Versions Compared

Old Version 29

changes.mady.by.user Talia Sela

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • For organizations migrating from library-based alerts to vulnerability-based alerts, the email of the user who performed the last change in the alert’s status will not appear in the UI or the exported reports for License and Compliance Alerts that were raised in the old library-based mode (before the migration).

  • When clicking on the Vulnerability Analysis > Reported Vulnerability widget, the Security Alerts: View by Library page is opened without being filtered for the selected data.

  • When clicking on the Vulnerability Analysis > Effective Vulnerability widget, the Security Alerts: View by Vulnerability page is opened without being filtered for the selected data.

  • The order of the vulnerabilities in Security Alerts: View By Library exported Excel isn't the same as the one in the UI view. 

  • While working with the Licensing & Compliance Alerts page on a laptop screen, the Library column might not appear. This can be addressed by zooming out in your browser.

  • If a source library has multiple source files with the same vulnerability, the security alerts for each of these vulnerability occurrences will all have the same alert UUID.

  • If multiple source files with the same name are scanned to the same project, and they have the same vulnerability, the security alerts for each of these vulnerability occurrences will all have the same alert UUID.

Library-based Alerts

  • When the same source library appears more than once with different source files, a discrepancy exists between the per-vulnerability alerts counter and the Vulnerability Report/Risk report.

...

  • Generating Jira Server token fails when the organization’s name contains non-alphanumeric characters.

  • The source file name is missing from the response of the fetchProjectPolicyIssues API and the Mend Issues.

  • In Jira Server versions that do not provide a way to differentiate between plugin-disabled and plugin-uninstalled events, the Jira Server plugin will not clear its database in both cases.

General

  • Product, Project, and Organization names are case-sensitive.

  • CVSS score version 3.1 is currently only partially supported in WhiteSourceMend, and is planned to be fully supported in the near future.

  • Quality Metrics related to bugs on open source libraries: Due to the information being partially available, some libraries may contain broken links, or may not display accurate information regarding their known bugs. Therefore, WhiteSource Mend may occasionally display information on bugs that were previously closed. This known issue is currently being handled, and may require a number of future releases before it is fully resolved.  

  • Libraries with multiple versions: In the event that multiple versions of the same library are in use, and the latest library version is used in multiple projects, the alert created by WhiteSource Mend displays only one project name in the description. This known issue is currently being handled and should be resolved with a new alerts model we're currently developing.

  • In the Scala dependencies detection, when using SBT version less than 1.3 and the sbt-coursier plugin is installed, only dependencies included in the compile scope can be resolved. We recommend adding the sbt-dependency-graph plugin to overcome this limitation.

  • The fields Uploaded by and Request Token in the Project Vitals panel disappear after removing a library.

...