Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.5

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.5 (2025-09-20)

• fix: Update to support OSS Index Authentication Requirements (#7920)
  • Note: OSS Index will require authentication starting 9/22/2025. Users must configure a free account to continue using the OSS Index Analyzer. See https://ossindex.sonatype.org/doc/auth-required.
• fix: add CVSSv4 to suppressed entries in JSON report (#7900)
• fix: correctly utilize CVSSv4 from ossindex (#7899)
• fix: npe when processing cve with empty configuration (#7888)
• fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod (#7848)
• fix: Return unsorted vulnerabilities in new HashSet, avoiding CoMod
• fix: class loading problem with fat jars (#7786) (#7787)
• fix: Improve Artifactory handler log message (#7838)
• fix: classloading problem with fat jars (#7786)
• fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. (#7784)
• fix(fp): resolves several false positives related to CVE-2021-41033 (#7736)
• docs: Clarify format of exclude patterns (#7879)
• docs: Document poetry-based analysis behaviour in Python analyzer (#7855)
• docs: request FP reporters use the latest version of ODC. (#7820)
• docs: update development pre-reqs (#7792)
• docs: fix minor typos in false positive issue template (#7763)

See the full listing of changes

• 71e0fd8 build: prepare release v12.1.5
• d5198d5 chore: bump project to 12.1.5
• ed80987 chore: revert failed release (#7932)
• 045e428 chore: revert failed release
• af34748 build: release 12.1.4 (#7931)
• 3220b96 build: prepare for next development iteration
• dcfcc10 build: prepare release v12.1.4
• 1d15a2d docs: update changelog for release 12.1.4
• baf281b build(deps): bump actions/setup-dotnet from 4.3.1 to 5.0.0 (#7908)
• 8ddda01 build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 (#7910)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)