Port changes from upstream DT release 4.12.x #1358

nscuro · 2024-06-24T11:29:58Z

Current Behavior

v4.12 of vanilla Dependency-Track is being worked on. We need to port the relevant changes to Hyades.

Note

This issue is being created early, in order to keep track of the v4.12.x changes we have already ported prior to an official v4.12 release.

For reference, changes from v4.11.x were ported here: #1190

Proposed Behavior

Issue / PR	Type	Description	Backported	Backport PR
DependencyTrack/dependency-track#3682	Enhancement	Raise baseline Java version to 21	✅	DependencyTrack/hyades-apiserver#628
DependencyTrack/dependency-track#3711	Enhancement	Bump Alpine to `2.2.6-SNAPSHOT`	✅	DependencyTrack/hyades-apiserver#815
DependencyTrack/dependency-track#3713	Enhancement	Remove workarounds for `#2677`	N/A, workaround was never in place for Hyades	-
DependencyTrack/dependency-track#3722	Enhancement	Remove legacy BomUploadProcessingTask	N/A, legacy task does not exist in Hyades	-
DependencyTrack/dependency-track#3724	Enhancement	Gracefully handle NotSortableExceptions	✅	DependencyTrack/hyades-apiserver#832
DependencyTrack/dependency-track#3726	Enhancement	Migrate from Swagger v2 to OpenAPI v3	✅	DependencyTrack/hyades-apiserver#785
DependencyTrack/dependency-track#3728	Enhancement	Improve OpenAPI v3 integration	✅	DependencyTrack/hyades-apiserver#820
DependencyTrack/dependency-track#3730	Enhancement	Migrate to Jakarta EE 10 and Jetty 12	✅	DependencyTrack/hyades-apiserver#785
DependencyTrack/dependency-track#3731	Bugfix	Fix OpenAPI types of UNIX timestamp fields	✅	DependencyTrack/hyades-apiserver#833
DependencyTrack/dependency-track#3746, DependencyTrack/frontend#930	Enhancement	Add EPSS conditions to policies	✅	DependencyTrack/hyades-apiserver#834, DependencyTrack/hyades-frontend#114
DependencyTrack/dependency-track#3819	Enhancement	Bump CWE dictionary to v4.14	✅	DependencyTrack/hyades-apiserver#842, #1445
DependencyTrack/dependency-track#3846	Enhancement	Bump SPDX license list to v3.24.0	✅	DependencyTrack/hyades-apiserver#844
DependencyTrack/dependency-track#3869	Enhancement	Improve performance of findings retrieval	✅	DependencyTrack/hyades-apiserver#757
DependencyTrack/dependency-track#3889	Bugfix	Fix NPE when querying component metadata for projects without findings	✅	DependencyTrack/hyades-apiserver#765
DependencyTrack/frontend#927	Enhancement	Raise baseline node version to 20	✅	DependencyTrack/hyades-frontend#86
DependencyTrack/dependency-track#3990	Enhancement	Log warning when dependency graph is missing the root node	✅	DependencyTrack/hyades-apiserver#795
DependencyTrack/dependency-track#3982	Enhancement	Ensure no unique constraint violation for ProjectMetadata	✅	DependencyTrack/hyades-apiserver#926
DependencyTrack/dependency-track#3958	BugFix	Fix JDOUserException when multiple licenses match a component's license name	✅	DependencyTrack/hyades-apiserver#806
DependencyTrack/dependency-track#3960, DependencyTrack/dependency-track#3843	Enhancement	Fix missing projectTags parameter for POST /v1/bom endpoint	✅	DependencyTrack/hyades-apiserver#814
