Updated dependency-check-core to v3.2.0. See release notes for details.
Breaking Change
dependencyCheckJarAnalyzersetting key was renamed todependencyCheckJarAnalyzerEnabledto follow naming conventions
Noteworthy changes
- Security Fix: Unsafe unzip operations, as reported by the Snyk Security Research Team, have been corrected. If an archive (zip, jar, war, etc.) contained a name field with path traversal characters the file may have been extracted outside of the temp directory; resulting in an arbitrary file write
dependencyCheckCentralAnalyzerEnablednow defaults tofalseto not use Central Analyzer by default (#39)- Added more flexible suppression rules with the introduction of the
untilattribute (see jeremylong/DependencyCheck#1145 and dependency-suppression.1.2.xsd)