[Owasp-japan] Fwd: [Owasp-leaders] OWASP dependency-check 1.2.10 released!
riotaro ＠ gmail.com
2015年 4月 14日 (火) 01:55:59 UTC
---------- Forwarded message ----------
From: "Jeremy Long" <jeremy.long at owasp.org>
Date: Tue, Apr 14, 2015 at 7:39 AM
Subject: [Owasp-leaders] OWASP dependency-check 1.2.10 released!
To: "owasp-leaders" <owasp-leaders at lists.owasp.org>
> The OWASP dependency-check team is pleased to announce the release of
> version 1.2.10! Please visit the documentation site
> <http://jeremylong.github.io/DependencyCheck/> for information on obtaining
> the new version (CLI
> , Maven Plugin
> , Ant Task
> , Jenkins Plugin
> Summary of changes:
> - New logo thanks to Hugo Costa!!!
> - Fixed issue 210 that caused a different number of findings to be
> identified under Java 7 vs. Java 8. The issue was JAXB parsing of the POM
> works better under Java 8 - to avoid this and other JAXB issues the POM.xml
> parser was written using a SAX handler to only extract the needed elements.
> - Resolved issue #206 - the Evidence comparison had some incorrect logic
> that caused the hint analyzer to think some JAR files were related to the
> Spring Framework.
> - Resolved issues with Nexus APIs including ensuring that the SHA1
> hashes were lower case (issue 202) and the redirects from a local Nexus
> will be correctly followed so that the POM.xml file can be correctly
> - Added an update only option to the CLI and Ant Task and added an
> update-only goal to the Maven plugin.
> Again, thanks for the PRs and please open a github issue if you find any
> false positives or false negatives.
> Best Regards,
> The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-japan