4.15.X
4.15.47
- Moved the
All Licenses
section of the licensing issue drawer to be more prominent - Added the ability to sort by "Last revision analyzed" in the projects table
4.15.46
- Internal changes for upcoming features
4.15.45
- Added the
lastAnalyzed
field toGET /api/v2/projects
endpoint that represents when the project was last analyzed, as well as the ability to sort bylastAnalyzed
- Updated the Issues dashboard to allow items to be opened in new tabs with Right Click, Middle Click, or cmd/ctrl + click.
- Fixed an issue where the
/api/revisions/{{revision}}/dependencies
endpoint would not respect pagination
4.15.44
- Internal changes for upcoming features
4.15.43
- Released the new Issue Grouping Experience for all users!
4.15.42
- Changed width of table columns in the Organization's Teams Settings page
- Issue drawer width will now expand further to provide more usable space
- Resolved an issue in which dependencies did not disappear from the UI after deletion (visual bug)
4.15.41
- Fixed an issue where an exported Issue CSV could have unexpected newlines
- Added the Llama 2 Community license
4.15.40
- Added Team information to GET /api/v2/projects endpoint
- Misc. internal changes and version bumps
4.15.38 - 4.15.39
- Internal changes for upcoming features
4.15.37
- Added audit logging for Project-level policy scan settings changes
- Project titles will no longer be truncated in plaintext report headers
- Misc. internal changes and version bumps
4.15.36
- Internal changes for upcoming features
4.15.32 - 4.15.35
- Internal changes for upcoming features
- Removed the topographic background image from the login pages
4.15.31
- Added support for full-file previews of licenses found directly in quick imported projects
4.15.30
- Fixed a bug where archive uploads for projects with characters above ASCII 127 in their name would fail to upload
- The Python resolver will now attempt to download a PyPI package's binary when a source distribution does not exist
4.15.29
- Fixed a bug where licenses were not displayed in the issue drawer
4.15.28
- Internal changes for upcoming features
4.15.27
- Added support for issue actions in the global issue drawer/page
4.15.26
- Internal changes for upcoming features
4.15.25
-
Improved Audit Logs:
-
Added logs for ignoring dependencies
- Added logs for edited project settings
- title, notes, default branch, VCS Host, url, and privacy (public/private) are supported.
-
- Fixed bug in project settings when saving Jira custom fields
- Fixed an issue where settings would not take when generating release group reports
- Fixed a bug where discovered license files could be improperly cached for go projects
4.15.24
-
Updated the favicon to use the 2023 FOSSA Logo
- Minor internal version bumps
4.15.23
- Minor internal version bump
4.15.22
- Removed the deprecated link and "open external" icon for origin paths in the Dependencies Dashboard
- Internal changes for upcoming features
4.15.21
- Improved performance of the
/api/users
endpoint - Fixed an issue where Release Group Attribution Reports weren't generated as expected
- Minor internal version bumps
4.15.20
- Added support for SUSE/SLES Dependencies in container scans
- Minor internal version bumps
4.15.19
- Added badges from the new Issues Row to the Issues Drawer
- Severity + CVSS Score, EPSS Score + Percentile, Upgrade Distance, CVE, and Exploit Maturity for known exploits
- Added support for more special characters in ArchiveUploads (space, ?, and ;)
4.15.18
- Fixes an issue where the issue status tabs would display
...
indefinitely - Internal changes for upcoming features
4.15.11
- Internal changes for upcoming features
4.15.16
-
Security issues have been redesigned to a new three-row experience containing the following:
-
Severity + CVSS Score, EPSS Score + Percentile, Upgrade Distance, CVE, and Exploit Maturity for known exploits
-
CWE Title, Package Name and Version
-
Ignored Date, Ticket, Package Manager, Depth, Project Count, and Found Date
-
4.15.13 - 4.15.15
- Deprecated code cleanup
- Internal version bumps
- Internal changes for upcoming features
4.15.12
- Added a "home page" link to the Issue Drawer
-
Internal changes and improvements for upcoming features
- Minor internal version bump
4.15.11
- Internal changes for upcoming features
4.15.10
- Issue Grouping is now saved across sessions
- Added a "Not Found" page when a project is not found or viewed when logged out
- Added the "Team Select" feature to the Global Issues Dashboard
- Fix a bug where archive uploads from the CLI would break if the project name contained certain special characters (~, ^, #, etc)
- Internal feature cleanup
4.15.9
- Added "Total Package Count" to the Package Observability dashboard
- On hover, the last cache date is shown
- Internal feature cleanup
4.15.8
- Fixed an edge case where some dependency revisions would resolve to
null
- Internal performance improvements
4.15.7
- Fixed an issue where the comments count in the issues drawer would sometimes not be up-to-date
- Fixed an issue where Plain Text Reports could not be generated for Release Groups in some cases
- Issues can now be filtered by project labels on the Global Issues Dashboard
4.15.6
- Release of Custom-License and Keyword Searches
- An admin interface can be found in the Organization Settings, under the "Integrations" tab
-
Added a Vuln Filter for "Ignore Reason"
- Improved the "All Projects" (or "Team Select") menu on the Projects Dashboard
- Clicking on one or more teams shows projects associated with any of the selected teams
- Optimized three endpoints, leading to performance improvements
4.15.5
-
Fixed a bug where the selected Sorting method did not reset between issue categories
- Fix loading issue with Bitbucket cloud integration for users without personal workspaces
- Deprecated feature cleanup
4.15.4
-
Fixed a bug where the Issue Drawer would sometimes not show all "Affected Projects"
4.15.3
-
Internal feature optimization
4.15.2
-
Fixed an issue with the Relationships/View Path modal, where we were over-fetching data, causing it to crash
4.15.1
-
Tweaked "Upgrade Distance" filter for clarity (previously "Fix Available")
- Shows "Has Fix" if a fix is available, but the upgrade distance cannot be calculated
- IssuesV2 API has changed shape from filter[fixAvailable] to filter[upgradeDistance]
-
Updated the UI and CSV report terminology from "Denied dependency" to "Blocked package" for Quality Issues
4.15.0
4.14.X
4.14.34
-
Added EPSS support for the Issue Inbox and Issue Drawer
-
Sorting by EPSS is available for ungrouped views
-
4.14.32 - 4.14.33
- Internal changes for upcoming features
4.14.31
- Resolved an issue in which users couldn't select a Security Filter to fail CI/CD on.
4.14.26 - 4.14.30
- Clicking the "Docs" link in the support drop-down will now open a new tab (4.14.29)
- Internal changes for upcoming features
- Various internal version bumps
4.14.25
- Fixed an issue that caused the "Delete Correction" button to not appear when a correction was present
4.14.24
- Added a "Not found" result, if a user is unauthorized to view an issue's full-page details
- Minor internal version bump and internal changes for upcoming features
4.14.23
- Fixed an issue where custom-license titles were not being shown in reports
- Fixed a bug where Issues exported to JIRA were not were not pointing to the correct target
4.14.22
- Fixed an issue with Alpine packages, leading to additional vulns being reported in some cases
4.14.21
- Fixed an issue where project corrections would not be displayed on the "Edit Package" page
- Fixed an issue where first-party or manually added licenses were not detected as
direct
- Issues V2 endpoints can now be filtered by team:
/api/v2/issues?teamId=1
- /issues, /categories, /statuses, /types, /revisions, and /package-managers are all supported
- The literal string
'null'
- Returns issues that are not associated with any team. - A single
teamId
- Returns issues that are associated with the given team. - An array of
teamId
s - Returns issues that are associated with any of the given teams.
- Finalized feature cleanup
4.14.20
- Fixed an issue where the Ignore Rules table columns would become unaligned on wider screens
4.14.19
- Internal changes and continued feature cleanup
4.14.18
- Internal changes for upcoming features
4.14.17
- Internal changes and continued feature cleanup
4.14.16
- The Vulnerability Exposure Windows graph has been re-added to the vulnerability reports. It now excludes ignored issues
- Fixed a small formatting issue when submitting CVE Data Disputes
- Deprecated feature cleanup
4.14.15
- Added API Support for filtering by multiple teams to Projects and Release Groups.
- The old, single-team style is still supported, in addition to:
-
/api/v2/projects?teamId=1&teamId=2
/api/v2/projects?teamId[0]=1&teamId[1]=2 -
/api/v2/release-groups?teamId=1&teamId=2
/api/v2/release-groups?teamId[0]=1&teamId[1]=2
-
- The old, single-team style is still supported, in addition to:
- Reverted a change that removed
/api/revisions/:locator/parent_projects
- Fixed an issue where plaintext licensing reports weren't being sent
- The bulk Policy and Label assignment menus are now sorted alphabetically (case insensitive)
4.14.14
- Minor internal version bump
- Internal changes for upcoming features
4.14.13
- Added "Package Manager" issue filter and API support:
- Allows filtering issues by the selected Package Manager
- The API response for the issues endpoint can also be filtered:
/api/v2/issues?category=licensing&filter[packageManagers][0]=npm
- Minor internal version bumps
4.14.12
- Removed
issues
andreleaseGroupContexts
from the API response for the/api/project_group/:groupId/release/:id/scans
endpoint
4.14.11
- Internal changes for upcoming features
4.14.10
- Policies can now be set in bulk from the main Projects and Release Groups dashboards
- Added "First Found" issue filter:
- As defined by the date FOSSA first detected the issue. You may filter by
anytime
,last 7 days
,last 14 days
orlast 30 days
- As defined by the date FOSSA first detected the issue. You may filter by
- Added EPSS data to the Vulnerability Issues API response (if available)
- Added option to sort by EPSS
asc
ordesc
- Added option to sort by EPSS
- Fixed a missing pair of single quotes in the Environment Variable instructions
- Minor internal version bumps
- Internal changes for upcoming features
4.14.9
- Added "Exploit Maturity" filter and API support:
- New Vuln filter with "Known Exploit" and "No Known Exploit" options, as defined by CISA exploited vuln catalog
- Added
filter[exploitMaturity][]
to thev2/issues?category=vulnerability
endpoint- Available options are has_known_exploit and no_known_exploit
- UI Changes:
- Improved consistency of dropdown menus across the application
- Fixed an issue with the "Team Selection" drop-down for the Audit/Due Diligence Report
- Slight changes to padding
- Internal changes for upcoming features
4.14.8
- Added "Upgrade Distance" filter and API support:
- Upgrade distance is now selectable from the "Fix Available" Vuln filter in the UI
- Whether a proposed remediation is a semantic version increment of
Patch
,Minor
,Major
,Unknown
- Whether a proposed remediation is a semantic version increment of
- Added
nextSafeVersion
andnextSafeVersionDistance
to thev2/issues?category=vulnerability
endpoint.
- Upgrade distance is now selectable from the "Fix Available" Vuln filter in the UI
-
Updated the Project and Release Group summary pages to pull Issues from V2 of the Issues API.
