Skip to content

@shaheemazmalmmd shaheemazmalmmd released this Jan 11, 2021

With every new release, FOSSology brings various bug fixes, infrastructure changes and various new features.

You can check the list of commits in release bellow but few highlights for the release will be:

  • Drop support for PHP5 and update dependencies for PHP7
  • Update password hashing algorithm from SHA1 to more secure bcrypt.
  • Ability to search file from hash values in REST API.
  • New licenses from SPDX 3.10 and many fixes in nomos.
  • Advance search and replace for copyrights.
  • Ability to enforce password policies.
  • Feature to import license acknowledgement from NOTICE file.
  • Change the versioning scheme to include patch number (featched from GIT).
  • Ununpack agent can be compiled to work in standalone mode.

Credits to contributors for 3.10.0-RC1

From the GIT commit history, we have following contributors since 3.9.0:

> Aman Dwivedi <>
> Andreas J. Reichel <>
> Anupam Ghosh <>
> Bartłomiej Dróżdż <>
> David Lechner <>
> Dineshkumar Devarajan (RBEI/BSF6) <>
> Gaurav Mishra <>
> Helio Chissini de Castro <>
> Mikko Murto <>
> Piotr Pszczola <>
> rlintu <>
> Sahil <>
> Shaheem Azmal M MD <>
> Toussaint Nicolas <>


  • 9027b8711 fix(login): Do not set group_fk if empty
  • e6b060fbe fix(db): add indexes to pfile on sha1 and sha256
  • 0714946c9 fix(ack): add missing uploadid in getresults function
  • 71981e494 fix(API): added container-interop dependency for resolving Internal Server Error
  • c6d1c87a3 fix(twig): Update twig version to preserve spaces
  • d250b735b fix(globalDecision): make includesubfolders true in case of global to capture previous decisions
  • 32cef88e4 fix(readmeoss): unescape contents
  • 34486d07d fix(conf): fix not able to save conf in case of brackets
  • 88024fe35 fix(ununpack): Initialize gcrypt
  • 40d96ebeb fix(rest) : Set job status as Failed when any one of the job is failed


  • a0338b740 refactor(login): updated password hashing algorithm
  • 30f0b773a docs(db): remove obsolete comment from schema
  • 3d29039b7 chore(cd): Use fo-debuild script to build packages
  • 65041f002 debian: Improve deb package building (#1828)
  • 855aec69a update(org): upgraded php version to php7


  • 932b82d76 feat(ununpack): standalone
  • 106a95907 feat(docker): improve database healthcheck command
  • 3291eec27 feat(docker): services healthchecks in docker-compose file
  • fc8b111ca feat(build): Get build version number from git
  • 7f36edb90 feat(password): Create password policy
  • a3dad10ab feat(browser): total files in license browser view
  • 4fd3007e4 feat(copyright): Search and replace with regex
  • c1773ec41 feat(conf): make unified report configurable
  • b96010ea1 feat(licenses): New licenses added from SPDX 3.10 to nomos.
  • 9b327e80b Nomos: New licenses from SPDX 3.10 added. Lots of other corrections.
  • 323155150 feat(cd): Build Focal packages on release
  • a9ce7e738 feat(nomos): add new license intel-binary
  • bc3e1bf6b feat(rest): Filter uploads by folder id
  • 03f7f53c4 feat(utils): Filter inputs for unicode ctrl chars
  • 5e4fae26e feat(search) - possibility to search in selected upload only
  • d03ed3493 feat(gui): Add Bucket link for license view page
  • f9cdc2d38 feat(conf): add textarea in conf page for notes
  • 42ffc492f feat(nomos): Apache detection
  • 5db568481 feat(rest): Get file info from hash
  • d1fdfe4d7 feat(modal): use jquery-ui dailog instead of plain modal
  • d013e0903 feat(noticeImport): add child modal to load notice files
  • d1583ca87 feat(notice_import): Increase size of textarea and fix a max notice preview length
  • 0642f8ed2 feat(notice_import): Import notice file content into acknowledgement
Assets 7

