DependencyCheck Versions Save

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

v9.0.1

5 months ago
  • fix: check java 8 update version; minimum JRE is 8 update 251 (#6118)
  • fix: add retry for failed NVD API requests (#6136)
  • docs: add default values to documentation for the NVD API Delay (#6135)
  • chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (#6131)
    • this is a breaking change for anyone that successfully created the H2 database with 9.0.0.
  • fix: mute jcs logging (#6130)
  • docs: update NVD notice (#6110)
  • fix: Use the correct key for NVD API-Key from Maven Settings serverId (#6109)

See the full listing of changes.

v9.0.0

5 months ago

breaking changes: See the upgrade notice

  • feat: Utilize NVD API (#5978)
  • feat: gitlab dependency scanner report format #5919 (#5920)
  • fix: Use ASCII apostrophe for console message (#6076)

See the full listing of changes.

v8.4.3

5 months ago
  • fix: bump jcs3 (#6047)
  • docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

v8.4.2

6 months ago
  • fix: correct log configuration in cli (#6002)

See the full listing of changes.

v8.4.1

6 months ago
  • fix: upgrade to JCS3 (#5114)
  • fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
  • fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
  • fix: Do not filter out evidences added by hints (#5900)
  • fix: fixes FP #5925 (#5927)

See the full listing of changes.

v8.4.0

8 months ago

Added

  • feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

  • fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
  • chore: switch to sha1-pinning as suggested by Semgrep
  • fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
  • fix: use curl with -L to follow github redirect (#5808)
  • fix: use curl with -L to follow github redirect
  • fix: #5671 out of memory error (#5789)
  • fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

v8.3.0

10 months ago

Added

  • Add LibmanAnalyzer (#5652)
  • Update HTML report Dependencies header based on display settings (#5619)
  • Add link to suppressed vulnerabilities header in HTML report (#5620)
  • Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

  • Fix npm alias present in requires of dependencies (#5703)
  • Make Central URL configurable via CLI (#5667)
  • Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

v8.3.1

10 months ago

Re-release of 8.3.0 as 8.3.1.

v8.2.1

1 year ago

Fixed

  • NullPointerException in MSBuildAnalyzer (#5589)
  • SQL Syntax for Oracle (#5590)
  • Use https:// URLs in report templates (#5582)

See the full listing of changes.

v8.2.0

1 year ago

Added

  • Support msbuild Directory.build.props (#5475)
  • better display of NPM audit references
  • Add CVSS V3 results from NPM Audit results

Fixed

  • Fix several issues on NPM Audit reporting (#5546)
  • Case issue in SQL (#5557)
  • Fix CWE(s) extraction for NPM Audit advisories
  • Use the stable github_advisory_id instead of the now unstable id in NPM audit results

See the full listing of changes.