4.14.7
- Internal bugfixes, improvements
4.14.6
- Added a link to the Issue details page in issues API responses
4.14.5
- Minor internal version bump
- Internal changes for upcoming features
4.14.4
- Updated CWE data to MITRE version 4.12
- Removed the invalid CycloneDX SBOM options from the Release Group reports page
4.14.3
- Improved security badge visibility
- Fixed a typo on the Release Group summary page saying "Project" instead of "Release Group"
4.14.2
- Added new API endpoint which returns a summary of the count of every type of issue matching a given
scope
query - Minor internal version bumps
- Internal changes for upcoming features
4.14.1
- Minor internal version bumps
- Internal changes for upcoming features
4.14.0
- Project labels can now be assigned in bulk from the Projects dashboard.
- Global Issue CSV Exports are now saved as individual ZIP archives for each category containing the CSV
- CVSS Vectors are now included in vulnerability Issues API responses
- FOSSA Project URLS are now included in the Issues API responses
- Fixed a bug where the issues page would break if reloaded when issues were "Ungrouped"
- Fixed a minor spacing issue in the navigation menu
- Fixed an issue where the "Dependency Summary" would always show on reports
- Fixed a bug with the Project and Release Group navbar order
- "Settings" should now always appear to the right of "Activity"
- Various internal version bumps
4.13.X
4.13.16
- Fixes an issue where only 16 deps would be displayed in the dependencies browser
4.13.15
- Fixed an issue preventing users from downloading Vuln PDF reports
- Fixed an issue where custom report headers were rendering as plaintext in HTML reports
- Fixed a bug preventing users from clicking on an issue type besides "Licensing"
4.13.14
- Added a few database queries to our on-premises debug bundle
- Fixed some styling changes introduced in
4.13.12
- Debut of our Package-Issue Grouping UI
- By default FOSSA issues will be grouped by semantic version
- A user may change to the ungrouped view by selecting
Version
in the issue inbox header and changing toUngrouped
4.13.13
- Reverted the PDF report back to the old format
- Minor internal version bumps
4.13.12
- Internal changes for upcoming features
- Internal version bumps
- Fixed an issue where Global Issue CSV Exports were truncated and incomplete
- Accessibility Improvement - Better alt text of FOSSA badges for more detail with screen readers
- Fixed a bug where the Global Nav Header's items would shift and overlap on smaller screens or viewports.
- Fixed a bug where the sidebar on the Reports page appeared on the wrong side
- Fixed a bug on the Issues page where when changing or selecting filters, in some cases older data could be shown
4.13.11
- Internal changes for upcoming features
- Slight visual update to the "Load More" button
4.13.10
- Internal changes for upcoming features
4.13.9
- Fixed a typo on the Ignore Rules dashboard
- Fixed an issue where "Dependency Info Options" would not appear on some projects
- Global Issue CSV Export now uses the improved Issues V2 backend, and the report now has the option to be downloaded directly
4.13.8
- Minor visual improvements and bugfixes
- Changes to badges:
- Added a "Security" shield for GitHub READMEs
- Updated the "Small" badge to account for Security Issues
4.13.6 - 4.13.7
- Minor internal version bumps
- Internal changes for upcoming features
4.13.5
- Improved Issue CSVs: Team IDs will now appear next to team names in parentheses
4.13.4
- Fixed a styling issue with hosted HTML and PDF reports
4.13.3
- Added new fields to our Issues Endpoint, and Improved our Issue CSV exports by adding support for those fields:
- Added a scannedAt timestamp to Issue CSV exports that shows when the issue was last found in a policy
- Added an analyzedAt timestamp to Issue CSV exports that shows when the project's components were last analyzed by FOSSA
- Added affectedVersionRanges and patchedVersionRanges to Vulnerability Issue CSV exports. (Note: This does affect column ordering.)
4.13.2
- Fixed a bug where some licenses were displayed with double-escaped newlines in reports
- Added notifications for queued email reports, appearing in the UI when the job completes
- Fixed an causing an HTTP 500 when filtering a Release Group's Vulnerability Issues
4.13.1
- Fixed an issue preventing users from downloading vulnerability PDF reports
- Updated the
/api/revisions
endpoint's default sorting to "updatedAt DESC", adding consistency
4.13.0
- Updated reports page to include a dedicated SBOM option and easier access to other reports types
- Fixed an edge-case returning 404s when fetching license information for a valid revision with no licenses
- Fixed a bug present when selecting multiple issues on the dashboard
4.12.X
4.12.10 - 4.12.13
- Minor internal version bumps
- Internal changes and continued work for upcoming features
4.12.9
- Fixed a bug where clicking an issue in the inbox would not bring you to the issue details page
- Various internal version bumps, and changes for upcoming features
4.12.8
- Fixed a bug where the option to archive project branches wasn't appearing
4.12.7
- Custom headers in HTML/PDF compliance reports now respect markdown formatting
- CSV issue exports from the inbox now use human-readable issue types
- The "Vulnerability Exposure Windows" graph has been removed from the vulnerability reports
- Internal changes for upcoming features
4.12.6
- Fixed a bug with HTML/PDF compliance reports where text was overflowing too far to the right
4.12.5
- Fixed an issue where removing an ignore rule would not refresh the Ignore Rules dashboard data
4.12.4
- Fixed an issue preventing some PDF reports from generating
- Stickied the Table of Contents in HTML Compliance reports. It will now remain on-screen while scrolling
- Fixed a bug preventing some users from ignoring an Issue within our new Ignore Modal
4.12.3
- Fixed a bug with Globally-enabled feature flags not being recognized in the UI
4.12.2
- Internal changes for upcoming features
4.12.1
- Fixed a bug, and re-added custom organization logos to our new HTML and PDF compliance reports.
4.12.0
- Premium organizations can now create Ignore Rules to automatically ignore issues
- Project and Release Group compliance reports have been redesigned for the following formats:
- HTML
- Fixed an issue where Release Group HTML compliance reports included all licenses in the "First Party Licenses" section. This should now correctly show only First Party Licenses.
- Improved loading time for the PDF report preview
- Fixed an issue where the public version of the Project dashboard was inaccessible to users who weren't logged in
- Fixed a bug preventing the adjustment of the email field when generating Global Package Report Bundles
4.11.X
4.11.58
- Fixed a small runtime error on the "Edit License Policy" page
- Added support for the IBM type interpreter license
4.11.57
- Anonymous users viewing publicly-shared reports should no longer see an error
4.11.56
- Internal Changes for upcoming features
- Minor internal version bumps
4.11.55
- Fixed an issue that caused the "Analyze this Revision" button to be un-clickable
4.11.54
- Copyrights and License Headers in reports are no longer feature-flagged, and now available to all
- Fixed an issue when parsing variables in pom files
4.11.53
- Internal changes for upcoming features
4.11.52
- Added PSF-2.0 to the Policies UI
- Internal changes for upcoming features
4.11.51
- Added license file details to SPDX reports
- Internal changes for upcoming features
4.11.50
- Improved Accessibility of Global Navigation Links
- Dropdown items should correctly open in a new tab when middle-clicked.
4.11.46 - 4.11.49
- Internal changes for upcoming features
- Minor internal version bumps
4.11.45
- Fixed an issue where the incorrect build logs could be shown if a dependency is unresolved
4.11.44
- Fixed an edge case where a Project's SPDX report could have
null
forversionInfo
4.11.40 - 4.11.43
- Minor internal version bumps
- Internal changes for upcoming features
4.11.39
- Fixed a visibility issue within the billing tab
4.11.37 - 4.11.38
- Minor internal version bumps
- Internal changes for upcoming features
4.11.36
- Fixes references that end in
^{}
- Packages erroneously saved with these characters should no longer show them
4.11.35
- Minor version bumps
- Internal changes for upcoming features
4.11.34
- Plaintext SPDX report fixes and enhancements:
- Added
MD5
andSHA256
hashes - Fixed an issue with the checksum format, allowing it to be on one line
- Optimized ExternalRef format to be one line
- Fixed an issue where some packages could be duplicated in SPDX reports
- Added
- Fixed a bug, providing a more detailed HTTP error when using bad or missing authentication
- Added greater verbosity to the "Dependencies" tab of a project, showing which builds are in progress
- Deprecated feature cleanup
- Internal version bumps
4.11.33
- Fixed a bug where the Contributor Snapshot Summary CSV was out of order
4.11.32
- Added an integration setting for creating unique JIRA tickets by default
- Fixed a bug where, in a few cases, we were identifying the
GPL with autoconf macro exception
license asGPL with autoconf exception
- Minor database cleanup
4.11.31
- Audit Logs are now available when issues are marked as resolved in the UI
- Internal changes and additional code cleanup
4.11.30
- Fixed an edge case with SPDX reports where
versionInfo
would sometimes benull
. - Fixed an issue where not all licenses were displayed on the policy page
- Fixed a bug where we were finding erroneous SPL-1.0 licenses
4.11.29
- Fixed an issue with plaintext Project and Release Group reports HTML escaping special characters.
- Fixed an issue where some jobs that were OOM would be requeued - they should now fail when OOMKilled.
- Continued code cleanup
- Minor internal version bumps
4.11.28
- Fixed a bug causing 404s when clicking through to the "Billing" page
- Internal bugfixes
4.11.25 - 4.11.27
- Internal changes for upcoming features
- Cleaned up code left from deprecated features
- Internal version bumps
4.11.24
- Fixed an issue when exporting tickets from the Issue Details page.
- Internal changes for upcoming features
4.11.23
- Fixed a bug where Licensing and Quality Issues that came from the organization's package would never load the details page.
- Updated SPDX reports to include a
PackageSupplier
field for every package- If there is no author (supplier) for a package we will display
NOASSERTION
- If there is no author (supplier) for a package we will display
4.11.22
- Added
licenseListVersion
to SPDX reports. - Updated our SPDX reports remove invalid characters in
SDPXRef-
to be compliant with NTIA minimum requirements
4.11.21
- Internal changes for upcoming features
4.11.20
- Added support for
.aar
packaged Maven artifacts when attempting to identify licenses - Fixed a bug where tag names would sometimes append
^{}
- Simplified our Release Group report API
- Made
email=true
unnecessary - Removed
emailAddress
as it was already unnecessary
- Made
4.11.19
- Fixed a bug when using custom locators in SPDX reports
4.11.18
- Added an
externalRef
section andpurl
to SPDX reports - Fixed a bug with CycloneDX report generation when there are unknown licenses
- Internal changes for upcoming features
4.11.17
- Fixed a minor UI issue
- Internal changes for upcoming features
- Minor internal version bumps
4.11.16
- Deprecated Package Inventory V1
- If this affects you, please reach out to your customer success team
- Fixed an issue where emailed reports could generate invalid links
- Internal changes for upcoming features
- Minor internal version bumps
4.11.15
- Revamped the activity page to better disambiguate the build time from the commit time
- Enabled submitting, polling, and retrieving Release Group attributions reports via the API
- Internal changes for upcoming features
4.11.14
- Updated logic determining when a build is finished
- Increased performance when retrieving git-based dependencies with many branches and tags
- Addressed the root cause preventing the re-upload of projects previously part of another team
- Internal changes for upcoming features
- Minor internal version bumps
4.11.13
- Fixed an issue where the Audit/Due Diligence Report could time out and increased performance
- Minor internal version bumps
4.11.12
- Fixed a bug preventing the re-upload of projects previously part of another team
- Updated the UI to prevent reanalysis of old archive uploads that are no longer available
- Internal changes for upcoming features
- Minor internal version bumps
4.11.11
- Added the ability for fossa-cli to directly scan your code for licenses
- Internal changes for upcoming features
- Performance improvements
4.11.10
- Hotfix to address an internal issue
- Minor internal version bump
4.11.9
- Internal bugfixes and changes for upcoming features
- Minor internal version bumps
4.11.8
- Added uncategorized licenses to Policy exports
4.11.7
- Fixed a bug preventing free users from upgrading to a paid plan
4.11.6
- Fixed an issue preventing Quality Issues from being viewed
- Internal changes for upcoming features
4.11.5
- Improved accuracy of audit logging for changes to Licensing Policies
- Improved the Issue Comment Timestamp:
- Added a tooltip on hover, showing the full timestamp
- Fixed a minor grammatical bug
- Internal changes for upcoming features
4.11.4
- Added the ability to export FOSSA issues selected in bulk as individual JIRA tickets.
