This is the changelog file of the sw360 project. It starts with the first release being provided at eclipse/sw360. For older releases, please refer to the first project location:
https://github.com/sw360/sw360portal/releases
This tag covers many corrections/bug after the 17.0 release and multiple new endpoints to support sw360 UI project.
For existing installations, a data migration is required with PR 1963. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in alphabetical order):
> Abdul Kapti <[email protected]>
> afsahsyeda <[email protected]>
> Anupam Ghosh <[email protected]>
> Dinesh Ravi <[email protected]>
> Eldrin Sanctis <[email protected]>
> Gaurav Mishra <[email protected]>
> Helio Chissini de Castro <[email protected]>
> hoangnt2 <[email protected]>
> Keerthi B L <[email protected]>
> Kouki Hama <[email protected]>
> Le Tien <[email protected]>
> Muhammad Ali <[email protected]>
> Nguyen Nhu Tuan <[email protected]>
> Nikesh kumar <[email protected]>
> rudra-superrr <[email protected]>
> Shi Qiu <[email protected]>
> Smruti Prakash Sahoo <[email protected]>
> Tien Le <[email protected]>
> tuannn2 <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
e9a9f308b
feat(rest): Adding pagination for ecc info of releases for a project.c0db06a68
feat(rest) : Adding pagination for listing users endpoint.acc553b14
feat(rest): endpoint to get attachmentUsages for a project.bb0d01fd5
feat(rest): endpoint to get license clearing count for a project.bc5ae7d1b
feat(rest) : Add enableSvm field in response to projects api130ed2585
feat(importCDX): enhanced sw360 CDX importer754ba96a7
feat(CreateCRandRequestsPortlet):Added new field Clearing Type for CR and Additional columns in Open CR tableb89bde7b9
feat(Rest): Modifying the document for search endpointec750b824
feat(bug) : Download release attachment fail issue fixf629a0d3f
feat(rest) : End point for export vendor spreadsheet930ef1d13
feat(docker): Add option to specify cvesearch.host at build timef4febd954
feat(release): Fix response api get single release with costDetails70141590c
feat(rest): API to get vulnerability tracking status03aaa6985
feat(Rest): New endpoint allow load assessment summary information of release8c2e71b85
feat(ui):enable to bulk delete component/releases for admin SW360266aeac3d
feat(REST): Add restricted project counter for component and release usedBy APIca0ef31f2
feat(rest):Update API Create Release with Cost Detail1974005e2
feat(ui): Added collapse and expand icon for all the tabs16dae1a4a
feat(rest): API to get vulnerability tracking statusafe118d96
feat(Rest): New endpoint allow load SPDX license info from attachment of release (ISR, CLX, CLI)a330fde1e
feat(rest): Update release with attachment infoba6c743f5
feat(ui) : Add changelogs for license pagesd369c73e3
feat(rest): Update API create Release with Moderator, Contributor, CpeIdc9c37b94d
feat(rest): Update API create Release with LinkedReleased7b52f53e
feat(rest): Add Information Vendor to response Get release detail4449e6017
feat(liferay): Export private pages include package portlet7c57b8081
feat(rest): Add information user change status attachment when edit component by APId25d35ce3
feat(Project): New configuration make project and releases relationship more flexiblede4125bb4
feat(debug): Add Tomcat manager to dockerfd13d1943
feat(rest): listing license clearing info of a project.cc9291d68
feat(CycloneDX): support CPE in import and export42f44107f
feat(rest): Update Component with attachmentd8c594628
feat(REST): New endpoint to write SPDX license info into released356bc022
feat(UI): Package Portlet Signed-off-by: akapti [email protected]6aa0b8d7e
feat(rest) : asynchronous end point for report download4d4c863ad
feat(RequestsPortlet): Added On Hold value for request status and Next/Last 15 days filterfd159f302
feat(Components): Add a new field VCS/Repository URL for componentsbe9e5f5bb
feat(rest): New Endpoint create attachment34e2d9e77
feat(Rest): Rest API allow to re-generate fossology reportf4432c98b
feat(rest):Adding new fields to get list of project vulnerabilityefbe761f5
feat(ExportSpreadsheet): Add project and release ID to the exported excelb7740902b
feat(ProjectObligationsEdit): Save comment and status fields on edita7bc2969c
feat(rest):New end point for my componentsa4e7f6808
feat(REST): New endpoint split components447143b8e
feat(rest): To list linked projects of sub-projects.ed7f4e237
feat(Department): New function for Department Management662a05977
feat(rest): new endpoint merge component1bf157600
feat(UI/REST): CycloneDX SBOM Importer & Exportere8f6e6b26
feat(rest): update response API Get a single release57b02aa29
feat(REST): Update response endpoint get attachments by release410184928
feat(ECC):Added pagination to ECC release listb6d58b979
feat(ui): add note filed in license pagef14f9b0e4
feat(rest): update response API Listing usersc27a2fe35
feat(rest): update response API Listing vendors9bd7869f4
feat(update): update response api get single component90c59acb4
feat(rest): modify moderation requests8e71c959c
feat(ci): Use actions java setup instead of standard packages037acd41b
feat(ci): Use actions java setup instead of standard packagesa7af308fa
feat(ci): Update build and test to accept dispatch669d6f98b
feat(rest) : api to get count of projects1c4b223f8
feat(update):update response api get attachment by componente6374e820
feat(api): create new endpoint import bom for component462675325
feat(api): create new endpoint update vulnerabilities of a release4dbc8705a
feat(api): create new endpoint update vulnerabilities of a componentbc368f203
feat(REST): Endpoint for Download Attachment Bundle of Release764a24c6c
feat(api): Endpoint get release overview by component391c006e6
feat(REST): Endpoint for Download Attachment Bundle of Component96a032814
feat(api): endpoint get vulnerabilities of a componentd10048956
feat(rest): new endpoint/moderationrequest
e682a50fa
feat(spdx): Added support for pasring of SPDX-2.3 (ISR) generated via fossologyb7710e630
feat(lucene): Modify pom to generate proper war from couchdb lucene53236b590
feat(libs): Add couchdb-lucene as third party84e098774
feat(project): Prepare to introduce thirdparty librariesc80f75908
feat(rest):Components with all details Rest Api doc updatedb32e90154
feat(REST):Endpoint for sbom import249f48f49
feat(SPDX): Making new tab in component release pages for showing SPDX/SPDX Lite data #12409d566af03
feat(rest):New end point for my components53c8d85da
feat(clearing): Improved cloud backend clearing2e0732a2b
feat(rest): Added basic username and password based authentication4f171a659
feat(rest): optimize fetch project729207997
feat(EditCR): Admin will be able to reassign/edit the Requesting User of CR56096f24a
feat(ProjectUI):ExternalIds and Additional Data fields in Export Excel7b84b0e4f
feat(api): get vulnerabilities from relase by apiaafc95808
feat(rest) : Update data without moderation request And This features' a configurable setting73ba7012d
feat(docker): Use main Maven docker imaged6555a370
feat(rest): endpoint for linked projects.e20d7bf06
feat(rest): new endpoint /releases/recentReleasesc5aea6f4e
feat(rest): newendpoint /components/recentComponents.d707d7b53
feat(rest): new endpoint/projects/myprojects
0f95fd368
feat(project): Added Email functionality for individual project spreadsheet exportff92cd956
feat(ProjectUi): Enable Release with only one non-approved CLI for 'Adding License Infor To Release' and 'Displaying Obligations' (#1764)f5daadb6e
feat(Search): Added restricted search (#1797)df0a6a123
feat(ui): Add banner to broadcast messages (#1830)d4cd90f67
feat(Project): Added Vulnerability Summary Tab in Projects.ca1da16fe
feat(ProjectsUI):Changed Expand All To Expand Next Level and added alert messageb682060ae
feat(Advance Search): Provided an 'Exact Match' checkbox in Advance Search that inserts (") around search keywordb0ccdc480
feat(ci): Add thrift binary to cache95009d35f
feat(project): Add pre-commit and spotlesseabbb0053
feat(svm): Publish SVM codes to Community
5e48f83b2
fix(importCDX): Remove view BY_VCS_LOWERCASE and BY_PURL_LOWERCASEe94d9c729
fix(Moderation): Fix bug could not open Release and Component moderation request45b317d86
fix(rest): adding additional fields to rest response for linked projects.4e329b464
fix(license): Update Response api for single license and Add rest-docs api create licensed261f70e5
fix(rest): Added new endpoint for LicenseType in admin tab41d735f9a
fix(package): Can't link project to package1debd1e2c
fix(REST):Get Component failing for names with space521835e38
fix(UI) : Added code to import the upload license in admin tabf748c7cba
fix(package): Create package by API can't link releaseeb7efb3f9
