v9.0.2

• fix: remove virtual match string on NVD API Request (#6177)
• fix: correct meta data in report after switching the NVD API (#6154)
• fix: retry HTTP connections to NVD on 502 and 504 errors (#6151)
• fix: Gitlab report format needs severity capitalized (#6182)
• fix: improve JDK update version parsing (#6163)
• fix: mute JCS logging (again) (#6153)

See the full listing of changes.

Version 9.0.1

• fix: check java 8 update version; minimum JRE is 8 update 251 (#6118)
• fix: add retry for failed NVD API requests (#6136)
• docs: add default values to documentation for the NVD API Delay (#6135)
• chore: Revert "build(deps): bump com.h2database:h2 from 2.1.214 to 2.2.224" (#6131)
  • this is a breaking change for anyone that successfully created the H2 database with 9.0.0.
• fix: mute jcs logging (#6130)
• docs: update NVD notice (#6110)
• fix: Use the correct key for NVD API-Key from Maven Settings serverId (#6109)

See the full listing of changes.

Version 9.0.0

breaking changes: See the upgrade notice

• feat: Utilize NVD API (#5978)
• feat: gitlab dependency scanner report format #5919 (#5920)
• fix: Use ASCII apostrophe for console message (#6076)

See the full listing of changes.

Version 8.4.3

• fix: bump jcs3 (#6047)
• docs: Corrected docs on hostedSuppressions (#6035)

See the full listing of changes.

Version 8.4.2

• fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1

• fix: upgrade to JCS3 (#5114)
• fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
• fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
• fix: Do not filter out evidences added by hints (#5900)
• fix: fixes FP #5925 (#5927)

See the full listing of changes.

Version 8.4.0

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

Version 8.3.1

Re-release of 8.3.0 as 8.3.1.

v8.3.0

Added

• Add LibmanAnalyzer (#5652)
• Update HTML report Dependencies header based on display settings (#5619)
• Add link to suppressed vulnerabilities header in HTML report (#5620)
• Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

• Fix npm alias present in requires of dependencies (#5703)
• Make Central URL configurable via CLI (#5667)
• Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Version 8.2.1

Fixed

• NullPointerException in MSBuildAnalyzer (#5589)
• SQL Syntax for Oracle (#5590)
• Use https:// URLs in report templates (#5582)

See the full listing of changes.