Changes in Update Released on 11-July-2024
This update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
| Issue ID | Issue Summary |
|---|---|
| SCA-54193 | Updated the forge search criteria for forges like Conan, Debian, Cocoapods, Alpine etc |
| SCA-54188 | Enhancement to the Github Adbisory Feed to collect the accurate GHSA url. |
| SCA-53761, SCA-53649 | Updated license mappings for the component asciidoc-py3 (Id: 29955909), grpcio etc |
| SCA-53760 | Fixed False positive inventories detected due to incorrect URL match (RPM Analyzer). |
| SCA-53393, SCA-53350, SCA-53349 | License detection capability and license evidence mechanism was added/updated for licenses like BSD, Dom4j, CDDL-1.1 etc |
| SCA-53184 | Added/updated licenses like "Aspose End User License Agreement (2017)", "ABCpdf license" etc |
| SCA-52723 | Fixed False negative vulnerability mappings for components like tomcat-embed-core for CVE-2023-44487 |
New Vulnerability Mappings
-
CVE -2024-6387 (https://nvd.nist.gov/vuln/detail/CVE-2024-6387) for below Components.
-
openbsd-openssh (componentID: 58168)
-
openssh-openssh-portable (componentId: 684672)
-
redhat-enterprise-linux (componentId: 23215031)
-
openssh (componentId: 29970186)
-
openssh (componentId : 32188020)
-
New/Update component_version Requests
- Saxon XSLT and XQuery Processor:(compoent-id: 8657)
New/Update License Requests
-
ABCPDF License : License-id 2298
-
Accusoft Software License: License-id 2301
-
Aspose License 2017: License-id 2299
-
Aspose License 2024: License-id 2300
-
SelectPDF HTML to PDF Converter License: License-id 2297
New/Update License Mappings Requests
-
added Accusoft Software License to Accusoft ImageGear component (Id: 13512007)
-
added GPL-2.0-or-later license to asciidoc-py3 (Id: 29955909)]
-
added SelectPDF HTML to PDF Converter License to select.htmltopdf - NuGet Gallery (Id: 3537714)
-
added ABCPDF License to abcpdf - NuGet Gallery (Id: 3512350)
-
added Aspose License 2017 and Aspose License 2024 License to groupdocs.conversion (Id: 22358106)
-
added Accusoft Software License to Accusoft ImageGear component (Id: 13512007)
-
added GPL-2.0-or-later license to asciidoc-py3 (Id: 29955909)]
-
added SelectPDF HTML to PDF Converter License to select.htmltopdf - NuGet Gallery (Id: 3537714)
-
added ABCPDF License to abcpdf - NuGet Gallery (Id: 3512350)
-
added Aspose License 2017 and Aspose License 2024 License to groupdocs.conversion (Id: 22358106)
Enhanced License Detection Capability for Components
License detection capability and license evidence mechanism for the following components was updated/added:
-
Dom4j license
-
BSD License
-
CDDL-1.1 License
Collector Status
The following table lists Collector Status information.
| Name | Date of Last Successful Run |
|---|---|
| alpine | 7/10/2024 |
| clojars | 7/4/2024 |
| cocoapods | 7/9/2024 |
| Conan | 7/4/2024 |
| cpan | 7/4/2024 |
| cran | 7/6/2024 |
| crates | 8/25/2022 |
| debian | 7/8/2024 |
| fedora-koji | 7/4/2024 |
| github | 7/9/2024 |
| gitlab | 6/6/2023 |
| go | 7/10/2024 |
| hackage | 7/7/2024 |
| maven2-ibiblio | 6/12/2024 |
| maven-google | 7/5/2024 |
| npm | 6/21/2024 |
| nuget gallery | 7/4/2024 |
| packagist | 7/7/2024 |
| pypi | 7/8/2024 |
| rubygems | 7/4/2024 |