fix(rest): create new endpoint for import OSADL information in admin tab.23242daaf
fix(importCDX): Resolved unnecessary update of component fields976f0ffeb
fix(rest): Added new rest endpoint for upload license in admin tab.fbd924cdd
fix(Package): Can't create a new Package by API08962f93c
fix(rest): New endpoint to download archive files in admin pagef49e6d372
fix(db): clean-up closed moderation requests.c0dbccfd5
fix(lar): Remove old lar files that are usable only for old releases67f8d9f5a
fix(OAuthClient): Fix Can't show OAuth Client pagede67119ae
fix(rest): create new endpoint for import spdx information in admin tabc2a9ee24a
fix(GUI): Fix edit dependency network GUI broken91b768595
fix(rest): Removed the copyright text from RESTAPI docs9d37c4993
fix(rest) : Modifications to improve GET result speed3bf53a1a3
fix(docker): Use the recommend fix fro Liferay x Java5a1ba6145
fix(UI): Added code to load moderation documents in request tab5fcb2b303
fix(sw360Build): build failing because of invalid CEN header7c8f8d24b
fix(rest):new endpoint to delete all license information in admin tab9f7859184
fix(lucene): Use old javax.servlet5f1e3d0ce
fix(OSADL): Add missing obligation rulesb70be52a6
fix(rest): API create component's businessUnit is always set as the user's departmentec4c39e06
fix(doc): remove merge conflict notation7b0938a6b
fix(Export): component.visibility.restriction.enabled option works incorrectly with the Export feature in Cyclone DXc0df9334d
fix(Rest): Allowing search for components without encoding475b4b437
fix(UI):word correction of Initial use scan in attachment typef29de2b1c
fix(rest): show linked project in project summay tabf237ecdb6
fix(Rest): Allowing search for externalIds without encoding5cdd364eb
fix(rest): fix test rest api of componentded850d7c
fix(UI): Sorting release verions in drop down menu when inspecting component.c4079d9a0
fix(Rest): Add clearing information in release response04c64a580
fix(rest): Missing moderators field when creating component using API9d79b2896
fix(rest): Added endpoint url for summary and administration page info81b6ca3a7
fix(readme): Add Information of python2 to python3 change when running file migration scriptsb02f90ec2
fix(update): Update the migration readme file3f7349f78
fix(db): Data Quality and reduction of storage.42ffce89d
fix(test): Add missing test depsb6303eccc
fix(deps): Normalize spring-web and spring-boot versionsbada732d8
fix(rest): Add Description field for myProjects and myComponents in homepage.19325b333
fix(lucene): Restore original portlet naming and configse3df30e53
fix(docker): Restore document_properties volumeed87dde0b
fix(docker): Enable cache deps downloads in volume5ce0d0788
fix(license): Fix attachment type when importing SBOM262d0cad6
fix(EditCR): Not able to edit CR2bcb6185e
fix(docker): Remove clucene buildbd39f4fa5
fix(sw360): Add sw360 adapt patch by default53236b590
feat(libs): Add couchdb-lucene as third party9811edf59
fix(update): Updating sw360.propertiy file is missing when using SPDX Document Tabe1dd33f43
fix(rest): added endpoint for release subscriptions6479d8894
fix(libs): Normalize json versionsc2844e30c
fix(deps): Revert httpcore and fix httpcore and spring-bootd4e4ac764
fix(deps): Update to current httpcore5 release96387f9c7
fix(cache): Key was invalid due file not exists and hash attempt fail43a07df64
fix(ci): Cache now use the right namingb42ea4fd3
fix(versions): Normalize javax.activation version61c0a1b7c
fix(docker): Remove couchdb-clucene from the slim jarsfdbc8c360
fix(docker): Adjust config defaultsc923fa847
fix(component_gui): Can not load component detail page with long additional data textd8b9d77f6
fix(UserSearch) : Modified the user search operation (#1858)b54169f09
fix(projectExporter): Added Project visibility in project exporter spreadsheet8c454efb6
fix(config): Couchdb configs not like double commasb7d2f7a46
fix(docker): Update docker-compose.yml470b70788
fix(docker): Move to the new Github org2a9bffa4f
fix(rest): componentType field will show when allDetails true in release59ebfdcf0
fix(UI): Attachments tab not loading in UIf81243c40
fix(docker): Fix couchdb default setting48f688e1b
fix(docker): Change maven version from 3.8.7 to 3.8.8cd4293f97
fix(api): deletion project returns 500 error and API doc of link release to release makes ambiguousdd6f60218
fix(rest): disable URI encoding in search by external ids in releaseaecc19141
fix(rest): endpoint api/projects does not return all projects5514b4e38
fix(language): Fix the properties file and add some other needed files for Chinese language support3ff6f65bd
fix(rest): Added endpoint for mysubscriptions for componentd6da8a919
fix(rest): Added endpoint for release subscriptions2a0395256
fix(ProjectUI):External Id not visible in Vulnerability Tracking Statusc596d6094
fix(vulnerability): apache commons-text vulnerability CVE-2022-42889 #1864949288618
fix(project): Update Apache commons-text27d5fc011
fix(db): Deactivate email notification of user not belonging to a domain.1af7ecb1a
fix(LiferaySetup):Website not loading after removing BannerMessage Field63e2fef1d
fix(rest): Api endpoint /components/usedBy returns 500 when component not have any release.e66363183
fix(UI): Error when creating/editing duplicate project/component/releasec28bac8e8
fix(ui): support Vietnamese language in Obligation page2d20226e7
fix(Script): Modified script such that it removes trailing and leading whitespaces of components and releases and additonally link releases of duplicate components3b7269f6d
fix(vulnerability): Script to repair release vulnearability relations92b18eaaf
fix(UI): Added EnableSVM field in project exportspreadsheet9f277825b
fix(attachmentUploadModal):Progress bar will be visible only after clicking on the upload button0a59109e9
fix(rest): Reuse centrally created thrift client92f3c42f0
fix(pre-commit): Do not run clean/build3cc8b6293
fix(ci) : Change maven version from 3.8.7 to 3.8.727e14e70b
fix(UI) : Added Created on in project export799d2f789
fix(UI): ISR which will make the SW360 Release status as Scan Available09c126967
fix(UI): unset few field while create a duplicate in project and component5d9c3024b
fix(UI):remove deactivated users from moderators list790c7ae9d
Fix(REST): Add COTS details information when fetch a single release that has component type COTS3cd88e009
Fix(Search): Fix bug can not show result with special character and can not search Obligation776c9b3ff
Fix(Rest): Add more information in get components response (support New GUI)ce6f9e616
Fix(Project): Can't disable CR based on Japanese groupd80822818
Fix(Project GUI): Fix bug missing obligation text when change status or comment of component, project, organisation obligation in project edit67dff9e27
Fix (REST): Fix bug do not set businessUnit automatically when create component. Get all components always return visibility EVERYONE.b6bfa4258
Fix(REST): Fix bug update project without vendor information will remove vendor of project
265fb1953
ci(fix): Ignore requirements.txt files in testForLicenseHeaders6be2c6f79
build(deps): bump org.json:json from 20230227 to 20231013d630785b1
ci(fix): Missing code checkout on clean workflow0b713d8af
refactor(docker): Improve docker build and deployment9f71e11a7
docs(openapi): add OpenAPI doc for Obligation, Package and Reportc315c0b7a
docs(openapi): add OpenAPI doc for License and Moderation8194286af
docs(openapi): add OpenAPI doc for ComponentController05a27600a
Update build_and_test.yml5410eefc5
Update README.md606d9b353
Update README_DOCKER.md1a534db4d
docs(openapi): add docs for attachment98e10d47f
docs(openapi): add docs for vendor, user, searchac8e9d10f
docs(rest): generate OpenAPI docs for Project561687678
chore(docker): update maven versionc3492c322
chore(deps): bump guava from 31.1-jre to 32.0.0-jrea9821a634
chore(thrift): Prevent datahandler recompile all the times1d15e7741
chore(deps): Update thrift versionf5c86b9d9
chore(deps): bump jose4j from 0.7.9 to 0.9.3 in /rest/resource-server1d3cd248b
chore(rest): Making endpoints configurablecd6d5cfed
ci(cache): Give GH_ACTIONS permissions to reach cache21833c85c
ci(cache): Give GH_ACTIONS permissions to reach cachebaaa882f8
ci(docker): Improve cache mechanismae2b667f7
ci(secrets): Fix the new secrets loading mechanism651c67680
ci(cache): Fix thrift cache missf6d40b3e6
ci(project): Update pre-commit and ci hooks5081686ca
chore(action): Cache maven dependencies8937ec88b
Update(Vulnerability): Improve the function of API to delete vulnerability and relation of vulnerability with releaseb41273dec
chore(migration) Avoid null pointer on script 048_add_component_businessunit.pya49191fb7
upd(ci): Reduce the intermediary docker builds for Midnight daily
This tag covers many corrections/bug fixes after the 16.0 release.
