Release_1.1.12

• The below third-party libraries have been upgraded :-

• Library “org.springframework” to 5.3.18
• Library “io.netty” to 4.1.75.Final

Release_1.1.10

The below third party libraries have been upgraded
o Library “org.apache.logging.log4j:log4j-core” to 2.17.1.
o Library “org.apache.logging.log4j:log4j-api” to 2.17.1
o Library “org.apache.logging.log4j:log4j-slf4j-impl” to 2.17.1.

Release_1.1.9

• CLI SCA Resolver
• CLI SCA scan timeout
• CLI scan level custom fields
• Vulnerability fixes reported in CLI 1.1.8 and 1.1.7
• Removed log4J-core vulnerability

Release_1.1.8

This release contains

1. Latest common version 2021.4.5 . Issue was due to retrieving access token once again in cx common client version 2021.3.167

Release_1.1.7 CLI Release with org.apache.commons_commons-compress vulnerability fixed

Release_1.1.7 CLI Release with org.apache.commons_commons-compress vulnerability fixed. However in the next release will address other possible high and medium vulnerabilities . The scan link https://eu.sca.checkmarx.net/#/projects/a4ca6918-17ec-4679-b6ee-38fbc943252d/overview.

CLI Release with SCA new features

This new release contains the following features :

1. Exploitable path : which takes SAST project and credential details to find the exploitable path/attack vector in your code during the SCA scan . Provide extra parameters with SCA scan which are required for exploitable path. ( Parameters - SAST Project Id and/or SAST Project name, SAST Server Url , SAST User, SAST Password)
   2.Private registries and environment variables : Passing environment variables and/or configuration files from CLI during SCA scan so that package managers like maven, gradle, nuget, npm can use it to find the open source libraries used for code sent for scan
2. Sca include source flag: During the SCA scan if this flag is sent as true, the entire source code gets included in the scan
3. Sca new project creation and team assignment from CLI : Allows user from CLI to create a new SCA project and assign a team to it

Release_2021.1.4

1. Updated CLI to use 20.0.11 FSA
2. Upgraded library “org.springframework:spring-web “ to version 5.3.5
   Upgraded library “com.fasterxml.jackson.core:jackson-databind“ to version 2.10.5.1
   Upgraded library “org.mozilla:rhino “ to version 1.7.12
   Upgraded library “io.vertx:vertx-web “ to version 4.0.2
   Upgraded library “io.netty:netty-handler “ to version 4.1.58.Final

Release_2021.1.3

Addressed spring-web dependency for defect #1641. Changed the dependency library version to 5.3.4.
Increased plugin release version to 2021.1.3

Release_2021.1.2

This release tag contains changes of 2021.1.1 + one incremental change for non-functional fix #1641
2021.1.1 Tag was never created

SCA Local Registry Beta

This release includes the following:

1. New parameters for accepting environment variables (Key:Value pair) as a part of SCA scan.
2. New parameters for accepting package manager config file paths which are included in the SCA scan zip.
3. New parameter for accepting Checkmarx Project Id required for SCA scan.

Format for new parameters :
-env "Key1:Value1 , Key2:Value2"
-cxprojectid 539233
-cxserver http://cxsast.checkmarx.com
-cxuser someCxUser
-cxpassword someCxPassword
-scaconfigfile "C:\Users\Path\To\Directory.npmrc"