Core Release Notes

4.15.X

4.15.47

• Moved the All Licenses section of the licensing issue drawer to be more prominent
• Added the ability to sort by "Last revision analyzed" in the projects table

4.15.46

• Internal changes for upcoming features

4.15.45

• Added the lastAnalyzed field to GET /api/v2/projects endpoint that represents when the project was last analyzed, as well as the ability to sort by lastAnalyzed
• Updated the Issues dashboard to allow items to be opened in new tabs with Right Click, Middle Click, or cmd/ctrl + click.
• Fixed an issue where the /api/revisions/{{revision}}/dependencies endpoint would not respect pagination

4.15.44

• Internal changes for upcoming features

4.15.43

• Released the new Issue Grouping Experience for all users!

4.15.42

• Changed width of table columns in the Organization's Teams Settings page
• Issue drawer width will now expand further to provide more usable space
• Resolved an issue in which dependencies did not disappear from the UI after deletion (visual bug)

4.15.41

• Fixed an issue where an exported Issue CSV could have unexpected newlines
• Added the Llama 2 Community license

4.15.40

• Added Team information to GET /api/v2/projects endpoint
• Misc. internal changes and version bumps

4.15.38 - 4.15.39

• Internal changes for upcoming features

4.15.37

• Added audit logging for Project-level policy scan settings changes
• Project titles will no longer be truncated in plaintext report headers
• Misc. internal changes and version bumps

4.15.36

• Internal changes for upcoming features

4.15.32 - 4.15.35

• Internal changes for upcoming features
• Removed the topographic background image from the login pages

4.15.31

• Added support for full-file previews of licenses found directly in quick imported projects

4.15.30

• Fixed a bug where archive uploads for projects with characters above ASCII 127 in their name would fail to upload
•  The Python resolver will now attempt to download a PyPI package's binary when a source distribution does not exist

4.15.29

• Fixed a bug where licenses were not displayed in the issue drawer

4.15.28

• Internal changes for upcoming features

4.15.27

• Added support for issue actions in the global issue drawer/page

4.15.26

• Internal changes for upcoming features

4.15.25

• Improved Audit Logs:

  • Added logs for ignoring dependencies

  • Added logs for edited project settings
    • title, notes, default branch, VCS Host, url, and privacy (public/private) are supported.
• Fixed bug in project settings when saving Jira custom fields
• Fixed an issue where settings would not take when generating release group reports
• Fixed a bug where discovered license files could be improperly cached for go projects

4.15.24

• Updated the favicon to use the 2023 FOSSA Logo

• Minor internal version bumps

4.15.23

• Minor internal version bump

4.15.22

• Removed the deprecated link and "open external" icon for origin paths in the Dependencies Dashboard
• Internal changes for upcoming features

4.15.21

• Improved performance of the /api/users endpoint
• Fixed an issue where Release Group Attribution Reports weren't generated as expected
• Minor internal version bumps

4.15.20

• Added support for SUSE/SLES Dependencies in container scans
• Minor internal version bumps

4.15.19

• Added badges from the new Issues Row to the Issues Drawer
  • Severity + CVSS Score, EPSS Score + Percentile, Upgrade Distance, CVE, and Exploit Maturity for known exploits
• Added support for more special characters in ArchiveUploads (space, ?, and ;) 

4.15.18

• Fixes an issue where the issue status tabs would display ... indefinitely
• Internal changes for upcoming features

4.15.11

• Internal changes for upcoming features

4.15.16

• Security issues have been redesigned to a new three-row experience containing the following:

  1. Severity + CVSS Score, EPSS Score + Percentile, Upgrade Distance, CVE, and Exploit Maturity for known exploits

  2. CWE Title, Package Name and Version

  3. Ignored Date, Ticket, Package Manager, Depth, Project Count, and Found Date

4.15.13 - 4.15.15

• Deprecated code cleanup
• Internal version bumps
• Internal changes for upcoming features

4.15.12

• Added a "home page" link to the Issue Drawer

• Internal changes and improvements for upcoming features

• Minor internal version bump

4.15.11

• Internal changes for upcoming features

4.15.10

• Issue Grouping is now saved across sessions
• Added a "Not Found" page when a project is not found or viewed when logged out
• Added the "Team Select" feature to the Global Issues Dashboard
• Fix a bug where archive uploads from the CLI would break if the project name contained certain special characters (~, ^, #, etc)
• Internal feature cleanup

4.15.9

• Added "Total Package Count" to the Package Observability dashboard
  • On hover, the last cache date is shown
• Internal feature cleanup

4.15.8

• Fixed an edge case where some dependency revisions would resolve to null
• Internal performance improvements

4.15.7

• Fixed an issue where the comments count in the issues drawer would sometimes not be up-to-date
• Fixed an issue where Plain Text Reports could not be generated for Release Groups in some cases
• Issues can now be filtered by project labels on the Global Issues Dashboard

4.15.6

• Release of Custom-License and Keyword Searches
  • An admin interface can be found in the Organization Settings, under the "Integrations" tab
• Added a Vuln Filter for "Ignore Reason"
• Improved the "All Projects" (or "Team Select") menu on the Projects Dashboard
  • Clicking on one or more teams shows projects associated with any of the selected teams
• Optimized three endpoints, leading to performance improvements

4.15.5

• Fixed a bug where the selected Sorting method did not reset between issue categories
• Fix loading issue with Bitbucket cloud integration for users without personal workspaces
• Deprecated feature cleanup

4.15.4

• Fixed a bug where the Issue Drawer would sometimes not show all "Affected Projects" 

4.15.3

• Internal feature optimization

4.15.2

• Fixed an issue with the Relationships/View Path modal, where we were over-fetching data, causing it to crash

4.15.1

• Tweaked "Upgrade Distance" filter for clarity (previously "Fix Available")
  • Shows "Has Fix" if a fix is available, but the upgrade distance cannot be calculated
  • IssuesV2 API has changed shape from filter[fixAvailable] to filter[upgradeDistance]

• Updated the UI and CSV report terminology from "Denied dependency" to "Blocked package" for Quality Issues

4.15.0

• Introduced the new Issue Drawer, which is live for Licensing, Security, and Quality

4.14.X

4.14.34

• Added EPSS support for the Issue Inbox and Issue Drawer
  • Sorting by EPSS is available for ungrouped views

4.14.32 - 4.14.33

• Internal changes for upcoming features

4.14.31

• Resolved an issue in which users couldn't select a Security Filter to fail CI/CD on.

4.14.26 - 4.14.30

• Clicking the "Docs" link in the support drop-down will now open a new tab (4.14.29)
• Internal changes for upcoming features
• Various internal version bumps

4.14.25

• Fixed an issue that caused the "Delete Correction" button to not appear when a correction was present

4.14.24

• Added a "Not found" result, if a user is unauthorized to view an issue's full-page details
• Minor internal version bump and internal changes for upcoming features

4.14.23

• Fixed an issue where custom-license titles were not being shown in reports
• Fixed a bug where Issues exported to JIRA were not were not pointing to the correct target

4.14.22

• Fixed an issue with Alpine packages, leading to additional vulns being reported in some cases

4.14.21

• Fixed an issue where project corrections would not be displayed on the "Edit Package" page
• Fixed an issue where first-party or manually added licenses were not detected as direct
• Issues V2 endpoints can now be filtered by team:
  • /api/v2/issues?teamId=1 
    • /issues, /categories, /statuses, /types, /revisions, and /package-managers are all supported
  • The literal string 'null' - Returns issues that are not associated with any team.
  • A single teamId - Returns issues that are associated with the given team.
  • An array of teamIds - Returns issues that are associated with any of the given teams.
• Finalized feature cleanup

4.14.20

• Fixed an issue where the Ignore Rules table columns would become unaligned on wider screens

4.14.19

• Internal changes and continued feature cleanup

4.14.18

• Internal changes for upcoming features

4.14.17

• Internal changes and continued feature cleanup

4.14.16

• The Vulnerability Exposure Windows graph has been re-added to the vulnerability reports. It now excludes ignored issues
• Fixed a small formatting issue when submitting CVE Data Disputes
• Deprecated feature cleanup

4.14.15

• Added API Support for filtering by multiple teams to Projects and Release Groups.
  • The old, single-team style is still supported, in addition to: 

    • /api/v2/projects?teamId=1&teamId=2
      /api/v2/projects?teamId[0]=1&teamId[1]=2

    • /api/v2/release-groups?teamId=1&teamId=2
      /api/v2/release-groups?teamId[0]=1&teamId[1]=2

• Reverted a change that removed /api/revisions/:locator/parent_projects
• Fixed an issue where plaintext licensing reports weren't being sent
• The bulk Policy and Label assignment menus are now sorted alphabetically (case insensitive)

4.14.14

• Minor internal version bump
• Internal changes for upcoming features

4.14.13

• Added "Package Manager" issue filter and API support:
  • Allows filtering issues by the selected Package Manager
  • The API response for the issues endpoint can also be filtered:

    /api/v2/issues?category=licensing&filter[packageManagers][0]=npm

• Minor internal version bumps

4.14.12

• Removed issues and releaseGroupContexts from the API response for the /api/project_group/:groupId/release/:id/scans endpoint

4.14.11

• Internal changes for upcoming features

4.14.10

• Policies can now be set in bulk from the main Projects and Release Groups dashboards
• Added "First Found" issue filter:
  • As defined by the date FOSSA first detected the issue. You may filter by anytime , last 7 days, last 14 days or last 30 days
• Added EPSS data to the Vulnerability Issues API response (if available)
  • Added option to sort by EPSS asc or desc
• Fixed a missing pair of single quotes in the Environment Variable instructions
• Minor internal version bumps
• Internal changes for upcoming features

4.14.9

• Added "Exploit Maturity" filter and API support:
  • New Vuln filter with "Known Exploit" and "No Known Exploit" options, as defined by CISA exploited vuln catalog
  • Added filter[exploitMaturity][]to the v2/issues?category=vulnerability endpoint
    • Available options are has_known_exploit and no_known_exploit
• UI Changes:
  
  • Improved consistency of dropdown menus across the application
  • Fixed an issue with the "Team Selection" drop-down for the Audit/Due Diligence Report
  • Slight changes to padding
• Internal changes for upcoming features

4.14.8

• Added "Upgrade Distance" filter and API support:
  • Upgrade distance is now selectable from the "Fix Available" Vuln filter in the UI
    • Whether a proposed remediation is a semantic version increment of Patch, Minor, Major, Unknown
  • Added nextSafeVersion and nextSafeVersionDistance to the v2/issues?category=vulnerability endpoint.