This release provides features, muliple bug fixes for release 16.0, for example, new REST endpoints, improved docker script and fixes related to liferay-7.4.
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <[email protected]>
afsahsyeda <[email protected]>
Anupam Ghosh <[email protected]>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Eldrin <[email protected]>
Gaurav Mishra <[email protected]>
Helio Chissini de Castro <[email protected]>
Jaideep Palit <[email protected]>
Kouki Hama <[email protected]>
Muhammad Ali <[email protected]>
Nikesh kumar <[email protected]>
rudra-superrr <[email protected]>
Smruti Prakash Sahoo <[email protected]>
tuannn2 <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
a20704c7
update(lang): add chinese lang property filef9d23047
feat(MailApi): enable control over trusting the email host3707569d
feat(rest): new param (allDetails) added in component call to get more details of component65011f18
feat(UI): Applying sorting on release versions in drop down when inspecting a component.c8597b45
feat(SPDX): Upgrade tools-java library to support SPDX 2.3 format684d3c6a
feat(ProjectUI):License Info In the Spreadsheet Exported from Project License Clearing111d5876
feat(RESTapi): created new endpoint for clearingrequest and modified existing endpoint payload8cb48cd8
feat(AdminUI):Changed the title of the button in Edit Client modal to 'Update' from 'Edit' and set the validity to 'Days' by default in OauthCliente6a81fe0
Feat (Vulnerability): Improve add/update/delete vulnerability APIs implement add/update/delete vulnerability by GUIe9b035f2
feat(buildsystem): Rearrange dependencies and deploymentsb4c14975
feat(CRUI):Change CR state 'On Hold' to 'Awaiting Response' & edit PreferredClearingDate35d9e021
feat(docker): Move deps script outside docker builddb5176ab
feat(deps): Update shared slim script to have a txt file with libraries4596f06d
feat(SPDX): Use new SPDX library (#1496)d6ba4c07
feat(docker): Improve docker size and build time467edfba
feat(UI):Made the table header collapsable in wherever possible1550e909
feature(ui) : select your group in Project page by grid3b4e36c7
feat(search): allow searching for external ids27869c8a
feat(ProjectUI): Load License info header text based on project group
93363bd7
fix(dependencies): Update okhttp and httpclient versions35ea249b
Fix(Vulnerability GUI): Fix bug cannot load vulnerability view pageb131a5bc
fix(ProjectUI):Stale data displayed after using the Group filter in Project Advance Search2cd58b9f
Modified the check so that searchQuery is considered when submitSearch is empty01eecf3a
fix(ProjectUI): Changing Project group should update CR4ca47851
fix(REST): Save otherLicenseIds while patching Release - 1735e97c8188
fix(UI): Added new column in exprot spreadsheet in project tabae77534c
Fix(Obligation): Fix bug can not add/update Admin Obligation and import OSADL06b741b0
fix(SPDX): import SPDX licenses with new SPDX library (tools-java 1.0.4)5d86c067
fix(moderation_request): Added a check that if documentId is null then ignoreac308a5d
upd(CI/CD): Build and test only during the PR.7da2858a
upd(docker): Fix wrong branch42cce1a6
upd(docker): Publish push to main commitsd0432233
fix(script): Script to remove trailing and leading whitespaces from component names4f7fd085
fix(ProjectUI): Multiple alerts when there are same linked projectsf6c22e52
fix(PreferencesUI):Read Access has to be checked before Generating token920d1281
fix(docker): Deploy libraries in correct place1564ab79
upd(doc): Update docker documentation related to redirects5c9e7845
upd(docker): Improve docker build and github actions7bcb75db
upd(docker): Improve github actions pipeline03e665ec
fix(docker): add missing dependenciesb679b883
fix(UI): Unresponsive UI & top align session message68f171f5
fix(UI): Added code to show the project list in component tab8312a8e6
fix(UI): Text field is blank while ExportSpread in licenses05b9c5f0
fix(User): CountryId does not exists while creating user with new Organizatione0059eec
upd(docker): Push sw360 docker image to registry429b6b73
fix(UI): Default behaviour of write access checkbox restore5ffcda69
fix(Project and Component UI): Formatting issues and the type of files that can be uploaded in Import SBOM MOdal are limited to rdf now-78332ea05fe
upd(buildsystem): Move away build-configuration8c09cfa1
upd(deps): Update jackson versionsb7757326
Fix(ProjectUI): Fix bug when editing obligations in a project.46e2b73d
fix(CouchDbView): Improve couchdb view performance282298e0
fix(Docs): Fixed REST and MkDocs generated issue9a1dcb48
fix(ecc): Reset Ecc Fields when Component type is changed.a5ece957
upd(sanitize): Remove lib prefix from datahandlerca8b2efc
"fix(rest): Added code for to Update the REST-API documentation for Definition of Manufacturer on project level14103917
fix(ComponentUI):HTML encoded character in Vendor field01448d74
fix(scripts): Sanitize scripts13753dbf
upd(ghactions): Fail fast with the license checker without setting a full blown systemb365744e
fix(bnd): Restore original bundle8682aa42
fix(docker): Dependencies need to be deployedaa4b625e
upd(docker): Move versions to separate file and update dep script9d3e9b3f
fix(versions): Update commons lang to correct last version7ee69887
fix(SBOM): Fixed Component type is not being set when components are created by importing SBOMdb359094
fix(ecc): Script to change ECC status in Releasedaa15a90
upd(thrift): Use only provided tarball to generate resources932987bc
fix(maven): Update commons-logging to equal versionsd9f594ec
fix(maven): Update commons-codec to equal versions41450708
fix(liferay): Use unique versions for same dependencies5acd4ecb
fix(maven): Use unique versions for same dependenciesde429b3f
bug(docker): Fix share location of jar files5e0a30cd
fix(ui): Fixed lar file to add missing widgets(Oauth Client & License Types)adb4f930
fix(ecc): Script to cleanup ECC information in released0ead7d1
fix(rest): Added component type tag in release apif0f308e4
upd(maven): Update maven build infra2db4244f
fix(UI): Do not copy specific external id while cloning releaseb8190e25
fix(UI): Disable write access from UI9f5e1ddd
fix(CrUi): fix the critical CR creation issuea6f8fa65
fix(ProjectUI): fixed Release filter bug in AttachmentUsage tab77e0ec1d
fix(ui): Generate portlet X url inside portlet Y33908857
fix(report): Nullpointer downloading reporte1dd21fc
fix(jenkins): Update old eclipse jarsignerf35c6244
fix(deps): Fixed wrong dependency download7ba948c4
fix(docker): Fix double called shutdown scriptd2d8011f
bug(docker): Fix invalid commited docker props9cddc708
upd(Docker): Upgrade docker and versions for new Liferay3a0d8c38
fix(AdminUI): Prevent license type duplication with case insensitive check17a82169
fix(ui): cannot link Component with closed project6d0a20ef
fix(REST): fixed release update issue for releases with invalid licenses
a2b75597
fix(doc) : update migration Readmeb7048928
upd(README): Update with new informatione130c068
chore(deps): bump spring-security-core in /frontend/sw360-portlet6b8c6e7d
Update githubactions.yml8602a169
WIPe7e9858f
chores(liferay): updated liferay kernel and theme9e64374c
chores(upgrade): Updated default country Id of liferayf19f0203
chores(upgrade): Fixed the ui issues71145b2a
chores(upgrade): Updated default country Id of liferaya7fd29d7
chores(upgrade): Fixed the ui issues822597c2
Updated versions in bnd file according to Liferay 7.4.3.18 GA189efff9ff
chores(upgrade): Upgrade Liferay to 7.4.3.18 GA1832bc4839
chore(rel): Changing back to 16.1.0-SNAPSHOT
This tag covers many corrections/bug fixes after the 15.0 release.
This release provides features, muliple bug fixes for release 15.0, for example, new REST endpoints, new integration test suite.
