Electronic Update Release Notes
The following issues have been addressed in the Electronic Update.
Issues/Bugs Addressed
The following issues and bugs have been addressed.
| Release Date | Issue ID | Issue Summary |
|---|---|---|
| 2026-04-22 | SCA-59631 | Release dates are now collected and populated for all Maven components in the Data Library. |
| 2026-04-08 | SCA-59631 | Added collection and population of release_dates to the Maven data in the data library. This update includes release date information for approximately 150 million Maven artifact versions. |
| 2026-04-08 | SCA-60058 | Resolved missing vulnerability records for mbedTLS, FreeRTOS, and lwIP in the data library. |
| 2026-04-08 | SCA-60046 | Manually added missing components to the data library, resolving the GitLab Component Inventory issue. |
| 2026-03-27 | SCA-59631 | Added collection and population of release_date metadata for Maven package versions in the data library, covering approximately 121,340,000 versions. |
| 2026-03-27 | SCA-59834 | Resolved identified coverage gaps by manually adding missing vulnerabilities to the data library for NVD entries that were in the Awaiting Analysis state. |
| 2026-02-27 | SCA-59817 | Backfilled missing license short names. |
| 2026-02-27 | SCA-59631 | Collected and populated release_date values for Maven data in our data library, covering 3,000,000 versions. |
| 2026-02-27 | SCA-58905 | Restored the GitLab collector to a running state by updating it to use the latest GitLab REST APIs. |
| 2026-02-27 | SCA-59445 | Corrected false-positive vulnerabilities and incorrect versions for the tcpdump-libpcap component. |
| 2026-02-27 | SCA-59630 | Updated the Debian mapper to remove false-positive vulnerabilities for the madler-zlib component. |
| 2026-02-27 | SCA-59652 | Enhanced the CPAN collector to support recent CPAN API changes. |
| 2026-01-27 | SCA-43040 | Data collection from https://packages.confluent.io and JBoss https://repository.jboss.org/nexus/content/groups/public/ are an addition to our list of data collectors. |
| 2026-01-27 | SCA-59446 | Fixed the issue of false negative vulnerability CVE which was missing in inventory but shown in Alerts in FNCI. |
| 2026-01-27 | SCA-59444 | Fixed the False negative vulnerabilities of the component pnggroup-libpng 1.6.44. |
| 2026-01-27 | SCA-58793 | Manually added the font util component along with the required versions. |
| 2026-01-27 | SCA-58276 | Enhancement to Npmjs collectors to handle package URLs returning 404(not found) errors. |
| 2025-12-22 | SCA-59138 | Enhanced the licenses collection to support viewing Commercial License details in FNCI/Code Insight. |
| 2025-12-22 | SCA-59053 | Fixed the ambiguity in Apache and BSD style license and remapped the components to licenses BSD-3 and Apache-2.0. |
| 2025-12-22 | SCA-59152 | Fixed the vulnerability detection inconsistency for HDF5 1.14.6 between FNCI and Dependency Track/NIST. |
| 2025-12-15 | SCA-58958 | Data collection to support the License Obligation details view. |
| 2025-12-15 | SCA-59074 | Added the new vulnerability CVE 2025 55182 to the data library. |
| 2025-12-15 | SCA-59067 | Fixed CopyrightsExtractorTool to remove special characters from copyright statements to ensure clean and consistent formatting. |
| 2025-12-15 | SCA-58891 | Fixed the false negative vulnerability mappings (CVE 2018 12533 for the component RichFaces. |
| 2025-11-06 | SCA-58679 | Previously, the PDL failed to optimize. This issue has been resolved, and the PDL now optimizes successfully. |
| 2025-10-23 | SCA-57532 | The SPDX license mapping file has been updated to include all current SPDX license IDs, which are mapped to their common license names. |
| 2025-10-23 | SCA-58608 | The vulnerability counts, which is reflected by the Vulnerabilities bar graph, now successfully include the vulnerabilities with MODERATE severity. |
| 2025-10-07 | SCA-58418 | Add CVSS 3 score Calculation and Column for GHSA Collector |
| 2025-10-07 | SCA-57695 | AI Suggestions for Versions in Data side work |
| 2025-05-07 | SCA-56904 | The CVE-2025-0725 vulnerability was failed to map to any component version. It has now has been correctly mapped to the curl component. |
| 2025-05-07 | SCA-57216 | A failure is observed when adding inventory items to projects that include certain versions of specific components. |
Collector Status
The following table lists the collector status information.
