Skip to main content

Changes in Update Released on 27-October-2023

This update includes the changes described in the following sections.

Issues/Bugs Addressed

The following issues were addressed in the Update:

Issue IDIssue Summary
SCA-50609Resolved False Positive vulnerabilities being detected for Component ckan (Id: 21948217) with version 0.6 (Id: 117793043).
SCA-49864Addition of vulnerability mappings to Chart.js 1.0.2 for CVE-2020-7746
SCA-49752Enhanced the Debian collector to collect more packages from different folders like non-free, non-free-firmware, contrib
SCA-48039Resolved False Positive vulnerabilities for components like "bootstrap" and "commons-collections"

Enhanced License Detection Capability for Components

License detection capability and license evidence mechanism for the following components was updated/added:

  • Reciprocal Public License 1.1
  • Reciprocal Public License 1.5
  • Red Hat eCos Public License v1.1
  • SGI Free Software License B v1.0
  • SGI Free Software License B v1.1
  • SGI Free Software License B v2.0
  • SHL-2.0
  • SHL-2.1
  • SWI-exception
  • Swift-exception
  • Universal-FOSS-exception-1.0
  • vsftpd-openssl-exception
  • Autoconf-exception-generic
  • Autoconf-exception-macro
  • Asterisk-exception
  • cryptsetup-OpenSSL-exception
  • LLGPL
  • OCaml-LGPL-linking-exception
  • PS-or-PDF-font-exception-20170817
  • QPL-1.0-INRIA-2004-exception
  • GNAT-exception
  • x11vnc-openssl-exception
  • Qt-GPL-exception-1.0
  • Qt-LGPL-exception-1.1

Collector Status

The following table lists Collector Status information.

NameDate of Last Successful Run
npm8/15/2023
crates8/25/2022
cpan10/19/2023
clojars10/19/2023
rubygems10/19/2023
maven-google10/13/2023
cran10/21/2023
hackage10/22/2023
packagist10/22/2023
go10/23/2023
pypi10/16/2023
nuget gallery10/15/2023
maven2-ibiblio9/27/2023
github10/23/2023
fedora-koji10/20/2023
alpine10/18/2023
gitlab6/6/2023
debian10/23/2023