Skip to content

Latest commit

 

History

History
48 lines (39 loc) · 3.86 KB

CHANGELOG.md

File metadata and controls

48 lines (39 loc) · 3.86 KB
Raw

CHANGELOG

  • Unreleased

    • Add --cvss-fail-threshold to fail when a vulnerability meets or exceeds a given CVSS score #114
    • Fix: --output json now renders correctly & JSON output now pretty-printed #116
    • Recognize CVSS2 and CVSS4 scores when available #112
    • Show short summary of findings #87
    • Bump deps #124

  • v6.0.0 cb02879 -- 2024-08-20

    • Fix: show score and severity in dependency-check findings #58
    • Bump deps #75
    • Improve command line experience #77
    • Deprecate --dependency-check-properties command line option #107
    • Encourage use of NVD API key #67
    • Explicitly close the dependency-check engine when we are done with it #86
    • Respect dependency-check odc.autoupdate property #88
    • Replace deprecated clj-time dep with JDK8 java.time interop #83
    • Allow properties to be specified via environment variables #104 to make it easier to use clj-watson in CI/CD pipelines.
    • Streamline dependency-check.properties file #103 so that it only includes properties which need to be different from the defaults in the core DependencyCheck configuration.
      • This changes the default location of the local database used for analysis from /tmp/db to a directory within your local Maven cache (DependencyCheck's default location), which makes clj-watson more CI-friendly since ~/.m2 is typically cached in CI. The first time you run clj-watson 6.0.0, it will download the entire NIST NVD database!
    • Improve feedback during scan
      • Stop suppressing all logging #68
      • Suppress noisy INFO level logging from Apache Commons JCS #69
      • Suppress specific irrelevant ERROR level logging from Apache Commons JCS #78

  • v5.1.3 5812615 -- 2024-07-31

    • Address #60 by updating org.owasp/dependency-check-core to 10.0.3.

  • v5.1.2 ae20e1e -- 2024-03-20

    • GitHub Advisory: fix matching CVE for allowlist via PR #59 @markomafs.

  • v5.1.1 ad5fe07 -- 2024-01-15

    • Address #49 by improving the -T invocation to support short names, symbols for strings, and all the defaults.
    • Address #48 by updating all of the project dependencies, including DependencyCheck to 9.0.8.
    • Address #47 by printing out the optional properties read from the clj-watson.properties file.
    • Documentation improvements.

  • v5.0.1 d1ec6e5 -- 2024-01-09

    • Fix #44 -- locating clj-watson.properties file.

  • v5.0.0 c2349f5 -- 2023-12-24

    • Updated to use DependencyCheck 9.0.6 (NIST NVD API)

  • v4.1.3 56dfd3e -- 2023-01-24

    • Updated to use DependencyCheck 7.4.4 (NIST NVD Data Feed)

See releases for older versions.