Release v1.12.2 · anchore/syft · GitHub
Added Features
- Detect curl binaries #3146 @krysgor
- Add haskell binaries cataloger #3078 @LaurentGoderre
- add the Ocaml ecosystem #3112 @LaurentGoderre
- Support HAProxy dev #3134 #3180 @witchcraze
Bug Fixes
- Fix improper decoding of SPDX license expressions in the CycloneDX format #3175 @NyanKiyoshi
- improve generated cpes for binaries with existing classifiers #3169 @westonsteimel
- improve known CPEs and set NVD as source for all current binary classifiers #3167 @westonsteimel
- Respond to authoratative CPEs from catalogers #3166 @wagoodman
- Set cataloger names within package cataloger task #3165 @wagoodman
- use official CPE for curl binary cataloger #3164 @westonsteimel
- Fix ELF package correlations #3151 @wagoodman
- no space left and Could not retrieve mirrorlist in test #3181 #3190 @wagoodman
- Multiple versions of libssl3 and libcrypto3 present in SBOM while only one version is installed #3195]
- CycloneDX convertion into Syft improperly handles SPDX licenses #3172]
- Syft Cause stack overflow [goroutine stack exceeds 1000000000-byte limit] #3163 #3170 @kzantow
- Mysql binary detection version incorrect for 8.0.x #3141 #3142 @kzantow
Additional Changes
- Less verbose java logging when non-fatal issues arise #3208 @wagoodman