Skip to content

Releases: eclipse-sw360/sw360

sw360-20.1.0-rc-2

sw360-20.1.0-rc-2 Pre-release
Pre-release

Choose a tag to compare

@GMishx GMishx released this 27 May 04:55

sw360-20.1.0-rc-2

This is the second release candidate for SW360 in the line of the next minor release version 20.1.0 of SW360. The candidate includes numerous features, corrections, and improvements over the previous release 20.1.0-rc-1

This release serves as a preview of the upcoming minor version 20.1.0 for testing and should not be used in production environments.

Highlight of the changes includes:

  • Authentication & Authorization: Added multi-issuer JWT support with a per-issuer jwk-set-uri override, accepted JWTs from trusted issuers, wired JWT_KEYSTORE, returned the plaintext client_secret once on creation, and associated each OAuth client with its owning user (breaking change, see fix(auth)!: associate user with client).
  • REST API Enhancements: Added an attachmentAuthor filter on GET /projects, manual scheduler-trigger APIs with scheduler refactoring, authenticated report download links, and search flags for empty BU and empty tags on projects.
  • Obligations & Reports: Allowed updating obligations of all levels at once, and RFC 5987-encoded the Content-Disposition filename in report downloads.
  • SVM Integration: Optimized SW360 & SVM delta synchronization and simplified the SVM delta sync configuration.
  • Build & CI: Added Spotless as a Maven plugin, required Maven 3.9, added a GitHub Actions step summary, and many dependencies bumped via Dependabot.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> ADITYA-CODE-SOURCE <adityavishe67@gmail.com>
> amritkv <er.akverma8@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> Dearsh Oberoi <oberoidearsh@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> developharsh <harsh237hk@gmail.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> rudra-superrr <prabhuchopra@gmail.com>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • df2a49e5c feat: add batch summary endpoint for release lookups
  • c23ea8d66 feat(authorization): support multi-issuers
  • f06255f34 feat(rest): add attachmentAuthor filter parameter to GET /projects endpoint
  • ef7fa8a47 feat(rest): per-issuer jwk-set-uri override
  • 6865f9a4f feat(Scheduler): Added api to manually trigger the schedulers and refactor the apis
  • 8e09f74f3 feat(SVM): Optimize the sync between SW360 and SVM
  • 9ad41c460 feat(report): authenticating the report download link.
  • 884002335 feat(search): flag to search empty tags in projects
  • a685a9ffc feat(search): flag to search empty bu in projects

Corrections

  • a23a010d4 fix(components): prevent duplicate components by name only, case insensitive
  • 4f8967a08 fix(rest): fetch sub-project attachment usages for LicenseInfo report
  • 2f70346b4 fix(project): show transitive sub-project releases in licenseClearing and attachmentUsage endpoints
  • fe216246b fix(report): RFC 5987 encode Content-Disposition filename and reduce debug log verbosity
  • ec7903049 fix(obligations): add functionality to update obligations of all levels
  • 3bb28a0aa fix(pom): require maven 3.9 needed
  • 10102bec5 fix(lucene): remove leading wildcard configuration since Nouveau does not support it.
  • bc2eab4ff fix(docker): wire JWT_KEYSTORE and key
  • ea6fa51a4 fix(auth): persist JWT signing key from keystore
  • 2ab7ffadf fix(rest): preserve user roles, enforcing scope
  • faa394244 fix(rest): accept JWTs from trusted issuers
  • d258e0a66 fix(auth): accept JWT token from frontend
  • 80e5f495d fix(auth)!: associate user with client
  • 8b60c44ab fix(auth): return plaintext client_secret once
  • 533876e03 fix(cloudant): set URL before anything else
  • d65cd86fa fix(obligations): add obligations of status deferred to parent project to all obligations endpoint
  • 30354026e fix(DBConnector): prevent NPE in getDistinctSortedStringKeys

Infrastructure

  • ba641d2f4 chore(vulnerability): guards against NPE
  • e220f7ecf perf(DB): use singleton for design and indexes
  • c95528d34 chore(spotless): add spotless as a plugin
  • 77aead739 chore(deps): bump org.junit.platform:junit-platform-launcher
  • 25537a451 chore(deps): bump junit.version from 6.0.3 to 6.1.0
  • ed4e8926f chore(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4
  • 106c4030d chore(deps): bump keycloak.version from 26.6.1 to 26.6.2
  • 53235a988 chore(deps): bump docker/build-push-action from 7.1.0 to 7.2.0
  • 751146e6a chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5
  • a1c956fbb chore(deps): bump keycloak/keycloak from 26.6.1 to 26.6.2
  • b93cc55f6 chore(deps-dev): bump org.apache.maven.plugins:maven-enforcer-plugin
  • 19e5329b3 perf(obligation): optimize the steams
  • 86333ea78 chore(deps): bump com.google.code.gson:gson from 2.13.2 to 2.14.0
  • a71baccf3 chore(deps-dev): bump io.github.git-commit-id:git-commit-id-maven-plugin
  • fbe707f18 chore(deps): bump commons-cli:commons-cli from 1.10.0 to 1.11.0
  • cce7dafa3 chore(deps): bump org.mockito:mockito-core from 5.21.0 to 5.23.0
  • 42b794e32 chore(deps): bump org.json:json from 20250517 to 20251224
  • d56c59d00 chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • e9991b30c chore(deps): bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.32
  • 50e4e71a9 chore(deps): bump jakarta.xml.bind:jakarta.xml.bind-api
  • ad653f2f5 chore(deps): bump org.spdx:java-spdx-library from 2.0.2 to 2.0.3
  • 4cb50dd26 chore(deps): bump org.projectlombok:lombok from 1.18.38 to 1.18.46
  • 4964d11dc chore(deps): bump org.apache.maven.plugins:maven-resources-plugin
  • ba18507ec chore(deps): bump org.jboss.logging:jboss-logging
  • d80f0fd8d chore(deps): bump jaxen:jaxen from 2.0.0 to 2.0.3
  • a6a95b111 chore(deps): bump commons-io:commons-io from 2.20.0 to 2.22.0
  • 835dda3e4 chore(deps): bump org.apache.maven.plugins:maven-failsafe-plugin
  • 05ca948c8 chore(deps): bump org.jetbrains:annotations from 26.0.2-1 to 26.1.0
  • 5933a825a chore(deps): bump joda-time:joda-time from 2.14.0 to 2.14.2
  • b5eb5734b chore(deps-dev): bump org.apache.maven.plugins:maven-assembly-plugin
  • 81f032588 chore(deps-dev): bump org.codehaus.mojo:versions-maven-plugin
  • a6e9f835b chore(deps): bump org.owasp.encoder:encoder from 1.3.1 to 1.4.0
  • 5bd330001 chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14
  • aba0ea009 chore(deps-dev): bump org.apache.maven.plugins:maven-war-plugin
  • e12613460 chore(deps): bump log4j2.version from 2.25.4 to 2.26.0
  • 8c2bd8c5a chore(deps): bump org.ow2.asm.version from 9.9.1 to 9.10
  • 5ba4da017 chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.17.8 to 1.18.8
  • 72a4910ee chore(deps): bump org.wiremock:wiremock-standalone from 3.13.1 to 3.13.2
  • c00bb0674 chore(deps): bump org.glassfish.jaxb:jaxb-runtime from 4.0.6 to 4.0.8
  • e77e2920b chore(deps): bump step-security/harden-runner from 2.19.1 to 2.19.3
  • 400e2b7d7 chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0
  • e9bfa51c2 chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server
  • dcdda3c64 chore(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre
  • 59e398084 chore(deps): bump slf4j.version from 2.0.17 to 2.0.18
  • c490401cd chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin
  • 1d94b6814 chore(deps): bump commons-codec:commons-codec from 1.20.0 to 1.22.0
  • 70db3d143 chore(rest): remove unused spring properties
  • be2726522 chore(auth): align JWT keystore helper scripts
  • e2914b5ec chore(docker): sync docker with actual config
  • ec56521b0 refactor(svm): simplify SVM delta sync config
  • 1a4c392b4 chore(ci): Added github step summary

sw360-20.1.0-rc-1

sw360-20.1.0-rc-1 Pre-release
Pre-release

Choose a tag to compare

@GMishx GMishx released this 11 May 08:28

sw360-20.1.0-rc-1

This is the first release candidate for SW360 in the line of the next minor release version 20.1.0 of SW360. The candidate includes numerous features, corrections, and improvements over the previous release 20.0.0

This release serves as a preview of the upcoming minor version 20.1.0 for testing and should not be used in production environments.

Highlight of the changes includes:

  • REST API Enhancements: Added PATCH /ecc/{releaseId} with ECC status filtering, file-based caching for the releases endpoint, and a project detail tab pill-count endpoint with updated response structure.
  • Export Improvements: Extended project report export options with CSV, JSON, and XML formats in addition to spreadsheet output.
  • Security Hardening: Added @PreAuthorize guards to license and attachment admin endpoints, strengthened authentication/authorization paths, sanitized attachment filenames to prevent path traversal, and hardened CORS/CSP behavior including Swagger CSP fixes. This release also allows disabling of basic auth and unifies Bearer token authentication across the board.
  • Performance Optimizations: Removed an N+1 package query by release IDs, improved LicenseInfo cache lookup from O(n) to O(1), and switched license-type usage counting to an indexed CouchDB view.
  • Keycloak Provider Packaging: Consolidated provider packaging via shading, reduced provider artifacts to 3 jars, lowered classpath conflicts, and improved Keycloak startup time.
  • Framework Upgrades: Upgraded runtime and security baselines to Spring Boot 4.x and Spring Security 7.x, and migrated tests from JUnit 4 to JUnit 5.
  • Bug Fixes: Resolved thread-safety issues in ProjectDatabaseHandler and department import scheduling, fixed resource leaks across streams and Thrift clients, and improved HTTP error mapping for 404/403/409 paths.
  • Container & CI: Added Sigstore/Cosign image signing in CD and published JaCoCo coverage reports as CI artifacts.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> aaryan359 <aaryanmeena96@gmail.com>
> Abhay349 <pandeyabhay967@gmail.com>
> Aditya Vishe <adityavishe67@gmail.com>
> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> Agastya Kataria <katariaa@tcd.ie>
> Alex <alextanzhao22@gmail.com>
> Aman-Cool <aman017102007@gmail.com>
> amritkv <er.akverma8@gmail.com>
> Bhawani Shanker Sharma <bhawanishanker2005@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> Dearsh Oberoi <oberoidearsh@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> developharsh <harsh237hk@gmail.com>
> Elbialy0 <mahmoudelbialy109@gmail.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> himanshu07gupta <himanshu29gupta0703@gmail.com>
> Kareem74x <kareemmostafa74x@gmail.com>
> Kaushlendra Pratap <kaushlendra-pratap.singh@siemens.com>
> Keerthi B L <keerthi.bl@siemens.com>
> Mahmoud Abdulmawlaa <m.elbaadishy@gmail.com>
> manhuu14 <umanhuu@gmail.com>
> Nikesh Kumar <kumar.nikesh@siemens.com>
> Priya Sharma <priyasharma1001a@gmail.com>
> rudra-superrr <prabhuchopra@gmail.com>
> Sandip Mandal <sandipsmmandal02@gmail.com>
> Shivamrut <gshivamrut@gmail.com>
> Suhyeon Park <ssantta999@gmail.com>
> Sushant Kumar <sushant.kumar@siemens-healthineers.com>
> Uddeshya <srivastavauddeshya98@gmail.com>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • a1468ca38 feat(security): unify Bearer auth
  • 8e2ff4f02 feat(security): make basic auth configurable
  • c938d39a2 feat(UI): Add expand/collapse functionality for projects with sub-projects
  • 9fb25453d feat(rest): unify authentication authorities
  • c3f4c6762 feat(ci): upload JaCoCo reports to artifacts
  • c8a7811c9 feat(rest): add PATCH /ecc/{releaseId} and eccStatus filter to GET /ecc
  • 552804a36 feat(release): catch and log exception silently
  • 3a02df85d feat(Component): Added pagination and sorting for release overview in components
  • fe17994e3 feat(projects): get sorted groups
  • fba763c5a feat(project-pill): simplify code
  • c8803e5b9 feat(project): enhance project detail tab counts with new response structure and tests
  • c3f4576da feat(project): add endpoint and tests for project detail tab pill counts
  • c473c1db9 feat(cd): sign container images
  • 00a0e04f1 feat(cache): update default cache directory
  • 06a7fb602 feat(rest): add file-based API response cache for releases endpoint
  • c6edadfe7 feat(export): add CSV, JSON, XML export formats for project reports
  • b92b07274 feat(keycloak): update old README.md
  • 014c57440 feat(kc-tf): add helper script to migrate tokens
  • 3cfdb9590 feat(thrift): add build dependencies