@GMishx GMishx released this Dec 1, 2020

3.9.0 (November 30th 2020)

This release adds important corrections to 3.9.0-rc2

The release 3.9.0 introduces following major changes:

  • Introduce support for Ubuntu Focal Fossa (20.04)
  • Drop support for Debian 8 Jessie
  • PostgreSQL 12 support
  • Obligations now refer to license conclusions
  • Auto deactivation of copyrights for irrelevant files
  • Ability to specify GIT branch in Upload from VCS
  • REST API now supports upload from URL
  • Display time in browser's timezone wherever possible
  • Ability to export Copyright CSV
  • Remove OpenSSL dependency and use libgcrypt

The release 3.9.0 also introduces new agent Spasht which connects with ClearlyDefined server and pulls information like License and Copyrights (if available).
To use it, upload a package, open it and goto Spasht page from the top yellow bar. From there, search for the desired package on ClearlyDefined and schedule the scan. Licenses and copyrights will appear on the same page.

Credits to contributors for 3.9.0

From the git commit history, we have following contributors since 3.8.0:

> adityabisoi <>
> Akash-Sareen <>
> Anupam Ghosh <>
> Avneet Singh <>
> Dineshkumar Devarajan (RBEI/BSF6) <>
> Gaurav Mishra <>
> Lakshmi Bhavani <>
> Marion Deveaud <>
> Michael C. Jaeger <>
> Mikko Murto <>
> Piotr Pszczola <>
> Shaheem Azmal M MD <>
> sjha2048 <>
> vivek kumar <>


  • d9ed388d5 chore(documentation): updating basic license info in UI
  • 81e029137 feat(about): add new page for third party licenses
  • a333fb5eb update(org): added focal-fossa support
  • 010f94747 chore(spdx): bump spdx version to 2.2


  • 6a2ce3dee fix(spasht): Fix advance search
  • be5189da4 fix(swh): Update User-Agent, lowecase SHA256
  • bd65ab70b fix(ununpack): Correct the mimetype for deb files
  • 4f4f311b2 fix(copyrightDao): Change statement in updateTable


  • 87829c8e4 feat(cd): Publish release packages with Actions
  • bc2f2eb07 update(org): drop debian 8 support
Assets 7

@ag4ums ag4ums released this Oct 8, 2020

3.9.0-RC2 (Oct 08th 2020)

This pre-release brings corrections from the release 3.9.0-rc1.

  • 4df3358c2 perf(ui): Reduce load time for tree view
  • c56ae1733 fix(ClearingDao): Get uploadtree table name
Assets 2

@GMishx GMishx released this Sep 1, 2020

3.9.0-RC1 (Aug 31st 2020)

With every new release, FOSSology brings various bug fixes, infrastructure changes and various new features.

You can check the list of commits in release bellow but few highlights for the release will be:

  • New agent Spasht which searches for decisions from and bring them to FOSSology.
  • New Docker image to use in CI
  • PostgreSQL 12 support
  • REST API version updated to 1.0.16 from 1.0.13 in release 3.8.1.
  • New page to check status of all job in a server
  • Using user's time zone to change time in UI
  • Ability to specify GIT branch in Upload from VCS
  • Reuse of deactivated copyrights
  • Remove OpenSSL dependency and use libgcrypt
  • Removal of redundant MD5 checksum from licenseRef.json

Credits to contributors for 3.9.0-RC1

From the GIT commit history, we have following contributors since 3.8.1:

> adityabisoi <>
> Akash-Sareen <>
> Anupam Ghosh <>
> Avneet Singh <>
> Dineshkumar Devarajan (RBEI/BSF6) <>
> Gaurav Mishra <>
> Lakshmi Bhavani <>
> Marion Deveaud <>
> Michael <>
> Mikko Murto <>
> Piotr Pszczola <>
> Sahil <>
> Shaheem Azmal M MD <>
> vivek kumar <>


