Releases: eclipse-sw360/sw360
Releases · eclipse-sw360/sw360
sw360-19.2.0
sw360-19.2.0
This minor release includes numerous features, corrections, and improvements across the SW360 project since the 19.1.0 release.
Highlight of the changes includes:
- Various vulnerabilities and security fixes.
- Unified/simplified REST API error response with Exceptions.
- New endpoint to get and update SW360 config (also making it possible to update on fly).
- Multitude of REST API endpoint improvements and additions.
linux/amd64andlinux/arm64multi-arch docker image support.
Credits
The following GitHub users have contributed to the source code since the last release (in alphabetical order):
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Bibhuti Bhusan dash bibhuti230185 <bibhuti230185@gmail.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> duonglq-tsdv <duong1.lequy@toshiba.co.jp>
> Farooq Fateh Aftab <farooq-fateh.aftab@siemens.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> mishraditi <aditimishra91924@gmail.com>
> Mohamed Hanafy <mohamed.hanfy.dev@outlook.com>
> Nikesh kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Shi Qiu <shi1.qiu@toshiba.co.jp>
> Shushant <148479955+Shushant-Priyadarshi@users.noreply.github.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
2d51a3097feat(exception): replace deprecated exceptionf133b896dfeat(Configurations): Add new endpoints that allow to GET/UPDATE SW360 configurations5fa3afec1feat(version): generate OpenAPI doc version on flyd8f6b01d8feat(Department): Add new endpoints: - Get/Update department members - Get importing department's log file list and contentedec79367feat(addNewComponentType) : Added new component type COTS-Trusted Suppliere464254befeat(rest): Added tests for upload and download componentsd8393a319feat(rest): Added endpoints to fetch schedule service statusa1a01c89dfeat(rest) : Endpoint for export SBOM at project detail pagef15fd779afeat(script): read host, user and pass as args8d5a77ee7feat(rest): new rest endpoint for edit obligation65db380b9feat(project): add new values to project state field8c17597a4feat(exportCDX): update CycloneDX exporter dependency from v1.4 to v1.6a84a42b48feat(rest): Count of attachments used in different projects.f40e72c3cfeat(rest): create new endpoint for bulk delete function927da5a54feat(rest) : Search for vendors added.45a53b4e2feat: Add multiarch for docker image6373bed28feat(rest) : Comment added to reuse methods for Duplicateobligation functionalitye764a5823feat(rest): endpoint to merge vendor.4bab8d07afeat(User): Add 2 new endpoints: - Allow Admin user to update user - List all existing department2d0664f2ffeat(rest) : Advanced Search for project pagef15ccd798feat(rest): standardize POST response to include created entity IDc273f1925feat(rest): create new endpoint to delete ModerationRequests by id.be7606f32feat(rest): create new enpoint to upload component csv file.068385703feat(api): complete advance search for components
Corrections
1b92b5135fix(spdx): add null and empty field checks for SPDX documents2d1ace631fix(ci): set min version of CMake to 3.51cb9e8f4efix(test): fix test cases for correct exceptions4cba33716fix(controller): fix further changes after rebaseeb73f32c4fix(Obligations): includes ObligationLevel in get all obligations responsesb0d1be0d0fix(security): remove WebSecurityCustomizer991eb8f0afix(xss): ignore essential headers from XSS filter00d3cb129fix(project): set fields getLicenseObligationDataef153bce9fix(obligation): fix obligation patch5f6796ee6fix(rest) : Advancesearch(AdditionalData) for project page with value based search9daf29b74fix(Project): Resolve issue with embedded type in project release response when length is 0e415d05a4fix: Set docker main and development image9038d8dd2fix: Adjust copyrights and licenses properly72dbb8c72fix(projectService): fix user role check18193631bfix(rest): Add license information linking for project releases.5336aea47fix(script): fix addUnsafeDefaultClient.sh script00b552d58fix(SPDXDocument): Fix bug add SPDX document always return faild4c0f913cfix(Token): Fix bug authentication by user token not working5b3535a9bfix(project): add more null checks for attachments0e9052f23fix(project): null check at /summaryAdministration840fa9740fix: Adjust sw360 container build for external thrifte378da720fix(Admin): fix OAuth Client deserialization and database operationscb52c1ad6fix(Rest): Create new endpoint to activate the department manually.4adc4a268fix(rest) : Add licenseInfoHeaderText in summaryAdministration api responsecadc213e9fix(rest) : Moderation update overwrites previous fieldsd3aeefc6dfix(Attachment): Make get attachment endpoints of component/release/project consistent - Allow updating project/component/release with attachment data (in a consistent way)48f9159bbfix(Rest): new endpoint will help to get the package details by projectId.fbea70a91fix(rest): Added packageIds in project create and update APIs.886ad473cfix(Rest): Updated the REST endpoint to schedule the upload of release component attachments.975e30f49fix(importCDX): Add logging for null metadata in sbom.41ea54857fix(licenseinfo): Corrected the Open Source title in TEXT format to match DOCX format6ba3bf675fix(rest): Prevent stored XSS5365f10b8fix(component): add null check for release mergeb91d3ad10fix(rest): Added code to get obligation releaseView data in project.bbd7a4361fix(Rest): License overview is not updating in summary page.eeb3c86d4fix(rest): fix doc for ModerationRequestController663ac8377fix(rest): Validate comment message while create a moderation request.6dbec3601fix(rest): adding additional fields to attachmentUsage endpoint.325cf0ef5fix(deps): Deprecate old commmons-lang library75d3748ccfix(cloudant): fix structure of elemMatch queryaadf18948fix(report): refactor /reports endpoint20d02c954fix(doc): fix OpenAPI docs for report controller73726c45efix(moderation): fix moderation creation1cd3739bdfix(rest) : modified attachment info in response to the moderation request rest api1e1c5c1d0fix(rest): Added code for for updating multiple project attachments.c8b27567ffix(rest) : Closed Project functionalities not uniform with respect to UI and REST
Infrastructure
57827d8edchore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.139bfa90129chore(deps): bump com.tngtech.jgiven:jgiven-maven-plugin30d5f61abchore(deps): bump org.apache.maven.plugins:maven-surefire-plugin40a22ede4chore(deps): bump poi.version from 5.4.0 to 5.4.1fad1b859achore(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1f73f40dc4chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.09f208baf0chore(rest): rework exceptionsb14bf4058chore(deps): bump github/codeql-action from 3.28.12 to 3.28.135387e3fcdchore(deps): bump maven from70591cbtof1e4a8587806a5aechore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier5a3acda61chore(deps): bump springdoc-openapi-stater-common.versionb15710833chore(deps): bump org.apache.httpcomponents.client5:httpclient50cded8b31chore(deps): bump org.ow2.asm.version from 9.7.1 to 9.8d2de95f47chore(deps): bump httpcore5.version from 5.3.2 to 5.3.4b0e52e4f6chore(deps): bump org.mockito:mockito-core from 5.15.2 to 5.16.12a1ea1952chore(deps-dev): bump com.tngtech.jgiven:jgiven-junit350a8db21chore(deps): bump com.google.guava:failureaccess from 1.0.2 to 1.0.3b4b475444chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin197ed98b4chore(deps): bump springframework.version from 6.2.4 to 6.2.58c87ab4edchore(deps): bump actions/cache from 4.2.2 to 4.2.3403020e2bchore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.24809763e4chore(deps): bump github/codeql-action from 3.28.11 to 3.28.123ac6ea7dfchore(deps): bump org.springframework.security:spring-security-crypto64a8742a7doc(sbom): add allowable SBOM export types40c061cdfchore(controller): fix typo in endpoint namedfe68e180chore(deps): bump docker/login-action from 3.3.0 to 3.4.0712d613edchore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server1b05c7addchore(deps): bump com.ibm.cloud:cloudant from 0.10.0 to 0.10.21ac13a85achore(deps): bump keycloak.version from 26.1.3 to 26.1.4dff3a99d9chore(deps): bump springframework.version from 6.2.3 to 6.2.4fc4910ec0chore(deps): bump org.cyclonedx:cyclonedx-core-java38e0f199achore: Add push docker tag capability4e424695brefactor(rest): enhance logging and error handling in FossologyRestClient79beaf846chore(deps): bump docker/build-push-action from 6.13.0 to 6.15.0ac0cf9887chore(deps): bump docker/metadata-action from 5.6.1 to 5.7.0341fad29bchore(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0c442800bdchore(deps): bump github/codeql-action from 3.28.10 to 3.28.111b2c6f8f8chore(deps): bump tomcat from0530899to1374a56344b6995fchore(deps): bump slf4j.version from 2.0.16 t...
sw360-19.1.0
sw360-19.1.0
This minor release includes numerous features, corrections, and improvements across the SW360 project since the 19.0.0 release.
