-
-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal server error on GET /api/v1/project
when portfolio ACL is enabled and excludeInactive
parameter is omitted or false
#2583
Labels
Milestone
Comments
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Mar 9, 2023
Fixes DependencyTrack#2583 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
added a commit
to nscuro/dependency-track
that referenced
this issue
Mar 9, 2023
Fixes DependencyTrack#2583 Signed-off-by: nscuro <nscuro@protonmail.com>
Any updates about an upcoming release containing this specific fix? Our pipelines fail because of this issue when using mvn plugin https://github.com/pmckeown/dependency-track-maven-plugin |
sahibamittal
added a commit
to sahibamittal/dependency-track
that referenced
this issue
Mar 24, 2023
commit 09d3492 Merge: 8a4b59a 946ff0f Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 23 10:56:28 2023 +0100 Merge pull request DependencyTrack#2617 from nscuro/issue-2494 Prevent dependency graph deletion during CycloneDX export commit 8a4b59a Merge: 7a6de03 0e82216 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:15:42 2023 +0100 Merge pull request DependencyTrack#2610 from Mvld3r/issue-2313-move-jira-configuration Fix: Move jira configuration commit 7a6de03 Merge: 2295e35 ef4f026 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:20 2023 +0100 Merge pull request DependencyTrack#2608 from DependencyTrack/dependabot/github_actions/actions/checkout-3.4.0 Bump actions/checkout from 3.3.0 to 3.4.0 commit 2295e35 Merge: 0f14594 9118e2d Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:08 2023 +0100 Merge pull request DependencyTrack#2607 from DependencyTrack/dependabot/maven/org.slf4j-log4j-over-slf4j-2.0.7 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 commit 0f14594 Merge: 7a789d5 615141c Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:12:46 2023 +0100 Merge pull request DependencyTrack#2606 from DependencyTrack/dependabot/maven/org.apache.maven-maven-artifact-3.9.1 Bump maven-artifact from 3.9.0 to 3.9.1 commit 7a789d5 Author: rbt-mm <113189967+rbt-mm@users.noreply.github.com> Date: Wed Mar 22 20:11:36 2023 +0100 Add `BOM_PROCESSING_FAILED` notification (DependencyTrack#2600) * Add BOM_PROCESSING_FAILED notification A new notification is sent if the notification rule includes the notification group BOM_PROCESSING_FAILED and if an error happens during the upload of a BOM. Signed-off-by: RBickert <rbt@mm-software.com> * Add project url and exception to new notification Signed-off-by: RBickert <rbt@mm-software.com> * Add BOM format and specVersion Detach `bomProcessingFailedProject` Rename `exception` to `cause` Signed-off-by: RBickert <rbt@mm-software.com> --------- Signed-off-by: RBickert <rbt@mm-software.com> commit 7fd47cd Merge: 5c7200c 2226f41 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:07:58 2023 +0100 Merge pull request DependencyTrack#2561 from nscuro/db-inspect-dev-docs Add developer docs for database inspection commit 2226f41 Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 19:38:47 2023 +0100 Update docs with h2 console instructions Signed-off-by: nscuro <nscuro@protonmail.com> commit 946ff0f Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 18:57:11 2023 +0100 Prevent dependency graph deletion during CycloneDX export Fixes DependencyTrack#2494 Fixes DependencyTrack#2546 Signed-off-by: nscuro <nscuro@protonmail.com> commit 0e82216 Author: Enora Germond <enora.germond@deveryware.com> Date: Thu Mar 16 14:06:30 2023 +0100 Fix: Move jira configuration Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit ef4f026 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 09:00:38 2023 +0000 Bump actions/checkout from 3.3.0 to 3.4.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 9118e2d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:39 2023 +0000 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 Bumps [log4j-over-slf4j](https://github.com/qos-ch/slf4j) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/commits) --- updated-dependencies: - dependency-name: org.slf4j:log4j-over-slf4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 615141c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:27 2023 +0000 Bump maven-artifact from 3.9.0 to 3.9.1 Bumps [maven-artifact](https://github.com/apache/maven) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.9.0...maven-3.9.1) --- updated-dependencies: - dependency-name: org.apache.maven:maven-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 5c7200c Merge: f7ad3b1 fabed3e Author: Niklas <nscuro@protonmail.com> Date: Sun Mar 19 22:03:17 2023 +0100 Merge pull request DependencyTrack#2592 from syalioune/feature/enabling-h2-web-console-usage Feature: Allow H2 web console usage for dev purposes commit fabed3e Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 19 16:16:16 2023 +0100 Feature: Allow H2 web console usage for dev purposes Taking into account review comments : conditional activation based on a maven profile Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit f7ad3b1 Merge: 56e41f0 54e30e0 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:35:49 2023 +0100 Merge pull request DependencyTrack#2593 from walterdeboer/feature/639 Support for CPAN repository commit 56e41f0 Merge: e94cf55 467c81d Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:31 2023 +0100 Merge pull request DependencyTrack#2597 from DependencyTrack/dependabot/github_actions/docker/setup-buildx-action-2.5.0 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 commit e94cf55 Merge: 3f5bbcd 0971956 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:08 2023 +0100 Merge pull request DependencyTrack#2598 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.9.2 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 commit 3f5bbcd Merge: 3a5989a 61c9369 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:33:53 2023 +0100 Merge pull request DependencyTrack#2603 from Mvld3r/issue-2488-component-author-length Fix: Allow component author to be larger than 255 characters commit 61c9369 Author: Enora Germond <enora.germond@deveryware.com> Date: Tue Mar 14 18:24:30 2023 +0100 Fix: Allow component author to be larger than 255 characters Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit 54e30e0 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Mon Mar 13 08:33:29 2023 +0100 Removed invallid cpan support from SnykAnalysisTask Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 0971956 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:59:02 2023 +0000 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.9.1...0.9.2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 467c81d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:58:57 2023 +0000 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit d324a67 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sun Mar 12 00:34:31 2023 +0100 Support for CPAN repository Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 3a5989a Merge: e47c1d2 3a71894 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:11:58 2023 +0100 Merge pull request DependencyTrack#2563 from syalioune/feature/2456-handle-analyzer-errors-gracefully Feature: Handle repository meta analyzers errors gracefully commit e47c1d2 Merge: 48adb8b ca74c26 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:47 2023 +0100 Merge pull request DependencyTrack#2584 from nscuro/issue-2583 Fix invalid query filter assembly commit 48adb8b Merge: c486415 d3cc980 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:24 2023 +0100 Merge pull request DependencyTrack#2585 from Citi/Issue-2571-map-snyk-remedies Issue-2571 : map Snyk remedies to recommendation Closes DependencyTrack#2571 commit c486415 Merge: 97121d4 16cf3d6 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:49 2023 +0100 Merge pull request DependencyTrack#2586 from Citi/feature/fixPolicyEngineIssue Minor bugfix for PolicyEngine commit 97121d4 Merge: 9a5645a 37fb7c3 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:00 2023 +0100 Merge pull request DependencyTrack#2594 from walterdeboer/issues/2587 Match null values commit 37fb7c3 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:24:41 2023 +0100 Match null tags Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 91fa7e5 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:10:08 2023 +0100 Match null values Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit d36df15 Author: syalioune <sy_alioune@yahoo.fr> Date: Fri Mar 10 22:05:42 2023 +0100 Feature: Allow H2 web console usage for dev purposes Toggle H2 web servlet exposure and alpine web filters related configuration for dev environment Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 16cf3d6 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 15:06:41 2023 +0000 addressing review comments Signed-off-by: mehab <meha.bhargava@citi.com> commit d3cc980 Author: sahibamittal <sahiba.mittal@citi.com> Date: Thu Mar 9 12:11:01 2023 +0000 map Snyk remedies to recommendation Signed-off-by: sahibamittal <sahiba.mittal@citi.com> commit 1adb397 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 11:28:54 2023 +0000 added bugfix for isPolicyAssignedToProjectTag to scan through all project tags Signed-off-by: mehab <meha.bhargava@citi.com> commit ca74c26 Author: nscuro <nscuro@protonmail.com> Date: Thu Mar 9 11:46:41 2023 +0100 Fix invalid query filter assembly Fixes DependencyTrack#2583 Signed-off-by: nscuro <nscuro@protonmail.com> commit 9a5645a Merge: 3d208f6 066ec81 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 17:27:13 2023 +0000 Merge pull request DependencyTrack#2564 from DependencyTrack/dependabot/docker/src/main/docker/debian-bullseye-20230227-slim Bump debian from bullseye-20230208-slim to bullseye-20230227-slim in /src/main/docker commit 3d208f6 Author: Sahiba Mittal <sahiba.mittal@citi.com> Date: Wed Mar 8 13:12:26 2023 +0000 Add support for vulnerability ID policy condition (DependencyTrack#2570) * add vulnerability id in policy condition Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * fix test Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * update violation type Signed-off-by: sahibamittal <sahiba.mittal@citi.com> --------- Signed-off-by: sahibamittal <sahiba.mittal@citi.com> Closes DependencyTrack#2557 commit 416f824 Merge: f35b129 e49d539 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 13:10:46 2023 +0000 Merge pull request DependencyTrack#2576 from syalioune/fix/issue-2420-empty-mail-content Fix: Null subject on project audit change notification mails Closes DependencyTrack#2420 commit 3a71894 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 10:28:07 2023 +0100 Feature: Handle repository meta analyzers errors gracefully Taking review comments into account : logic inversion. Retryable exceptions should be explicitly declared. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit e49d539 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 09:51:07 2023 +0100 Fix: Null subject on project audit change notification mails See DependencyTrack#2420 for details Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit f35b129 Merge: 64e0f99 8e72253 Author: Niklas <nscuro@protonmail.com> Date: Tue Mar 7 15:54:39 2023 +0000 Merge pull request DependencyTrack#2532 from lme-nca/bugfix/issue_2424_add_do_not_reactivate_flag add DefectDojo "do not reactivate" flag, fixes issue 2424 Closes DependencyTrack#2424 commit 066ec81 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 6 09:00:00 2023 +0000 Bump debian in /src/main/docker Bumps debian from bullseye-20230208-slim to bullseye-20230227-slim. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> commit baf9b37 Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 5 12:53:08 2023 +0100 Feature: Handle repository meta analyzers errors gracefully See DependencyTrack#2456. Allowing CacheStampedeBlocker to not retry on specific exceptions and applying that on repometa analyzer. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 52b2f01 Author: nscuro <nscuro@protonmail.com> Date: Sat Mar 4 20:57:17 2023 +0100 Add developer docs for database inspection Signed-off-by: nscuro <nscuro@protonmail.com> commit 8e72253 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Fri Mar 3 16:39:59 2023 +0100 do not reactivate flag documentation Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com> commit c480335 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Mon Feb 27 11:46:56 2023 +0100 add do not reactivate flag Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com>
sahibamittal
added a commit
to sahibamittal/dependency-track
that referenced
this issue
Apr 6, 2023
