Skip to main content

Changes in Update Released on 13-Jan-2022

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to log4j Component

Added component detection capabilities to identify log4j components in "ivy.xml".

Issue IDIssue Summary
SCA-39360Fixed the license evidence mechanism to eliminate false positive findings.
SCA-39579Addition of gnu vulnerable components to the data library
SCA-38160GNU vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism.
SCA-38159Jenkins vulnerability Mapper is an addition to our list of automated vulnerability mappers mechanism.

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • xml_database

  • graphhopper

  • Openvswitch-ovs

  • osgeo-gdal

  • unicorn-engine-unicorn

  • open62541-open62541

  • racket-racket

  • mozilla-geckodriver

  • gnuaspell-aspell

  • libsndfile-libsndfile

  • libarchive

  • matio

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • CC-BY-NC-ND-1.0

  • CC-BY-NC-ND-4.0

  • CC-BY-NC-SA-4.0

  • CC-BY-NC-4.0

  • CC-BY-ND-4.0

  • CC-BY-SA-4.0

  • CC-BY-4.0

  • Cube

  • curl

  • CDLA-Permissive-1.0

  • CDLA-Sharing-1.0

  • CECILL-2.1

  • CLISP-exception-2.0

New Component Requests

  • Windows SDK for Windows Server 2008 and .NET Framework 3.5

  • Strictly Software htmlencode