  • f24547d85 fix(licenseRef): Fix type in array_map
  • f09761d20 fix(licenseref): handle errors license errors
  • 2fcbff0b1 fix(Nomos): Added a new License signature
  • a7908a68d fix(spasht-ui): Removed extension from the spasht search
  • 5638337f2 fix(report): Don't group results with custom text
  • 865f8ac02 fix(licenseRef): Fix import of licenseRef.json
  • 23504c7a2 fix(lib): Correct non-default argument position
  • 059ed1cfb fix(lib): Remove extra parameters
  • 485ddc75d fix(obligation): Refer to license conclusions
  • eb60785b5 fix(rest): fixed ignoreScm flag when input is false
  • 7880e856a fix(delagent): Remove clearing_decision and lrb
  • a41120ad8 fix(spdxReport): add missing artifact to file path in spdx reporting
  • 40792c1c2 fix(ui): Use default timezone if not set
  • 75c59cde8 fix(bulk): add class to show text highlighted for matched page
  • 3931634dd fix(spdx): Fix duplicate copyrights
  • 0728965c8 fix(clearingDao): Copy acknowledgement with event
  • 441d224e4 fix(clearingCount): do not add count as cleared in case of to be discussed
  • 58562d7da fix(nomos-standalone): included changes for the PR #1600
  • c07cf2ee0 fix(SCM): fix warnings in apache log if SCM is not selected
  • eb08c0e2b fix(unifiedreport): Get department from config
  • 7b8b5ef77 fix(fo-installdeps): added a missing dependency
  • 420903394 fix(upload): Fix the check for expire_action
  • 1b062b135 fix(spdx): fix spdx-rdf export.
  • de279e3de fix(libschema): Schema fix for PostgreSQL 12
  • 421a4221f fix(AdviceLicense):show error message on failed merge
  • c08a54f8c fix(rest): Get upload summary without UI


  • 73c5b6a08 chore(alljobs): Restrict to read
  • b002820e9 perf(license_candidate): Create PRIMARY KEY
  • 7fecfc84e test(GetHashes): Change tests for sha256
  • 685e78632 table reference fixed
  • 52f4096a0 chore(delagent): Remove OpenSSL dependency
  • 926f8540f chore(ununpack): Remove external checksum code


  • e35f31c73 feat(licenseRef): update existing licenses
  • cb06d031e feat(spasht): Use dialog for details
  • 758ed16ab feat(spasht): Change UI and remove some steps
  • e27a9862d feat(spasht): Added Agent spasht
  • 3aa573e33 feat(reuser): reuse deactivated copyrights
  • dbd411529 feat(showjobs): Show delete file name
  • 87f8876f5 feat(ci): Use FOSSology scanners in GitLab CI
  • 46c1384fb feat(decisions): auto deactivate copyrights
  • 84185975d feat(conf): add feature to change all local clearings to global from conf
  • bd5662577 feat(ReportDao): send heartbeat from Dao to keep the agent alive for large files
  • a737c4bcb feat(jobs): Show all running jobs
  • 462591e8c feat(export): Export Copyrights
  • 4e025c1b7 feat(download): Limit source code download only for users with specified access rights
  • 00a68a13d feat(ui): Display Job timings in browser timezone and formatted date time to Y-m-d H:i:s
  • 2ca5257cd feat(rest): Upload from URL and server
  • 08132e0c9 feat(rest): extend upload model with filesha1
  • 0bc755ad7 feat(globalDecision): show warning if the candidate license is added to license list
  • 8f395952a feat(upload): Add possibility to upload specific Git branch
  • a35edb985 feat(groups): Update default group for user
  • e834b41bd feat(spdx export): Add sha256 to exported spdx.
  • d90175480 feat(copyright): Enable agent to read authors from ROS catkin package manifest files as per spec
  • bbaf4f071 feat(nomos): Print JSON directly to STDOUT
  • 807f6614b feat(nomos): Optimize JSON output
  • af22a5b21 feat(scanner): ignore files from scanning using mimetype
  • 59464a500 feat(maintenance): Remove orphan log files
Assets 7
  • 3.8.1
  • 9103fa3
  • Compare
    Choose a tag to compare
    Search for a tag
  • 3.8.1
  • 9103fa3
  • Compare
    Choose a tag to compare
    Search for a tag

@GMishx GMishx released this May 18, 2020

3.8.1 (May 18th 2020)

This release is a quick hot-fix on 3.8.0 release.