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <[email protected]>
Alberto Pianon <[email protected]>
Anupam Ghosh <[email protected]>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Helio Chissini de Castro <[email protected]>
hoangnt2 <[email protected]>
Jaideep Palit <[email protected]>
Kouki Hama <[email protected]>
Pham Van Hieu <[email protected]>
Smruti Prakash Sahoo <[email protected]>
Tran Vu Quan <[email protected]>
tuan99123 <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
1f6db6db
upd(mockito): Update the deprecated old mockito-all to mockito-core29d019b6
feat(ui): Ability to filter for active users0d0de03c
feat(ReleaseUi):Display AssessmentSummary info from CLi in Release details page709a5ec9
feat(UI): ModifiedOn & MOdifiedBy fields for Project/COmponent/Release73fe7e68
feat(export): Enable mailing for exported spreadsheet for componentsbbc37a93
feat(ProjectUI): added filter for linked release/projects tablea9053df2
feat(ProjectUI): AttachmentUsages - Added option to filter for releases without source attachmentsf7aebb1e
feat(rest): Add upload description to trigger fossology process26226fbb
feat(exportExcel): Send an email to user with download link once export completed860e420d
feat(exportExcel): Generate and save excel to file system, Download generated file with token07b54e93
feat(UI): Display Licenses from Scanner findings in ISR attachments9511adb7
feat(obligation): add function Edit/Duplicate/Changelog for Obligation830f463a
feat(ui) : Strengthen sw360 admin privileges about Read and Write7dd31343
feat(compose): Common network adn Fossology decoupling5974152f
feat(ProjectUI): Disabled CR based on project Group0f2e4c14
feat(rest): Get Project Vulnerability by external id and release id3dfe2bbc
feat(projectUi): Update some fields in a Project in closed state440a6fda
feat(docker): Overhaul SW360 docker0dc962d0
feat(script): Addition to update project field starting with some valuee5516c21
feature(docker): Run sw360 as non-priv usercec73056
feature(docker): Use volumes with tomcat33481c32
feature(docker): Add fossology on the mix4036a822
feat(project): Added vendor for project
00271e79
Fix (Component): Fix bug component list sorting3eb27362
fix(closedproject): Fixed issue w.r.t. editing close project8911a4c4
fix(project): Added write permissions for closed project1bef35d3
update(ghactions): Improve gh actions processbcdfad6b
update(docker): Docker to use latest Ubuntu LTS728acb20
fix(export): Added missing ECC AL column and release vendor in project export8efc4871
fix(rest): Added release main licenses in the response5f5bca8a
fix(ISR):Fixed source file not found in ISR & Total files count mismatchb4f0b870
Fix (Release): Fixed vulnerability can't be deleted when it is linked with a deleted releasef8052466
fix(UI): fix Some long sentence can't show property in License Obligation8ead75c3
fix(ui): Display url, email, text of Additional Data for Component and Releasebafd477f
fix(CR-UI): fixed the count mismatch in Open Components column of CR tablee776a969
fix(excel-export): fixed project filter issue while exporting excelbcc2d89c
fix(Obligation): Save Admin Level Obligation based on Obligation topic1bec6af2
fix bug Invalid GitHub action #15199bc9b9bb
Fix(License): Fix bug one license cound add only 10 obligations4b7197b4
Fix(REST): fix visibility of Project Rest APIaef08989
fix(docker): Add better proxy documentation to docker-compose534ee6f7
fix(ui): Fixed Obligation count in project viewcac1b13e
fix(thrift): Updated thrift configuration to adopt configurable max message size and max framesize2fab647b
typo in the docker run command8d1ddfc3
fix(compoent-visibility): Moderation request for clearing admind92ecace
fix(ui) : modify translation for search function3792db20
fix(ModerationRequestUI): Fixed project Moderation Request UI is not loading1c0dd050
fix(Dockerfile): Make Dockerfile more consistenta8c2334e
fix(merge): Optimized code to check for write permission of release and components before starting to merge9bbb49ba
fix(modReq): Fixed moderation request for release with version overwrited1fd4307
fix(ReleaseClearingState): ClearingState not changing to New from Scan Availablecbec94a4
fix(api): Correct the ECC status when release is created by APIf0f9ff62
fix(docker): Added missing license6fb1f415
fix(docker): Add Document Library as volume to enable keep custom settingsfde1f460
fix(docker): Add proper missing clucene configb719f989
fix(docker): Add better proxy handling11e24172
fix(docker): Get liferay from github releases6bddc2bf
fix(docker): Reduce first bootstrapping5df8eb4a
fix(docker): Update README_DOCKER.md0e917987
fix(docker): Update documentation with CSS issuee1a21e07
fix(docker): Update documentation with CSS issuecfe7e413
fix(docker): Improve documentation and persist porta-ext.propertiese335c374
fix(docker): README update and cert ignore for curlab23d0cc
fix(docker): Thrift builds now under tmpfsff9409fd
fix(docker): Improve build speed and build layers size5467abf9
Update docker base using Eclipse Temurin681eb0c4
fix(ui): Restrict visibility of each component/release like Project0b06f3ee
fix(ui): Fixed pagination of component list with search paramsf14298a4
Fix search function with key is empty
7332bec0
chore(dependencies): spring vulnerbility - cve-2022-22970,cve-2022-229713efa3a56
(chores): updated README.md and download_dependencies.sh files7541ec8d
chore(deps): bump spring-security-core in /frontend/sw360-portleta17efda8
chore(deps): bump gson from 2.8.6 to 2.8.918763b51
chore(deps): bump jackson-databind from 2.11.3 to 2.12.6.12502b58d
(chores): fix security vulnerabilitiesce57d9b5
Update information about port redirectionea798093
Update README_DOCKER with typos fixinga7a75336
chore(rel): Changing back to 15.1.0-SNAPSHOT
This tag covers many corrections/bug fixes after the 14.0 release.
This release provides features, muliple bug fixes for release 14.0, for example, new REST endpoints, new integration test suite.
The following github users have contributed to the source code since the last release (in alphabetical order):
Anupam Ghosh <[email protected]>
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Gaurav Mishra <[email protected]>
He, Albert <[email protected]>
Jaideep Palit <[email protected]>
ravi110336 <[email protected]>
Smruti Prakash Sahoo <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
9807d381
feat(ui): Added new Clearing State and Attachment Type77f06a6e
feat(ci): Remove dependency of commonsIO from clientbe212373
feat(ci): Fixed Attachment test casesbf43f889
feat(ci): Fixed Release test cases790c935f
feat(ci): Fixed component test cases32ae085f
feat(ci): Run Client Integration Test for rest api on DB77f49ec2
feat(ui): Added new column for ECCN in ECC status tab of project details view8ed3c68d
feat(AttachmentTypeUI):Add a new attachment type Security Assessment.2e593adf
feat(client): Added Java Client Apis for vulnerability endpoints.
2b562699
fix(ci): Fixed vulnerability IT testcases854c6453
fix(release): Fixed mainline state is empty when creating a release by ui or restbe26f6ca
fix(ci): Fixed Project Client Testcasese06eb192
fix(ci): Fixed License Testcases2261b62f
fix(script): Fixed deployment status check after spring boot updat02ecfe6f
Fix default config not working issue30e404bd
Fix component list sorting errorf6337094
fix(rest): Optimize rest api for get project by tag, type, group
376d5b94
chore(deps): bump log4j-core from 2.17.0 to 2.17.14fc46d41
chore(deps): bump log4j-core from 2.16.0 to 2.17.0c386b4c6
log4j version upgrade to 2.16.0(log4j-vulnerability)b8ebd682
chore(rel): Changing back to 14.1.0-SNAPSHOT0368ae99
chore(readme): Update release badge to latest
This tag covers many corrections/bug fixes after the 13.4 release.
This release provides features, muliple bug fixes for release 13.4, for example, new REST endpoints, new functions in the UI and changelog enable/disable from sw360.properties.
