Spdx Tools Versions Save

What's Changed

• Bump log4j-core from 2.17.0 to 2.17.1 by @dependabot in https://github.com/spdx/tools/pull/288
• Bump log4j-api from 2.17.0 to 2.17.1 by @dependabot in https://github.com/spdx/tools/pull/289
• Extract method code rafactoring in FileContext by @asadshaik1103 in https://github.com/spdx/tools/pull/291
• extract method code refactoring SpdxLicenseTemplateHelper by @asadshaik1103 in https://github.com/spdx/tools/pull/295
• Move refactoring for locateOriginalText by @asadshaik1103 in https://github.com/spdx/tools/pull/297
• pull up field refactoring in DocumentInfoSheet by @asadshaik1103 in https://github.com/spdx/tools/pull/299
• Remove unused Jackson databind from dependencies by @goneall in https://github.com/spdx/tools/pull/305
• Make the LicenseJson class public by @goneall in https://github.com/spdx/tools/pull/306
• Update GSON to version 2.8.9 by @goneall in https://github.com/spdx/tools/pull/307

New Contributors

• @asadshaik1103 made their first contribution in https://github.com/spdx/tools/pull/291

Full Changelog: https://github.com/spdx/tools/compare/v2.2.7...v2.2.8

Updates the Log4J version to version 2.17.0 to resolves a severe denial of service vulnerability CVE-2021-45105

What's Changed

• Resolves critical security issue in log4j library CVE-2021-44228
• Resolves moderate security issue in log4j library CVE-2021-45046
• Resolves minor security issue in Guava library CVE-2018-10237
• Resolves minor security issue in Guava library CVE-2020-8908
• Update POM file to deploy to sonatype by @goneall in https://github.com/spdx/tools/pull/275
• Bump commons-compress from 1.19 to 1.21 by @dependabot in https://github.com/spdx/tools/pull/277
• Bump jsoup from 1.11.3 to 1.14.2 by @dependabot in https://github.com/spdx/tools/pull/279
• Fix spelling of anonymous by @goneall in https://github.com/spdx/tools/pull/280
• Update log4j to version 2.16.0 and guava to version 29.0-jre by @goneall in https://github.com/spdx/tools/pull/285

Full Changelog: https://github.com/spdx/tools/compare/v2.2.5...v2.2.6

Note that there is a re-designed version of this tool: tools-java

This release includes the following fixes:

• #273 Resolves an issue introduced with the latest release of the License List
• #269 Parses out Boolean types from the RDF when parsing the RDF/XML format

Note that there is a re-designed version of this tool: tools-java

Add CrossRefs to support LicenseListPublisher enhancements to URL handling. Resolve issue #260 Various bug fixes.

Release 2.2.2 of the SPDX tools.

Includes support for additional cross reference fields required by the LicenseListPublisher and additional minor fixes.

This release fixes a major defect for License Ref case sensitive matching.

Implements SPDX spec version 2.2.

Resolve minor defects and a possible denial of service vulnerability.

Fixes issue with normalizing HTTP and HTTPS while doing license text compares.