sw360-19.2.0
This minor release includes numerous features, corrections, and improvements across the SW360 project since the 19.1.0 release.
Highlight of the changes includes:
- Various vulnerabilities and security fixes.
- Unified/simplified REST API error response with Exceptions.
- New endpoint to get and update SW360 config (also making it possible to update on fly).
- Multitude of REST API endpoint improvements and additions.
linux/amd64andlinux/arm64multi-arch docker image support.
Credits
The following GitHub users have contributed to the source code since the last release (in alphabetical order):
> Akshit Joshi <[email protected]>
> Bibhuti Bhusan dash bibhuti230185 <[email protected]>
> dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
> duonglq-tsdv <[email protected]>
> Farooq Fateh Aftab <[email protected]>
> Gaurav Mishra <[email protected]>
> Helio Chissini de Castro <[email protected]>
> hoangnt2 <[email protected]>
> Keerthi B L <[email protected]>
> mishraditi <[email protected]>
> Mohamed Hanafy <[email protected]>
> Nikesh kumar <[email protected]>
> Rudra Chopra <[email protected]>
> Sameed <[email protected]>
> Shi Qiu <[email protected]>
> Shushant <[email protected]>
> Smruti Prakash Sahoo <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
Features
2d51a3097feat(exception): replace deprecated exceptionf133b896dfeat(Configurations): Add new endpoints that allow to GET/UPDATE SW360 configurations5fa3afec1feat(version): generate OpenAPI doc version on flyd8f6b01d8feat(Department): Add new endpoints: - Get/Update department members - Get importing department's log file list and contentedec79367feat(addNewComponentType) : Added new component type COTS-Trusted Suppliere464254befeat(rest): Added tests for upload and download componentsd8393a319feat(rest): Added endpoints to fetch schedule service statusa1a01c89dfeat(rest) : Endpoint for export SBOM at project detail pagef15fd779afeat(script): read host, user and pass as args8d5a77ee7feat(rest): new rest endpoint for edit obligation65db380b9feat(project): add new values to project state field8c17597a4feat(exportCDX): update CycloneDX exporter dependency from v1.4 to v1.6a84a42b48feat(rest): Count of attachments used in different projects.f40e72c3cfeat(rest): create new endpoint for bulk delete function927da5a54feat(rest) : Search for vendors added.45a53b4e2feat: Add multiarch for docker image6373bed28feat(rest) : Comment added to reuse methods for Duplicateobligation functionalitye764a5823feat(rest): endpoint to merge vendor.4bab8d07afeat(User): Add 2 new endpoints: - Allow Admin user to update user - List all existing department2d0664f2ffeat(rest) : Advanced Search for project pagef15ccd798feat(rest): standardize POST response to include created entity IDc273f1925feat(rest): create new endpoint to delete ModerationRequests by id.be7606f32feat(rest): create new enpoint to upload component csv file.068385703feat(api): complete advance search for components
Corrections
1b92b5135fix(spdx): add null and empty field checks for SPDX documents2d1ace631fix(ci): set min version of CMake to 3.51cb9e8f4efix(test): fix test cases for correct exceptions4cba33716fix(controller): fix further changes after rebaseeb73f32c4fix(Obligations): includes ObligationLevel in get all obligations responsesb0d1be0d0fix(security): remove WebSecurityCustomizer991eb8f0afix(xss): ignore essential headers from XSS filter00d3cb129fix(project): set fields getLicenseObligationDataef153bce9fix(obligation): fix obligation patch5f6796ee6fix(rest) : Advancesearch(AdditionalData) for project page with value based search9daf29b74fix(Project): Resolve issue with embedded type in project release response when length is 0e415d05a4fix: Set docker main and development image9038d8dd2fix: Adjust copyrights and licenses properly72dbb8c72fix(projectService): fix user role check18193631bfix(rest): Add license information linking for project releases.5336aea47fix(script): fix addUnsafeDefaultClient.sh script00b552d58fix(SPDXDocument): Fix bug add SPDX document always return faild4c0f913cfix(Token): Fix bug authentication by user token not working5b3535a9bfix(project): add more null checks for attachments0e9052f23fix(project): null check at /summaryAdministration840fa9740fix: Adjust sw360 container build for external thrifte378da720fix(Admin): fix OAuth Client deserialization and database operationscb52c1ad6fix(Rest): Create new endpoint to activate the department manually.4adc4a268fix(rest) : Add licenseInfoHeaderText in summaryAdministration api responsecadc213e9fix(rest) : Moderation