• Updated the Project and Release Group summary pages to pull Issues from V2 of the Issues API.

4.14.7

• Internal bugfixes, improvements

4.14.6

• Added a link to the Issue details page in issues API responses

4.14.5

• Minor internal version bump
• Internal changes for upcoming features

4.14.4

• Updated CWE data to MITRE version 4.12
• Removed the invalid CycloneDX SBOM options from the Release Group reports page

4.14.3

• Improved security badge visibility
• Fixed a typo on the Release Group summary page saying "Project" instead of "Release Group"

4.14.2

• Added new API endpoint which returns a summary of the count of every type of issue matching a given scope query
• Minor internal version bumps
• Internal changes for upcoming features

4.14.1

• Minor internal version bumps
• Internal changes for upcoming features

4.14.0

• Project labels can now be assigned in bulk from the Projects dashboard.
• Global Issue CSV Exports are now saved as individual ZIP archives for each category containing the CSV
• CVSS Vectors are now included in vulnerability Issues API responses
• FOSSA Project URLS are now included in the Issues API responses
• Fixed a bug where the issues page would break if reloaded when issues were "Ungrouped"
• Fixed a minor spacing issue in the navigation menu
• Fixed an issue where the "Dependency Summary" would always show on reports
• Fixed a bug with the Project and Release Group navbar order
  
  • "Settings" should now always appear to the right of "Activity"
• Various internal version bumps

4.13.X

4.13.16

• Fixes an issue where only 16 deps would be displayed in the dependencies browser

4.13.15

• Fixed an issue preventing users from downloading Vuln PDF reports
• Fixed an issue where custom report headers were rendering as plaintext in HTML reports
• Fixed a bug preventing users from clicking on an issue type besides "Licensing"

4.13.14

• Added a few database queries to our on-premises debug bundle
• Fixed some styling changes introduced in 4.13.12
• Debut of our Package-Issue Grouping UI
  • By default FOSSA issues will be grouped by semantic version
  • A user may change to the ungrouped view by selecting Version in the issue inbox header and changing to Ungrouped

4.13.13

• Reverted the PDF report back to the old format
• Minor internal version bumps

4.13.12

• Internal changes for upcoming features
• Internal version bumps
• Fixed an issue where Global Issue CSV Exports were truncated and incomplete
• Accessibility Improvement - Better alt text of FOSSA badges for more detail with screen readers
• Fixed a bug where the Global Nav Header's items would shift and overlap on smaller screens or viewports.
• Fixed a bug where the sidebar on the Reports page appeared on the wrong side
• Fixed a bug on the Issues page where when changing or selecting filters, in some cases older data could be shown

4.13.11

• Internal changes for upcoming features
• Slight visual update to the "Load More" button

4.13.10

• Internal changes for upcoming features

4.13.9

• Fixed a typo on the Ignore Rules dashboard
• Fixed an issue where "Dependency Info Options" would not appear on some projects
• Global Issue CSV Export now uses the improved Issues V2 backend, and the report now has the option to be downloaded directly

4.13.8

• Minor visual improvements and bugfixes
• Changes to badges:
  • Added a "Security" shield for GitHub READMEs
  • Updated the "Small" badge to account for Security Issues

4.13.6 - 4.13.7

• Minor internal version bumps
• Internal changes for upcoming features

4.13.5

• Improved Issue CSVs: Team IDs will now appear next to team names in parentheses

4.13.4

• Fixed a styling issue with hosted HTML and PDF reports

4.13.3

• Added new fields to our Issues Endpoint, and Improved our Issue CSV exports by adding support for those fields:
  • Added a scannedAt timestamp to Issue CSV exports that shows when the issue was last found in a policy
  • Added an analyzedAt timestamp to Issue CSV exports that shows when the project's components were last analyzed by FOSSA
  • Added affectedVersionRanges and patchedVersionRanges to Vulnerability Issue CSV exports. (Note: This does affect column ordering.)

4.13.2

•  Fixed a bug where some licenses were displayed with double-escaped newlines in reports
• Added notifications for queued email reports, appearing in the UI when the job completes
• Fixed an causing an HTTP 500 when filtering a Release Group's Vulnerability Issues

4.13.1

• Fixed an issue preventing users from downloading vulnerability PDF reports
• Updated the /api/revisions endpoint's default sorting to "updatedAt DESC", adding consistency

4.13.0

• Updated reports page to include a dedicated SBOM option and easier access to other reports types
• Fixed an edge-case returning 404s when fetching license information for a valid revision with no licenses
• Fixed a bug present when selecting multiple issues on the dashboard

4.12.X

4.12.10 - 4.12.13

• Minor internal version bumps
• Internal changes and continued work for upcoming features

4.12.9

• Fixed a bug where clicking an issue in the inbox would not bring you to the issue details page
• Various internal version bumps, and changes for upcoming features

4.12.8

• Fixed a bug where the option to archive project branches wasn't appearing

4.12.7

• Custom headers in HTML/PDF compliance reports now respect markdown formatting
• CSV issue exports from the inbox now use human-readable issue types
• The "Vulnerability Exposure Windows" graph has been removed from the vulnerability reports
• Internal changes for upcoming features

4.12.6

• Fixed a bug with HTML/PDF compliance reports where text was overflowing too far to the right

4.12.5

• Fixed an issue where removing an ignore rule would not refresh the Ignore Rules dashboard data

4.12.4

• Fixed an issue preventing some PDF reports from generating
• Stickied the Table of Contents in HTML Compliance reports. It will now remain on-screen while scrolling
• Fixed a bug preventing some users from ignoring an Issue within our new Ignore Modal

4.12.3

• Fixed a bug with Globally-enabled feature flags not being recognized in the UI 

4.12.2

• Internal changes for upcoming features

4.12.1

• Fixed a bug, and re-added custom organization logos to our new HTML and PDF compliance reports.

4.12.0

• Premium organizations can now create Ignore Rules to automatically ignore issues
• Project and Release Group compliance reports have been redesigned for the following formats:
  •  HTML
  • PDF
• Fixed an issue where Release Group HTML compliance reports included all licenses in the "First Party Licenses" section. This should now correctly show only First Party Licenses.
• Improved loading time for the PDF report preview
• Fixed an issue where the public version of the Project dashboard was inaccessible to users who weren't logged in
• Fixed a bug preventing the adjustment of the email field when generating Global Package Report Bundles

4.11.X

4.11.58

• Fixed a small runtime error on the "Edit License Policy" page
• Added support for the IBM type interpreter license 

4.11.57

• Anonymous users viewing publicly-shared reports should no longer see an error

4.11.56

• Internal Changes for upcoming features
• Minor internal version bumps

4.11.55

• Fixed an issue that caused the "Analyze this Revision" button to be un-clickable

4.11.54

• Copyrights and License Headers in reports are no longer feature-flagged, and now available to all
• Fixed an issue when parsing variables in pom files

4.11.53

• Internal changes for upcoming features

4.11.52

• Added PSF-2.0 to the Policies UI
• Internal changes for upcoming features

4.11.51

• Added license file details to SPDX reports
• Internal changes for upcoming features

4.11.50

• Improved Accessibility of Global Navigation Links
  • Dropdown items should correctly open in a new tab when middle-clicked.

