3.1.11

Improvements:

• The endpoint returning all libraries affected by a given bug offers a new query string parameter onlyWellknown in order to ignore libraries whose digest is not known to a public repository (#363)

Bug fixes:

• Prevent that references to non-existing parent dependencies are persisted (#367)
• Fixed rest-backend configuration settings related to the new rest-nvd service (#361)
• When checking bundled libraries, ignore all findings for the library identifier (GAV) that corresponds to the analyzed (#364)

3.1.10

New features:

• Included NVD wrapper in rest-nvd (#346)

Improvements:

• Reduced log level of messages created by client and server-side components (#343)

Bug fixes:

• Fixed bug related to parent dependencies (#355)

3.1.9

Improvements:

• Log4j log level is configurable with vulas.log4j.threshold (#339)
• Removed call to ML classifier from CoverageService (#311)
• Added two SQL scripts to debloat and query the PostgreSQL database (#337)

3.1.8

Bug fixes:

• Goal prepare-vulas-agent: Exemption-related configuration settings are not any more included in Surefire's argLine argument (#334)
• Goal report: Corrected Velocity template (#331 and #333)
• Component rest-backend: Removed copyright header from FlyWay migration scripts (#332)

3.1.7

Improvements:

• #289: Improved exception handling when vulnerability info cannot be downloaded during the report goal
• #300: Added configuration parameter to suppress hour glass findings from export
• #301: Improved report created by report goal
• Diverse changes to support K8s deployment
• Reflected move to Eclipse Foundation by updating images, names and links

Bug fixes:

• #306: Special characters in fully-qualified Java names are encoded

3.1.6

Bugfixes:

• Ensure correctness of parent-child information before upload of app information (#272 )

Improvements:

• Fixed various JavaDoc issues in order to release on Maven Central

3.1.5

Bug fixes:

• #252 and #261 fixed two bugs in rest-backend that were related to rebundled dependencies. The exceptions resulted in HTTP 500 responses when a scan client requested vulnerable dependencies from the backend.
• #256 makes mitigation proposals for the rebundling dependency (rather than the rebundled one).

3.1.4

Bugfixes:

• #245 fixed malformed Json resulting in a 400 Bad request when uploading to the backend (occurred when depending on libraries with the same groupId, artifactId, version and different classifier)
• #246 version comparison for patchlibanalyzer fixed to compare numbers only when numbers exists

Improvements:

• #244 patchlibanalyzer now propagates manual assessments for bugs w/o construct changes
• #243 improved performances when loading libraries related to a bug in bugs frontend

3.1.3

Improvement:

• Speed up the query for vulnerable dependencies for bundled libraries by pushing the logic to the database.

3.1.2

Bug fixes:

• Introduced with 3.1.0: Dependencies on Maven artifacts of type pom resulted in inconsistent JSON that got rejected by the backend, which led to the problem that the entire project (application) could not be uploaded.