Info |
---|
These release notes are for the Mend cloud solution, and do not apply to the on-premises solution that has its own release notes.
|
...
Product | Description |
---|---|
Mend for GitHub Enterprise | The setup.cfg file is now supported for triggering a scan through the Unified Agent Controller. |
Mend for GitHub Enterprise | Names of all Checks (Security, License, SAST, IaC) were changed from “WhiteSource” to “Mend”. |
Mend for Bitbucket Server | Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via Issues. |
Mend for GitHub Enterprise | Enabled Smart Fix for Java projects. NOTE: An update to this version will cause an increase in plugin activity for the repositories with Java projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many Java projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
Resolved Issues
Product | Description |
---|---|
Mend for Azure Repos | A Remediate pull request would not be created if a space appeared in the repository name. |
...
Product | Description |
---|---|
Mend for GitLab | Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
Mend for Github.com | Added a new tag commitId to the Mend application Projects that will contain the latest scanned commit ID. |
Mend for Azure Repos | The |
Mend for Github.com | Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version. |
Mend for Github.com | The scanning of Dotnet 6 projects is now supported. |
Mend for Github.com | Dev dependencies in the NPM and Yarn projects will not be scanned by default. |
Mend for Github.com | Enabled Smart Fix for Java projects. |
...
Product | Description |
---|---|
Mend for GitHub.com | Mend has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
Mend for Bitbucket Server, | Previously, the only way to provide the integration's activation key to the Remediate container was by using a prop.json file. |
Mend Advise for IntelliJ, | Beginning in this version, you can configure the plugin/extension to alert only on detected vulnerabilities satisfying a given minimum severity level (as opposed to always showing Low, Medium and High severity vulnerabilities). |
Mend Advise for WebStorm | Beginning in this version, Mend Advise will not scan the node_modules folder of a selected project. |
...
Product | Description |
---|---|
Mend Advise for IntelliJ, | Better handling when the developers' environment is disconnected from the internet or has no access to the Mend servers. |
Mend Advise for Visual Studio | In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed. |
Mend for GitHub.com | When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with Mend configuration files. |
Mend for GitLab | When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication. |
Version 21.3.1 (4-April-2021)
...
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA, | An improved notification message is now displayed when no vulnerabilities are found in a scanned project. |
Mend Advise for IntelliJ IDEA | Added support for the "apply from" script plugin in Gradle projects, which can reference a dependency file contained within the scanned project or outside of it. |
Mend Advise for Eclipse, | Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities). |
Mend for Bitbucket Server, | For NPM projects only - Added support for remediation of transitive npm packages when a package-lock.json is present. |
Mend for Bitbucket Server, | Beginning in this version, a new Mend Security/License Check summary will be displayed in case a scan results in an empty inventory (as opposed to when one or more Security/License issues are detected). |
Mend Remediate | Remediate sometimes, and Renovate often, needs to query github.com for tags and releases (e.g. for release notes fetching). |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
...
Product | Description |
---|---|
Mend Advise for PyCharm, | Mend has launched Mend Advise for PyCharm and Mend Advise for WebStorm plugins, empowering JetBrains developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects. |
Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, | From this version onwards, the Administration > Mend Integration page enables the Bitbucket administrator to select Projects to integrate with Mend, instead of Repositories. Once a project is selected by the Bitbucket administrator, the project administrator will be able to access the Mend Integration page from the Project > Project settings page and decide which repositories within that project to integrate with Mend. NOTE: Customers upgrading from an older version of the integration will be automatically migrated to the new Mend Integration model. This means that for each already integrated repository, the repository will be automatically selected inside the Project > Project settings page. |
...
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA | Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities. |
Mend for Bitbucket Server, | In an integrated repository page, the Critical severity metric inside the Mend Security widget was modified to High in order to align with the Mend UI severity metrics. |
...
Product | Description |
---|---|
Mend for GitHub Enterprise, | Added ability to define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the Mend integration. |
Mend for Bitbucket Server, | Global Repo Configuration:
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
...
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA | The No proxy HTTP setting was ignored by the plugin. |
Mend for Bitbucket Server, | The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size. |
Version 20.11.2 (6-December-2020)
...
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | Renovate config presets were not being resolved. |
Mend for Bitbucket Server, | In the Mend Security Report (Code Insights), the table listing each vulnerability was not displayed correctly. |
Version 20.11.1 (22-November-2020)
...
Product | Description |
---|---|
Mend Advise for IntelliJ, |
|
Mend Advise for IntelliJ |
|
Version 20.10.2.1 (8-November-2020)
...
Product | Description |
---|---|
Mend for GitHub Enterprise | In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created. |
Version 20.10.1.1 (25-October-2020)
...
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server | In the Mend Integration page:
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.
...
Product | Description |
---|---|
Mend for Bitbucket Server |
|
Mend for Bitbucket Server, |
|
Version 20.9.2 (11-October-2020)
...
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server, |
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.1 of the Unified Agent.
...
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.
Resolved Issues
Mend for GitHub.com, Mend for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.
Version 20.7.2 (3-August-2020)
...
Product | Description |
---|---|
Mend Advise for Eclipse, Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.
Resolved Issues
Mend for GitHub.com, Mend for GitHub Enterprise: When the content of a "Mend Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.
Mend for Bitbucket Server, Mend for GitHub Enterprise, Mend for GitHub.com, Mend for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.
Version 20.7.1.1 (23-July-2020)
...
Product | Description |
---|---|
Mend Advise for Visual Studio |
|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.
Resolved Issues
Mend for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.
Version 20.6.1.1 (23-June-2020)
...
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.
Resolved Issues
Mend for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.
Version 20.4.2.2 (17-May-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise |
|
Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.
Resolved Issues
Mend for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.
Version 20.3.1 (29-March-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Support for Gradle Kotlin projects |
NOTE: The GitHub.com integration in this version supports version 20.3.1 of the Unified Agent.
...
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Support for Gradle in Mend Remediate |
Mend for Bitbucket Server |
|
...