4.11.46 - 4.11.49

• Internal changes for upcoming features
• Minor internal version bumps

4.11.45

• Fixed an issue where the incorrect build logs could be shown if a dependency is unresolved

4.11.44

• Fixed an edge case where a Project's SPDX report could have null for versionInfo

4.11.40 - 4.11.43

• Minor internal version bumps
• Internal changes for upcoming features

4.11.39

• Fixed a visibility issue within the billing tab

4.11.37 - 4.11.38

• Minor internal version bumps
• Internal changes for upcoming features

4.11.36

• Fixes references that end in ^{} 
  • Packages erroneously saved with these characters should no longer show them

4.11.35

• Minor version bumps
• Internal changes for upcoming features

4.11.34

• Plaintext SPDX report fixes and enhancements:
  • Added MD5 and SHA256 hashes
  • Fixed an issue with the checksum format, allowing it to be on one line
  • Optimized ExternalRef format to be one line
  • Fixed an issue where some packages could be duplicated in SPDX reports
• Fixed a bug, providing a more detailed HTTP error when using bad or missing authentication
• Added greater verbosity to the "Dependencies" tab of a project, showing which builds are in progress
• Deprecated feature cleanup
• Internal version bumps

4.11.33

• Fixed a bug where the Contributor Snapshot Summary CSV was out of order

4.11.32

• Added an integration setting for creating unique JIRA tickets by default
• Fixed a bug where, in a few cases, we were identifying the GPL with autoconf macro exception license as GPL with autoconf exception
• Minor database cleanup

4.11.31

• Audit Logs are now available when issues are marked as resolved in the UI
• Internal changes and additional code cleanup

4.11.30

• Fixed an edge case with SPDX reports where versionInfo would sometimes be null.
• Fixed an issue where not all licenses were displayed on the policy page
• Fixed a bug where we were finding erroneous SPL-1.0 licenses

4.11.29

• Fixed an issue with plaintext Project and Release Group reports HTML escaping special characters.
• Fixed an issue where some jobs that were OOM would be requeued - they should now fail when OOMKilled.
• Continued code cleanup
• Minor internal version bumps

4.11.28

• Fixed a bug causing 404s when clicking through to the "Billing" page
• Internal bugfixes

4.11.25 - 4.11.27

• Internal changes for upcoming features
• Cleaned up code left from deprecated features
• Internal version bumps

4.11.24

• Fixed an issue when exporting tickets from the Issue Details page.
• Internal changes for upcoming features

4.11.23

• Fixed a bug where Licensing and Quality Issues that came from the organization's package would never load the details page.
• Updated SPDX reports to include a PackageSupplier field for every package
  • If there is no author (supplier) for a package we will display NOASSERTION

4.11.22

• Added licenseListVersion to SPDX reports.
• Updated our SPDX reports remove invalid characters in SDPXRef- to be compliant with NTIA minimum requirements

4.11.21

• Internal changes for upcoming features

4.11.20

• Added support for .aar packaged Maven artifacts when attempting to identify licenses
• Fixed a bug where tag names would sometimes append ^{}
• Simplified our Release Group report API
  • Made email=true unnecessary
  • Removed emailAddress as it was already unnecessary

4.11.19

• Fixed a bug when using custom locators in SPDX reports

4.11.18

• Added an externalRef section and purl to SPDX reports
• Fixed a bug with CycloneDX report generation when there are unknown licenses
• Internal changes for upcoming features

4.11.17

• Fixed a minor UI issue
• Internal changes for upcoming features
• Minor internal version bumps

4.11.16

• Deprecated Package Inventory V1
  • If this affects you, please reach out to your customer success team
• Fixed an issue where emailed reports could generate invalid links
• Internal changes for upcoming features
• Minor internal version bumps

4.11.15

• Revamped the activity page to better disambiguate the build time from the commit time
• Enabled submitting, polling, and retrieving Release Group attributions reports via the API
• Internal changes for upcoming features

4.11.14

• Updated logic determining when a build is finished
• Increased performance when retrieving git-based dependencies with many branches and tags
• Addressed the root cause preventing the re-upload of projects previously part of another team
• Internal changes for upcoming features
• Minor internal version bumps

4.11.13

• Fixed an issue where the Audit/Due Diligence Report could time out and increased performance
• Minor internal version bumps

4.11.12

• Fixed a bug preventing the re-upload of projects previously part of another team
• Updated the UI to prevent reanalysis of old archive uploads that are no longer available
• Internal changes for upcoming features
• Minor internal version bumps

4.11.11

• Added the ability for fossa-cli to directly scan your code for licenses
• Internal changes for upcoming features
• Performance improvements

4.11.10

• Hotfix to address an internal issue
• Minor internal version bump

4.11.9

• Internal bugfixes and changes for upcoming features
• Minor internal version bumps

4.11.8

• Added uncategorized licenses to Policy exports

4.11.7

• Fixed a bug preventing free users from upgrading to a paid plan

4.11.6

• Fixed an issue preventing Quality Issues from being viewed
• Internal changes for upcoming features

4.11.5

• Improved accuracy of audit logging for changes to Licensing Policies
• Improved the Issue Comment Timestamp:
  • Added a tooltip on hover, showing the full timestamp
  • Fixed a minor grammatical bug
• Internal changes for upcoming features

4.11.4

• Added the ability to export FOSSA issues selected in bulk as individual JIRA tickets.
• Internal changes for upcoming features

4.11.3

• Added the ability to export licensing files (policies) to CSV and JSON
  • Users with the "Policy View" permission can export licensing policies.
• Hotfix to address an internal bug

4.11.2

• Organizations can now require a policy to be set when uploading new projects.
  • Please reach out to Support or your CSE team if you would like to enable this feature.
• Minor internal version bump

4.11.1

• Improved our dependencies sorting to show versions in order
• Internal changes and bugfixes

4.11.0

• Internal changes for upcoming features

4.10.X

4.10.51 - 4.10.56

• Internal changes for upcoming features
• Minor internal version bumps

4.10.50

• Updated our dependencies sorting to show, in order, top to bottom: Resolved, Queued, Failed, Unknown
• Fixed a bug where some dependencies were incorrectly being shown as Multi-license in HTML and Markdown Reports.
• Added a "License Identification" issue filter to select Declared or Discovered licenses
• Internal changes for upcoming features
• Internal version bump

4.10.49

• An ellipsis is now shown on tabs while projects are loading
• Internal changes for upcoming features

4.10.48

• Internal changes for upcoming features

4.10.47

• Fixed an issue that prevented users from viewing the dependencies tab if a build failed or, in some cases, was infinitely queued
  • We've improved the logic behind waiting for a dependency's build, and it should now have increased resilience. As a result, there should be fewer "Stuck" analyses.
• Minor internal version bumps
• Internal changes for upcoming features

4.10.46

• Internal bugfixes
• Minor internal changes

4.10.45

• Added support for importing an SBOM with APK PURLs
• Minor internal version bumps

4.10.44

• Fixed an issue where exporting Vuln Issues with a Fix Available filter could return an error after creating the ticket in JIRA.
• Fixed an issue where Copyrights could display incorrect dates and owners in some instances
  • The license's default copyright should now be shown in those instances:

    • Copyright (c) <year> <copyright holders>

• Fixed a couple of bugs in the CSV reports:
  
  • The "Declared Licenses" column should no longer show both declared and discovered licenses
  • License template markings (beginOptional, endOptional, and var) should no longer be shown in license text
• Various internal changes for upcoming features
• Minor internal version bumps

 

4.10.43

• Added optional support for full file uploads when performing CLI-side license scanning
  • Please reach out to Support or your CSE team if you would like this feature enabled.

4.10.42

• Fixed a bug where more than JPEG and PNG could be added to a custom report header
  • Adding any other file type could delay report generation indefinitely, the selection window should now be properly limited.
• Minor internal version bumps
• Internal changes for upcoming features

4.10.41

• Minor internal bumps
• Internal changes for upcoming features

4.10.40

• Minor visual improvements and bugfixes
• Minor internal bumps
• Internal changes for upcoming features

4.10.39

• Added support for adding a named "custom-license" and "proprietary-license" from the edit licenses modal
  
  • The following Project and Release Group reports show the title and text for custom licenses:
    • HTML
    • MARKDOWN
    • PDF
    • CSV
    • PLAIN TEXT

4.10.38

• Internal changes for upcoming features

4.10.37

• Minor internal changes

4.10.36

• Fixed a bug that could cause some Analyses to be delayed for an extended period
• Added support for showing License File Matches in csv and plaintext reports

4.10.35

• Fixed an issue where opening the "Paths" modal could error out with many dependencies

4.10.34

• Internal changes for upcoming features

4.10.33

• Minor internal version bumps

4.10.32

• We are now fully compliant with the NTIA conformance checker and thus, minimum elements
• Minor internal version bumps
• Bugfixes for SPDX reports:
  
  • Fixed a bug with authors in the supplier field
  • Removed ['NONE'] from licenseInfoFromFiles, as it was invalid
  • Fixed a bug where filesAnalyzed was not set to true, but licenseInfoFromFiles was included
  • Fixed a bug where unknown packages could have an invalid supplier

4.10.31

• Minor internal version bumps

4.10.30

• Released the new Contributor Count Report 
  • In the Organization settings, you'll see a new "Weekly Contributor Report" button. 
    • We've removed the direct download, and replaced it with an email that includes a link to a .zip with the following:
      • Summary
        • Contains active contributor count from the last 90 and 365 days
      • Weekly Contributor Report
        • Contains detailed information about the associated email, Active Projects, Latest Project, Latest Contribution Date, and whether they have been active in the last 90 days. 

4.10.29

• Increased the Organization Label limit from 100 to 500
• Fixed an issue where the "Projects" count would disappear from the issues inbox if your viewport was too small
• Minor internal changes

4.10.28

• Contributor reports will now be .zip files instead of .tar.gz files
• Plaintext reports will now group the Raw Text with the Found licenses
• SPDX Reports now include "DEPENDENCY_OF" in the relationships data

4.10.27

• Fixed a bug and improved performance when generating Contributor Snapshots

4.10.26

• Added a checksum for each package to SPDX reports
• Minor performance improvements
• Minor internal version bumps

4.10.25

• Fixed a bug where "supplier" and "originator" fields were not being generated correctly for SPDX reports
• Internal version bumps and upgrades

4.10.24

• Backend changes for upcoming features
• Minor internal version bumps

4.10.23

• Un-hid the feature flag to disable the "Add Project" button on homepage.
  • Please get in touch with your Customer Success team if you'd like the button disabled in your organization.
• Minor internal bug fixes

4.10.22

• Added the ability to select a default JIRA project per Issue Type (Security or Licensing)
• Internal bugfix

4.10.21

• Added the option to change which "Resolved" JIRA statuses will "Ignore" an issue in FOSSA.