Highlight of the changes includes:
- Various vulnerabilities and security fixes.
- Multiple new REST API endpoints.
- Improvements on SBOM and CDX import.
Credits
The following GitHub users have contributed to the source code since the last release (in alphabetical order):
> Afsah Syeda <afsah.syeda@siemens-healthineers.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Arun Azhakesan <arun.azhakesan@siemens-healthineers.com>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> duonglq-tsdv <duong1.lequy@toshiba.co.jp>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> nikesh kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
> StepSecurity Bot <bot@stepsecurity.io>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
2133694fafeat(rest) : Export Project Create Clearing Request36df4a611feat(spdx): Add API for feature SPDX Document tab719165516feat(rest): endpoint to get license info header text.c64470ff8feat(rest): Add documentation for new clearing size parameter.e02307383feat(rest) : Rest end point for project ECC Export Spreadsheet9cd8646c1feat(Component): Add new endpoint that allows user to subscribe and unsubscribe to a componenta3edc6ceefeat(Release): Add new endpoint for release subscription8d6315f31feat(FossologyTrigger): stop repetitive entries of attachment.3a48426c9feat(ImportCDX):Handle redirection of VCS URLs in SBOMbe8d94046feat(rest): Create new api's in schedule tab.f41b8927dfeat(importCDX): Add functionality to configure release creation when importing SBOM to an existing projectddec17e5dfeat(rest): Add size parameter to clearing request.be032e39cfeat(importCDX): enhance CDX importer to sanitize VCS URLs for non-GitHub domains646c4e1bbfeat(Project): Create new endpoint that allow to duplicate project with network68c1fb737feat(Release): Add new endpoint to check cyclic links between releases9b32525a3feat(Project): Add new endpoint that allow to compare project network with default network108ba6700feat(Project): Add new endpoint to fetch linked releases of linked projects067f9135bfeat(Release): Add new endpoint that allow to get linked releases of release466a8c6d7feat(Project): Create new endpoint that allow to get linked releases in dependency network of a project75e3bc899feat(rest): Add endpoint to handle updation of clearing requests.7bcedef6afeat(rest): endpoint to remove orphaned obligations from project.fa17c2fedfeat(rest): delete a vendor by id.453eff793feat: Add default user/pwd to couchdb connectione81031333feat: Add default admin user if database is emptyf98db4ff4feat(rest): Add pagination to get clearing requests endpoint and fix 403 forbidden error33012fdc2feat(REST):fetch releases that are in NEW_CLEARING state and have a SRC/SRS attachment using parameter isNewClearingWithSourceAvailable2621657cdfeat: Add logging to identify releases with corrupted attachments during license generation73d0576c7feat(rest): endpoint to get list of obligations depending upon obligation level.24b71c5e6feat: Update README.md with openssf scorecard badge
Corrections
802013389fix(openapi)!: add health endpoint to openapib39c71b5bfix(Cloudant): Fix Cloudant document creation error by setting id and rev to null instead of empty string during Java object conversionda677a677Revert "fix(importCDX): Resolved unnecessary update of component fields"8f9859955fix(docs): fix OpenAPI docs8164a1f48fix(rest): Fixed the reference to wrong db for oauthclients4918ecd85fix(test): Remove unused invalid entries7c4b647e9fix(test): Remove unused invalid entriesac410370cfix: Enable back client libraryc41cdedfcfix: Ignore SECURITY.md on license checkffd83c62ffix(Project): Add missing properties in network response849284e3bfix(Project): Unset unnecessory data before store network into database87bdf001efix(test): enable unauthorized request test519496118fix(Project): Fix vulnerability: Information exposure through an error message48eb7437efix(User): Fix XSS vulnerability due to a user-provided value89e67b7e9fix(Rest): component attachment deletion while updating externalIdsc35e05fbdfix: Create sw360oauthclients database9cfb2c16dfix(rest): Enhance the acceptRequest method to see the proposed changes in project/component/release pages.342145702fix: Restore target for Dockerfilee18227af9fix: Remove spotless dead codeec6d2bc18fix: Adjust pinned dependencies on Dockerfile73e682053fix: Update POI code to modern versiona2734ca50fix(StepSecurity): Apply security best practices
Infrastructure
8a0793ed5chore(deps): bump org.apache.maven.plugins:maven-gpg-plugin06426f8bbchore(deps): bump keycloak.version from 26.0.6 to 26.0.7385a8bc74chore(deps): bump tomcat from7ebc6c3to935ff51d24a5c32achore(deps): bump github/codeql-action from 3.27.6 to 3.27.9e38177ad1chore(deps-dev): bump com.tngtech.jgiven:jgiven-junit7277d0815chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugine424549f5chore(deps): update wiremock to 3.10.0e35110da8chore(deps): use updated wiremockc5cbf16f4chore(deps): bump org.apache.httpcomponents.client5:httpclient5d59b81243chore(deps): bump actions/cache from 4.1.2 to 4.2.0e15aa510cchore(deps): bump maven from9ae8f00to85d505f97c483c04chore(deps): bump net.minidev:json-smart from 2.4.10 to 2.5.1862a08e73chore(deps): bump maven fromf401172to9ae8f00e0bec4851chore(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0668953ad0chore(deps): bump org.mockito:mockito-core from 2.28.2 to 5.14.2684e0703cchore(deps): bump maven from5a44dfftof401172b80aaa302chore(deps): bump tomcat from2ade2b0to7ebc6c339bb1e985chore(deps): bump ubuntu from35b7fc7to80dd3c3f24cbc910chore(deps): bump github/codeql-action from 3.27.5 to 3.27.60db57d021chore(deps): bump ubuntu from278628fto35b7fc7db32f3bb8chore: Remove cache from java-setup action03dda4438chore(deps): bump org.codehaus.mojo:versions-maven-plugin2a4c3c3a6chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin92f05513fchore(deps): bump org.apache.maven.plugins:maven-resources-plugin1c3aefe32chore(deps): bump jackson.version from 2.18.1 to 2.18.26d5b60f67chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server360f63268chore(deps): bump docker/build-push-action from 6.9.0 to 6.10.075b9565a2chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin8589b49b9chore(deps-dev): bump com.github.tomakehurst:wiremock-jre8b4362b73dchore(deps): bump org.apache.commons:commons-lang3 from 3.12.0 to 3.17.0c0f95baabchore(deps): Fix Maven warning for deprecation values067a3025echore(deps): bump org.apache.commons:commons-csv from 1.10.0 to 1.12.041da93540chore(deps): Move versions to supperpom2dfa4afdbchore(deps): bump org.keycloak:keycloak-core from 26.0.5 to 26.0.690c1a4724chore(deps): bump log4j2.version from 2.24.1 to 2.24.2a2beaa41echore(deps-dev): bump net.bytebuddy:byte-buddy from 1.10.18 to 1.15.10cca5c12a9chore(deps-dev): bump org.ow2.asm:asm-commons from 7.1 to 9.7.1ec4e041f6chore(deps): bump springframework.version from 6.1.14 to 6.2.0bb9225664chore(deps): bump org.apache.maven.plugins:maven-enforcer-pluginc4b75cf53chore(deps): bump com.google.guava:guava from 32.0.0-jre to 33.3.1-jrec3c75c7dfchore(deps): bump spring-security.version from 6.3.3 to 6.4.1bca5bc337chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5df9bf4801chore(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0eaf13a8d6chore(deps): bump docker/metadata-action from 5.5.1 to 5.6.19bf808d70chore(deps): bump org.apache.maven.plugins:maven-failsafe-plugina11f1830fchore(deps): Update apache.commons-compress3658d3970chore(deps): bump org.apache.commons:commons-text from 1.10.0 to 1.12.06cd1da38bchore(deps): bump com.tngtech.jgiven:jgiven-maven-plugin36398cfbbUpdate security.md filece6aa331cCreate SECURITY.mda2a88dc79chore(deps): bump step-security/harden-runner from 2.10.1 to 2.10.212bd1bf81chore(deps): bump org.projectlombok:lombok from 1.18.34 to 1.18.364d336c6adchore(deps): bump jackson.version from 2.17.1 to 2.18.1cce753580chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier6098b6723chore(deps): bump com.github.package-url:packageurl-java40ec24f69chore(deps): bump tomcat froma09d4c1to2ade2b0965ac8dc2chore(deps): bump ubuntu from99c3519to278628f49c3e574fchore(deps): bump maven from440a97ato5a44dffa91c6249cchore(deps): bump httpcore5.version from 5.2.5 to 5.3.1f2b202b7achore(docs): update the KeyCloak doc for 26.0.58f9492422chore(deps): bump keycloak.version from 25.0.6 to 26.0.56239843efchore(deps): Adjust Maven dependency declarations9fa14d2e3chore: Remove pre-commit checkstyl...
