DependencyCheck v3.0.0 Release Notes
Release Date: 2017-10-16 // over 6 years ago-
- ๐ Several bug fixes and false positive reduction
- The 2.x branch introduced several new false positives โ but also reduced the false negatives
- โก๏ธ Java 9 compatibility update
- Stability issues with the Central Analyzer resolved
- This comes at a cost of a longer analysis time
- The CSV report now includes the GAV and CPE
- ๐ The Hint Analyzer now supports regular expressions
- ๐ If show summary is disabled and vulnerable libraries are found that fail the build details are no longer displayed in the console โ only that vulnerable libraries were identified
- Resolved issues with threading and multiple connections to the embedded H2 database
- This allows the Jenkins pipeline, Maven Plugin, etc. to safely run parallel executions of dependency-check
- ๐ Several bug fixes and false positive reduction