4.10.20

• Minor Internal version bumps
• Slight performance improvements

4.10.19

• Major internal version bumps
• Fixed an issue where more projects than intended could be added to teams if using "Select All"
• Fixed a visual bug that where a Square checkbox may appear as a Parallelogram
• Added a "Last 90 days" column to the contributor report, showing if a user was active
• Fixed a timestamp format in the contributor report

4.10.18

• Minor visual improvements
• Minor internal version bumps

4.10.17

• Added a banner to all tabs when a project is still analyzing
• Internal version bumps
• Fixed a bug where some jobs were not timing out as intended

4.10.16

• Added a tooltip when viewing Git vulnerabilities
• Minor internal version bumps
• Backend improvements

4.10.15

• Fixed a bug where empty projects titles could be saved
• Added additional header information to SPDX Reports:
  
  • "Creator" field now contains: Organization, Person (Author), Tool Used.
  • "DocumentDescribes" section which references all SPDXRef-Packages in the document.
  • PackageFileName, PackageOriginator, and PackageSupplier sections have been added to top-level projects
• Fixed a bug where an SBOM Import could fail if using APK PURLs
• Minor internal version bump

4.10.14

• Added support for the BSD2 Views Clause License
• Internal version bumps

4.10.13

• Internal changes for upcoming features

4.10.12

• Major internal version bump

4.10.11

• Internal version bumps

4.10.10

• Backend changes for upcoming features

4.10.9

• Updated our CVE Dispute Service to reflect the recent changes to our remediation panel
• Internal changes for upcoming features

4.10.8

• Internal version bumps and changes for upcoming features

4.10.7

• Internal version bumps
• Internal changes for upcoming features

4.10.6

• Added the ability to save a set of filters on the Issues Dashboard.
  • Saved Filters are available Org-Wide
  • Options to Reset, Save, Save As, Rename, or Delete your selected filters via the Menu button

4.10.5

• Added a tooltip on hover when a Dependency has many licenses, improving readability
• Fixed visual bugs:
  • Items in the sidebar should no longer escape their bounding box
  • The "No Results" page now has a background as intended
• Internal changes for upcoming features

4.10.4

• Fixed a bug where editing dependency information could cause report generation to fail
• Internal changes for upcoming features
• Added support for license.html and licence.html files

4.10.3

• Internal version bumps
• Fixed a minor visual bug on the Issues page where two borders were being drawn
• Internal changes for upcoming features

4.10.2

• Internal bump reversion

4.10.1

• Minor internal changes for upcoming features

4.10.0

• Version bumps
• Added a pagination footer
  • Where supported, you can now use a drop-down to select how many results are returned per-page

4.9.X

4.9.1

• Minor internal changes, version bumps

4.9.0

• Version Bumps
• CycloneDX Reports can now be generated on Non-Premium Organizations
• Minor UX improvements
• Internal changes for upcoming features

4.8.X

4.8.18

• Minor version bumps
• Internal Improvements
• Internal changes for upcoming features

4.8.17

• Internal version bumps
• Fixed an issue where the "Ignore Reason" was not being properly applied in Issues V2

4.8.16

• Minor internal version bump
• Fixed an issue where triage notes were not appearing in the Audit Due Diligence Report.

4.8.15

• Internal changes
• Minor version bumps
• Changes in preparation for upcoming features

4.8.14

• Introduced the reworked Vulnerability Remediation Panel 
  • Now details when No fix, a Partial Fix, or a Complete Fix is available.
• Internal changes, cleanup

4.8.13

• Minor internal version bump
• Internal changes for upcoming features

4.8.12

• Minor internal version bumps
• Visual change: Release groups that have not been scanned will now show "..." instead of "0" for a less confusing experience

4.8.11

• Minor internal version bumps
• Internal changes for upcoming features

4.8.10

• Fixed an issue where creating a ticket for all visible issues could include additional issues
• Internal changes

4.8.9

• Internal version bumps
• Added support for the following Licenses or Disclaimers:
  
  • Instabug License
  • Intel Copyright Dislcaimer
  • Pallets' Flask Logo License
  • Pushwoosh License

4.8.8

• Internal improvements
• Improved the speed of fetching GitHub Packages
• Fixed a bug where the "Delete" modal contained pre-filled text
• Internal changes for upcoming features

4.8.7

• Internal changes

4.8.6

• Added a hidden feature flag to disable the "Add Projects" button in the UI.
  • Reach out to your CSM, or CSE, to enable this feature.
• Internal changes for upcoming features

4.8.5

• Internal changes and version bumps

4.8.4

• Internal version bumps
• Fixed a bug that could cause a report to fail
• Fixed an issue causing the "Projects in Release Group" Count to increase when a new release was created 
• Minor visual changes

4.8.3

• Internal changes for upcoming features

4.8.2

• Internal version bumps
• Minor changes

4.8.1

• Internal version bumps
• Fixed a bug where users were unable to view issues from previous revisions
• Added link to documentation in project labels
  • https://docs.fossa.com/docs/projects-ui-whats-new#labels 

4.8.0

• Internal version bumps
• Internal changes for upcoming features

4.7.X

4.7.6

• Auto-Ignore Issues (Please contact your CSE/CSM to enable this feature)
  
  • https://docs.fossa.com/docs/issues-ui-whats-new#auto-ignore 
  • Fixed a bug where some issues were not auto-ignored when meeting criteria
• Minor internal version bumps

4.7.5

• Fixed an issue where the "Homepage" link was present for some issue details when no link was available.
• Added a filter to view by "Declared" or "Discovered" licenses.

4.7.4

• Minor internal version bumps
• Added a redirect for older security issues, so they are viewable on IssuesV2

4.7.3

• Internal Improvements

4.7.2

• Internal Bumps
• Added "Project View" in Release Group Reports
  • CSV and HTML reports will now show first-party licenses by Project

4.7.1

• Hotfix - Resolved issue where users were unable to delete release groups in Projects V2
• Minor internal bump

4.7.0

• Projects V2 released, and enabled globally
  • Please reach out to your CSE/CSM if you would like to opt out of this feature
    • Project Labels are included with Projects V2, and will also be disabled upon opt-out
• Internal improvements
• Minor version bumps

4.6.X

4.6.2

• Fixed an edge-case that could cause you load an empty page
• Internal Improvements

4.6.1

• Fixed an issue where a Webhook URL may not be displayed when setting up Jira functionality
• When exporting Issues, a link to the issue in FOSSA will now be included for every issue type.
• Minor version bumps

4.6.0

• Using the CLI to analyze URL-Based dependencies will now show which URLs have failed
• Fixed a bug where revisions with zero dependencies appeared to be "Stuck"
• Minor version bumps

4.5.X

4.5.33

• Minor internal changes and version bumps

4.5.32

• Fixed a bug where an error message could persist across multiple modals
• Minor visual improvements 
• Minor version bumps

4.5.31

• Minor version bumps
• Fixed a visual bug caused by adding a manual dependency
• Package URL is now included in Exported Vulnerability Issues

4.5.30

• Internal Changes

4.5.29

• Added Issues V2 support for Release Groups
• Fixed a bug where some users were unable to be added to notifications
• Internal version bump
• Projects V2:
  • Selecting multiple labels will now use "OR" logic

4.5.28

• Minor internal changes
• Projects V2:
  • Visual Tweaks
  • Small bug fixes

4.5.27

• Minor internal changes
• Internal version bump
• Projects V2:
  • More visual tweaks

4.5.26

• Fixed a small bug

4.5.25

• Minor internal changes
• Projects V2: 
  • Fixed a duplicate project selection bug
  • Org Label now persists when switching tabs
  • Visual Tweaks

4.5.24

• Performance improvements
• Minor internal version bumps
• Projects V2:
  • Slight visual tweaks
  • From the dashboard, clicking a project's "Total Issues" will now load the project summary

4.5.23

• Minor bump
• On-premises instances will no longer load Stripe and will only load Delighted when enabled
• Fixed a bug where saved filters would not load properly

4.5.22

• Removed an edge case that caused a page crash.
• Removed option to use Gravatar, replaced with default image.
• Added a banner that appears when a revision must be rebuilt
• Minor internal changes
• Performance Improvements, bug fixes
• Improved the functionality of the "Bulk Selection" banner
• Additional Performance Improvements!
• Minor UX improvements
• Additions for upcoming changes
• Projects V2:
  • Improved behavior of the "sort" arrows

4.5.21

• "fossa test" command will now show CVE ID and next available version that resolves the issue
• Minor internal changes

4.5.20

• Minor performance improvements

4.5.19

• Minor Internal changes, version bumps
• Projects V2:
  
  • Minor visual tweaks

4.5.18

• Minor Internal changes, version bumps
• Projects V2:
  
  • Changed "Revised" column to "Last Scan"
  • Unscanned projects show last when sorting total issues by "Descending"

4.5.17

• Changed the "Depth" column terminology in exported CSVs from "deep" to "transitive"
• Minor Internal changes, version bumps

4.5.16

• Added de-duplication of dependencies within plaintext attribution reports based on the dependency depths (Direct/Transitive) - Please get in touch with your CSM to enable this feature.
• Fixed an issue where SPDX reports were exported with an incorrect file extension.
• Minor version bumps

4.5.15

• Minor Internal changes, version bump
• Projects V2:
  • Added ability to click through to the appropriate issues page based on selected "Issues" sorting method
  • Added notification toast for bulk actions

4.5.14

• Minor Internal changes
• Projects V2:
  • Disabled "Reset Filters" button when no filters are selected
  •  Added a selection reset after adding a project to a team

4.5.13

• Added dependency depths to plaintext attribution reports (Direct/Transitive) - Please get in touch with your CSM to enable this feature.
• Minor Internal changes, version bumps, performance improvements
• Projects V2:
  • Fixed an issue where clicking a label leads to infinite loading

4.5.12

• Minor Internal changes, version bumps
• Projects V2:
  • Added result count under "Filter" banner
  • Added ability to remove projects from a team
  • Added header to filters pane with link to reset all filters
  • Added permissions check when TeamID filter is used

4.5.11

• Minor Internal changes
• Projects V2:
  • More minor styling changes
  • Replaced -- with "Unscanned" in the tooltip when hovering on an unscanned project.
  • Hid the "Create release group" action when looking at release groups.

