dependency-check 1.2.9 released
50 views
Skip to first unread message
Jeremy Long
Mar 7, 2015, 8:20:54 AM3/7/15
to dependen...@googlegroups.com
All,
The OWASP dependency-check team is pleased to announce the release of 1.2.9! This release contains general maintenance, upgrading dependent libraries, minor bug fixes, etc. Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Jenkins Plugin).
The changes of note are:
Lastly, OWASP has promoted the dependency-check project as one of their flagship projects!
Best Regards,
The OWASP dependency-check team
The OWASP dependency-check team is pleased to announce the release of 1.2.9! This release contains general maintenance, upgrading dependent libraries, minor bug fixes, etc. Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Jenkins Plugin).
The changes of note are:
- The Maven plugin was reworked to correctly process child modules when creating an aggregate project. Included in the change were several other issues end users have contacted me about.
- Reduced false negatives with regard to some versions of Spring.
- Fixed issue #196 - Some JAR files do not contain POM files yet a full POM is available from Central (or alternatively Nexus). Both the Central and Nexus analyzers will now look for and retrieve the POM if one has not been found locally. A result of this change is that if both the Central and Nexus analyzer are disabled there is a chance of false negatives (i.e. the dependency could not be correctly identified as vulnerable).
- Fixed issue #185 - Maven aggregate reports now display the project name that references vulnerable dependency.
Lastly, OWASP has promoted the dependency-check project as one of their flagship projects!
Best Regards,
The OWASP dependency-check team
Reply all
Reply to author
Forward
0 new messages