A Synopsys scanner update, to release 2021.12.0.
With the 2021.12.0 release, Synopsys scanner can now self-scan all MSR components and run other test cases without any regressions.
Fixed an issue wherein, on logout from the MSR web UI, users sometimes received the warning:
Sorry, we don't recognize this path(FIELD-4339).
Fixed an issue with the MSR web UI wherein a user could not be added to an organization that has “team” in its name (FIELD-4436).
Fixed an issue in the MSR web UI wherein if a user who wants to change their password entered an incorrect password into the Current password field and clicked Save, the screen would go blank (ENGDTR-2785).
Vulnerability scan miscalculation in MSR web UI
The summary counts that MSR displays for Critical, High, Medium, and Low in both the Vulnerabilities column and in the View Details view are unreliable and may be incorrect when displaying non-zero values. The Components tab displays correct values for each component.
Navigate to the Components tab, review the individual non-green components, and separately calculate the total of the numbers that present as Critical, High, Medium, and Low.
Resolved the following golang runtime vulnerabilities: CVE-2021-38297 CVE-2021-44716 CVE-2021-41772 CVE-2021-41771 CVE-2021-39293 CVE-2021-33198 CVE-2021-33196 CVE-2021-33195 CVE-2021-34558 CVE-2021-33197
Vulnerability scans may reveal the following CVEs, though there is no impact on MSR:
CVE-2019-14809, CVE-2019-11888, CVE-2017-15041, CVE-2018-7187, CVE-2019-6486, CVE-2018-16874, CVE-2018-16873, CVE-2019-9634, CVE-2018-6574, CVE-2021-33194, CVE-2021-27918, CVE-2021-3115, CVE-2020-28367, CVE-2020-28366, CVE-2020-28362, CVE-2020-16845, CVE-2019-16276, CVE-2018-16875, CVE-2021-36976, CVE-2021-31525, CVE-2020-15586, CVE-2017-15042, CVE-2017-8932, CVE-2021-3572, CVE-2020-29510, CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21299, CVE-2022-21296, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21282, CVE-2022-21271, CVE-2020-14039, CVE-2021-43784, CVE-2022-21248.