- Internal changes for upcoming features
4.11.3
- Added the ability to export licensing files (policies) to CSV and JSON
- Users with the "Policy View" permission can export licensing policies.
- Hotfix to address an internal bug
4.11.2
- Organizations can now require a policy to be set when uploading new projects.
- Please reach out to Support or your CSE team if you would like to enable this feature.
- Minor internal version bump
4.11.1
- Improved our dependencies sorting to show versions in order
- Internal changes and bugfixes
4.11.0
- Internal changes for upcoming features
4.10.X
4.10.51 - 4.10.56
- Internal changes for upcoming features
- Minor internal version bumps
4.10.50
- Updated our dependencies sorting to show, in order, top to bottom: Resolved, Queued, Failed, Unknown
- Fixed a bug where some dependencies were incorrectly being shown as
Multi-license
in HTML and Markdown Reports. - Added a "License Identification" issue filter to select
Declared
orDiscovered
licenses - Internal changes for upcoming features
- Internal version bump
4.10.49
- An ellipsis is now shown on tabs while projects are loading
- Internal changes for upcoming features
4.10.48
- Internal changes for upcoming features
4.10.47
- Fixed an issue that prevented users from viewing the dependencies tab if a build failed or, in some cases, was infinitely queued
- We've improved the logic behind waiting for a dependency's build, and it should now have increased resilience. As a result, there should be fewer "Stuck" analyses.
- Minor internal version bumps
- Internal changes for upcoming features
4.10.46
- Internal bugfixes
- Minor internal changes
4.10.45
- Added support for importing an SBOM with APK PURLs
- Minor internal version bumps
4.10.44
- Fixed an issue where exporting Vuln Issues with a
Fix Available
filter could return an error after creating the ticket in JIRA. - Fixed an issue where Copyrights could display incorrect dates and owners in some instances
- The license's default copyright should now be shown in those instances:
-
Copyright (c) <year> <copyright holders>
-
- The license's default copyright should now be shown in those instances:
- Fixed a couple of bugs in the CSV reports:
- The "Declared Licenses" column should no longer show both declared and discovered licenses
- License template markings (
beginOptional
,endOptional
, andvar
) should no longer be shown in license text
- Various internal changes for upcoming features
- Minor internal version bumps
4.10.43
- Added optional support for full file uploads when performing CLI-side license scanning
- Please reach out to Support or your CSE team if you would like this feature enabled.
4.10.42
- Fixed a bug where more than JPEG and PNG could be added to a custom report header
- Adding any other file type could delay report generation indefinitely, the selection window should now be properly limited.
- Minor internal version bumps
- Internal changes for upcoming features
4.10.41
- Minor internal bumps
- Internal changes for upcoming features
4.10.40
- Minor visual improvements and bugfixes
- Minor internal bumps
- Internal changes for upcoming features
4.10.39
- Added support for adding a named "custom-license" and "proprietary-license" from the edit licenses modal
- The following Project and Release Group reports show the title and text for custom licenses:
- HTML
- MARKDOWN
- CSV
- PLAIN TEXT
- The following Project and Release Group reports show the title and text for custom licenses:
4.10.38
- Internal changes for upcoming features
4.10.37
- Minor internal changes
4.10.36
- Fixed a bug that could cause some Analyses to be delayed for an extended period
- Added support for showing License File Matches in csv and plaintext reports
4.10.35
- Fixed an issue where opening the "Paths" modal could error out with many dependencies
4.10.34
- Internal changes for upcoming features
4.10.33
- Minor internal version bumps
4.10.32
- We are now fully compliant with the NTIA conformance checker and thus, minimum elements
- Minor internal version bumps
- Bugfixes for SPDX reports:
- Fixed a bug with authors in the
supplier
field - Removed
['NONE']
fromlicenseInfoFromFiles
, as it was invalid - Fixed a bug where
filesAnalyzed
was not set to true, butlicenseInfoFromFiles
was included - Fixed a bug where unknown packages could have an invalid
supplier
- Fixed a bug with authors in the
4.10.31
- Minor internal version bumps
4.10.30
- Released the new Contributor Count Report
- In the Organization settings, you'll see a new "Weekly Contributor Report" button.
- We've removed the direct download, and replaced it with an email that includes a link to a .zip with the following:
- Summary
- Contains active contributor count from the last 90 and 365 days
- Weekly Contributor Report
- Contains detailed information about the associated email, Active Projects, Latest Project, Latest Contribution Date, and whether they have been active in the last 90 days.
- Summary
- We've removed the direct download, and replaced it with an email that includes a link to a .zip with the following:
- In the Organization settings, you'll see a new "Weekly Contributor Report" button.
4.10.29
- Increased the Organization Label limit from 100 to 500
- Fixed an issue where the "Projects" count would disappear from the issues inbox if your viewport was too small
- Minor internal changes
4.10.28
- Contributor reports will now be .zip files instead of .tar.gz files
- Plaintext reports will now group the Raw Text with the Found licenses
- SPDX Reports now include "DEPENDENCY_OF" in the relationships data
4.10.27
- Fixed a bug and improved performance when generating Contributor Snapshots
4.10.26
- Added a checksum for each package to SPDX reports
- Minor performance improvements
- Minor internal version bumps
4.10.25
- Fixed a bug where "supplier" and "originator" fields were not being generated correctly for SPDX reports
- Internal version bumps and upgrades
4.10.24
- Backend changes for upcoming features
- Minor internal version bumps
4.10.23
- Un-hid the feature flag to disable the "Add Project" button on homepage.
- Please get in touch with your Customer Success team if you'd like the button disabled in your organization.
- Minor internal bug fixes
4.10.22
- Added the ability to select a default JIRA project per Issue Type (Security or Licensing)
- Internal bugfix
4.10.21
- Added the option to change which "Resolved" JIRA statuses will "Ignore" an issue in FOSSA.
4.10.20
- Minor Internal version bumps
- Slight performance improvements
4.10.19
- Major internal version bumps
- Fixed an issue where more projects than intended could be added to teams if using "Select All"
- Fixed a visual bug that where a Square checkbox may appear as a Parallelogram
- Added a "Last 90 days" column to the contributor report, showing if a user was active
- Fixed a timestamp format in the contributor report
4.10.18
- Minor visual improvements
- Minor internal version bumps
4.10.17
- Added a banner to all tabs when a project is still analyzing
- Internal version bumps
- Fixed a bug where some jobs were not timing out as intended
4.10.16
- Added a tooltip when viewing Git vulnerabilities
- Minor internal version bumps
- Backend improvements
4.10.15
- Fixed a bug where empty projects titles could be saved
- Added additional header information to SPDX Reports:
- "Creator" field now contains: Organization, Person (Author), Tool Used.
- "DocumentDescribes" section which references all SPDXRef-Packages in the document.
- PackageFileName, PackageOriginator, and PackageSupplier sections have been added to top-level projects
- Fixed a bug where an SBOM Import could fail if using APK PURLs
- Minor internal version bump
4.10.14
- Added support for the BSD2 Views Clause License
- Internal version bumps
4.10.13
- Internal changes for upcoming features
4.10.12
- Major internal version bump
4.10.11
- Internal version bumps
4.10.10
- Backend changes for upcoming features
4.10.9
- Updated our CVE Dispute Service to reflect the recent changes to our remediation panel
- Internal changes for upcoming features
4.10.8
- Internal version bumps and changes for upcoming features
4.10.7
- Internal version bumps
- Internal changes for upcoming features
4.10.6
- Added the ability to save a set of filters on the Issues Dashboard.
- Saved Filters are available Org-Wide
- Options to Reset, Save, Save As, Rename, or Delete your selected filters via the Menu button
4.10.5
- Added a tooltip on hover when a Dependency has many licenses, improving readability
- Fixed visual bugs:
- Items in the sidebar should no longer escape their bounding box
- The "No Results" page now has a background as intended
- Internal changes for upcoming features
4.10.4
- Fixed a bug where editing dependency information could cause report generation to fail
- Internal changes for upcoming features
- Added support for license.html and licence.html files
4.10.3
- Internal version bumps
- Fixed a minor visual bug on the Issues page where two borders were being drawn
- Internal changes for upcoming features
4.10.2
- Internal bump reversion
4.10.1
- Minor internal changes for upcoming features
4.10.0
- Version bumps
- Added a pagination footer
- Where supported, you can now use a drop-down to select how many results are returned per-page
4.9.X
4.9.1
- Minor internal changes, version bumps
4.9.0
- Version Bumps
- CycloneDX Reports can now be generated on Non-Premium Organizations
- Minor UX improvements
- Internal changes for upcoming features
4.8.X
4.8.18
- Minor version bumps
- Internal Improvements
- Internal changes for upcoming features
4.8.17
- Internal version bumps
- Fixed an issue where the "Ignore Reason" was not being properly applied in Issues V2
4.8.16
- Minor internal version bump
- Fixed an issue where triage notes were not appearing in the Audit Due Diligence Report.
4.8.15
- Internal changes
- Minor version bumps
- Changes in preparation for upcoming features
4.8.14
- Introduced the reworked Vulnerability Remediation Panel
- Now details when No fix, a Partial Fix, or a Complete Fix is available.
- Internal changes, cleanup
4.8.13
- Minor internal version bump
- Internal changes for upcoming features
4.8.12
- Minor internal version bumps
- Visual change: Release groups that have not been scanned will now show "..." instead of "0" for a less confusing experience
4.8.11
- Minor internal version bumps
- Internal changes for upcoming features
4.8.10
- Fixed an issue where creating a ticket for all visible issues could include additional issues
- Internal changes
4.8.9
- Internal version bumps
- Added support for the following Licenses or Disclaimers:
- Instabug License
- Intel Copyright Dislcaimer
- Pallets' Flask Logo License
- Pushwoosh License
4.8.8
- Internal improvements
- Improved the speed of fetching GitHub Packages
- Fixed a bug where the "Delete" modal contained pre-filled text
- Internal changes for upcoming features
4.8.7
- Internal changes
4.8.6
- Added a hidden feature flag to disable the "Add Projects" button in the UI.
