SPDX Tools
Full Changelog: https://github.com/spdx/tools/compare/v2.2.7...v2.2.8
Updates the Log4J version to version 2.17.0 to resolves a severe denial of service vulnerability CVE-2021-45105
Full Changelog: https://github.com/spdx/tools/compare/v2.2.5...v2.2.6
Note that there is a re-designed version of this tool: tools-java
This release includes the following fixes:
Note that there is a re-designed version of this tool: tools-java
Add CrossRefs to support LicenseListPublisher enhancements to URL handling. Resolve issue #260 Various bug fixes.
Release 2.2.2 of the SPDX tools.
Includes support for additional cross reference fields required by the LicenseListPublisher and additional minor fixes.
This release fixes a major defect for License Ref case sensitive matching.
Implements SPDX spec version 2.2.
Resolve minor defects and a possible denial of service vulnerability.
Fixes issue with normalizing HTTP and HTTPS while doing license text compares.