Releases: spdx/tools
Release 2.2.8 - security updates
What's Changed
- Bump log4j-core from 2.17.0 to 2.17.1 by @dependabot in #288
- Bump log4j-api from 2.17.0 to 2.17.1 by @dependabot in #289
- Extract method code rafactoring in FileContext by @asadshaik1103 in #291
- extract method code refactoring SpdxLicenseTemplateHelper by @asadshaik1103 in #295
- Move refactoring for locateOriginalText by @asadshaik1103 in #297
- pull up field refactoring in DocumentInfoSheet by @asadshaik1103 in #299
- Remove unused Jackson databind from dependencies by @goneall in #305
- Make the LicenseJson class public by @goneall in #306
- Update GSON to version 2.8.9 by @goneall in #307
New Contributors
- @asadshaik1103 made their first contribution in #291
Full Changelog: v2.2.7...v2.2.8
Contributors
Assets 3
Version 2.2.7 of the SPDX Java Tools (Legacy)
Updates the Log4J version to version 2.17.0 to resolves a severe denial of service vulnerability CVE-2021-45105
Version 2.2.6 of the SPDX Tools (Legacy)
What's Changed
- Resolves critical security issue in log4j library CVE-2021-44228
- Resolves moderate security issue in log4j library CVE-2021-45046
- Resolves minor security issue in Guava library CVE-2018-10237
- Resolves minor security issue in Guava library CVE-2020-8908
- Update POM file to deploy to sonatype by @goneall in #275
- Bump commons-compress from 1.19 to 1.21 by @dependabot in #277
- Bump jsoup from 1.11.3 to 1.14.2 by @dependabot in #279
- Fix spelling of anonymous by @goneall in #280
- Update log4j to version 2.16.0 and guava to version 29.0-jre by @goneall in #285
Full Changelog: v2.2.5...v2.2.6
Note that there is a re-designed version of this tool: tools-java
Contributors
Assets 3
Version 2.2.5 of the SPDX Tools (Legacy)
This release includes the following fixes:
- #273 Resolves an issue introduced with the latest release of the License List
- #269 Parses out Boolean types from the RDF when parsing the RDF/XML format
Note that there is a re-designed version of this tool: tools-java
Version 2.2.4 of the SPDX tools
Add CrossRefs to support LicenseListPublisher enhancements to URL handling.
Resolve issue #260
Various bug fixes.
Version 2.2.2 of the SPDX tools
Release 2.2.2 of the SPDX tools.
Includes support for additional cross reference fields required by the LicenseListPublisher and additional minor fixes.
Version 2.2.1 of the SPDX Java tools
This release fixes a major defect for License Ref case sensitive matching.
Version 2.2.0 of the SPDX Java tools
Implements SPDX spec version 2.2.
Version 2.1.20 of the SPDX Java Tools
Resolve minor defects and a possible denial of service vulnerability.
Version 2.1.19 of the SPDX Java Tools
Fixes issue with normalizing HTTP and HTTPS while doing license text compares.