- Reach out to your CSM, or CSE, to enable this feature.
- Internal changes for upcoming features
4.8.5
- Internal changes and version bumps
4.8.4
- Internal version bumps
- Fixed a bug that could cause a report to fail
- Fixed an issue causing the "Projects in Release Group" Count to increase when a new release was created
- Minor visual changes
4.8.3
- Internal changes for upcoming features
4.8.2
- Internal version bumps
- Minor changes
4.8.1
- Internal version bumps
- Fixed a bug where users were unable to view issues from previous revisions
- Added link to documentation in project labels
4.8.0
- Internal version bumps
- Internal changes for upcoming features
4.7.X
4.7.6
- Auto-Ignore Issues (Please contact your CSE/CSM to enable this feature)
- https://docs.fossa.com/docs/issues-ui-whats-new#auto-ignore
- Fixed a bug where some issues were not auto-ignored when meeting criteria
- Minor internal version bumps
4.7.5
- Fixed an issue where the "Homepage" link was present for some issue details when no link was available.
- Added a filter to view by "Declared" or "Discovered" licenses.
4.7.4
- Minor internal version bumps
- Added a redirect for older security issues, so they are viewable on IssuesV2
4.7.3
- Internal Improvements
4.7.2
- Internal Bumps
- Added "Project View" in Release Group Reports
- CSV and HTML reports will now show first-party licenses by Project
4.7.1
- Hotfix - Resolved issue where users were unable to delete release groups in Projects V2
- Minor internal bump
4.7.0
- Projects V2 released, and enabled globally
- Please reach out to your CSE/CSM if you would like to opt out of this feature
- Project Labels are included with Projects V2, and will also be disabled upon opt-out
- Please reach out to your CSE/CSM if you would like to opt out of this feature
- Internal improvements
- Minor version bumps
4.6.X
4.6.2
- Fixed an edge-case that could cause you load an empty page
- Internal Improvements
4.6.1
- Fixed an issue where a Webhook URL may not be displayed when setting up Jira functionality
- When exporting Issues, a link to the issue in FOSSA will now be included for every issue type.
- Minor version bumps
4.6.0
- Using the CLI to analyze URL-Based dependencies will now show which URLs have failed
- Fixed a bug where revisions with zero dependencies appeared to be "Stuck"
- Minor version bumps
4.5.X
4.5.33
- Minor internal changes and version bumps
4.5.32
- Fixed a bug where an error message could persist across multiple modals
- Minor visual improvements
- Minor version bumps
4.5.31
- Minor version bumps
- Fixed a visual bug caused by adding a manual dependency
- Package URL is now included in Exported Vulnerability Issues
4.5.30
- Internal Changes
4.5.29
- Added Issues V2 support for Release Groups
- Fixed a bug where some users were unable to be added to notifications
- Internal version bump
- Projects V2:
- Selecting multiple labels will now use "OR" logic
4.5.28
- Minor internal changes
- Projects V2:
- Visual Tweaks
- Small bug fixes
4.5.27
- Minor internal changes
- Internal version bump
- Projects V2:
- More visual tweaks
4.5.26
- Fixed a small bug
4.5.25
- Minor internal changes
- Projects V2:
- Fixed a duplicate project selection bug
- Org Label now persists when switching tabs
- Visual Tweaks
4.5.24
- Performance improvements
- Minor internal version bumps
- Projects V2:
- Slight visual tweaks
- From the dashboard, clicking a project's "Total Issues" will now load the project summary
4.5.23
- Minor bump
- On-premises instances will no longer load Stripe and will only load Delighted when enabled
- Fixed a bug where saved filters would not load properly
4.5.22
- Removed an edge case that caused a page crash.
- Removed option to use Gravatar, replaced with default image.
- Added a banner that appears when a revision must be rebuilt
- Minor internal changes
- Performance Improvements, bug fixes
- Improved the functionality of the "Bulk Selection" banner
- Additional Performance Improvements!
- Minor UX improvements
- Additions for upcoming changes
- Projects V2:
- Improved behavior of the "sort" arrows
4.5.21
- "fossa test" command will now show CVE ID and next available version that resolves the issue
- Minor internal changes
4.5.20
- Minor performance improvements
4.5.19
- Minor Internal changes, version bumps
- Projects V2:
- Minor visual tweaks
4.5.18
- Minor Internal changes, version bumps
- Projects V2:
- Changed "Revised" column to "Last Scan"
- Unscanned projects show last when sorting total issues by "Descending"
4.5.17
- Changed the "Depth" column terminology in exported CSVs from "deep" to "transitive"
- Minor Internal changes, version bumps
4.5.16
- Added de-duplication of dependencies within plaintext attribution reports based on the dependency depths (Direct/Transitive) - Please get in touch with your CSM to enable this feature.
- Fixed an issue where SPDX reports were exported with an incorrect file extension.
- Minor version bumps
4.5.15
- Minor Internal changes, version bump
- Projects V2:
- Added ability to click through to the appropriate issues page based on selected "Issues" sorting method
- Added notification toast for bulk actions
4.5.14
- Minor Internal changes
- Projects V2:
- Disabled "Reset Filters" button when no filters are selected
- Added a selection reset after adding a project to a team
4.5.13
- Added dependency depths to plaintext attribution reports (Direct/Transitive) - Please get in touch with your CSM to enable this feature.
- Minor Internal changes, version bumps, performance improvements
- Projects V2:
- Fixed an issue where clicking a label leads to infinite loading
4.5.12
- Minor Internal changes, version bumps
- Projects V2:
- Added result count under "Filter" banner
- Added ability to remove projects from a team
- Added header to filters pane with link to reset all filters
- Added permissions check when TeamID filter is used
4.5.11
- Minor Internal changes
- Projects V2:
- More minor styling changes
- Replaced
--
with "Unscanned" in the tooltip when hovering on an unscanned project. - Hid the "Create release group" action when looking at release groups.
4.5.10
- Minor Internal changes, version bumps
- Projects V2:
- Added ability to filter release groups by TeamID
4.5.9
- Removed dependency paths from Global Issues CSVs due to network bug with very large "issue" export
- Minor Internal changes
- Projects V2:
- Added ability to create release groups from Projects V2 Dashboard
4.5.8
- Added dependency paths to exported Issue CSVs
- Minor Internal changes
- Projects V2:
- Small styling changes
- Implemented filtering by TeamID
4.5.7
- Minor Internal changes
- Minor Performance improvements
- Projects V2:
- Fixed a bug where page size change would cause an infinite load
- Converted "Project Attributes" radio filter to checkboxes
- Added support to select multiple project types
4.5.6
- Added Team, Usage (Direct/Deep), and Depth (Numeric) columns for exported Issue CSVs
- Minor Internal changes
- Projects V2:
- Fixed a bug where the "Title" column was displaying the incorrect string
- Added the ability to add projects to a team from the "Actions" menu
- Added ability to filter projects by Labels
- Updated backend to support filtering by multiple types
- Small grammatical changes
4.5.5
- Added "Base Layer" and "Other Layers" Filtering for Container-type Projects
- Minor Internal changes
- Projects V2:
- Added the UI components to filter projects by basic criteria.
- Added ability to click anywhere on the row when selecting Projects
- Minor visual changes
4.5.1 - 4.5.4
- Minor Internal changes
4.5.0
- Resolved an issue where long filter names were causing a visual Bug
- Added a "Reset Filters" button when filtering returns no results
- Added support for Unity Licenses
- Added
ignoredAt
,ignoredReason
,ignoredNote
,ignoredBy
to exported CSVs - Minor Internal changes
4.4.X
4.4.42
- Changed default action for new licensing policies to "Approve"
- Implemented "Delete Project" Menu action for Projects V2
- Minor Internal changes
4.4.41
- Minor Internal changes
4.4.40
- Added a tooltip on the "Revised" column for Projects, showing a user-friendly timestamp.
- Minor Internal changes
4.4.39
- Minor internal changes
4.4.38
- Fix bug with IssuesV2 where counts would be incorrect/stale after exporting or unlinking Jira tickets
- Fix false positive license matches to the strings "GD" and "CCL"
4.4.34 - 4.4.37
- Minor internal changes
4.4.34
- Add SBOM Imports functionality to all premium accounts
- Persists CLI telemetry data, even for on-prem instances
4.4.33
- Enables CycloneDX support for premium users
4.4.32
- Fix bug where Primary Licenses weren't being grouped correctly in reports.