sw360-19.0.0
sw360-19.0.0
This tag covers many corrections, bug fixes and features after the 18.1 release. Version 19.0.0 is also the first release without the Front-end integrated, but as a separate sw360-frontend project.
Major changes in the release includes:
- Removal of Liferay and related libraries, OSGi framework
- Unification of various backend packages from src and svd
- Support for Java 21 and Apache Tomcat 11.0.0
- Replace couchdb-lucene with couchdb-nouveau
Credits
The following GitHub users have contributed to the source code since the last release (in alphabetical order):
> afsahsyeda <afsah.syeda@siemens-healthineers.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Gaurav Mishra <mishra.gaurav@siemens.com>
> Helio Chissini de Castro <helio.chissini.de.castro@cariad.technology>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> Nikesh Kumar <kumar.nikesh@siemens.com>
> Rudra Chopra <prabhuchopra@gmail.com>
> Sameed <sameed.ahmad@siemens-healthineers.com>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
c167bcca9feat(rest): Endpoint to add comment on a clearing requestcd97b6154feat(rest): Create new endpoint for schedule CVE and schedule attachment deletion.00d70bcc5feat(rest): get releases used by vendor31b720b9efeat(rest) : Rest end point for generate source code bundle062a89290feat(rest): saveUsages in project page9751a2e1afeat(Project): Add new endpoint for project's license clearing tree view (New GUI)546d35b73feat(Project): Import SPDX as dependency networka18b053f5feat(rest): Create new endpoint to download component template in csv format.144ea5b81feat(rest) : Move GenerateLicenseInfoFile rest end point to SW360reportcontroller61ec9ac39feat(REST): Exclude release version from license info295f1cbfffeat(rest): fetch group list in project add and edit page.e9ec8d8a7feat: Make Java 21 defaultcb99fc678feat(ImportSBOM):Change naming convention of imported components441fa7d85feat(Project): Create new endpoint to serve list view of dependency network (New GUI)7b4c534e3feat(cloudant): use IBM SDK09586fad6feat(ektorp): remove ektorp from search handlersaf0262112feat(lucene): nouveau integrationa019b468bfeat(keycloak-spis): Added the custom keycloak SPIs3c453670dfeat(couchdb): Enable use of latest CouchDB with nouveau8fdd93c86feat(rest): endpoint to update a vendor.bff430140feat: Add CODEOWNERS to the repository90ad3ea1cfeat(rest): Add additional fields in get clearingrequest endpoints.771b965b2feat(ComponentPortletandImportCDX): Validate VCS URL and sanitize GitHub Repo URLs during CDX import99d0c80edfeat(api): postpone moderation request actionaf15a09e3feat(rest): includeAllAttachments parameter in licenseInfo endpoint66cac90c6feat(CycloneDX): Make methods compatible with cyclonedx upgrade and update jackson version9a15832c0feat(rest): Endpoint to get comments of a Clearing Request.ffbf1b183feat(project): endpoint for vulnerabilitySummary page.0d6908ab2feat(project): Add necessary library dependencies required by rest codeacb1e54eafeat(vscode): Add base Eclipse java formatter config filea29d5b0c2feat: Generate provenance and SBOMs on Docker images8b6aa42cffeat(docs): Remove old asciidocs supportfd0546244feat: Update to Ubuntu 24.04 (Noble)8f971f765feat(rest): new endpoint for releases of linked projects.5bd4cae83feat(obligation): rest endpoint to update license obligations of the project.3c40f09f2feat(License): Add API Listing LicenseType and Add pageble for licenses, obligations204ce2f02feat: Add scorecard
Corrections
9452b2b89fix(cloudant): fix attachment creation5bdef6d51fix(pom): fixed the java version in kc module pom.xml48e0f6c8cfix(ImportCDX): VCS sanitization failing on characters like colondc18109b8fix(Project): Fix project handler test with dependency network feature5702dc595fix(clearingState): making fossology report download configurable.3f10b6856fix(build): add the missing excludeReleaseVersion69fcc6c9ffix(servlet): complete migration javax to jakarta3cad1c4aafix(UI): Add lang attribute to ReadmeOSS.html for generated license info.77b801825fix(keycloak-spi): Added the README.mde43c3422afix(nouveau): fix nouveau query result442ac94c7fix(test): fix test cases with cloudant SDK41e3d4605fix(nouveau): extend nouveau connector as cloudantcbcffd979fix(cloudant): fix query buildersced70a0e4fix(cloudant): fix views57f5b6908fix(REST): Patch Release is causing the clearing state to be updated to NEW even if a Clearing is existing5c4810a56fix(backend): fix dependency for backend coref0719b97afix(rest): Resolved null value returning for svm tracking status.fe05d9f29fix(rest): Update search API to return 200 status with empty results array when no match foundb0c11a1fbfix(GenerateLicenseInfo): Generate License Info failing for releases having the same CLXd6f630021fix(rest): Ensure visibility field is case-insensitive6a1408f50fix(doc): fix OpenAPI doc for Search endpoint83796a935fix(rest): add requestClosedOn field in get clearingRequest_by_id endpoint45a8137f3fix: Update docker documentation to reflect current status9dc2d6835fix(rest): Enable back authorization and resource server with up to dat springbootc493d83bffix(couchdb): Move setup data for single file and update compose to use as read onlyc15e36cd8fix(docker): Use Tomcat with Ubuntu 24.04 (Noble)d655adc64fix(rest): Add null check for linkedProject field if it is empty77bdbf7f6fix(rest): Add null check for linkedProject field to prevent Internal Server Error on GET request to fetch the linked projects of a project5943127c6fix(rest): Add code to update user details when creating a moderation request.9777923f8fix(docker): Reinstate docker builds0265205b0fix(docker): Update docker build to fit Ubuntu Noble and improved caching293e025cffix(rest): Added JWT token convert to fix the issue with authorities540f9baf1fix(rest): Added the Oidc user info customizer and token customizer1fb7bcf97fix(rest): Add null check for linkedProject field to prevent Internal Server Error on GET request to fetch the linked projects of a project3f6ae983bfix(importCDX):Improve error message when PURL is invalid3dfbb5538fix(rest): Fix internal server error with 500 status code for link project to projects endpointf0e149422fix(rest): Fixing pagination for endpoint '/packages'.0d88cacc7fix(rest) : Non uniform link format in attachmentUsage end pointfea2d4edafix(rest): Fixed the swagger issue01218278dfix(backend) : Product clearing report generated has strange numbering issue fixda95be6e7fix(rest): Added modifiedBy field in get package_by_id endpoint.82ad83e70Revert "fix(rest): Fixed the swagger issue"cc38d07dffix(rest): Fixed the swagger issue51fabdfc2fix(rest):Added code to resolve the server error while fetching a summaryAdministraion endpoint.b262c4c82fix(rest): Fixing the rest test cases308ce540bfix(rest): Added a missed field in package endpoint for allDetails.8f0560c04fix: Only publish test report on failuresf48e6d27bfix: Thrift cache locationb69720c91fix: Update thrift build to fix github caching89f47fe05fix(test): Proper build tests now without jump folders4dd4f8aa7fix: Remove wrong placed copyrights on commit templatef8dcd79f2fix(test): Disable rest test to avoid chicken and egg integration7ce112133fix(github): restore pull_request_template.md
Infrastructure
4e883a5a1chore(deps): bump org.springframework:spring-context7dd44a5fdchore: Add maven validation on buildd086e9a71chore(deps): bump org.keycloak:keycloak-core2d90a9a00chore(deps): bump org.keycloak:keycloak-corebfd296052chore(maven): deploy keycloak listenersc71b0d5c4chore(maven): segregate war and jar deploy dirsd9b3edf25chore: Add Tomcat 11 default for Docker872c74ef1chore(nouveau): catch exception for nouveau query824504564chore(docker): update compose with dockerhub image3fc2e0976chore(couchdb-lucene): remove third-party/couchdb-lucene111a0fe88chore(refactor): Refactored the models by adding Lomboke3dccf3eechore: Reduce couchdb log level on docker composee3f3dab7echore: Update the license header checkfor CODEOWNERSaf056ef15chore: Properly set components servlet as war file27fddd182refactor: Use the correct thrift image56b63f065refactor: Remove dead code comments7b3fe9233chore: CouchDB setup can't be read only442970d4cchore: Add color coding for sw360 project30b6114f8refactor(backend): Adjust component test call9a09353afrefactor(backend): Disable ComponentImportTestUtilsa0369e0a3refactor(backend): Allow test properties be configurableb7d9941ddrefactor(backend): Fix licenseinfo test2f24d0b3echore: Disable logging on disk for couchdb and configure authorization serverbc759edb4refactor(backend): Restore webapps installa9cff25eachore: Fix version dependenciesa81fe91dcrefactor(backend): Remove invalid recursive add-build-configuration processa973a70f4refactor(backend): Disable usage of Handlers by importer2019328a3refactor(backend): Adjust dependencies for...
