From bcbbe1ccba51d5fd5ee74e86c59846d7ac69d3b7 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 6 Jul 2024 07:37:21 -0400
Subject: [PATCH 1/5] docs: release 10.0.2

---
 CHANGELOG.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 373606cea68..79105e0312e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Change Log
 
+## [Version 10.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.2) (2024-07-06)
+
+- build(deps): bump open-vulnerability-clients (#6810)
+- fix(db): #6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (#6807)
+- docs: Further improve formatting and docs of H2 database caching strats (#6804)
+- fix: update_vulnerability in dbStatements_oracle.properties (#6803)
+- fix: fix NPE  (#6778)
+- fix: add hint to resolve false negative (#6802)
+- chore: update configure (#6794)
+
+See the full listing of [changes](https://github.com/jeremylong/DependencyCheck/milestone/86?closed=1). 
+
 ## [Version 10.0.1](https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.1) (2024-07-02)
 
 - build(deps): bump open-vulnerability-client (#6772)

From f22ebf118f78a5852da7750443dd5995b669b350 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 6 Jul 2024 07:43:49 -0400
Subject: [PATCH 2/5] docs: mandatory upgrade notice

---
 README.md   | 13 ++++++++-----
 SECURITY.md |  8 ++++----
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index fc5c3ffcd5d..6128dfd4fa2 100644
--- a/README.md
+++ b/README.md
@@ -12,15 +12,18 @@ Documentation and links to production binary releases can be found on the [githu
 
 This product uses the NVD API but is not endorsed or certified by the NVD.
 
-## 9.0.0 Upgrade Notice
+## Mandatory Upgrade Notive
 
-**Upgrading to 9.0.0 or later is mandatory**; previous versions of dependency-check
-utilize the NVD data feeds which will be deprecated on Dec 15th, 2023. Versions
-earlier then 9.0.0 are no longer supported and could fail to work after Dec 15th, 2023.
+**Upgrading to 10.0.2 or later is mandatory**
+
+Older versions of dependency-check are causing numerous, duplicative requests that
+end in processing failures are causing unnecassary load on the NVD API. Dependency-check
+10.0.2 uses an updated `User-Agent` header that will allow the NVD to block calls
+from the older client.
 
 ### NVD API Key Highly Recommended
 
-With 9.0.0 dependency-check has moved from using the NVD data-feed to the NVD API.
+Dependency-check has moved from using the NVD data-feed to the NVD API.
 Users of dependency-check are **highly** encouraged to obtain an NVD API Key; see https://nvd.nist.gov/developers/request-an-api-key
 Without an NVD API Key dependency-check's updates will be **extremely slow**.
 Please see the documentation for the cli, maven, gradle, or ant integrations on
diff --git a/SECURITY.md b/SECURITY.md
index 465256816a0..b33158baf1c 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,10 +2,10 @@
 
 ## Supported Versions
 
-| Version  | Supported          |
-| ---------|--------------------|
-| 10.0.0+   | :white_check_mark: |
-| <= 9.2.0 | :x:                |
+| Version   | Supported          |
+| ----------|--------------------|
+| 10.0.2+   | :white_check_mark: |
+| <= 10.0.1 | :x:                |
 
 ## Reporting a Vulnerability
 

From b7b030c6a2c10161b299c9885ed03eaf0ad2ad71 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 6 Jul 2024 07:44:56 -0400
Subject: [PATCH 3/5] build: prepare release v10.0.2

---
 ant/pom.xml       | 4 ++--
 archetype/pom.xml | 6 +++---
 cli/pom.xml       | 4 ++--
 core/pom.xml      | 4 ++--
 maven/pom.xml     | 4 ++--
 pom.xml           | 6 +++---
 utils/pom.xml     | 4 ++--
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/ant/pom.xml b/ant/pom.xml
index bc2eeffebd4..8acf0ff9726 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/ant</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <build>
         <resources>
diff --git a/archetype/pom.xml b/archetype/pom.xml
index d04ae2275ac..01cf6207c5e 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
     <packaging>jar</packaging>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-02T11:57:33Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:09Z</project.build.outputTimestamp>
     </properties>
     <scm>
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/archetype</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-      <tag>HEAD</tag>
+      <tag>v10.0.2</tag>
   </scm>
     <build>
         <plugins>
diff --git a/cli/pom.xml b/cli/pom.xml
index e7e85266403..abdcd8e319f 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/cli</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <build>
         <finalName>dependency-check-${project.version}</finalName>
diff --git a/core/pom.xml b/core/pom.xml
index f279c46e8c8..33ce6bfae0b 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/core</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <build>
         <resources>
diff --git a/maven/pom.xml b/maven/pom.xml
index 5a8eca499b1..26fdef8dd86 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>
@@ -34,7 +34,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/master/maven</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <prerequisites>
         <maven>3.1.0</maven>
diff --git a/pom.xml b/pom.xml
index 613901eeb74..e23494059f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>10.0.2-SNAPSHOT</version>
+    <version>10.0.2</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck</url>
         <developerConnection>scm:git:https://github.com/jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <issueManagement>
         <system>github</system>
@@ -112,7 +112,7 @@ Copyright (c) 2012 - Jeremy Long
     </licenses>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-02T11:57:33Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:09Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <github.global.server>github</github.global.server>
diff --git a/utils/pom.xml b/utils/pom.xml
index 48de74f6bfa..e935239904d 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2-SNAPSHOT</version>
+        <version>10.0.2</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>
@@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/utils</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v6.4.1</tag>
+        <tag>v10.0.2</tag>
     </scm>
     <properties>
         <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>

