These release notes are for the Mend cloud solution, and do not apply to the on-premises solution that has its own release notes.
Click here to view known issues.
Release notes are subject to change until the actual release date. Note that Mend reserves the right to postpone the release of this page for up to and including 48 hours after the version’s actual release.
This page is "dynamic" and is subject to change between official releases. Mend reserves the right to modify this page retroactively. Check this page periodically between official releases to ensure you are up-to-date with all hotfixes, changes and additions to Mend's products.
Version 22.6.1 (26-June-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitLab | Added a parameter that will define whether all Checks (Security, License, SAST, IaC) will have the name of “Mend” or “WhiteSource” (e.g. “WhiteSource Security Check” or “Mend Security Check”).
|
Resolved Issues
Product | Description |
---|---|
Mend for Azure Repos | A pull request check status would not be created if a space appeared in the project or repository name. |
Version 22.5.2.1 (19-June-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise | Added a parameter that will define whether all Checks (Security, License, SAST, IaC) will have name of “Mend” or “WhiteSource” (e.g. “WhiteSource Security Check” or “Mend Security Check”).
|
Version 22.5.2 (12-June-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise | The setup.cfg file is now supported for triggering a scan through the Unified Agent Controller. |
Mend for GitHub Enterprise | Names of all Checks (Security, License, SAST, IaC) were changed from “WhiteSource” to “Mend”. |
Mend for Bitbucket Server | Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via Issues. |
Resolved Issues
Product | Description |
---|---|
Mend for Azure Repos | A Remediate pull request would not be created if a space appeared in the repository name. |
Version 22.5.1 (29-May-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub.com | The setup.cfg file is now supported for triggering a scan through the Unified Agent Controller. |
Mend for GitHub.com | The SAST token can now be validated before initiating a scan. |
Mend for GitHub.com | The application bot user was renamed from whitesource-for-github-com[bot]@users.noreply.github.com to mend-for-github-com[bot]@users.noreply.github.com |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com | Update requests would sometimes fail to be sent from the SCM scanner. |
Mend for GitHub.com | The SAST scan timeout is now extended to 4 hours. |
Version 22.4.2 (15-May-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise | A configuration error occurs if the user fails to specify the hostType or matchHost parameters when setting hostRules for private registry. |
Mend for GitHub.com | Enabled a SAST scanning: Static Application Security Testing, solution for performing deep and extensive security analysis of application source code. |
Mend for GitHub Enterprise | Scanning of .NET 6 projects is now supported. |
Mend for GitHub Enterprise | Dev dependencies in the NPM and Yarn projects will not be scanned by default. |
Resolved Issues
Product | Description |
---|---|
Mend for Azure Repos | When onboarding a whitesource-config repo, an exception would occur when converting the Azure API response for getting repositories. |
Mend for Github.com | In some cases, a 500 internal server error would occur when sending update requests from the SCM scanner. A retry sends the update request successfully. |
Mend Advise for Visual Studio Code | In some cases, scanning of the project would lead to no findings and crashing of Visual Studio Code. |
Mend Advise for IntelliJ IDEA Mend Advise for PyCharm Mend Advise for WebStorm | Version 2022.1 of JetBrains IDEs was not supported by Advise plugin. |
Version 22.4.1 (1-May-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitLab | Added the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
Mend for Github.com | Added a new tag commitId to the Mend application Projects that will contain the latest scanned commit ID. |
Mend for Azure Repos | The |
Mend for Github.com | Python version 3.8 is now supported when performing a scan with the SCM scanner. Note that Python version 3.7.12 is still the supported default version. |
Mend for Github.com | The scanning of Dotnet 6 projects is now supported. |
Mend for Github.com | Dev dependencies in the NPM and Yarn projects will not be scanned by default. |
Mend for Github.com | Enabled Smart Fix for Java projects. |
Version 22.3.3 (17-April-2022)
New Features and Updates
Product | Description |
---|---|
Mend for Bitbucket Server | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
Mend for GitHub.com | An option is now available to allow users to control Mend IaC check runs in the |
Mend for GitLab | The |
Mend for GitHub Enterprise | Python versions 3.8 and 3.9 are now supported when performing a scan with the SCM scanner. |
Version 22.3.2 (3-April-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub.com | Python version 3.9 is now supported when performing a scan with the SCM scanner. |
Mend for GitHub Enterprise | It is now possible to define a scope for migration to the Global Configuration - for all organizations or for all repositories of a specific organization. |
Mend for GitLab | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
Mend for Azure Repos | Work Items will now be created and updated for all of the Processes: Basic, Agile, Scrum, and CMMI. Previously, only Basic was supported. |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | Issues would not be created in the Issue Repo when the Issues tab was not enabled in the origin repo. |