4.5.10

• Minor Internal changes, version bumps
• Projects V2:
  • Added ability to filter release groups by TeamID

4.5.9

• Removed dependency paths from Global Issues CSVs due to network bug with very large "issue" export
• Minor Internal changes
• Projects V2:
  • Added ability to create release groups from Projects V2 Dashboard

4.5.8

• Added dependency paths to exported Issue CSVs
• Minor Internal changes
• Projects V2:
  • Small styling changes
  • Implemented filtering by TeamID

4.5.7

• Minor Internal changes
• Minor Performance improvements
• Projects V2:
  • Fixed a bug where page size change would cause an infinite load
  • Converted "Project Attributes" radio filter to checkboxes
  • Added support to select multiple project types

4.5.6

• Added Team, Usage (Direct/Deep), and Depth (Numeric) columns for exported Issue CSVs
• Minor Internal changes
• Projects V2:
  • Fixed a bug where the "Title" column was displaying the incorrect string
  • Added the ability to add projects to a team from the "Actions" menu
  • Added ability to filter projects by Labels
  • Updated backend to support filtering by multiple types
  • Small grammatical changes

4.5.5

• Added "Base Layer" and "Other Layers" Filtering for Container-type Projects
• Minor Internal changes
• Projects V2:
  • Added the UI components to filter projects by basic criteria.
  • Added ability to click anywhere on the row when selecting Projects
  • Minor visual changes

4.5.1 - 4.5.4

• Minor Internal changes

4.5.0

• Resolved an issue where long filter names were causing a visual Bug
• Added a "Reset Filters" button when filtering returns no results
• Added support for Unity Licenses
• AddedignoredAt,ignoredReason,ignoredNote,ignoredByto exported CSVs
• Minor Internal changes

4.4.X

4.4.42

• Changed default action for new licensing policies to "Approve"
• Implemented "Delete Project" Menu action for Projects V2
• Minor Internal changes

4.4.41

• Minor Internal changes

4.4.40

• Added a tooltip on the "Revised" column for Projects, showing a user-friendly timestamp.
• Minor Internal changes

4.4.39

• Minor internal changes

4.4.38

• Fix bug with IssuesV2 where counts would be incorrect/stale after exporting or unlinking Jira tickets
• Fix false positive license matches to the strings "GD" and "CCL"

4.4.34 - 4.4.37

• Minor internal changes

4.4.34

• Add SBOM Imports functionality to all premium accounts
• Persists CLI telemetry data, even for on-prem instances

4.4.33

• Enables CycloneDX support for premium users

4.4.32

• Fix bug where Primary Licenses weren't being grouped correctly in reports.

4.4.31

• Minor internal changes

4.4.30

• Fix bug where a maven dependency with "null" in its name attribute had its title set to "null"

4.4.28 - 4.4.29

• Minor internal changes
• Minor UI changes

4.4.27

• Fix bug in IssuesV2 where project issues subnav was sometimes overwritten with data from global issues subnav

4.4.24 - 4.4.26

• Minor internal changes

4.4.23

• Fix bug where ignored issues were being included in exported CycloneDX reports
• Include vulnerability recommendation/remediation for vulnerabilities in exported CycloneDX reports

4.4.19 - 4.4.22

• Minor internal changes

4.4.18

• Minor Internal changes

4.4.17

• Performance improvements

4.4.16

• Minor internal changes

4.4.15

• Default to ANDing instead of ORing licenses found in the same file

4.4.9 - 4.4.14

• Internal changes

4.4.8

• Fixes incorrect Badge status

4.4.7

• Fix bug where deb locators sometimes downloaded just a .dsc file, resulting in an unlicensed dependency
• Fix bug where Jira ticket would provide invalid FOSSA link

4.4.6

• Internal changes

4.4.5

• Internal changes

4.4.4

• Migrated all cloud users to Quick Import V2

4.4.3

• Adds support for a variant of AmazonLinux

4.4.2

• Internal changes

4.4.1

• Adds feature flag for CycloneDX reports
• Fix bug where webhook data was not properly being hydrated for Quick Import builds

4.4.0

• Removes all support for "agents" (which was replaced with Faktory)

4.3.X

4.3.22

• Adds beta container scanning support for amazonlinux containers (behind feature flag)
• Fix bug where free users couldn't see issue details

4.3.21

• GitHub commit history is now populated as part of webhook callbacks
• UI changes

4.3.17-4.3.20

• Internal changes

4.3.16

• Fix bug where users could sign up for paid plans with 0 seats
• Nuget scanner will no longer select pre-release versions as the latest version

4.3.15

• Internal changes

4.3.14

• Internal changes

4.3.13

• Fix bug where remediation advice/next safe version was not being displayed for Linux security issues
• Fix bug in Github badge

4.3.12

• Internal changes

4.3.11

• Internal changes

4.3.10

• Minor internal changes

4.3.9

• Account dropdown in the top right of the page is now "right-clickable"

4.3.8

• API Tokens are now hidden in the UI by default

4.3.7

• Dependencies without parents are now NOT treated as direct dependencies by default
• Minor internal changes
• Minor UI changes

4.3.6

• Add feature flag to enable addition of Dependency Locators to plaintext reports
• Fix bug where issues weren't being fetched properly when switching tabs

4.3.5

• Internal Changes
• Minor UI Changes

4.3.4

• Minor internal changes

4.3.3

• Disallow users from entering arbitrary categories in IssuesV2 URLs
• Update Header UI to only display relevant actions when issues are selected

4.3.2

• Fix broken link to "Security Issues" from a project's dependency page
• Fix bug where release group issues weren't loading (if IssuesV2 is enabled)
• Omit search parameter from URL when it's empty

4.3.1

• Fix bug where Maven dependencies were not properly resolving
• Minor internal changes

4.3.0

• Adds in-app note that FOSSA only supports text-based custom fields for Jira
• C/C++ detection is now enabled by default
• Minor UI fixes

4.2.0

4.1.0

• Adds "Custom License" to the list of selectable licenses

4.0.0

• Adds a Full License Text tab when looking at license matches in the Licenses tab of a project
• Adds better logging for VCS connection errors
• Adds the ability to add specific CVEs to the Allowed column in a security policy
• Adds support for experimental container scanner for fossa-cli
• Audit logs now record changes to policy rules & titles
• Audit logs now record changes to a policy's default action for uncategorized licenses
• Builds will now correctly identify newly imported projects
• Build logs can now be viewed directly in the browser instead of downloading by default
• Fix bug occurring during org-wide security report generation
• Build logs were not available through the FOSSA UI for certain configurations of FOSSA
• Fix bug occurring during the build process for projects with dependency remediation enabled
• Fix bug where builds that were still being processed were sometimes erroneously marked as failed
• Fix bug where dependency lists weren't loading for free organizations
• Fix bug where emails were being sent from the application with an empty subject line
• Fix bug where PostgreSQL was generating an excessively large CTE resulting in OOM errors
• Fix bug where private project information from external services was not being returned properly
• Fix bug where Full API Tokens were being generated as push-only
• Fix bug where GitHub-imported projects were not able to export issues to Jira
• Fix bug where ignored dependencies incorrectly showed ignored status in the Dependencies page
• Fix bug where Linux dependencies were not being correctly identified as vulnerable
  • This was due to how we internally represented vulnerabilities with Linux distro versions.  We will now detect vulnerabilities as long as a Linux dependencies distro version has the same major version as the reported vulnerability.
• Fix bug where NPM packages with malformed licenses fields could cause the dependency analysis to fail
• Fix bug where the security policy page was crashing when there were no allowed CVEs specified during the policy creation
• Fix bug where Themis crashes when scanning Samba and chkconfig
• Fix bug where users could not sort projects by title on the project dashboard
• Fix bug when navigating from Teams page back to Dependencies page
• Fix bug occurring while setting organizationId when resolving a dependency
• Fix bug during account creation where email was not persisting while changing contexts from "logging in" to "registering account"
• Fix bug resulting in redundant QueueIssueScansForRevisions jobs due to revision watchdog
  • This was resulting in a heavy database load
• Fix bug resulting in invalid project URLs when exporting issues to Jira
• Fix bug resulting in unlicensed dependencies when Themis knows a license, but the web app doesn't
•  
• Global Issues CSV Report has been split into Three Separate Files
• Global Issues CSV Report now includes Dependency paths column
• Global Issues CSV Report now includes issues with the outdated_dependency type
• Improves performance of the /api/organizations/:id endpoint, which is used to retrieve organization data
• Improves Python Package Resolution from PyPI
• Improves performance of /api/projects endpoint for the Package Inventory UI
• Improves performance of project deletion
• Improves vulnerability issue data integrity
• Increase timeout for Organization Package Bundle Report
• Introduces better retry logic for Linux dependencies, which allows complete fresh analysis when the "Reanalyze" button is used, or if you retry building an "incomplete dependency"
• Minor UI/UX/Performance Improvements  and License Corrections
• Now displays build status for "incomplete dependencies"
• Now displays issue counts directly on the Projects Dashboard
• Now automatically expands the direct dependencies section in the dependencies view for a project.
• Project Level CSV Issue Exports now only contain the selected issue type
• Refactor GitHub Badge templates
• Resiliently tries candidate download URLs when trying to analyze Linux packages when the primary source of artifact fails
  • This should resolve the "incomplete dependencies" problem occurring for container scanning when the primary download URL is not valid anymore for any reason
• SSO and LDAP authentication is now properly restricted to Enterprise-level organizations only
• Temporarily disables the usage of the Go Download Proxy
• Updates Pip package resolution to more reliably access PyPI
• Updating Licenses will automatically trigger a policy scan on your project, instead of asking for confirmation.