update overwrites previous fieldsd3aeefc6dfix(Attachment): Make get attachment endpoints of component/release/project consistent - Allow updating project/component/release with attachment data (in a consistent way)48f9159bbfix(Rest): new endpoint will help to get the package details by projectId.fbea70a91fix(rest): Added packageIds in project create and update APIs.886ad473cfix(Rest): Updated the REST endpoint to schedule the upload of release component attachments.975e30f49fix(importCDX): Add logging for null metadata in sbom.41ea54857fix(licenseinfo): Corrected the Open Source title in TEXT format to match DOCX format6ba3bf675fix(rest): Prevent stored XSS5365f10b8fix(component): add null check for release mergeb91d3ad10fix(rest): Added code to get obligation releaseView data in project.bbd7a4361fix(Rest): License overview is not updating in summary page.eeb3c86d4fix(rest): fix doc for ModerationRequestController663ac8377fix(rest): Validate comment message while create a moderation request.6dbec3601fix(rest): adding additional fields to attachmentUsage endpoint.325cf0ef5fix(deps): Deprecate old commmons-lang library75d3748ccfix(cloudant): fix structure of elemMatch queryaadf18948fix(report): refactor /reports endpoint20d02c954fix(doc): fix OpenAPI docs for report controller73726c45efix(moderation): fix moderation creation1cd3739bdfix(rest) : modified attachment info in response to the moderation request rest api1e1c5c1d0fix(rest): Added code for for updating multiple project attachments.c8b27567ffix(rest) : Closed Project functionalities not uniform with respect to UI and REST
Infrastructure
57827d8edchore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.139bfa90129chore(deps): bump com.tngtech.jgiven:jgiven-maven-plugin30d5f61abchore(deps): bump org.apache.maven.plugins:maven-surefire-plugin40a22ede4chore(deps): bump poi.version from 5.4.0 to 5.4.1fad1b859achore(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1f73f40dc4chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.09f208baf0chore(rest): rework exceptionsb14bf4058chore(deps): bump github/codeql-action from 3.28.12 to 3.28.135387e3fcdchore(deps): bump maven from70591cbtof1e4a8587806a5aechore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier5a3acda61chore(deps): bump springdoc-openapi-stater-common.versionb15710833chore(deps): bump org.apache.httpcomponents.client5:httpclient50cded8b31chore(deps): bump org.ow2.asm.version from 9.7.1 to 9.8d2de95f47chore(deps): bump httpcore5.version from 5.3.2 to 5.3.4b0e52e4f6chore(deps): bump org.mockito:mockito-core from 5.15.2 to 5.16.12a1ea1952chore(deps-dev): bump com.tngtech.jgiven:jgiven-junit350a8db21chore(deps): bump com.google.guava:failureaccess from 1.0.2 to 1.0.3b4b475444chore(deps): bump org.apache.maven.plugins:maven-compiler-plugin197ed98b4chore(deps): bump springframework.version from 6.2.4 to 6.2.58c87ab4edchore(deps): bump actions/cache from 4.2.2 to 4.2.3403020e2bchore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.24809763e4chore(deps): bump github/codeql-action from 3.28.11 to 3.28.123ac6ea7dfchore(deps): bump org.springframework.security:spring-security-crypto64a8742a7doc(sbom): add allowable SBOM export types40c061cdfchore(controller): fix typo in endpoint namedfe68e180chore(deps): bump docker/login-action from 3.3.0 to 3.4.0712d613edchore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server1b05c7addchore(deps): bump com.ibm.cloud:cloudant from 0.10.0 to 0.10.21ac13a85achore(deps): bump keycloak.version from 26.1.3 to 26.1.4dff3a99d9chore(deps): bump springframework.version from 6.2.3 to 6.2.4fc4910ec0chore(deps): bump org.cyclonedx:cyclonedx-core-java38e0f199achore: Add push docker tag capability4e424695brefactor(rest): enhance logging and error handling in FossologyRestClient79beaf846chore(deps): bump docker/build-push-action from 6.13.0 to 6.15.0ac0cf9887chore(deps): bump docker/metadata-action from 5.6.1 to 5.7.0341fad29bchore(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0c442800bdchore(deps): bump github/codeql-action from 3.28.10 to 3.28.111b2c6f8f8chore(deps): bump tomcat from0530899to1374a56344b6995fchore(deps): bump slf4j.version from 2.0.16 to 2.0.179e584c0a6chore(deps): bump com.google.code.gson:gson from 2.11.0 to 2.12.1a61d51f79chore(deps): bump org.assertj:assertj-core from 3.27.2 to 3.27.3be2535da9chore(deps): bump jackson.version from 2.18.2 to 2.18.3d7869d252refactor: Fix Thrift to 0.20.0 and split from main docker4ee5a62ffchore(deps): bump