Corrections

  • 2236df6c1 fix(csrf): enable and document CSRF
  • 7f7eb90c7 Fix(Rest): Added code to fix exactmatch search if name is case-insensitive
  • 3d7b9121e fix(users): revert default behavior
  • 85bd7d11a fix(rest): Added code to filter user based on givenname lastname emailid.
  • 5d3913d23 fix(docs): fix docker application template
  • fc4e4045e fix(rest): register JwtAuthenticationProvider
  • eb694593a fix(rest): allow /api root read for READ tokens
  • bdfaa110f fix(rest): handle broken pipe gracefully
  • 7b99a4d15 fix(backend): prevent thread blocking in scheduler
  • 22780de39 fix(backend): upgrade SVM client, add custom JKS
  • 57786ed2b fix(user): catch Runtime error of unknown user
  • bc8d31677 fix(ExportSpreadsheet): Fixed export spreadsheet in project with search results
  • 4eaf7ac4d fix(changelog): fix timestamp format to show just the date
  • 0c953166e fix(keycloak): gson dependency issue.
  • 5596befa2 fix(surefire): fix args and mockito jar path
  • a19247a36 fix(test): remove System.out and System.err
  • 643094cac fix(changelog): add sorting by change timestamp in changelog
  • ded8aa233 fix(rest): use BadRequestClientException instead of RuntimeException
  • 98d5daddd fix(rest): correct status code, improve error messages, add test
  • 2c1e30d09 fix(rest): return 500 instead of 200 on license update failure
  • 8a127bb4d fix(rest): Preserve 404/403 and others when mapping controller exceptions
  • 7f1347d59 fix(rest): extract PasswordEncoder config to fix circular dependency
  • 7029ef920 fix(rest): filter license obligations by project release main...
  • dfbd81a4a fix(Rest) : Backend API for All Obligation Tab
  • 0ff1aa515 fix(UserHandler): fix compiler symbol not found
  • 3568c988e fix: Prevent externalId overwrite in getByEmailOrExternalId
  • 5c90f3a57 fix(users): :Update differing externalId in getByEmailOrExternalId
  • 75e5aaf89 fix(http-support): implement native file request body support
  • 3b812a63f fix(http-support): correct native request builder URI/body/header semantics
  • 3a4ce2737 fix(security): add @PreAuthorize ADMIN check to AttachmentCleanUpController
  • ec5eba472 fix(base): remove duplicate @PreAuthorize annotation from ScheduleAdminController
  • 6b223609f fix(rest): Add missing @PreAuthorize annotations on license endpoints
  • 813381a34 fix(css): fix code scanning alert no. 96
  • ebd497894 fix(css): fix code scanning alert no. 95
  • cf2f6a365 fix(rest): prevent empty email backend queries
  • ac6add4c9 fix(rest): migrate custom serializers to Jackson 3
  • 64e4a15d5 fix(rest): update CSP configuration for swagger
  • e44954bf2 fix(LicenseInfo): use SPDX ID for obligation-to-license mapping
  • 41fa5997f fix(rest): harden headers and fix CORS origin
  • 787b5aa7f fix(rest): add detailed exception handling for patchClearingRequest
  • f7ab7bf36 fix(vul): hande not found exceptions for loading releases/candidates while fetching vulnerabilities
  • 1701644b9 fix(backend): fix thread safety in ProjectDatabaseHandler
  • d466912dd fix(licenseinfo): accumulate all obligations per license in DOCX report
  • 687ca811c fix(db): csv-reader resource leak in UserDatabaseHandler
  • 4a84ee580 fix(vmcomponents): resource leak in svmutils
  • 9f3ab07b8 fix(rest): avoid NPE on JWKS API-token auth when user or OIDC client metadata is missing
  • 068c3c667 fix(docker): use tag name and sha for dependabot
  • 806f15ee6 fix(rest): restricting modification of fields.
  • d2329d341 fix(fossology): revert clearing state on upload/scan trigger failure
  • 048faa2d9 fix(backend): add SLF4J provider to backend WARs
  • f23134295 fix: corrected the pagination counts for vendor search
  • 76a1bf898 fix(thrift): add sudo in thrift docker build stage
  • 371ac33fc fix(rest): validate department log date as yyyy-MM-dd before Thrift call
  • 102c10692 fix(release): check set for NPE
  • a947e0228 fix(rest): resolve Authorization header lookup via servlet getHeader
  • 2020b2d44 fix(rest): sanitize filename in addAttachment to prevent path traversal
  • f34128ed6 fix(release-service): ensure proper lock handling in Fossology process
  • 1c79fa170 fix(http-support): make NewHttpClientImpl.execute non-blocking
  • 1835e799c fix(licenseinfo): Fix project clearing report issues
  • b57ec9665 fix(user): prevent permanent import lockout on unchecked exceptions...
  • 46699bfc8 fix(projects): fix NPE and Thrift client leak in attachment usage inheritance
  • b33414e4a fix(jwt): remove nbf claim which is optional in kc
  • 45c5c6265 fix(project): reduce memory consumption by using optimized CouchDB view for project cache
  • eb1c46bdd fix(schedule): follow deploy.name pattern
  • 4fb3f28e7 fix(rest): fix NPEs and missing security annotation in ProjectController
  • c2c08674d fix(keycloak): add missing sl4j deps
  • 6f2c37c5c fix(license): Improve exception handling
  • e3f484f31 fix...
Read more

sw360-20.0.0

Choose a tag to compare

@GMishx GMishx released this 27 Mar 12:44

sw360-20.0.0

We are proud to announce the release of SW360 version 20.0.0. This major release brings significant architectural changes, security enhancements, and performance improvements over the 19.2.x series. The most notable update in this version is the removal of the Liferay UI; the SW360 backend is now fully decoupled, and users must set up the new Next.js-based frontend from the eclipse-sw360/sw360-frontend repository.

Highlight of the changes in this version includes:

  • Frontend Decoupling: Complete removal of the legacy Liferay UI, introducing a standalone backend with expanded endpoints to support the new Next.js frontend.
  • Security Improvements: Addressed multiple vulnerabilities including XXE and path traversal, added XSS protection headers, and reinforced endpoint security.
  • API & Documentation: Introduced extensive OpenAPI documentation and implemented robust pagination under the hood.
  • User & Identity Management: Enhanced Keycloak user synchronization with CouchDB, and added batch processing.
  • Performance & Stability: Implemented database-side pagination, optimized memory usage, and improved indexing and search speeds.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Aashish Jha <aashishjha1107@gmail.com>
> Abhay349 <pandeyabhay967@gmail.com>
> Achal Jhawar <35405812+achaljhawar@users.noreply.github.com>
> Aditya Vishe <adityavishe67@gmail.com>
> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> airajena <airajena0@gmail.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Alex <alextanzhao22@gmail.com>
> Ali <aligadallah14@gmail.com>
> Aman-Cool <aman017102007@gmail.com>
> amritkv <er.akverma8@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> Dearsh Oberoi <oberoidearsh@gmail.com>
> drockparashar <pranshu007parashar@gmail.com>
> Elbialy0 <mahmoudelbialy109@gmail.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> harshdeveloper21 <harsh237hk@gmail.com>
> harshitg927 <121371860+harshitg927@users.noreply.github.com>
> Helio Chissini de Castro <dev@heliocastro.info>
> himanshu07gupta <himanshu29gupta0703@gmail.com>
> Himanshu A Garode <himanshu2006garode@gmail.com>
> Hritik Raj <hritik23154049@akgec.ac.in>
> Kareem74x <kareemmostafa74x@gmail.com>
> Kaushlendra Pratap <kaushlendra-pratap.singh@siemens.com>
> Keerthi B L <keerthi.bl@siemens.com>
> Mahmoud Abdulmawlaa <m.elbaadishy@gmail.com>
> Matthew Pappas <matteopappas@gmail.com>
> Md Ali <mdali620563@gmail.com>
> Mohamed Hanafy <mohamed.hanfy.dev@outlook.com>
> naitikk31 <DARJINAITIK7@GMAIL.COM>
> Nikesh Kumar <kumar.nikesh@siemens.com>
> pranayh24 <pranayheda24@gmail.com>
> Prathmesh <dhoneprathmesh72@gmail.com>
> Priya Sharma <priyasharma1001a@gmail.com>
> Rajnish Kumar <22it3036@rgipt.ac.in>
> RITANKAR SAHA <ritankar.saha786@gmail.com>
> rohit <brohit11544@gmail.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> saiteja-in <vurukondasaiteja13@gmail.com>
> Sameed Ahmad <sameed.ahmad@siemens-healthineers.com>
> Sandip Mandal <sandipsmmandal02@gmail.com>
> Sathwik Hejamady Bhat <sathwikhbhat@gmail.com>
> sathwik-y <sathwik.yellapragada@gmail.com>
> Shivamrut <gshivamrut@gmail.com>
> Suhas2109 <suhas.n@siemens-healthineers.com>
> suvrat1629 <suvrat1629@gmail.com>
> Taanvi Khevaria <149520227+taanvi2205@users.noreply.github.com>
> tanwar-div <tanwarkheritalwana@gmail.com>
> VanKhanhAnny <arianne.dangvankhanh@gmail.com>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • 7d37bb9b8 feat(version): update /version endpoint

Corrections

  • ba842fcaa fix(UI): The Linked Packages is not appearing in the project details page, even though packages are linked to the project.
  • 29af0f8fb fix(Release): merge release issue fixed.

Infrastructure

  • 924ca4397 chore(lang): remove old README_LANG.md

sw360-20.0.0-rc-2

sw360-20.0.0-rc-2 Pre-release
Pre-release

Choose a tag to compare

@GMishx GMishx released this 23 Mar 10:29

sw360-20.0.0-rc-2

This is the second release candidate for SW360 in the line of next major release version 20.0.0 of SW360. The candidate includes numerous features, corrections, and improvements over the previous release 20.0.0-rc-1

This release serves as a preview of the upcoming major version 20.0.0 for testing and should not be used in production environments.

