Skip to main content

Changes in Update Released on 27-October-2023

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue IDIssue Summary
SCA-50609Resolved False Positive vulnerabilities being detected for Component ckan (Id: 21948217) with version 0.6 (Id: 117793043).
SCA-49864Addition of vulnerability mappings to Chart.js 1.0.2 for CVE-2020-7746
SCA-49752Enhanced the Debian collector to collect more packages from different folders like non-free, non-free-firmware, contrib
SCA-48039Resolved False Positive vulnerabilities for components like "bootstrap" and "commons-collections"

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Reciprocal Public License 1.1

  • Reciprocal Public License 1.5

  • Red Hat eCos Public License v1.1

  • SGI Free Software License B v1.0

  • SGI Free Software License B v1.1

  • SGI Free Software License B v2.0

  • SHL-2.0

  • SHL-2.1

  • SWI-exception

  • Swift-exception

  • Universal-FOSS-exception-1.0

  • vsftpd-openssl-exception

  • Autoconf-exception-generic

  • Autoconf-exception-macro

  • Asterisk-exception

  • cryptsetup-OpenSSL-exception

  • LLGPL

  • OCaml-LGPL-linking-exception

  • PS-or-PDF-font-exception-20170817

  • QPL-1.0-INRIA-2004-exception

  • GNAT-exception

  • x11vnc-openssl-exception

  • Qt-GPL-exception-1.0

  • Qt-LGPL-exception-1.1

Collector Status

The following table lists Collector Status information.

NameDate of Last Successful Run
npm8/15/2023
crates8/25/2022
cpan10/19/2023
clojars10/19/2023
rubygems10/19/2023
maven-google10/13/2023
cran10/21/2023
hackage10/22/2023
packagist10/22/2023
go10/23/2023
pypi10/16/2023
nuget gallery10/15/2023
maven2-ibiblio9/27/2023
github10/23/2023
fedora-koji10/20/2023
alpine10/18/2023
gitlab6/6/2023
debian10/23/2023