Skip to main content
Skip table of contents

Mend Unified Agent Release Notes

  • Mend.io reserves the right to modify this page retroactively.

  • To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases.

  • Click here to view known issues.

  • Access all release notes for Mend.io’s products.

Earlier versions are available in the archive.  

Version 24.10.2 (04-November-2024)

New Features and Updates

  • Documentation update: The supported languages and package managers are now arranged in an easy-to-consume structure in the support matrix document.

Resolved Issues

  • Improved retrieval of package data from the snapshots section in pnpm lock files, accommodating edge cases for increased accuracy.

  • Fixed a scenario in which the Pipfile.lock file would be overridden during the resolution of pipenv projects, leading to inaccurate results.

Version 24.10.1.1 (22-October-2024)

Resolved Issues

  • Hotfix: Fixed an issue where some Docker images failed to be scanned by the Unified Agent under certain conditions, manifested as null pointer exceptions in the log.

Version 24.10.1 (21-October-2024)

Resolved Issues

  • Fixed a StackOverFlow error leading to scan failure, that occurred during the detection of circular dependencies in lockfile-based npm resolution.

Version 24.9.2.1 (16-October-2024)

Resolved Issues

  • Hotfix: Fixed a null pointer exception in version 24.9.2 which led to failing Maven scans, in some scenarios.

Version 24.9.2 (14-October-2024)

New Features and Updates

Resolved Issues

  • In cases where the retrieval of scan results fails due to simultaneous requests, instead of timing out the Unified Agent will now fail immediately.

  • The detection of erroring Maven modules has been improved, potentially leading to fewer dependencies being displayed when maven.allowPartialTree=false, since more modules may now be flagged as ‘partial’.

  • The Unified Agent now correctly identifies independent Maven projects located under a root folder. In case of an additional independent project, the number of dependencies reported at the end of the scan may increase, as well as the overall scan time.

  • When setting npm.includeDevDependencies=false, dev dependencies will now be correctly ignored with pnpm lock file version 9.0.

Version 24.9.1.1 (24-September-2024)

Resolved Issues

  • Hotfix: Fixed an issue introduced in version 24.9.1, where using the -v parameter would result in an exception.

Version 24.9.1 (23-September-2024)

Resolved Issues

  • Fixed an issue where, under certain conditions, the Unified Agent would fail a pip scan and report a NoSuchMethodError exception.

Version 24.8.1 (27-August-2024)

New Features and Updates

  • Added support for GO workspaces.

Resolved Issues

  • Fixed an issue in Gradle resolution where if a settings.gradle file was found in a sub-project but not in the root project, only the root directory was scanned.

Version 24.7.2 (12-August-2024)

New Features and Updates

  • Added support for lockfile v9 in the pnpm resolver.

Resolved Issues

  • Fixed an issue in pip resolution where empty requirements.txt files would cause the Unified Agent to fail, under certain conditions.

Version 24.6.2 (15-July-2024)

Resolved Issues

  • Fixed an issue which led to a failure to resolve transitive dependencies in Python projects when ‘python’ was not configured as a PATH environment variable in the operating system.

  • Fixed an issue where the the hierarchy tree of the dependencies in the setup.py file of a Python project wasn’t resolved, when python.resolveHierarchyTree was set to true.

  • Fixed an issue of failing to identify yarn/pnpm subprojects (workspaces), leading to partial scans of some yarn/pnpm projects.

Version 24.6.1 (01-July-2024)

New Features and Updates

Resolved Issues

  • Fixed a null pointer exception which led to the failure of the xModuleAnalyzer (Prioritize).

Version 24.5.3 (16-June-2024)

New Features and Updates

Version 24.5.2 (02-June-2024)

Resolved Issues

  • Fixed an issue where npm private dependencies with no version would fail the project update.

Version 24.5.1 (19-May-2024)

Resolved Issues

  • Fixed null pointer exception in Prioritize scans when maven.projectNameFromDependencyFile=true.

  • In some cases, Swift artifacts' SHA-1 values were not calculated properly, leading to a failure to upload the scan results to the application.

Version 24.4.1 (21-April-2024)

New Features and Updates

  • SPM Swift resolution support has been added.