3.47.0

• Adds support for issue diffs in the fossa test API
• Allow fossa-ci builds to be enqueued when both fossa-ci and Faktory are enabled
• Changes "exclude base layer" functionality to also exclude dependencies if they are found in other layers in addition to the base layer
• Fix issue where users authenticating via LDAP who did not have an email address were unable to log in
• Fix issue with Linux/Container Scanning builds
• Fix side panel search to handle whitespace correctly
• FOSSA will now re-scan all projects when the "Risk Intelligence" feature is enabled or disabled
• Handle invalid lastUpdated timestamps in maven-metadata.xml files correctly when fetching Maven dependencies
• IDE Integration feature flag will by default provide full access to /vuln/by-locator
• As always, there were additional minor/internal changes not included in this report

3.46.0

• All releases were minor and/or internal changes that do not impact end-users in any meaningful way

3.45.0

• BILLING CHANGE: You may select any number of contributors between 1-100 while upgrading your FOSSA account through the UI. You will still need to contact the sales team for teams > 100 contributors
• Self Service Security is now available! Explore the new billing page to compare FOSSA plans and make changes to your organization's subscription.
• Admins in Free organizations can now remove users from their organization
• Add a Contributor Tracking Report to the account/settings/organization settings page
• Add a feature flag to allow organizations to default to Archive Uploads for vendored dependencies
• Adds new licenses to FOSSA app
• Adds additional resilience when fetching Pip dependencies to reduce the incidence of missing metadata
• Adds elementary support for OracleLinux OS
• Adds GET /api/vulns/cve/:cve endpoint
• Adds beta support for Fedora and SLES for container scanning
• Audit Logs are now available when issues are marked as resolved in the UI
• Audit log entries will now correctly display package name when licenses are added/removed
• Correct the title of "Global Package Report Bundle" on the Reports page
• Enable skipping of cli-side license scanning if a revision has already been scanned
• FOSSA's Go support is now aware of the Go module proxy and will attempt to resolve packages there if they fail to resolve against the source code host
  • Users who experienced "unknown dependency" issues when scanning Go projects should see fewer such issues moving forward
• Go fetcher now properly handles Go vanity import URLs that return non-success status codes or contain multiple meta tags
• Go fetcher no longer incorrectly truncates URLs of vanity package imports
• Go dependencies with .git VCS qualifiers are now supported regardless of path length
• Go proxy strategy now correctly downloads pseudo-versioned dependencies
• Failed builds for dependencies now show a link to view the build logs
  • These logs will be useful for troubleshooting failed builds with FOSSA Support
• Fix bug that was preventing recursive decompression of .rpm files
• Fix bug where BSD-2-Clause licenses with the Views clause are now recognised as BSD 2 Clause
• Fix bug causing website to crash on issues page
• Fix bug preventing some projects from being listed in projects page
• Fix bug where manually edited copyrights weren't showing up in reports
• Fix bug where manually adding a dependency would prevent future revision dependencies from being cached
• Fixes intermittent failure experienced in fossa test due to graceful exit of build tasks
• Fix bug where older versions of fossa-cli (< 3.1.4) with a fossa-deps.yml file that had no vendored_dependencies section caused an error
• Fix bug with duplicated matches on Issues tab
• Fix bug where Swift packages were incorrectly resolving when version expression is provided for Git tags with version prefixes

• Fix an issue on the dependencies table where Unknown Dependencies were being displayed in the Incomplete Dependencies section

• Fix issue around updating the contributor count for an organization after a project is added
• Fix issue with unlinking an issue from Jira from in a release group issue
• Fix issues that occurred when creating or updating a Jira instance
• Fix issue where attribution reports were failing to generate when there were a large amount of duplicate copyrights
• Fix account dropdown overflow issue in the reports page
• Fix hover issue with account dropdown disappearing if the mouse is moved too slowly
• Fix issues with CVSS filter timing out
• Fix issue with filtering out certain package managers in the package inventory search
• Fix bug occurring with some release groups when running Policy Scanner
• Fix bug where security issues were being returned for vulnerabilities that have been disabled by FOSSA as a known false-positive
• Fix bug where user Gravatars were not properly displaying on issue comments

• Fix bug where users' tokens were being invalidated if that user requested a password reset

• Fix bug where report history wasn't displaying new reports
• Fix bug where users on legacy plans were being shown incorrect pricing
• Fix bug where vulnerability reports would display charts on a linebreak, rendering them unreadable
• Fix bug where the error message was not properly displaying when unable to connect to GitHub to invite users
• Fix bug with SAML users in Chrome being improperly redirected to sign-in page when accessing URL from CLI
• Fix bug where Maven service was not including license information from the parent module
• Fix bug where NPM project scans were hanging indefinitely
• Fix bug where public report live links were not working
• Fix bug resulting in container scanning to fail
• Fix UI bug in the "Ignore Dependency" modal that blocked functionality
• Fix bug where saving changes to edited licenses would clear custom copyright text
• Fix bug where license scanning/build was failing for NuGet packages when they contained LICENSE files that the user did not have "read" access to
• Fix bug where Go fetcher would incorrectly truncate vanity package import URLs
• Fix bug where Go dependencies sometimes did not resolve correctly
• Fix bug where new on-prem customers would see problems when migrating new databases
• Fix Latest Version reference in Package Inventory to point to correctly point to the latest version of the package
• Fix bug where password resets were failing due to rate limiting
• Fossa now considers terms license and licence equivalent in the license scanner, leading to more accurate license detections.
• Improve the markdown sent when exporting tickets to Jira.
• Improve error messaging when security scanning is not enabled for container scans
• Improve Go fetcher to now properly handles Go vanity import URLs that return non-success status codes or contain multiple meta tags
• Improve Go proxy resolution strategy now properly handles mixed case identifiers per the proxy protocol
• Improve error message displayed during password resets
• Improve request/response time for GET /api/projects endpoint
• Increase the amount of versions being shown for a given package in the package inventory page
• Issue notifications sent to Slack now include a description of the issue and link directly to the issue in the Issue Dashboard
• Licenses in the policy editor are now correctly sorted alphabetically
• Maven binary JARs will now be scanned in the event source JARs are unavailable
• Minor UI Improvements
• Notice text for Apache is no longer enough alone to indicate Apache 2.0 license
• ON-PREM: Organizations may now diable the "Go Modules Proxy" tactic for resolving Go Packages
  • This is intended for users who explicitly allowlist dependencies, and for whom it is preferable to fail resolving a dependency during a git host outage than to fall back to the Go Modules Proxy
• Organization-wide Vulnerability Reports are now available. These reports contain the same metrics as the Project Vulnerability Reports such as issues over time, exposure windows, and a list of vulnerabilities with open Security Issues
• Overhauls Jira settings and provides support for custom fields
• Contributor Reports now retain the titles of deleted projects
• Show relevant errors when manually overwriting a dependency fails
• UI will now correctly capitalize "GitHub" and "GitLab"
• Users must now have "Organization / View Projects" permission to download contributor reports
• When previewing a project report with licenseCorrections V2 enabled, only a subset of dependencies and matches are displayed

