Changes in Update Released on 10-November-2023
This update includes the changes described in the following sections.
Updates to Apache Activemq Components
Added vulnerability information to the following activemq components:
| Component ID | Component Name | URL |
|---|---|---|
| 58129 | apache-activemq | http://activemq\.apache\.org/ |
| 173954 | apache-activemq | https://github\.com/apache/activemq |
| 573649 | activemq-all | https://repo1\.maven\.org/maven2/org/apache/activemq/activemq\-all |
| 581532 | apache-activemq | https://repo1\.maven\.org/maven2/org/apache/activemq/apache\-activemq |
| 596014 | activemq-openwire-legacy | https://repo1\.maven\.org/maven2/org/apache/activemq/activemq\-openwire\-legacy |
| 30391285 | activemq | https://tracker\.debian\.org/pkg/activemq |
Related to Vulnerability CVEs
- CVE-2023-46604 (https://nvd.nist.gov/vuln/detail/CVE-2023-46604)
Issues/Bugs Addressed
The following issues were addressed in the Update:
| Issue ID | Issue Summary |
|---|---|
| SCA-50558 | License Evidence - "OpenSSL License" Evidence is missing on scanning "attribution-file.zip" file. |
| SCA-38149 | Addition of License evidence mechanism and license detection capabilities to licenses like "Sax Public Domain Notice", "The unlicense" etc |
| SCA-50018 | Updated license evidence mechanism and license detection capability for "IBM Public License v1.0" as the License evidence was missing on scanning "autoglyph.c" file |
Enhanced License Detection Capability for Components
License detection capability and license evidence mechanism for the following components was updated/added:
-
Sax Public Domain Notice
-
University of Illinois/NCSA Open Source License
-
The Unlicense
-
Vovida Software License v1.0
-
W3C Software Notice and License (2002-12-31)
-
X.Net License
-
XFree86 License 1.1
-
Zend License v2.0
-
Zope Public License 1.1
-
Zope Public License 2.0
-
Zope Public License 2.1
Collector Status
The following table lists Collector Status information.
| Name | Date of Last Successful Run |
|---|---|
| npm | 8/15/2023 |
| crates | 8/25/2022 |
| cpan | 11/02/2023 |
| clojars | 11/09/2023 |
| rubygems | 11/02/2023 |
| maven-google | 11/03/2023 |
| cran | 11/04/2023 |
| hackage | 11/05/2023 |
| packagist | 11/05/2023 |
| go | 11/06/2023 |
| pypi | 11/06/2023 |
| nuget gallery | 11/02/2023 |
| maven2-ibiblio | 11/01/2023 |
| github | 11/08/2023 |
| fedora-koji | 11/03/2023 |
| alpine | 11/08/2023 |
| gitlab | 6/6/2023 |
| debian | 11/06/2023 |