Resolved Issues
The following issues have been addressed in this release.
Issue |
Summary |
SCA-29246 |
New scriptRunner upgrade available. See ScriptRunner Upgrade. |
SCA-24838 |
Enhancement: Users able to add an existing security vulnerability to a component version through the Web UI and REST API. See Ability to Associate Existing Vulnerabilities with Component Versions. |
SCA-25496 |
Enhancement: REST and Java public API support for “last updated” timestamp for projects. See Other Enhancements and Updates to Code Insight APIs. |
SCA-26366 |
Enhancement: NG-bridge data updates for digest matches now available as an overlay to the data in the Compliance Library. See New NG-Bridge Digest Data to Complement Compliance Library. |
SCA-26668 |
Component and associated security vulnerabilities now being properly identified for Jenkins PRQA Plugin 3.1.0 and Jenkins XL TestView Plugin 1.2.0 inventory. |
SCA-27304 |
Issues with the File Name analyzer technique now being managed. (The technique can associate incorrect components with inventory.) Inventory items discovered by this technique are now assigned a maximum priority level of 4 and are no longer automatically published. |
SCA-27363 |
The curl license now being properly reported as license evidence for the curl component. |
SCA-27426 |
SmallRye Mutiny component no longer being associated with certain false “positive” security vulnerabilities. |
SCA-27688 |
Python component names now extracted correctly from setup.py. |
SCA-27703 |
Detection Notes now showing the correct analyzer used to find evidence. |
SCA-28599 |
Vulnerability-association issues caused by trailing zeros in versions for components collected from the Git forge now resolved. |
SCA-28611 |
Projects copied from another project no longer losing data when the original project is deleted. |
SCA-28651 |
NVD JSON feed metadata updated from 1.0 to 1.1 in Code Insight. |
SCA-29769 |
WhiteHat security issue: Insufficient TLS protection when configuring HTTPS in Code Insight now addressed with appropriate SSL protocol information in the Tomcat configuration. See Security Enhancement to SSL Configuration for HTTPS. |
SCA-29786 |
Obsolete security vulnerabilities now no longer being reported with inventory. |
SCA-29886 |
Security vulnerabilities associated with Node.js no longer being erroneously associated with the components readable-stream 3.6.0 and string_decoder 1.3.0. |
SCA-29887 |
False “positive” security vulnerabilities no longer being associated with splunkd components. |
SCA-30039 |
Optional dependencies now being reported for transitive dependencies in POM files. |
SCA-30111 |
Syntactical errors within scanned Gradle files now consistently handled for all dependency levels so that no inventory is reported when syntactical errors exist. |
SCA-30130 |
Dependencies now being reported package.json. |
SCA-30567 |
False “positive” security vulnerabilities no longer being associated with spring-cloud components. |
SCA-30890 |
Inaccurate information in response descriptions in the REST API Swagger documentation now corrected. |
SCA-31407 |
No longer able to add a custom security vulnerability that has the same name as another vulnerability. |
SCA-31536 |
The changeWorkspaceSettings.groovy script now executing successfully. (The “java.io.NotSerializableException” error no longer occurs.) |