4.4.31
- Minor internal changes
4.4.30
- Fix bug where a maven dependency with "null" in its name attribute had its title set to "null"
4.4.28 - 4.4.29
- Minor internal changes
- Minor UI changes
4.4.27
- Fix bug in IssuesV2 where project issues subnav was sometimes overwritten with data from global issues subnav
4.4.24 - 4.4.26
- Minor internal changes
4.4.23
- Fix bug where ignored issues were being included in exported CycloneDX reports
- Include vulnerability recommendation/remediation for vulnerabilities in exported CycloneDX reports
4.4.19 - 4.4.22
- Minor internal changes
4.4.18
- Minor Internal changes
4.4.17
- Performance improvements
4.4.16
- Minor internal changes
4.4.15
- Default to ANDing instead of ORing licenses found in the same file
4.4.9 - 4.4.14
- Internal changes
4.4.8
- Fixes incorrect Badge status
4.4.7
- Fix bug where deb locators sometimes downloaded just a
.dsc
file, resulting in an unlicensed dependency - Fix bug where Jira ticket would provide invalid FOSSA link
4.4.6
- Internal changes
4.4.5
- Internal changes
4.4.4
- Migrated all cloud users to Quick Import V2
4.4.3
- Adds support for a variant of AmazonLinux
4.4.2
- Internal changes
4.4.1
- Adds feature flag for CycloneDX reports
- Fix bug where webhook data was not properly being hydrated for Quick Import builds
4.4.0
- Removes all support for "agents" (which was replaced with Faktory)
4.3.X
4.3.22
- Adds beta container scanning support for
amazonlinux
containers (behind feature flag) - Fix bug where free users couldn't see issue details
4.3.21
- GitHub commit history is now populated as part of webhook callbacks
- UI changes
4.3.17-4.3.20
- Internal changes
4.3.16
- Fix bug where users could sign up for paid plans with 0 seats
- Nuget scanner will no longer select pre-release versions as the latest version
4.3.15
- Internal changes
4.3.14
- Internal changes
4.3.13
- Fix bug where remediation advice/next safe version was not being displayed for Linux security issues
- Fix bug in Github badge
4.3.12
- Internal changes
4.3.11
- Internal changes
4.3.10
- Minor internal changes
4.3.9
- Account dropdown in the top right of the page is now "right-clickable"
4.3.8
- API Tokens are now hidden in the UI by default
4.3.7
- Dependencies without parents are now NOT treated as direct dependencies by default
- Minor internal changes
- Minor UI changes
4.3.6
- Add feature flag to enable addition of Dependency Locators to plaintext reports
- Fix bug where issues weren't being fetched properly when switching tabs
4.3.5
- Internal Changes
- Minor UI Changes
4.3.4
- Minor internal changes
4.3.3
- Disallow users from entering arbitrary categories in IssuesV2 URLs
- Update Header UI to only display relevant actions when issues are selected
4.3.2
- Fix broken link to "Security Issues" from a project's dependency page
- Fix bug where release group issues weren't loading (if IssuesV2 is enabled)
- Omit search parameter from URL when it's empty
4.3.1
- Fix bug where Maven dependencies were not properly resolving
- Minor internal changes
4.3.0
- Adds in-app note that FOSSA only supports text-based custom fields for Jira
- C/C++ detection is now enabled by default
- Minor UI fixes
4.2.0
- Adds
GET /api/revisions/:id/unknown-dependencies
endpoint - Adds support for Azure Repos Quick Import
- Adds support for R language
- Adds support for scanning the contents of
.deb
Linux packages - Adds watchdog for failed builds when they time out
- Adds various licenses
- Adds IssuesV2 Feature Flag so that on-prem instances can migrate
- Changes to Contributor Counting to increase accuracy
- As a part of this change, our contributor counting timeframe has changed from 90 to 365 days
- CLI is now more resilient when retrieving reports
- Display Unknown Dependencies alongside direct/transitive dependencies, instead of them having their own section
- Disables "Run Policy Scans" button on projects page if user doesn't have appropriate permissions
- Previously the button would display a modal alerting users of the lack of permissions
- Exclude Resolved Vulnerabilities from the Global Security Issues export
- Fix bug in license selection dropdown, users will now see common licenses first
- Fix bug in container scanning when Oracle-Linux images use the
ol
image identifier - Fix bug in the Debian security scanner, fixing some false positive issues
- Fix bug where License ID was not being displayed consistently in the UI
- Fix bug occurring when resolving Supply Chain Risk issues
- Fix bug resulting in failed builds for Alpine packages when using on-prem environment
- Fix bug resulting in unlicensed dependencies for Python packages
- Fix bug resulting in a validation error while ignoring unknown dependencies
- Fix bug resulting in unknown licenses in older versions of package.json
- Fix bug where builds failed due to Linux packages without a version
- Fix bug where Global Issues Dashboard was not correctly displaying all resolved issues
- Fix bug where Jira tickets could not be clicked to navigate to the ticket
- Fix bug where Issues search wouldn't respect substrings for CVEs
- New organizations will now have Hosted Autobuilds enabled by default
- Hosted autobuilds are no longer automatically retried when the error occurs due to a user configuration error
- Prefer non-prerelease tags for Git and Go dependencies
- Removes redundant column from one of the database tables
- Various performance improvements
- UI will now use the word "transitive dependency" in place of "deep dependency"
- This is a cosmetic change only
4.1.0
- Adds "Custom License" to the list of selectable licenses
4.0.0
- Adds a Full License Text tab when looking at license matches in the Licenses tab of a project
- Adds better logging for VCS connection errors
- Adds the ability to add specific CVEs to the Allowed column in a security policy
- Adds support for experimental container scanner for fossa-cli
- Audit logs now record changes to policy rules & titles
- Audit logs now record changes to a policy's default action for uncategorized licenses
- Builds will now correctly identify newly imported projects
- Build logs can now be viewed directly in the browser instead of downloading by default
- Fix bug occurring during org-wide security report generation
- Build logs were not available through the FOSSA UI for certain configurations of FOSSA
- Fix bug occurring during the build process for projects with dependency remediation enabled
- Fix bug where builds that were still being processed were sometimes erroneously marked as failed
- Fix bug where dependency lists weren't loading for free organizations
- Fix bug where emails were being sent from the application with an empty subject line
- Fix bug where PostgreSQL was generating an excessively large CTE resulting in OOM errors
- Fix bug where private project information from external services was not being returned properly
- Fix bug where Full API Tokens were being generated as push-only
- Fix bug where GitHub-imported projects were not able to export issues to Jira
- Fix bug where ignored dependencies incorrectly showed ignored status in the Dependencies page
- Fix bug where Linux dependencies were not being correctly identified as vulnerable
- This was due to how we internally represented vulnerabilities with Linux distro versions. We will now detect vulnerabilities as long as a Linux dependencies distro version has the same major version as the reported vulnerability.
- Fix bug where NPM packages with malformed
licenses
fields could cause the dependency analysis to fail - Fix bug where the security policy page was crashing when there were no allowed CVEs specified during the policy creation
- Fix bug where Themis crashes when scanning Samba and chkconfig
- Fix bug where users could not sort projects by title on the project dashboard
- Fix bug when navigating from Teams page back to Dependencies page
- Fix bug occurring while setting
organizationId
when resolving a dependency - Fix bug during account creation where email was not persisting while changing contexts from "logging in" to "registering account"
- Fix bug resulting in redundant QueueIssueScansForRevisions jobs due to revision watchdog
- This was resulting in a heavy database load
- Fix bug resulting in invalid project URLs when exporting issues to Jira
- Fix bug resulting in unlicensed dependencies when Themis knows a license, but the web app doesn't
- Global Issues CSV Report has been split into Three Separate Files
- Global Issues CSV Report now includes Dependency paths column
- Global Issues CSV Report now includes issues with the
outdated_dependency
type - Improves performance of the
/api/organizations/:id
endpoint, which is used to retrieve organization data - Improves Python Package Resolution from PyPI
- Improves performance of
/api/projects
endpoint for the Package Inventory UI - Improves performance of project deletion
- Improves vulnerability issue data integrity
- Increase timeout for Organization Package Bundle Report
- Introduces better retry logic for Linux dependencies, which allows complete fresh analysis when the "Reanalyze" button is used, or if you retry building an "incomplete dependency"
- Minor UI/UX/Performance Improvements and License Corrections
- Now displays build status for "incomplete dependencies"
- Now displays issue counts directly on the Projects Dashboard
- Now automatically expands the direct dependencies section in the dependencies view for a project.
- Project Level CSV Issue Exports now only contain the selected issue type
- Refactor GitHub Badge templates
- Resiliently tries candidate download URLs when trying to analyze Linux packages when the primary source of artifact fails
- This should resolve the "incomplete dependencies" problem occurring for container scanning when the primary download URL is not valid anymore for any reason
- SSO and LDAP authentication is now properly restricted to Enterprise-level organizations only
- Temporarily disables the usage of the Go Download Proxy
- Updates Pip package resolution to more reliably access PyPI
- Updating Licenses will automatically trigger a policy scan on your project, instead of asking for confirmation.
3.47.0
- Adds support for issue diffs in the
fossa test
API - Allow
fossa-ci
builds to be enqueued when bothfossa-ci
and Faktory are enabled - Changes "exclude base layer" functionality to also exclude dependencies if they are found in other layers in addition to the base layer
- Fix issue where users authenticating via LDAP who did not have an email address were unable to log in
- Fix issue with Linux/Container Scanning builds
- Fix side panel search to handle whitespace correctly
- FOSSA will now re-scan all projects when the "Risk Intelligence" feature is enabled or disabled
- Handle invalid
lastUpdated
timestamps inmaven-metadata.xml
files correctly when fetching Maven dependencies - IDE Integration feature flag will by default provide full access to
/vuln/by-locator
- As always, there were additional minor/internal changes not included in this report
3.46.0
- All releases were minor and/or internal changes that do not impact end-users in any meaningful way
3.45.0
- BILLING CHANGE: You may select any number of contributors between 1-100 while upgrading your FOSSA account through the UI. You will still need to contact the sales team for teams > 100 contributors
- Self Service Security is now available! Explore the new billing page to compare FOSSA plans and make changes to your organization's subscription.
- Admins in Free organizations can now remove users from their organization
- Add a Contributor Tracking Report to the
account/settings/organization
settings page - Add a feature flag to allow organizations to default to Archive Uploads for vendored dependencies
- Adds new licenses to FOSSA app
- Adds additional resilience when fetching Pip dependencies to reduce the incidence of missing metadata
- Adds elementary support for OracleLinux OS
- Adds
GET /api/vulns/cve/:cve
endpoint - Adds beta support for Fedora and SLES for container scanning
- Audit Logs are now available when issues are marked as resolved in the UI
- Audit log entries will now correctly display package name when licenses are added/removed
- Correct the title of "Global Package Report Bundle" on the Reports page
- Enable skipping of cli-side license scanning if a revision has already been scanned
- FOSSA's Go support is now aware of the Go module proxy and will attempt to resolve packages there if they fail to resolve against the source code host
- Users who experienced "unknown dependency" issues when scanning Go projects should see fewer such issues moving forward
- Go fetcher now properly handles Go vanity import URLs that return non-success status codes or contain multiple meta tags
- Go fetcher no longer incorrectly truncates URLs of vanity package imports
- Go dependencies with
.git
VCS qualifiers are now supported regardless of path length - Go proxy strategy now correctly downloads pseudo-versioned dependencies
- Failed builds for dependencies now show a link to view the build logs
- These logs will be useful for troubleshooting failed builds with FOSSA Support
- Fix bug that was preventing recursive decompression of .rpm files
- Fix bug where BSD-2-Clause licenses with the Views clause are now recognised as BSD 2 Clause
- Fix bug causing website to crash on issues page
- Fix bug preventing some projects from being listed in projects page
- Fix bug where manually edited copyrights weren't showing up in reports
- Fix bug where manually adding a dependency would prevent future revision dependencies from being cached
- Fixes intermittent failure experienced in
fossa test
due to graceful exit of build tasks - Fix bug where older versions of fossa-cli (< 3.1.4) with a fossa-deps.yml file that had no vendored_dependencies section caused an error
- Fix bug with duplicated matches on Issues tab
- Fix bug where Swift packages were incorrectly resolving when version expression is provided for Git tags with version prefixes
-
Fix an issue on the dependencies table where Unknown Dependencies were being displayed in the Incomplete Dependencies section
- Fix issue around updating the contributor count for an organization after a project is added
- Fix issue with unlinking an issue from Jira from in a release group issue
- Fix issues that occurred when creating or updating a Jira instance
- Fix issue where attribution reports were failing to generate when there were a large amount of duplicate copyrights
- Fix account dropdown overflow issue in the reports page
- Fix hover issue with account dropdown disappearing if the mouse is moved too slowly
- Fix issues with CVSS filter timing out
- Fix issue with filtering out certain package managers in the package inventory search
- Fix bug occurring with some release groups when running Policy Scanner
- Fix bug where security issues were being returned for vulnerabilities that have been disabled by FOSSA as a known false-positive
- Fix bug where user Gravatars were not properly displaying on issue comments
-
Fix bug where users' tokens were being invalidated if that user requested a password reset
- Fix bug where report history wasn't displaying new reports
- Fix bug where users on legacy plans were being shown incorrect pricing
- Fix bug where vulnerability reports would display charts on a linebreak, rendering them unreadable
- Fix bug where the error message was not properly displaying when unable to connect to GitHub to invite users
- Fix bug with SAML users in Chrome being improperly redirected to sign-in page when accessing URL from CLI
- Fix bug where Maven service was not including license information from the parent module
- Fix bug where NPM project scans were hanging indefinitely
- Fix bug where public report live links were not working
- Fix bug resulting in container scanning to fail
- Fix UI bug in the "Ignore Dependency" modal that blocked functionality
- Fix bug where saving changes to edited licenses would clear custom copyright text
- Fix bug where license scanning/build was failing for NuGet packages when they contained LICENSE files that the user did not have "read" access to
- Fix bug where Go fetcher would incorrectly truncate vanity package import URLs
- Fix bug where Go dependencies sometimes did not resolve correctly
- Fix bug where new on-prem customers would see problems when migrating new databases
- Fix Latest Version reference in Package Inventory to point to correctly point to the latest version of the package
- Fix bug where password resets were failing due to rate limiting
- Fossa now considers terms
license
andlicence
equivalent in the license scanner, leading to more accurate license detections. - Improve the markdown sent when exporting tickets to Jira.
