Changes in Update Released on 16-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 Component
- Updated versions for the log4j2 components from different forges like github, maven and fedora.
- Updated vulnerabilities for log4j2 component (CVE-2021-44228).
| Issue ID | Issue Summary |
|---|---|
| SCA-38864 | Analysis & update license for jaxen component. |
| SCA-38669 | AutoWriteup Rules: Map licenses to AutoWriteup Rules with no licenses. |
| SCA-38521 | Increasing Component CPE mappings in Data Library. |
| SCA-38479 | Updated version information for 27208706. |
| SCA-38791 | Update missing license for top 100 Nuget components. |
Addition of Missing Vulnerability Mappings
Missing vulnerability mappings for the following components were added:
- falco
- manageengine_admanager_plus
- esp32_firmware
- libvips-libvips
- junos
- rancher
- sheetjs
- etherpad
- stealth
Addition of License Detection Capability and License Evidence Mechanism
License detection capability and license evidence mechanism was added for the following licenses:
- bzip2-1.0
- bzip2-1.0.5
- Caldera
- BSD-3-Clause-Attribution
- BSD-3-Clause-Clear
- BSD-3-Clause-LBNL
- BSD-3-Clause-No-Nuclear-License-2014
- BSD-3-Clause-No-Nuclear-License
- BSD-3-Clause-No-Nuclear-Warranty
- BSD-4-Clause-UC
- BSD-Protection
- BSD-1-Clause
- BSD-Source-Code
- BSD-2-Clause-Patent
- BSD-2-Clause-NetBSD
- BSD-2-Clause-FreeBSD