v32.5.1 (Security Release)

tdruez released this 07 Aug 15:42

· 292 commits to main since this release

Security

This release addresses the security issue detailed below. We encourage all users of ScanCode.io to upgrade as soon as possible.

GHSA-2ggp-cmvm-f62f: Command injection in docker image fetch process The fetch_docker_image function was subject to potential injection attack. The user inputs are now sanitized before calling the subprocess function. GHSA-2ggp-cmvm-f62f

What's Changed

Tag about files and companions correctly #825 by @AyanSinhaMahapatra in #837
Add new documentation chapter about automation #828 by @tdruez in #845
Add vulnerability support for discovered dependencies #835 by @tdruez in #846
fix: update rootfs to scan resource path by @philcali in #840

New Contributors

@philcali made their first contribution in #840

Full Changelog: v32.5.0...v32.5.1

Contributors

philcali, tdruez, and AyanSinhaMahapatra

Assets 2