Changes in Update Released on 23-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 Component
-
Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104).
-
Updated versions for the log4j2 components.
Issue ID Issue Summary SCA-38791 Updated missing vulnerabilities for nuget top 100 component SCA-35846 Enhancements to Nuget Collector for Version-Level License Collection
Addition of Missing Vulnerability Mappings
Missing vulnerability mappings for the following components were added:
-
consul
-
uri.js
-
chatwoot
-
bat
-
cgm-remote-monitor
-
connect
-
muwire
-
containerd
-
discourse
-
micronaut
-
gatsby-source-wordpress
-
venus_os
Updated Components List
- world-clock-and-the-timezoneinformation-class