[Owasp-leaders] OWASP dependency-check 1.4.3 released!

Jeremy Long jeremy.long at owasp.org
Wed Sep 7 00:07:58 UTC 2016


The OWASP dependency-check team is pleased to announce the release of
version 1.4.3! Please visit the documentation site
<http://jeremylong.github.io/DependencyCheck/> for information on obtaining
the new version (CLI
<http://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html>
, Maven Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html>
, Ant Task
<http://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html>
, Gradle Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html>
, Jenkins Plugin
<https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin>
).

Due to issues in versions of dependency-check prior to 1.4.3 I would highly
recommend that users upgrade. As part of the upgrade to 1.4.3 I would
recommend deleting your existing database and starting off with a fresh
copy.

Release Notes
-------------------

Core Engine:

   - Fixed issues with parsing CVE entries from the NVD
   - Additional changes made to support HTTPS connections to the NVD as TLS
   1.0 is no longer supported; alternative JVMs should now be able to connect
   successfully.
   - Experimental analyzers were added for cocoapods and swift package
   manager support.
      - To enable these analyzers one must specifically enable the
      experimental analyzers (see the documentation for the interface you are
      using: Maven, Gradle, etc.).
   - Lots of internal code updates and bug fixes.

Gradle Plugin:

   - Added documentation for skipConfigurations and scanConfigurations so
   that users can better configure their scan.

Maven Plugin:

   - Completely re-wrote the report aggregation to resolve issues with
   site:stage and site:deploy producing blank reports.


Best Regards,

The OWASP dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160906/17ee8fc3/attachment.html>


More information about the OWASP-Leaders mailing list