From eacb4c9d62ceaec70520bc2a6e35c35a44c80644 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 19 Nov 2017 07:37:18 -0500 Subject: [PATCH 1/3] fix issue #868 --- dependency-check-maven/src/site/markdown/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md index ebf3cacc7..6e40a0e5f 100644 --- a/dependency-check-maven/src/site/markdown/configuration.md +++ b/dependency-check-maven/src/site/markdown/configuration.md @@ -80,7 +80,7 @@ cveUrl20Modified | URL for the modified CVE 2.0. cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year. | https://nvd.nist.gov/download/nvdcve-%d.xml.gz cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year. | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz connectionTimeout | Sets the URL Connection Timeout used when downloading external data. |   -dataDirectory | Sets the data directory to hold SQL CVEs contents. This should generally not be changed. |   +dataDirectory | Sets the data directory to hold SQL CVEs contents. This should generally not be changed. | ~/.m2/repository/org/owasp/dependency-check-data/ databaseDriverName | The name of the database driver. Example: org.h2.Driver. |   databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. |   connectionString | The connection string used to connect to the database. |   From d560ca927e0733b56652f9c13942d65b9090c1e3 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 19 Nov 2017 07:50:03 -0500 Subject: [PATCH 2/3] added per request #948 --- RELEASE_NOTES.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 RELEASE_NOTES.md diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md new file mode 100644 index 000000000..381d61373 --- /dev/null +++ b/RELEASE_NOTES.md @@ -0,0 +1,28 @@ +# Release Notes + +Please see the [dependency-check google group](https://groups.google.com/forum/#!forum/dependency-check) for the release notes on versions not listed below. + +## [Version 3.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v3.0.2) (2017-11-13) + +### Bug fixes + +- Updated the query format for the CentralAnalyzer; the old format caused the CentralAnalyzer to fail + +## [Version 3.0.1](https://github.com/jeremylong/DependencyCheck/releases/tag/v3.0.1) (2017-10-20) + +### Bug fixes + +- Fixed a database connection issue that affected some usages. + +## [Version 3.0.0](https://github.com/jeremylong/DependencyCheck/releases/tag/v3.0.0) (2017-10-16) + +- Several bug fixes and false positive reduction + - The 2.x branch introduced several new false positives – but also reduced the false negatives +- Java 9 compatibility update +- Stability issues with the Central Analyzer resolved + - This comes at a cost of a longer analysis time +- The CSV report now includes the GAV and CPE +- The Hint Analyzer now supports regular expressions +- If show summary is disabled and vulnerable libraries are found that fail the build details are no longer displayed in the console – only that vulnerable libraries were identified +- Resolved issues with threading and multiple connections to the embedded H2 database + - This allows the Jenkins pipeline, Maven Plugin, etc. to safely run parallel executions of dependency-check \ No newline at end of file From 14839cadf5a26b6acdb5f0341654eacc9f51b14e Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 19 Nov 2017 08:21:26 -0500 Subject: [PATCH 3/3] snapshot version --- build-reporting/pom.xml | 2 +- dependency-check-ant/pom.xml | 2 +- dependency-check-cli/pom.xml | 2 +- dependency-check-core/pom.xml | 2 +- dependency-check-maven/pom.xml | 2 +- dependency-check-plugin/pom.xml | 2 +- dependency-check-utils/pom.xml | 2 +- pom.xml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/build-reporting/pom.xml b/build-reporting/pom.xml index fc89f99dd..7d869e274 100644 --- a/build-reporting/pom.xml +++ b/build-reporting/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2017 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT Dependency-Check Build-Reporting build-reporting diff --git a/dependency-check-ant/pom.xml b/dependency-check-ant/pom.xml index dadc7853e..539ddedcf 100644 --- a/dependency-check-ant/pom.xml +++ b/dependency-check-ant/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT dependency-check-ant diff --git a/dependency-check-cli/pom.xml b/dependency-check-cli/pom.xml index 1239d0b69..e7b89ce9d 100644 --- a/dependency-check-cli/pom.xml +++ b/dependency-check-cli/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT dependency-check-cli diff --git a/dependency-check-core/pom.xml b/dependency-check-core/pom.xml index 88b029b05..be1c2cd6e 100644 --- a/dependency-check-core/pom.xml +++ b/dependency-check-core/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT dependency-check-core diff --git a/dependency-check-maven/pom.xml b/dependency-check-maven/pom.xml index 081ffa3a1..0a238dcbb 100644 --- a/dependency-check-maven/pom.xml +++ b/dependency-check-maven/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT dependency-check-maven maven-plugin diff --git a/dependency-check-plugin/pom.xml b/dependency-check-plugin/pom.xml index bf53910c7..828348391 100644 --- a/dependency-check-plugin/pom.xml +++ b/dependency-check-plugin/pom.xml @@ -21,7 +21,7 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT org.owasp dependency-check-plugin diff --git a/dependency-check-utils/pom.xml b/dependency-check-utils/pom.xml index 502d4758a..15ed50461 100644 --- a/dependency-check-utils/pom.xml +++ b/dependency-check-utils/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved. org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT dependency-check-utils diff --git a/pom.xml b/pom.xml index 53c3b847c..86da3e0be 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long org.owasp dependency-check-parent - 3.0.2 + 3.0.3-SNAPSHOT pom