- Updated dependency-check-core to v6.4.1 (#213 ). See release notes of DependencyCheck for v6.3.2 to v6.4.1 for details.
Notworthy changes
- New setting
dependencyCheckCveWaitTimefor the time in milliseconds to wait between downloads from the NVD. - New setting
dependencyCheckCveStartYearfor the first year of NVD CVE data to download from the NVD. - Several changes to reduce risk of NVD rate limiting
- Reduced chance of rate limiting when download files from NVD
- The NVD CVE data files are now being cached for up to 4 hours in case a download fails, re-running the plugin will use the cached version.
- Added download attempts with increasing wait time for CVE meta files from the NVD to prevent rate limiting issues