All Versions
67
Latest Version
Avg Release Cycle
23 days
Latest Release
729 days ago

Changelog History
Page 2

  • v7.0.1 Changes

    March 23, 2022

    ๐Ÿ”„ Changes

    • General project maintenance, bug fixes, and false positive reductions.
    • See the full listing of changes.
  • v7.0.0 Changes

    February 28, 2022

    ๐Ÿ’ฅ Breaking Changes

    • The H2 database version has been upgraded.
      • if you use the dataDirectory option you will need to run a purge after upgrading.
    • Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.

    ๐Ÿ”„ Changes

    • The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
    • Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
    • When analyzing Java projects ODC now includes data from the developers section.
      • This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
    • General project maintenance, bug fixes, and false positive reductions.
    • See the full listing of changes.
  • v6.5.3 Changes

    January 12, 2022

    ๐Ÿ”„ Changes

    • Performance improvements for some Maven projects (see #3923 and #3931).
    • Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
    • Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
    • General code maintenance and false positive reductions.
    • See the full listing of changes.
  • v6.5.2 Changes

    January 03, 2022

    ๐Ÿ”„ Changes

    • Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
    • Bug fix when processing NPM lock files (#3893).
    • Added missing pnpm argmument to the CLI (#3916).
    • General code maintenance and false positive reductions.
    • See the full listing of changes.
  • v6.5.1 Changes

    December 17, 2021

    ๐Ÿ”„ Changes

    • Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#3787).
    • Improved the analysis of Swift package manager (package.resolved - see #3813).
    • General code maintenance and false positive reductions.
    • See the full listing of changes.
  • v6.5.0 Changes

    November 08, 2021

    ๐Ÿ”„ Changes

    • Updated build configuration to create reproducible builds.
    • Updated automated release process to work with branch protection.
    • Resolved several false positives in the Java ecosystem.
    • Enabled the Swift Resolved analyzer per #3735
    • Improved iOS support per #3168 and #3765
    • Added the a new pnpm Analyzer
    • Fixed issue with some npm and yarn analysis failing due to large audit output
    • See the full listing of changes.
  • v6.4.1 Changes

    October 11, 2021

    ๐Ÿ”„ Changes

    • โž• Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues (see #3725).
    • ๐Ÿ‘€ See the full listing of changes.
  • v6.4.0 Changes

    October 11, 2021

    ๐Ÿ”„ Changes

    • ๐Ÿ‘€ Increased timeout between downloads from the NVD to prevent rate limiting issues (see #3722).
      • cveStartYear is now configurable and can be set to any year from 2002 to present.
      • cveWaitTime is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #3690).
      • The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
    • ๐Ÿ›  Fixed NPE in the ODC maven plugin (see #3702.
    • ๐Ÿ‘€ See the full listing of changes.
  • v6.3.2 Changes

    September 29, 2021

    ๐Ÿ”„ Changes

    • โฌ‡๏ธ Reduced chance of rate limiting when download files from NVD (see #2670).
    • ๐Ÿ›  Fixed bug causing some transitive dependencies being skipped in the odc-maven-plugin (see #3627).
    • ๐Ÿ‘€ See the full listing of changes.
  • v6.3.1 Changes

    September 01, 2021

    ๐Ÿ”„ Changes