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in alphabetical order):
Abdul Kapti <[email protected]>
Anupam Ghosh <[email protected]>
Jaideep Palit <[email protected]>
Kouki Hama <[email protected]>
Michael C. Jaeger <[email protected]>
ravi110336 <[email protected]>
Shi Qiu <[email protected]>
Smruti Prakash Sahoo <[email protected]>
Tran Vu Quan <[email protected]>
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
e1923ac3
feat(UI): import OSADL obligation information and update screen of Adding new obligation2b6b9a9d
feat(UI): CLI file clean up assistant3702de56
feat(rest): Added rest api to create duplicate of project8ff2748f
feat(RestAPI):Update the attachment status with the approver/rejecter Name and Group.e3d8122a
feat(ProjectUI): Add new values to Obligation status3bab5e99
feat(ui): Display,update vulnerability for linked projects in project details view8d1f96ff
feat(log): Added output processing of the change loga873ad83
feat(ReleaseUI): License to SourceFile Mapping533ace69
feat(rest): Add Rest API for linking release to release
ea72ce63
fix(ui): Fixed redirect page from Release Edit page to Release Details pagece9d9550
fix(changelog):Fixed the file permission issue for sw360 changelog.9ef38314
fix(rest): Change base url of health api from /actuator to /843f1f8d
fix(rest): Get component by name case insensitive96a59335
fix(rest): Create duplicate project clearing state should always be open and not copiedfc1f1e39
fix(sw360ChangeLog):Configure the sw360ChangeLog path.d27527d3
fix(docker): Fixed cannot upload attachment more than 1 MB by Rest Api46e6eb18
fix(views): Optimize views for components2e8a9cc8
fix(views): Optimize views for releases21682a3a
fix(views): Optimize views to load large projects65719867
fix(rest): Fixed hateoas link not showing correct protocol0ed91d75
fix(ui): Links in ReadmeOss as HTMl are not rendered properlyedeb13d2
fix(ui): fix the bug that attachments usages in project cannot show other line5bff785f
fix(rest): Update project vulnerabilities0202f9df
fix(rest): Fixed projects loading issue in REST62d8887b
fix(UI):Component details not shown for the Security Admin Role.1db9afda
fix(rest): Added new parameter luceneSearch to Get Project List Api, to get project list based on lucene search3305fc6b
fix(Japanese) : Update and modify Japanese translations2f85cf70
fix(projects): Fixed thrift timeout by optimizing projects loadingaa8574eb
fix(upgradeVersion): Updated resource server properties for Spring 2.Xa0f1861b
fix(upgrade version): fixed the test cases failure issue when generating the rest docs.033d912a
fix(upgradeVersion): Fixed Test case for authorization server with spring boot version upgrade * Refactored code and removed commented lines71bf74bc
fix(upgradeVersion):Upgrade version.2e98d07d
fix(RestAPI):500 Internal server error from releases API.eb6192bc
fix(ui): Cleanup moderation request on deleting project/release/component57e08173
fix(ui): Changes in External urls in Project are not registered in Moderation Request. Closed Moderation Request doesnot show Proposed changes8b5ffecc
fix(Rest):make SW360 REST API Get Releases by Name Case-Insensitive.97a72951
fix(DBTestsFail): Migrating databasetest.properties to couchdb-test.properties.6c3c51ec
fix(log): Fix indentation issue in source code.4ab50904
fix(MyProjectErrorMessage):update the error message in UI for the project which is not accessible.d2f22b80
fix(ui): Fixed js error while merge component/release with null additional data9c4d2f0d
fix(rest): Added exception processing for authorizationaf443442
fix(script): add password and user in couchdb-lucene.ini318d0923
fix(docker):Update couchdb3.1 ubuntu20.04 liferay7.3.4 postgresql125ec1df6a
fix(ci) added new files to license check script26dc7333
fix(ui): Fixed create/update users with uppercase email or externaliddb1c1a97
fix(ui): User should be able to edit group of project
This tag covers many corrections and bug fixes after the 13.3 release. Th eproductive use of 13.3 has revealed a number of issues resulting from the big persistence layer switch.
This release provides also features, however, some smaller news are there, for example, new REST endpoints or new functions in the UI.
For this version, no database migration is necessary.
The following github users have contributed to the source code since the last release (in alphabetical order):
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
3089008c
feat(rest): Support map of release id to usage as request body in addition to previous array of release id fordf2f6dad
feat(VirusScanSchedulerService): Scheduler Service for deletion of attachment from local FS276650a9
feat(ObligationHelpTextforProject): Provide the different obligation help text from the Projects Screenec37c480
feat(moderations): Pagination in requests tab for moderations0d739556
feat(obligationlevelhelptext):Provide info text for different obligation Level83282112
feat(ProjectUI): feature to add License Info to linked releases from License Clearing tabafdac6f5
feat(ProjectVersion): Added the project version in the search Project filter4b1a1b3f
feat(ProjectUI): Fixed copy of projects removes linked subprojectsd44b63ba
feat(ProjectGroupFilter):Filter the projects in Advanced Search based on Projects Group4140a8ad
feat(rest): Added new endpoints to update attachment info of Project, Component, Release96443359
feat(rest): Added rest endpoint to update project-release-relationship information of linked releases in a project756190b4
feat(ProjectUI): feature to display the source files linked with the licenses
ef27ad5d
fix(rest): Auto-set release clearing statedebfe70d
Fix: Rest interface can not handle licenses which do not exist in the database #5342d56d0b4
fix: Wrong error handling when deleting multiple components #851 [email protected]9a31049d
fix(script): Build failure of sw360dev.Dockerfile and compileWithDocker.sh9f32b882
fix(readmeossdownload): Null pointer while downloading readme_ossf0aa5cbf
fix(ui/rest): Issue fetching releases by external ids and null value in external id breaks the release viewbaaa9f42
fix(search): search releases while linking to project00083ea8
fix(backend): Issues with boolean and timestamp field deserialization and get attachment info REST
This tag is applied to have the migration from cloudant to ektorp in one single step. Ektorp is a Java library which provides an object oriented interface to the (REST-based) access to couchdb. It has been used in sw360 from day 1. Now we concluded to replace ektorp: it does not support paging; having our server growing larger and lager and serving more and more users, receiving results sets from a couchdb view without paging is a pain. And it did not look like it will be supported, because the ektorp project looks calm now (last commit to master in 2017). Among the available options for replacing ektorp, we choose the java-client from the open source project cloudant (version 2.19.1, see https://github.com/cloudant/java-cloudant). It supports paging and offers potentially other interesting features (caching, compatibility with MongoDB, etc.).
For this version, no database migration is necessary.
The following github users have contributed to the source code since the last release (in alphabetical order):
Please note that also many other persons usually contribute to the project with reviews, testing, documentations, conversations or presentations.
0e22d55e
feat(components-pagination): paginated view response for componentsfd95a2cf
feat(cloudant): Migrating from ektorp to cloudant java client
The reason for this tag is to have the last release before the ektorp framework to the new cloudant framework for access to the couchdb. This upcoming change will touch a large number of places in the code and thus a last release before this larger change will be merged.
As per notable feature there is the new UI in the admin area to issue the OAuth client credentials for the OAuth legacy workflow for the REST API. Another feature is the storing of all attachments (at upload) also to a configurable location in the file system. This helps anti virus software to scan these instead of requesting them from the couchdb. Note that files are stored at the configured path with user_mail/document_id
folder structure to quickly track down origin of viruses and malware.
This milestone tag also chovers changes to the build infrastructure on the eclipse servers to prepare future releases.
For this version, no database migration is necessary.
The following github users have contributed to the source code since the last release (in alphabetical order):
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
d8021733
feat(AttachmentVirusScan): Store attachment to File System asynchronously, handle saving of large multi-part attachments. Fix test cases5c77743f
feat(AttachmentVirusScan):Store the attachment to local file system for virus scan.d97146a3
feat(REST): Added new Rest API endpoint for reading clearing request50f576a2
feat(OAuthClient): Create, update, delete OAuthClient from UId4017345
feat(PredefinedTags):Predefined tags per group in the Projects Tag field.0c7fc59a
feat(UI): added button for copying document id to clipboard
d19d08d0
fix(rest): Added support for pagination and retrival using multi valueprojectRelevance
param3419b4a6
fix(search): Removing support for_fti
hook based lucene search for couchdb 1.xf783240a
fix(rest): Fix status code when moderation request is created as a part of an API call4f2c2121
fix(moderaion):add CommonUtils.addAll(moderators, dbcomponent.getModerators());8b867c19
fix(build): Fix issue with overwriting of patchlevel variable in pom.xmlb9a38744
fix(test): Use test databases in maven test phasec68b4d4a
fix(OrtIntegration): Fix client to perform case insensitive search of component.784fbafc
fix(script): Utility script to recompute clearing state of releasece69b3bd
bug(eclipse): Quickfix for maven flatten pom problem
958a8a77
chore(tag) changing back pom.xml shapshot version tag
This time: client libraries. This release among other things brings the client libraries taken over from the sw360antenna project and moved them into the sw360 code base. The client libraries enable Java applications to communicate with a sw360 server via REST calls. Other notable contributions include:
- Support for CouchDB 3.x
- Massive speedup of SPDX import by switching to streaming based parsing for license information for large files
- Single container setup (see
Dockerfile
in project root) for super easy deployment of sw360 - More UI improvement on sorting and filtering in list views
- Supporting multiple templates for the project clearing reports
- REST: Manage used attachments for license info generation and better querying of vulnerabilities
For this version, no database migration is necessary.