- Improve error messaging when security scanning is not enabled for container scans
- Improve Go fetcher to now properly handles Go vanity import URLs that return non-success status codes or contain multiple meta tags
- Improve Go proxy resolution strategy now properly handles mixed case identifiers per the proxy protocol
- Improve error message displayed during password resets
- Improve request/response time for
GET /api/projects
endpoint - Increase the amount of versions being shown for a given package in the package inventory page
- Issue notifications sent to Slack now include a description of the issue and link directly to the issue in the Issue Dashboard
- Licenses in the policy editor are now correctly sorted alphabetically
- Maven binary JARs will now be scanned in the event source JARs are unavailable
- Minor UI Improvements
- Notice text for Apache is no longer enough alone to indicate Apache 2.0 license
- ON-PREM: Organizations may now diable the "Go Modules Proxy" tactic for resolving Go Packages
- This is intended for users who explicitly allowlist dependencies, and for whom it is preferable to fail resolving a dependency during a git host outage than to fall back to the Go Modules Proxy
- Organization-wide Vulnerability Reports are now available. These reports contain the same metrics as the Project Vulnerability Reports such as issues over time, exposure windows, and a list of vulnerabilities with open Security Issues
- Overhauls Jira settings and provides support for custom fields
- Contributor Reports now retain the titles of deleted projects
- Show relevant errors when manually overwriting a dependency fails
- UI will now correctly capitalize "GitHub" and "GitLab"
- Users must now have "Organization / View Projects" permission to download contributor reports
- When previewing a project report with licenseCorrections V2 enabled, only a subset of dependencies and matches are displayed
3.44.0
- Add
excludeParents
to the/api/issues/list-minimal
endpoint, removing theparents
array from the response, reducing payload size - Add four new licenses: HPNDSellVariant, MITOldStyle, X11OpenGroup and XFree861_0
- Add support for saving new Jira fields to the backend
- Add tooltip on licenses in the "Policy Editor" page
- Changes to Vulnerability endpoints
/api/projects/:locator/export-issues
is now deprecated in favor of the following endpoints:/api/projects/:locator/export-issues/json
- This endpoint contains the same information as the original endpoint but collapses the
CWE
andReference
fields ofVulnerability Issues
into the respective fields of a givenAffected Project
, resulting in a smaller payload
- This endpoint contains the same information as the original endpoint but collapses the
/api/projects/:locator/export-issues/csv
- This endpoint is equivalent to
/api/projects/:locator/export-issues?format=csv
- This endpoint is equivalent to
Name
,CVSS
, andCVSS Severity
fields are now included in all vulnerability issues
- CSV reports no longer encode paths for signed URLs
- Decrease memory pressure when generating/uploading CSV reports
- Generating global CSV reports as a direct download is no longer supported. Now, users should use the Reports dashboard or queue a task using
POST /api/issues/csv/global
- Fix bug concerning Maven dependencies with classifiers
- Fix bug where compound licenses reported by the new license scanner were being detected as unlicensed
- Fix bug where creating JIRA ticket for certain vulnerabilities would result in an error
- Fix bug where CSV and JSON reports of issues for a single project were only listing the selected project instead of all affected projects
- Fix bug where dependencies with versions that don't conform to semantic versioning were preventing quality issue scans from completing successfully when they are included in "Allow" or "Deny" lists on policies
- Fix bug where EPL-2.0 licenses were being misidentified as EPL-1.0
- Fix bug where generating vulnerabilities report was showing an inflated issues count
- Fix bug where importing projects from Bitbucket wasn't working
- Fix bug where newly added license matches weren't showing for monorepo scans
- Fix bug where on-prem users who have
disable_signup_page
in their config but want to invite email signup users were unable to invite users - Fix bug where pages containing tables were failing to load in the organization settings
- Fix bug where pip packages had the wrong download URL
- Fix bug where policy scans were happening before licenses were discovered for dependencies
- Fix bug where PDF reports were failing due to a null project description
- Fix bug where revisions that have been re-built were not being scanned again if the revision had previously been built and scanned
- Fix bug where SCAN agents weren't properly displaying task status
- Fix bug where stale data was being displayed while a project loads
- Fix bug where the query used to list issues was including affected projects which show the issue as resolved
- Fix bug where users were unable to re-analyze a dependency
- Fix bug where vulnerabilities weren't being cached correctly
- Improve automatic policy rescanning to include default branches regardless of whether or not they're listed in the Tracked Branches
- Improve error messages shown in FOSSA CLI when the project and/or revision is not found
- Improve error message for
PUT /teams/:teamId/project
endpoint - Improve file name of the Global Issue Export CSV to be more human-readable
- Improve performance of the
/api/issues/list-minimal
endpoint - Improve consistency/performance of issue scanning on large organizations when re-scanning the entire organization
- Improve how we create customers and manage subscriptions within the payment handler
- Minor changes to PDF generation that shouldn't impact customers
- Minor performance improvements
- Minor UI improvements
- On-prem customers can now set up cron-jobs to re-scan all security-enabled projects
- On-prem customers will now have up-to-date vulnerability issue data even without sending new revision data to FOSSA
- Release group attribution reports will now return a default report if no options are specified
- Remove a semicolon that was accidentally being rendered on the global reports page
- Revert a regression in the issue export API which changed the
Reference
attribute toReferences
in legacy export issue API - Update copyright info in email notifications
- Upgrade to Node.js v12
3.43.0
- Add additional licenses
- Add Dependency Depth to CSV report
- Add "depths" to `/issues` API response
- Fix bug where Go packages aren't being fetched properly
- Fix bug where license correction won't save if certain fields are empty
- Fix bug where project correction won't save if certain fields are empty
3.42.0
- Add a status column in the file browser
- Add projectId as a query parameter in revisions endpoint
- Feature to show the status of directories in the preview panel
- Fix bug causing provided builds to fail
- Fix bug where API was not requiring `organizationId` when hitting `GET /api/projects`
- Fix bug where audit log was not recording deletion of release groups when using the `DELETE /api/project_group/:id` endpoint
- Fix bug where Jira tickets weren't being created when the issue type didn't have `labels` field
- Fix bug where clicking the “Confirm Import” button twice was required to import all repositories
- Fix bug where directory statuses weren’t showing in the preview panel
- Fix bug where issues with different statuses were being grouped in the Security dashboard
- Fix bug where file browser would show an error when file status is unavailable
- Fix bug where license count was displayed incorrectly on the project navigation bar
- Fix bug where scan would hang in UI if CLI scan fails
- Fix bug where license IDs were not being matched in FOSSA due to minor spelling differences (e.g. LGPL-2.0-plus being returned while FOSSA expected LGPL-2.0+)
- Fix bug with Themis licenses in the JSON report
- Fix bug where audit log was not recording deletion of projects when using `DELETE /api/projects/:locator` endpoint
- Fix bug where user email was being compared case-sensitive when using SSO
- Increased timeout for provided builds
- New users will now automatically create a new organization if not invited to another organization already
- Now displays origin path of a dependency on provided build
- Redirect user to the main application page from /onboarding if the user already belongs to an organization
- Remove buttons to edit licenses from the Revisions panel
- Remove redundant license and dependency counts from the revision details panel
- User will now automatically be added to an organization if a single invite exists for the email address, regardless of whether the user followed the invitation link
3.41.0
-
Improves reporting of user-defined dependencies to now include the file path of the dependency
3.40.0
- Add CVSS Severity and Score and a link to the NVD page for a CVE to Jira tickets created for vulnerabilities
- Add support for several new licenses, including bouncy-castle, honest-public-license, and more
- Golang dependencies now show a version tag if one exists in our database (and displays a hash if not in our database)
- Improves suggestions surrounding vulnerabilities, including no longer suggesting a user upgrade to a version that is susceptible to a different vulnerability than the current one
- Fix bug where custom dependencies licenses weren’t being recognized in a few specific cases
- Reports no longer include null locators
- Speed up vulnerability issue scanning
3.39.0
- Add ability to filter files to just those with binary content
- Add cursor-based pagination to Revisions endpoint
- Add support for NuGet v3 sources
- Allow API access to the vulnerability database
- Allow fetchers to download FTP files
- Fix bug resulting in error when fetching a NuGet package when locator has a build number
- Fix bug where endpoints relating to Security Scanning were returning a 404 error
- Fix bug where exporting a CSV with all the vulnerabilities would remove blank data instead of leaving it empty or undefined
- Fix bug where Linux fetchers were failing if any download failed
- Fix bug where newer revisions were not showing up after re-scanning an older revision
- Improve access control checks to allow users with the user_any.view permission to view all users in their organization
- Speed up direnv loading/unloading
- Speed up `organization.getComponents` by bypassing Sequelize
- UI now displays the number of files in a given directory
- UI now filters ignored licenses when viewing the licenses in a project
3.38.0
- File comments are now visible when doing diffbase comparison between branches
3.37.0
- Audit log now records deletion of policies
- Fix bug where retrying analysis on deep dependencies shows up as direct dependencies
- Fix error resulting in Issue emails not being sent
- Fix open redirect when logging in with SSO
- Fix bug with truncated dependency paths
- Ignore build number in Nuget revisions list
- Implement fuzzy version matching for Debian packages
- Make license field optional for user dependencies
- Remove dependency depth limit for report previews
- UI will now display up to 15,000 projects (previously 5,000)
3.36.0
- Show archive upload progress
- Hide toolbar for previews
3.35.0
- Index later version of Go lang so that having Go as a dependency does not return very old version of Go
- Change UI behavior not to reload the page on every "Issue ignore"
- Move several additional internal tasks to Faktory workers
- Adding support for Container scanning
- Add severity field to Vulnerability issues
- Modify snippet expansion and highlighting in Monorepo projects
- Enable obtaining all package versions from the NuGet repository and limit the size of the title field
- Expand the list of supported file types for archive upload
- In Monorepo projects show notes preview in File Browser.
