v1.12.2
Added Features
- Detect curl binaries [#3146 @krysgor]
- Add haskell binaries cataloger [#3078 @LaurentGoderre]
- add the Ocaml ecosystem [#3112 @LaurentGoderre]
- Support HAProxy dev [#3134 #3180 @witchcraze]
Bug Fixes
- Fix improper decoding of SPDX license expressions in the CycloneDX format [#3175 @NyanKiyoshi]
- improve generated cpes for binaries with existing classifiers [#3169 @westonsteimel]
- improve known CPEs and set NVD as source for all current binary classifiers [#3167 @westonsteimel]
- Respond to authoratative CPEs from catalogers [#3166 @wagoodman]
- Set cataloger names within package cataloger task [#3165 @wagoodman]
- use official CPE for curl binary cataloger [#3164 @westonsteimel]
- Fix ELF package correlations [#3151 @wagoodman]
- no space left and Could not retrieve mirrorlist in test [#3181 #3190 @wagoodman]
- Multiple versions of libssl3 and libcrypto3 present in SBOM while only one version is installed [#3195]
- CycloneDX convertion into Syft improperly handles SPDX licenses [#3172]
- Syft Cause stack overflow [goroutine stack exceeds 1000000000-byte limit] [#3163 #3170 @kzantow]
- Mysql binary detection version incorrect for 8.0.x [#3141 #3142 @kzantow]
Additional Changes
- Less verbose java logging when non-fatal issues arise [#3208 @wagoodman]