sw360-18.1.0-M1
sw360-18.1.0-M1
This tag includes important corrections and fixes following the 18.0 pre-release. It is also the final tag with Liferay, as SW360 will use the SW360-frontend project (https://github.com/eclipse-sw360/sw360-frontend) starting from the next release.
Migrations
For existing installations, a data migration is required with PR 1963. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
Note: For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
SW360 18.1 Native Install Deployment
https://eclipse.dev/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-18.1.0/
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
> Afsah Syeda <afsah.syeda@siemens-healthineers.com>
> Aftab, Farooq Fateh (ext) <farooq-fateh.aftab.ext@siemens-energy.com>
> Anupam Ghosh <anupam.ghosh@siemens.com>
> Akshit Joshi <akshit.joshi@siemens-healthineers.com>
> Eldrin <eldrin.sanctis@siemens.com>
> Gaurav Mishra <gmishx@gmail.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> Jens Viebig <jens.viebig@vitec.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> Nikesh kumar <kumar.nikesh@simens.com>
> rudra-superrr <rudra.chopra@siemens.com>
> sameed.ahmad <sameed.ahmad@siemens-healthineers.com>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
4bfabe486feat(rest) : Remove mail-request parameter and read from config file96863d14cfeat(REST): Search package by purl and version684d90117feat(REST): Create clearing request for a project and move the preferred clearing date limit field out of Liferay"fe044d00feat(project): Added release field for licenseObligation get endpoint70837b27feat(rest): filter attachment usages in projectea94202bfeat(license): Update Whitelistaf155858feat(CR): Update clearing request state from AWAITING RESPONSE to PENDING INPUT2bd2b2fdfeat(vscode): Add workspace java settings8ceba8fbfeat(docker): Add test build using docker944a7164feat(rest): added pagination for vulnerability tracking status page.70391d07feat(rest): add license obligations to a project.4f65386ffeat(obligation): endpoint to list license obligation table data5fcb3533feat(rest) : endpoint to list lic 8000 ense obligations from license database.240c73f3feat(CR): Create a new Clearing Request state Sanity Check to perform sanity check before accepting a project4bc56326Revert "feat(CR): Disable Clearing Request creation for the projects which have linked releases without SRC type attachment"71d3a470Feat(User): Create new endpoints to Create/Revoke/List rest api tokend4820efcfeat(Rest) : Download license clearing report end point.14fda713feat(api): new endpoint /mySubmissionscec7f4b7feat(docker): Improve output of check_image script.d7699485feat(docker): Revamp docker build setup2ddf76f0feat(user): Enable API user endpoint by default36a41ceffeat(Obligation): adding obligation type data in license obligation table.44219a39feat(rest) : Pagination for vulnerability tracking statusb925c0abRevert "feat(UI): enhanced date filter for open and closed clearing requests tab"a3038447feat(UI): enhanced date filter for open and closed clearing requests tab9f9a1ffa1feat(UI): Add an info button in the create CR pageb98d346a4feat(UI): Add clearing type column in closed clearing request tabb6aa50650feat(Project): - Extract license from all releases in dependency network when download license information of a project - Generate source code bundle from all releases in dependency network when download Generate source code bundle for a project49f5486fafeat(rest): endpoint to link sourceProject to list of projects.1ab14350bfeat(CR): Disable Clearing Request creation for the projects which have linked releases without SRC type attachmentbcd600c26feat(User): Add new endpoints to get/update requesting user profile3cb73c19ffeat(rest): Create new endpoint to unschedule all services.83a2b3a28feat(license): Listing obligations by license8a9c407e8feat(license): Fix Update License isChecked89a75f815feat(project): Update ghactions workflows deps849e10a0cfeat(obligation): Add api listing obligations by ObligationLevel3ec2cb129feat(rest) : Rest end point for releases by lucene search7ccba71d5feat(project): Setup Sonatype publishingc0fb731c4feat(license): Create API Export License141e24babfeat(Release):Upload Source Code Attachment to Releases through a Scheduled Servicec7c33c78ffeat(rest): adding pagination for listing vendors endpoint.c805ff90ffeat(rest) : Adding or Modifying fields to project summaryadminastration page6a89beabcfeat(Script): Delete MR's for a specific useradc862038feat(license): Create new api update license
Corrections
dfabecd2cfix(importCDX) : Fix package's linked release updation when an SBOM is imported3de514387fix(project): adding project owner field in project get endpoint.c31464972fix(api): throw 409 if last moderator219792b1fix(importCDX): Resolve incorrect package/release count in import summary6d9f3620fix(rest): Create a new endpoint for dataBaseSanitation.ae997be2fix(project): Update outdated Github actionscb02b200fix(sw360): changing mkdocs version0c9523fbfix(REST): Improve error message handling for CycloneDX sbom import using REST APIdf735e9bfix(Release): Updating the license overview in the summary pagee5ac9278fix(SRCUploadService): Source upload should work for release versions having alphanumeric charactersfa42d204fix(api): provide typeMasks name as Optional type6e36abbbfix(api): check project modifier before embedding3beff049fix(Project): Fix bug Expand Next Level and Collapse All button are hidden when click on sort icon5112980ffix(urlEncoding): url encoding.fe0a4408fix(Release): Add embedded other licenses in release responsed4a8be84fix(importCDX): Packages without VCS in SBOM having VCS in SW360 are not getting linked to project8af9bd5efix(importCDX): Add check for existing comps and package using case-insensitive comparison of vcs and purlee3ed068fix(Liferay): Fix bug cannot access oauth client page when import lar fileedc9320cfix(rest) : attachment usage type fix in response49be7428fix(importSBOM): Remove the invalid characters appearing in import summary message for invalid packages list5a726764fix(rest): create endpoint for search by userName using lucene search.ff068133fix(rest): Added releaseId in recentRelease and release mySubscription.87a14f7afix(Rest): Added status for mysubsciption in component.d28843c2fix(docker): Fix broken binaries context inclusion16475d70fix(rest) : create new endpoint for cleanup attachment.0950a2cafix(script): update modifiedBy/modifiedOn project fields.67696a9ffix(department): Division by zero caused by bad default value for interval9703661dfix(rest): Added primaryRole and secondaryDepartmentRoles fields for user endpoint.fba0d8e5fix(rest): Added modifiedBy field in project search by id.178813e5ffix(docker): Adjust local naming for docker imagesb55372562fix(thrift): Add proper version to build34765dd80fix(thrift): Follow link download stepef5cc0142fix(database): Restore reading environment database vars8aaf95734fix(UI) : Issue fix for vulnerability not displaying for projectc63023c4dfix(release): modify the externalId query parsing6a6cb33b5fix(docker): We have been using wrong Java version625ffcfa1fix(release): revert external id query parsing222879a9efix(rest): error handling when user dont have sufficient import permissiond619c5121fix(Table): Fix error of hiding attachment table content when clicking sortef83441dffix(moderator): show message when only moderator choose remove me option.590a2b3adfix(docker): Remove deletion that invalidate image2fe147f09fix(rest): create new enpoint to check server connection.47d14b158fix(script): Fix migration script not working with python30d535c386fix(config): Correct file number0f9d9b85afix(rest): create a new endpoint for fossology in admin tab.5b9f10921fix(script): Fix incorrect numbering for migration scripts0f9d31974fix(couchdb): Add config entry to disable couchdb cache451948a79fix(javadoc): Remove invalid link reference05c2445fafix(lib): Add meta information to enable publishb5f6cb469fix(importCDX): Update failed component creation error message6e1964a40fix(rest-fossology): applied changes for upload endpoint5a83fe2c9fix(RequestsPortlet): Unable to reopen CR, Open Components to display open releases, clearing progress to show percentage2fdd5f4c5fix(Rest): Allowing search for releases using externalIdsd9fce216fFix(package): Fix issues api for package - Cannot unlink orphan packages from the project - Cannot link a package to a release without any package - Handle message when package with same purl already exists02d84be81fix (rest) : rest api created for component search by lucene search
Infrastructure
e71c5e53fRevert "build(deps): bu...