Mend for Bitbucket Server and Data Center | Improved exception handling and logging when handling PR Webhooks. |
Version 22.3.1 (20-March-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise | A new parameter |
Mend for GitHub Enterprise | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependencies (JavaScript only). NOTE: An update to this version will cause an increase in plugin activity for the repositories with NPM projects in the first few days (up to a week). The number of scan requests will temporarily increase by 20%-50% depending on how many NPM projects there are in the organization. Consider temporarily increasing the number of scanners for this period. |
Mend for GitHub.com | Repeated restarts no longer occur when performing a scan with the SCM scanner. |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com | In some cases, when there were many Diff check runs of the Controller, the result would be a null link to the base branch run. |
Mend for GitHub.com | During a Mend IaC Check, the Controller would fail to parse the resulting json file due to an inconsistent attribute type. |
Version 22.2.2.1 (9-March-2022)
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | The Python resolution was fixed by reducing the total number of duplicate dependencies. |
Version 22.2.2 (6-March-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise | A scan is now triggered when changes are made to the |
Mend for GitHub Enterprise | A new parameter |
Mend for GitHub Enterprise | A new parameter |
Mend for GitHub Enterprise | The new caching mechanism is now enabled by default. |
Mend for GitHub Enterprise | The scanning of NPM projects with |
Mend for GitHub Enterprise | Ruby bundler projects are now supported by Remediate. |
Version 22.2.2 (6-March-2022)
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for GitHub.com Mend for GitLab Mend for Bitbucket Server Mend for Azure Repos | Ignored vulnerability alerts in the Mend application dashboard would appear in diff check runs of the Controller. |
Mend for GitLab | When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete. |
Mend for GitHub Enterprise | The scanning would fail when the commit tag was equal to the default branch name. |
Version 22.2.1 (20-February-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for GitHub.com Mend for GitLab Mend for Bitbucket Server Mend for Azure Repos | A scan will now be triggered when changes are made to a |
Mend for GitHub.com | Enabled defining a caching mechanism by setting the |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for GitHub.com Mend for GitLab Mend for Bitbucket Server Mend for Azure Repos | Ignored vulnerability alerts in the Mend application dashboard would appear in diff check runs of the Controller. |
Mend for GitLab | When onboarding a whitesource-config repo, if the repo had the same name as its subgroup, the onboarding would not complete. |
Mend for GitHub Enterprise | The scanning would fail when the commit tag was equal to the default branch name. |
Version 22.1.2 (6-February-2022)
Product | Description |
---|---|
Mend for GitHub.com | The |
Mend for GitHub.com Mend for Azure Repos | The scanning of projects using Java 11 is now supported. |
Mend for Bitbucket Server Mend for GitLab | The scanning of private Ruby registries is now supported. |
Version 22.1.1.2 (24-January-2022)
Product | Description |
---|---|
Mend for GitHub Enterprise, Mend for Bitbucket Server, Mend for Bitbucket Data Center, Mend for GitLab, | Default archive extraction depth is set to 0 for the scanner. To change this value, look for the configMode parameter in the |
Version 22.1.1 (23-January-2022)
New Features and Updates
Product | Description |
---|---|
Mend for Azure Repos | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only). |
Mend for GitHub.com Mend for Azure Repos | Default archive extraction depth is set to 0 for the scanner. To change this value, look for the configMode parameter in the |
Mend for GitHub.com Mend for Azure Repos | The scanning of private Ruby registries is now supported. |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com | After running a scan, the Controller container would find issues that were previously closed with an additional “autoclosed” suffix appended to their title. |
Version 21.12.2 (9-January-2022)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for GitHub.com | For Go, Python or Maven projects, when the manifest file ( |
Mend for GitHub.com, Mend for Bitbucket Server, Mend for Bitbucket Data Center, Mend for GitHub Enterprise, Mend for GitLab, Mend for Azure Repos | Check runs can be disabled from ever being created during the scan. |
Mend for GitHub.com, Mend for Bitbucket Server, Mend for Bitbucket Data Center, Mend for GitHub Enterprise, Mend for GitLab, Mend for Azure Repos | A new parameter |
Mend Advise for VS Code | Yarn 1, 2, and 3 are supported. |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for GitHub.com | When onboarding a |
Version 21.12.1.1 (29-December-2021)
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | Some newly onboarded repositories did not inherit the configuration from the whitesource-config organization. |
Version 21.12.1 (26-December-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub.com Mend for Azure Repos | The scanning of private Yarn 2 and Yarn 3 registries is now supported. |
Mend for GitHub Enterprise Mend for Bitbucket Server Mend for GitLab | The scanning of private Nuget registries is now supported. |
Mend for GitHub Enterprise Mend for Bitbucket Server Mend for GitLab | Gradle 7 projects are now supported. |
