Skip to content

Latest commit

 

History

History
61 lines (43 loc) · 2.78 KB

RELEASE_NOTES.md

File metadata and controls

61 lines (43 loc) · 2.78 KB

Release Notes

Please see the dependency-check google group for the release notes on versions not listed below.

Version 3.1.1 (2018-01-29)

Bug fixes

  • Fixed the Central Analyzer to use the updated SHA1 query syntax.
  • Reverted change that broke Maven 3.1.0 compatability; Maven 3.1.0 and beyond is once again supported.
  • False positive reduction.
  • Minor documentation cleanup.

Version 3.1.0 (2018-01-02)

Enhancements

  • Major enhancements to the Node and NSP analyzer - the analyzers are now considered production ready and should be used in combination.
  • Added a shutdown hook so that if the update process is interrupted while using an H2 database the lock files will be properly removed allowing future executions of ODC to succeed.
  • UNC paths can now be scanned using the CLI.
  • Batch updates are now used which may help with the update speed when using some DBMS instead of the embedded H2.
  • Upgrade Lucene to 5.5.5, the highest version that will allow us to maintain Java 7 support

Bug fixes

  • Fixed the CSV report output to correctly list all fields.
  • Invalid suppression files will now break the build instead of causing ODC to skip the usage of the suppression analyzer.
  • Fixed bug in Lucene query where LARGE entries in the pom.xml or manifest caused the query to break.
  • General cleanup, false positive, and false negative reduction.

Version 3.0.2 (2017-11-13)

Bug fixes

  • Updated the query format for the CentralAnalyzer; the old format caused the CentralAnalyzer to fail

Version 3.0.1 (2017-10-20)

Bug fixes

  • Fixed a database connection issue that affected some usages.

Version 3.0.0 (2017-10-16)

  • Several bug fixes and false positive reduction
    • The 2.x branch introduced several new false positives – but also reduced the false negatives
  • Java 9 compatibility update
  • Stability issues with the Central Analyzer resolved
    • This comes at a cost of a longer analysis time
  • The CSV report now includes the GAV and CPE
  • The Hint Analyzer now supports regular expressions
  • If show summary is disabled and vulnerable libraries are found that fail the build details are no longer displayed in the console – only that vulnerable libraries were identified
  • Resolved issues with threading and multiple connections to the embedded H2 database
    • This allows the Jenkins pipeline, Maven Plugin, etc. to safely run parallel executions of dependency-check