sw360-18.0.0-M1
sw360-18.0.0-M1
This tag covers many corrections/bug after the 17.0 release and multiple new endpoints to support sw360 UI project.
Migrations
For existing installations, a data migration is required with PR 1963. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
> Abdul Kapti <abdul.kapti@siemens-healthineers.com>
> afsahsyeda <afsah.syeda@siemens-healhtineers.com>
> Anupam Ghosh <anupam.ghosh@siemens.com>
> Dinesh Ravi <dineshr93@gmail.com>
> Eldrin Sanctis <eldrin.sanctis@siemens.com>
> Gaurav Mishra <gmishx@gmail.com>
> Helio Chissini de Castro <heliocastro@gmail.com>
> hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
> Keerthi B L <keerthi.bl@siemens.com>
> Kouki Hama <kouki1.hama@toshiba.co.jp>
> Le Tien <tien1.le@toshiba.co.jp>
> Muhammad Ali <alimuhammad@siemens.com>
> Nguyen Nhu Tuan <tuan2.nguyennhu@toshiba.co.jp>
> Nikesh kumar <kumar.nikesh@simens.com>
> rudra-superrr <rudra.chopra@siemens.com>
> Shi Qiu <shi1.qiu@toshiba.co.jp>
> Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
> Tien Le <tien1.le@toshiba.co.jp>
> tuannn2 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
e9a9f308bfeat(rest): Adding pagination for ecc info of releases for a project.c0db06a68feat(rest) : Adding pagination for listing users endpoint.acc553b14feat(rest): endpoint to get attachmentUsages for a project.bb0d01fd5feat(rest): endpoint to get license clearing count for a project.bc5ae7d1bfeat(rest) : Add enableSvm field in response to projects api130ed2585feat(importCDX): enhanced sw360 CDX importer754ba96a7feat(CreateCRandRequestsPortlet):Added new field Clearing Type for CR and Additional columns in Open CR tableb89bde7b9feat(Rest): Modifying the document for search endpointec750b824feat(bug) : Download release attachment fail issue fixf629a0d3ffeat(rest) : End point for export vendor spreadsheet930ef1d13feat(docker): Add option to specify cvesearch.host at build timef4febd954feat(release): Fix response api get single release with costDetails70141590cfeat(rest): API to get vulnerability tracking status03aaa6985feat(Rest): New endpoint allow load assessment summary information of release8c2e71b85feat(ui):enable to bulk delete component/releases for admin SW360266aeac3dfeat(REST): Add restricted project counter for component and release usedBy APIca0ef31f2feat(rest):Update API Create Release with Cost Detail1974005e2feat(ui): Added collapse and expand icon for all the tabs16dae1a4afeat(rest): API to get vulnerability tracking statusafe118d96feat(Rest): New endpoint allow load SPDX license info from attachment of release (ISR, CLX, CLI)a330fde1efeat(rest): Update release with attachment infoba6c743f5feat(ui) : Add changelogs for license pagesd369c73e3feat(rest): Update API create Release with Moderator, Contributor, CpeIdc9c37b94dfeat(rest): Update API create Release with LinkedReleased7b52f53efeat(rest): Add Information Vendor to response Get release detail4449e6017feat(liferay): Export private pages include package portlet7c57b8081feat(rest): Add information user change status attachment when edit component by APId25d35ce3feat(Project): New configuration make project and releases relationship more flexiblede4125bb4feat(debug): Add Tomcat manager to dockerfd13d1943feat(rest): listing license clearing info of a project.cc9291d68feat(CycloneDX): support CPE in import and export42f44107ffeat(rest): Update Component with attachmentd8c594628feat(REST): New endpoint to write SPDX license info into released356bc022feat(UI): Package Portlet Signed-off-by: akapti abdul.kapti@siemens-healhtineers.com6aa0b8d7efeat(rest) : asynchronous end point for report download4d4c863adfeat(RequestsPortlet): Added On Hold value for request status and Next/Last 15 days filterfd159f302feat(Components): Add a new field VCS/Repository URL for componentsbe9e5f5bbfeat(rest): New Endpoint create attachment34e2d9e77feat(Rest): Rest API allow to re-generate fossology reportf4432c98bfeat(rest):Adding new fields to get list of project vulnerabilityefbe761f5feat(ExportSpreadsheet): Add project and release ID to the exported excelb7740902bfeat(ProjectObligationsEdit): Save comment and status fields on edita7bc2969cfeat(rest):New end point for my componentsa4e7f680810000 feat(REST): New endpoint split components447143b8efeat(rest): To list linked projects of sub-projects.ed7f4e237feat(Department): New function for Department Management662a05977feat(rest): new endpoint merge component1bf157600feat(UI/REST): CycloneDX SBOM Importer & Exportere8f6e6b26feat(rest): update response API Get a single release57b02aa29feat(REST): Update response endpoint get attachments by release410184928feat(ECC):Added pagination to ECC release listb6d58b979feat(ui): add note filed in license pagef14f9b0e4feat(rest): update response API Listing usersc27a2fe35feat(rest): update response API Listing vendors9bd7869f4feat(update): update response api get single component90c59acb4feat(rest): modify moderation requests8e71c959cfeat(ci): Use actions java setup instead of standard packages037acd41bfeat(ci): Use actions java setup instead of standard packagesa7af308fafeat(ci): Update build and test to accept dispatch669d6f98bfeat(rest) : api to get count of projects1c4b223f8feat(update):update response api get attachment by componente6374e820feat(api): create new endpoint import bom for component462675325feat(api): create new endpoint update vulnerabilities of a release4dbc8705afeat(api): create new endpoint update vulnerabilities of a componentbc368f203feat(REST): Endpoint for Download Attachment Bundle of Release764a24c6cfeat(api): Endpoint get release overview by component391c006e6feat(REST): Endpoint for Download Attachment Bundle of Component96a032814feat(api): endpoint get vulnerabilities of a componentd10048956feat(rest): new endpoint/moderationrequeste682a50fafeat(spdx): Added support for pasring of SPDX-2.3 (ISR) generated via fossologyb7710e630feat(lucene): Modify pom to generate proper war from couchdb lucene53236b590feat(libs): Add couchdb-lucene as third party84e098774feat(project): Prepare to introduce thirdparty librariesc80f75908feat(rest):Components with all details Rest Api doc updatedb32e90154feat(REST):Endpoint for sbom import249f48f49feat(SPDX): Making new tab in component release pages for showing SPDX/SPDX Lite data #12409d566af03feat(rest):New end point for my components53c8d85dafeat(clearing): Improved cloud backend clearing2e0732a2bfeat(rest): Added basic username and password based authentication4f171a659feat(rest): optimize fetch project729207997feat(EditCR): Admin will be able to reassign/edit the Requesting User of CR56096f24afeat(ProjectUI):ExternalIds and Additional Data fields in Export Excel7b84b0e4ffeat(api): get vulnerabilities from relase by apiaafc95808feat(rest) : Update data without moderation request And This features' a configurable setting73ba7012dfeat(docker): Use main Maven docker imaged6555a370feat(rest): endpoint for linked projects.e20d7bf06feat(rest): new endpoint /releases/recentReleasesc5aea6f4efeat(rest): newendpoint /components/recentComponents.d707d7b53feat(rest): new endpoint/projects/myprojects0f95fd368feat(project): Added Email functionality for individual project spreadsheet exportff92cd956feat(ProjectUi): Enable Release with only one non-approved CLI for 'Adding License Infor To Release' and 'Displaying Obligations' (#1764)f5daadb6efeat(Search): Added restricted search (#1797)df0a6a123feat(ui): Add banner to broadcast messages (#1830)d4cd90f67feat(Project): Added Vulnerability Summary Tab in Projects.ca1da16fefeat(ProjectsUI):Changed Expand All To Expand Next Level and added alert messageb682060aefeat(Advance Search): Provided an 'Exact Match' checkbox in Advance Search that inserts (") around search keywordb0ccdc480feat(ci): Add thrift binary to cache95009d35ffeat(project): Add pre-commit and spotlesseabbb0053feat(svm): Publish SVM codes to Community
Corrections
5e48f83b2fix(importCDX): Remove view BY_VCS_LOWERCASE and BY_PURL_LOWERCASEe94d9c729fix(Moderation): Fix bug could not open Release and Component moderation request45b317d86fix(rest): adding additional fields to rest response for linked projects.4e329b464fix(license): Update Response api for single license and Add rest-docs api create licensed261f70e5fix(rest): Added new endpoint for LicenseType in admin tab41d735f9afix(package): Can't link project to package1debd1e2cfix(REST):Get Component failing for names with space521835e38fix(UI) : Added code to import the upload license in admin tabf748c7cbafix(package): Create package by API can't link releaseeb7efb3f9f...
