Software Composition Vulnerabilities

content/en/docs/control-center/security/software-composition/components.md

@@ -86,11 +86,10 @@ The finding list contains the following information:
 
     * Deprecated components: The current date - The date when the component was deprecated    
     * Outdated components: The current date - The publish date of the first higher runtime compatible version
-   <!-- * Vulnerable components: The number of days since the date when the CVSS score was computed -->
+    * Vulnerable components: The number of days since the date when the CVSS score was computed 
 
 * Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
 
-<!--
 #### Finding and Component Details
 
 If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes these sections:
@@ -112,7 +111,6 @@ If a finding is marked as **Vulnerable**, its corresponding component has a **Vi
     * **Apps using component** – The number of apps where the vulnerable component is used. Click **View Component Usage** to see a list of affected apps.
 
 * **Mendix Guidance** – AI-generated guidance which describes the vulnerability, outlines the reasons why it is important to fix it, and recommends solutions.
--->
 
 ### Component Usage {#component-component-usage}
 

content/en/docs/control-center/security/software-composition/overview.md

@@ -105,7 +105,6 @@ The finding list contains the following information:
 * **Deprecated since version publish date** — The release date of the version when the component became deprecated.
 * Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
 
-<!--
 #### Finding and Component Details
 
 If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
@@ -125,7 +124,6 @@ If a finding is marked as **Vulnerable**, its corresponding component has a **Vi
     * **Type** – The type of the component affected by this finding.
     * **Publisher** – The entity that published the component affected by this finding.
     * **Apps using component** – The number of apps where the vulnerable component is used. Click **View Component Usage** to see a list of affected apps.
--->
 
 ### Component Usage {#overview-component-usage}
 

content/en/docs/control-center/security/software-composition/scoring-criteria.md

@@ -14,22 +14,19 @@ Scoring criteria reflect your company's risk preference.
 
 The settings on this tab determine how each such vulnerability is calculated for apps, environments, and components.
 
-<!-- {{< figure src="/attachments/control-center/security/software-composition/scoring_criteria_complete.png" >}} -->
-{{< figure src="/attachments/control-center/security/software-composition/scoring_criteria.png" >}}
+{{< figure src="/attachments/control-center/security/software-composition/scoring_criteria_complete.png" >}}
 
 The default values are strict, but you can adjust them to reflect the practice of your company.
 
 ## Finding Types {#finding-types}
 
 The types of findings that you can adjust for are **Outdated** and **Deprecated**.
 
-<!--
 ### Vulnerable
 
 A finding is generated when a component is published on the [Security Advisories](/releasenotes/security-advisories/) page, and is assigned a specific CVSS score. CVSS scores are based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework, and cannot be orverriden.
 
 You can choose the combination of CVSS range and severity for which you want a component to be marked as vulnerable.
--->
 
 ### Outdated
 

content/en/docs/deployment/general/software-composition.md

@@ -127,7 +127,6 @@ The page is divided into two tabs: **Findings** and **Component Usage**. For det
 * [Findings](/control-center/overview-tab/#overview-findings)
 * [Component Usage](/control-center/overview-tab/#overview-component-usage)
 
-<!--
 #### Finding and Component Details
 
 If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
@@ -148,7 +147,6 @@ If a finding is marked as **Vulnerable**, its corresponding component has a **Vi
     * **Publisher** – The entity that published the component affected by this finding.
 
 * **Mendix Guidance** – AI-generated guidance which describes the vulnerability, outlines the reasons why it is important to fix it, and recommends solutions.
--->
 
 ## Components {#all-components}
 
@@ -237,7 +235,6 @@ The finding list contains the following information:
 
 * Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
 
-<!--
 ##### Finding and Component Details
 
 If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes these sections:
@@ -257,7 +254,6 @@ If a finding is marked as **Vulnerable**, its corresponding component has a **Vi
     * **Type** – The type of the component affected by this finding.
 
 * **Mendix Guidance** – AI-generated guidance which describes the vulnerability, outlines the reasons why it is important to fix it, and recommends solutions.
--->
 
 #### Component Usage {#component-component-usage}
 

content/en/docs/releasenotes/control-center/2026.md

@@ -9,6 +9,12 @@ numberless_headings: true
 
 ## June 2026
 
+### June 25, 2026
+
+#### New Features
+
+* Software Composition is now enhanced with the ability to view details on components marked as **Vulnerable**. This is available on the **Overview** and the **Components** tabs of [Software Composition](/control-center/software-composition/), and provides valuable information about the severity and CVSS score of the finding.
+
 ### June 17, 2026
 
 #### Fixes

content/en/docs/releasenotes/deployment/mendix-cloud/_index.md

@@ -16,6 +16,12 @@ For information on the current status of deployment to Mendix Cloud and any plan
 
 ## June 2026
 
+### June 25, 2026
+
+#### New Features
+
+* [Software Composition](/developerportal/deploy/software-composition/) is now enhanced with the ability to view details on components marked as **Vulnerable**. This provides valuable information about the severity and CVSS score of the finding.
+
 ### June 17, 2026
 
 #### Fixes