- Expand Logging to Policy changes and events where a new project is added
- Improve the quality of Security Issue export to Jira
- Add proprietary language feature flag, to improve runtime when proprietary language detection is not needed
- Limit users that can view via API
- Fix issues with the "GPL with Exception" license
- Change functionality of reloading project after ignoring a Dependency
- Introduce feature-flagged ability to enable binaries as Dependencies
- Save Themis (License Scanner V2) version of analysis into Revision (visible only if converted to Themis)
- Move most backend tasks to be executed via Faktory (enable restart after network outage)
3.34.0
- Expand Audit Log to include information about Release groups
- Create a direct link from Dependencies to the corresponding Issues
- Remove issue when in some cases direct dependency that is also a deep one appears as deep
- Add file list CSV export to Monorepo projects
- Add layer indicator to issue UI
3.33.0
- Display integration setting tab for all org users
- Fix an overflow issue in the global package report modal
- Provide more clear error messages for some states
- Refactor archive upload API and add 'Description" as a query parameter
- Separate container layers in the UI into the base and other layers
- Delete expired user invitations
3.32.0
- Add option to duplicate banner
- Fix technical issue with project import search
- Add layer information to Issues API for container scanning
- Migrate the first job to Faktory, to be able to automatically recover after network outage
3.31.0
- On the vulnerability page remove the NVD link from the reference
- Make sure that comparison can only be done between successfully analyzed revisions
- Add ability to identify commercial language in AOSP projects
- Create backend representation for user-defined dependencies
- Stability improvements for archive upload
- Add support for withdrawing user invitations
- Show suggested Notice files in AOSP projects, where no file previously existed
- Create more visible project types in the front-end
- Create Auth Settings page in the UI
- Modify relationship of project corrections to scan, where corrections applied before scanning
- Refactoring of analysis build manager, to improve the reliability of analysis workflow
- Add revision ID to exported issue data
- Integrate the new license scanner
- Add per organization notification banner
3.30.0
- Remove policy selections step in the mandatory onboarding flow
- Make sure that RBAC always allows users to fetch their own account
- Make sure that revision selection is always populated and make sure the "current" version matches the revision of the page
- New authentication/sign-up workflow, to clarify allowed types of log-in within the organization
3.29.0
- Conda fetcher
- Add AOSP/Ninja API endpoint
3.28.0
- Refactor user invites
- Redesign password reset page
- Save default organization settings
- Streamline inference of dependency graph
- Add support for pip3
- Simplify docker file image used for the deployment
- Create API endpoint to fetch and delete user invitations
- Make sure that new users corresponding to an existing organization get routed correctly
- Add JSON format to issue export endpoint
3.27.0
- Fix issue totals count in Issues Dashboard
- Internal foundational refactoring
- Add Unaffiliated Licenses to Issue Export
3.26.0
- Update Release Group reports to show all projects
- AOSP project row generated Notice files
- Show selectable revisions in dropdown
- Do not delete team associations when deleting projects
- UI update: Paginate to fetch all users in Organization Settings
- Bugfix for rendering Public Reports
- Fix API request body typings for endpoint for updating a release
3.25.0
- Back-end Vulnerabilities update
- Filtering update
- Fix parse issues for go- and git-fetcher URLs
3.24.0
- Support tracking visits to publicly shared reports
- VPS Update: AOSP Notice suggestion available from server
- Updates to FOSSA login
3.23.0
- Ability to create an API token for users created by an Admin for the API
- Back-end VPS updates
- Bug fixes to policy and issue viewing permission checks
- Display exact or overlapping license match groups depending on the context
- Support saving both user and organization changes simultaneously
3.22.0
- Upgrade to node-Postgres
- Internal foundational refactoring
- Bugfix for removing a project from a Release Group
- UI update for Archive Upload header
- Update to FOSSA authentication for registration flow
- Minor UX update with claiming a domain for Google Single-Sign-On (SSO)
- Login flow update
- Frontend update for verifying a domain for LDAP
- SAML domain verification update
- Enable displaying notice suggestion for Makefiles
3.21.0
- UI update: Remove the "Last confirmed" column from Affect Projects
- CSV report preview
- License reports formatting update
- VPS Update: AOSP Notice File editing
- Unaffiliated License Issue Deep Link
- UI for editing Notice File content
- Prevent OAuth logins if SSO is required and is configured
3.20.0
- Fix issue with FOSSA underreporting dependencies in FOSSA CORE
- LDAP improvement
- UI Bug: Fix teams overflow in the users table
- Internal foundational refactoring
3.19.0
- Admin panel for creating an API user
- Improved erroring for auth login
3.18.0
- Backend SAML updates
- VPS update: add AOSP Blueprint upload to push only allowlist
- Update issue counts after a Release Group issue is resolved or un-resolved
- Add issue panel for Unaffiliated Licenses
- Backend SAML updates
- Add Feature Flag for VPS in FOSSA core
- VPS Scan Reports update to add unaffiliated licenses to HTML and PDF reports
- Fix project branch dropdown
- Support projectURL on Archive Upload endpoint
- VPS Update: Fix Notice file comparison preview panel
- Added ability to save page count for Users table under the Settings tab
- Fix Issue counts displayed on Release Group summary page
- Report generation bug fix
- Link to release page from Release Switcher dropdown
- Add unaffiliated licenses to VPS scan CSV reports
- VPS Reporting update
- Add support for Debian versions
- UI Update: Add preview panel to comparison view
- Update policy from white/black list to allow/deny
- Back-end update for issue resolving/un-resolving query
- RBAC Permissions update for Dependency Editing
- Back-end Vulnerability Management work
3.17.0
- Added API endpoint for fetching pending SSO domains
- Login backend work
- Internal foundational refactoring
3.16.0
- Use version in PIP fetcher if it exists
- Internal foundational refactoring
3.15.13
- Backend Security update: enable issue scanning for Linux Vulnerabilities
- Internal foundational refactoring
3.15.12
- Internal foundational refactoring
3.15.11
- Internal foundational refactoring
3.15.10
- Backend work for Notice file updates
- Project summary page UX updates
- Deprecate build logs in UI
- Allow Set Deep Dependencies Concurrency
3.15.9
- Improve error handling for Google SSO
- Security update: Enable vulnerability transform for RPM Linux
- RBAC UI cleanup
3.15.8
- Project summary panel UI update
3.15.7
- Internal foundational refactoring
3.15.6
- RBAC back-end work to check custom role name for match with a built-in role to prevent duplication of names
- Email domain checking for SSO enforcement update
3.15.5
- License display update in the preview panel
3.15.4
- Back-end JIRA work
- Internal foundational refactoring
3.15.3
- Internal foundational refactoring
3.15.2
- Release Groups fetching improvement including better Error display
- Enable enforced SSO login by default
3.15.1
- Internal foundational refactoring
3.15.0
- Better error messaging when there is an Archive Upload with the same name
- Prevent users from uploading Archives with Null Names
- RBAC: Show or hide the "Add Role" button based on the user's permissions
3.14.11
- Authorization page update
- Internal Security work
- Internal foundational refactoring
3.14.10
- License dropdown bug fix
- Internal foundational refactoring
3.14.9
- Update FOSSA-ruby CLI version
3.14.8
- Fix Team Settings header
3.14.7
- Internal foundational refactoring
3.14.6
- Internal foundational refactoring
3.14.5
- RBAC UI cleanup
- Support Policy Assignment on Archive Upload method
- Slack integration notification fixes
- Back-end SSO work
3.14.4
- RBAC UI cleanup
- Allow only enabled users to be added to a team
3.14.3
- Internal foundational refactoring
3.14.2
- JIRA Integration improvement
- Internal foundational refactoring
3.14.1
- Improved error handling for Authentication failure
- Internal foundational refactoring
3.14.0
- Improve permissions check & tooltip for users editing themselves
- Make license dropdown overflow visible in UI
- RBAC UI cleanup
3.13.2
- Back-end Vulnerability work
- Internal foundational refactoring
3.13.1
- Internal foundational refactoring
3.13.0
- RBAC UI update: Unsaved Changes warning for Add/Edit Roles
- RBAC UI update: Hide "Invite Users" for SSO-login only organizations
- VPS UI update: Use multi-select dropdown component for VPS licenses filter
- Internal foundational refactoring
3.12.3
- Add Unique ID field to Teams
- Internal foundational refactoring
3.12.2
- Add 4-hour timeout for Archive Upload Scans
- Return 404 from GET /api/comments when the project is not visible
3.12.1
- Back-end RBAC work
3.12.0
- Internal foundational refactoring
3.11.6
- Back-end Release Group work
- Internal foundational refactoring
3.11.5
- Back-end JIRA integration work
- Add ability to set labels and issue type when exporting to JIRA
- Back-end Release Group work
- Team name duplicate checks for better error messages
3.11.4
- RBAC Custom Roles deployed
- Internal foundational refactoring
3.11.3
- Release Group assignment on Project Upload
- Back-end VPS work
3.11.2
- Back-end RBAC Custom Roles work
3.11.1
- Fix sorting on the Users page
- Show a Teams column on the users page
3.11.0
- Back-end RBAC Custom Roles work
- Internal foundational refactoring
3.10.3
- UI Update for Delete Roles
- Internal foundational refactoring
3.10.2
- Update permissions checks for Project and Release Group actions
- Internal foundational refactoring
3.10.1
- Internal foundational refactoring
3.10.0
- Allow users to set Authorization headers for their JIRA instances
- Back-end RBAC Custom Roles work
- Internal foundational refactoring
3.9.1
- Fix "Refresh" button in project's summary page
- Internal foundational refactoring
3.9.0
- Internal foundational refactoring
3.8.0
- Back-end custom roles work (RBAC)
- Audit logs update for role deletions
- Better error handling for disabling or enabling users
- Permissions for creating a project report public link
- Permissions for creating an organization-wide report
3.7.4
- Internal foundational refactoring
3.7.3
- Internal foundational refactoring
3.7.2
- Internal foundational refactoring
3.7.1
- Break build on specific type of Issues (Security, Compliance, or Quality)
- Internal foundational refactoring
3.7.0
- Internal foundational refactoring
3.6.11
- Backend update of Vulnerabilities data
3.6.10
- Backend update of Vulnerabilities data
- Errors cleanup
- Internal foundational refactoring
3.6.9
- Fix agent builds from failing when sending scans of Debian packages
- Internal foundational refactoring
3.6.8
- Internal foundational refactoring
3.6.7
- Fix for Error for NPM packages with a string in the licenses field of package.json
3.6.6
- Support Release Groups on projects page when a Team is selected
- Backend update of Vulnerabilities data
3.6.5
- Archive Upload support to work when Org Role is "None"
3.6.4
- Internal foundational refactoring
3.6.3
- Reports fix: remove spacing in CSV report due to character encoding
- Fixed issue page load time
- Internal foundational refactoring
3.6.2
- UI update: paginate dependencies for projects
- API endpoint for deleting custom roles
- If licenses field in package .json is a string, then wrap it in an array
- Improved handling of cases where licenses are null or undefined
- Backend update of Vulnerabilities data
- Reports fix: include clickable links in HTML and PDF formats
- Update for Unknown Dependencies
- Fix UI uploads of Archives
3.6.1
- Internal foundational refactoring
- Update back-end APIs to use new Get Deep Dependencies functionality
- More precise error messages for SSO-only organizations
- Teams update: add a project to a team only if it isn't already in the same team
- Custom roles read only-UI update
3.6.0
- Fix to pick latest version in wildcard version for Nuget instead of earliest
- Enable Team Admins to Create Release Groups
- Audit logs fix to correctly log User's Team-Level role update event
3.5.2
- Internal foundational refactoring
3.5.1
- Release Groups to include revision ID
- Internal foundational refactoring
3.5.0
- Improved vulnerability monitoring
- Backend Roles updates
- Update License Summary label on reports
3.4.9
- Improve UI for viewing a public project
- Scan query speed improvement
- Package inventory label fix
- Add support for fetching all projects in a Release Group
3.4.7
- List Release Groups along with Projects in Teams Setting page
- Internal foundational refactoring
3.4.6
- Internal foundational refactoring
3.4.5
- Internal foundational refactoring
3.4.4
- Audit Logs User creation via SSO/SAML fix
- Internal foundational refactoring
3.4.3
- Backend VPS updates
- Enforce minimum CLI version feature flag (CLI v1.1.1+)
- Improved vulnerability monitoring and re-scanning
- Contributor count parameters update
3.4.2
- User Role error improvement
- Spring package vulnerability identification fix
- Users tab updates in Settings
- Backend update to Release Groups in Teams
3.4.1
- Roles update
- Internal foundational refactoring
3.4.0
- Internal foundational refactoring
3.3.6
- Improve filtering
- Internal foundational refactoring
3.3.5
- Improve Audit Log entry descriptions
- Fix Audit Log duplicate requests
3.3.4
- Improve SAML error message
- Endpoint for adding Release Groups to a team
3.3.3
- Git actions fix
3.3.2
- Issues count discrepancy fix
- Internal foundational refactoring
3.3.1
- Internal foundational refactoring
3.3.0
- Audit Log: fix entry for deleting a user
- Lock each scrib library to latest commit on master
- Go Back button fix
3.2.0
- Internal foundational refactoring
3.1.3
- RBAC changes (see RBAC announcement)
3.1.2
- Internal foundational refactoring
3.1.1
- Fix Bitbucket project browsing
3.1.0
- Filter out revisions and unknown locators based on exclusion criteria
- Alphabetize the contents across all dependencies to match the table
- Internal foundational refactoring
3.0.14
- Internal foundational refactoring
3.0.13
- Allow On-Prem users to configure or disable the contact support link.