sw360-17.0.0-M1
sw360-17.0.0-M1
This tag covers many corrections/bug fixes after the 16.0 release.
This release provides features, multiple bug fixes for release 16.0, for example, new REST endpoints, improved docker script and fixes related to liferay-7.4.3.18-ga18
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <abdul.kapti@siemens-healthineers.com>
afsahsyeda <afsah.syeda@siemens-healhtineers.com>
Anupam Ghosh <anupam.ghosh@siemens.com>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Eldrin <eldrin.sanctis@siemens.com>
Gaurav Mishra <gmishx@gmail.com>
Helio Chissini de Castro <heliocastro@gmail.com>
Jaideep Palit <jaideep.palit@siemens.com>
Kouki Hama <kouki1.hama@toshiba.co.jp>
Muhammad Ali <alimuhammad@siemens.com>
Nikesh kumar <kumar.nikesh@simens.com>
rudra-superrr <rudra.chopra@siemens.com>
Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
tuannn2 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
a20704c7update(lang): add chinese lang property filef9d23047feat(MailApi): enable control over trusting the email host3707569dfeat(rest): new param (allDetails) added in component call to get more details of component65011f18feat(UI): Applying sorting on release versions in drop down when inspecting a component.c8597b45feat(SPDX): Upgrade tools-java library to support SPDX 2.3 format684d3c6afeat(ProjectUI):License Info In the Spreadsheet Exported from Project License Clearing111d5876feat(RESTapi): created new endpoint for clearingrequest and modified existing endpoint payload8cb48cd8feat(AdminUI):Changed the title of the button in Edit Client modal to 'Update' from 'Edit' and set the validity to 'Days' by default in OauthCliente6a81fe0Feat (Vulnerability): Improve add/update/delete vulnerability APIs implement add/update/delete vulnerability by GUIe9b035f2feat(buildsystem): Rearrange dependencies and deploymentsb4c14975feat(CRUI):Change CR state 'On Hold' to 'Awaiting Response' & edit PreferredClearingDate35d9e021feat(docker): Move deps script outside docker builddb5176abfeat(deps): Update shared slim script to have a txt file with libraries4596f06dfeat(SPDX): Use new SPDX library (#1496)d6ba4c07feat(docker): Improve docker size and build time467edfbafeat(UI):Made the table header collapsable in wherever possible1550e909feature(ui) : select your group in Project page by grid3b4e36c7feat(search): allow searching for external ids27869c8afeat(ProjectUI): Load License info header text based on project group
Corrections
93363bd7fix(dependencies): Update okhttp and httpclient versions35ea249bFix(Vulnerability GUI): Fix bug cannot load vulnerability view pageb131a5bcfix(ProjectUI):Stale data displayed after using the Group filter in Project Advance Search2cd58b9fModified the check so that searchQuery is considered when submitSearch is empty01eecf3afix(ProjectUI): Changing Project group should update CR4ca47851fix(REST): Save otherLicenseIds while patching Release - 1735e97c8188fix(UI): Added new column in exprot spreadsheet in project tabae77534cFix(Obligation): Fix bug can not add/update Admin Obligation and import OSADL06b741b0fix(SPDX): import SPDX licenses with new SPDX library (tools-java 1.0.4)5d86c067fix(moderation_request): Added a check that if documentId is null then ignoreac308a5dupd(CI/CD): Build and test only during the PR.7da2858aupd(docker): Fix wrong branch42cce1a6upd(docker): Publish push to main commitsd0432233fix(script): Script to remove trailing and leading whitespaces from component names4f7fd085fix(ProjectUI): Multiple alerts when there are same linked projectsf6c22e52fix(PreferencesUI):Read Access has to be checked before Generating token920d1281fix(docker): Deploy libraries in correct place1564ab79upd(doc): Update docker documentation related to redirects5c9e7845upd(docker): Improve docker build and github actions7bcb75dbupd(docker): Improve github actions pipeline03e665ecfix(docker): add missing dependenciesb679b883fix(UI): Unresponsive UI & top align session message68f171f5fix(UI): Added code to show the project list in component tab8312a8e6fix(UI): Text field is blank while ExportSpread in licenses05b9c5f0fix(User): CountryId does not exists while creating user with new Organizatione0059eecupd(docker): Push sw360 docker image to registry429b6b73fix(UI): Default behaviour of write access checkbox restore5ffcda69fix(Project and Component UI): Formatting issues and the type of files that can be uploaded in Import SBOM MOdal are limited to rdf now-78332ea05feupd(buildsystem): Move away build-configuration8c09cfa1upd(deps): Update jackson versionsb7757326Fix(ProjectUI): Fix bug when editing obligations in a project.46e2b73dfix(CouchDbView): Improve couchdb view performance282298e0fix(Docs): Fixed REST and MkDocs generated issue9a1dcb48fix(ecc): Reset Ecc Fields when Component type is changed.a5ece957upd(sanitize): Remove lib prefix from datahandlerca8b2efc"fix(rest): Added code for to Update the REST-API documentation for Definition of Manufacturer on project level14103917fix(ComponentUI):HTML encoded character in Vendor field01448d74fix(scripts): Sanitize scripts13753dbfupd(ghactions): Fail fast with the license checker without setting a full blown systemb365744efix(bnd): Restore original bundle8682aa42fix(docker): Dependencies need to be deployedaa4b625eupd(docker): Move versions to separate file and update dep script9d3e9b3ffix(versions): Update commons lang to correct last version7ee69887fix(SBOM): Fixed Component type is not being set when components are created by importing SBOMdb359094fix(ecc): Script to change ECC status in Releasedaa15a90upd(thrift): Use only provided tarball to generate resources932987bcfix(maven): Update commons-logging to equal versionsd9f594ecfix(maven): Update commons-codec to equal versions41450708fix(liferay): Use unique versions for same dependencies5acd4ecbfix(maven): Use unique versions for same dependenciesde429b3fbug(docker): Fix share location of jar files5e0a30cdfix(ui): Fixed lar file to add missing widgets(Oauth Client & License Types)adb4f930fix(ecc): Script to cleanup ECC information in released0ead7d1fix(rest): Added component type tag in release apif0f308e4upd(maven): Update maven build infra2db4244ffix(UI): Do not copy specific external id while cloning releaseb8190e25fix(UI): Disable write access from UI9f5e1dddfix(CrUi): fix the critical CR creation issuea6f8fa65fix(ProjectUI): fixed Release filter bug in AttachmentUsage tab77e0ec1dfix(ui): Generate portlet X url inside portlet Y33908857fix(report): Nullpointer downloading reporte1dd21fcfix(jenkins): Update old eclipse jarsignerf35c6244fix(deps): Fixed wrong dependency download7ba948c4fix(docker): Fix double called shutdown scriptd2d8011fbug(docker): Fix invalid commited docker props9cddc708upd(Docker): Upgrade docker and versions for new Liferay3a0d8c38fix(AdminUI): Prevent license type duplication with case insensitive check17a82169fix(ui): cannot link Component with closed project6d0a20effix(REST): fixed release update issue for releases with invalid licenses
Infrastructure
a2b75597fix(doc) : update migration Readmeb7048928upd(README): Update with new informatione130c068chore(deps): bump spring-security-core in /frontend/sw360-portlet6b8c6e7dUpdate githubactions.yml8602a169WIPe7e9858fchores(liferay): updated liferay kernel and theme9e64374cchores(upgrade): Updated default country Id of liferayf19f0203chores(upgrade): Fixed the ui issues71145b2achores(upgrade): Updated default country Id of liferaya7fd29d7chores(upgrade): Fixed the ui issues822597c2Updated versions in bnd file according to Liferay 7.4.3.18 GA189efff9ffchores(upgrade): Upgrade Liferay to 7.4.3.18 GA1832bc4839chore(rel): Changing back to 16.1.0-SNAPSHOT
sw360-16.0.0-M1
sw360-16.0.0-M1
This tag covers many corrections/bug fixes after the 15.0 release.
