated***)
- Wxwindows library license
- Wxwidgets
- Karma-runner karma
- Openssh - in c
- Base-passwd
- Init-ifupdown
- Procps
- Binutils
- 7-zip
- Kmod
- Matplotlib
- Scons - a software construction tool - scons
- Tagish library
- Qos-ch-slf4j
- Flex - lexical scanner generator
- Application insights persisted http channel
- Cairo-pixman
- Flat_hash_map
- Fontconfig
- Free type
- Gnutls library
- Tianmajs/libm - github
- Libsoup
- Microsoft.applicationinsights - nuget gallery
- Slodge/mvvmcross - github
- Pdfsharp - nuget gallery
- Sharppdf
- Twain data source manager
- Twain sample data source and application - twain 2.0 sample data source
- Windows driver kit (wdk) 8.0 samples for visual studio 2012
- Microsoft/windows-universal-samples - github
- Html agility pack
- Microsoft.extensions.caching.abstractions
- Microsoft.extensions.caching.memory
- Microsoft.extensions.dependencyinjection.abstractions
- Microsoft.extensions.options
- Microsoft.extensions.primitives
- Microsoft.netcore.platforms
- System.componentmodel.annotations
- System.runtime.compilerservices.unsafe
- System.security.cryptography.xml
- Microsoft.owin
- Microsoft.owin.host.systemweb
- Microsoft.owin.security
- Mimemapping
- Nconfiguration
- Nlog
- Nuget.commandline
- Nunit
- Restsharp
- Closedxml
- Apache cxf buildtools
- Apache neethi
- Weblinc-matchmedia
- Twain/twain-dsm
- Twain-twain-samples
- Windows driver kit (wdk) 8.0 samples for visual studio 2012
Changes in Update Released on 20-Oct-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 20-Oct-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-28504 |
Components information |
|
SCA-28691 |
NVD Feed : Upgrading NVD CVE-Feeds APIs (1.0) to NVD CVE-Feeds APIs (1.1) |
|
SCA-27621 |
Difference in vulnerability information for 'expat' and 'libexpat-libexpat' component |
|
SCA-28970 |
NVD-Feed Fix and client release to Codeaware |
|
SCA-17974 |
Duplicate Inventory found for "gettext" and for the duplicate inventory as found license text is wrong |
|
SCA-28740 |
With fresh scan, name of inventory item zlib is changed to madler-zlib in codeinsight 2020R4. |
|
SCA-27773 |
Search terms need to be improved for few components |
| SCA-28288 |
False Positives for zlib and libjpeg |
| SCA-28508 |
Components information |
| SCA-22072 |
Stunnel support in DL |
| SCA-27119 |
Missing versions |
| SCA-29156 |
Pycryptodomex missing encryption flag |
New Component Detection Rules in the 20-Oct-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Retry.js
- Jquery-mobile for react
- Expat (version released 2.2.6)
- Novell.Directory.ldap
- Spawn.js
- Jquery-vsdoc.js
- CodeMirror
- NUnit.Framework.dll
- Rsvp.js
- Twbs-bootstrap and Mathiasbynens-jquery-placeholder
- Libwebsockets
- Globalize 1.1.1
- CPU Topology
- JSON v3.3.0
- Pyomo v5.0.1
- CPU Topology 1.2.8 Class library
- Text-markdown
- Json v2.1.1
- V8
- Libuv
Changes in Update Released on 11-Sep-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 11-Sep-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-27585 |
Add component " History-event"(JQuery.history.js) |
|
SCA-27738 |
URL not working for freetype (Id: 1149) component |
New Component Detection Rules in the 11-Sep-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- 7za.exe
- Jazzy
- D3.js
- JSQR
- Doube-conversion
- HistoryEvent
- Bind
- Punycode.js
- Gaearon-Redux
Changes in Update Released on 28-Aug-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 28-Aug-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-27456 |
Missing OSS component-udev |
|
SCA-27203 |
Missing components – bind and jsqr |
New Component Detection Rules in the 28-Aug-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Whiskas.py
- ProtectedData
- Dmidecode
- Libsmbios
Changes in Update Released on 14-Aug-2020
This Update includes the changes described in the following sections.Issues Addressed in the 14-Aug-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-27191 |
Add tungsten fabric components to Data Library |
|
SCA-27024 |
Gnutls component missing vulnerabilities, versions and wrong url. |
|
SCA-27084 |
Libtiff license url needs to be updated |
New Component Detection Rules in the 14-Aug-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- SWIG v3.0.2
- VC Redistributable
- Apple Installer Plugin
- Appcenter-sdk-apple-3.0.0.tar.gz
- Code Project - WSE 3 Deployment: MSI and ClickOnce
- Wdksetup.exe
- MobileNumericUpDown
- Apple/cups
- Mhook
- GridAnimationDemo
Changes in Update Released on 03-Aug-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 03-Aug-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-26931
|
Missing vulnerabilities.