Mend for GitHub Enterprise Mend for GitHub.com | For NPM projects, when |
Mend Advise for WebStorm Mend for GitHub.com | Smart Fix: Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (JavaScript only). |
Version 21.11.2 (12-December-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise Mend for Bitbucket Server Mend for Bitbucket Data Center Mend for GitLab | The scanning of private Go and Yarn (Yarn 1) registries is now supported. |
Mend for GitHub Enterprise Mend for Bitbucket Server Mend for Bitbucket Data Center Mend for GitLab | Yarn 2 and Yarn 3 projects are now supported. |
Mend for GitHub Enterprise | The scanning of private Gradle registries is now supported. |
Mend for GitHub Enterprise | The scanning of private Python PIP registries is now supported. |
Mend for GitHub.com Mend for Azure Repos | The scanning of private Nuget registries is now supported. |
Mend for GitHub.com Mend for Azure Repos | Gradle 7 projects are now supported. |
Mend for GitHub.com Mend for GitHub Enterprise Mend for Azure Repos | Check run will ignore IaC issues that were manually closed by the user. |
Mend Advise for Visual Studio Code | Fix recommendations were enhanced to remediate transitive vulnerabilities with the update of direct dependency (NPM only). |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com Mend for GitHub Enterprise | Sometimes, less dependencies were found in the Maven projects than expected. |
Mend for GitHub Enterprise | Some new projects and products in the Mend application were created with the "_1" prefix even if no duplicates were present. |
Version 21.11.1 (28-November-2021)
New Features and Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA Mend Advise for PyCharm Mend Advise for WebStorm | Additional user notifications are provided regarding vulnerability alerts when in Focus mode, for the IntelliJ, PyCharm, and WebStorm integrations. |
Mend for GitHub.com | The scanning of Yarn 2 and Yarn 3 projects is now supported. |
Mend for GitHub.com | The scanning of private Go and Yarn (Yarn 1) registries is now supported. |
Mend for GitLab Mend for Bitbucket Server Mend for Bitbucket Data Center | The scanning of private Gradle and Python PIP registries is now supported. |
Mend for GitHub.com Mend for GitLab Mend for Bitbucket Server Mend for Bitbucket Data Center | Two tags will be added to the project in the Mend application when the respective repository is scanned for the first time:
|
Mend for Azure Repos | Launch of the Mend for Azure Repos: open beta stage. |
Resolved Issues
Product | Description |
---|---|
Mend for GitLab | Fixed automatic naming for products in the Mend application connected to subgroups in the repositories. |
Mend Advise for Visual Studio | Visual Studio would sometimes crash when using Mend Advise 21.10.1. |
Version 21.10.2 (14-November-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub.com | The scanning of private Gradle registries is now supported. |
Mend for GitHub.com | The scanning of private Python PIP registries are now supported. |
Mend Advise for Visual Studio | Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch. |
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com, Mend for GitHub Enterprise, Mend for GitLab | The Mend application would delete issue labels that were manually created by users. |
Version 21.10.1 (31-October-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, Mend for GitLab, Mend for Bitbucket Server | Enabled cloning project files through Git shell commands. |
Mend Advise for Visual Studio | The Diff operation is now enabled by default when the Mend Advise plugin is active. |
Mend Advise for Visual Studio Code | Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured scanned base branch. |
Version 21.9.1.1 (25-October-2021)
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com | Scans found zero non-private dependencies when the Go project included any private dependencies |
Version 21.9.1 (17-October-2021)
New Features and Updates
Product | Description |
---|---|
Mend for Bitbucket Server, Mend for Bitbucket Data Center, Mend for GitHub Enterprise, Mend for GitLab | Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials in Repository Integrations. |
Mend for GitHub.com, Mend for Bitbucket Server, Mend for Bitbucket Data Center, Mend for GitHub Enterprise, Mend for GitLab | Support for Maven private registries. |
Mend for GitHub Enterprise | Expanded support for Mend IaC Check. Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported. |
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA Mend Advise for PyCharm Mend Advise for WebStorm | After installing the Mend plugin, the exception “Do not request resource from classloader using path with leading slash“ would occur on Windows, Mac or Linux with the IntelliJ, PyCharm, and WebStorm integrations. |
All Repo Integrations | Building the Repo integration scanner Dockerfile would fail when trying to install Cocoapods for managing the library dependencies. |
Version 21.8.2 (3-October-2021)
New Features and Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA Mend Advise for PyCharm Mend Advise for WebStorm Mend Advise for Visual Studio Code | The Focus Mode allows developers to see only new vulnerability alerts in their feature branches compared to a predefined base branch. This feature is now enabled by default. |
Mend Advise for PyCharm Mend Advise for WebStorm | Vulnerable Commit Alert: An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IDE. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch. |