commit d29ab68 Merge: 43be7bb e867283 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 4 18:28:30 2023 +0200 Merge pull request DependencyTrack#2633 from nscuro/health-check Add health endpoint commit 43be7bb Merge: 8c825bd ea693f9 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 4 18:28:08 2023 +0200 Merge pull request DependencyTrack#2635 from DependencyTrack/dependabot/github_actions/actions/setup-java-3.11.0 Bump actions/setup-java from 3.10.0 to 3.11.0 commit ea693f9 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Apr 3 08:58:34 2023 +0000 Bump actions/setup-java from 3.10.0 to 3.11.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3.10.0 to 3.11.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v3.10.0...v3.11.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 8c825bd Merge: 83c8e89 d78826b Author: Niklas <nscuro@protonmail.com> Date: Sat Apr 1 23:19:33 2023 +0200 Merge pull request DependencyTrack#2631 from ch8matt/master fix project URL in mail & cisco webex commit e867283 Author: nscuro <nscuro@protonmail.com> Date: Sat Apr 1 16:21:19 2023 +0200 Add health check documentation Signed-off-by: nscuro <nscuro@protonmail.com> commit 9c9cb4c Author: nscuro <nscuro@protonmail.com> Date: Fri Mar 31 21:18:33 2023 +0200 Add health endpoint Also reduce default health check interval in Dockerfile from 5m to 30s Signed-off-by: nscuro <nscuro@protonmail.com> commit d78826b Author: ch8matt <g.matthieu49@gmail.com> Date: Tue Mar 28 18:10:53 2023 +0200 fix project URL in mail & cisco webex Signed-off-by: ch8matt <g.matthieu49@gmail.com> commit 83c8e89 Merge: 6c752b9 cc888ba Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:56:19 2023 +0200 Merge pull request DependencyTrack#2618 from DependencyTrack/dependabot/maven/org.apache.commons-commons-compress-1.23.0 Bump commons-compress from 1.22 to 1.23.0 commit 6c752b9 Merge: 485abde 3136353 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:44 2023 +0200 Merge pull request DependencyTrack#2620 from DependencyTrack/dependabot/maven/net.javacrumbs.json-unit-json-unit-assertj-2.37.0 Bump json-unit-assertj from 2.36.1 to 2.37.0 commit 485abde Merge: 6dc7244 298497b Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:28 2023 +0200 Merge pull request DependencyTrack#2624 from DependencyTrack/dependabot/github_actions/actions/checkout-3.5.0 Bump actions/checkout from 3.4.0 to 3.5.0 commit 6dc7244 Merge: 61c6538 c092419 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:11 2023 +0200 Merge pull request DependencyTrack#2625 from DependencyTrack/dependabot/docker/src/main/docker/debian-bullseye-20230320-slim Bump debian from bullseye-20230227-slim to bullseye-20230320-slim in /src/main/docker commit 61c6538 Merge: 09d3492 09ee0b0 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:53:57 2023 +0200 Merge pull request DependencyTrack#2626 from Citi/map-published-date-snyk-parsing Map Snyk publication time commit 09ee0b0 Author: sahibamittal <sahiba.mittal@citi.com> Date: Mon Mar 27 13:21:57 2023 +0100 map Snyk publication time Signed-off-by: sahibamittal <sahiba.mittal@citi.com> commit c092419 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 27 08:59:06 2023 +0000 Bump debian in /src/main/docker Bumps debian from bullseye-20230227-slim to bullseye-20230320-slim. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> commit 298497b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 27 08:58:32 2023 +0000 Bump actions/checkout from 3.4.0 to 3.5.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 3136353 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Mar 24 08:57:10 2023 +0000 Bump json-unit-assertj from 2.36.1 to 2.37.0 Bumps [json-unit-assertj](https://github.com/lukas-krecan/JsonUnit) from 2.36.1 to 2.37.0. - [Release notes](https://github.com/lukas-krecan/JsonUnit/releases) - [Commits](lukas-krecan/JsonUnit@json-unit-parent-2.36.1...json-unit-parent-2.37.0) --- updated-dependencies: - dependency-name: net.javacrumbs.json-unit:json-unit-assertj dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 09d3492 Merge: 8a4b59a 946ff0f Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 23 10:56:28 2023 +0100 Merge pull request DependencyTrack#2617 from nscuro/issue-2494 Prevent dependency graph deletion during CycloneDX export commit cc888ba Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Mar 23 08:58:52 2023 +0000 Bump commons-compress from 1.22 to 1.23.0 Bumps commons-compress from 1.22 to 1.23.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 8a4b59a Merge: 7a6de03 0e82216 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:15:42 2023 +0100 Merge pull request DependencyTrack#2610 from Mvld3r/issue-2313-move-jira-configuration Fix: Move jira configuration commit 7a6de03 Merge: 2295e35 ef4f026 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:20 2023 +0100 Merge pull request DependencyTrack#2608 from DependencyTrack/dependabot/github_actions/actions/checkout-3.4.0 Bump actions/checkout from 3.3.0 to 3.4.0 commit 2295e35 Merge: 0f14594 9118e2d Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:08 2023 +0100 Merge pull request DependencyTrack#2607 from DependencyTrack/dependabot/maven/org.slf4j-log4j-over-slf4j-2.0.7 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 commit 0f14594 Merge: 7a789d5 615141c Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:12:46 2023 +0100 Merge pull request DependencyTrack#2606 from DependencyTrack/dependabot/maven/org.apache.maven-maven-artifact-3.9.1 Bump maven-artifact from 3.9.0 to 3.9.1 commit 7a789d5 Author: rbt-mm <113189967+rbt-mm@users.noreply.github.com> Date: Wed Mar 22 20:11:36 2023 +0100 Add `BOM_PROCESSING_FAILED` notification (DependencyTrack#2600) * Add BOM_PROCESSING_FAILED notification A new notification is sent if the notification rule includes the notification group BOM_PROCESSING_FAILED and if an error happens during the upload of a BOM. Signed-off-by: RBickert <rbt@mm-software.com> * Add project url and exception to new notification Signed-off-by: RBickert <rbt@mm-software.com> * Add BOM format and specVersion Detach `bomProcessingFailedProject` Rename `exception` to `cause` Signed-off-by: RBickert <rbt@mm-software.com> --------- Signed-off-by: RBickert <rbt@mm-software.com> commit 7fd47cd Merge: 5c7200c 2226f41 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:07:58 2023 +0100 Merge pull request DependencyTrack#2561 from nscuro/db-inspect-dev-docs Add developer docs for database inspection commit 2226f41 Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 19:38:47 2023 +0100 Update docs with h2 console instructions Signed-off-by: nscuro <nscuro@protonmail.com> commit 946ff0f Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 18:57:11 2023 +0100 Prevent dependency graph deletion during CycloneDX export Fixes DependencyTrack#2494 Fixes DependencyTrack#2546 Signed-off-by: nscuro <nscuro@protonmail.com> commit 0e82216 Author: Enora Germond <enora.germond@deveryware.com> Date: Thu Mar 16 14:06:30 2023 +0100 Fix: Move jira configuration Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit ef4f026 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 09:00:38 2023 +0000 Bump actions/checkout from 3.3.0 to 3.4.