DependencyTrack/dependency-track#3691, DependencyTrack/frontend#872	Enhancement	Add active Field To Project Versions + frontend	✅	DependencyTrack/hyades-apiserver#813, DependencyTrack/hyades-frontend#106
DependencyTrack/dependency-track#3924	Enhancement	Add REST endpoints to tag and untag policies in bulk + frontend	✅	DependencyTrack/hyades-apiserver#830, DependencyTrack/hyades-frontend#113
DependencyTrack/dependency-track#3711	Enhancement	Replace manual transaction commits with callInTransaction	✅	DependencyTrack/hyades-apiserver#815
DependencyTrack/dependency-track#3894	Enhancement	Add REST endpoints for bulk tagging & un-tagging of projects	✅	DependencyTrack/hyades-apiserver#821
DependencyTrack/dependency-track#3881, DependencyTrack/frontend#922, DependencyTrack/dependency-track#3887	Enhancement	Add REST endpoints for tag retrieval + frontend	✅	DependencyTrack/hyades-apiserver#819, DependencyTrack/hyades-frontend#107
DependencyTrack/dependency-track#3896	Enhancement	Add REST endpoint for tag deletion	✅	DependencyTrack/hyades-apiserver#824, DependencyTrack/hyades-frontend#112
DependencyTrack/dependency-track#4026	BugFix	Fix project link for new vulnerable dependency for email	✅	#1440, DependencyTrack/hyades-apiserver#835
DependencyTrack/dependency-track#3761	Enhancement	Search component by group	✅	DependencyTrack/hyades-apiserver#836
DependencyTrack/dependency-track#3796	Enhancement	Add Notification For `BOM_VALIDATION_FAILED`	✅	#1443, DependencyTrack/hyades-apiserver#839, DependencyTrack/hyades-frontend#116
DependencyTrack/dependency-track#3915	Bugfix	Set license name instead of ID when using custom license	✅	DependencyTrack/hyades-apiserver#845
DependencyTrack/dependency-track#3948	Bugfix	Fix vex export returning invalid CycloneDX	✅	DependencyTrack/hyades-apiserver#852
DependencyTrack/dependency-track#4020	Bugfix	Fix validation error when multiple namespace declarations are present	✅	DependencyTrack/hyades-apiserver#874
DependencyTrack/dependency-track#3969	Enhancement	Replace author with authors	✅	DependencyTrack/hyades-apiserver#866
DependencyTrack/dependency-track#4104	Bugfix	Bump DataNucleus to 6.0.8	✅	DependencyTrack/hyades-apiserver#882
DependencyTrack/dependency-track#4147, DependencyTrack/dependency-track#4146	Bugfix	Handle existing duplicate component properties, Handle empty component and service names	✅	DependencyTrack/hyades-apiserver#911
DependencyTrack/dependency-track#4131	Enhancement	Customizable login page + frontend	✅	DependencyTrack/hyades-apiserver#913, DependencyTrack/hyades-frontend#133
DependencyTrack/dependency-track#4109	Enhancement	Support inclusion/exclusion of projects from BOM validation with tags + frontend	✅	DependencyTrack/hyades-apiserver#914, DependencyTrack/hyades-frontend#134
DependencyTrack/dependency-track#4031	Enhancement	Add tag support for notifications, and REST endpoints for tagging & untagging notifications in bulk + frontend	✅	DependencyTrack/hyades-apiserver#918, #1532, DependencyTrack/hyades-frontend#143