3.44.0

• Add excludeParents to the /api/issues/list-minimal endpoint, removing the parents array from the response, reducing payload size
• Add four new licenses: HPNDSellVariant, MITOldStyle, X11OpenGroup and XFree861_0
• Add support for saving new Jira fields to the backend
• Add tooltip on licenses in the "Policy Editor" page
• Changes to Vulnerability endpoints
  • /api/projects/:locator/export-issues is now deprecated in favor of the following endpoints:
    • /api/projects/:locator/export-issues/json
      • This endpoint contains the same information as the original endpoint but collapses the CWE and Reference fields of Vulnerability Issues into the respective fields of a given Affected Project, resulting in a smaller payload
    • /api/projects/:locator/export-issues/csv
      • This endpoint is equivalent to /api/projects/:locator/export-issues?format=csv
  • Name, CVSS, and CVSS Severity fields are now included in all vulnerability issues
• CSV reports no longer encode paths for signed URLs
• Decrease memory pressure when generating/uploading CSV reports
• Generating global CSV reports as a direct download is no longer supported. Now, users should use the Reports dashboard or queue a task using POST /api/issues/csv/global
• Fix bug concerning Maven dependencies with classifiers
• Fix bug where compound licenses reported by the new license scanner were being detected as unlicensed
• Fix bug where creating JIRA ticket for certain vulnerabilities would result in an error
• Fix bug where CSV and JSON reports of issues for a single project were only listing the selected project instead of all affected projects
• Fix bug where dependencies with versions that don't conform to semantic versioning were preventing quality issue scans from completing successfully when they are included in "Allow" or "Deny" lists on policies
• Fix bug where EPL-2.0 licenses were being misidentified as EPL-1.0
• Fix bug where generating vulnerabilities report was showing an inflated issues count
• Fix bug where importing projects from Bitbucket wasn't working
• Fix bug where newly added license matches weren't showing for monorepo scans
• Fix bug where on-prem users who have disable_signup_page in their config but want to invite email signup users were unable to invite users
• Fix bug where pages containing tables were failing to load in the organization settings
• Fix bug where pip packages had the wrong download URL
• Fix bug where policy scans were happening before licenses were discovered for dependencies
• Fix bug where PDF reports were failing due to a null project description
• Fix bug where revisions that have been re-built were not being scanned again if the revision had previously been built and scanned
• Fix bug where SCAN agents weren't properly displaying task status
• Fix bug where stale data was being displayed while a project loads
• Fix bug where the query used to list issues was including affected projects which show the issue as resolved
• Fix bug where users were unable to re-analyze a dependency
• Fix bug where vulnerabilities weren't being cached correctly
• Improve automatic policy rescanning to include default branches regardless of whether or not they're listed in the Tracked Branches
• Improve error messages shown in FOSSA CLI when the project and/or revision is not found
• Improve error message for PUT /teams/:teamId/project endpoint
• Improve file name of the Global Issue Export CSV to be more human-readable
• Improve performance of the /api/issues/list-minimal endpoint
• Improve consistency/performance of issue scanning on large organizations when re-scanning the entire organization
• Improve how we create customers and manage subscriptions within the payment handler
• Minor changes to PDF generation that shouldn't impact customers
• Minor performance improvements
• Minor UI improvements
• On-prem customers can now set up cron-jobs to re-scan all security-enabled projects
• On-prem customers will now have up-to-date vulnerability issue data even without sending new revision data to FOSSA
• Release group attribution reports will now return a default report if no options are specified
• Remove a semicolon that was accidentally being rendered on the global reports page
• Revert a regression in the issue export API which changed the Reference attribute to References in legacy export issue API
• Update copyright info in email notifications
• Upgrade to Node.js v12

3.43.0

• Add additional licenses
• Add Dependency Depth to CSV report
• Add "depths" to `/issues` API response
• Fix bug where Go packages aren't being fetched properly
• Fix bug where license correction won't save if certain fields are empty
• Fix bug where project correction won't save if certain fields are empty

3.42.0

3.41.0

• Improves reporting of user-defined dependencies to now include the file path of the dependency

3.40.0

3.39.0

3.38.0

3.37.0

3.36.0

• Show archive upload progress 
• Hide toolbar for previews

3.35.0

• Index later version of Go lang so that having Go as a dependency does not return very old version of Go
• Change UI behavior not to reload the page on every "Issue ignore"
• Move several additional internal tasks to Faktory workers
• Adding support for Container scanning
• Add severity field to Vulnerability issues
• Modify snippet expansion and highlighting in Monorepo projects
• Enable obtaining all package versions from the NuGet repository and limit the size of the title field
• Expand the list of supported file types for archive upload
• In Monorepo projects show notes preview in File Browser.
• Expand Logging to Policy changes and events where a new project is added
• Improve the quality of Security Issue export to Jira
• Add proprietary language feature flag, to improve runtime when proprietary language detection is not needed
• Limit users that can view via API
• Fix issues with the "GPL with Exception" license
• Change functionality of reloading project after ignoring a Dependency    
• Introduce feature-flagged ability to enable binaries as Dependencies 
• Save Themis (License Scanner V2) version of analysis into Revision (visible only if converted to Themis)
• Move most backend tasks to be executed via Faktory (enable restart after network outage)

3.34.0

• Expand Audit Log to include information about Release groups
• Create a direct link from Dependencies to the corresponding Issues
• Remove issue when in some cases direct dependency that is also a deep one appears as deep 
• Add file list CSV export to Monorepo projects 
• Add layer indicator to issue UI

3.33.0

• Display integration setting tab for all org users
• Fix an overflow issue in the global package report modal
• Provide more clear error messages for some states
• Refactor archive upload API and add 'Description" as a query parameter
• Separate container layers in the UI into the base and other layers
• Delete expired user invitations    

3.32.0

• Add option to duplicate banner
• Fix technical issue with project import search
• Add layer information to Issues API for container scanning
• Migrate the first job to Faktory, to be able to automatically recover after network outage 

3.31.0

• On the vulnerability page remove the NVD link from the reference
• Make sure that comparison can only be done between successfully analyzed revisions
• Add ability to identify commercial language in AOSP projects
• Create backend representation for user-defined dependencies
• Stability improvements for archive upload 
• Add support for withdrawing user invitations
• Show suggested Notice files in AOSP projects, where no file previously existed
• Create more visible project types in the front-end
• Create Auth Settings page in the UI
• Modify relationship of project corrections to scan, where corrections applied before scanning
• Refactoring of analysis build manager, to improve the reliability of analysis workflow
• Add revision ID to exported issue data
• Integrate the new license scanner
• Add per organization notification banner 

3.30.0

• Remove policy selections step in the mandatory onboarding flow
• Make sure that RBAC always allows users to fetch their own account
• Make sure that revision selection is always populated and make sure the "current" version matches the revision of the page
• New authentication/sign-up workflow, to clarify allowed types of log-in within the organization

3.29.0

• Conda fetcher
• Add AOSP/Ninja API endpoint

3.28.0

• Refactor user invites
• Redesign password reset page
• Save default organization settings
• Streamline inference of dependency graph 
• Add support for pip3
• Simplify docker file image used for the deployment
• Create API endpoint to fetch and delete user invitations
• Make sure that new users corresponding to an existing organization get routed correctly
• Add JSON format to issue export endpoint

3.27.0

• Fix issue totals count in Issues Dashboard
• Internal foundational refactoring
• Add Unaffiliated Licenses to Issue Export

3.26.0

• Update Release Group reports to show all projects
• AOSP project row generated Notice files
• Show selectable revisions in dropdown
• Do not delete team associations when deleting projects
• UI update: Paginate to fetch all users in Organization Settings
• Bugfix for rendering Public Reports
• Fix API request body typings for endpoint for updating a release

3.25.0

• Back-end Vulnerabilities update
• Filtering update
• Fix parse issues for go- and git-fetcher URLs

3.24.0

• Support tracking visits to publicly shared reports
• VPS Update: AOSP Notice suggestion available from server
• Updates to FOSSA login

3.23.0

• Ability to create an API token for users created by an Admin for the API
• Back-end VPS updates
• Bug fixes to policy and issue viewing permission checks
• Display exact or overlapping license match groups depending on the context
• Support saving both user and organization changes simultaneously

3.22.0

• Upgrade to node-Postgres
• Internal foundational refactoring
• Bugfix for removing a project from a Release Group
• UI update for Archive Upload header
• Update to FOSSA authentication for registration flow
• Minor UX update with claiming a domain for Google Single-Sign-On (SSO)
• Login flow update
• Frontend update for verifying a domain for LDAP
• SAML domain verification update
• Enable displaying notice suggestion for Makefiles

3.21.0

• UI update: Remove the "Last confirmed" column from Affect Projects
• CSV report preview
• License reports formatting update
• VPS Update: AOSP Notice File editing
• Unaffiliated License Issue Deep Link
• UI for editing Notice File content
• Prevent OAuth logins if SSO is required and is configured

3.20.0

• Fix issue with FOSSA underreporting dependencies in FOSSA CORE
• LDAP improvement
• UI Bug: Fix teams overflow in the users table
• Internal foundational refactoring

3.19.0

• Admin panel for creating an API user
• Improved erroring for auth login

3.18.0

• Backend SAML updates
• VPS update: add AOSP Blueprint upload to push only allowlist
• Update issue counts after a Release Group issue is resolved or un-resolved
• Add issue panel for Unaffiliated Licenses
• Backend SAML updates
• Add Feature Flag for VPS in FOSSA core
• VPS Scan Reports update to add unaffiliated licenses to HTML and PDF reports
• Fix project branch dropdown
• Support projectURL on Archive Upload endpoint
• VPS Update: Fix Notice file comparison preview panel
• Added ability to save page count for Users table under the Settings tab
• Fix Issue counts displayed on Release Group summary page
• Report generation bug fix
• Link to release page from Release Switcher dropdown
• Add unaffiliated licenses to VPS scan CSV reports
• VPS Reporting update
• Add support for Debian versions
• UI Update: Add preview panel to comparison view
• Update policy from white/black list to allow/deny
• Back-end update for issue resolving/un-resolving query
• RBAC Permissions update for Dependency Editing
• Back-end Vulnerability Management work

3.17.0

• Added API endpoint for fetching pending SSO domains
• Login backend work
• Internal foundational refactoring

3.16.0

• Use version in PIP fetcher if it exists
• Internal foundational refactoring

3.15.13

• Backend Security update: enable issue scanning for Linux Vulnerabilities
• Internal foundational refactoring

3.15.12

• Internal foundational refactoring

3.15.11

• Internal foundational refactoring

3.15.10

• Backend work for Notice file updates
• Project summary page UX updates
• Deprecate build logs in UI
• Allow Set Deep Dependencies Concurrency

3.15.9

• Improve error handling for Google SSO
• Security update: Enable vulnerability transform for RPM Linux
• RBAC UI cleanup

3.15.8

• Project summary panel UI update

3.15.7

• Internal foundational refactoring

3.15.6

• RBAC back-end work to check custom role name for match with a built-in role to prevent duplication of names
• Email domain checking for SSO enforcement update