The following github users have contributed to the source code since the last release (in alphabetical order):
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
0b7818de
feat(MyProjectsUI):Add additional filter to MY PROJECTS homepage based on clearing state9e98dd3f
feat(ChangeLog): Highlight changes between old and new revision of Documenteef05a1b
feat(ProjectUI): Sort & Filter for ClearingStatus TreeView tableb6cd9df7
feat(Issue Template):Update issue templates for bug and featurefb15708c
feat(ui):Rename and Re-arrange the Tabs under Projects section98aa0859
feat(ProjectUI): Release Filter based on attachment availability29308987
feat(clearingreport): Feature to select template for Project Clearing reportfc024b45
feat(ReleaseUi): Add other / detected license in release04139347
feat(ui-rest): Provide option in attachment usage to include/exclude concluded licenses during LicenseInfo Generation1f995bfa
feat(rest): Filter for get project vulnerabilities endpoint1d771d30
feat(rest): Added endpoint to get changel og by document id68ce3cf8
feat(ui): Display Id in summary page of project, component and release5f2a4089
feat(http-support): add http support library for sw360502d9087
feat(sw360Docker): Single container Docker for SW360948924f0
client(test): add failsafe plugin
7091c4b6
fix(spdxtools):Use toArray(new Node[0]) for shorter code and better performance8b4ebc00
fix(version): Increase minor version to ensure proper version sequence31909cce
fix(pom): Fix indentation of profileeefcf17f
fix(excelexport): Projects with linked releases excel export error2ed2ad80
fix(LicenseInfo): Optimized loading of license info, source code download, Clearing report page034f291c
fix(mergeComponentRelease): Attachments not linked properly from source component/Releasec3830559
fix(spdx): import large spdx rdf filesb08d2f44
fix(datahandler): Modified ektorp queryView call to support CouchDB 3d9756e6a
fix(Rest): Create/Update Release with name same as component name
306c2080
chore(eclipse): Change Jenkinsfile to run release or commit count builds948c7bac
chore(eclipse): Build on eclipse ci for deployment of java artifactsba666266
refactor(client): missing license headers867372bd
refactor(http): Change http mockito to same versionba72cb7d
test(client): fix mockito dependencycfa8d512
refactor(pom): move version of purl to parent pom31a239eb
doc(client): add documentation of the sw360 data modelcd3ac486
doc(http-support): Add site to http support4670fffe
refactor(client): Remove all antenna mentionsb89e04ce
refactor(client): remove antenna http support and switch to sw360834c1c79
refactor(client): Refactor package name7a6f295c
refactor(client): Add dependencies to poms
We tagged this release, because there are persons testing the current master and not seeing the migration script on the database required. The migration on the database came in because of changes on the obligations. After the major work on the obligations data model in the previous release, more work on the UI made a migration script necessary (number 042
). Please note that per our versioning convention, the database migration script makes the tag 13.0
not 12.1
.
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN
variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in reverse order of commit appearance):
1246c023
feat(SplitComponent): Add tooltip for releases of component with SourceCodeDownloadUrl and BinaryDownloadUrl during split feature2eafe3d5
feat(rest): Accept 'downloadurl' in request body as 'sourceCodeDownloadurl' as an alternative to original value 'sourceCodeDownloadurl' for Create and update Release APIsccf05247
feat(ChangeLogs): Fixed issue related to null to empty string or collection conversion20be42db
fix(rest): Fixed update Project API issue - unexpected changes in some fields like moderators, contributors, etccf4bdcfa
feat(UtilityScript): Script for couchdb 2.x to update a field(String) in project document to a new valueea009aed
feat(Obligation): Add License Obligation from License Database based on licenses found in accepted attachments in Release and its LicenseInfo attachmentUsage in Projecta6cf31a3
feat(projectEdit): Project creators and moderators can edit few fields in a closed project2496f037
feat(ClearingReport): Added hyperlink to release document in project clearing report, Changed Font Style (Arial) and Font Size (9) for table contentbd07d53e
feat(CR-UI): Added Advaced filter for CR & fix # of components count
c18b42b9
fix(clearingreport): Error while downloading clearing report3ff60a09
fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet431e1673
fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report3ff60a09
fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet431e1673
fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report
71348b4f
chore(deps): Upgrade dependencies (LibreOffice et al)
This release something special because it brings a lot, really a lot of changes in the database model, more specifically it is a refactoring of the licenses and obligation objects. Following corrections:
- Risks are dropped and migrated to obligations
- Term "todo" is eliminated and we aim at consistently use "obligation"
Then there are two new dimensions of obligations, first obligation level
- Organisation obligations: obligations that apply for all projects of the sw360 instance.
- Project obligations: obligations that apply for a specific project, for example, obligations need to be applied to software which is delivered on a device without display.
- Component obligations: obligations that apply to a release to be more precise, for example IP issues coming when using a particular release.
- License obligations: obligations which come from using software under a license.
Second, the obligations have types:
- Permissions
- Restrictions
- Obligations (finally)
- Risks (for example patent litigation clauses)
- Exceptions (for example classpath exception with GPL)
So that involves a lot of changes to the data model, and resulting a lot of migrations. We apologize in advance for the 18 migrations scripts to execute. But it will be easier to have individual migration scripts for particular changes instead of having a large one. Please refer to scripts/migrations/README.md for further details. Please note that in general, all scripts have a DRYRUN
variable which is set to True
by default and needs to be set to False
to apply actually changes to the database.
Besides, this release has also some other changes, including:
- changing download URL into two attributes: binary download URL and source code download URL
- New REST Endpoint: Search!
- if you ant to write clients using REST: Pagination for some of the major listings!
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN
variable and the couchdb URL (if that is not on localhost or requires password or both).
The following github users have contributed to the source code since the last release (in order of appearance):
<[email protected]>
github dependabot ;-)
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
596ed7bb
feat(ProjectListUI): Added clearing state filter in Project List693dc596
feat(rest): New search resource endpoint and get releases for multiple projectsa2577cf0
feat(rest/ui): Project vulnerability enpoint update & added new projectrating in UIc1b1e33b
feat(ui-rest): Changes in Release information, change title "Download URL" to "Source Code Download URL", add new data filed "Binary Download URL", added new field in excel sheet99b3f816
feat(ProjectTodo): Remove ProjectTodo and UI changes for Obligation and ProjectTodo7b9b73a7
feat(projecttodo): Migration Scriptscb890218
feat(ProjectTodo): Renamed type to obligationType ,Changed required licenseIds to optional, Added optional ObligationLevel obligationLevel in ObligationStatusInfo04020bef
feat(CR-UI): Enhancement & Bug fixes1d6d2b32
feat(licensemodel): Drop Risk and Risk category and merge it with Obligation3ac3ba23
feat(ProjectObligation): Changes in Project Obligation Data Model, renamed linkedObligations to linkedObligationStatus in ProjectObligation struct, renamed struct ProjectObligation to struct ObligationListc009f2c8
feat(obligation): Rename product obligation to project obligationfcfec496
feat(LicenseDataModel): Merge LiceneObligation with Obligationc5e4e1e6
feat(ui): Allow access to merge/split of component and release based on user role configured in properties (6 weeks ago) [email protected]af625d7b
feat(ProjectUI): Added 2 new fields in Project Obligation5b837649
feat(Project-UI): Added new field in Advanced Search for Projetsff4a9af4
feat(LicenseInfoObligation): Rename Obligation in LicenseInfo.thrift to ObligationAtProject, added null check in change log for merge release6c13cc93
feat(ObligationDataModel): Changes in Obligation data model, Renamed struct Obligations to struct Obligation in License.thrift, Renamed existing obligationType to obligationLevel, Created new obligationType field which has Permission,Risk,Exception,Restriction as options, Fixed adding obligation in licenses tab067b731f
feat(rest): Adding pagination while listing projects and listing project releases
a2dd35de
fix(lucene): fix parameter allow leading wildcard to true9ac6e93e
fix(ModerationRequest): Fixed Moderation Request not opening when associated attachment deleted51ab6e0b
fix(ProjectListUI): Fixed sorting of project clearing state in Project List page0d525531
fix(Report): Fixed Clearing report to show project, component, organisation obligation92d00ab1
fix(Obligation): Expand/Collapse all columns including comment using single leftmost toggle button for a row, Remove truncate for Obligation Text, Added expand collapse column feature for comments5a1422e6
fix(obligations):cover null pointer case if file with obligations is missing51860a0f
fix(moderation): Project moderation fix2f9a6879
fix(UserSearch): Fixed search user functionality
d04911b8
chore(deps-dev): Bump junit in /backend/src/src-attachments4a3e8904
chore(deps-dev): Bump junit in /backend/src/src-licenseinfo4f3c3ea8
chore(deps): Bump junit from 4.12 to 4.13.1ca348628
typo(rest): fix patchComponent in releasecontroller is patchRelease
The changes for this release incorporate a larger jump from the previous release, because it changes the sw360 infrastructure to the following versions:
- From Couchdb 1.X to Couchdb 2.X and Couchdb Lucene 2.1
- From Java 8 to Java 11 - tested with the OpenJDK
- From Liferay Community Edition 7.2.1 to 7.3.3
- From thrift 0.11 to 0.13
Accordingly, also the vagrant project has changed: the current latest master of sw360/sw360vagrant builds with Java-11-based versions of sw360 (onwards from commit 0269392
at https://github.com/sw360/sw360vagrant).
