[Owasp-leaders] OWASP dependency-check 1.2.10 released!

Jeremy Long jeremy.long at owasp.org
Mon Apr 13 22:37:42 UTC 2015


All,

The OWASP dependency-check team is pleased to announce the release of
version 1.2.10! Please visit the documentation site
<http://jeremylong.github.io/DependencyCheck/> for information on obtaining
the new version (CLI
<http://jeremylong.github.io/DependencyCheck/dependency-check-cli/installation.html>
, Maven Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-maven/usage.html>
, Ant Task
<http://jeremylong.github.io/DependencyCheck/dependency-check-ant/installation.html>
, Jenkins Plugin
<https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin>
).

Summary of changes:

   - New logo thanks to Hugo Costa!!!
   - Fixed issue 210 that caused a different number of findings to be
   identified under Java 7 vs. Java 8. The issue was JAXB parsing of the POM
   works better under Java 8 - to avoid this and other JAXB issues the POM.xml
   parser was written using a SAX handler to only extract the needed elements.
   - Resolved issue #206 - the Evidence comparison had some incorrect logic
   that caused the hint analyzer to think some JAR files were related to the
   Spring Framework.
   - Resolved issues with Nexus APIs including ensuring that the SHA1
   hashes were lower case (issue 202) and the redirects from a local Nexus
   will be correctly followed so that the POM.xml file can be correctly
   downloaded.
   - Added an update only option to the CLI and Ant Task and added an
   update-only goal to the Maven plugin.

Again, thanks for the PRs and please open a github issue if you find any
false positives or false negatives.

Best Regards,

The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150413/68464530/attachment.html>


More information about the OWASP-Leaders mailing list