[Owasp-leaders] OWASP dependency-check 1.4.3 released!

Jeremy Long jeremy.long at owasp.org
Wed Sep 7 00:07:58 UTC 2016

The OWASP dependency-check team is pleased to announce the release of
version 1.4.3! Please visit the documentation site
<http://jeremylong.github.io/DependencyCheck/> for information on obtaining
the new version (CLI
, Maven Plugin
, Ant Task
, Gradle Plugin
, Jenkins Plugin

Due to issues in versions of dependency-check prior to 1.4.3 I would highly
recommend that users upgrade. As part of the upgrade to 1.4.3 I would
recommend deleting your existing database and starting off with a fresh

Release Notes

Core Engine:

   - Fixed issues with parsing CVE entries from the NVD
   - Additional changes made to support HTTPS connections to the NVD as TLS
   1.0 is no longer supported; alternative JVMs should now be able to connect
   - Experimental analyzers were added for cocoapods and swift package
   manager support.
      - To enable these analyzers one must specifically enable the
      experimental analyzers (see the documentation for the interface you are
      using: Maven, Gradle, etc.).
   - Lots of internal code updates and bug fixes.

Gradle Plugin:

   - Added documentation for skipConfigurations and scanConfigurations so
   that users can better configure their scan.

Maven Plugin:

   - Completely re-wrote the report aggregation to resolve issues with
   site:stage and site:deploy producing blank reports.

Best Regards,

The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160906/17ee8fc3/attachment.html>

More information about the OWASP-Leaders mailing list