The bug fix is for Browse page load issue, solved and reported in pull request PR#1714.

Credits to contributors for 3.8.1

From the git commit history, we have following contributors since 3.8.0:

> Gaurav Mishra <>


  • 85c6697fc fix(upload): Fix the check for expire_action
Assets 7
  • 3.8.0
  • d6e8756
  • Compare
    Choose a tag to compare
    Search for a tag
  • 3.8.0
  • d6e8756
  • Compare
    Choose a tag to compare
    Search for a tag

@GMishx GMishx released this May 4, 2020

3.8.0 (May 4th 2020)

This release adds important corrections to 3.8.0-rc1

The release 3.8.0 also introduces new agent Software Heritage. There is a special note about this agent.

Due to rate-limiting from Software Heritage, the agent might run slow. Please check the Geeky Scan Details of the agent to understand the cause of the delay.

Please check for more info.

Some notes about the UTF-8 database. The copyright (and sister) agent now creates only UTF-8 string. So it is safe to update to Postgres with UTF-8 encoded database. For more information, please refer to the wikipage Migration to UTF-8 DB

Credits to contributors for 3.8.0

From the git commit history, we have following contributors since 3.8.0-rc1:

> adityabisoi <>
> Anupam <>
> Carmen Bianca Bakker <>
> Gaurav Mishra <>
> Kaushl2208 <>
> Mikko Murto <>
> Shaheem Azmal M MD <>
> sjha2048 <>


  • 5ca84b7a4 feat(SWH): catch exceptions in case of bad response
  • d8ac396c7 feat(DB): Recode copyright tables to UTF-8
  • 3bbb7156a feat(SWH): add time to reset if X-RateLimit-Limit reached for SWH agent
  • 144b81c19 feat(Copyright): Fixed the checking of config file in wrong folder
  • 3b6f4fac6 feat(unifiedReport): move obligations to DAO layer remove unused file


  • 148b774e5 fix(delete): Do not remove upload_pk
  • 6296b6738 fix(schema): Match schema with schema export
  • c49c5a691 fix(spdx-rdf-report): Fix comments in export.
  • 8880d1a98 fix(travis): Fix build config warnings
  • c9c6f3cb9 fix(fo-installdeps): Added missing Fedora dependecies
  • 7d905ed6a fix(AdviceLicense):Show error message on failure
  • c0a4b25b3 fix(package): fix syntax
  • eec0a5faa fix(rest): Remove hostname from JWT


  • 88f6de2e8 fix(travis): Fix page deploy stage
  • a106def1c fix(packaging): Create apache softlink on source
  • b3abe195b docs( Fixed broken link in
  • 018de9705 fix(git) : add php.ini to gitignore
  • 09b48ffe5 docs(README): Refer to the correct file for the licenses
  • 5a28eabdc fix(apache): Enable fossology on source install
Assets 7

@shaheemazmalmmd shaheemazmalmmd released this Mar 6, 2020

This release brings a number of corrections (see below) and changes to the infrastructure. But it also adds new features to FOSSology, including:

  • A new agent added Software Heritage Analysis which searches for file existance in softare heritage
  • Reuse of report configuration settings
  • New decision type do not use
  • Consider a particular license for its obligation to be listed in report in conf
  • Add external authentification feature
  • New dashboard pages with submenu

Credits to contributors for 3.8.0-RC1

From the git commit history, we have following contributors since 3.7.0:

> Andreas J. Reichel <>
> Anupam Ghosh <>
> Bartłomiej Dróżdż <>
> dineshr93 <>
> Gaurav Mishra <>
> Michael <>
> Nicolas Toussaint <>
> Piotr Pszczola <>
> sandipbhuyan <>
> Shaheem Azmal M MD <>
> Woznicki Pawel <>