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 9118e2d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:39 2023 +0000 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 Bumps [log4j-over-slf4j](https://github.com/qos-ch/slf4j) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/commits) --- updated-dependencies: - dependency-name: org.slf4j:log4j-over-slf4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 615141c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:27 2023 +0000 Bump maven-artifact from 3.9.0 to 3.9.1 Bumps [maven-artifact](https://github.com/apache/maven) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.9.0...maven-3.9.1) --- updated-dependencies: - dependency-name: org.apache.maven:maven-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 5c7200c Merge: f7ad3b1 fabed3e Author: Niklas <nscuro@protonmail.com> Date: Sun Mar 19 22:03:17 2023 +0100 Merge pull request DependencyTrack#2592 from syalioune/feature/enabling-h2-web-console-usage Feature: Allow H2 web console usage for dev purposes commit fabed3e Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 19 16:16:16 2023 +0100 Feature: Allow H2 web console usage for dev purposes Taking into account review comments : conditional activation based on a maven profile Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit f7ad3b1 Merge: 56e41f0 54e30e0 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:35:49 2023 +0100 Merge pull request DependencyTrack#2593 from walterdeboer/feature/639 Support for CPAN repository commit 56e41f0 Merge: e94cf55 467c81d Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:31 2023 +0100 Merge pull request DependencyTrack#2597 from DependencyTrack/dependabot/github_actions/docker/setup-buildx-action-2.5.0 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 commit e94cf55 Merge: 3f5bbcd 0971956 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:08 2023 +0100 Merge pull request DependencyTrack#2598 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.9.2 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 commit 3f5bbcd Merge: 3a5989a 61c9369 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:33:53 2023 +0100 Merge pull request DependencyTrack#2603 from Mvld3r/issue-2488-component-author-length Fix: Allow component author to be larger than 255 characters commit 61c9369 Author: Enora Germond <enora.germond@deveryware.com> Date: Tue Mar 14 18:24:30 2023 +0100 Fix: Allow component author to be larger than 255 characters Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit 54e30e0 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Mon Mar 13 08:33:29 2023 +0100 Removed invallid cpan support from SnykAnalysisTask Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 0971956 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:59:02 2023 +0000 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.9.1...0.9.2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 467c81d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:58:57 2023 +0000 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit d324a67 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sun Mar 12 00:34:31 2023 +0100 Support for CPAN repository Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 3a5989a Merge: e47c1d2 3a71894 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:11:58 2023 +0100 Merge pull request DependencyTrack#2563 from syalioune/feature/2456-handle-analyzer-errors-gracefully Feature: Handle repository meta analyzers errors gracefully commit e47c1d2 Merge: 48adb8b ca74c26 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:47 2023 +0100 Merge pull request DependencyTrack#2584 from nscuro/issue-2583 Fix invalid query filter assembly commit 48adb8b Merge: c486415 d3cc980 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:24 2023 +0100 Merge pull request DependencyTrack#2585 from Citi/Issue-2571-map-snyk-remedies Issue-2571 : map Snyk remedies to recommendation Closes DependencyTrack#2571 commit c486415 Merge: 97121d4 16cf3d6 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:49 2023 +0100 Merge pull request DependencyTrack#2586 from Citi/feature/fixPolicyEngineIssue Minor bugfix for PolicyEngine commit 97121d4 Merge: 9a5645a 37fb7c3 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:00 2023 +0100 Merge pull request DependencyTrack#2594 from walterdeboer/issues/2587 Match null values commit 37fb7c3 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:24:41 2023 +0100 Match null tags Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 91fa7e5 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:10:08 2023 +0100 Match null values Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit d36df15 Author: syalioune <sy_alioune@yahoo.fr> Date: Fri Mar 10 22:05:42 2023 +0100 Feature: Allow H2 web console usage for dev purposes Toggle H2 web servlet exposure and alpine web filters related configuration for dev environment Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 16cf3d6 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 15:06:41 2023 +0000 addressing review comments Signed-off-by: mehab <meha.bhargava@citi.com> commit d3cc980 Author: sahibamittal <sahiba.mittal@citi.com> Date: Thu Mar 9 12:11:01 2023 +0000 map Snyk remedies to recommendation Signed-off-by: sahibamittal <sahiba.mittal@citi.com> commit 1adb397 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 11:28:54 2023 +0000 added bugfix for isPolicyAssignedToProjectTag to scan through all project tags Signed-off-by: mehab <meha.bhargava@citi.com> commit ca74c26 Author: nscuro <nscuro@protonmail.com> Date: Thu Mar 9 11:46:41 2023 +0100 Fix invalid query filter assembly Fixes DependencyTrack#2583 Signed-off-by: nscuro <nscuro@protonmail.com> commit 9a5645a Merge: 3d208f6 066ec81 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 17:27:13 2023 +0000 Merge pull request DependencyTrack#2564 from DependencyTrack/dependabot/docker/src/main/docker/debian-bullseye-20230227-slim Bump debian from bullseye-20230208-slim to bullseye-20230227-slim in /src/main/docker commit 3d208f6 Author: Sahiba Mittal <sahiba.mittal@citi.com> Date: Wed Mar 8 13:12:26 2023 +0000 Add support for vulnerability ID policy condition (DependencyTrack#2570) * add vulnerability id in policy condition Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * fix test Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * update violation type Signed-off-by: sahibamittal <sahiba.mittal@citi.com> --------- Signed-off-by: sahibamittal <sahiba.mittal@citi.com> Closes DependencyTrack#2557 commit 416f824 Merge: f35b129 e49d539 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 13:10:46 2023 +0000 Merge pull request DependencyTrack#2576 from syalioune/fix/issue-2420-empty-mail-content Fix: Null subject on project audit change notification mails Closes DependencyTrack#2420 commit 3a71894 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 10:28:07 2023 +0100 Feature: Handle repository meta analyzers errors gracefully Taking review comments into account : logic inversion. Retryable exceptions should be explicitly declared. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit e49d539 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 09:51:07 2023 +0100 Fix: Null subject on project audit change notification mails See DependencyTrack#2420 for details Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit f35b129 Merge: 64e0f99 8e72253 Author: Niklas <nscuro@protonmail.com> Date: Tue Mar 7 15:54:39 2023 +0000 Merge pull request DependencyTrack#2532 from lme-nca/bugfix/issue_2424_add_do_not_reactivate_flag add DefectDojo "do not reactivate" flag, fixes issue 2424 Closes DependencyTrack#2424 commit 066ec81 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 6 09:00:00 2023 +0000 Bump debian in /src/main/docker Bumps debian from bullseye-20230208-slim to bullseye-20230227-slim. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> commit baf9b37 Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 5 12:53:08 2023 +0100 Feature: Handle repository meta analyzers errors gracefully See DependencyTrack#2456. Allowing CacheStampedeBlocker to not retry on specific exceptions and applying that on repometa analyzer. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 52b2f01 Author: nscuro <nscuro@protonmail.com> Date: Sat Mar 4 20:57:17 2023 +0100 Add developer docs for database inspection Signed-off-by: nscuro <nscuro@protonmail.com> commit 8e72253 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Fri Mar 3 16:39:59 2023 +0100 do not reactivate flag documentation Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com> commit c480335 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Mon Feb 27 11:46:56 2023 +0100 add do not reactivate flag Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com>
sahibamittal
added a commit
to sahibamittal/dependency-track
that referenced
this issue
Apr 12, 2023
commit a7f499a Merge: c10153f 22c2844 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 21:15:47 2023 +0200 Merge pull request DependencyTrack#2549 from syalioune/fix/issue-2538-vex-for-all-sources Fix: Allowing VEX import to audit all vulnerability sources Fixes DependencyTrack#2538 commit c10153f Merge: 695b6f2 2962fc7 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 21:12:51 2023 +0200 Merge pull request DependencyTrack#2665 from mvandermade/use-component-for-msteams Change dependency to component to show info again Closes DependencyTrack#2638 commit 22c2844 Author: syalioune <sy_alioune@yahoo.fr> Date: Tue Apr 11 19:55:50 2023 +0200 Fix: Allowing VEX import to audit all vulnerability sources Taking into account code review comments Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 4db8420 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 11:14:27 2023 +0100 Fix: Allowing VEX import to audit all vulnerability sources Taking into account Steve insights Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 8820f9b Author: syalioune <sy_alioune@yahoo.fr> Date: Thu Mar 2 11:14:30 2023 +0100 Fix: Allowing VEX import to audit all vulnerability sources See DependencyTrack#2538 for details Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 2962fc7 Author: mvandermade <33425497+mvandermade@users.noreply.github.com> Date: Tue Apr 11 15:35:27 2023 +0200 Change dependency to component to show info again For MSTeams plugin Signed-off-by: mvandermade <33425497+mvandermade@users.noreply.github.com> commit 695b6f2 Merge: 7fbc063 9c4c339 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 12:34:18 2023 +0200 Merge pull request DependencyTrack#2545 from Hunroll/master Allow specifying parent project for autocreated projects (bom upload) commit 7fbc063 Merge: 169acce 4877351 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 08:21:58 2023 +0200 Merge pull request DependencyTrack#2661 from nscuro/bom-processing-failed-test commit 169acce Merge: 8f7fb01 d29e082 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 11 08:21:27 2023 +0200 Merge pull request DependencyTrack#2662 from nscuro/bump-temurin commit d29e082 Author: nscuro <nscuro@protonmail.com> Date: Mon Apr 10 21:54:16 2023 +0200 Bump temurin base image to 17.0.6_10 Signed-off-by: nscuro <nscuro@protonmail.com> commit 4877351 Author: nscuro <nscuro@protonmail.com> Date: Mon Apr 10 21:04:23 2023 +0200 Add test to verify that the `BOM_PROCESSING_FAILED` notification is triggered as expected Signed-off-by: nscuro <nscuro@protonmail.com> commit 8f7fb01 Merge: a2df9ca 15d0958 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 12:42:28 2023 +0200 Merge pull request DependencyTrack#2646 from DependencyTrack/dependabot/maven/org.cyclonedx-cyclonedx-core-java-7.3.2 Bump cyclonedx-core-java from 7.3.0 to 7.3.2 commit a2df9ca Merge: 92cb66e d94d7f9 Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 12:42:11 2023 +0200 Merge pull request DependencyTrack#2645 from DependencyTrack/dependabot/maven/org.mock-server-mockserver-netty-5.15.0 Bump mockserver-netty from 5.14.0 to 5.15.0 commit 92cb66e Merge: f14b08d cff912a Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 12:41:57 2023 +0200 Merge pull request DependencyTrack#2644 from DependencyTrack/dependabot/maven/com.puppycrawl.tools-checkstyle-10.9.3 Bump checkstyle from 10.6.0 to 10.9.3 commit f14b08d Merge: d29ab68 19bcaaf Author: Niklas <nscuro@protonmail.com> Date: Mon Apr 10 12:41:43 2023 +0200 Merge pull request DependencyTrack#2643 from DependencyTrack/dependabot/maven/lib.resilience4j.version-2.0.2 Bump lib.resilience4j.version from 2.0.1 to 2.0.2 commit 15d0958 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 7 09:16:53 2023 +0000 Bump cyclonedx-core-java from 7.3.0 to 7.3.2 Bumps [cyclonedx-core-java](https://github.com/CycloneDX/cyclonedx-core-java) from 7.3.0 to 7.3.2. - [Release notes](https://github.com/CycloneDX/cyclonedx-core-java/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-core-java/blob/master/CHANGELOG.md) - [Commits](CycloneDX/cyclonedx-core-java@cyclonedx-core-java-7.3.0...cyclonedx-core-java-7.3.2) --- updated-dependencies: - dependency-name: org.cyclonedx:cyclonedx-core-java dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit d94d7f9 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 7 09:16:20 2023 +0000 Bump mockserver-netty from 5.14.0 to 5.15.0 Bumps [mockserver-netty](https://github.com/jamesdbloom/mockservice) from 5.14.0 to 5.15.0. - [Release notes](https://github.com/jamesdbloom/mockservice/releases) - [Changelog](https://github.com/mock-server/mockserver/blob/master/changelog.md) - [Commits](mock-server/mockserver@mockserver-5.14.0...mockserver-5.15.0) --- updated-dependencies: - dependency-name: org.mock-server:mockserver-netty dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit cff912a Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 7 09:08:24 2023 +0000 Bump checkstyle from 10.6.0 to 10.9.3 Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 10.6.0 to 10.9.3. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](checkstyle/checkstyle@checkstyle-10.6.0...checkstyle-10.9.3) --- updated-dependencies: - dependency-name: com.puppycrawl.tools:checkstyle dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 19bcaaf Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Apr 7 09:02:29 2023 +0000 Bump lib.resilience4j.version from 2.0.1 to 2.0.2 Bumps `lib.resilience4j.version` from 2.0.1 to 2.0.2. Updates `resilience4j-retry` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/resilience4j/resilience4j/releases) - [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc) - [Commits](resilience4j/resilience4j@v2.0.1...v2.0.2) Updates `resilience4j-ratelimiter` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/resilience4j/resilience4j/releases) - [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc) - [Commits](resilience4j/resilience4j@v2.0.1...v2.0.2) Updates `resilience4j-micrometer` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/resilience4j/resilience4j/releases) - [Changelog](https://github.com/resilience4j/resilience4j/blob/master/RELEASENOTES.adoc) - [Commits](resilience4j/resilience4j@v2.0.1...v2.0.2) --- updated-dependencies: - dependency-name: io.github.resilience4j:resilience4j-retry dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.github.resilience4j:resilience4j-ratelimiter dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.github.resilience4j:resilience4j-micrometer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit d29ab68 Merge: 43be7bb e867283 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 4 18:28:30 2023 +0200 Merge pull request DependencyTrack#2633 from nscuro/health-check Add health endpoint commit 43be7bb Merge: 8c825bd ea693f9 Author: Niklas <nscuro@protonmail.com> Date: Tue Apr 4 18:28:08 2023 +0200 Merge pull request DependencyTrack#2635 from DependencyTrack/dependabot/github_actions/actions/setup-java-3.11.0 Bump actions/setup-java from 3.10.0 to 3.11.0 commit ea693f9 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Apr 3 08:58:34 2023 +0000 Bump actions/setup-java from 3.10.0 to 3.11.0 Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3.10.0 to 3.11.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v3.10.0...v3.11.0) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 8c825bd Merge: 83c8e89 d78826b Author: Niklas <nscuro@protonmail.com> Date: Sat Apr 1 23:19:33 2023 +0200 Merge pull request DependencyTrack#2631 from ch8matt/master fix project URL in mail & cisco webex commit e867283 Author: nscuro <nscuro@protonmail.com> Date: Sat Apr 1 16:21:19 2023 +0200 Add health check documentation Signed-off-by: nscuro <nscuro@protonmail.com> commit 9c9cb4c Author: nscuro <nscuro@protonmail.com> Date: Fri Mar 31 21:18:33 2023 +0200 Add health endpoint Also reduce default health check interval in Dockerfile from 5m to 30s Signed-off-by: nscuro <nscuro@protonmail.com> commit d78826b Author: ch8matt <g.matthieu49@gmail.com> Date: Tue Mar 28 18:10:53 2023 +0200 fix project URL in mail & cisco webex Signed-off-by: ch8matt <g.matthieu49@gmail.com> commit 83c8e89 Merge: 6c752b9 cc888ba Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:56:19 2023 +0200 Merge pull request DependencyTrack#2618 from DependencyTrack/dependabot/maven/org.apache.commons-commons-compress-1.23.0 Bump commons-compress from 1.22 to 1.23.0 commit 6c752b9 Merge: 485abde 3136353 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:44 2023 +0200 Merge pull request DependencyTrack#2620 from DependencyTrack/dependabot/maven/net.javacrumbs.json-unit-json-unit-assertj-2.37.0 Bump json-unit-assertj from 2.36.1 to 2.37.0 commit 485abde Merge: 6dc7244 298497b Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:28 2023 +0200 Merge pull request DependencyTrack#2624 from DependencyTrack/dependabot/github_actions/actions/checkout-3.5.0 Bump actions/checkout from 3.4.0 to 3.5.0 commit 6dc7244 Merge: 61c6538 c092419 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:54:11 2023 +0200 Merge pull request DependencyTrack#2625 from DependencyTrack/dependabot/docker/src/main/docker/debian-bullseye-20230320-slim Bump debian from bullseye-20230227-slim to bullseye-20230320-slim in /src/main/docker commit 61c6538 Merge: 09d3492 09ee0b0 Author: Niklas <nscuro@protonmail.com> Date: Mon Mar 27 19:53:57 2023 +0200 Merge pull request DependencyTrack#2626 from Citi/map-published-date-snyk-parsing Map Snyk publication time commit 9c4c339 Author: Anton Soroka <hunroll16@gmail.com> Date: Mon Mar 27 19:59:36 2023 +0300 Codestyle correction Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit de5ca28 Merge: e1990e3 09d3492 Author: Anton Soroka <hunroll16@gmail.com> Date: Mon Mar 27 19:42:07 2023 +0300 Merge remote-tracking branch 'origin/master' Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit e1990e3 Author: Anton Soroka <hunroll16@gmail.com> Date: Mon Mar 27 18:56:06 2023 +0300 Fixed tests Also extended PUT method uploadBom with parent. Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit 09ee0b0 Author: sahibamittal <sahiba.mittal@citi.com> Date: Mon Mar 27 13:21:57 2023 +0100 map Snyk publication time Signed-off-by: sahibamittal <sahiba.mittal@citi.com> commit c092419 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 27 08:59:06 2023 +0000 Bump debian in /src/main/docker Bumps debian from bullseye-20230227-slim to bullseye-20230320-slim. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> commit 298497b Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 27 08:58:32 2023 +0000 Bump actions/checkout from 3.4.0 to 3.5.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.4.0...v3.5.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 3136353 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri Mar 24 08:57:10 2023 +0000 Bump json-unit-assertj from 2.36.1 to 2.37.0 Bumps [json-unit-assertj](https://github.com/lukas-krecan/JsonUnit) from 2.36.1 to 2.37.0. - [Release notes](https://github.com/lukas-krecan/JsonUnit/releases) - [Commits](lukas-krecan/JsonUnit@json-unit-parent-2.36.1...json-unit-parent-2.37.0) --- updated-dependencies: - dependency-name: net.javacrumbs.json-unit:json-unit-assertj dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 09d3492 Merge: 8a4b59a 946ff0f Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 23 10:56:28 2023 +0100 Merge pull request DependencyTrack#2617 from nscuro/issue-2494 Prevent dependency graph deletion during CycloneDX export commit cc888ba Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu Mar 23 08:58:52 2023 +0000 Bump commons-compress from 1.22 to 1.23.0 Bumps commons-compress from 1.22 to 1.23.