Apart from the changes to the infrastructure, a number of nice new features are introduced, including:
- A Japanese language file for SW360
- Multiple values for external ids for the same keys
- A completely new health check service for better monitoring of an sw360 installation
- Improvements on project handling
For corrections and further changes on the infrastructure, please refer to the listed commits below.
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package.
The following users have contributed to the source code since the last release (in order of appearance):
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
And many thanks to all the other contributions in presentation, issues, discussions!
60f82182
feat(ProjectReleaseRelation): Added new Field comment, createdOn, createdBy in ProjectReleaseRelationc4342f38
feat(ui): Added link to project button from project detail view137b46a7
feat(language): add Japanese properties4d4184d3
feat(ProjectUI):Added Expand/Collapse All and Search in AttachmentUsageTable1b4f2362
feat(project-report): Layout and content update in project report1ee05b59
feat(ComponentUI): Added new filters in Advance search30ce4db1
feat(ExternalIds): Change file permission2442e1f2
feat(ExternalIds): Change file permission and fix typo of special character753d3889
feat(ExternalIds): Add comments to Component, Release and Project rest APIs0049dd3b
feat(ExternalIds): Add byExternalIds views migration scripts, and upgrade to new version 11.0.0-SNAPSHOTbb2f2950
feat(ExternalIds): 1. Handle EscapeXml for external id value, 2. Fix "Upon update of existing project or Component or Release without any change in External IDs"6ec67338
feat(REST): Whitelisting field in REST API response5ee02f75
feat(EditProjectUI): Release table in edit project page should be sorted and omit vendor namec0bf7132
feat(CRView): Clearing Request Comments enhancements
73894c08
fix(resource-server): Resolve logback conflict40f4a3aa
fix(ui): Prevent resubmission of form for Project, Component, Vendor, Moderation inorder to prevent loss of data.6b484677
fix(ui): Fixed download license disclosure error upon selection of corrupted attachmentb8446dc1
fix(license): Fixed the NullPointerException and addressed code duplicationa92d2677
fix(byExternalIdView): Fixed the byExternalIds view not working if the value is numberf62a685f
fix(Language_ja): change datatables.lang's URLd65be244
fix(ImportSPDXBOM): Set Default value[Default_Category] to categories field of Component if found null or emptyfda56f18
Fix: 'Download license archive' button in Admin>'import & Export' page is not working #90656eb7074
Fix: import spdx information #927 #915 and change quotes538b1aa7
fix(license): Fixed the license loading issue
c0685187
chore(script): Added support to uninstall the current thrift version14b1a4af
chore(deps): Bump jackson-databind in /backend/src/src-fossology4f7234cc
chore(java): Support for Liferay 7.3.3 GA4d4c6983c
chore(java): Fixed Deployment issues5d484ee1
chore(java): Updated Spring versiond247a0ff
chore(java): updating test deps for java 113a5958b6
chore(java): migrating to openjdk java version 11c5f82e0e
chore(logging): Added a library containing the log4j2 classesaa6d5ae0
chore(logging): Fixed test failures caused by NoClassDefFound errorsfe659050
chore(logging): Updated OSGi package imports68b91bcc
chore(logging): More tweaks of logging dependenciese4060da6
chore(logging): Switched logging configuration to log4j2 formatebc8f852
chore(logging): Upgraded from log4j 1 to log4j 27866a852
chore(logging): Removed unused dependency to logback465fc5fa
chore(couchdb): Support CouchDb Lucene 2.1.0 with CouchDb 2.1.2 and backward compatibilitybbabafd7
chore(Portlet): Rename Moderation portlet to Requestsf512b867
chore(changelog): fixing formattinga6d07505
chore(release): changing pom file for 10.0.0-SNAPSHOT
Again, another data model change, new major version. Please see the script 018_remove_unwanted_field_from_clearing_request.py
in the directory scripts/migrations
to change the data model accordingly. The script is necessary for existing clearing request records; not executing the script will lead to malfunction of the sw360 application.
The update improves also runtime stability, because the escaping when displaying quotes has been improved: previously, special characters such as quotes have compromised the rendering of the page. Now, the content is rendered in a correct way.
Further improvements include:
- The ability to split releases from a component and assign this release to another component. This is the opposite case of merging components. On one hand it can undo mistaken component merges. On the other hand, user input, creating a release at the wrong component, can be corrected now.
- a new REST endpoint to request all details from a larger list in one REST call.
- a new REST endpoint to delete attachments from the REST API
More features include the ability to search for IDs when linking releases to projects or enhancements to the clearing request structures.
ef6170e1
feat(attachments): Evaluate check status before deletion.ea6d31ad
feat(CRUI): Modifications in Clearing Request table in moderation tab.90dbdb52
feat(attachments): Updated REST documentation.220f991f
feat(attachments): ComponentController can now delete attachments.5f504aef
feat(attachments): ReleaseController now supports deleting attachments.2930cea5
feat(attachments): Added function to prepare deleting attachments.8adb9147
feat(attachments): Implemented ThriftAttachmentServiceProvider.daa3b3fb
feat(attachments): Introduced ThriftServiceProvider interface.5783cc3b
feat(rest): Whitelisting project 'state' and 'phaseOutSince' field.fc0c7e43
feat(ui/search): Search using rel. id and added link to the release in the search result.2ec0e6d9
feat(REST): Added new allDetails Parameter to List Projects and List Releases API to fetch records with all details.c0bf7132
feat(CRView): Clearing Request Comments enhancements.8528ecfe
feat(SplitComponentUI): Move Component data like releases and attachments from Source Component to Target Component.
9c01170b
fix(escapeXML): Added missing escapeXML, to prevent js script execution and rendering break due to single or double quotes, Added missing escapeXml to merge-split Component, merge releases, license details view, list-details-edit view of project, component and release.887533ba
fix(ProjectModeration): Fixed isWriteActionAllowedOnProject check for project update, Fixed incorrect value for Visibility in Edit Project view which has existing moderation request.
This release brings new features which also change the data model. Therefore, a major version step is justified. Major new features are:
- Support for custom field layout using the referring Liferay mechanism, fully transparent with the REST API using additional data fields
- Changelog for changed data for projects, components and releases
- Reordered sections in detail view
- A completely new view Clearing Status offering tree and list view
Besides bug fixes and features correct bugs so far. In order to fix a bug with the REST API, note that a migration script should be executed. It corrects a missing value for the status of the release which is also now automatically set when creating releases using the REST API (and not only in the Web user interface).
a2e65103
feat(PreferenceUI): Enabled Email notification for CR49311164
feat(ProjectUI): Custom Field for Additional data in Project1d3423cb
feat(ReadmeOss): Filter linked project from ReadmeOss based on selection03000401
feat(ProjectUI): Unified view of Linked Project and Releases, Clearing status, Linked Release Hierarchy. View includes tree view and list view89714248
feat: Support custom fields in additionalData group in Component and Release page04b57fd1
feat(ChangeLogs): Revision history of Document
fb09ccee
fix(MigrationScript): Update releases with empty clearingState to default value - NEW_CLEARING7bbd4235
fix(ClearingStatus): Tree View Release name getting truncated, Sort for Project mainline state and Clearing State in List View fixed , added search filter4c7b0e72
fix(ClearingStatusView): Fixed uneven button height, console error related to createVulnerabilityTable, takes lot of time to load Clearing status list view for large dataset.d1c3731f
fix(ChangelogBasicInfoUI): Applied generic style and reordered the metadatas for Basic Info.78bff1ba
fix(UI): Clearing Request and Obligations fixes79f5c9d4
fix(mergeComponent): Prevent multiple releases with same name and version for a component, which may occur during merge componenta4b44107
fix: Resolve conflictcd4cba10
fix(Changelog): Fixed missing fields like componentType in Changelog history3ee65c9b
fix(REST): Added default value(NEW_CLEARING) for Clearing status while create and update Release67875856
fix(spreadsheet-export): Project spreadsheet export returns blank spreadsheetb91b9e2d
fix(ui): Release overview from component detailscd29922a
fix(UI): Clearing Request bug fix and improvements
79850290
chore(deps): Bump spring-security-core in /frontend/sw360-portlete1aabab1
chore(deps-dev): Bump dom4j in /backend/src/src-licenseinfo
Although there are only few commits listed below for this release, the change from 8.1 to 8.2 is huge: sw360 supports now an UI which can be extended with different languages.