3.15.5

• License display update in the preview panel

3.15.4

• Back-end JIRA work
• Internal foundational refactoring

3.15.3

• Internal foundational refactoring

3.15.2

• Release Groups fetching improvement including better Error display
• Enable enforced SSO login by default

3.15.1

• Internal foundational refactoring

3.15.0

• Better error messaging when there is an Archive Upload with the same name
• Prevent users from uploading Archives with Null Names
• RBAC: Show or hide the "Add Role" button based on the user's permissions

3.14.11

• Authorization page update
• Internal Security work
• Internal foundational refactoring

3.14.10

• License dropdown bug fix
• Internal foundational refactoring

3.14.9

• Update FOSSA-ruby CLI version

3.14.8

• Fix Team Settings header

3.14.7

• Internal foundational refactoring

3.14.6

• Internal foundational refactoring

3.14.5

• RBAC UI cleanup
• Support Policy Assignment on Archive Upload method
• Slack integration notification fixes
• Back-end SSO work

3.14.4

• RBAC UI cleanup
• Allow only enabled users to be added to a team

3.14.3

• Internal foundational refactoring

3.14.2

• JIRA Integration improvement
• Internal foundational refactoring

3.14.1

• Improved error handling for Authentication failure
• Internal foundational refactoring

3.14.0

• Improve permissions check & tooltip for users editing themselves
• Make license dropdown overflow visible in UI
• RBAC UI cleanup

3.13.2

• Back-end Vulnerability work
• Internal foundational refactoring

3.13.1

• Internal foundational refactoring

3.13.0

• RBAC UI update: Unsaved Changes warning for Add/Edit Roles
• RBAC UI update: Hide "Invite Users" for SSO-login only organizations
• VPS UI update: Use multi-select dropdown component for VPS licenses filter
• Internal foundational refactoring

3.12.3

• Add Unique ID field to Teams
• Internal foundational refactoring

3.12.2

• Add 4-hour timeout for Archive Upload Scans
• Return 404 from GET /api/comments when the project is not visible

3.12.1

• Back-end RBAC work

3.12.0

• Internal foundational refactoring

3.11.6

• Back-end Release Group work
• Internal foundational refactoring

3.11.5

• Back-end JIRA integration work
• Add ability to set labels and issue type when exporting to JIRA
• Back-end Release Group work
• Team name duplicate checks for better error messages

3.11.4

• RBAC Custom Roles deployed
• Internal foundational refactoring

3.11.3

• Release Group assignment on Project Upload
• Back-end VPS work

3.11.2

• Back-end RBAC Custom Roles work

3.11.1

• Fix sorting on the Users page
• Show a Teams column on the users page

3.11.0

• Back-end RBAC Custom Roles work
• Internal foundational refactoring

3.10.3

• UI Update for Delete Roles
• Internal foundational refactoring

3.10.2

• Update permissions checks for Project and Release Group actions
• Internal foundational refactoring

3.10.1

• Internal foundational refactoring

3.10.0

• Allow users to set Authorization headers for their JIRA instances
• Back-end RBAC Custom Roles work
• Internal foundational refactoring

3.9.1

• Fix "Refresh" button in project's summary page
• Internal foundational refactoring

3.9.0

• Internal foundational refactoring

3.8.0

• Back-end custom roles work (RBAC)
• Audit logs update for role deletions
• Better error handling for disabling or enabling users
• Permissions for creating a project report public link
• Permissions for creating an organization-wide report

3.7.4

• Internal foundational refactoring

3.7.3

• Internal foundational refactoring

3.7.2

• Internal foundational refactoring

3.7.1

• Break build on specific type of Issues (Security, Compliance, or Quality)
• Internal foundational refactoring

3.7.0

• Internal foundational refactoring

3.6.11

• Backend update of Vulnerabilities data

3.6.10

• Backend update of Vulnerabilities data
• Errors cleanup
• Internal foundational refactoring

3.6.9

• Fix agent builds from failing when sending scans of Debian packages
• Internal foundational refactoring

3.6.8

• Internal foundational refactoring

3.6.7

• Fix for Error for NPM packages with a string in the licenses field of package.json

3.6.6

• Support Release Groups on projects page when a Team is selected
• Backend update of Vulnerabilities data

3.6.5

• Archive Upload support to work when Org Role is "None"

3.6.4

• Internal foundational refactoring

3.6.3

• Reports fix: remove spacing in CSV report due to character encoding
• Fixed issue page load time
• Internal foundational refactoring

3.6.2

• UI update: paginate dependencies for projects
• API endpoint for deleting custom roles
• If licenses field in package .json is a string, then wrap it in an array
• Improved handling of cases where licenses are null or undefined
• Backend update of Vulnerabilities data
• Reports fix: include clickable links in HTML and PDF formats
• Update for Unknown Dependencies
• Fix UI uploads of Archives

3.6.1

• Internal foundational refactoring
• Update back-end APIs to use new Get Deep Dependencies functionality
• More precise error messages for SSO-only organizations
• Teams update: add a project to a team only if it isn't already in the same team
• Custom roles read only-UI update

3.6.0

• Fix to pick latest version in wildcard version for Nuget instead of earliest
• Enable Team Admins to Create Release Groups
• Audit logs fix to correctly log User's Team-Level role update event

3.5.2

• Internal foundational refactoring

3.5.1

• Release Groups to include revision ID
• Internal foundational refactoring

3.5.0

• Improved vulnerability monitoring
• Backend Roles updates
• Update License Summary label on reports

3.4.9

• Improve UI for viewing a public project
• Scan query speed improvement
• Package inventory label fix
• Add support for fetching all projects in a Release Group

3.4.7

• List Release Groups along with Projects in Teams Setting page
• Internal foundational refactoring

3.4.6

• Internal foundational refactoring

3.4.5

• Internal foundational refactoring

3.4.4

• Audit Logs User creation via SSO/SAML fix
• Internal foundational refactoring

3.4.3

• Backend VPS updates
• Enforce minimum CLI version feature flag (CLI v1.1.1+)
• Improved vulnerability monitoring and re-scanning
• Contributor count parameters update

3.4.2

• User Role error improvement
• Spring package vulnerability identification fix
• Users tab updates in Settings
• Backend update to Release Groups in Teams

3.4.1

• Roles update
• Internal foundational refactoring

3.4.0

• Internal foundational refactoring

3.3.6

• Improve filtering
• Internal foundational refactoring

3.3.5

• Improve Audit Log entry descriptions
• Fix Audit Log duplicate requests

3.3.4

• Improve SAML error message
• Endpoint for adding Release Groups to a team

3.3.3

• Git actions fix

3.3.2

• Issues count discrepancy fix
• Internal foundational refactoring

3.3.1

• Internal foundational refactoring

2.15.8

• Reports V2 - Add release group MD report
• Vendor Package Scanning (VPS)

2.15.7

• Bugfix for Policies UI - Search bar auto-fill with previous entry
• Reports V2 improvements

2.15.6

• JIRA export UI Not displaying issues
• Update BSD Clause 2 and 3 License text
• Reports V2 - Add copyright to v2 reports

2.15.5

• Erlang support
• Vendor Package Scanning (VPS) UI

2.15.4

• Support multiple copyrights per source unit
• Reports V2 - CVS Report for Release Groups
• Reports V2 - Update Plain Text Report for Release Groups
• Reports V2 - Update PDF Report for Release Groups

2.15.3

• Internal Maintenance Release

2.15.2

• Internal Maintenance Release

2.15.1

• Add issue resolution reason to Release Groups

2.15.0

• Vendor Package Scanning (VPS) internals
• Security and Vulnerability internals

2.14.3

• Reports V2 - Update HTML Report for Release Groups
• Front end error handling improvements
• Fix SAML redirect

2.14.2

• Reports V2 - Markdown Reports

2.14.1

• Fix button duplicate
• Improve consistency in on-prem and cloud versioning
• Reporting improvement for Release Groups
• Reports implement full copyright listing
• Vendor Package Scanning (VPS) features

2.14.0

• Improve NuGet Dependency resolution
• Reports implement full copyright listing

2.13.2

• Internal Maintenance Release

2.13.1

• Fossabot improve branch handling
• Add Jenkins maven repo to list of defaults and add cvePublishDate to Vulnerability as backup for publishDate.
• Only show PR tabs if remediation PR available
• Vulnerability features

2.13.0

• Vendor Package Scanning (VPS) internals
• Security and Vulnerability internals

2.12.10

• Fix Preview Alert text for vulnerability reports
• Add pull request icon to fossa-icon font

2.12.9

• Add webhook handling for closing/merging/managing FOSSA pull requests
• Enhancement for On Premise UI response during initial org creation
• API improvements to teams endpoint

2.12.8

• Vendor Package Scanning (VPS) internals
• Security and Vulnerability feature improvements

2.12.7

• Fix License truncating for downloaded reports
• Reports V2 - HTML show attribution
• Vendor Package Scanning (VPS) internals
• Security and Vulnerability feature improvements

2.12.6

• Reports v2 - html report
• Improve Package edit UI

2.12.5

• Vendor Package Scanning (VPS) UI
• Security and Vulnerability feature improvements
• Improve On Premise installation: Check for Postgres version before migration
• Add file path information for reports

2.12.4

• Vendor Package Scanning (VPS)
• Reports V2 - Update Plain Text Report for Projects
• Add Repoze License

2.12.3

• Add link within Jira linking back to FOSSA issue
• Enable users to directly link a specific issue from the Issues tab for a project

2.12.2

• Vulnerability reports for Release Groups
• Vulnerability report API for team and org

2.12.1

• Support private Bower registries
• Fix project deletion for provided builds
• Add discovered licenses to license table in pdf reports