Mend for GitHub.com | (BETA) Support for NPM private registries by providing an asymmetric encryption solution to support scoped secrets/credentials Repository Integrations. |
Mend for GitHub.com | Expanded support for Mend IaC Check: Configuration files Terraform, CloudFormation, Kubernetes, ARM Templates, Serverless, and Helm, are now supported. |
Mend for Bitbucket Server, | Regular account repo-settings.json or global-settings.json files are now automatically populated with the settings from the whitesource-config account’s global-settings.json file. |
Mend for Bitbucket Server, | Added a feature to save scan logs to a zip file after manual scanning from the Global Repo. |
Mend for Bitbucket Server, | Python Conda projects are now supported in all Repo integrations. |
Version 21.8.1 (29-August-2021)
New Features and Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA | An alert can be enabled to notify about newly added vulnerabilities when committing the code inside the IntelliJ. This alert will appear only if the committed feature branches have new vulnerabilities compared to a preconfigured base branch. |
Mend for Bitbucket Server |
|
Mend for Bitbucket Server, | Regular account repo-settings.json or global-settings.json files can now inherit settings from the “whitesource-config” account’s global-settings.json file. |
Version 21.7.2 (15-August-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitLab |
|
Mend for GitHub.com | Users can now manually trigger scans for specific repositories. |
Mend Advise for Visual Studio | Mend added developer focus mode for Visual Studio. |
Mend for Bitbucket Server, | Added Remediate Worker Horizontal Scalability. This feature is used to scale Remediate to allow it to utilize additional containers, in order to process multiple repositories concurrently. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.7.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.7.1 (1-August-2021)
New Features and Updates
Product | Description |
---|---|
Mend for GitHub.com | Added inheritence configuration validation and error notification via issues and check runs. |
Mend Advise for WebStorm | Mend added developer focus mode for WebStorm. |
Mend Advise for Visual Studio Code | Mend added developer focus mode for Visual Studio Code. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.6.3 of the Unified Agent. The GitHub.com integration in this version supports version 21.7.1.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.3 (18-July-2021)
New Features and Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA |
|
Mend Advise for PyCharm |
|
Mend for GitHub.com |
|
Mend for GitHub Enterprise |
|
Mend for GitHub Enterprise |
|
Resolved Issues
Product | Description |
---|---|
All Repo Integrations | In cases of update requests that originated from the SCM scanner, the plugin request report in the app displayed the org's default approver instead of the service user that created the scan. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.6.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.6.3 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.2 (4-July-2021)
Product | Description |
---|---|
Mend for GitHub.com |
|
Mend Advise for PyCharm |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.2 of the Unified Agent. The http://GitHub.com integration in this version supports version 21.6.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.6.1 (20-June-2021)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.6.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.5.2 (6-June-2021)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, | In cases where the integration failed to retrieve either a .whitesource configuration file from a repository, or any of the Mend configuration files included inside the Global Configuration repository, a Mend Configuration check run with a failed status will be created. |
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.5.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.5.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.5.1 (23-May-2021)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ, | Added support for IDE version 2021.1. |
Mend Advise for IntelliJ, |
|
Mend Advise for Eclipse, | Added a Clear Results button to the Mend tab, providing users the ability to clear all currently displayed data (from all projects). |
Mend Advise for Eclipse | Improved the display of the hierarchy tree for transitive vulnerabilities. |
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.5.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend for Bitbucket Server, | When the global-config.json (as part of Global Configuration) contained a noMendFile parameter, repositories with an unmerged (open/closed) onboarding PR were not scanned. |
Mend for GitHub Enterprise, | In rare cases, the Mend IaC Check returned a Success status instead of a failed status. |
Mend for GitLab | In specific cases, in the Remediate container logs, an SSH public key was leaked. |
Mend Advise for Eclipse |
|
Version 21.4.2 (9-May-2021)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Added support for .NET core 5.0 built projects. |
Mend for GitHub Enterprise |
|
Mend Advise for PyCharm, | Beginning in this version, you can configure the plugin to also alert on dev dependencies. This changes the default scanning behavior of Mend Advise for Visual Studio (before version 21.4.2, alerts for dev dependencies were displayed). |
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend for GitHub.com | Repositories built with Paket could not be scanned successfully. |
Mend for GitHub.com | Elixir-based repositories could not be scanned successfully. |
