Versions Compared

Old Version 8

changes.mady.by.user Ray O'Meara

Saved on

compared with

New Version Current

changes.mady.by.user Chris Potts

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version 8.0.0

New features

  • Updated to be compatible with Synopsys Detect 8.x.x. (Downloading and using detect8.(sh/ps1)).

Changed features

  • The Jenkins plugin has been upgraded to use Synopsys Detect 8.x.x for execution.

  • The plugin has been built against upgraded Jenkins/Jenkins plugin versions in order to mitigate known security risks.

  • The minimal Jenkins version required is 2.377.

  • Configuration and usage of the plugin is unchanged.

Resolved issues

  • (IDTCTJNKNS-258) CVE-2022-42889 for Synopsys Detect Jenkins plugin 7.0.0

  • (IDTCTJNKNS-261) Synopsys Detect v8 for Jenkins plugin

  • (IDTCTJNKNS-255) Update dependency for Jenkins version, including optional plugin dependencies

  • (IDTCTJNKNS-254) Only escape Detect parameter values

  • (IDTCTJNKNS-253) Improve clarity of messages logged when running plugin

  • (IDTCTJNKNS-252) Update internal dependencies to latest

  • (IDTCTJNKNS-247) Detect shell scripts are executed first and then downloaded in Pipeline execution in Linux and Windows slave nodes

  • (IDTCTJNKNS-239) Avoid leaking API token string in the console output

  • (IDTCTJNKNS-228) Unable to use java version specified in pipeline when running Detect in Air Gap mode

  • (IDTCTJNKNS-224) Improve clarity in the transition between the different stages of Detect for Jenkins

  • (IDTCTJNKNS-220) Jenkins Build is changed to Unstable for Invalid values in Synopsys Detect Installers

  • (IDTCTJNKNS-192) Size must be between 1 and 50 when --detect.project.tag is more than 50 characters

Version 7.0.0

New features

  • Update major version to match major version of Detect that it runs

  • Update plugin to be compatible with Detect 7.x.x. This includes:

    • Download and use detect7.(sh/ps1)

    • Use property detect.timeout instead of blackduck.timeout

    • Remove support for using blackduck.password and blackduck.username and exclusively use blackduck.api.token

  • Update UI when configuring plugin so that it will only list 'Secret Text' saved entries (Manage Jenkins -> Configure System -> Synopsys Detect -> Black Duck credentials)

Changed features

When using Detect script (sh/ps1), no longer cache the script. Plugin will download the script on each execution.

Version 3.1.0

New features

...