From ed20fdbca122c17c2d1c773735e5fa5115fa871a Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 6 Jul 2024 07:44:57 -0400
Subject: [PATCH 4/5] build: prepare for next development iteration

---
 ant/pom.xml       | 4 ++--
 archetype/pom.xml | 6 +++---
 cli/pom.xml       | 4 ++--
 core/pom.xml      | 4 ++--
 maven/pom.xml     | 4 ++--
 pom.xml           | 6 +++---
 utils/pom.xml     | 4 ++--
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/ant/pom.xml b/ant/pom.xml
index 8acf0ff9726..2ec0ef604da 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/ant</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <build>
         <resources>
diff --git a/archetype/pom.xml b/archetype/pom.xml
index 01cf6207c5e..706e45f1be6 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,20 +20,20 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-plugin</artifactId>
     <name>Dependency-Check Plugin Archetype</name>
     <packaging>jar</packaging>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-06T11:44:09Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:57Z</project.build.outputTimestamp>
     </properties>
     <scm>
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/archetype</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-      <tag>v10.0.2</tag>
+      <tag>HEAD</tag>
   </scm>
     <build>
         <plugins>
diff --git a/cli/pom.xml b/cli/pom.xml
index abdcd8e319f..84068639e45 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/cli</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <build>
         <finalName>dependency-check-${project.version}</finalName>
diff --git a/core/pom.xml b/core/pom.xml
index 33ce6bfae0b..15727a1eb03 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>
@@ -32,7 +32,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/core</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <build>
         <resources>
diff --git a/maven/pom.xml b/maven/pom.xml
index 26fdef8dd86..6a4dc2f0d89 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
     </parent>
     <artifactId>dependency-check-maven</artifactId>
     <packaging>maven-plugin</packaging>
@@ -34,7 +34,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/master/maven</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <prerequisites>
         <maven>3.1.0</maven>
diff --git a/pom.xml b/pom.xml
index e23494059f7..0987f769b6d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>10.0.2</version>
+    <version>10.0.3-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <modules>
@@ -94,7 +94,7 @@ Copyright (c) 2012 - Jeremy Long
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck</url>
         <developerConnection>scm:git:https://github.com/jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <issueManagement>
         <system>github</system>
@@ -112,7 +112,7 @@ Copyright (c) 2012 - Jeremy Long
     </licenses>
     <properties>
         <!--reproducible build-->
-        <project.build.outputTimestamp>2024-07-06T11:44:09Z</project.build.outputTimestamp>
+        <project.build.outputTimestamp>2024-07-06T11:44:57Z</project.build.outputTimestamp>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <github.global.server>github</github.global.server>
diff --git a/utils/pom.xml b/utils/pom.xml
index e935239904d..2b59e20da1e 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>10.0.2</version>
+        <version>10.0.3-SNAPSHOT</version>
    </parent>
 
     <artifactId>dependency-check-utils</artifactId>
@@ -30,7 +30,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
         <connection>scm:git:https://github.com/jeremylong/DependencyCheck.git</connection>
         <url>https://github.com/jeremylong/DependencyCheck/tree/main/utils</url>
         <developerConnection>scm:git:git@github.com:jeremylong/DependencyCheck.git</developerConnection>
-        <tag>v10.0.2</tag>
+        <tag>v6.4.1</tag>
     </scm>
     <properties>
         <findbugs.onlyAnalyze>org.owasp.dependencycheck.utils.*</findbugs.onlyAnalyze>

From a25e6c7472a031ce2c386da08dd66f36daaa6209 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 6 Jul 2024 07:48:18 -0400
Subject: [PATCH 5/5] docs: Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79105e0312e..e33819613e4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## [Version 10.0.2](https://github.com/jeremylong/DependencyCheck/releases/tag/v10.0.2) (2024-07-06)
 
+**Mandatory Upgrade** - due to older versions of dependency-check causing numerous, spurious requests that end in processing failures, this upgrade is mandatory so that the NVD can differentiate valid requests and block the old clients.
+
 - build(deps): bump open-vulnerability-clients (#6810)
 - fix(db): #6788 removing redundant db index "idxVulnerability" on "vulnerability.cve" (#6807)
 - docs: Further improve formatting and docs of H2 database caching strats (#6804)