build: Release 10.0.2 (#6811)

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## [Version 10.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.2) (2024-07-06)
+
+**Mandatory Upgrade** - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients.
+
+- build(deps): bump open-vulnerability-clients (#6810)
+- fix(db): #6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (#6807)
+- docs: Further improve formatting and docs of H2 database caching strats (#6804)
+- fix: update_vulnerability in dbStatements_oracle.properties (#6803)
+- fix: fix NPE  (#6778)
+- fix: add hint to resolve false negative (#6802)
+- chore: update configure (#6794)
+
+See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/86?closed=1). 
+
 ## [Version 10.0.1](https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.1) (2024-07-02)
 
 - build(deps): bump open-vulnerability-client (#6772)

README.md

@@ -12,15 +12,18 @@ Documentation and links to production binary releases can be found on the [githu
 
 This product uses the NVD API but is not endorsed or certified by the NVD.
 
-## 9.0.0 Upgrade Notice
+## Mandatory Upgrade Notive
 
-**Upgrading to 9.0.0 or later is mandatory**; previous versions of dependency-check
-utilize the NVD data feeds which will be deprecated on Dec 15th, 2023. Versions
-earlier then 9.0.0 are no longer supported and could fail to work after Dec 15th, 2023.
+**Upgrading to 10.0.2 or later is mandatory**
+
+Older versions of dependency-check are causing numerous, duplicative requests that
+end in processing failures are causing unnecassary load on the NVD API. Dependency-check
+10.0.2 uses an updated `User-Agent` header that will allow the NVD to block calls
+from the older client.
 
 ### NVD API Key Highly Recommended
 
-With 9.0.0 dependency-check has moved from using the NVD data-feed to the NVD API.
+Dependency-check has moved from using the NVD data-feed to the NVD API.
 Users of dependency-check are **highly** encouraged to obtain an NVD API Key; see https://nvd.nist.gov/developers/request-an-api-key
 Without an NVD API Key dependency-check's updates will be **extremely slow**.
 Please see the documentation for the cli, maven, gradle, or ant integrations on

SECURITY.md

@@ -2,10 +2,10 @@
 
 ## Supported Versions
 
-| Version  | Supported          |
-| ---------|--------------------|
-| 10.0.0+   | :white_check_mark: |
-| <= 9.2.0 | :x:                |
+| Version   | Supported          |
+| ----------|--------------------|
+| 10.0.2+   | :white_check_mark: |
+| <= 10.0.1 | :x:                |
 
 ## Reporting a Vulnerability
 

ant/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>

archetype/pom.xml

@@ -20,14 +20,14 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
     <packaging>jar</packaging>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-02T11:57:33Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:57Z</project.build.outputTimestamp>
     </properties>
     <scm>
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>

cli/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>

core/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>

maven/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>

pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>10.0.2-SNAPSHOT</version>
+    <version>10.0.3-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -112,7 +112,7 @@ Copyright (c) 2012 - Jeremy Long
     </licenses>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-02T11:57:33Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:57Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <github.global.server>github</github.global.server>

utils/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.3-SNAPSHOT</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>