Skip to main content
Skip table of contents

Mend Unified Agent Release Notes

  • Mend.io reserves the right to modify this page retroactively.

  • To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases or use our RSS Feed: image-20250820-105520.png

  • Click here to view known issues.

  • Access all release notes for Mend.io’s products.

Version 25.12.2.5 (12-January-2026)

  • No notable updates.

Version 25.11.2 (15-December-2025)

Resolved Issues

  • Fixed an issue where invalid system paths in certain PNPM and Yarn projects caused Reachability analysis to fail.

  • Fixed an issue where Go projects with build errors caused all dependencies to appear as direct in the UI, resulting in the loss of transitive dependency hierarchy and breaking vulnerability path analysis. Dependency relationships are now accurately reported even when fallback mechanisms are triggered.

  • Fixed an issue where Erlang dependencies could not be resolved during project scans, resulting in incomplete dependency trees.

  • Fixed an issue where Elixir dependencies could not be resolved during project scans, under certain conditions.

Version 25.11.1 (01-December-2025)

New Features and Updates

  • The yarn package manager v4.x is now officially supported.

Version 25.10.3.2 (25-November-2025)

Resolved Issues

  • Fixed an issue where the Unified Agent did not correctly apply the ignore-scripts configuration for npm and yarn scans (npm.ignoreScripts). This fix ensures script execution is now properly managed during dependency installation.

Version 25.10.3.1 (19-November-2025)

Resolved Issues

  • Fixed an issue where, under certain conditions, using gradle.includedConfigurations would lead to validation errors, resulting in failed scans.

Version 25.10.1 (20-October-2025)

New Features and Updates

  • The following languages and package managers are now officially supported:

    • Node.js 24.x (language)

    • npm 11.x (package manager)

    • Gradle 9.x (package manager)

Version 25.8.2 (08-September-2025)

  • No notable updates.

Version 25.7.2 (11-August-2025)

Resolved Issues

  • Improved the user experience by updating the screening process so only files that are used for dependency resolution will be logged, preventing misleading messages.

  • Fixed an issue where system memory was unnecessarily seized by the Gradle daemon after executing a Gradle script. Memory handling has been improved for increased efficiency.

Version 25.7.1 (28-July-2025)

  • No notable updates.

Version 25.6.2 (14-July-2025)

  • No notable updates.

Version 25.5.2 (23-June-2025)

Resolved Issues

  • Fixed an issue where the dependency deduplication process would cause an exception, potentially leading to a scan failure.

  • Fixed an issue in the dependency deduplication process where transitive dependencies would be linked to a different parent across different scans. This fix improves scan result consistency.

Version 25.5.1 (12-June-2025)

Resolved Issues

  • Fixed an issue on Linux operating systems where, under certain conditions, some folders were being included in the scan despite being configured in the exclusion list using the excludes functionality, leading to potentially undesired scan results.

Version 25.4.3 (19-May-2025)

  • No notable updates.

Version 25.4.2 (05-May-2025)

Resolved Issues

  • Fixed scenarios where a null message parameter within exceptions in the resolution phase led to an additional, unhandled exception, which failed the scan entirely.

Version 25.3.1.1 (02-April-2025)

Resolved Issues

  • Hotfix: Fixed an issue where the execution of the pip download command resulted in [WARN] 'Read error' messages in the logs due to environment configuration, causing a reachability failure.

Version 25.3.1 (24-March-2025)

New Features and Updates

  • Poetry version 2 is now supported.

  • Improved npm resolution accuracy by supporting package aliasing with npm packages.

Resolved Issues

  • Fixed an issue where the Unified Agent reported a false-positive error as part of a version check (java -jar wss-unified-agent.jar -v).

  • Fixed an issue in Python resolution where a false warning about a dependency of pipdeptree caused the scan to fail.

Version 25.1.2 (10-February-2025)

New Features and Updates

  • A sourceUrl tag containing information about the URL of the SCM has been added to scanned projects in the Mend AppSec Platform and Legacy SCA Application.

Resolved Issues

  • Fixed an issue where incorrect parsing of gem (Ruby) library versions containing platform-specific suffixes, e.g., nokogiri (1.17.2-x86_64-linux), led to those libraries not being identified.

Version 25.1.1 (27-January-2025)

Resolved Issues

  • Fixed an issue where the existence of “setup.py” in certain filenames caused the Unified Agent to mistakenly identify such files as manifest files, leading to false dependencies being reported in the scan results of scanned Python projects.

  • Fixed an issue where Docker image scans on MacOS would fail due to a corrupted TAR archive error.

  • Fixed an issue in some Maven scans where the Unified Agent would mistakenly identify modules as independent projects, leading to scan errors and, under certain conditions, scan failure.

Version 24.11.1 (02-December-2024)

Resolved Issues

  • Golang resolution has been improved to handle each project independently. A failure in one project's resolution no longer impacts the resolution of other projects in the scan.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close