Skip to main content

Changes in Update Released on 16-Dec-2021

This Update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Updates to Apache log4j2 Component

  • Updated versions for the log4j2 components from different forges like github, maven and fedora.

  • Updated vulnerabilities for log4j2 component (CVE-2021-44228).

    Issue IDIssue Summary
    SCA-38864Analysis & update license for jaxen component.
    SCA-38669AutoWriteup Rules: Map licenses to AutoWriteup Rules with no licenses.
    SCA-38521Increasing Component CPE mappings in Data Library.
    SCA-38479Updated version information for 27208706.
    SCA-38791Update missing license for top 100 Nuget components.

Addition of Missing Vulnerability Mappings

Missing vulnerability mappings for the following components were added:

  • falco

  • manageengine_admanager_plus

  • esp32_firmware

  • libvips-libvips

  • junos

  • rancher

  • sheetjs

  • etherpad

  • stealth

Addition of License Detection Capability and License Evidence Mechanism

License detection capability and license evidence mechanism was added for the following licenses:

  • bzip2-1.0

  • bzip2-1.0.5

  • Caldera

  • BSD-3-Clause-Attribution

  • BSD-3-Clause-Clear

  • BSD-3-Clause-LBNL

  • BSD-3-Clause-No-Nuclear-License-2014

  • BSD-3-Clause-No-Nuclear-License

  • BSD-3-Clause-No-Nuclear-Warranty

  • BSD-4-Clause-UC

  • BSD-Protection

  • BSD-1-Clause

  • BSD-Source-Code

  • BSD-2-Clause-Patent

  • BSD-2-Clause-NetBSD

  • BSD-2-Clause-FreeBSD