| Name | Date of Last Successful Run |
|---|---|
| Alpine | 2026-04-15 |
| Clojars | 2025-11-06 |
| Cocoapods | 2026-04-14 |
| Conan | 2026-04-16 |
| Cpan | 2026-04-16 |
| Cran | 2026-04-18 |
| Crates | 2023-04-20 |
| Debian | 2026-04-13 |
| fedora-koji | 2026-04-16 |
| Github | 2026-04-19 |
| Gitlab | 2026-03-26 |
| Go | 2026-04-13 |
| Hackage | 2026-04-05 |
| maven2-ibiblio | 2026-02-04 |
| maven-google | 2026-04-17 |
| Npm | 2026-04-20 |
| nuget gallery | 2026-03-19 |
| packagist | 2026-04-19 |
| Pypi | 2026-04-13 |
| rubygems | 2026-04-16 |
Enhanced License Detection Capability for Licenses
The following table lists updated or added license detection capability and license evidence mechanism.
| Release Date | License |
|---|---|
| 2025-03-31 | Apache-1.1 |
New/Update License Requests
The following table lists new or updated license requests.
| Release Date | License request |
|---|---|
| 2025-09-10 | TGPPL-1.0 License (license-id 2306) bpmn.io License (license-id 2307) |
New/Update Component Requests
The following table lists the new or updated component requests.
| Release Date | Component |
|---|---|
| 2026-01-27 | font-util (component_id: 39490220) url: https://gitlab.freedesktop.org/xorg/font/util/ |
| 2025-10-07 | wireless-regdb (component_id: 38732478) zlib (component_id: 38732980) compuphase-uniform-palette (component_id: 38733781) power-profiles-daemon (component_id: 38740783) deconcept-swfobject (component_id: 38741284) ethtool (component_ deconcept-swfobject id: 38741585) |
| 2025-08-22 | libxtrans (Component_Id: 37765164) xserver-xorg (Component_Id: 37765165) xsettings-daemon (Component_Id: 37765166) The-Ultimate-Toolbox-Home-Page (Component_Id: 37776061) |
| 2025-05-26 | npth component (Component_Id: 27220059) |
New/Update Component Versions Requests
The following table lists the new or updated component version requests.
| Release Date | Component version |
|---|---|
| 2025-10-07 | wireless-regdb, zlib, compuphase-uniform-palette, power-profiles-daemon, deconcept-swfobject, ethtool, Documentation Utilities, lttng/lttng-modules, batista/libxml2, PostgreSQL, rollup-rollupjs.org, apache-cxf, deconcept-swfobject |
| 2025-08-22 | libxtrans, xserver-xorg, xsettings-daemon, gnu-gnutls, dhcp, xhost, libdmx, sysvinit, Wrapper, gettext, relaxing, snmp_pp, The-Ultimate-Toolbox-Home-Page, SNMP4j |
| 2025-06-30 | sudo, busybox, eclipse-tcf, mktemp, php, efibootmgr, opkg-utils, and xmodmap |
| 2025-06-10 | accountsservice, cairo, sdparm, python-devel, krb5-devel, rsyslog, pycairo, gdb, RPCBind, man-pages, mdadm, libtirpc, pcre, mpg123, hdparm, alsa-utils, swig, smartmontools, e2fsprogs. |
| 2025-05-26 | java-service-wrapper, apache-commons-net, cpu-z, 7-zip, expat, apache-xalan-j, dbus-python, apache-httpd, mako, openssh, samba, gnupg, libtevent, ibtasn1, libgfortran. |
| 2025-05-07 | webkitgtk, PostgreSQL, D-Bus, openldap, Apache-CXF, Apache-PDFBox, and Apache-Log4j. |