DependencyTrack/dependency-track#4165	Bugfix	Fix infinite recursion during policy condition serialization	✅	DependencyTrack/hyades-apiserver#920
DependencyTrack/dependency-track#4154, DependencyTrack/dependency-track#4136	Enhancement	Include team name in audit trail for API-submitted audit changes + Feat/systemwide language	✅	DependencyTrack/hyades-apiserver#922
DependencyTrack/dependency-track#4050, DependencyTrack/dependency-track#4091, DependencyTrack/dependency-track#3959	Enhancement	Port test cases	✅	DependencyTrack/hyades-apiserver#924
DependencyTrack/dependency-track#3983	Enhancement	Add option to test notification publisher + frontend	✅	DependencyTrack/hyades-apiserver#928, DependencyTrack/hyades-frontend#147
DependencyTrack/dependency-track#4171	Bugfix	Fix directDependencies of cloned projects referring to original component UUIDs	✅	DependencyTrack/hyades-apiserver#927
DependencyTrack/dependency-track#3947	Enhancement	Cleanup temporary workarounds	✅	DependencyTrack/hyades-apiserver#930
DependencyTrack/dependency-track#4177	Enhancement	Visible Endpoint returns only Visible Teams(name, uuid)	✅	DependencyTrack/hyades-apiserver#935
DependencyTrack/dependency-track#4059	Enhancement	Enhance badge API to require authorization	✅	DependencyTrack/hyades-apiserver#941, DependencyTrack/hyades-frontend#155
DependencyTrack/dependency-track#4184, DependencyTrack/frontend#1017	Enhancement	Introduce isLatest project flag & allow policies to be limited to latest version + frontend	✅	DependencyTrack/hyades-apiserver#945, DependencyTrack/hyades-frontend#157
DependencyTrack/frontend#993	Enhancement	Adding functionality to download component table data as a csv	✅	DependencyTrack/hyades-frontend#158
DependencyTrack/dependency-track#4092 (comment)	Enhancement	Enhance "Create Project" dialog to include team selection + frontend	✅	DependencyTrack/hyades-apiserver#948, DependencyTrack/hyades-frontend#168
DependencyTrack/dependency-track#3544, DependencyTrack/frontend#772	Enhancement	Global Audit View: Policy Violations + frontend	TODO	DependencyTrack/hyades-apiserver#949, DependencyTrack/hyades-frontend#171
DependencyTrack/frontend#992	Enhancement	Feat: Systemwide Default Language	✅	DependencyTrack/hyades-apiserver#950, DependencyTrack/hyades-frontend#172
DependencyTrack/frontend#996, DependencyTrack/frontend#1012, DependencyTrack/frontend#988	Enhancement	Confirmation prompt for project deletion + Fix links with href="#" being pushed to Vue router + feat/Save Sidebar state in local storage	✅	DependencyTrack/hyades-frontend#173
DependencyTrack/dependency-track#4202	Enhancement	Fix redundant ConfigProperty queries in BadgeResource	✅	DependencyTrack/hyades-apiserver#977
DependencyTrack/dependency-track#3468	Enhancement	Exclude pre-releases from NuGet latest version check	✅	#1595
DependencyTrack/dependency-track#4174	Bugfix	Fix CPE not being imported from CycloneDX metadata.component	✅	DependencyTrack/hyades-apiserver#978
DependencyTrack/frontend#801	Enhancement	add support for serving from custom path	✅	DependencyTrack/hyades-frontend#202