Resolved Issues

  • Fixed an issue where some pipenv transitive dependencies would show up as direct dependencies.

Version 24.3.1 (24-March-2024)

Resolved Issues

  • When the pom file definition: <outputType>dot</outputType> was used, some modules were ignored, and the scan was considered a successful scan. The scan will now attempt to use a fallback and provide a failure if the fallback was unsuccessful.

Version 24.2.2 (10-March-2024)

Resolved Issues

  • Fixed an issue where an image scan would fail after upgrading the Docker Engine to version 25.0.1

  • Fixed an issue where invalid pyproject.toml files would be treated as valid poetry bom files, leading to failures and incomplete scans

Version 24.2.1 (25-February-2024)

  • When the "package-lock=false" configuration is set in an .npmrc file, npm resolution will ignore the existing lock file and switch to node_modules-based resolution.

Version 24.1.1 (28-January-2024)

New Features and Updates

  • Added support for npm-shrinkwrap.json as a part of npm resolution.

Version 23.12.1 (31-December-2023)

Resolved Issues

  • Fixed a bug where scan results were compromised when Maven "-fae" flag was in use.

  • Fixed an edge case in which the generateScanReport output turned up empty without a corresponding error message.

Version 23.11.3 (18-December-2023)

New Features and Updates

Resolved Issues

  • Fixed a bug when scanning Poetry (python) code - pre-step failed when interhooks and build-system were missing. 

Version 23.11.2 (03-December-2023, 04-December-2023)

New Features and Updates

  • In our ongoing efforts to increase result quality, we have introduced an update that will deliver more GO library results and relevant CVE data.

  • Maven dependency plugin version 3.6.0 is used by default.

Resolved Issues

  • Added systemPath to Go modules dependencies.

Version 23.11.1 (20-November-2023)

Resolved Issues

  • npm lock v2 resolution is now based on new v3-style package objects.

  • Added quotes to the tarball field in pnpm-lock.yaml, as pnpm yaml parser may fail when an unquoted string contains special characters.

Version 23.10.2 (06-November-2023)

New Features and Updates

Version 23.10.1 (22-October-2023)

New Features and Updates

  • Support for npm non-versioned packages of non-registry origin (lock file v2 and v3) is available.

Version 23.9.1 (03-October-2023)

New Features and Updates

  • Target/directory is now part of the exclusion list of fileSystemScan for java projects.

Version 23.7.2.2 (21-Aug-2023)

New Features and Updates

Version 23.7.1 (30-July-2023)

New Features and Updates

Resolved Issues

  • Fixed an issue regarding the Unified Agent Maven resolution not identifying transitive dependencies under scope-excludes dependencies.

Version 23.6.2.8 (26-Jul-2023)

Resolved Issues

Hotfix: The Unified Agent's signature file size was reduced to align with the maxSignatureFileSize parameter included in the latest Java releases.
Moving forward, you can either upgrade specifically to the included Unified Agent version 23.6.2.1 introduced in this Mend Server release, or the latest Unified Agent version thereafter to apply the update. You can also verify the integrity of the Unified Agent JAR file.
The related Java versions and their release note item regarding the maxSignatureFileSize parameter are listed below:

Version 23.6.2 (16-July-2023)

Resolved Issues

  • Prioritize Python scan failed due to the wrong configuration setting of python.resolveHierarchyTree.

Version 23.6.1 (03-July-2023)

Resolved Issues

  • Fixed an issue where the Unified Agent did not resolve yarn dependencies when the package-lock.json appeared in a parent folder

  • Fixed an issue in which the Unified Agent incorrectly resolved files with pom.xml suffix

  • The resolution of Bazel Maven projects was not successful in several cases.

Version 23.5.2.1 (07-June-2023)

Resolved Issues

  • The Unified Agent now supports the resolution of pnpm lock file version 6.

Version 23.5.2 (04-June-2023)

Resolved Issues

  • In certain instances when a Maven scan has a parent pom that was calling an unreachable repo, the command reached timeout and failed but no error msg appeared in the Unified Agent log.

  • The support token printed in the Unified Agent was different from the support token appearing in the Mend application.

Earlier versions of the Release Notes are available in Mend SCA Cloud RN Archive.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.