  • 31d4c7b39 fix(copyright): Remove non utf8 strings
  • ddcaa8eb9 fix(conf): Update install/defconf/
  • 50e7cf569 Fix(Dockerfile): make clean install clean
  • 2143f6aec fix(lib): Check group on local decision only
  • 5a7bd82a8 fix(reuser): Run decider after reuser
  • d97f9cec9 fix(ext-auth): check that external authentication is configured
  • c20b7fb0f fix(SHagent): add proxy settings, add SH agent to PHPCS
  • c60150d59 fix(bulk): Fix dropdown bulk on folder level
  • 251fd8dfd fix(ojo): Add lower limit to license length
  • fbc86017c fix(nomos):test-cases
  • a1b287e06 fix(nomos) : CC-BY-SA identification
  • 4c04b59bc fix(nomos) : segfault for large offset value
  • ffdd07786 fix(highlight): highlight for reference text that exists in different page
  • a3323dac8 fix(log): fix warnings from apache error log
  • 415b2ae78 fix(view-license): Browse file without scanner ars
  • efe1301ab fix(ui): decision and scope for licenses
  • 7c9ca59ef fix(CHANGELOG): Fix the changelog
  • 87e709233 fix(build-dep): Add PHP-CLI as build dependency
  • 73fe66278 fix(ojo): Handle dual-license and SPDX new naming
  • b84b6d26b fix(admin): Allow read user to edit user
  • c839f02b6 fix(copyright): Wait for ajax calls
  • ca9a1908c fix(license-csv): Handle candidate licenses
  • bdaad200d fix(license-csv): Update license if exists
  • 50558dcb5 fix(rest): Hide sensitive user info
  • 79d42b791 fix(wget_agent): Fix possible memory corruption and leaks
  • a84db62f8 fix(wget_agent): Archivefs: Prevent possible buffer overflow
  • 1c5498f0c fix(wget_agent): GetURL: Part 3 - Prevent possible buffer overflow
  • afed499a3 fix(wget_agent): GetURL: Part 2 - Prevent possible buffer overflow
  • 1db296e2c fix(wget_agent): GetURL: Part 1 - Prevent possible buffer overflow


  • 88d98224f Revert "Merge pull request #1498 from siemens/feat/rest/provide-group-upload"
  • a55e1e818 chore(wget_agent): Remove redndant code
  • 8cb62708e chore(nomos): Rename test file
  • 12b7da1d7 chore(lib): Move agent list to common place
  • f50ff3ca6 refac(wget_agent): DBLoadGold Don't open pipe before checking Fin
  • 7237b38b8 refac(wget_agent): DBLoadGold: Prevent possible buffer overflow
  • d9beb426a refac(wget_agent): Remove superfluous rc_system variable
  • 2244a9150 refac(wget_agent): Part 1 - Prevent possible buffer overflow
  • dff78a713 refac(wget_agent): add function for destination of wget command


  • c3dca9ae0 feat(migrate): Program to make file UTF-8 compatible
  • b31ba2ff1 feat(unifiedReport): include DNU information in assesment summary
  • 80a184dad feat(SWHagent): add status of request to DB
  • e2b92bc15 feat(auth): Add external authentification feature
  • 8f4c63010 feat(ojo): Remove upper limit from license name
  • 2a6ab581b feat(rest): Get the license list for upload
  • 164fb898f feat(reuse): add reuse of report configuration settings
  • 28111118e feat(SHagent): add new table column with Software Heritage Status
  • d15c64d3b feat(email-smtp-config): Add SMTP User field into Fossology email
  • 6f00ed38e feat(rest): Add group context (groupName param) for REST Api calls
  • 9d981d2ce feat(rest): Send upload summary
  • f4b56e186 feat(upload): add feature to change permission of a all uploads in a folder
  • 77d4d8895 feat(decisions): add new decision type do not use
  • 74aa499d2 feat(ui): Place DataTables processing at top
  • f3bb51eac feat(software-heritage): Update the description in debian package
  • a05ac660d feat(software-heritage): Update the composer.lock file
  • d9fdbd6c1 feat(softwareHeritage): Update software heritage details in debian package
  • 1e994d646 feat(softwareHeritageView): Show the details of software heritage in the license list page
  • de6a46b85 feat(softwareHeritageView): Show the details of software heritage in the license list page
  • 71d785cda feat(software-heritage): Make softwareHeritage dao function and add all
  • abb463dd9 feat(software-heritage): Redundancy check while inserting softwareHeritage record
  • 6a9786544 feat(software-heritage): Make the ui section of software heritage
  • 0869f6c66 feat(software-heritage): Create a software heritage agent
  • bf47edabd feat(db): Make table of software heritage to store information
  • 034c48aa2 feat(dashboard): New dashboard pages with submenu
  • 9fe3d90d3 feat(unifiedReport): exclude scanner found copyrights of irrelevent files
  • 66a009d83 feat(conf): add obligations to consider a particular license for its obligation
Assets 7
  • 3.7.0
  • c933aa2
  • Compare
    Choose a tag to compare
    Search for a tag
  • 3.7.0
  • c933aa2
  • Compare
    Choose a tag to compare
    Search for a tag

@ag4ums ag4ums released this Dec 11, 2019

3.7.0 (Dec 11th 2019)

This release adds important corrections to 3.7.0-RC1. As for the release 3.7.0 of FOSSology, most notable additions since are:

  • The scanner that finds dedicated SPDX-License-Ref statements in files is now supported by the auto-decision mode in FOSSology. Thus generated SPDX documents will not only have the information about licenses found by scanners, but also allow for automatically adding conclusions. Note that this can be triggered also by the REST API.

  • The REST API has been adapted to better integrate with SW360. This version of FOSSology is suitable for use with SW360 6.0 in order to have a working integration between the two.


Credits go to the following persons for this release since 3.7.0-RC1:

> Anupam Ghosh <>
> Gaurav Mishra <>
> Martin Michlmayr <>
> Maximilian Huber <>
> Michael C. Jaeger <>
> Shaheem Azmal M MD <>


  • 7cdc6b50a fix(obligation): Move candidate licenses
  • c74f2f4af fix(obligation): Associate all lic with same name
  • 68094159b fix(copyright): only scanner finding copyrights to unifiedreport
  • 23cb2f66a fix(counter): Optimize clearing counter queries
  • 3885ac14d fix(db): Optimize license browse queries
  • 96a4da4c3 refactor(report): edited global license code make it available for unified repot fix php codesniffer
  • 08ac47678 fix(decider): remove force dependency of nomos and monk for ojo decider add nomos dependency if required


  • 48c0caa14 chore(composer.json): updated symfony/dependency-injection version
  • 252bbaeb2 chore(installdeps): remove php-yaml from os level and add it to composer update composer.lock..
  • 2e158034e docs(changelog): fix typo
  • d85038afc chore(unifiedReport): change phpword to a latest version update composer.lock with new changes
  • a674aa9e3 chore(docker-compose): harmonize versions with sw360chores
Assets 7

@GMishx GMishx released this Oct 24, 2019

This release was created in order to bring important changes for the REST endpoints to a release, so integration, for example with sw360, work on a release but not with latest master. Besides improvement is the extension of the decider agent to allow for decisions based on found SPDX-License-Identifier tags found by the ojo agent.


There are many ways to commit to the source code, but if you count the commits to master, then the credits go to the following persons for this release since 3.6.0:

> Andreas J. Reichel <>,
> Anupam <>,
> Bruno Cornec <>,
> Gaurav Mishra <>,
> Maximilian Huber <>,<
> Michael <>,
> Onyemenam Ndubuisi <>,
> Piotr Pszczola <>,
> Shaheem Azmal M MD <>,
> Toussaint Nicolas <>,
> vivek kumar <>,
> abirw