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-compress dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 8a4b59a Merge: 7a6de03 0e82216 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:15:42 2023 +0100 Merge pull request DependencyTrack#2610 from Mvld3r/issue-2313-move-jira-configuration Fix: Move jira configuration commit 7a6de03 Merge: 2295e35 ef4f026 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:20 2023 +0100 Merge pull request DependencyTrack#2608 from DependencyTrack/dependabot/github_actions/actions/checkout-3.4.0 Bump actions/checkout from 3.3.0 to 3.4.0 commit 2295e35 Merge: 0f14594 9118e2d Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:13:08 2023 +0100 Merge pull request DependencyTrack#2607 from DependencyTrack/dependabot/maven/org.slf4j-log4j-over-slf4j-2.0.7 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 commit 0f14594 Merge: 7a789d5 615141c Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:12:46 2023 +0100 Merge pull request DependencyTrack#2606 from DependencyTrack/dependabot/maven/org.apache.maven-maven-artifact-3.9.1 Bump maven-artifact from 3.9.0 to 3.9.1 commit 7a789d5 Author: rbt-mm <113189967+rbt-mm@users.noreply.github.com> Date: Wed Mar 22 20:11:36 2023 +0100 Add `BOM_PROCESSING_FAILED` notification (DependencyTrack#2600) * Add BOM_PROCESSING_FAILED notification A new notification is sent if the notification rule includes the notification group BOM_PROCESSING_FAILED and if an error happens during the upload of a BOM. Signed-off-by: RBickert <rbt@mm-software.com> * Add project url and exception to new notification Signed-off-by: RBickert <rbt@mm-software.com> * Add BOM format and specVersion Detach `bomProcessingFailedProject` Rename `exception` to `cause` Signed-off-by: RBickert <rbt@mm-software.com> --------- Signed-off-by: RBickert <rbt@mm-software.com> commit 7fd47cd Merge: 5c7200c 2226f41 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 22 20:07:58 2023 +0100 Merge pull request DependencyTrack#2561 from nscuro/db-inspect-dev-docs Add developer docs for database inspection commit 2226f41 Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 19:38:47 2023 +0100 Update docs with h2 console instructions Signed-off-by: nscuro <nscuro@protonmail.com> commit 946ff0f Author: nscuro <nscuro@protonmail.com> Date: Wed Mar 22 18:57:11 2023 +0100 Prevent dependency graph deletion during CycloneDX export Fixes DependencyTrack#2494 Fixes DependencyTrack#2546 Signed-off-by: nscuro <nscuro@protonmail.com> commit 0e82216 Author: Enora Germond <enora.germond@deveryware.com> Date: Thu Mar 16 14:06:30 2023 +0100 Fix: Move jira configuration Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit ef4f026 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 09:00:38 2023 +0000 Bump actions/checkout from 3.3.0 to 3.4.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit 9118e2d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:39 2023 +0000 Bump log4j-over-slf4j from 2.0.6 to 2.0.7 Bumps [log4j-over-slf4j](https://github.com/qos-ch/slf4j) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/qos-ch/slf4j/releases) - [Commits](https://github.com/qos-ch/slf4j/commits) --- updated-dependencies: - dependency-name: org.slf4j:log4j-over-slf4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 615141c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 20 08:57:27 2023 +0000 Bump maven-artifact from 3.9.0 to 3.9.1 Bumps [maven-artifact](https://github.com/apache/maven) from 3.9.0 to 3.9.1. - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.9.0...maven-3.9.1) --- updated-dependencies: - dependency-name: org.apache.maven:maven-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 5c7200c Merge: f7ad3b1 fabed3e Author: Niklas <nscuro@protonmail.com> Date: Sun Mar 19 22:03:17 2023 +0100 Merge pull request DependencyTrack#2592 from syalioune/feature/enabling-h2-web-console-usage Feature: Allow H2 web console usage for dev purposes commit fabed3e Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 19 16:16:16 2023 +0100 Feature: Allow H2 web console usage for dev purposes Taking into account review comments : conditional activation based on a maven profile Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 0a0dd40 Author: Anton Soroka <hunroll16@gmail.com> Date: Fri Mar 17 20:03:37 2023 +0200 Added a test for bom upload with autocreation of project as a child. Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit 0a461b6 Author: Anton Soroka <hunroll16@gmail.com> Date: Fri Mar 17 17:39:08 2023 +0200 Added access control check for parent project Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit f7ad3b1 Merge: 56e41f0 54e30e0 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:35:49 2023 +0100 Merge pull request DependencyTrack#2593 from walterdeboer/feature/639 Support for CPAN repository commit 56e41f0 Merge: e94cf55 467c81d Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:31 2023 +0100 Merge pull request DependencyTrack#2597 from DependencyTrack/dependabot/github_actions/docker/setup-buildx-action-2.5.0 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 commit e94cf55 Merge: 3f5bbcd 0971956 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:34:08 2023 +0100 Merge pull request DependencyTrack#2598 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.9.2 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 commit 3f5bbcd Merge: 3a5989a 61c9369 Author: Niklas <nscuro@protonmail.com> Date: Thu Mar 16 21:33:53 2023 +0100 Merge pull request DependencyTrack#2603 from Mvld3r/issue-2488-component-author-length Fix: Allow component author to be larger than 255 characters commit 61c9369 Author: Enora Germond <enora.germond@deveryware.com> Date: Tue Mar 14 18:24:30 2023 +0100 Fix: Allow component author to be larger than 255 characters Signed-off-by: Enora Germond <enora.germond@deveryware.com> commit 54e30e0 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Mon Mar 13 08:33:29 2023 +0100 Removed invallid cpan support from SnykAnalysisTask Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 0971956 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:59:02 2023 +0000 Bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.9.1...0.9.2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> commit 467c81d Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 13 08:58:57 2023 +0000 Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> commit d324a67 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sun Mar 12 00:34:31 2023 +0100 Support for CPAN repository Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 3a5989a Merge: e47c1d2 3a71894 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:11:58 2023 +0100 Merge pull request DependencyTrack#2563 from syalioune/feature/2456-handle-analyzer-errors-gracefully Feature: Handle repository meta analyzers errors gracefully commit e47c1d2 Merge: 48adb8b ca74c26 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:47 2023 +0100 Merge pull request DependencyTrack#2584 from nscuro/issue-2583 Fix invalid query filter assembly commit 48adb8b Merge: c486415 d3cc980 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:07:24 2023 +0100 Merge pull request