Resolved Issues
The following issues have been addressed in this release.
|
Issue |
Summary |
|
SCA-27115 |
License-match inconsistencies between files now resolved. Previously, the same license text identified as a match in one file was not identified as a match in another file. |
|
SCA-29862 |
Issue with GPL licenses getting erroneously reported during the scan of LGPL license files now resolved. |
|
SCA-30456 |
Issues that occurred when users attempted to generate the “CVE-with-requests” report and other reports through the scriptRunner now resolved with the latest ReportScript-coreserver utility version (1.1.6). Installation instructions are provided when you download the utility. Also see Important Information about the Latest Report Script Utility. |
|
SCA-31501 |
User accounts no longer getting locked when an LDAP user password contains a left angle bracket (<) character. However, passwords for new and existing users created in Code Insight can no longer contain this bracket character. See Left-Angle Bracket No Longer Allowed in User Passwords. |
|
SCA-31541 |
Issue with the Nuget analyzer falsely mapping vulnerabilities now resolved. |
|
SCA-31708 |
Issue with the “splunk-library-javalogging” component being detected but reported erroneously in inventory now resolved. |
|
SCA-32069 |
Issue with vulnerabilities getting falsely mapped to the “delegate” component now resolved. |
|
SCA-32508 |
Issue with vulnerabilities getting falsely mapped to Tomcat components now resolved. |
|
SCA-32572 |
Issue with vulnerabilities getting falsely mapped to the “lodash.flattendeep@4.4.0” component now resolved. |
|
SCA-32614 |
Issue with dependencies not getting reported from requirements.txt now resolved. |
|
SCA-32664 |
Code Insight now able to reconcile version variables for dependencies in pom.xml and create dependency inventory. |
|
SCA-32996 |
Issue resolved in which the Intel Open Source license (instead of the BSD 3-Clause license) was being falsely mapped to components. |
|
SCA-33038 |
Issue with a vulnerability getting falsely mapped to the “wrappy” component now resolved. |
|
SCA-33063 |
Issue with vulnerabilities getting falsely mapped to the “@Type/Lodash” component now resolved. |
|
SCA-33085 |
Tomcat upgraded to version 8 due to end of life for Tomcat 7 in March 31, 2021. |
|
SCA-33552 |
Issue with vulnerabilities getting falsely mapped to the “generex” component now resolved. |
|
SCA-33553 |
Issue with vulnerability getting falsely mapped to the “jandex” component now resolved. |
|
SCA-34434 |
Issues with missing inventory between scans now resolved. |
|
SCA-35403 |
An issue with the selection of the Global checkbox (available for certain reports) enabling users to run reports for which they had no access now resolved. |
|
SCA-36017 |
Direct dependencies with the PROVIDED scope in pom.xml files now being reported when a “direct” profile is used for the scan. When a “transitive” profile is used, direct dependencies with the PROVIDED scope are reported; but, for transitive dependencies with the PROVIDED scope, only runtime or compile-time dependencies are reported. |
|
SCA-36148 |
First-level dependencies now being reported for package managers when Code Insight runs in offline mode. Previously, these dependencies were not being reported for certain package managers, such as NPM, Python, Ruby, and Nuget. |
|
SCA-36393 |
Issue with dependencies not being resolved when a version is a variable (and the “transitive” profile is used) now resolved. |
|
SCA-36423 |
Direct or transitive dependencies with versions longer than the maximum length (as allowed in the database) now reported as dependency inventory with empty versions. Previously, dependencies with long versions resulted in their top-level as well as the dependency inventory not being reported. |
|
SCA-37293 |
A meaningful error message now provided for NullPointerException errors that occur due to incorrect user input for the create Request API. |