org.apache.velocity:velocity-engine-core5666c6846chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.10e5871fadchore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.130c482eddchore(deps): bump docker/build-push-action from 6.13.0 to 6.15.06a431c40cchore(deps): bump actions/cache from 4.2.0 to 4.2.2d2c4d0bdcchore(deps): bump keycloak.version from 26.1.1 to 26.1.3188e56fc2chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10b8c0fd5a9chore(deps): bump springframework.version from 6.2.2 to 6.2.301e7f3846chore(deps): bump spring-security.version from 6.4.2 to 6.4.33a3f9d902chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifier562ab7e42chore(deps): bump tomcat from46e15feto05308997e0291da8issue#95431bef0cb6chore(deps): bump net.minidev:json-smart from 2.5.1 to 2.5.21b9662cf4chore(deps): bump tomcat fromc147f0eto46e15fe600b67c3achore(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0cdc2f4058chore(deps): bump org.wiremock:wiremock from 3.10.0 to 3.12.0c9dce5aefchore(deps): bump ubuntu from80dd3c3to7229784953221903chore(deps): bump maven froma330654to70591cbd38bdd326chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9975b92433chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0b5709ce00chore(deps): bump org.jetbrains:annotations from 26.0.1 to 26.0.2a64b21d45chore(deps): bump commons-logging:commons-logging from 1.3.4 to 1.3.5d8b75c575chore(deps): bump keycloak.version from 26.0.7 to 26.1.1de15ed514chore(deps): bump poi.version from 5.3.0 to 5.4.09d2150a9achore(deps): bump springdoc-openapi-stater-common.version264ad75cdchore(deps): bump org.json:json from 20240303 to 2025010772b0dc9ddchore(deps): bump org.apache.httpcomponents.client5:httpclient5cb1cc7478chore(deps): bump actions/setup-java from 4.6.0 to 4.7.06ed457616chore(deps): bump github/codeql-action from 3.28.5 to 3.28.8ed92b9b9bchore(deps): bump maven from8472bdbtoa330654bf6d206d6chore(deps): bump tomcat from846c66etoc147f0ec1fbd1bf8chore(deps): bump com.ibm.cloud:cloudant from 0.9.3 to 0.10.09c20b870echore(deps): bump springframework.version from 6.2.1 to 6.2.295bd3db56chore(deps): bump tomcat from935ff51to846c66eb2dd95270chore(deps): bump maven fromb89ede2to8472bdbcc1ff1153chore(deps): bump docker/build-push-action from 6.12.0 to 6.13.0bbf5c570dchore(deps): bump github/codeql-action from 3.28.1 to 3.28.59dd4ff409chore(deps): bump docker/build-push-action from 6.10.0 to 6.12.0dfd4ab2b0chore(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4226b3f8a1chore(deps): bump org.apache.commons:commons-csv from 1.12.0 to 1.13.03658fb2e6chore(deps): bump httpcore5.version from 5.3.1 to 5.3.2b259a6e55chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.00d4b2abbcchore(deps): bump github/codeql-action from 3.28.0 to 3.28.15f002e04cchore(clients): remove version from clients pom.xmlea7ca60bbchore(deps): bump org.mockito:mockito-core from 5.14.2 to 5.15.2f07a61e2echore(deps): bump org.assertj:assertj-core from 3.27.0 to 3.27.2230334e90chore(deps): bump org.json:json from 20240303 to 202412242e4b511b1chore(deps): bump org.apache.velocity:velocity-engine-core8f65bccabchore(deps-dev): bump nl.jqno.equalsverifier:equalsverifierf4fb51b20chore(deps): bump org.cyclonedx:cyclonedx-core-java from 9.0.5 to 10.1.0dfc187d9fchore(deps-dev): bump net.bytebuddy:byte-buddy from 1.15.10 to 1.15.11fc812cc7cchore(deps): bump github/codeql-action from 3.27.9 to 3.28.0b4e02713dchore(deps): bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jrec737350a9chore(deps): bump org.assertj:assertj-core from 3.26.3 to 3.27.00043dec55chore(deps): bump com.squareup.okhttp3:okhttp from 4.10.0 to 4.12.0d35afa4d2test(components): add test for component filter05472fd45chore(deps): bump org.jboss.logging:jboss-loggingc3d456d49chore(deps): bump com.tngtech.jgiven:jgiven-maven-pluginecea61e71chore(deps): bump org.apache.maven.plugins:maven-failsafe-pluginab17c1f93chore(deps): bump org.springframework.security:spring-security-oauth2-authorization-server3f5fd9ff7chore(deps-dev): bump nl.jqno.equalsverifier:equalsverifiera5d4a5b3fchore(deps): bump actions/setup-java from 4.5.0 to 4.6.08e2234e8fchore: Move dependabot to weekly interval08857345cchore(deps): bump maven from85d505ftob89ede2608975d62chore(deps): bump org.apache.commons:commons-text from 1.12.0 to 1.13.0f59e3b037chore(deps): bump log4j2.version from 2.24.2 to 2.24.30e58f511bchore(deps): bump springframework.version from 6.2.0 to 6.2.16e09df793chore(deps): bump spring-security.version from 6.4.1 to 6.4.25259d8c72chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0fcb603df2chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0318da8768chore(deps): bump org.projectlombok:lombok from 1.18.36 to 1.18.38