Resolved Issues

The following issues have been addressed in this release.

Issue

Summary

SCA-29246

New scriptRunner upgrade available. See ScriptRunner Upgrade.

SCA-24838

Enhancement: Users able to add an existing security vulnerability to a component version through the Web UI and REST API. See Ability to Associate Existing Vulnerabilities with Component Versions.

SCA-25496

Enhancement: REST and Java public API support for “last updated” timestamp for projects. See Other Enhancements and Updates to Code Insight APIs.

SCA-26366

Enhancement: NG-bridge data updates for digest matches now available as an overlay to the data in the Compliance Library. See New NG-Bridge Digest Data to Complement Compliance Library.

SCA-26668

Component and associated security vulnerabilities now being properly identified for Jenkins PRQA Plugin 3.1.0 and Jenkins XL TestView Plugin 1.2.0 inventory.

SCA-27304

Issues with the File Name analyzer technique now being managed. (The technique can associate incorrect components with inventory.) Inventory items discovered by this technique are now assigned a maximum priority level of 4 and are no longer automatically published.

SCA-27363

The curl license now being properly reported as license evidence for the curl component.

SCA-27426

SmallRye Mutiny component no longer being associated with certain false “positive” security vulnerabilities.

SCA-27688

Python component names now extracted correctly from setup.py.

SCA-27703

Detection Notes now showing the correct analyzer used to find evidence.

SCA-28599

Vulnerability-association issues caused by trailing zeros in versions for components collected from the Git forge now resolved.

SCA-28611

Projects copied from another project no longer losing data when the original project is deleted.

SCA-28651

NVD JSON feed metadata updated from 1.0 to 1.1 in Code Insight.

SCA-29769

WhiteHat security issue: Insufficient TLS protection when configuring HTTPS in Code Insight now addressed with appropriate SSL protocol information in the Tomcat configuration. See Security Enhancement to SSL Configuration for HTTPS.

SCA-29786

Obsolete security vulnerabilities now no longer being reported with inventory.

SCA-29886

Security vulnerabilities associated with Node.js no longer being erroneously associated with the components readable-stream 3.6.0 and string_decoder 1.3.0.

SCA-29887

False “positive” security vulnerabilities no longer being associated with splunkd components.

SCA-30039

Optional dependencies now being reported for transitive dependencies in POM files.

SCA-30111

Syntactical errors within scanned Gradle files now consistently handled for all dependency levels so that no inventory is reported when syntactical errors exist.

SCA-30130

Dependencies now being reported package.json.

SCA-30567
SCA-30626

False “positive” security vulnerabilities no longer being associated with spring-cloud components.

SCA-30890

Inaccurate information in response descriptions in the REST API Swagger documentation now corrected.

SCA-31407

No longer able to add a custom security vulnerability that has the same name as another vulnerability.

SCA-31536

The changeWorkspaceSettings.groovy script now executing successfully. (The “java.io.NotSerializableException” error no longer occurs.)