-
-
Notifications
You must be signed in to change notification settings - Fork 521
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2163 from nscuro/port-issue-2115
Port changes from v4.6.3 to v4.7.0-SNAPSHOT
- Loading branch information
Showing
5 changed files
with
99 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
--- | ||
title: v4.6.3 | ||
type: patch | ||
--- | ||
|
||
This release fixes a defect in the caching of vulnerability analysis results from external sources. | ||
There are no changes for the frontend, the latest version of it remains 4.6.1. | ||
|
||
**Fixes:** | ||
|
||
* Resolved a defect that caused the [component analysis cache] validity period to be too short - [#2115] | ||
|
||
**Upgrade Notes:** | ||
|
||
* The value of the `scanner.analysis.cache.validity.period` configuration property will be reset to 12 hours | ||
during the automated upgrade. No manual actions are required. | ||
|
||
For a complete list of changes, refer to the respective GitHub milestones: | ||
|
||
* [API server milestone 4.6.3](https://github.com/DependencyTrack/dependency-track/milestone/30?closed=1) | ||
|
||
###### dependency-track-apiserver.jar | ||
|
||
| Algorithm | Checksum | | ||
|:----------|:-----------------------------------------------------------------| | ||
| SHA-1 | 68b806410c2e68fe8c586b93044f29a648f96466 | | ||
| SHA-256 | d9b5337419addee26658da8e421f0286aaa92160b8f6f85caca83aa1a328611f | | ||
|
||
###### dependency-track-bundled.jar | ||
|
||
| Algorithm | Checksum | | ||
|:----------|:-----------------------------------------------------------------| | ||
| SHA-1 | ac2a60bc8fedad714fa55c2aaad44533fa2086d7 | | ||
| SHA-256 | 1229681b5d1dc399ec662946969f7ef225bc7e6381861d8eb35e31d431b25714 | | ||
|
||
###### Software Bill of Materials (SBOM) | ||
|
||
* API Server: [bom.json](https://github.com/DependencyTrack/dependency-track/releases/download/4.6.3/bom.json) | ||
|
||
[#2115]: https://github.com/DependencyTrack/dependency-track/issues/2115 | ||
[component analysis cache]: {{ site.baseurl }}{% link _docs/analysis-types/known-vulnerabilities.md %}#analysis-result-cache |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
src/main/java/org/dependencytrack/upgrade/v463/v463Updater.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/* | ||
* This file is part of Dependency-Track. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* Copyright (c) Steve Springett. All Rights Reserved. | ||
*/ | ||
package org.dependencytrack.upgrade.v463; | ||
|
||
import alpine.common.logging.Logger; | ||
import alpine.persistence.AlpineQueryManager; | ||
import alpine.server.upgrade.AbstractUpgradeItem; | ||
|
||
import java.sql.Connection; | ||
import java.sql.PreparedStatement; | ||
|
||
import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD; | ||
|
||
public class v463Updater extends AbstractUpgradeItem { | ||
|
||
private static final Logger LOGGER = Logger.getLogger(v463Updater.class); | ||
|
||
@Override | ||
public String getSchemaVersion() { | ||
return "4.6.3"; | ||
} | ||
|
||
@Override | ||
public void executeUpgrade(final AlpineQueryManager qm, final Connection connection) throws Exception { | ||
LOGGER.info("Resetting scanner cache validity period to 12h"); | ||
final PreparedStatement ps = connection.prepareStatement(""" | ||
UPDATE "CONFIGPROPERTY" SET "PROPERTYVALUE" = ? | ||
WHERE "GROUPNAME" = ? AND "PROPERTYNAME" = ? | ||
"""); | ||
ps.setString(1, SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD.getDefaultPropertyValue()); | ||
ps.setString(2, SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD.getGroupName()); | ||
ps.setString(3, SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD.getPropertyName()); | ||
ps.executeUpdate(); | ||
} | ||
|
||
} |