|
| SCA-26666
|
Missing Vulnerabilities for Apache Thrift 0.7.0
|
New Component Detection Rules in the 03-Aug-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- JQuery Mobile
- JortSort
- CLR Security Class library
- BrockAllenCookieBasedTempdata.dll
- StackExchange.Redis
- Readline.js
Changes in Update Released on 17-Jul-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 17-Jul-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-25108
|
Detection of xmlbeans 2.6.0 occurs twice
|
|
SCA-25905
|
Component system.diagnostics.diagnosticsource has had its license changed for version 4.4 and later
|
|
SCA-25907
|
New components added |
|
SCA-26134
|
The component "app.min.js" is incorrectly mapped to the component "App( 62839)" |
New Component Detection Rules in the 17-Jul-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Console.js
- LowPriorityWarning.js
- Nameddefine.js
- Prettier.js
- SQLite DLL
- Pacman Unicode
- D3 DES algorithm 5.09 Class library
- JCanvas
- Libxslt
- Node-tmp
- Libxml2
Changes in Update Released on 30-Jun-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 30-Jun-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-25608
|
component "jodaorg-joda-time" has invalid license in list
|
|
SCA-25587
|
Review licenses for timescale DB GitHub components
|
|
SCA-23003
|
Collectors for bouncycastle,curl,gnu,haproxy,jquery,kernel,libarchive,libssh, openbsd,openflow,openssl. |
New Component Detection Rules in the 30-Jun-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Node-Semver
- Speex
- Node-Static
- node-tree-kill
- node-winreg
- node-xml2js
Changes in Update Released on 15-Jun-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 15-Jun-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
| SCA-24724 | Haproxy component missing 2.0.x versions |
|
SCA-25348 |
Add missing vulnerabilities to u-boot component |
|
SCA-25416 |
Errors in Oracle db during PDL Update |
| SCA-24986 | UltrVNC - Missing latest versions and some versions are invalid |
| SCA-20156 | Update component 302760 to important = true |
| SCA-22232 | Missing component versions |
| SCA-24984 | Component versions out of date |
New Component Detection Rules in the 15-Jun-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Cross-BrowserSplit.
- Chromium-Breakpad.
- Request.js
- Sauce.js
- IsEventSupported.js
- Pubsuffix.js
- Node-ssl-root-cas(test-tunnel.js)
Changes in Update Released on 01-Jun-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 01-Jun-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-24867 |
[Juniper Networks, Inc.] gnu-gcc component is showing invalid versions |
|
SCA-25010 |
AMD: CodeAware Improper Identification of License for JQUERY Component. |
New Component Detection Rules in the 01-Jun-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- Connect-nocache.
- typescript.js
- aphrodite.js
- Newtonsoft.Json.dll
- tipsy v1.0.0a(jquery.tipsy.js,tipsy.css).
- prism.js
- systemjs
- Microsoft Ajax Minifier
Changes in Update Released on 18-May-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 18-May-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-23316 |
OGIS: License detection is different in CodeAware and Auto-Analysis |
|
SCA-22382 |
OGIS: Request to Add New Components and Versions |
|
SCA-24622 |
Harmonic: stuk-jszip has MIT/GPL Dual License but "Possible Licenses" only show GPL |
|
SCA-24711 |
Citrix: False positives CVEs |
New Component Detection Rules in the 18-May-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- bootstrap-select.js
- bootstrap-toggle.min.js
- React-pull-to-referesh
- rx.all.js
- narwhal.js
- bootstrap-checkbox v1.4.0
- IKVM.NET(IKVM.Reflection.dll).
Changes in Update Released on 04-May-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 04-May-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-22381 |
Component 'ring' from crates.io forge missing license and encryption flag |
|
SCA-22542 |
Encryption flag not set for 'rust-openssl' component |
|
SCA-24708 |
Incorrect discovery of 'Primefaces-PrimeNG' component |
New Component Detection Rules in the 04-May-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- jquery.scrollTo-min.js, MatrixMath.js, jQuery.tmpl.js, lws-common.js
- React Router
- jsDump
- Reflect-Metadata
- NDesk.Options(.dll)
- MSBuild Community Tasks(.dll)
Changes in Update Released on 17-Apr-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 17-Apr-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-23823 |
Few vulnerabilities not reported |
|
SCA-24365 |
Invalid URL for 'lyceum' component |
|
SCA-20305 |
Component 'apache-cordova-plugin-inappbrowser' has incorrect versions |
|
SCA-18198 |
Incorrect vulnerability mapping for 'Docker' component |
|
SCA-23837 |
Added rdklib (pypi) to the library |
New Component Detection Rules in the 17-Apr-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- webperftest
- jquery.color.js
- knockout
- Irrlicht(.dll file)
- jQuery(build_markdown.js)
- React Developer Tools(getReactData.js)
- moment.js,regex.js, moment-with-locales.js
Changes in Update Released on 3-Apr-2020
This Update includes the changes described in the following sections.
Issues Addressed in the 3-Apr-2020 Release
The following issues were addressed in the Update:
|
Issue ID |
Issue Summary |
|---|---|
|
SCA-22116 |
Invalid version specified for 'tpm2-tss-engine' |
|
SCA-23712 |
Added 'SunPro' license to the library |
|
SCA-22982 |
Incorrect URLs for few Ibiblio Maven2 components |
|
SCA-20314 |
Licenses are not mapped for latest versions of 'pygresql' component (22014048) |
|
SCA-21928 |
Component 'pycountry-convert' needs to be updated with latest details |
|
SCA-19891 |
Invalid versions associated to the component 'c-ares' |
|
SCA-15411 |
Incorrect details for component 'systemd-systemd' |
New Component Detection Rules in the 13-Mar-2020 Release
This Update introduces new Automated Analysis rules for the following components:
- vector.js
- webcomponent.js
- globalize.js
- OCMock
- Bezier-Easing
- Punycode(.js File)
- Sphinx
- StructureMap
- cors
- jQuery validation plug-in v1.6
- jQuery Easing v1.3
