Version 22.3.3 (April 3, 2022)

Addressed Spring4Shell (CVE-2022-22965) in the AVM agent

General Notice (January 9, 2022)

AVM now supports Fortify version 21.2

Version 21.11.1 (November 28, 2021)

AVM now supports Fortify version 21.1

General Notice (October 31, 2021)

AVM now supports Fortify version 20.2

General Notice (October 3, 2021)

AVM now supports the following:

• Fortify 20.1

• ThreadFix 2.8.4

Version 21.3.1 (April 4, 2021)

Resolved Issues

• A timeout occurred when fetching vulnerabilities information from Fortify.

Version 20.12.2 (January 3, 2021)

Resolved Issues

• AVM failed to generate an offline report in Linux environment.

Version 20.12.1 (December 20, 2020)

Resolved Issues

• In the ThreadFix AVM Application, the Vulnerability Details Summary field description with more than 150 characters appeared to be broken.

Version 20.7.2 (August 2, 2020)

Resolved Issues

• Under certain conditions, when an application had no vulnerability, it was not updated by the AVM agent.

Version 20.6.2 (June 30, 2020)

New Features & Updates

• New parameters - include_avm_applications and exclude_avm_applications, which provide the customer with the ability to specify the AVM applications to sync.

• Ability to display Effective Usage Analysis data in Fortify & Threadfix 

Version 19.10.1 (November 11, 2019)

New Features & Updates

...

For Mend customers using Fortify SSC, this version now provides the ability to suppress/close vulnerabilities from the Fortify SSC dashboard and have the data synchronized to Mend as ignored alerts when the AVM agent runs, thereby eliminating the need to open and repeat this action in the Mend Web UI. 

...

For Mend customers using ThreadFix, this version now provides the ability to mark vulnerabilities as false positives from the ThreadFix dashboard and have the data synchronized to Mend as ignored alerts when the AVM agent runs, thereby eliminating the need to open and repeat this action in the Mend Web UI.

...

For Mend customers using the AVM agent, beginning in this version, when setting the ignore alert option in the Mend Web UI on specific vulnerabilities, it will be synchronized and reflected in the ThreadFix dashboard as false positive vulnerabilities when the AVM agent runs.

...

For Mend customers using the AVM agent, beginning in this version, when setting the ignore alert option in the Mend Web UI on specific vulnerabilities, it will be synchronized and reflected in the Fortify SSC dashboard as suppressed vulnerabilities when the AVM agent runs.

...

This page is available at: https://docs.mend.io/bundle/integrations/page/application_vulnerability_management__avm__agent_release_notes.html