dependency-check 1.2.10 released!
48 views
Skip to first unread message
Jeremy Long
Apr 13, 2015, 5:53:02 PM4/13/15
to dependen...@googlegroups.com
All,
The OWASP dependency-check team is pleased to announce the release of version 1.2.10! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Jenkins Plugin).
Summary of changes:
Best Regards,
The OWASP dependency-check team
The OWASP dependency-check team is pleased to announce the release of version 1.2.10! Please visit the documentation site for information on obtaining the new version (CLI, Maven Plugin, Ant Task, Jenkins Plugin).
Summary of changes:
- New logo thanks to Hugo Costa!!!
- Fixed issue 210 that caused a different number of findings to be identified under Java 7 vs. Java 8. The issue was JAXB parsing of the POM works better under Java 8 - to avoid this and other JAXB issues the POM.xml parser was written using a SAX handler to only extract the needed elements.
- Resolved issue #206 - the Evidence comparison had some incorrect logic that caused the hint analyzer to think some JAR files were related to the Spring Framework.
- Resolved issues with Nexus APIs including ensuring that the SHA1 hashes were lower case (issue 202) and the redirects from a local Nexus will be correctly followed so that the POM.xml file can be correctly downloaded.
- Added an update only option to the CLI and Ant Task and added an update-only goal to the Maven plugin.
Best Regards,
The OWASP dependency-check team
Reply all
Reply to author
Forward
0 new messages