All Versions
67
Latest Version
Avg Release Cycle
23 days
Latest Release
729 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v7.0.1 Changes
March 23, 2022๐ Changes
- General project maintenance, bug fixes, and false positive reductions.
- See the full listing of changes.
-
v7.0.0 Changes
February 28, 2022๐ฅ Breaking Changes
- The H2 database version has been upgraded.
- if you use the
dataDirectory
option you will need to run a purge after upgrading.
- if you use the
- Upgraded to dotnet core 6.0. If analyzing dotnet assemblies the system will need to have the dotnet core 6.0.x runtime available.
๐ Changes
- The Sarif report format has been fixed and can now be imported into GitHub if desired (See #3993).
- Introduced IssueOps for False Positive reports to assist the team in evaluating FP reports.
- When analyzing Java projects ODC now includes data from the developers section.
- This will likely cause false positives on things like Apache James, please report the FP and we will fix these quickly.
- General project maintenance, bug fixes, and false positive reductions.
- See the full listing of changes.
- The H2 database version has been upgraded.
-
v6.5.3 Changes
January 12, 2022๐ Changes
- Performance improvements for some Maven projects (see #3923 and #3931).
- Fixed bug in npm version handling introduced in 6.5.2 (see #3956).
- Improved the node package analyzer to correctly report the origin of a dependency (see #3970).
- General code maintenance and false positive reductions.
- See the full listing of changes.
-
v6.5.2 Changes
January 03, 2022๐ Changes
- Fixed false positives around log4j-api and Log4j-web (#3910 & #3937).
- Bug fix when processing NPM lock files (#3893).
- Added missing
pnpm
argmument to the CLI (#3916). - General code maintenance and false positive reductions.
- See the full listing of changes.
-
v6.5.1 Changes
December 17, 2021๐ Changes
- Updated the dependency-check-maven plugin to correctly support SNAPSHOT version when a classifier is specified (#3787).
- Improved the analysis of Swift package manager (package.resolved - see #3813).
- General code maintenance and false positive reductions.
- See the full listing of changes.
-
v6.5.0 Changes
November 08, 2021๐ Changes
- Updated build configuration to create reproducible builds.
- Updated automated release process to work with branch protection.
- Resolved several false positives in the Java ecosystem.
- Enabled the Swift Resolved analyzer per #3735
- Improved iOS support per #3168 and #3765
- Added the a new pnpm Analyzer
- Fixed issue with some npm and yarn analysis failing due to large audit output
- See the full listing of changes.
-
v6.4.1 Changes
October 11, 2021 -
v6.4.0 Changes
October 11, 2021๐ Changes
- ๐ Increased timeout between downloads from the NVD to prevent rate limiting issues (see #3722).
cveStartYear
is now configurable and can be set to any year from 2002 to present.cveWaitTime
is a new configuration option to define how many milliseconds to wait between NVD downloads; default is 4000 ms (see #3690).- The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running ODC will use the cached version.
- ๐ Fixed NPE in the ODC maven plugin (see #3702.
- ๐ See the full listing of changes.
- ๐ Increased timeout between downloads from the NVD to prevent rate limiting issues (see #3722).
-
v6.3.2 Changes
September 29, 2021 -
v6.3.1 Changes
September 01, 2021๐ Changes
- ๐ Fixed ConcurrentModificationException
- ๐ See the full listing of changes.