  • 8bbe52d2b feat(rest): add auto conclusion for ojo findings if
  • af3f5738d feat(license): Provide predefined license comments
  • 651a89088 feat(rest): Provide group ID during POST upload
  • 1a82e74a2 feat(decider): add auto conclusion for ojo findings if no contradiction with other findings
  • 71d1b7871 feat(rest): Provide API version as an endpoint
  • 808fa1db2 feat(rest): Upload packages from VCS
  • fa2c27d16 feat(upload_vcs.html.twig) Use HTML
  • 7887f02ad feat(spdx): add user found copyrights to SPDX reports
  • 0505ca138 feat(upload_vcs.html.twig) make Git the default VCS rather than SVN
  • 8a5f14fd3 feat(pbconf): adapt to pb 0.15 and new fossology 3.3+
  • 5a9a341be feat(api): Add pagination to jobs endpoint
  • 7a190c110 feat(api): Add OJO analysis to REST API
  • 12f064abe feat(api): Get job status and ETA
  • 8989c1e17 feat(copyright): New directory scan and better JSON


  • 49fcfa05a fix(rest): do not schedule decider if the option is empty
  • 1045cf4f6 fix(readmeoss): added edited global license text in readmeoss
  • 213222d31 fix(notices): updating notice file, debian copyright and spdx lic info
  • 9e524ef52 fix(rest): getUploads - invoke getRows with proper parameters
  • 416da0abc fix: fix formatting as suggested in comment
  • 9a3f86d64 fix(groups): add validations and remove CONSTRAINTS
  • e4e811f22 fix(geekyscan): make full job report link more descriptive closes #1346
  • fcc5ef797 fix(deps): Added missing php-pgsql
  • 41fe2b4cd fix(deps): Fix dependencies for Debian Buster
  • f0348b64c fix(buckets): Prevent possible buffer overflow/-run
  • 5f77fe45d fix(ununpack): Fix compiler warnings for Debian 10/gcc8
  • 7beb859d1 fix(pkgagent): Avoid possible buffer overrun with strncpy
  • 359ae6101 fix(lib/c): Prevent possible buffer overflow/-run
  • 89e461394 fix(delagent): Fix possible buffer overrun
  • 7ee6b5955 fix(mimetype): Fix usage of strncpy, remove memset
  • 4a2829ef2 fix(testing/db/c): Prevent buffer overflows
  • c1d165af6 fix(ununpack): Increase buffer sizes to prevent overflow
  • 7b62b6759 Attempting to fix bug in fo_nomos_license_list


  • e559e388a chore(control): Remove ninka from debian/control
  • c4df71415 refactor(fossology): Refactor modularity
  • 8c3caef81 chore(composer): Bumping composer to 1.9.0
  • ff1aa9fe3 chore(ninka): Remove Ninka packaging from master
  • f0e56b1c5 test(licenseStdCommentDao): Add test cases for DAO
Assets 2
  • 3.6.0
  • fc1b3ce
  • Compare
    Choose a tag to compare
    Search for a tag
  • 3.6.0
  • fc1b3ce
  • Compare
    Choose a tag to compare
    Search for a tag

@shaheemazmalmmd shaheemazmalmmd released this Sep 11, 2019

After two release candidates, making fixes for migration tests, unified report and load issues with tree-view, FOSSology is stable enough for a new release. The main features of the 3.6.0 release can be found under
RC1. Particular corrections after RC1 can be found under RC2.

Few interesting features in this release are:

  • A new agent named ojo (eye in Spanish) which does dedicated searches for the 'SPDX-License-Identifier' statements
  • Improved handling of manually added copyright statements to files
  • Improvements to the SPDX reporting, for example output also of comments
  • Calculating the SHA256 values for files from now on, because that is going to be used for integration of, for example, Software Heritage or Clearly defined

Credits to 3.6.0

From the git commit history, we have following contributors since 3.5.0:



  • 7a17bc7b6 fix(src/ununpack/agent/utils.c) update SHA256 of existing entries, patch proposed by @fogninid.
  • bdd004e43 fix(src/ununpack/agent/utils.c) remove unused #define
  • ef4820fcd fix(ajaxExplorer): Reduce view creation
  • f16c0eecb fix(importReport): update easyRDF to a stable version
Assets 6