3.0.12
- Allow manual commercial license entry.
- Fix missing trailing slash in GitLab integration
3.0.11
- Internal Release
3.0.10
- VPS: UI Improvement
- VPS: JSON report for VPS projects
3.0.9
- Replace
downloadUrl
attribute with version instead of hash for git locators
3.0.8
- Improve Maven version detection
- Audit Log UI Improvements
3.0.7
- API internal improvements
- VPS: License UI improvements
- Audit Logs: UI improvements
- Audit Logs: date representation corrections
- Licenses added as selectable licenses:
- Internet Engineering Task Force
- Taligent
- JDK Proprietary Notice
- Unicode Inc License Agreement
- ICU Composite License (ibm-icu)
- Oracle Technology Network Development and Distribution License Terms
3.0.6
- Audit Logs: Enhancements and corrections
- VPS: Add file tree inside package edit.
3.0.5
- VPS scan filters
3.0.4
- Audit log API foundation work
- VPS Improvements
- Audit Logs UI
- Add the ability to get dependencies for a release group
3.0.3
- Fix issue where build agents can hang under some circumstances.
3.0.2
- Internal Release
3.0.1
- Audit Logging initial release.
- VPS UI/UX Improvements.
3.0.0
- Infrastructure changes
2.32.0
- VPS UI/UX improvements
2.31.2
- Internal release.
2.31.1
- Package dependency query performance improvements.
2.31.0
- Improve resolution of Golang and git dependency names.
- Internal improvements.
- Issue API fix.
2.30.6
Build System improvement foundational work. Prefer ssh over http method for Bitbucket server when clone_with_ssh
option is enabled
2.30.5
- Fix revision locator bug
- Login workflow UI improvements
2.30.4
- Fix revision locator bug
- Login workflow UI improvements
2.30.3
- Improve application memory handling.
- Improve package license removal UI/UX.
- Policy UI improvements.
- Fix issue causing organization attribution report failure in some instances.
2.30.2
- Improve project description display for long descriptions.
- Fix to NPM private registry settings page.
- Fix issue in organization summary report.
2.30.1
- Improve PIP fetcher version resolution
2.30.0
- Fix issue that prevented the Dependency Paths attribute from displaying in reports
- Insure that login page properly redirects to the URL originally selected by the user
- Prevent comments on a JIRA exported issue from reopening that issue in JIRA.
- Error handling improvements.
- Improve task retry handling.
2.29.0
- VPS reporting improvements like adding an HTML report and multi-line custom report
- Improve license editing workflow by hiding the “declared license source” field when editing a discovered license and exiting the edit screen when navigating to a new license.
- Add VPS Markdown report.
- Improvements to fossa test reliability: Allow fossa test command to trigger issue scan.
2.28.0
- Improvements to internal Vulnerability tracking
2.27.0
- Improve build summary UI to insure that status is not left in "build not analyzed" state
2.26.2
- Vulnerability DB update
2.26.1
- Public project page UI improvements
2.26.0
- Reports: Add options to allow more options for sorting of dependencies
- Improve ability to import large projects via VCS
- Fix failure in exporting multiple issues to JIRA.
2.25.0
- Deprecate the search functionality in the "Components" tab.
- Component search is depreciated.
- Improve LDAP connection test that fails in "non-SSL" environments
- Add the ability to add licenses to a package from the package edit screen
2.24.1
- Improve Ruby Gem builds
2.24.0
- Remove GitLab 20 group limitiation to allow 100 groups. (Limit will be removed in the future)
- Dynamic group loading.
2.23.0
- Improve LDAP error handling
2.22.0
- Direct License editing.
- Rename LDAP "Server URL" to "Hostname" in UI
- Reports: Fix Text and spdx report rendering
2.20.2
- Resolve login loop bug
2.20.1
- Reporting: Improve copyright reporting
- VPS: CSV reporting
2.20.0
- Enable LDAP authorization for special/role accounts
- VPS: UI improvements
2.19.1
- Vulnerability: Internal improvements
- VPS: Reporting improvements
- VPS: File browser UI improvements
- VPS: Internal improvements
2.19.0
- Reporting: Custom logo feature improvements
- VPS: Issue handling improvements
- VPS: Tree view UI improvements
2.18.1
- Reporting: Save custom report text as a project attribute
2.18.0
- Reporting: Normalize available information across report types.
- Reporting: Alphabetical sorting for Release Group reports
- Fix dependency editor issue within Release Groups
- VPS: Reporting improvements
- Fix ANSI coloring in build logs
2.17.5
- Internal system updates and reliability improvements
2.17.6
- Reporting: Option to enable custom logo on report
- Internal system updates and reliability improvements
- VPS: Scanning improvements
2.17.4
- VPS: Dependency search improvements
- Reporting: Option to report on multiple copyrights for a given license.
2.17.3
- Internal system updates and reliability improvements
2.17.2
- Internal system updates and reliability improvements
2.17.1
- Internal system updates and reliability improvements
- Allow login with case-insensitive email address.
2.17.0
- Improve build log ordering
- Reporting: Improved plain text reports for release groups
- Reporting: Copyright listing is now a separate section grouped by license ID
- Copyright listing is alphabetical at the top level
2.16.0
- VPS: File Tree Search improvements
- VPS: File Tree Package Review function
- Reporting: Improve report spacing and remove unnecessary padding
- Reporting: Markdown report for Release Groups
2.15.8
- Reports V2 - Add release group MD report
- Vendor Package Scanning (VPS)
2.15.7
- Bugfix for Policies UI - Search bar auto-fill with previous entry
- Reports V2 improvements
2.15.6
- JIRA export UI Not displaying issues
- Update BSD Clause 2 and 3 License text
- Reports V2 - Add copyright to v2 reports
2.15.5
- Erlang support
- Vendor Package Scanning (VPS) UI
2.15.4
- Support multiple copyrights per source unit
- Reports V2 - CVS Report for Release Groups
- Reports V2 - Update Plain Text Report for Release Groups
- Reports V2 - Update PDF Report for Release Groups
2.15.3
- Internal Maintenance Release
2.15.2
- Internal Maintenance Release
2.15.1
- Add issue resolution reason to Release Groups
2.15.0
- Vendor Package Scanning (VPS) internals
- Security and Vulnerability internals
2.14.3
- Reports V2 - Update HTML Report for Release Groups
- Front end error handling improvements
- Fix SAML redirect
2.14.2
- Reports V2 - Markdown Reports
2.14.1
- Fix button duplicate
- Improve consistency in on-prem and cloud versioning
- Reporting improvement for Release Groups
- Reports implement full copyright listing
- Vendor Package Scanning (VPS) features
2.14.0
- Improve NuGet Dependency resolution
- Reports implement full copyright listing
2.13.2
- Internal Maintenance Release
2.13.1
- Fossabot improve branch handling
- Add Jenkins maven repo to list of defaults and add cvePublishDate to Vulnerability as backup for publishDate.
- Only show PR tabs if remediation PR available
- Vulnerability features
2.13.0
- Vendor Package Scanning (VPS) internals
- Security and Vulnerability internals
2.12.10
- Fix Preview Alert text for vulnerability reports
- Add pull request icon to fossa-icon font
2.12.9
- Add webhook handling for closing/merging/managing FOSSA pull requests
- Enhancement for On Premise UI response during initial org creation
- API improvements to teams endpoint
2.12.8
- Vendor Package Scanning (VPS) internals
- Security and Vulnerability feature improvements
2.12.7
- Fix License truncating for downloaded reports
- Reports V2 - HTML show attribution
- Vendor Package Scanning (VPS) internals
- Security and Vulnerability feature improvements
2.12.6
- Reports v2 - html report
- Improve Package edit UI
2.12.5
- Vendor Package Scanning (VPS) UI
- Security and Vulnerability feature improvements
- Improve On Premise installation: Check for Postgres version before migration
- Add file path information for reports
2.12.4
- Vendor Package Scanning (VPS)
- Reports V2 - Update Plain Text Report for Projects
- Add Repoze License
2.12.3
- Add link within Jira linking back to FOSSA issue
- Enable users to directly link a specific issue from the Issues tab for a project
2.12.2
- Vulnerability reports for Release Groups
- Vulnerability report API for team and org
2.12.1
- Support private Bower registries
- Fix project deletion for provided builds
- Add discovered licenses to license table in pdf reports
2.11.x
- Support for SSH only clones in BitBucket, GitLab and GitHub integrations.
- Ability to resolve Jira tickets on a per-project level as well as a global level
2.10.x
- Support setting project policy form CLI
- Vulnerability PDF reports
- LDAP improvements
- Release Groups: Allow users to set policy before creating a release group
- Provide navigation to JIRA issue linked in a FOSSA issue
2.9.x
- Improve Release Group Issue Resolution workflow
- Improve reliability of build system
- API change to allow “Bearer” in auth headers in addition to “token”
- Allow configurable support email in On-Prem version of server
Comments
0 comments
Article is closed for comments.