Mend Container Release Notes

• Mend.io might modify this page retroactively from time to time.

• To stay informed about hotfixes, modifications, and additions to Mend.io's products, check this page from time to time in between official releases.

• Mend CLI release notes are listed under the “Mend Developer Integrations Release Notes” page.

• Access all release notes for Mend.io’s products.

Version 25.1.2 (09-February-2025)

Resolved Issues

• The Hide base layer filter was adjusted to filter the automated layers detected as a base, when the base image algorithm is not applied.

• Resolved an issue where the API incorrectly retrieved a library's lower version in layer 3, despite a higher version being present in layer 4. Now, the higher version is prioritized, and the lower one is ignored.

Version 25.1.1 (26-January-2025)

New Features and Updates

• Introducing Global CVE and package search for Container Findings on the Mend Platform, enabling you to search for vulnerabilities and packages across your organization for enhanced visibility and faster blast-radius analysis for high-profile security vulnerabilities, by providing risk context and detailed insights into container findings.

• Supporting scan tags for Container image scans by seamlessly adding tags to your container image scans for improved scan management and traceability.

Resolved Issues

• Fixed an issue where the Mend CLI would erroneously identify a mismatch between the Installed version and the Fixed Version of a package, when the latter was preceded by a 0: epoch, leading to false-positives.

Version 24.12.1 (06-January-2025)

Resolved Issues

• Fixed Golang version parsing for devel versions.

• Improved detection of RedHat and CentOS vulnerabilities.

Version 24.11.2 (15-December-2024)

New Features and Updates

• Enhancing your visibility into container images by identifying base images in image scans, to enable effective focus on what can be fixed. This feature is complemented by the ability to filter issues coming from base images.

Version 24.11.1 (01-December-2024)

New Features and Updates

• Reassigning a project which includes container scans to another application in the platform will now move all of the project’s container-related findings and package data to the new application.

Version 24.10.3 (17-November-2024)

New Features and Updates

• Added support for Access Token authentication in the Jfrog Artifactory (Cloud) registry integration.

• Added support for the following distributions:
  openSUSE Tumbleweed, SLE Micro 5.0-5.4 and Azure Linux 3.0

(10-November-2024) - Hotfix

Resolved Issues

• Fixed an issue where license changes did not persist across subsequent container image scans.

Version 24.10.1 (20-October-2024)

New Features and Updates

• Added support for the SPDX 2.3 and CycloneDX 1.5 SBOM standards in the Container Image SBOM report.

• Added support for PAT token authentication in the Docker Hub registry integration.

Resolved Issues

• (Legacy SCA) Fixed an issue which led to incorrect Get Image Vulnerabilities API results being returned for page 0.

Version 24.9.1 (22-September-2024)

New Features and Updates

• Changed the EPSS filter for Containers to be an open range.

Resolved Issues

• Fixed some RPM license detection gaps in Container Images.

Version 24.8.2 (09-September-2024)

Resolved Issues

• Updated backward compatibility fixes for the json output of container image scans that were introduced in 24.7.1.

Version 24.8.1-4 (02-September-2024)

New Features and Updates

• Added copyright text data to the Container Image SBOM report.

Version 24.8.1-1 (27-August-2024)

New Features and Updates

• Added support for detecting vulnerabilities in the Golang “stdlib” package.

Resolved Issues

• Enhanced NuGet detection capabilities by adding support for analyzing packages defined in 'deps.json'. This update addresses false negative (FN) issues and improves detection accuracy, now correctly identifying the 'Newtonsoft.Json' package.

Version 24.8.1 (25-August-2024)

New Features and Updates

• Jira ticket details for Container findings are now available in the Mend Platform UI.

• Fixed the json output of container image scans (backward compatibility) to changes that were introduced in 24.7.2.

Version 24.7.2 (11-August-2024)

New Features and Updates

• Added the ability to suppress container image scan findings from the Mend Platform UI.

• Added C# support for static container reachability, allowing you to find unused packages in .NET-based images and reduce security noise.

• Introducing a major improvement for the container image scanner, including detection improvements for the following languages: Go, Java, C#, Rust, and Python, as well as license support in the SPDX format.

• Added SPDX 2.3 and CycloneDX 1.5 to the list of available SBOM standards in the Container Image SBOM export via the Mend CLI.

• Introducing .NET (C#) support for container image scans with vulnerability detection for .dll files.

• (Closed Beta) Introducing Infrastructure-as-Code (IaC) scanning, available in the Mend CLI, that focuses on configuration file analysis to detect misconfigurations and provides resolution information to help resolve them.

Version 24.7.1 (28-July-2024)

New Features and Updates

• Added support for configurable schedule settings for Registry Integration and static scheduling for the Sysdig Integration, to allow automated image scan flow with the various Mend.io integrations.

Resolved Issues

• Modification to the json and sarif outputs of the Container scans: The layer number and CVSS vendor type were added to the json output. Licenses were removed from the sarif output (a security-only format).

Version 24.6.1 (01-July-2024)

New Features and Updates

• Adding security support for Azure Linux (Mariner) distribution.

Version 24.5.3 (16-June-2024)

New Features and Updates

• Introducing SBOM export for Container Image scans in SPDX and CycloneDX formats. Available in the Mend CLI as well as the Mend Platform UI.

  • Supported for scans executed using Mend CLI version 24.5.3 (released June 2024) and above.

• Mend CLI: Updated the Containers layer detection view to show the latest fixed packages from top layers.

Version 24.5.1 (22-May-2024)

New Features and Updates

• Introducing Java dependencies detection improvement with transitive JAR detection.

Version 24.3.2 (05-May-2024)

New Features and Updates

• Announcing Python support for our Static Container Reachability Analysis. Now you can enjoy reducing the risk in Python-based cloud-native applications early in the SDLC, with thorough evidence for reachable paths.

14-March-2024

New Features and Updates

• Introducing Mend.io’s unique static Container Reachability, empowering teams to know which vulnerabilities and packages are reachable before runtime, revolutionizing the way vulnerabilities are prioritized and analyzed in containerized environments, and reducing the security noise by 60% on average. Available out of the box in our CLI scanner for Container Images. Contact your Account Executive or Customer Success Manager for additional information about Mend Container and how to enable it for you.