Highlight of the changes includes:

  • Security Enhancements: Addressed XXE vulnerabilities in parsers, fixed header injection issues, added XSS protection headers, and reinforced endpoint security.
  • API & Documentation: Expanded OpenAPI documentation across multiple core controllers.
  • Performance & Stability: Optimize memory usage with static client reuse.
  • Infrastructure: Updated container infrastructure for v20 and improve CI checks.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Abhay349 <pandeyabhay967@gmail.com>
> ADITYA-CODE-SOURCE <adityavishe67@gmail.com>
> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> Alex <alextanzhao22@gmail.com>
> Ali <aligadallah14@gmail.com>
> Aman-Cool <aman017102007@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> Dearsh Oberoi <oberoidearsh@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> Elbialy0 <mahmoudelbialy109@gmail.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> harshdeveloper21 <harsh237hk@gmail.com>
> himanshu07gupta <himanshu29gupta0703@gmail.com>
> Kareem74x <kareemmostafa74x@gmail.com>
> Keerthi B L <keerthi.bl@siemens.com>
> Mahmoud Abdulmawlaa <m.elbaadishy@gmail.com>
> Matthew Pappas <matteopappas@gmail.com>
> Nikesh Kumar <kumar.nikesh@siemens.com>
> Prathmesh <dhoneprathmesh72@gmail.com>
> Priya Sharma <priyasharma1001a@gmail.com>
> rudra-superrr <prabhuchopra@gmail.com>
> saiteja-in <vurukondasaiteja13@gmail.com>
> Sandip Mandal <sandipsmmandal02@gmail.com>
> Shivamrut <gshivamrut@gmail.com>
> VanKhanhAnny <arianne.dangvankhanh@gmail.com>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • a3b728052 feat(attachments): add test for attachment service
  • 064862f46 feat(agents): add AGENTS.md ref existing doc
  • 857e32f78 feat(vmprocess): add shutdown hook to close thread
  • 3ad882f4a feat(container): add steps for keycloak image
  • 5ff8538df feat(container): update container for version 20
  • fba2f20ff feat(Project): Handle case sensitive for export spreadsheet
  • 2982f9d65 feat(checkstyle): add Checkstyle configuration
  • 187b7b068 feat(http-support): implement file upload method in NewRequestBodyBuilderImpl
  • 18c916a29 feat(AttachmentUsages): Save existing attachment usages of sub-project at parent project level
  • e1180015e feat(Email): Enhancement of e-mail notifications for updation of project
  • 31d4b31f1 feat(licenseInfo): Normalise license text and optimise performance

Corrections

  • 3597da377 fix(clearingteam): Add clearing team to project api responses
  • 8702d8c43 fix(docker): correct runtime startup configuration
  • 8ac24b639 fix(rest): close streams and temp files in attachment bundle download
  • 021dff813 fix(rest): prevent NPE in vulnerability tracking sorting and clean error message
  • bd3a16194 fix(report): respect withSubProject semantics for licenseInfo
  • 7e8dd3413 fix: XXE vulnerability in SPDX parser
  • 09cecb788 fix(license): include timestamp in backup filename
  • 9a7acdb57 fix(nouveau): add ConflictException retry to putNouveauDesignDocument
  • ada574770 fix(datahandler): add ConflictException retry to putDesignDocument
  • 342df4f9c fix(attachmentUsages): fix null owner corruption and infinite recursion in sub-project inheritance
  • f7786d1c2 fix(attachment): urlencode filename to get
  • d3ed1ce48 fix(project): ClearingTeam is a string, not user
  • 1acec288d fix(Docker): add missing runtime dependency
  • ecbac4f45 fix(release): fix test of attach field in merge
  • bdac2d5f7 fix(rest): X-XSS-Protection Header
  • fa0e2d515 fix(clearingrequest): replace per-call THttpClient with shared ThriftClients instance
  • 709dfaeac fix(rest) : Compilation error fix from different PRs
  • 2b2b0c75c fix(components): correct clearing state priority in autosetReleaseClearingState
  • 61933e7d2 fix(rest): update clearing request after editing in request tab
  • 5c11a3834 fix(security): Add @PreAuthorize annotation to AttachmentController
  • bafbd42ac fix(security): Add @PreAuthorize to ScheduleAdminController
  • f874c08c2 fix(project): add null checks for both project and actual in updateProject to prevent NPE
  • b9a63e0fe fix(vmcomponents): handle NPE and ClassCastException in getVulIdsPerComponentVmId (#3780)
  • e05569f31 fix(rest): Add null check for getReleaseIdToUsage() ...
  • ffa9aad1f fix(rest): return 400 for missing required request parameters instead of 500
  • 96f1a5963 fix(SvmConnector): handle missing keystore
  • 251a50819 fix(backend): close FileInputStream in SvmConnector to prevent resource leak
  • 05b632d05 fix(importCDX):do not alter unknown domain VCS and revert old changes
  • 0c3a7c29d fix(rest): Unauthorrrized access to backend configurations.
  • 1876d51e3 fix(index): check if vcs exists
  • 61fe5227e fix(view): check release.eccInformation not null
  • d8acc1273 Fix/jwt claim validation (#3753)
  • b33e1be65 Fix CORS filter activation and allowed methods (#3735)
  • c7534cf0e fix(rest): Add logic to delete open clearing requests from request tab, when the project has deleted.
  • 34d133488 fix(security): replace newInstance() with newDefaultInstance()
  • 738366d2d fix(security): fix XXE vulnerability in XML parsing
  • 79ce6f23b fix: prevent NoSuchElementException when ...
  • 1ed5584d4 fix(licenseinfo): check Optional.isPresent() before get() in DocxGenerator
  • 3b0c53f2a fix(CR): header injection vulnerability.
  • de763bb7c fix: Prevent NullPointerException in Sw360ProjectService
  • 8416467ef fix(rest): users receive email notification to download project reports for project-only/with-linked-releases
  • 5b8bca91a fix(RepositoryUrl): update default value VCS_HOST
  • 9720ece9e fix(config): update VCS_HOSTS to use JSON array format for config consistency
  • d8e8e7502 fix: Exception Swallowing in UserRepository

Infrastructure

  • 912b15d27 refactor(licenses): replace String concatenation with StringBuilder
  • b990ed902 docs(api): add Swagger @apiresponse status code documentation for additional controllers
  • 842d5ee76 chore(docs/swagger): add @ApiResponses annotations for ...
  • ba7d5a24d chore(docs/swagger): add OpenAPI annotations for ImportExportController, LicenseController and UserController
  • 3739ad2f4 chore(core): remove redundant String.format
  • 76caf9ae4 chore(docs/swagger): add OpenAPI annotations for ReleaseController
  • 414a2f62c chore(docs/swagger): add OpenAPI annotations for ProjectController
  • aeae97f81 chore(deps): bump org.springframework:spring-webmvc
  • 8979d0ec0 chore(deps): bump actions/cache from 5.0.3 to 5.0.4
  • b149d3a08 chore(deps): bump github/codeql-action from 4.32.6 to 4.33.0
  • ebe9dcc80 chore(deps): bump keycloak/keycloak from a7b0cb7 to 8d44614
  • e2ab8ca4d perf(cloudant): use static client with retries
  • 805205f3e perf(gson): reuse Gson objects
  • eec790b27 chore(deps): bump step-security/harden-runner from 2.15.1 to 2.16.0
  • 6904e658b chore(deps): bump https://github.com/gitleaks/gitleaks
  • 93cb74714 perf(licenseinfo): remove redundant stream collection in obligation mapping
  • 3584fc7f2 chore(deps): bump https://github.com/pre-commit/pre-commit-hooks
  • 847926002 chore(deps): bump https://github.com/compilerla/conventional-pre-commit
  • 58a065cac chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0
  • f904ba4f2 chore(deps): bump https://github.com/pylint-dev/pylint
  • 5efa1d134 chore(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0
  • 52c9d90b5 chore(deps): bump https://github.com/gitleaks/gitleaks
  • 70ffa370b chore(deps): bump docker/metadata-action from 5.10.0 to 6.0.0
  • a08389fc8 chore(workflow): update workflow for containers
  • e4ec0c915 chore(config): remove unused config
  • 6a35ca228 chore(lint): fix some style linter errors
  • 26a083764 docs: update README for CouchDB password setup
  • e13be358d chore(deps): bump docker/login-action from 3.7.0 to 4.0.0
  • 9dd307df6 chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1
  • 0a8c4bab5 chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0
  • 8cd0f096b chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0
  • 1fd521312 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6
  • 4df420199 chore(deps): bump com.fasterxml.jackson.core:jackson-core
  • b35f52c48 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
  • 043db8adb chore(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0
  • 4955cc43e chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3
  • 205f8d670 chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4
  • d444ed5bf ci: cancel stale PR workflow runs using concurrency

Full Changelog: sw360-20.0.0-rc-1...sw360-20.0.0-rc-2

sw360-20.0.0-rc-1

sw360-20.0.0-rc-1 Pre-release
Pre-release

Choose a tag to compare

@GMishx GMishx released this 16 Feb 13:08

sw360-20.0.0-rc-1

This is a first release candidate for SW360 in the line of next major release version 20.0.0 of SW360. The candidate includes numerous features, corrections, and improvements over the previous release 20.0.0-beta

This release serves as a preview of the upcoming major version 20.0.0 for testing and should not be used in production environments.

Highlight of the changes includes:

  • Various vulnerabilities and security fixes.
  • More endpoints created for the support of new UI project.
  • Improvements on KeyCloak sync and user management.
  • Improved performance, better pagination, better security posture.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Aashish Jha <aashishjha1107@gmail.com>
> Aditya Vishe <adityavishe67@gmail.com>
> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> airajena <airajena0@gmail.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Ali <aligadallah14@gmail.com>
> Aman_Cool <aman017102007@gmail.com>
> amritkv <er.akverma8@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> drockparashar <pranshu007parashar@gmail.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <dev@heliocastro.info>
> Hritik Raj <hritik23154049@akgec.ac.in>
> Keerthi B L <keerthi.bl@siemens.com>
> Md Ali <mdali620563@gmail.com>
> naitikk31 <DARJINAITIK7@GMAIL.COM>
> Nikesh kumar <kumar.nikesh@siemens.com>
> RITANKAR SAHA <ritankar.saha786@gmail.com>
> Rohit11544 <brohit11544@gmail.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> saiteja-in <vurukondasaiteja13@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Sandip Mandal <sandipsmmandal02@gmail.com>
> Sathwik Hejamady Bhat <sathwikhbhat@gmail.com>
> Shivamrut <gshivamrut@gmail.com>
> Suhas2109 <suhas.n@siemens-healthineers.com>
> Taanvi Khevaria <149520227+taanvi2205@users.noreply.github.com>
> tanwar-div <tanwarkheritalwana@gmail.com>

Please note that also many other persons usually contribute to the project with
reviews, testing, documentations, conversations or presentations.

Features

  • 917b70103 feat(rest): add configurable API token length property
  • 638345288 feat(ai): add initial AI safeguards for backend
  • 026265668 feat(search): double quotes search functionality.
  • 2e7db457f feat(rest): Optimize addLicenseToLinkedReleases() with parallel execution
  • ff859fe0b feat(resourceserver): Add endpoint to fetch linked packages for a release
  • db5ee473d feat(kc): update KC UserGroup if exists in CouchDB
  • f935901b8 feat(attachmentUsage): Store Ignore Licenses for Generating License Info in Attachment Usage
  • 5916e035a feat(attachmentUsage): Store Ignore Licenses for Generating License Info in Attachment Usage
  • 321bcb493 feat(attachmentUsage): Store Ignore Licenses for Generating License Info in Attachment Usage
  • 42e6dff0f feat(version): Add /version endpoint to use by frontend and API only applications
  • d18521ac8 feat(swagger): Add s runtime switch for swagger authentication
  • 4d12ca7b7 feat(Request): Show open MR to the creator
  • 3dd17445f feat(REST): Add includeSubproject parameter to licenseInfo
  • f4a0adbf8 feat(KeyCloak): Use UserRepository
  • f8cefd7e8 feat(rest) : Endpoint to fetch UsageInfo for release merge
  • 8094c5a9e feat(CR): Add pagination and filtering to clearing requests endpoint
  • 9b43ebfa7 feat(backend): enhance error logging in ComponentDatabaseHandler.getComponent
  • c74ee8d80 feat(OSADL): use Spring flex for reactive import
  • 7dad3fdba feat(obligations): get texts as separate nodes
  • ce1c38c47 feat(Vulnerability): Added svm link for external id
  • f13ea427f feat(CycloneDX): Added null check for export SBOM
  • 54c453f83 feat(rest): enhance licenses API with missing fields and quick filter
  • 029f741ad feat(projects): endpoint to read projects
  • d48cef8c4 feat(vulnerabilities): search on title or CVE
  • 3bc125355 feat(rest): add ISR attachment support to licenseFileList endpoint
  • 34df8a27d feat(rest): add attachmentId query param to licenseFileList endpoint
  • aecaf2053 feat(xss): migrate deserialize logic to Jackson
  • d356a4663 feat(search): add sorting index for lucene search
  • b4834c223 feat(rest): api for importing users via a .csv file
  • 83dc08ba3 feat(ImportCDX): remove VCS URL redirection logic
  • 9d4afa6ab feat(rest): Api endpoint to retrieve package usage count
  • 5eb295ef6 feat(rest): Get license clearing counts based on clearing status
  • 47060fe70 feat(docker): Add SW360_IMAGE var to enable custom images
  • 722d6d0c7 feat(report) : show release name under acknowledgement in readmeoss file.
  • 53a00d797 feat(project): add tags to embedded
  • 0ba195593 feat(Obligation) : Fields_missing_in_GET_PATCH_call_to_obligation_at_project_page
  • f4f7c1ff9 feat(Obligation) : Fields_missing_in_GET_PATCH_call_to_obligation_at_project_page
  • 9ac3c44ff feat(Rest): Added comment for package table in LinkedPakages
  • cb4c2017e feat(importCDX): make CDX importer compatible for non-package comps
  • 264e8a004 feat(ci): use couchdb as actions service
  • 9c0938aa4 feat(project): Add clearingRequestId to getAllProjects endpoint response
  • c6a244828 feat(fossology): v2 endpoints refactor
  • 36a51de30 feat(release): paginate /releases endpoint
  • a631711b0 feat(ClearingRequest): Count all non-OSS components in the CR comments

Corrections

  • d1c7b7adb fix(attachment): handle url-encoded filenames
  • aa0e3e2dc fix(component): file path traversal vulnerability.
  • 8f70ebd3c fix(rest): add ADMIN authorization to sensitive API endpoints
  • f3acb380d fix(rest): Prevent NullPointerException in VulnerabilityController.getSortedList
  • b408799ce fix(rest): close streams in license upload/download
  • f6510d7e3 fix(CDXImporter): Do not remove valid URL string after .git
  • 9c35d0504 fix(rest): correct OSADL license obligations error message
  • b5ef67b8b fix(security): Add missing @PreAuthorize annotation on OSADL import endpoint
  • cd2dc45f4 fix(version): fix version comment
  • 5d45a48f5 fix(rest): Correct Swagger UI API request URL path
  • be75a83e2 fix(Moderation): Prevent empty moderation requests when no release changes detected
  • 7079b715c fix(rest): prevent silent data loss in obligation update
  • 06c98bb2a fix(Project): LicenseClearing count to follow camelCasing
  • e9874d9cf fix(rest) : FilenameChanges for ComponentReport Download from Mail-URL
  • dc6d1cb16 fix(rest): Map vcs field correctly in component update request
  • 06d7d6462 fix(controller): fix catch statement
  • 21740eda4 fix(rest): prevent null in HAL response for missing licenses
  • e1a5efa8f fix(attachment): Prioritize attachment filename from request body
  • 608a18578 fix: make project mainlineState field required (#3543)
  • f93bfeeb3 fix(docs): fix broken link to Liferay setup
  • 20234d333 fix: add batch endpoint for license clearing counts to remove 502 errors
  • 0fd5d09d5 fix(KeyCloak): Organization Mapper missing in backend
  • 16a36f1cf fix(Obligation): Fixed update obligation
  • 499def947 fix(vendors): fix search and pagination
  • c055617fa fix(swagger): Use the real backend, not hardcoded localhost
  • db13b73a0 fix(clearingRequest): add missing fields
  • acca246d8 fix(CR): Allow multiple state values in CR state param (#3570)
  • b5484d18a fix(rest): Add shortname field to license REST API response.
  • a2e247a93 fix(LicenseInfo): null check for license text.
  • bbaf2d9b9 fix(rest): Correct 'obliagtion' typo to 'obligation'
  • a3e595109 fix(backend) : Merged release updation failure in restricted projects.
  • 8edaedc10 fix(obligation): fix the pagination /obligations
  • 47b184e77 fix(test): fix test cases for OSADL import
  • a1ae300a4 fix(licenses): resolve OSADL import error
  • e13121ee1 fix(obligations): new function getWithTextNodes
  • 8eebe39d9 fix(rest): allow external license references in release updates
  • 63cf6c684 fix: Disable arm64 docker builds for now
  • fe64dad20 fix(rest) : Project Obligation should have default status "Open"
  • 8c0dc42d0 fix(licenses): create new search function
  • 17ec8de50 fix(projects): handle empty project searches
  • 168b6dd4c fix(docs): fix doc for /network/{id}/ endpoints
  • 738123fca fix(rest): sync CSV import with old code
  • 3fff93d20 fix(component): accept comment in requestBody
  • 482d3a056 fix(component): allow mr comment with delete
  • 19337ae09 fix(release): allow mr comment with delete
  • 5b52d84c3 fix(project): add validation for empty keys in project fields
  • 888f3e71d fix(api): send both read and write properties
  • 8ce3bbcfe fix(config): fix disable of API write token
  • d4c268d3b fix(attachments): prevent deletion of attachments shared by multiple releases
  • 30a17542e fix(REST):null error in license info
  • 2b9385c71 fix(docker): Use the correct Thrift binary
  • 923df8c45 fix(Dockerfile): fix version of maven
  • c7396754f fix(docker): Remove apt cache
  • 38f7c551d fix(docker): use new ubuntu-nobel for thrift
  • 95eaf2f15 fix(docker): fix version to mentioned tags
  • 6a43cf79b fix(utils): check CR date >=
  • dae41fabe fix(script): Adding missing documentation for 062_update_packagids_to_map-py
  • ffbd54567 fix(keycloak): use version property for maven
  • b42052ae2 fix(Release): listing the source files names for the license in release.
  • 900da12e0 fix(jackson): split versions for annotation
  • 05ae5908d fix(REST): 500 internal server error on deleting a pkg linked to a release
  • 82c192a76 fix(script): Modified script to include limit for fetching the query result
  • 688ca8591 fix(CDXImport): Trim VCS URLs before processing
  • 196fbbaeb fix(vulnerabilit...
Read more

sw360-20.0.0-beta

sw360-20.0.0-beta Pre-release
Pre-release

Choose a tag to compare

@GMishx GMishx released this 08 Jul 06:11

sw360-20.0.0-beta

This is a beta release for the next major version 20.0.0 of SW360. The release includes numerous features, corrections, and improvements over the previous release 19.2.0.

This release serves as a preview of the upcoming major version 20.0.0 for testing and should not be used in production environments.

Highlight of the changes includes:

  • Various vulnerabilities and security fixes.
  • More endpoints created for the support of new UI project.
  • Improvements on KeyCloak sync and user management.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Achal Jhawar <35405812+achaljhawar@users.noreply.github.com>
> bibhuti230185 <bibhuti230185@gmail.com>
> Bibhuti Bhusan Dash <bibhuti230185@gmail.com>
> deo002 <oberoidearsh@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> harshitg927 <121371860+harshitg927@users.noreply.github.com>
> Himanshu A Garode <himanshu2006garode@gmail.com>
> Kaushlendra Pratap <kaushlendra-pratap.singh@siemens.com>
> Keerthi B L <keerthi.bl@siemens.com>
> Mohamed Hanafy <mohamed.hanfy.dev@outlook.com>
> Nikesh kumar <kumar.nikesh@siemens.com>
> nikesh <kumar.nikesh@siemens.com>
> pranayh24 <pranayheda24@gmail.com>
> Rajnish Kumar <22it3036@rgipt.ac.in>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed Ahmad <141239852+sameed20@users.noreply.github.com>
> sathwik-y <sathwik.yellapragada@gmail.com>
> suvrat1629 <suvrat1629@gmail.com>

Please note that also many other persons usually contribute to the project with
reviews, testing, documentations, conversations or presentations.

Features

  • 080b277bb feat(importCDX): enhance importer VCS sanitization
  • c87d2c6b2 feat(vuln): pagination on vulnerabilities endpoint
  • d588c924d feat(project): use DB side pagination
  • 46cc985bd feat(component): use DB side pagination
  • 13a9c716a feat(datahandler): prepare for paginated queries
  • 0ba6dd02e feat(docs): add other response types in docs
  • e4103eb3e feat(keycloak): set externalId on sync
  • 85986c781 feat(Keycloak): Enhance user synchronization with batch processing and retry logic
  • e01a4e9f6 feat(core): introduce quick search functionality for vulnerabilities
  • 59f5c49fd feat(config): add old UI configs
  • 44e6f563f feat(config): move more configs to DB
  • 64158b1bd feat(rest): new Security user role.
  • 7be4e0675 feat(Release): Need createdBy field for list of releases under a component
  • b25398586 feat(Release) : Automate_check_for_Source_Code_Download_URL_1650
  • 178743477 feat(rest): endpoint to get fossology connection configuration data.
  • 310434d5e feat(obligation): add field comparators
  • a75e59bbb feat(rest) : QuickFilter for Obligation page
  • bcf5141a7 feat(rest) : Completed code for advance-search for packages
  • 3b929a059 feat(Rest): Advance search for packages
  • 3ca1d5b6e feat(rest): add SBOM file validation for SPDX and CycloneDX formats
  • bbb4c6c01 feat(rest): endpoint to get src file list for the licences.
  • 24d9d7df8 feat(keycloak): allow thrift loc to be configured
  • 1480c0c75 feat(rest): add additional fields to clearing request endpoint.
  • c4b541310 feat(rest): getting license info from release attachment's content id.
  • d1a51acfa feat(rest): download users endpoint in CSV format
  • b9be6bace feat(test): add test for invalid /mergeComponent
  • 93928eeab feat(component): validate merge selection
  • 2086cf14d feat(Rest): adding filter search in license clearing get endpoint.
  • d7a6e4d28 feat(ECC): Add field containsCryptography in Release ECC-Backend
  • 35aa150eb feat(rest): fossology attachment configs to API
  • 85e406126 feat(rest): added AttachmentCleanUpControllerTest
  • eae223d9a feat(rest): added search API integration tests
  • f5493594f feat(rest): added tests for ecc rest endpoints

Corrections

  • d07f0d922 fix(rest): add documentation for license types usage in admin view.
  • 37c9a5951 fix(resource): no config read at init
  • 1e63f38dc fix(test): disable ssl health endpoint not used
  • 999eccda1 fix(xss): test for null value for strip
  • c75442858 fix(spring): upgrade to 3.5.3 from 3.3.3
  • 82e16b696 fix(rest): add license type usage check and restructure delete API response
  • 8fe11c797 fix(rest): add vendor existence validation in getReleases endpoint
  • 18ac76e0c fix(rest): handle missing component ID with 404 response.
  • 176a70f56 fix(release): throw appropriate exceptions
  • de970cafd fix(rest): add endpoint to merge two releases.
  • 34ff1494e fix(controller): fix access for SECURITY_USER
  • 7722ae9b0 fix(component): skip should accept URLs
  • 3831b8a06 fix(Rest): Only admin users can delete license types in the admin license tab.
  • a6dec7574 fix(svm): SVMSyncHandler dont return loop
  • 547611a75 fix(rest): fix permission check
  • 48893d23a Fix(Rest): Add quick search for license type.
  • f1ec624ad fix(bug): Fixed pagination at projects table (#3069)
  • 6f6eb2021 Add proper self-link with project ID in licenseClearing endpoint (#3135)
  • 7a2680b80 fix(rest) : Missing request param for downloadlicenseinfo report
  • 5432c35cd fix(components): read id for ComponentDTO
  • aa2ca47ef fix(component): ComponentDTO for /splitcomponent
  • a249b7ef1 fix(component): read list of attachments for merge
  • ab5c62292 fix(rest): improve error messages for invalid SBOM file imports
  • 4e26b0553 fix(cloudant): upgrade to 0.10.3 to fix gson issue
  • f55dd3b5f fix(components): allow field createdBy
  • 43c5d1de9 fix(deps): add com.sun.mail:jakarta.mail:2.0.1
  • 348337a8f fix(spdx): fix deps for spdx-library v2
  • c8a756b10 fix(sw360UserGroup): add missing CLEARING_EXPERT
  • cdc2b5dcd fix(Security) : KeyCloak integration #3087
  • f0f6ac7d6 fix(backend): fix FossologyConfig
  • 2bfa0ae41 fix(fossology): fetch download timeout from ConfigContainer repository
  • 68236f17d fix(docs): update scripts/utilities/README.md Documentation (#3066)
  • 586bdc3bb fix(project): return updated releases
  • bdf7648f8 fix(docs): fix OpenAPI docs /fossology/saveConfig

Infrastructure

  • cce5b2cf9 chore(release): 20.0.0 beta release
  • 4461e9ee1 chore(deps): bump org.dom4j:dom4j from 2.1.4 to 2.2.0
  • 0f9a61592 chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2
  • d52f78f2c chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2
  • 2f76f4fc9 chore(deps): bump org.apache.maven.plugins:maven-gpg-plugin
  • 3ddcf3e74 chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • d1a9ce73a chore(deps): bump keycloak.version from 26.2.5 to 26.3.0
  • 852f097f8 chore(deps): bump tomcat from d2f9bdc to 5ea8fbd
  • 49d03be83 chore(deps): bump maven from d9f3089 to 615bd38
  • 8bd566560 perf(vuln): use views instead of mango query
  • 7ca79f030 chore(rest): paginate users endpoint on DB
  • 4ee6294b9 docs(controller): responses for /licensetype/usage
  • e72f8207a chore(deps): bump maven from 3a4ab32 to d9f3089
  • 1724114c4 chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1
  • 94d5ee4fd chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • dd8fe8dec chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server
  • b7fc0e8a5 chore(deps): bump log4j2.version from 2.24.3 to 2.25.0
  • 3d4f3d68b chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.17.5 to 1.17.6
  • 384f0c4d7 chore(deps): bump spring-security.version from 6.5.0 to 6.5.1
  • df8addc43 chore(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.1
  • ea9e7ab95 chore(deps): bump tomcat from f55695f to d2f9bdc
  • 64ef2aacf chore(deps): bump org.wiremock:wiremock from 3.13.0 to 3.13.1
  • dccbe71fd chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • 930c7b33d chore(deps): bump springdoc-openapi-stater-common.version
  • ee35897ba chore(deps): bump jackson.version from 2.19.0 to 2.19.1
  • 76464f7ba chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0
  • 388c0b024 chore(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1
  • d4814d4dd chore(deps): bump org.springframework:spring-web from 6.2.7 to 6.2.8
  • 72787f9c2 chore(deps): bump org.codehaus.mojo:build-helper-maven-plugin
  • 849b1bbca chore(deps): bump com.ibm.cloud:cloudant from 0.10.3 to 0.10.4
  • 0bd9c6bd3 chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19
  • 98be9010b chore(deps): bump maven from 933900d to 3a4ab32
  • 5bb6a9c5c chore(deps): bump tomcat from 8058582 to f55695f
  • 09ababc26 chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2
  • d6f94b768 chore(deps): bump docker/build-push-action from 6.17.0 to 6.18.0
  • 39d02c7ac chore(deps): bump keycloak.version from 26.2.4 to 26.2.5
  • 2f537d19a chore(deps): bump io.github.git-commit-id:git-commit-id-maven-plugin
  • 24f1e19f8 chore(deps): bump org.mockito:mockito-core from 5.17.0 to 5.18.0
  • 6c06523db chore(deps): bump org.apache.httpcomponents.client5:httpclient5
  • c2bfc63c2 chore(deps): bump spring-security.version from 6.4.5 to 6.5.0
  • 9b3c09f76 chore(mail): update MR email to include docname
  • 5dd802ff4 chore(mail): added more information to the mails
  • 57f5de1a2 chore(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1
  • cfcc346f6 chore(deps): bump docker/build-push-action from 6.16.0 to 6.17.0
  • c7bc2e410 chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18
  • 4719c400a chore(deps): bump tomcat from 7edbb52 to 8058582
  • e51667a87 chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • 61e34e9b6 chore(deps): bump org.json:json from 20250107 to 20250517
  • 67e95b77a chore(deps): bump springframework.version from 6.2.6 to 6.2.7
  • c9252e8b1 ...
Read more

sw360-19.2.0

Choose a tag to compare

@GMishx GMishx released this 11 Apr 12:23

sw360-19.2.0

This minor release includes numerous features, corrections, and improvements across the SW360 project since the 19.1.0 release.

Highlight of the changes includes:

  • Various vulnerabilities and security fixes.
  • Unified/simplified REST API error response with Exceptions.
  • New endpoint to get and update SW360 config (also making it possible to update on fly).
  • Multitude of REST API endpoint improvements and additions.
  • linux/amd64 and linux/arm64 multi-arch docker image support.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Bibhuti Bhusan dash bibhuti230185 <bibhuti230185@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> duonglq-tsdv <duong1.lequy@toshiba.co.jp>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> mishraditi <aditimishra91924@gmail.com>
> Mohamed Hanafy <mohamed.hanfy.dev@outlook.com>
> Nikesh kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Shi Qiu <shi1.qiu@toshiba.co.jp>
> Shushant <148479955+Shushant-Priyadarshi@users.noreply.github.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • 2d51a3097 feat(exception): replace deprecated exception
  • f133b896d feat(Configurations): Add new endpoints that allow to GET/UPDATE SW360 configurations
  • 5fa3afec1 feat(version): generate OpenAPI doc version on fly
  • d8f6b01d8 feat(Department): Add new endpoints: - Get/Update department members - Get importing department's log file list and content
  • edec79367 feat(addNewComponentType) : Added new component type COTS-Trusted Supplier
  • e464254be feat(rest): Added tests for upload and download components
  • d8393a319 feat(rest): Added endpoints to fetch schedule service status
  • a1a01c89d feat(rest) : Endpoint for export SBOM at project detail page
  • f15fd779a feat(script): read host, user and pass as args
  • 8d5a77ee7 feat(rest): new rest endpoint for edit obligation
  • 65db380b9 feat(project): add new values to project state field
  • 8c17597a4 feat(exportCDX): update CycloneDX exporter dependency from v1.4 to v1.6
  • a84a42b48 feat(rest): Count of attachments used in different projects.
  • f40e72c3c feat(rest): create new endpoint for bulk delete function
  • 927da5a54 feat(rest) : Search for vendors added.
  • 45a53b4e2 feat: Add multiarch for docker image
  • 6373bed28 feat(rest) : Comment added to reuse methods for Duplicateobligation functionality
  • e764a5823 feat(rest): endpoint to merge vendor.
  • 4bab8d07a feat(User): Add 2 new endpoints: - Allow Admin user to update user - List all existing department
  • 2d0664f2f feat(rest) : Advanced Search for project page
  • f15ccd798 feat(rest): standardize POST response to include created entity ID
  • c273f1925 feat(rest): create new endpoint to delete ModerationRequests by id.
  • be7606f32 feat(rest): create new enpoint to upload component csv file.
  • 068385703 feat(api): complete advance search for components

Corrections

  • 1b92b5135 fix(spdx): add null and empty field checks for SPDX documents
  • 2d1ace631 fix(ci): set min version of CMake to 3.5
  • 1cb9e8f4e fix(test): fix test cases for correct exceptions
  • 4cba33716 fix(controller): fix further changes after rebase
  • eb73f32c4 fix(Obligations): includes ObligationLevel in get all obligations responses
  • b0d1be0d0 fix(security): remove WebSecurityCustomizer
  • 991eb8f0a fix(xss): ignore essential headers from XSS filter
  • 00d3cb129 fix(project): set fields getLicenseObligationData
  • ef153bce9 fix(obligation): fix obligation patch
  • 5f6796ee6 fix(rest) : Advancesearch(AdditionalData) for project page with value based search
  • 9daf29b74 fix(Project): Resolve issue with embedded type in project release response when length is 0
  • e415d05a4 fix: Set docker main and development image
  • 9038d8dd2 fix: Adjust copyrights and licenses properly
  • 72dbb8c72 fix(projectService): fix user role check
  • 18193631b fix(rest): Add license information linking for project releases.
  • 5336aea47 fix(script): fix addUnsafeDefaultClient.sh script
  • 00b552d58 fix(SPDXDocument): Fix bug add SPDX document always return fail
  • d4c0f913c fix(Token): Fix bug authentication by user token not working
  • 5b3535a9b fix(project): add more null checks for attachments
  • 0e9052f23 fix(project): null check at /summaryAdministration
  • 840fa9740 fix: Adjust sw360 container build for external thrift
  • e378da720 fix(Admin): fix OAuth Client deserialization and database operations
  • cb52c1ad6 fix(Rest): Create new endpoint to activate the department manually.
  • 4adc4a268 fix(rest) : Add licenseInfoHeaderText in summaryAdministration api response
  • cadc213e9 fix(rest) : Moderation update overwrites previous fields
  • d3aeefc6d fix(Attachment): Make get attachment endpoints of component/release/project consistent - Allow updating project/component/release with attachment data (in a consistent way)
  • 48f9159bb fix(Rest): new endpoint will help to get the package details by projectId.
  • fbea70a91 fix(rest): Added packageIds in project create and update APIs.
  • 886ad473c fix(Rest): Updated the REST endpoint to schedule the upload of release component attachments.
  • 975e30f49 fix(importCDX): Add logging for null metadata in sbom.
  • 41ea54857 fix(licenseinfo): Corrected the Open Source title in TEXT format to match DOCX format
  • 6ba3bf675 fix(rest): Prevent stored XSS
  • 5365f10b8 fix(component): add null check for release merge
  • b91d3ad10 fix(rest): Added code to get obligation releaseView data in project.
  • bbd7a4361 fix(Rest): License overview is not updating in summary page.
  • eeb3c86d4 fix(rest): fix doc for ModerationRequestController
  • 663ac8377 fix(rest): Validate comment message while create a moderation request.
  • 6dbec3601 fix(rest): adding additional fields to attachmentUsage endpoint.
  • 325cf0ef5 fix(deps): Deprecate old commmons-lang library
  • 75d3748cc fix(cloudant): fix structure of elemMatch query
  • aadf18948 fix(report): refactor /reports endpoint
  • 20d02c954 fix(doc): fix OpenAPI docs for report controller
  • 73726c45e fix(moderation): fix moderation creation
  • 1cd3739bd fix(rest) : modified attachment info in response to the moderation request rest api
  • 1e1c5c1d0 fix(rest): Added code for for updating multiple project attachments.
  • c8b27567f fix(rest) : Closed Project functionalities not uniform with respect to UI and REST

Infrastructure

  • 57827d8ed chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13
  • 9bfa90129 chore(deps): bump com.tngtech.jgiven:jgiven-maven-plugin
  • 30d5f61ab chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin
  • 40a22ede4 chore(deps): bump poi.version from 5.4.0 to 5.4.1
  • fad1b859a chore(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1
  • f73f40dc4 chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0
  • 9f208baf0 chore(rest): rework exceptions
  • b14bf4058 chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13
  • 5387e3fcd chore(deps): bump maven from 70591cb to f1e4a85
  • 87806a5ae chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • 5a3acda61 chore(deps): bump springdoc-openapi-stater-common.version
  • b15710833 chore(deps): bump org.apache.httpcomponents.client5:httpclient5
  • 0cded8b31 chore(deps): bump org.ow2.asm.version from 9.7.1 to 9.8
  • d2de95f47 chore(deps): bump httpcore5.version from 5.3.2 to 5.3.4
  • b0e52e4f6 chore(deps): bump org.mockito:mockito-core from 5.15.2 to 5.16.1
  • 2a1ea1952 chore(deps-dev): bump com.tngtech.jgiven:jgiven-junit
  • 350a8db21 chore(deps): bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
  • b4b475444 chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin
  • 197ed98b4 chore(deps): bump springframework.version from 6.2.4 to 6.2.5
  • 8c87ab4ed chore(deps): bump actions/cache from 4.2.2 to 4.2.3
  • 403020e2b chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
  • 4809763e4 chore(deps): bump github/codeql-action from 3.28.11 to 3.28.12
  • 3ac6ea7df chore(deps): bump org.springframework.security:spring-security-crypto
  • 64a8742a7 doc(sbom): add allowable SBOM export types
  • 40c061cdf chore(controller): fix typo in endpoint name
  • dfe68e180 chore(deps): bump docker/login-action from 3.3.0 to 3.4.0
  • 712d613ed chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server
  • 1b05c7add chore(deps): bump com.ibm.cloud:cloudant from 0.10.0 to 0.10.2
  • 1ac13a85a chore(deps): bump keycloak.version from 26.1.3 to 26.1.4
  • dff3a99d9 chore(deps): bump springframework.version from 6.2.3 to 6.2.4
  • fc4910ec0 chore(deps): bump org.cyclonedx:cyclonedx-core-java
  • 38e0f199a chore: Add push docker tag capability
  • 4e424695b refactor(rest): enhance logging and error handling in FossologyRestClient
  • 79beaf846 chore(deps): bump docker/build-push-action from 6.13.0 to 6.15.0
  • ac0cf9887 chore(deps): bump docker/metadata-action from 5.6.1 to 5.7.0
  • 341fad29b chore(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0
  • c442800bd chore(deps): bump github/codeql-action from 3.28.10 to 3.28.11
  • 1b2c6f8f8 chore(deps): bump tomcat from 0530899 to 1374a56
  • 344b6995f chore(deps): bump slf4j.version from 2.0.16 t...
Read more

sw360-19.1.0

Choose a tag to compare

@GMishx GMishx released this 16 Dec 15:01

sw360-19.1.0

This minor release includes numerous features, corrections, and improvements across the SW360 project since the 19.0.0 release.

Highlight of the changes includes:

  • Various vulnerabilities and security fixes.
  • Multiple new REST API endpoints.
  • Improvements on SBOM and CDX import.

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> Afsah Syeda <afsah.syeda@siemens-healthineers.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Arun Azhakesan <arun.azhakesan@siemens-healthineers.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> duonglq-tsdv <duong1.lequy@toshiba.co.jp>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> nikesh kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
> StepSecurity Bot <bot@stepsecurity.io>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • 2133694fa feat(rest) : Export Project Create Clearing Request
  • 36df4a611 feat(spdx): Add API for feature SPDX Document tab
  • 719165516 feat(rest): endpoint to get license info header text.
  • c64470ff8 feat(rest): Add documentation for new clearing size parameter.
  • e02307383 feat(rest) : Rest end point for project ECC Export Spreadsheet
  • 9cd8646c1 feat(Component): Add new endpoint that allows user to subscribe and unsubscribe to a component
  • a3edc6cee feat(Release): Add new endpoint for release subscription
  • 8d6315f31 feat(FossologyTrigger): stop repetitive entries of attachment.
  • 3a48426c9 feat(ImportCDX):Handle redirection of VCS URLs in SBOM
  • be8d94046 feat(rest): Create new api's in schedule tab.
  • f41b8927d feat(importCDX): Add functionality to configure release creation when importing SBOM to an existing project
  • ddec17e5d feat(rest): Add size parameter to clearing request.
  • be032e39c feat(importCDX): enhance CDX importer to sanitize VCS URLs for non-GitHub domains
  • 646c4e1bb feat(Project): Create new endpoint that allow to duplicate project with network
  • 68c1fb737 feat(Release): Add new endpoint to check cyclic links between releases
  • 9b32525a3 feat(Project): Add new endpoint that allow to compare project network with default network
  • 108ba6700 feat(Project): Add new endpoint to fetch linked releases of linked projects
  • 067f9135b feat(Release): Add new endpoint that allow to get linked releases of release
  • 466a8c6d7 feat(Project): Create new endpoint that allow to get linked releases in dependency network of a project
  • 75e3bc899 feat(rest): Add endpoint to handle updation of clearing requests.
  • 7bcedef6a feat(rest): endpoint to remove orphaned obligations from project.
  • fa17c2fed feat(rest): delete a vendor by id.
  • 453eff793 feat: Add default user/pwd to couchdb connection
  • e81031333 feat: Add default admin user if database is empty
  • f98db4ff4 feat(rest): Add pagination to get clearing requests endpoint and fix 403 forbidden error
  • 33012fdc2 feat(REST):fetch releases that are in NEW_CLEARING state and have a SRC/SRS attachment using parameter isNewClearingWithSourceAvailable
  • 2621657cd feat: Add logging to identify releases with corrupted attachments during license generation
  • 73d0576c7 feat(rest): endpoint to get list of obligations depending upon obligation level.
  • 24b71c5e6 feat: Update README.md with openssf scorecard badge

Corrections

  • 802013389 fix(openapi)!: add health endpoint to openapi
  • b39c71b5b fix(Cloudant): Fix Cloudant document creation error by setting id and rev to null instead of empty string during Java object conversion
  • da677a677 Revert "fix(importCDX): Resolved unnecessary update of component fields"
  • 8f9859955 fix(docs): fix OpenAPI docs
  • 8164a1f48 fix(rest): Fixed the reference to wrong db for oauthclients
  • 4918ecd85 fix(test): Remove unused invalid entries
  • 7c4b647e9 fix(test): Remove unused invalid entries
  • ac410370c fix: Enable back client library
  • c41cdedfc fix: Ignore SECURITY.md on license check
  • ffd83c62f fix(Project): Add missing properties in network response
  • 849284e3b fix(Project): Unset unnecessory data before store network into database
  • 87bdf001e fix(test): enable unauthorized request test
  • 519496118 fix(Project): Fix vulnerability: Information exposure through an error message
  • 48eb7437e fix(User): Fix XSS vulnerability due to a user-provided value
  • 89e67b7e9 fix(Rest): component attachment deletion while updating externalIds
  • c35e05fbd fix: Create sw360oauthclients database
  • 9cfb2c16d fix(rest): Enhance the acceptRequest method to see the proposed changes in project/component/release pages.
  • 342145702 fix: Restore target for Dockerfile
  • e18227af9 fix: Remove spotless dead code
  • ec6d2bc18 fix: Adjust pinned dependencies on Dockerfile
  • 73e682053 fix: Update POI code to modern version
  • a2734ca50 fix(StepSecurity): Apply security best practices

Infrastructure

  • 8a0793ed5 chore(deps): bump org.apache.maven.plugins:maven-gpg-plugin
  • 06426f8bb chore(deps): bump keycloak.version from 26.0.6 to 26.0.7
  • 385a8bc74 chore(deps): bump tomcat from 7ebc6c3 to 935ff51
  • d24a5c32a chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9
  • e38177ad1 chore(deps-dev): bump com.tngtech.jgiven:jgiven-junit
  • 7277d0815 chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin
  • e424549f5 chore(deps): update wiremock to 3.10.0
  • e35110da8 chore(deps): use updated wiremock
  • c5cbf16f4 chore(deps): bump org.apache.httpcomponents.client5:httpclient5
  • d59b81243 chore(deps): bump actions/cache from 4.1.2 to 4.2.0
  • e15aa510c chore(deps): bump maven from 9ae8f00 to 85d505f
  • 97c483c04 chore(deps): bump net.minidev:json-smart from 2.4.10 to 2.5.1
  • 862a08e73 chore(deps): bump maven from f401172 to 9ae8f00
  • e0bec4851 chore(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0
  • 668953ad0 chore(deps): bump org.mockito:mockito-core from 2.28.2 to 5.14.2
  • 684e0703c chore(deps): bump maven from 5a44dff to f401172
  • b80aaa302 chore(deps): bump tomcat from 2ade2b0 to 7ebc6c3
  • 39bb1e985 chore(deps): bump ubuntu from 35b7fc7 to 80dd3c3
  • f24cbc910 chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6
  • 0db57d021 chore(deps): bump ubuntu from 278628f to 35b7fc7
  • db32f3bb8 chore: Remove cache from java-setup action
  • 03dda4438 chore(deps): bump org.codehaus.mojo:versions-maven-plugin
  • 2a4c3c3a6 chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin
  • 92f05513f chore(deps): bump org.apache.maven.plugins:maven-resources-plugin
  • 1c3aefe32 chore(deps): bump jackson.version from 2.18.1 to 2.18.2
  • 6d5b60f67 chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server
  • 360f63268 chore(deps): bump docker/build-push-action from 6.9.0 to 6.10.0
  • 75b9565a2 chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin
  • 8589b49b9 chore(deps-dev): bump com.github.tomakehurst:wiremock-jre8
  • b4362b73d chore(deps): bump org.apache.commons:commons-lang3 from 3.12.0 to 3.17.0
  • c0f95baab chore(deps): Fix Maven warning for deprecation values
  • 067a3025e chore(deps): bump org.apache.commons:commons-csv from 1.10.0 to 1.12.0
  • 41da93540 chore(deps): Move versions to supperpom
  • 2dfa4afdb chore(deps): bump org.keycloak:keycloak-core from 26.0.5 to 26.0.6
  • 90c1a4724 chore(deps): bump log4j2.version from 2.24.1 to 2.24.2
  • a2beaa41e chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.10.18 to 1.15.10
  • cca5c12a9 chore(deps-dev): bump org.ow2.asm:asm-commons from 7.1 to 9.7.1
  • ec4e041f6 chore(deps): bump springframework.version from 6.1.14 to 6.2.0
  • bb9225664 chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin
  • c4b75cf53 chore(deps): bump com.google.guava:guava from 32.0.0-jre to 33.3.1-jre
  • c3c75c7df chore(deps): bump spring-security.version from 6.3.3 to 6.4.1
  • bca5bc337 chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5
  • df9bf4801 chore(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0
  • eaf13a8d6 chore(deps): bump docker/metadata-action from 5.5.1 to 5.6.1
  • 9bf808d70 chore(deps): bump org.apache.maven.plugins:maven-failsafe-plugin
  • a11f1830f chore(deps): Update apache.commons-compress
  • 3658d3970 chore(deps): bump org.apache.commons:commons-text from 1.10.0 to 1.12.0
  • 6cd1da38b chore(deps): bump com.tngtech.jgiven:jgiven-maven-plugin
  • 36398cfbb Update security.md file
  • ce6aa331c Create SECURITY.md
  • a2a88dc79 chore(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2
  • 12bd1bf81 chore(deps): bump org.projectlombok:lombok from 1.18.34 to 1.18.36
  • 4d336c6ad chore(deps): bump jackson.version from 2.17.1 to 2.18.1
  • cce753580 chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier
  • 6098b6723 chore(deps): bump com.github.package-url:packageurl-java
  • 40ec24f69 chore(deps): bump tomcat from a09d4c1 to 2ade2b0
  • 965ac8dc2 chore(deps): bump ubuntu from 99c3519 to 278628f
  • 49c3e574f chore(deps): bump maven from 440a97a to 5a44dff
  • a91c6249c chore(deps): bump httpcore5.version from 5.2.5 to 5.3.1
  • f2b202b7a chore(docs): update the KeyCloak doc for 26.0.5
  • 8f9492422 chore(deps): bump keycloak.version from 25.0.6 to 26.0.5
  • 6239843ef chore(deps): Adjust Maven dependency declarations
  • 9fa14d2e3 chore: Remove pre-commit checkstyl...
Read more

sw360-19.0.0

Choose a tag to compare

@GMishx GMishx released this 30 Oct 09:23

sw360-19.0.0

This tag covers many corrections, bug fixes and features after the 18.1 release. Version 19.0.0 is also the first release without the Front-end integrated, but as a separate sw360-frontend project.

Major changes in the release includes:

  • Removal of Liferay and related libraries, OSGi framework
  • Unification of various backend packages from src and svd
  • Support for Java 21 and Apache Tomcat 11.0.0
  • Replace couchdb-lucene with couchdb-nouveau

Credits

The following GitHub users have contributed to the source code since the last release (in alphabetical order):

> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <helio.chissini.de.castro@cariad.technology>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> Nikesh Kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • c167bcca9 feat(rest): Endpoint to add comment on a clearing request
  • cd97b6154 feat(rest): Create new endpoint for schedule CVE and schedule attachment deletion.
  • 00d70bcc5 feat(rest): get releases used by vendor
  • 31b720b9e feat(rest) : Rest end point for generate source code bundle
  • 062a89290 feat(rest): saveUsages in project page
  • 9751a2e1a feat(Project): Add new endpoint for project's license clearing tree view (New GUI)
  • 546d35b73 feat(Project): Import SPDX as dependency network
  • a18b053f5 feat(rest): Create new endpoint to download component template in csv format.
  • 144ea5b81 feat(rest) : Move GenerateLicenseInfoFile rest end point to SW360reportcontroller
  • 61ec9ac39 feat(REST): Exclude release version from license info
  • 295f1cbff feat(rest): fetch group list in project add and edit page.
  • e9ec8d8a7 feat: Make Java 21 default
  • cb99fc678 feat(ImportSBOM):Change naming convention of imported components
  • 441fa7d85 feat(Project): Create new endpoint to serve list view of dependency network (New GUI)
  • 7b4c534e3 feat(cloudant): use IBM SDK
  • 09586fad6 feat(ektorp): remove ektorp from search handlers
  • af0262112 feat(lucene): nouveau integration
  • a019b468b feat(keycloak-spis): Added the custom keycloak SPIs
  • 3c453670d feat(couchdb): Enable use of latest CouchDB with nouveau
  • 8fdd93c86 feat(rest): endpoint to update a vendor.
  • bff430140 feat: Add CODEOWNERS to the repository
  • 90ad3ea1c feat(rest): Add additional fields in get clearingrequest endpoints.
  • 771b965b2 feat(ComponentPortletandImportCDX): Validate VCS URL and sanitize GitHub Repo URLs during CDX import
  • 99d0c80ed feat(api): postpone moderation request action
  • af15a09e3 feat(rest): includeAllAttachments parameter in licenseInfo endpoint
  • 66cac90c6 feat(CycloneDX): Make methods compatible with cyclonedx upgrade and update jackson version
  • 9a15832c0 feat(rest): Endpoint to get comments of a Clearing Request.
  • ffbf1b183 feat(project): endpoint for vulnerabilitySummary page.
  • 0d6908ab2 feat(project): Add necessary library dependencies required by rest code
  • acb1e54ea feat(vscode): Add base Eclipse java formatter config file
  • a29d5b0c2 feat: Generate provenance and SBOMs on Docker images
  • 8b6aa42cf feat(docs): Remove old asciidocs support
  • fd0546244 feat: Update to Ubuntu 24.04 (Noble)
  • 8f971f765 feat(rest): new endpoint for releases of linked projects.
  • 5bd4cae83 feat(obligation): rest endpoint to update license obligations of the project.
  • 3c40f09f2 feat(License): Add API Listing LicenseType and Add pageble for licenses, obligations
  • 204ce2f02 feat: Add scorecard

Corrections

  • 9452b2b89 fix(cloudant): fix attachment creation
  • 5bdef6d51 fix(pom): fixed the java version in kc module pom.xml
  • 48e0f6c8c fix(ImportCDX): VCS sanitization failing on characters like colon
  • dc18109b8 fix(Project): Fix project handler test with dependency network feature
  • 5702dc595 fix(clearingState): making fossology report download configurable.
  • 3f10b6856 fix(build): add the missing excludeReleaseVersion
  • 69fcc6c9f fix(servlet): complete migration javax to jakarta
  • 3cad1c4aa fix(UI): Add lang attribute to ReadmeOSS.html for generated license info.
  • 77b801825 fix(keycloak-spi): Added the README.md
  • e43c3422a fix(nouveau): fix nouveau query result
  • 442ac94c7 fix(test): fix test cases with cloudant SDK
  • 41e3d4605 fix(nouveau): extend nouveau connector as cloudant
  • cbcffd979 fix(cloudant): fix query builders
  • ced70a0e4 fix(cloudant): fix views
  • 57f5b6908 fix(REST): Patch Release is causing the clearing state to be updated to NEW even if a Clearing is existing
  • 5c4810a56 fix(backend): fix dependency for backend core
  • f0719b97a fix(rest): Resolved null value returning for svm tracking status.
  • fe05d9f29 fix(rest): Update search API to return 200 status with empty results array when no match found
  • b0c11a1fb fix(GenerateLicenseInfo): Generate License Info failing for releases having the same CLX
  • d6f630021 fix(rest): Ensure visibility field is case-insensitive
  • 6a1408f50 fix(doc): fix OpenAPI doc for Search endpoint
  • 83796a935 fix(rest): add requestClosedOn field in get clearingRequest_by_id endpoint
  • 45a8137f3 fix: Update docker documentation to reflect current status
  • 9dc2d6835 fix(rest): Enable back authorization and resource server with up to dat springboot
  • c493d83bf fix(couchdb): Move setup data for single file and update compose to use as read only
  • c15e36cd8 fix(docker): Use Tomcat with Ubuntu 24.04 (Noble)
  • d655adc64 fix(rest): Add null check for linkedProject field if it is empty
  • 77bdbf7f6 fix(rest): Add null check for linkedProject field to prevent Internal Server Error on GET request to fetch the linked projects of a project
  • 5943127c6 fix(rest): Add code to update user details when creating a moderation request.
  • 9777923f8 fix(docker): Reinstate docker builds
  • 0265205b0 fix(docker): Update docker build to fit Ubuntu Noble and improved caching
  • 293e025cf fix(rest): Added JWT token convert to fix the issue with authorities
  • 540f9baf1 fix(rest): Added the Oidc user info customizer and token customizer
  • 1fb7bcf97 fix(rest): Add null check for linkedProject field to prevent Internal Server Error on GET request to fetch the linked projects of a project
  • 3f6ae983b fix(importCDX):Improve error message when PURL is invalid
  • 3dfbb5538 fix(rest): Fix internal server error with 500 status code for link project to projects endpoint
  • f0e149422 fix(rest): Fixing pagination for endpoint '/packages'.
  • 0d88cacc7 fix(rest) : Non uniform link format in attachmentUsage end point
  • fea2d4eda fix(rest): Fixed the swagger issue
  • 01218278d fix(backend) : Product clearing report generated has strange numbering issue fix
  • da95be6e7 fix(rest): Added modifiedBy field in get package_by_id endpoint.
  • 82ad83e70 Revert "fix(rest): Fixed the swagger issue"
  • cc38d07df fix(rest): Fixed the swagger issue
  • 51fabdfc2 fix(rest):Added code to resolve the server error while fetching a summaryAdministraion endpoint.
  • b262c4c82 fix(rest): Fixing the rest test cases
  • 308ce540b fix(rest): Added a missed field in package endpoint for allDetails.
  • 8f0560c04 fix: Only publish test report on failures
  • f48e6d27b fix: Thrift cache location
  • b69720c91 fix: Update thrift build to fix github caching
  • 89f47fe05 fix(test): Proper build tests now without jump folders
  • 4dd4f8aa7 fix: Remove wrong placed copyrights on commit template
  • f8dcd79f2 fix(test): Disable rest test to avoid chicken and egg integration
  • 7ce112133 fix(github): restore pull_request_template.md

Infrastructure

  • 4e883a5a1 chore(deps): bump org.springframework:spring-context
  • 7dd44a5fd chore: Add maven validation on build
  • d086e9a71 chore(deps): bump org.keycloak:keycloak-core
  • 2d90a9a00 chore(deps): bump org.keycloak:keycloak-core
  • bfd296052 chore(maven): deploy keycloak listeners
  • c71b0d5c4 chore(maven): segregate war and jar deploy dirs
  • d9b3edf25 chore: Add Tomcat 11 default for Docker
  • 872c74ef1 chore(nouveau): catch exception for nouveau query
  • 824504564 chore(docker): update compose with dockerhub image
  • 3fc2e0976 chore(couchdb-lucene): remove third-party/couchdb-lucene
  • 111a0fe88 chore(refactor): Refactored the models by adding Lombok
  • e3dccf3ee chore: Reduce couchdb log level on docker compose
  • e3f3dab7e chore: Update the license header checkfor CODEOWNERS
  • af056ef15 chore: Properly set components servlet as war file
  • 27fddd182 refactor: Use the correct thrift image
  • 56b63f065 refactor: Remove dead code comments
  • 7b3fe9233 chore: CouchDB setup can't be read only
  • 442970d4c chore: Add color coding for sw360 project
  • 30b6114f8 refactor(backend): Adjust component test call
  • 9a09353af refactor(backend): Disable ComponentImportTestUtils
  • a0369e0a3 refactor(backend): Allow test properties be configurable
  • b7d9941dd refactor(backend): Fix licenseinfo test
  • 2f24d0b3e chore: Disable logging on disk for couchdb and configure authorization server
  • bc759edb4 refactor(backend): Restore webapps install
  • a9cff25ea chore: Fix version dependencies
  • a81fe91dc refactor(backend): Remove invalid recursive add-build-configuration process
  • a973a70f4 refactor(backend): Disable usage of Handlers by importer
  • 2019328a3 refactor(backend): Adjust dependencies for...
Read more

sw360-18.1.0-M1

Choose a tag to compare

@ag4ums ag4ums released this 30 May 05:50
20c818a

sw360-18.1.0-M1

This tag includes important corrections and fixes following the 18.0 pre-release. It is also the final tag with Liferay, as SW360 will use the SW360-frontend project (https://github.com/eclipse-sw360/sw360-frontend) starting from the next release.

Migrations

For existing installations, a data migration is required with PR 1963. Please go to the readme file in scripts/migrations to see more information:

https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md

Note: For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).

SW360 18.1 Native Install Deployment

https://eclipse.dev/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-18.1.0/

Credits

The following github users have contributed to the source code since the last release (in alphabetical order):

> Afsah Syeda <afsah.syeda@siemens-healthineers.com>
> Aftab, Farooq Fateh (ext) <farooq-fateh.aftab.ext@siemens-energy.com>
> Anupam Ghosh <anupam.ghosh@siemens.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Eldrin <eldrin.sanctis@siemens.com>
> Gaurav Mishra <gmishx@gmail.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> Jens Viebig <jens.viebig@vitec.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> Nikesh kumar <kumar.nikesh@simens.com>
> rudra-superrr <rudra.chopra@siemens.com>
> sameed.ahmad <sameed.ahmad@siemens-healthineers.com>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>

Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.

Features

  • 4bfabe486 feat(rest) : Remove mail-request parameter and read from config file
  • 96863d14c feat(REST): Search package by purl and version
  • 684d90117 feat(REST): Create clearing request for a project and move the preferred clearing date limit field out of Liferay"
  • fe044d00 feat(project): Added release field for licenseObligation get endpoint
  • 70837b27 feat(rest): filter attachment usages in project
  • ea94202b feat(license): Update Whitelist
  • af155858 feat(CR): Update clearing request state from AWAITING RESPONSE to PENDING INPUT
  • 2bd2b2fd feat(vscode): Add workspace java settings
  • 8ceba8fb feat(docker): Add test build using docker
  • 944a7164 feat(rest): added pagination for vulnerability tracking status page.
  • 70391d07 feat(rest): add license obligations to a project.
  • 4f65386f feat(obligation): endpoint to list license obligation table data
  • 5fcb3533 feat(rest) : endpoint to list license obligations from license database.
  • 240c73f3 feat(CR): Create a new Clearing Request state Sanity Check to perform sanity check before accepting a project
  • 4bc56326 Revert "feat(CR): Disable Clearing Request creation for the projects which have linked releases without SRC type attachment"
  • 71d3a470 Feat(User): Create new endpoints to Create/Revoke/List rest api token
  • d4820efc feat(Rest) : Download license clearing report end point.
  • 14fda713 feat(api): new endpoint /mySubmissions
  • cec7f4b7 feat(docker): Improve output of check_image script.
  • d7699485 feat(docker): Revamp docker build setup
  • 2ddf76f0 feat(user): Enable API user endpoint by default
  • 36a41cef feat(Obligation): adding obligation type data in license obligation table.
  • 44219a39 feat(rest) : Pagination for vulnerability tracking status
  • b925c0ab Revert "feat(UI): enhanced date filter for open and closed clearing requests tab"
  • a3038447 feat(UI): enhanced date filter for open and closed clearing requests tab
  • 9f9a1ffa1 feat(UI): Add an info button in the create CR page
  • b98d346a4 feat(UI): Add clearing type column in closed clearing request tab
  • b6aa50650 feat(Project): - Extract license from all releases in dependency network when download license information of a project - Generate source code bundle from all releases in dependency network when download Generate source code bundle for a project
  • 49f5486fa feat(rest): endpoint to link sourceProject to list of projects.
  • 1ab14350b feat(CR): Disable Clearing Request creation for the projects which have linked releases without SRC type attachment
  • bcd600c26 feat(User): Add new endpoints to get/update requesting user profile
  • 3cb73c19f feat(rest): Create new endpoint to unschedule all services.
  • 83a2b3a28 feat(license): Listing obligations by license
  • 8a9c407e8 feat(license): Fix Update License isChecked
  • 89a75f815 feat(project): Update ghactions workflows deps
  • 849e10a0c feat(obligation): Add api listing obligations by ObligationLevel
  • 3ec2cb129 feat(rest) : Rest end point for releases by lucene search
  • 7ccba71d5 feat(project): Setup Sonatype publishing
  • c0fb731c4 feat(license): Create API Export License
  • 141e24bab feat(Release):Upload Source Code Attachment to Releases through a Scheduled Service
  • c7c33c78f feat(rest): adding pagination for listing vendors endpoint.
  • c805ff90f feat(rest) : Adding or Modifying fields to project summaryadminastration page
  • 6a89beabc feat(Script): Delete MR's for a specific user
  • adc862038 feat(license): Create new api update license

Corrections

  • dfabecd2c fix(importCDX) : Fix package's linked release updation when an SBOM is imported
  • 3de514387 fix(project): adding project owner field in project get endpoint.
  • c31464972 fix(api): throw 409 if last moderator
  • 219792b1 fix(importCDX): Resolve incorrect package/release count in import summary
  • 6d9f3620 fix(rest): Create a new endpoint for dataBaseSanitation.
  • ae997be2 fix(project): Update outdated Github actions
  • cb02b200 fix(sw360): changing mkdocs version
  • 0c9523fb fix(REST): Improve error message handling for CycloneDX sbom import using REST API
  • df735e9b fix(Release): Updating the license overview in the summary page
  • e5ac9278 fix(SRCUploadService): Source upload should work for release versions having alphanumeric characters
  • fa42d204 fix(api): provide typeMasks name as Optional type
  • 6e36abbb fix(api): check project modifier before embedding
  • 3beff049 fix(Project): Fix bug Expand Next Level and Collapse All button are hidden when click on sort icon
  • 5112980f fix(urlEncoding): url encoding.
  • fe0a4408 fix(Release): Add embedded other licenses in release response
  • d4a8be84 fix(importCDX): Packages without VCS in SBOM having VCS in SW360 are not getting linked to project
  • 8af9bd5e fix(importCDX): Add check for existing comps and package using case-insensitive comparison of vcs and purl
  • ee3ed068 fix(Liferay): Fix bug cannot access oauth client page when import lar file
  • edc9320c fix(rest) : attachment usage type fix in response
  • 49be7428 fix(importSBOM): Remove the invalid characters appearing in import summary message for invalid packages list
  • 5a726764 fix(rest): create endpoint for search by userName using lucene search.
  • ff068133 fix(rest): Added releaseId in recentRelease and release mySubscription.
  • 87a14f7a fix(Rest): Added status for mysubsciption in component.
  • d28843c2 fix(docker): Fix broken binaries context inclusion
  • 16475d70 fix(rest) : create new endpoint for cleanup attachment.
  • 0950a2ca fix(script): update modifiedBy/modifiedOn project fields.
  • 67696a9f fix(department): Division by zero caused by bad default value for interval
  • 9703661d fix(rest): Added primaryRole and secondaryDepartmentRoles fields for user endpoint.
  • fba0d8e5 fix(rest): Added modifiedBy field in project search by id.
  • 178813e5f fix(docker): Adjust local naming for docker images
  • b55372562 fix(thrift): Add proper version to build
  • 34765dd80 fix(thrift): Follow link download step
  • ef5cc0142 fix(database): Restore reading environment database vars
  • 8aaf95734 fix(UI) : Issue fix for vulnerability not displaying for project
  • c63023c4d fix(release): modify the externalId query parsing
  • 6a6cb33b5 fix(docker): We have been using wrong Java version
  • 625ffcfa1 fix(release): revert external id query parsing
  • 222879a9e fix(rest): error handling when user dont have sufficient import permission
  • d619c5121 fix(Table): Fix error of hiding attachment table content when clicking sort
  • ef83441df fix(moderator): show message when only moderator choose remove me option.
  • 590a2b3ad fix(docker): Remove deletion that invalidate image
  • 2fe147f09 fix(rest): create new enpoint to check server connection.
  • 47d14b158 fix(script): Fix migration script not working with python3
  • 0d535c386 fix(config): Correct file number
  • 0f9d9b85a fix(rest): create a new endpoint for fossology in admin tab.
  • 5b9f10921 fix(script): Fix incorrect numbering for migration scripts
  • 0f9d31974 fix(couchdb): Add config entry to disable couchdb cache
  • 451948a79 fix(javadoc): Remove invalid link reference
  • 05c2445fa fix(lib): Add meta information to enable publish
  • b5f6cb469 fix(importCDX): Update failed component creation error message
  • 6e1964a40 fix(rest-fossology): applied changes for upload endpoint
  • 5a83fe2c9 fix(RequestsPortlet): Unable to reopen CR, Open Components to display open releases, clearing progress to show percentage
  • 2fdd5f4c5 fix(Rest): Allowing search for releases using externalIds
  • d9fce216f Fix(package): Fix issues api for package - Cannot unlink orphan packages from the project - Cannot link a package to a release without any package - Handle message when package with same purl already exists
  • 02d84be81 fix (rest) : rest api created for component search by lucene search

Infrastructure

  • e71c5e53f Revert "build(deps): bu...
Read more