Mend Advise for IntelliJ | In specific scenarios where a dependency did not contain an explicit version, no vulnerability alerts were raised for it. |
Mend for Bitbucket Server, | Modifying the minSeverityLevel parameter value inside the .whitesource configuration file did not lead to the automatic closing of existing non-relevant issues. |
Mend for GitHub Enterprise, | In specific scenarios, a Bad Credentials error was displayed when migrating specific repositories to the global configuration via the migration feature. |
Version 21.4.1 (25-April-2021)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Mend has launched the ability to scan cloud infrastructure configurations (IaC) to find misconfigurations before they are deployed. For this, a Mend IaC Check was introduced which runs in parallel to the existing Mend Security/License Check. In addition, IaC violation alerts are displayed via GitHub Issues. |
Mend for Bitbucket Server, | Previously, the only way to provide the integration's activation key to the Remediate container was by using a prop.json file. |
Mend Advise for IntelliJ, | Beginning in this version, you can configure the plugin/extension to alert only on detected vulnerabilities satisfying a given minimum severity level (as opposed to always showing Low, Medium and High severity vulnerabilities). |
Mend Advise for WebStorm | Beginning in this version, Mend Advise will not scan the node_modules folder of a selected project. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.4.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for VS Code | In specific scenarios, when installing the extension on a Mend Dedicated Instance-related environment, scanning resulted in connection issues. |
Version 21.3.2 (11-April-2021)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.3.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ, | Better handling when the developers' environment is disconnected from the internet or has no access to the Mend servers. |
Mend Advise for Visual Studio | In some cases, scanning a C# project resulted in an exception, and in addition, no vulnerabilities were displayed. |
Mend for GitHub.com | When adding an empty whitesource-config repository from a default "main" branch to the integration, it was not initialized with Mend configuration files. |
Mend for GitLab | When using the security dashboard, issues were published but the commit comment was not updated with scan results and remained with a "scan in progress" indication. |
Version 21.3.1 (4-April-2021)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA, | An improved notification message is now displayed when no vulnerabilities are found in a scanned project. |
Mend Advise for IntelliJ IDEA | Added support for the "apply from" script plugin in Gradle projects, which can reference a dependency file contained within the scanned project or outside of it. |
Mend Advise for Eclipse, | Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities). |
Mend for Bitbucket Server, | For NPM projects only - Added support for remediation of transitive npm packages when a package-lock.json is present. |
Mend for Bitbucket Server, | Beginning in this version, a new Mend Security/License Check summary will be displayed in case a scan results in an empty inventory (as opposed to when one or more Security/License issues are detected). |
Mend Remediate | Remediate sometimes, and Renovate often, needs to query github.com for tags and releases (e.g. for release notes fetching). |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.3.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ | When scanning a large Gradle project (~20 modules), the plugin would run for an excessive amount of time, which resulted in the IDE being frozen. |
Mend for Bitbucket Server, | Improved rotation of the application container logs by modifying the maximum log size from 10GB to 2GB, and the maximum history days from 600 to 60 days. |
Version 21.2.2 (14-March-2021)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA, | Beginning in this version, you can configure Mend settings (Settings > Tools > Mend) either on a global (affecting all projects) or project level (affecting a single project only). |
Mend Advise for VS Code, | Beginning in this version, you can configure the plugin to alert only on direct dependency vulnerabilities (as opposed to both direct and transitive vulnerabilities). |
Mend for Bitbucket Server, | Beginning in this version, to improve performance, the integration will only clone the specific repository branch instead of cloning all branches before performing a scan. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.2.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.2.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Version 21.2.1 (28-February-2021)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA, |
|
Mend Advise for WebStorm | Scanning a project that does not contain any package-lock.json file now results in a notification asking the user to ensure the project is built before being scanned with Mend Advise. |
Mend Advise for PyCharm | An improved notification message is now displayed when no vulnerabilities are found in the project. |
Mend for GitHub.com | Beginning in this version, to improve performance, the integration will only clone the specific repository branch instead of cloning all branches before performing a scan. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.2 of the Unified Agent. The GitHub.com integration in this version supports version 21.2.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | In a forked repository with branch protection rules in place, when the last commit in a PR did not trigger a scan (not a valid push), then a neutral check run was created. In such a case, even if new vulnerabilities were introduced as part of the PR, merging the PR was still possible. |
