Changes in Update Released on 23-Dec-2021
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to Apache log4j2 Component
- Updated vulnerability information for log4j2 component (CVE-2021-44228,CVE-2021-45046,CVE-2021-4104).
- Updated versions for the log4j2 components.
| Issue ID | Issue Summary |
|---|---|
| SCA-38791 | Updated missing vulnerabilities for nuget top 100 component |
| SCA-35846 | Enhancements to Nuget Collector for Version-Level License Collection |
Addition of Missing Vulnerability Mappings
Missing vulnerability mappings for the following components were added:
- consul
- uri.js
- chatwoot
- bat
- cgm-remote-monitor
- connect
- muwire
- containerd
- discourse
- micronaut
- gatsby-source-wordpress
- venus_os
Updated Components List
- world-clock-and-the-timezoneinformation-class