Changes in Update Released on 16-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 Component��
-
Updated versions for the log4j2 components from different forges like github, maven and fedora.
-
Updated vulnerabilities for log4j2 component (CVE-2021-44228).
Issue ID Issue Summary SCA-38864 Analysis & update license for jaxen component. SCA-38669 AutoWriteup Rules: Map licenses to AutoWriteup Rules with no licenses. SCA-38521 Increasing Component CPE mappings in Data Library. SCA-38479 Updated version information for 27208706. SCA-38791 Update missing license for top 100 Nuget components.
Addition of Missing Vulnerability Mappings
Missing vulnerability mappings for the following components were added:
-
falco
-
manageengine_admanager_plus
-
esp32_firmware
-
libvips-libvips
-
junos
-
rancher
-
sheetjs
-
etherpad
-
stealth
Addition of License Detection Capability and License Evidence Mechanism
License detection capability and license evidence mechanism was added for the following licenses:
-
bzip2-1.0
-
bzip2-1.0.5
-
Caldera
-
BSD-3-Clause-Attribution
-
BSD-3-Clause-Clear
-
BSD-3-Clause-LBNL
-
BSD-3-Clause-No-Nuclear-License-2014
-
BSD-3-Clause-No-Nuclear-License
-
BSD-3-Clause-No-Nuclear-Warranty
-
BSD-4-Clause-UC
-
BSD-Protection
-
BSD-1-Clause
-
BSD-Source-Code
-
BSD-2-Clause-Patent
-
BSD-2-Clause-NetBSD
-
BSD-2-Clause-FreeBSD