DependencyTrack#2585 from Citi/Issue-2571-map-snyk-remedies Issue-2571 : map Snyk remedies to recommendation Closes DependencyTrack#2571 commit c486415 Merge: 97121d4 16cf3d6 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:49 2023 +0100 Merge pull request DependencyTrack#2586 from Citi/feature/fixPolicyEngineIssue Minor bugfix for PolicyEngine commit 97121d4 Merge: 9a5645a 37fb7c3 Author: Niklas <nscuro@protonmail.com> Date: Sat Mar 11 21:06:00 2023 +0100 Merge pull request DependencyTrack#2594 from walterdeboer/issues/2587 Match null values commit 37fb7c3 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:24:41 2023 +0100 Match null tags Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit 91fa7e5 Author: Walter de Boer <walterdeboer@dbso.nl> Date: Sat Mar 11 16:10:08 2023 +0100 Match null values Signed-off-by: Walter de Boer <walterdeboer@dbso.nl> commit d36df15 Author: syalioune <sy_alioune@yahoo.fr> Date: Fri Mar 10 22:05:42 2023 +0100 Feature: Allow H2 web console usage for dev purposes Toggle H2 web servlet exposure and alpine web filters related configuration for dev environment Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 16cf3d6 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 15:06:41 2023 +0000 addressing review comments Signed-off-by: mehab <meha.bhargava@citi.com> commit d3cc980 Author: sahibamittal <sahiba.mittal@citi.com> Date: Thu Mar 9 12:11:01 2023 +0000 map Snyk remedies to recommendation Signed-off-by: sahibamittal <sahiba.mittal@citi.com> commit 1adb397 Author: mehab <meha.bhargava@citi.com> Date: Thu Mar 9 11:28:54 2023 +0000 added bugfix for isPolicyAssignedToProjectTag to scan through all project tags Signed-off-by: mehab <meha.bhargava@citi.com> commit ca74c26 Author: nscuro <nscuro@protonmail.com> Date: Thu Mar 9 11:46:41 2023 +0100 Fix invalid query filter assembly Fixes DependencyTrack#2583 Signed-off-by: nscuro <nscuro@protonmail.com> commit 9a5645a Merge: 3d208f6 066ec81 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 17:27:13 2023 +0000 Merge pull request DependencyTrack#2564 from DependencyTrack/dependabot/docker/src/main/docker/debian-bullseye-20230227-slim Bump debian from bullseye-20230208-slim to bullseye-20230227-slim in /src/main/docker commit 3d208f6 Author: Sahiba Mittal <sahiba.mittal@citi.com> Date: Wed Mar 8 13:12:26 2023 +0000 Add support for vulnerability ID policy condition (DependencyTrack#2570) * add vulnerability id in policy condition Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * fix test Signed-off-by: sahibamittal <sahiba.mittal@citi.com> * update violation type Signed-off-by: sahibamittal <sahiba.mittal@citi.com> --------- Signed-off-by: sahibamittal <sahiba.mittal@citi.com> Closes DependencyTrack#2557 commit 416f824 Merge: f35b129 e49d539 Author: Niklas <nscuro@protonmail.com> Date: Wed Mar 8 13:10:46 2023 +0000 Merge pull request DependencyTrack#2576 from syalioune/fix/issue-2420-empty-mail-content Fix: Null subject on project audit change notification mails Closes DependencyTrack#2420 commit 3a71894 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 10:28:07 2023 +0100 Feature: Handle repository meta analyzers errors gracefully Taking review comments into account : logic inversion. Retryable exceptions should be explicitly declared. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit e49d539 Author: syalioune <sy_alioune@yahoo.fr> Date: Wed Mar 8 09:51:07 2023 +0100 Fix: Null subject on project audit change notification mails See DependencyTrack#2420 for details Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit f35b129 Merge: 64e0f99 8e72253 Author: Niklas <nscuro@protonmail.com> Date: Tue Mar 7 15:54:39 2023 +0000 Merge pull request DependencyTrack#2532 from lme-nca/bugfix/issue_2424_add_do_not_reactivate_flag add DefectDojo "do not reactivate" flag, fixes issue 2424 Closes DependencyTrack#2424 commit 066ec81 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Mar 6 09:00:00 2023 +0000 Bump debian in /src/main/docker Bumps debian from bullseye-20230208-slim to bullseye-20230227-slim. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> commit baf9b37 Author: syalioune <sy_alioune@yahoo.fr> Date: Sun Mar 5 12:53:08 2023 +0100 Feature: Handle repository meta analyzers errors gracefully See DependencyTrack#2456. Allowing CacheStampedeBlocker to not retry on specific exceptions and applying that on repometa analyzer. Signed-off-by: syalioune <sy_alioune@yahoo.fr> commit 52b2f01 Author: nscuro <nscuro@protonmail.com> Date: Sat Mar 4 20:57:17 2023 +0100 Add developer docs for database inspection Signed-off-by: nscuro <nscuro@protonmail.com> commit 8e72253 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Fri Mar 3 16:39:59 2023 +0100 do not reactivate flag documentation Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com> commit 3c35c85 Author: Anton <Hunroll16@gmail.com> Date: Wed Mar 1 18:23:07 2023 +0200 Extend POST /api/v1/bom (uploadBom) to select ParentProject for autocreated projects. Added 3 params: parentName, parentVersion, parentUUID. If parentUUID is specified, it is used to find parent project and attach it to newly created one. If not, parentName and parentVersion are used. If parentUUID or parentName were specified but such project does not exist, 404 is returned. Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit b0662c3 Author: Anton <Hunroll16@gmail.com> Date: Wed Mar 1 18:52:22 2023 +0200 Updated documentation for POST /v1/bom Added a sample of autocreating project as a child to some other project/version Signed-off-by: Anton Soroka <hunroll16@gmail.com> commit c480335 Author: Lars Meijers <Lars.Meijers@netcetera.com> Date: Mon Feb 27 11:46:56 2023 +0100 add do not reactivate flag Signed-off-by: Lars Meijers <Lars.Meijers@netcetera.com>
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Behavior
Requesting the
/api/v1/project
endpoint without any query parameters, or with their respective values beingfalse
, while portfolio access control is enabled, causes internal server errors. Inspecting the logs reveals:The issue appears to be a missing non-empty check in the
preprocessACLs
method:dependency-track/src/main/java/org/dependencytrack/persistence/ProjectQueryManager.java
Lines 854 to 858 in 93321f8
This issue mostly affects API clients, as the frontend always sets request query parameters, and
excludeInactive
andonlyRoot
default totrue
for it.Steps to Reproduce
/api/v1/project
endpoint without any parametersExpected Behavior
Querying projects should not fail when no request query parameters are set.
Dependency-Track Version
4.8.0-SNAPSHOT
Dependency-Track Distribution
Container Image, Executable WAR
Database Server
N/A
Database Server Version
No response
Browser
N/A
Checklist
The text was updated successfully, but these errors were encountered: