sw360-8.2.0-M1

Although there are only few commits listed below for this release, the change from 8.1 to 8.2 is huge: sw360 supports now an UI which can be extended with different languages.

With the initial pull request, the English and Vietnamese languages is supported. More languages can be supported. For this, a translation file must be added. Please see README_LANG.md in the root level of the project directory for more details.

Many thanks to the colleagues at Toshiba for providing this big feature to the community.

Features

• 8bd91be feat: SW360 support multi-language update after review
• 994ad5c feat: SW360 support multi-language

Corrections

• ae45236 fix(mergeUI): Provided fix for error message on merge component, release, vendor.

sw360-8.1.0-M1

A version upgrade is justified, because of a number of new features have been integrated: FOSSology scans can be now triggered over the SW360 REST API. By this feature, an upload, for example from sw360antenna, could also trigger the FOSSology scan right away. It requires FOSSology being integrated with sw360.

Another new endpoint is the query for SHA1 values of a file to check if that attachment is actually already found at some release. With this endpoint, one would not need to search for release names and version before making a new entry, but just search for the source code attachment using its SHA1 value to check if an upload has been performed already.

A third new feature is the ability to agree on a clearing job for the software components of a project or product. A project owner can now send to a clearing expert a request to perform the clearing of software components right from SW360.

Features

• bb9f2ba feat(REST): Trigger FOSSology process and check status
• 99e23dc feat(ObligationUI): Added new status fields for Obligation
• d025c4a feat(rest): Attachement sha1 improvement
• 9a53e7b feat(ProjectUI): Project Clearing Report

Corrections

• 7bd1fd5 fix(UI/REST): Remove Trailing and leading whitespace for all fields in component, release and project
• a2a4b16 fix(components): components listing limited to 200 entries both in UI and excel spreadseet
• 0de1db1 fix(vulerability): vulnerability view breaks at backslash in description
• 83e6f28 fix(REST): Updated upload attachment documentation

Chores

• 1fc2e0b Add pull request tempalte and .github folder (11 days ago) Stephanie.Neubauer@bosch.io

sw360-8.0.1-M1

There is some small but very relevant bug in 8.0.0, which prevents the user from creating records in special conditions. Therefore, version 8.0.0 is deprecated and replaced by version 8.0.1.

Corrections

• c20fa46 fix(component/release): Add component and release error in UI

sw360-8.0.0-M1

It is not really that we like to ignore minor releases, but release 8 is coming because:

• changes in the DB for external id handling, pls see migration script: scripts/migrations/016_update_byExternalIds_component_view.py
• changes in the Thrift API, allowing for SPDX BOM import pls see: libraries/lib-datahandler/src/main/thrift/projects.thrift

And as a larger, very important feature, there is the SPDX BOM import there in a first version, adding two modes:

• Import a project with linked releases from a SPDX BOM file
• Import a list of components and releases from a SPDX BOM file

Moreover a very important feature or fix has been provided for ensuring that malformed REST requests do not lead to failure in the application. Previously, providing wrong typed references (for example: linking releases to a project) was accepted by the application and can lead to malfunction then. The following list lists the detailed changes since 7.0.1:

New Features

• 712ba79 feat(rest): validate the linked document ids in the payload before updating it in the DB
• f90fcc4 feat(bomImport): implement SPDX BOM import for projects and releases
• 24999ce feat(AddProjectReleaseRelation): add a project release relation for source code snippets
• 48de678 feat(REST): Patch Releases to Project

Corrections

• d34d454 fix(ReleaseUI): fixed reload report in FOSSology Process
• 336534a fix(REST): fixed search component by external id
• bc28c54 fix(EditReleaseUI): Fixed missing functionality of button to delete release to release relation
• e437a5b fix(spreadsheet-export): fixed the secuence of values based on headers
• 4c0d5c9 fix(thrift): add should return ID on duplicate
• 1d65e70 fix(html): fix minor bugs and styling
• b7a83d6 fix(ui): saving attachment usage issue for source code bundle and others

sw360-7.0.1-M1

After tagging 7.0.0, we found two bugs to be corrected to provide a sound SW360. Therefore, here a new tagged version of sw360. Everyone should use 7.0.1-M1 instead of 7.0.0.

Adding rolling version since last tag will prepare automated tagging with incrementing patch level, retaining manual tagging for major and minor version only.

Corrections

• 0dcd109 fix(ProjectUI: fixed blank / non-responsive screen on project
• da677b5 fix(ui): fix issue #762

Infrastructure

• a37e24d chore(readme): adding some more badges
• f1a7c63feat(chore): adding rolling versions based on commit count

sw360-7.0.0-M1

Unfortunately this release has a bug, please consider the previous release or wait for 7.0.1.

