v3.8.11

• Prevent infinite recursion from Pom file property interpolation (#1268)

v3.8.10

• Reports: Can now export reports formatted as CycloneDX (json/xml), CSV, HTML, and JSON SPDX. (#1266)
• Containers: RPM packages installed in containers that use the NDB format for their RPM database are now parsed much faster. (#1262)

v3.8.9

• CLI Binaries: Notarize Mac OS binaries. (#1261)

v3.8.8

• CLI Binaries: Sign Mac OS builds using codesign. (#1251)
• CLI Binaries: Sign Linux builds using cosign. (#1243)

v3.8.6

• VSI: Fix a bug where root dependencies would cause analysis to fail. (#1240)
• Node (PNPM): Fixes a bug where analyses would fail when the lockfileVersion attribute was a string in pnpm-lock.yaml. (1239)
• License Scanning: Add a new "IBM type1 interpreter" license (no PR).

v3.8.5

• Go: --experimental-use-v3-go-resolver is now the default. (Documentation). (1224)

v3.8.4

• VSI: Report VSI rules and display them in FOSSA's UI. (#1237, #1235)

v3.8.3

• Logging: Don't output the [INFO] prefix for regular CLI messages. (#1226)
• License Scanning: Fix a bug where we were identifying the "GPL with autoconf macro exception" license as "GPL with autoconf exception" in a few cases (#1225)
• Container Scanning: More resiliant os-release parser, accounting initial line comments in the file (#1230)
• Analysis: full paths to the files in archives are shown when running fossa analyze --unpack-archives (#1231)
• Telemetry: Collect GNU/Linux distribution information and uname output. (#1222)

v3.8.2

• Poetry: Defaults category to main if not present in lockfile. (#1211)
• Maven: Revert (#1218) from v3.8.1 due to performance impacts.

v3.8.1

Maven PR #1218 was reverted due to performance concerns. Please use v3.8.2.

• Setup.py: Fixes an defect with setup.py parser, caused by failing to account for line comments or backslash. (#1191)
• Installation: install-latest.sh now directs curl and wget to pass Cache-Control: no-cache headers to the server. (#1206)
• Go.mod: Anaysis does not fail if go.mod includes retract block. (#1213)
• .aar: Supports .aar archive files with native license scanning, and with --unpack-archives option. (#1217)
• remote-dependencies: Analysis of fossa-deps fails, if remote-dependencies's character length is greater than maximum. It only applies during non-output mode. (#1216)
• Maven: Analyze a package separately from its parents if the module does not appear in its parent's <modules> tag when both the module and its parents are discovered as candidate targets. (#1218)
• Network requests: fossa-cli retries network requests which return response with status code of 502. (#1220)
• PDM: Adds support for PDM package manager. (#1214)