v4.12.1

Issue / PR	Type	Description	Backported	Backport PR
DependencyTrack/dependency-track#4232	Bugfix	Fix logs not containing usernames of deleted users	✅	DependencyTrack/hyades-apiserver#993
DependencyTrack/dependency-track#4233	Bugfix	Fix unintended manual flushing mode due to DataNucleus ExecutionContext pooling	✅	DependencyTrack/hyades-apiserver#994
DependencyTrack/dependency-track#4234	Bugfix	Prevent duplicate policy violations	✅	DependencyTrack/hyades-apiserver#996
DependencyTrack/dependency-track#4235	Bugfix	Enhance policy violation de-duplication logic	N/A, was meant to ease transition from duplicated to de-duplicated violations. Hyades doesn't have that issue.	-
DependencyTrack/dependency-track#4258	Bugfix	Fix inaccuracies of Trivy analyzer	N/A, Trivy not yet implemented	-
DependencyTrack/dependency-track#4259	Bugfix	Fix redundant query for "ignore unfixed" config during Trivy analysis	N/A, Trivy not yet implemented	-
DependencyTrack/dependency-track#4271	Bugfix	Bump cyclonedx-core-java to 9.1.0	✅	DependencyTrack/hyades-apiserver#997
DependencyTrack/dependency-track#4301	Docs	Update Deploying Docker guide to Compose v2	-	-
DependencyTrack/dependency-track#4309	Bugfix	Bump Alpine to 3.1.1	✅	-
DependencyTrack/dependency-track#4315	Bugfix	Bump Temurin base image to 21.0.5_11	✅	DependencyTrack/hyades-apiserver#999
DependencyTrack/dependency-track#4317	Bugfix	Fix excessive memory usage of portfolio repository meta analysis	N/A, the problematic logic no longer exists	-
DependencyTrack/dependency-track#4319	Bugfix	Bump bundled frontend to 4.12.1	N/A, frontend is no longer bundled	-
DependencyTrack/frontend#1043	Enhancement	Add .gitattributes to fix prettier behavior on Windows	✅	DependencyTrack/hyades-frontend#197
DependencyTrack/frontend#1044	Bugfix	Fix state of sidebar not being saved for non-SNAPSHOT versions	✅	DependencyTrack/hyades-frontend#198
DependencyTrack/frontend#1045	Bugfix	Fix OIDC users not being displayed in Team view	✅	DependencyTrack/hyades-frontend#199
DependencyTrack/frontend#1046	Bugfix	Fix creation of multiple projects without reloading page	✅	DependencyTrack/hyades-frontend#200
DependencyTrack/frontend#1049	Bugfix	Always display project nodes in dependency graph using name and version	✅	DependencyTrack/hyades-frontend#201
DependencyTrack/frontend#1051	Bugfix	Fix caching issues upon upgrade	-	-
DependencyTrack/frontend#1052	Bugfix	Fix: "Add Version" Create Button Should Be Inactive Until Version Provided	-	-
DependencyTrack/frontend#1057	Bugfix	Fix missing URI encoding of tag names	-	-
DependencyTrack/frontend#1068	Bugfix	Fix breadcrumbs navigation being broken for non-english languages	-	-
DependencyTrack/frontend#1069	Bugfix	Fix NGINX ipv6 listening	-	-
DependencyTrack/frontend#1074	Bugfix	Bump nginxinc/nginx-unprivileged to 1.27.2-alpine	-	-

v4.12.2

Issue / PR	Type	Description	Backported	Backport PR
DependencyTrack/dependency-track#4377	Bugfix	Reduce memory usage of metrics update tasks	Possibly N/A because we use stored procedures now	-
DependencyTrack/dependency-track#4378	Bugfix	Fix CPE matching for NVD mirroring via REST API	-	-
DependencyTrack/dependency-track#4379	Bugfix	Fix incorrect CWE schema in OpenAPI spec	-	-
DependencyTrack/dependency-track#4380	Bugfix	Fix NullPointerException when fetching findings	-	-
DependencyTrack/dependency-track#4381	Bugfix	Fix policy evaluation not happening upon creation or update of individual components	Possibly N/A because we lock the task with shedlock, but need to double-check	-
DependencyTrack/dependency-track#4382	Bugfix	Fix nullable metrics fields having getters of primitive type	-	-
DependencyTrack/dependency-track#4395	Bugfix	Fix Trivy analyzer vulnerability matching for Go packages	-	-
DependencyTrack/dependency-track#4417	Bugfix	Move GHSA notification logic outside recursion	N/A, affected code no longer exists	-
DependencyTrack/dependency-track#4420	Bugfix	Add cyclonedx json media type when exporting components	-	-
DependencyTrack/dependency-track#4419	Bugfix	Fix NPE when cloning projects with broken dependency graph	-	-
DependencyTrack/dependency-track#4418	Bugfix	Fix project.active being nullable	-	-
DependencyTrack/dependency-track#4436	Bugfix	Bump Alpine to 3.1.2	-	-
DependencyTrack/dependency-track#4441	Bugfix	Bump bundled frontend to 4.12.2	N/A, frontend is no longer bundled	-
DependencyTrack/dependency-track#4442	Bugfix	Fix incompatibility of swagger-core with newer jackson-databind versions	-	-
DependencyTrack/frontend#1099	Bugfix	Fix no error being displayed when submitting an invalid welcome message	-	-
DependencyTrack/frontend#1101	Bugfix	Fix broken NGINX IPv6 listening	-	-
DependencyTrack/frontend#1100	Bugfix	Fix tags with special characters breaking the tags table	-	-
DependencyTrack/frontend#1102	Bugfix	Show component properties to users with VIEW_PORTFOLIO permission	-	-
DependencyTrack/frontend#1103	Bugfix	Fix missing URI encoding for vulnerability IDs	-	-
DependencyTrack/frontend#1108	Bugfix	Bump nginxinc/nginx-unprivileged to 1.27.3-alpine	-	-
DependencyTrack/frontend#1109	Bugfix	Improve russian translation	-	-