The main reason for release version 7 is to have the license upgrade from EPL-1.0 to EPL-2.0. All contributing parties have submitted their consent by e-mail and on most cases also approved the referring pull request (#756).

Another change which justifies a major version jump is the required view update in the couchdb. Please see https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md for more information when migrating from an older version. The view update allows users to configure the My Projects portlet.

New Features

• 9b92795 feat(docs): relicensing from EPL-1.0 to EPL-2.0
• 66a4126 feat(Component/ReleaseUI): Added button to remove selected vendor for component and release
• 860aa3e feat(ProjectMigration): script to migrate a project field to new value
• bd99641 feat(REST): Add parameter to GET release by name
• 322c45d feat(WelcomePageUI): display configurable content for guidelines on welcome page
• abac231 feat(fossology-pull-report): Added the button to pull the already generated report from fossology
• 062c899 feat(HomePageUI): Listing of MyProjects is made configurable
• 9849cb0 feat(licenseinfo): Added filter to exclude releases based on selected relationship

Corrections

• 2a52475 fix(ProjectUI): Show proper error msg ,when loading of project fails due to access or dependency not found
• 752bd78 fix(ProjectUI): fixed 'Project is temporarily unavailable' issue due to obligation feature
• b32afd5 fix(ReleaseUI/REST): prevent cyclic link in release
• 0d2647d fix(licenseinfo): White page while downloading license disclosure

Infrastructure

• d22aaaf test: add script to start temporary couchdb with docker
• df54014 chore(cleanup): drop unused and outdated code related to the codescoop integration

sw360-6.0.0-M1

This release covers as the biggest change the new integration with the FOSSology REST API. It replaces the previous integration using an ssh login. It requires a migration of the couchdb database. More information about the scripts can be found in scripts/migrations/README.md.

Apart from changing the integration with FOSSology from ssh to the REST API, the entire data structure has been changed to be tool agnostic: A data structure for external tool requests replaces the info for the FOSSology upload. In future, albeit not supported today by the UI, also other tools could be integrated using the same data structure.

Warning Although the was much care for migrating existing data. It may happen with old datasets where source code attachments have been transferred to FOSSology using the ssh integration, the migration fails. For those datasets, the data must be changed manually. For example, just remove the status values.

Warning Migrations run per default in dry run mode, meaning that no changes are written to the database. After you have reviewed the changes (and checked that the scripts runs), you must change the DRY_RUN variable accordingly to False.

Two notable more features are provided by this release:

• Management for project obligations
• Merging release and vendor records added

New Features

• 653a7e3 feat(ProjectUI): added project obligation logic on change of accepted license file
• 648755a feat(REST): Added parameter to GET project by Group and Tag
• 8eae7d3 feat(rest): get attachmentUsages for a project
• b8549de feat(REST): linked release hierarchy is included in the response
• 1bc03f9 feat(Project-UI) License Obligation tracker at Project Level
• 1f506f2 feat(Rest): New end points for project/component/release usage summary
• 176557a feat(moderation): Moderation requests to all clearing admin irrespective of their group
• 82977a0 feature(merge): add wizard for merging vendors
• e476f39 feat(rest): Added support to add role category fields while creating project
• 86afeef feat(Projects): enabled Project/Release mainline state change only for clearing admins
• 578f53c feat(fossology-rest): replaced ssh communication to fossology with REST
• d19f658 feat(external-tool-request): added general datastructure for external tool requests
• 71535e6 feat(Authorization): Added support to read keystore from central configuration
• 43bd667 feature(release): add release merge wizard

Corrections

• ca88b44 fix(ProjectUI): Added options to generate ReadmeOSS for main project only or main project with subprojects.
• 51bc423 fix(rest): Error getting component/project with unknown creator
• 7814e7e fix(ProjectUI): Obligation view for changes in linked release attachment
• 255f54e fix(ui): Added missing tooltip
• 00c3110 fix(businessrules): NPE in clearingStateSummaryComputer
• 6bb0cc2 fix(project): Keep release mainline state as it is while cloning project
• 7b488d5 fix(projectUI): NPE in SW360Utils.getApprovedClxAttachmentForRelease
• 7181861 fix(LicenseInfo): NPE in ProjectPortlet.prepareLicenseInfo and downloadLicenseInfo
• 7df48da fix(rest): License information generation based on attachment usages from rest.
• 466185e fix(project): prevent cyclic link in linked projects
• dcc4192 fix(projectUI): NPE in ProjectDatabaseHandler.setReleaseRelations
• 6f02ae7 fix(component): incorrect release edit link in component edit page
• 20211c9 fix(component): component merge not working
• e1921d7 Fix(Project UI): Removed 'Unknown' from Project Clearing Team dropdown
• 16c3452 fix(REST): added support for createdComment field for uploadAttachements
• 2e0d776 fix(Project/Admin): Set to default text feature is not working correctly for Obligation
• aa71a06 fix(Componnet): ComponentType field should be mandatory
• c7a0737 fix(links): Fixed the incorrect links