This release provides features, muliple bug fixes for release 15.0, for example, new REST endpoints, new integration test suite.
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <abdul.kapti@siemens-healthineers.com>
Alberto Pianon <alberto@pianon.eu>
Anupam Ghosh <anupam.ghosh@siemens.com>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Helio Chissini de Castro <helio.chissini-de-castro@bmw.de>
hoangnt2 <hoang2.nguyenthai@toshiba.co.jp>
Jaideep Palit <jaideep.palit@siemens.com>
Kouki Hama <kouki1.hama@toshiba.co.jp>
Pham Van Hieu <hieu1.phamvan@toshiba.co.jp>
Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
Tran Vu Quan <quan1.tranvu@toshiba.co.jp>
tuan99123 <tuan2.nguyennhu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
1f6db6dbupd(mockito): Update the deprecated old mockito-all to mockito-core29d019b6feat(ui): Ability to filter for active users0d0de03cfeat(ReleaseUi):Display AssessmentSummary info from CLi in Release details page709a5ec9feat(UI): ModifiedOn & MOdifiedBy fields for Project/COmponent/Release73fe7e68feat(export): Enable mailing for exported spreadsheet for componentsbbc37a93feat(ProjectUI): added filter for linked release/projects tablea9053df2feat(ProjectUI): AttachmentUsages - Added option to filter for releases without source attachmentsf7aebb1efeat(rest): Add upload description to trigger fossology process26226fbbfeat(exportExcel): Send an email to user with download link once export completed860e420dfeat(exportExcel): Generate and save excel to file system, Download generated file with token07b54e93feat(UI): Display Licenses from Scanner findings in ISR attachments9511adb7feat(obligation): add function Edit/Duplicate/Changelog for Obligation830f463afeat(ui) : Strengthen sw360 admin privileges about Read and Write7dd31343feat(compose): Common network adn Fossology decoupling5974152ffeat(ProjectUI): Disabled CR based on project Group0f2e4c14feat(rest): Get Project Vulnerability by external id and release id3dfe2bbcfeat(projectUi): Update some fields in a Project in closed state440a6fdafeat(docker): Overhaul SW360 docker0dc962d0feat(script): Addition to update project field starting with some valuee5516c21feature(docker): Run sw360 as non-priv usercec73056feature(docker): Use volumes with tomcat33481c32feature(docker): Add fossology on the mix4036a822feat(project): Added vendor for project
Corrections
00271e79Fix (Component): Fix bug component list sorting3eb27362fix(closedproject): Fixed issue w.r.t. editing close project8911a4c4fix(project): Added write permissions for closed project1bef35d3update(ghactions): Improve gh actions processbcdfad6bupdate(docker): Docker to use latest Ubuntu LTS728acb20fix(export): Added missing ECC AL column and release vendor in project export8efc4871fix(rest): Added release main licenses in the response5f5bca8afix(ISR):Fixed source file not found in ISR & Total files count mismatchb4f0b870Fix (Release): Fixed vulnerability can't be deleted when it is linked with a deleted releasef8052466fix(UI): fix Some long sentence can't show property in License Obligation8ead75c3fix(ui): Display url, email, text of Additional Data for Component and Releasebafd477ffix(CR-UI): fixed the count mismatch in Open Components column of CR tablee776a969fix(excel-export): fixed project filter issue while exporting excelbcc2d89cfix(Obligation): Save Admin Level Obligation based on Obligation topic1bec6af2fix bug Invalid GitHub action #15199bc9b9bbFix(License): Fix bug one license cound add only 10 obligations4b7197b4Fix(REST): fix visibility of Project Rest APIaef08989fix(docker): Add better proxy documentation to docker-compose534ee6f7fix(ui): Fixed Obligation count in project viewcac1b13efix(thrift): Updated thrift configuration to adopt configurable max message size and max framesize2fab647btypo in the docker run command8d1ddfc3fix(compoent-visibility): Moderation request for clearing admind92ecacefix(ui) : modify translation for search function3792db20fix(ModerationRequestUI): Fixed project Moderation Request UI is not loading1c0dd050fix(Dockerfile): Make Dockerfile more consistenta8c2334efix(merge): Optimized code to check for write permission of release and components before starting to merge9bbb49bafix(modReq): Fixed moderation request for release with version overwrited1fd4307fix(ReleaseClearingState): ClearingState not changing to New from Scan Availablecbec94a4fix(api): Correct the ECC status when release is created by APIf0f9ff62fix(docker): Added missing license6fb1f415fix(docker): Add Document Library as volume to enable keep custom settingsfde1f460fix(docker): Add proper missing clucene configb719f989fix(docker): Add better proxy handling11e24172fix(docker): Get liferay from github releases6bddc2bffix(docker): Reduce first bootstrapping5df8eb4afix(docker): Update README_DOCKER.md0e917987fix(docker): Update documentation with CSS issuee1a21e07fix(docker): Update documentation with CSS issuecfe7e413fix(docker): Improve documentation and persist porta-ext.propertiese335c374fix(docker): README update and cert ignore for curlab23d0ccfix(docker): Thrift builds now under tmpfsff9409fdfix(docker): Improve build speed and build layers size5467abf9Update docker base using Eclipse Temurin681eb0c4fix(ui): Restrict visibility of each component/release like 8000 Project0b06f3eefix(ui): Fixed pagination of component list with search paramsf14298a4Fix search function with key is empty
Infrastructure
7332bec0chore(dependencies): spring vulnerbility - cve-2022-22970,cve-2022-229713efa3a56(chores): updated README.md and download_dependencies.sh files7541ec8dchore(deps): bump spring-security-core in /frontend/sw360-portleta17efda8chore(deps): bump gson from 2.8.6 to 2.8.918763b51chore(deps): bump jackson-databind from 2.11.3 to 2.12.6.12502b58d(chores): fix security vulnerabilitiesce57d9b5Update information about port redirectionea798093Update README_DOCKER with typos fixinga7a75336chore(rel): Changing back to 15.1.0-SNAPSHOT
sw360-15.0.0-M1
sw360-15.0.0-M1
This tag covers many corrections/bug fixes after the 14.0 release.
This release provides features, muliple bug fixes for release 14.0, for example, new REST endpoints, new integration test suite.