Mend for GitHub.com | In cases where the Mend License Check was enabled, license policy violation data for libraries with an unknown license (Requires Review license type) were not surfaced in the integration. |
Version 21.1.2 (14-February-2021)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, | For improved visibility and troubleshooting, a startup check mechanism was added in the app container, which upon startup, provides a clear indication of the connectivity status between itself and the remediate container, the repository platform (SCM) API, and the Mend application server. The startup check also validates the activation key provided in the initial configuration. |
Mend Advise for PyCharm, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 21.1.1 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend Advise for PyCharm, |
|
Version 21.1.1 (31-January-2021)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server, | With the release of version 20.12.3 of the Unified Agent, the default dependency resolution for npm projects has been optimized by relying on the package-lock.json file (the npm.resolveLockFile Unified Agent configuration parameter default value is now true). |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.3 of the Unified Agent. The GitHub.com integration in this version supports version 21.1.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for PyCharm |
|
Mend Advise for PyCharm, | In some cases, a wrong transitive vulnerability tree was displayed for vulnerabilities detected under a direct dependency. |
Version 20.12.3 (17-January-2021)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | With the release of version 20.12.3 of the Unified Agent, the default dependency resolution for npm projects has been optimized by relying on the package-lock.json file (the npm.resolveLockFile Unified Agent configuration parameter default value is now true). |
Mend Advise for Eclipse, | Added enhanced Mend Advise license validation. Mend Advise will periodically validate the activation credentials and delete its data in case the license key has expired. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.3 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA, | In some cases, when the Remember license key option was enabled during activation, the activation credentials would not be saved upon restarting the IDE. |
Mend for Bitbucket Server, | A .whitesource file pointing to a custom whitesource-config repo which is not the default one, led to the global repo configuration (global-config.json) being taken from the default whitesource-config repo location. |
Version 20.12.2 (3-January-2021)
New Features & Updates
Product | Description |
---|---|
Mend Advise for PyCharm, | Mend has launched Mend Advise for PyCharm and Mend Advise for WebStorm plugins, empowering JetBrains developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects. |
Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, | From this version onwards, the Administration > Mend Integration page enables the Bitbucket administrator to select Projects to integrate with Mend, instead of Repositories. Once a project is selected by the Bitbucket administrator, the project administrator will be able to access the Mend Integration page from the Project > Project settings page and decide which repositories within that project to integrate with Mend. NOTE: Customers upgrading from an older version of the integration will be automatically migrated to the new Mend Integration model. This means that for each already integrated repository, the repository will be automatically selected inside the Project > Project settings page. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.12.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.12.2 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA | Scanning a Gradle project following file changes would sometimes not show markers for detected vulnerabilities. |
Mend for Bitbucket Server, | In an integrated repository page, the Critical severity metric inside the Mend Security widget was modified to High in order to align with the Mend UI severity metrics. |
Version 20.12.1 (20-December-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, | Added ability to define a whitelist of GitHub Organizations and/or GitHub repository owners who can integrate with the Mend integration. |
Mend for Bitbucket Server, | Global Repo Configuration:
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.12.1 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA | The No proxy HTTP setting was ignored by the plugin. |
Mend for Bitbucket Server, | The scanner container did not clean up between container restarts, resulting in a potentially large growth in the container’s disk size. |
Version 20.11.2 (6-December-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for Eclipse |
|
Mend for Bitbucket Server, |
NOTE: This feature currently supports only base branches (using the baseBranches parameter). A License Check Run (GitHub)/Commit Status (GitLab)/ Build Status (Bitbucket) will not be created on non-base branches when using displayMode=diff as part of the configuration in the .whitesource file. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.11.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.2 of the Unified Agent. The Mend for Bitbucket integration in this version supports version 20.11.1 of the Bitbucket Add-on.
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | Renovate config presets were not being resolved. |
Mend for Bitbucket Server, | In the Mend Security Report (Code Insights), the table listing each vulnerability was not displayed correctly. |
Version 20.11.1 (22-November-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ, |
NOTE: This feature is only available when using version 20.11.1 or later of Mend Advise. |
Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.10.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.11.1 of the Unified Agent.
Resolved Issues
Product | Description |
---|---|
Mend Advise for IntelliJ, |
|
Mend Advise for IntelliJ |
|
Version 20.10.2.1 (8-November-2020)
Resolved Issues
Product | Description |
---|---|
Mend for GitHub Enterprise | In some cases, two scans were triggered for the same commit. This led the issue publishing process to run twice at the exact same time, causing duplicate issues to be created. |
Version 20.10.1.1 (25-October-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server | In the Mend Integration page:
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.10.1 of the Unified Agent.
Resolved Issues
Product | Description |
---|---|
Mend for Bitbucket Server |
|
Mend for Bitbucket Server, |
|
Version 20.9.2 (11-October-2020)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend for GitHub.com |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.9.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.2 of the Unified Agent.
Version 20.9.1 (4-October-2020)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server, |
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.9.1 of the Unified Agent.
Version 20.8.2.1 (13-September-2020)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, |
|
Mend Advise for Visual Studio Code |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.8.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.2 of the Unified Agent.
Resolved Issues
Mend Advise for Eclipse: Reinstallation of the Mend Advise plugin caused multiple entries in the Builders view.
Version 20.8.1 (30-August-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for Visual Studio Code | Mend has launched the Mend for Visual Studio Code extension, empowering Visual Studio Code developers with important, valuable information on security vulnerabilities concerning open-source components employed in their development projects. For more information, see here. |
Mend for Bitbucket Server, |
|
Mend for GitHub Enterprise | Support for a Check Run on a pull request generated from a forked repository. |
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.3 of the Unified Agent. The GitHub.com integration in this version supports version 20.8.1 of the Unified Agent.
Resolved Issues
When a vulnerability affected multiple packages, only information on a single package was shown in the Mend security check.
Global Configuration: Adding the migration.json file to a non-default branch generated a failed Mend security check.
Version 20.7.3 (16-August-2020)
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.3 of the Unified Agent.
Resolved Issues
Mend for GitHub.com, Mend for GitHub Enterprise: Migrating specific repositories to the global configuration using the excludeRepos parameter led to incorrect results.
Version 20.7.2 (3-August-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for Eclipse, Mend Advise for IntelliJ IDEA |
|
Mend for Bitbucket Server, |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.7.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.2 of the Unified Agent.
Resolved Issues
Mend for GitHub.com, Mend for GitHub Enterprise: When the content of a "Mend Security Check" exceeded GitHub's size limit for a Check Run, the check run content was not displayed.
Mend for Bitbucket Server, Mend for GitHub Enterprise, Mend for GitHub.com, Mend for GitLab: As part of the Global Repo Configuration, the whitesource-config repository had to be initialized with a README file in order for the global-config.json and repo-config.json files to be automatically generated by the integration.
Version 20.7.1.1 (23-July-2020)
Resolved Issues
All Repo Integrations: In some scenarios, the Mend Security Check summary functionality led to a NullPointer exception where we could not identify the package dependency file path. This led to the Check Run/Commit Status/Build Status being in Pending status for 6 hours, after which a timeout mechanism marked it as Failed.
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
Version 20.7.1 (20-July-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for Visual Studio |
|
Mend for Bitbucket Server, |
|
Mend for Bitbucket Server |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.7.1 of the Unified Agent.
Version 20.6.2.2 (7-July-2020)
New Features & Updates
Product | Description |
---|---|
Mend Advise for Visual Studio |
|
Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab |
|
Mend for Bitbucket Server, Mend for GitHub Enterprise, Mend for GitHub.com, and Mend for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.6.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.2 of the Unified Agent.
Resolved Issues
Mend for Bitbucket Server: When uninstalling the add-on, the activation key and list of integrated repositories were not cleared.
Version 20.6.1.1 (23-June-2020)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab |
|
Mend for Bitbucket Server |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.5.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.6.1 of the Unified Agent.
Version 20.5.2.1 (10-June-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, and Mend for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.5.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.2 of the Unified Agent.
Version 20.5.1.3 (03-June-2020)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.2 of the Unified Agent. The GitHub.com integration in this version supports version 20.5.1 of the Unified Agent.
Resolved Issues
Mend for GitHub Enterprise: When running the wss-ghe-app container, a FileNotFoundException error message appeared in the logs.
Version 20.4.2.2 (17-May-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise |
|
Mend for Bitbucket Server, Mend for GitHub Enterprise, and Mend for GitLab |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab integrations in this version support version 20.4.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.4.2.2 of the Unified Agent.
Resolved Issues
Mend for GitHub Enterprise: When performing a scan, the local Maven registry directive was ignored.
Version 20.3.1 (29-March-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Support for Gradle Kotlin projects |
NOTE: The GitHub.com integration in this version supports version 20.3.1 of the Unified Agent.
Version 20.2.2 (15-March-2020)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com | Support for Gradle in Mend Remediate |
Mend for Bitbucket Server |
|
NOTE: The GitHub Enterprise, Bitbucket Server, and GitLab Server integrations in this version support version 20.2.1 of the Unified Agent. The GitHub.com integration in this version supports version 20.2.2 of the Unified Agent.
Resolved Issues
Mend Advise for Eclipse - Quick fix did not work when the version was provided as a variable
Version 19.11.2 (8-December-2019)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, Mend for GitHub.com, and Mend for Bitbucket Server | Setting the minSeverityLevel parameter in the .whitesource configuration file now also affects the Mend Security Check summary list. |
Version 19.11.1 (24-November-2019)
New Features & Updates
Product | Description |
---|---|
Mend for Bitbucket Server | The .whitesource configuration file now includes a parameter minSeverityLevel, enabling you to decide whether to open a new Bitbucket Server Issue only if a certain Security Vulnerability Severity level is available. |
Mend Advise for Chrome | Removed browser permissions for the Chrome extension that were not used by Mend. |
Resolved Issues
Products | Description |
---|---|
Mend for GitHub.com, Mend for GitHub Enterprise | When executing a scan with either the LOCAL or EXTERNAL values set for the configMode parameter in the .whitesource configuration file, the includes and excludes parameters are ignored. |
Version 19.9.2 (27-October-2019)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub.com, Mend for GitHub Enterprise | This version introduces the ability to generate fix PRs on-demand without defining workflow rules in advance. |
Mend for GitHub Enterprise, Mend for Bitbucket Server | A Health Check API endpoint was added to the wss-scanner Docker image. |
Version 19.9.1 (22-September-2019)
New Features & Updates
Product | Description |
---|---|
Mend for GitHub Enterprise, Mend for GitHub.com, and Mend for BitBucket Server | An indicator has been added indicating when automatic remediation is available for the specific vulnerability. |
Mend for GitLab Core | Mend is launching the Mend for GitLab Core beta version, enabling GitLab users to access Mend security alerts within GitLab’s native environment. |