sw360-5.1.0-M1

sw360-5.1.0-M1

This release contains a number of corrections after the Liferay Portal 7.2 CE GA1 based release has been rolled out. Therefore it contains mostly corrections for the UI. In addition to these, also the REST API endpoints were further improved. The report generation has been improved: Now, external Ids can be added to the generated documents.

Because it contains many corrections, every 5.0.0-M1 installation should be updated to this release.

New Features

• c86c97b feat(License Disclosure): Change order of listed items in disclosure documents
• 82a45cf feat(license-disclosure): External Ids incorporated in the license disclosure
• 5b554ae feature(table-filter): add filter box, fix print

Corrections

• 9b02a75 fix(components): Recompute aggrated fields on save
• 17d90ee fix(DownloadLicenseInfo): Corrected license selection based on attachment selection on attachmentusage
• d6d8540 fix(EditRelease UI): Removed duplicate field 'Licenses' from edit release
• b9be0e4 fix(licenseDisclosure): Added acknowledgements in TEXT and Docx format of License Disclosure
• b123c48 fix(LicenseDisclosureDocument): Ordering and formating license disclosure document.
• 97008f3 fix(merge): allow merging of complex fields, style improvements
• cd4c788 fix(merge): fix update conflict on component merge
• c6b3838 fix(merge): Some fields were not merged
• 1e6f424 fix(Release-UI): Vertical scrollbar for link release to project popup
• 20fb3d2 fix(ui): Added missing search box
• dcd681b fix(vendor): fix view name used when editing vendors
• abc6404 fix(vulnerability): Vulnerability tab loading issue
• dc0b9d6 fix(fossology): fossology and fossolgy
• 4fe4d4f fix(Rest-API): Corrected 'createdBy' field value for Project and Component
• eb15c85 fix(Rest-API): Small fix around ProjectClearingState during create and update project
• fae1c99 fix(Rest-Component): Corrected all components by type rest end point
• f7d204e fix(REST: Project) : Fixed error response for create project from rest
• a2750bf fix(rest): Fixed get component API having default vendor id as empty

Infrastructure

• d9ff676 chore(pom): change snapshot version from 6.0.0-SNAPSHOT to 5.1.0-SNAPSHOT
• e59f8b3 chores(config): Fix friendly URL for license page
• 81600f4 chores(merge): Retain owner as moderator
• a80b82c chores(pom): Update to next development version

sw360-5.0.0-M1

sw360-5.0.0-M1

This release is the first release using the Liferay Portal 7.2 CE GA1 release. The codebase of the portal project has been updated from the previously used Liferay 6.2 version. As this represents a huge change also to related areas (pom files, etc.), the sw360 5.0.0 is bascially a sw360 4.0.1 with the newer Liferay. The following commits have been applied:

New Features

• 35165e6 feat(auth): script to add the unsafe default client directly to DB
• 4fd501c feat(thrift): add timeout for thrift client

Test, Documentation and Infrastructure

• 3c4d3ed chores(all): Upgrade to Liferay 7.2 (Part I)
• 6657e79 chores(configuration): Update Liferay configuration
• 7fbd42e chores(all): Upgrade to Liferay 7.2 (Part II)
• 52592bf chores(build): add build plugin
• 7d9e30e chores(deploy): add new deploy profile
• 1d5bff2 chores(liferay): Feedback from Liferay 7 review
• 36ae2c1 chores(build): Fix deploy profile
• 918d054 chores(configuration): allow external files
• `` chores(changelog): initial commit

Corrections

• deb868c fix(tests): Use configured couch db url
• da1f0b8 fix(search): make search logic consistent
• 1d830ee fix(project): fix compare if no version is set
• 0c2a341 fix(Components): Fix naming component error (name's component contain...
• c7f03c8 fix(rest): fix broken logic in updateProject
• be90070 fix(rest): auth server is broken due to LifeRay api change

sw360-4.0.1-M1

This release fixes a small issue at the project creation. It was added to have a good working sw360 4 release.

Corrections

• c7f03c8 fix(rest): fix broken logic in updateProject