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
Anupam Ghosh <anupam.ghosh@siemens.com>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Gaurav Mishra <gmishx@gmail.com>
He, Albert <albert.he@sap.com>
Jaideep Palit <jaideep.palit@siemens.com>
ravi110336 <kumar.ravindra@siemens.com>
Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
9807d381feat(ui): Added new Clearing State and Attachment Type77f06a6efeat(ci): Remove dependency of commonsIO from clientbe212373feat(ci): Fixed Attachment test casesbf43f889feat(ci): Fixed Release test cases790c935ffeat(ci): Fixed component test cases32ae085ffeat(ci): Run Client Integration Test for rest api on DB77f49ec2feat(ui): Added new column for ECCN in ECC status tab of project details view8ed3c68dfeat(AttachmentTypeUI):Add a new attachment type Security Assessment.2e593adffeat(client): Added Java Client Apis for vulnerability endpoints.
Corrections
2b562699fix(ci): Fixed vulnerability IT testcases854c6453fix(release): Fixed mainline state is empty when creating a release by ui or restbe26f6cafix(ci): Fixed Project Client Testcasese06eb192fix(ci): Fixed License Testcases2261b62ffix(script): Fixed deployment status check after spring boot updat02ecfe6fFix default config not working issue30e404bdFix component list sorting errorf6337094fix(rest): Optimize rest api for get project by tag, type, group
Infrastructure
376d5b94chore(deps): bump log4j-core from 2.17.0 to 2.17.14fc46d41chore(deps): bump log4j-core from 2.16.0 to 2.17.0c386b4c6log4j version upgrade to 2.16.0(log4j-vulnerability)b8ebd682chore(rel): Changing back to 14.1.0-SNAPSHOT0368ae99chore(readme): Update release badge to latest
sw360-14.0.0-M1
sw360-14.0.0-M1
This tag covers many corrections/bug fixes after the 13.4 release.
This release provides features, muliple bug fixes for release 13.4, for example, new REST endpoints, new functions in the UI and changelog enable/disable from sw360.properties.
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <abdul.kapti@siemens-healthineers.com>
Anupam Ghosh <anupam.ghosh@siemens.com>
Jaideep Palit <jaideep.palit@siemens.com>
Kouki Hama <kouki1.hama@toshiba.co.jp>
Michael C. Jaeger <michael.c.jaeger@siemens.com>
ravi110336 <kumar.ravindra@siemens.com>
Shi Qiu <shi1.qiu@toshiba.co.jp>
Smruti Prakash Sahoo <smruti.sahoo@siemens.com>
Tran Vu Quan <quan1.tranvu@toshiba.co.jp>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
e1923ac3feat(UI): import OSADL obligation information and update screen of Adding new obligation2b6b9a9dfeat(UI): CLI file clean up assistant3702de56feat(rest): Added rest api to create duplicate of project8ff2748ffeat(RestAPI):Update the attachment status with the approver/rejecter Name and Group.e3d8122afeat(ProjectUI): Add new values to Obligation status3bab5e99feat(ui): Display,update vulnerability for linked projects in project details view8d1f96fffeat(log): Added output processing of the change loga873ad83feat(ReleaseUI): License to SourceFile Mapping533ace69feat(rest): Add Rest API for linking release to release
Corrections
ea72ce63fix(ui): Fixed redirect page from Release Edit page to Release Details pagece9d9550fix(changelog):Fixed the file permission issue for sw360 changelog.9ef38314fix(rest): Change base url of health api from /actuator to /843f1f8dfix(rest): Get component by name case insensitive96a59335fix(rest): Create duplicate project clearing state should always be open and not copiedfc1f1e39fix(sw360ChangeLog):Configure the sw360ChangeLog path.d27527d3fix(docker): Fixed cannot upload attachment more than 1 MB by Rest Api46e6eb18fix(views): Optimize views for components2e8a9cc8fix(views): Optimize views for releases21682a3afix(views): Optimize views to load large projects65719867fix(rest): Fixed hateoas link not showing correct protocol0ed91d75fix(ui): Links in ReadmeOss as HTMl are not rendered properlyedeb13d2fix(ui): fix the bug that attachments usages in project cannot show other line5bff785ffix(rest): Update project vulnerabilities0202f9dffix(rest): Fixed projects loading issue in REST62d8887bfix(UI):Component details not shown for the Security Admin Role.1db9afdafix(rest): Added new parameter luceneSearch to Get Project List Api, to get project list based on lucene search3305fc6bfix(Japanese) : Update and modify Japanese translations2f85cf70fix(projects): Fixed thrift timeout by optimizing projects loadingaa8574ebfix(upgradeVersion): Updated resource server properties for Spring 2.Xa0f1861bfix(upgrade version): fixed the test cases failure issue when generating the rest docs.033d912afix(upgradeVersion): Fixed Test case for authorization server with spring boot version upgrade * Refactored code and removed commented lines71bf74bcfix(upgradeVersion):Upgrade version.2e98d07dfix(RestAPI):500 Internal server error from releases API.eb6192bcfix(ui): Cleanup moderation request on deleting project/release/component57e08173fix(ui): Changes in External urls in Project are not registered in Moderation Request. Closed Moderation Request doesnot show Proposed changes8b5ffeccfix(Rest):make SW360 REST API Get Releases by Name Case-Insensitive.97a72951fix(DBTestsFail): Migrating databasetest.properties to couchdb-test.properties.6c3c51ecfix(log): Fix indentation issue in source code.4ab50904fix(MyProjectErrorMessage):update the error message in UI for the project which is not accessible.d2f22b80fix(ui): Fixed js error while merge component/release with null additional data9c4d2f0dfix(rest): Added exception processing for authorizationaf443442fix(script): add password and user in couchdb-lucene.ini318d0923fix(docker):Update couchdb3.1 ubuntu20.04 liferay7.3.4 postgresql125ec1df6afix(ci) added new files to license check script26dc7333fix(ui): Fixed create/update users with uppercase email or externaliddb1c1a97fix(ui): User should be able to edit group of project
sw360-13.4.0-M1
This tag covers many corrections and bug fixes after the 13.3 release. Th eproductive use of 13.3 has revealed a number of issues resulting from the big persistence layer switch.
This release provides also features, however, some smaller news are there, for example, new REST endpoints or new functions in the UI.
Migrations
For this version, no database migration is necessary.
Credits
The following github users have contributed to the source code since the last release (in alphabetical order):
abdul.kapti@siemens-healthineers.com
jaideep.palit@siemens.com
kumar.ravindra@siemens.com
michael.c.jaeger@siemens.com
nam1.nguyenphuong@toshiba.co.jp
smruti.sahoo@siemens.com
yosuke.yamada.no@hitachi.com
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
3089008cfeat(rest): Support map of release id to usage as request body in addition to previous array of release id fordf2f6dadfeat(VirusScanSchedulerService): Scheduler Service for deletion of attachment from local FS276650a9feat(ObligationHelpTextforProject): Provide the different obligation help text from the Projects Screenec37c480feat(moderations): Pagination in requests tab for moderations0d739556feat(obligationlevelhelptext):Provide info text for different obligation Level83282112feat(ProjectUI): feature to add License Info to linked releases from License Clearing tabafdac6f5feat(ProjectVersion): Added the project version in the search Project filter4b1a1b3ffeat(ProjectUI): Fixed copy of projects removes linked subprojectsd44b63bafeat(ProjectGroupFilter):Filter the projects in Advanced Search based on Projects Group4140a8adfeat(rest): Added new endpoints to update attachment info of Project, Component, Release96443359feat(rest): Added rest endpoint to update project-release-relationship information of linked releases in a project756190b4feat(ProjectUI): feature to display the source files linked with the licenses
Corrections
ef27ad5dfix(rest): Auto-set release clearing statedebfe70dFix: Rest interface can not handle licenses which do not exist in the database #5342d56d0b4fix: Wrong error handling when deleting multiple components #851 nam1.nguyenphuong@toshiba.co.jp9a31049dfix(script): Build failure of sw360dev.Dockerfile and compileWithDocker.sh9f32b882fix(readmeossdownload): Null pointer while downloading readme_ossf0aa5cbffix(ui/rest): Issue fetching releases by external ids and null value in external id breaks the release viewbaaa9f42fix(search): search releases while linking to project00083ea8fix(backend): Issues with boolean and timestamp field deserialization and get attachment info REST