UPDATE: OWASP Dependency-Check 2.1.1!

PenTestIT RSS Feed

My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.1! This release contains a few known threading issues that can affect the Jenkins implementation; these have not been fixed in this release and are planned for the next release.

OWASP Dependency-Check 2.1.1 changelog:

In addition to general bug fixes and false positive reductions the following enhancements were made:

• Fixed bugs in the NSP analyzer.
• Fixed bugs in the JSON report format.
• Updated the embedded H2 database to resolve compatibility issues in newer versions of gradle and Jenkins Pipeline.
• The Lucene index, used for CPE identification, was updated to include additional stop words to improve matching.

Interestingly, a persistent cross-site scripting vulnerability in the OWASP Dependency-Check Jenkins plugin aka CVE-2017-1000109 was also fixed with this release.

Download OWASP Dependency-Check 2.1.1:

Download OWASP Dependency-Check 2.1.1 (DependencyCheck-2.1.1.zip) and other related plugins here.

The post UPDATE: OWASP Dependency-Check 2.1.1! appeared first on PenTestIT.