Checklist

I have read and understand the contributing guidelines
I have checked the existing issues for whether this enhancement was already requested

The text was updated successfully, but these errors were encountered:

nscuro added enhancement New feature or request v4-port PRs that were ported from the Dependency-Track v4.x code base labels Jun 24, 2024

This was referenced Jun 28, 2024

Fix NPE when querying component metadata for projects without findings DependencyTrack/hyades-apiserver#765

Merged

Port: Improve performance of findings retrieval DependencyTrack/hyades-apiserver#757

Merged

This was referenced Jul 6, 2024

Raise baseline Node version to 20 DependencyTrack/hyades-frontend#86

Merged

GA Roadmap #860

Open

sahibamittal mentioned this issue Jul 31, 2024

Port : add project tags parameter for bom endpoints DependencyTrack/hyades-apiserver#814

Merged

5 tasks

nscuro pinned this issue Jul 31, 2024

nscuro mentioned this issue Jul 31, 2024

Replace manual transaction commits with callInTransaction DependencyTrack/hyades-apiserver#815

Merged

2 tasks

This was referenced Jul 31, 2024

Add REST endpoints to tag and untag policies in bulk DependencyTrack/hyades-apiserver#817

Closed

Port : Add REST endpoints for tag retrieval DependencyTrack/hyades-apiserver#819

Merged

Port : Add tag management view DependencyTrack/hyades-frontend#107

Merged

nscuro mentioned this issue Aug 1, 2024

Port: Improve OpenAPI v3 integration DependencyTrack/hyades-apiserver#820

Merged

2 tasks

This was referenced Aug 7, 2024

Port: Fix OpenAPI types of UNIX timestamp fields DependencyTrack/hyades-apiserver#833

Merged

Port: Add EPSS conditions to policies DependencyTrack/hyades-apiserver#834

Merged

Port: Add EPSS score policy condition DependencyTrack/hyades-frontend#114

Merged

sahibamittal mentioned this issue Sep 26, 2024

Port : Add ability to test notification publishers DependencyTrack/hyades-frontend#147

Merged

2 tasks

nscuro mentioned this issue Sep 26, 2024

Port: Cleanup temporary workarounds; Apply granular permissions to new tag endpoints DependencyTrack/hyades-apiserver#930

Merged

2 tasks

nscuro added this to Hyades Oct 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Port changes from upstream DT release 4.12.x #1358

Port changes from upstream DT release 4.12.x #1358

nscuro commented Jun 24, 2024 •

edited

Loading

Port changes from upstream DT release 4.12.x #1358

Port changes from upstream DT release 4.12.x #1358

Comments

nscuro commented Jun 24, 2024 • edited Loading

Current Behavior

Proposed Behavior

v4.12.1

v4.12.2

Checklist

nscuro commented Jun 24, 2024 •

edited

Loading