Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port DT Release 4.9.0 changes to Hyades #858

Closed
Tracked by #860
VithikaS opened this issue Oct 18, 2023 · 2 comments
Closed
Tracked by #860

Port DT Release 4.9.0 changes to Hyades #858

VithikaS opened this issue Oct 18, 2023 · 2 comments
Labels
component/api-server p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP size/L High effort

Comments

@VithikaS
Copy link
Collaborator

VithikaS commented Oct 18, 2023

Changelog for DT Release 4.9.0 https://docs.dependencytrack.org/changelog/
Release 4.9.0 changes have to be ported to hyades

Issue / PR Type Description Backported Backport PR
DependencyTrack/dependency-track#2817 Misc Fix GHA set-output deprecation warnings DependencyTrack/hyades-apiserver#361
DependencyTrack/dependency-track#2872 Bugfix Fix memory leak in policy evaluation DependencyTrack/hyades-apiserver#230
DependencyTrack/dependency-track#2873 Bugfix Fix memory leak issue in vex upload processing task DependencyTrack/hyades-apiserver#229
DependencyTrack/dependency-track#2769 Enhancement Custom licenses DependencyTrack/hyades-apiserver#364
@VithikaS DependencyTrack/dependency-track#3051 Bugfix Fix JsonIgnore having no effect on transient field DependencyTrack/hyades-apiserver#362
@sahibamittal DependencyTrack/dependency-track#3083, DependencyTrack/dependency-track#2623 Enhancement Create endpoint to fetch many components and services DependencyTrack/hyades-apiserver#366
DependencyTrack/dependency-track#2423 Enhancement Separate policy evaluation into its own task N/A, already implemented in Hyades DependencyTrack/hyades-apiserver#160
DependencyTrack/dependency-track#2581 Enhancement Added transient List of ProjectVersions and set Metrics in Project DependencyTrack/hyades-apiserver#367
@VithikaS DependencyTrack/dependency-track#3068 Bugfix Fix NPE when checking for project without version DependencyTrack/hyades-apiserver#365
@sahibamittal DependencyTrack/dependency-track#2568 Enhancement New option to only return outdated components and/or only direct dependencies in the ComponentResource DependencyTrack/hyades-apiserver#372
@VithikaS DependencyTrack/dependency-track#2911 Enhancement Upgrade the snyk api version N/A version is in application properties -
@VithikaS DependencyTrack/dependency-track#2989 Enhancement Log warning when Vex cannot be applied DependencyTrack/hyades-apiserver#368
@VithikaS DependencyTrack/dependency-track#3047 Enhancement Prefix apikey with odt_ N/A Already ported to apiserver DependencyTrack/hyades-apiserver#327
DependencyTrack/dependency-track#2871 Enhancement CWE Catalogue Out of Date DependencyTrack/hyades-apiserver#369
#859
@VithikaS DependencyTrack/dependency-track#2997 Enhancement Allow operator and violation state to be specified DependencyTrack/hyades-apiserver#371
@nscuro DependencyTrack/dependency-track#3006 Enhancement Update SPDX license list to v3.21 DependencyTrack/hyades-apiserver#375
@nscuro DependencyTrack/dependency-track#2675 Enhancement Add Docker Compose files for simplified local testing Only porting partially; Compose files now live in the hyades repo DependencyTrack/hyades-apiserver#370
@nscuro DependencyTrack/dependency-track#2913 Enhancement Use IntelliJ standard directory for run configurations, and add project icon DependencyTrack/hyades-apiserver#370
@VithikaS DependencyTrack/dependency-track#2537 Enhancement New Version Distance Policy Evaluator DependencyTrack/hyades-apiserver#374
@nscuro DependencyTrack/dependency-track#3070 Bugfix Fix false negatives in NVD CPE matching #861
@sahibamittal DependencyTrack/dependency-track#2859 Misc Add regression test for XML BOM parsing DependencyTrack/hyades-apiserver#372
@sahibamittal DependencyTrack/dependency-track#2788 Bugfix Fix VDR export containing non-vulnerable components DependencyTrack/hyades-apiserver#372
@nscuro DependencyTrack/dependency-track#3095 Bugfix Fix invalid Mattermost notification template; Add more thorough publisher tests DependencyTrack/hyades-apiserver#384
@VithikaS DependencyTrack/dependency-track#2243 Bugfix Add extensive test suite for CPE matching logic NA Implemented with porting of #3070 -
@VithikaS DependencyTrack/dependency-track#2878 Bugfix Fix VDR export erroneously containing non-vulnerable components NA Implemented already with porting of #2788 -
@VithikaS DependencyTrack/dependency-track#3067 Bugfix Fix VEX export erroneously containing dependency graph DependencyTrack/hyades-apiserver#381
@VithikaS DependencyTrack/dependency-track#2980 Bugfix Fix version distance policy being evaluated despite not being configured DependencyTrack/hyades-apiserver#382
@nscuro DependencyTrack/dependency-track#2651 Enhancement Include Cloud SQL database connectors DependencyTrack/hyades-apiserver#383
#870
@VithikaS DependencyTrack/dependency-track#2967 Bugfix Fix AffectedComponent format for CPEs with version ranges DependencyTrack/hyades-apiserver#385
@VithikaS DependencyTrack/dependency-track#2903 Enhancement Update Docker image to latest debian stable release DependencyTrack/hyades-apiserver#387
@VithikaS DependencyTrack/dependency-track#3071 Enhancement Update cyclonedx-core-java to 8.0.0 / Support Import of CycloneDX 1.5 BOMs On hold, waiting for release of cyclonedx-core-java 8.0.2 -
@VithikaS DependencyTrack/dependency-track#3069 Enhancement Bump temurin base image to 17.0.8.1_1 DependencyTrack/hyades-apiserver#387
@VithikaS DependencyTrack/dependency-track#2971 Bugfix Exclude xml-apis dependency / The package javax.xml.parsers is accessible from more than one module DependencyTrack/hyades-apiserver#387
@nscuro DependencyTrack/dependency-track#2400 Enhancement Implement SPDX expressions DependencyTrack/hyades-apiserver#393
@nscuro DependencyTrack/dependency-track#2965 Enhancement SPDX expression support improvements DependencyTrack/hyades-apiserver#396
@nscuro
Copy link
Member

nscuro commented Oct 19, 2023

Note: Two PRs related to fixing memory leaks were already backported:

Closing #660 as duplicate.

@nscuro nscuro added this to Hyades Oct 20, 2023
@nscuro nscuro moved this to In Progress in Hyades Oct 20, 2023
@nscuro nscuro pinned this issue Oct 23, 2023
@nscuro nscuro added p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP size/L High effort component/api-server labels Oct 23, 2023
@nscuro
Copy link
Member

nscuro commented Oct 27, 2023

All done!

@nscuro nscuro closed this as completed Oct 27, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Hyades Oct 27, 2023
@nscuro nscuro unpinned this issue Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/api-server p1 Critical bugs that prevent DT from being used, or features that must be implemented ASAP size/L High effort
Projects
Archived in project
Development

No branches or pull requests

2 participants