With the initial pull request, the English and Vietnamese languages is supported. More languages can be supported. For this, a translation file must be added. Please see README_LANG.md
in the root level of the project directory for more details.
Many thanks to the colleagues at Toshiba for providing this big feature to the community.
8bd91be
feat: SW360 support multi-language update after review994ad5c
feat: SW360 support multi-language
ae45236
fix(mergeUI): Provided fix for error message on merge component, release, vendor.
A version upgrade is justified, because of a number of new features have been integrated: FOSSology scans can be now triggered over the SW360 REST API. By this feature, an upload, for example from sw360antenna, could also trigger the FOSSology scan right away. It requires FOSSology being integrated with sw360.
Another new endpoint is the query for SHA1 values of a file to check if that attachment is actually already found at some release. With this endpoint, one would not need to search for release names and version before making a new entry, but just search for the source code attachment using its SHA1 value to check if an upload has been performed already.
A third new feature is the ability to agree on a clearing job for the software components of a project or product. A project owner can now send to a clearing expert a request to perform the clearing of software components right from SW360.
bb9f2ba
feat(REST): Trigger FOSSology process and check status99e23dc
feat(ObligationUI): Added new status fields for Obligationd025c4a
feat(rest): Attachement sha1 improvement9a53e7b
feat(ProjectUI): Project Clearing Report
7bd1fd5
fix(UI/REST): Remove Trailing and leading whitespace for all fields in component, release and projecta2a4b16
fix(components): components listing limited to 200 entries both in UI and excel spreadseet0de1db1
fix(vulerability): vulnerability view breaks at backslash in description83e6f28
fix(REST): Updated upload attachment documentation
1fc2e0b
Add pull request tempalte and .github folder (11 days ago) [email protected]
There is some small but very substantial bug in 8.0.0, which prevents the user from creating records in special conditions. Therefore, version 8.0.0 is deprecated and replaced by version 8.0.1.
c20fa46
fix(component/release): Add component and release error in UI
It is not really that we like to ignore minor releases, but release 8 is coming because:
- changes in the DB for external id handling, pls see migration script:
scripts/migrations/016_update_byExternalIds_component_view.py
- changes in the Thrift API, allowing for SPDX BOM import pls see:
libraries/lib-datahandler/src/main/thrift/projects.thrift
And as a larger, very important feature, there is the SPDX BOM import there in a first version, adding two modes:
- Import a project with linked releases from a SPDX BOM file
- Import a list of components and releases from a SPDX BOM file
Moreover a very important feature or fix has been provided for ensuring that malformed REST requests do not lead to failure in the application. Previously, providing wrong typed references (for example: linking releases to a project) was accepted by the application and can lead to malfunction then. The following list lists the detailed changes since 7.0.1:
712ba79
feat(rest): validate the linked document ids in the payload before updating it in the DBf90fcc4
feat(bomImport): implement SPDX BOM import for projects and releases24999ce
feat(AddProjectReleaseRelation): add a project release relation for source code snippets48de678
feat(REST): Patch Releases to Project
d34d454
fix(ReleaseUI): fixed reload report in FOSSology Process336534a
fix(REST): fixed search component by external idbc28c54
fix(EditReleaseUI): Fixed missing functionality of button to delete release to release relatione437a5b
fix(spreadsheet-export): fixed the secuence of values based on headers4c0d5c9
fix(thrift): add should return ID on duplicate1d65e70
fix(html): fix minor bugs and stylingb7a83d6
fix(ui): saving attachment usage issue for source code bundle and others
After tagging 7.0.0, we found two bugs to be corrected to provide a sound SW360. Therefore, here a new tagged version of sw360. Everyone should use 7.0.1-M1 instead of 7.0.0.
Adding rolling version since last tag will prepare automated tagging with incrementing patch level, retaining manual tagging for major and minor version only.
0dcd109
fix(ProjectUI: fixed blank / non-responsive screen on projectda677b5
fix(ui): fix issue #762
a37e24d
chore(readme): adding some more badgesf1a7c63
feat(chore): adding rolling versions based on commit count
The main reason for release version 7 is to have the license upgrade from EPL-1.0 to EPL-2.0. All contributing parties have submitted their consent by e-mail and on most cases also approved the referring pull request (eclipse-sw360#756).
Another change which justifies a major version jump is the required view update in the couchdb. Please see https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md for more information when migrating from an older version. The view update allows users to configure the My Projects
portlet.
9b92795
feat(docs): relicensing from EPL-1.0 to EPL-2.066a4126
feat(Component/ReleaseUI): Added button to remove selected vendor for component and release860aa3e
feat(ProjectMigration): script to migrate a project field to new valuebd99641
feat(REST): Add parameter to GET release by name322c45d
feat(WelcomePageUI): display configurable content for guidelines on welcome pageabac231
feat(fossology-pull-report): Added the button to pull the already generated report from fossology062c899
feat(HomePageUI): Listing of MyProjects is made configurable9849cb0
feat(licenseinfo): Added filter to exclude releases based on selected relationship
2a52475
fix(ProjectUI): Show proper error msg ,when loading of project fails due to access or dependency not found752bd78
fix(ProjectUI): fixed 'Project is temporarily unavailable' issue due to obligation featureb32afd5
fix(ReleaseUI/REST): prevent cyclic link in release0d2647d
fix(licenseinfo): White page while downloading license disclosure
d22aaaf
test: add script to start temporary couchdb with dockerdf54014
chore(cleanup): drop unused and outdated code related to the codescoop integration
This release covers as the biggest change the new integration with the FOSSology REST API. It replaces the previous integration using an ssh login. It requires a migration of the couchdb database. More information about the scripts can be found in scripts/migrations/README.md
.
Apart from changing the integration with FOSSology from ssh to the REST API, the entire data structure has been changed to be tool agnostic: A data structure for external tool requests replaces the info for the FOSSology upload. In future, albeit not supported today by the UI, also other tools could be integrated using the same data structure.
Warning Although the was much care for migrating existing data. It may happen with old datasets where source code attachments have been transferred to FOSSology using the ssh integration, the migration fails. For those datasets, the data must be changed manually. For example, just remove the status values.
Warning Migrations run per default in dry run mode, meaning that no changes are written to the database. After you have reviewed the changes (and checked that the scripts runs), you must change the DRY_RUN
variable accordingly to False
.
Two notable more features are provided by this release:
- Management for project obligations
- Merging release and vendor records added
653a7e3
feat(ProjectUI): added project obligation logic on change of accepted license file648755a
feat(REST): Added parameter to GET project by Group and Tag8eae7d3
feat(rest): get attachmentUsages for a projectb8549de
feat(REST): linked release hierarchy is included in the response1bc03f9
feat(Project-UI) License Obligation tracker at Project Level1f506f2
feat(Rest): New end points for project/component/release usage summary176557a
feat(moderation): Moderation requests to all clearing admin irrespective of their group82977a0
feature(merge): add wizard for merging vendorse476f39
feat(rest): Added support to add role category fields while creating project86afeef
feat(Projects): enabled Project/Release mainline state change only for clearing admins578f53c
feat(fossology-rest): replaced ssh communication to fossology with RESTd19f658
feat(external-tool-request): added general datastructure for external tool requests71535e6
feat(Authorization): Added support to read keystore from central configuration43bd667
feature(release): add release merge wizard
ca88b44
fix(ProjectUI): Added options to generate ReadmeOSS for main project only or main project with subprojects.51bc423
fix(rest): Error getting component/project with unknown creator7814e7e
fix(ProjectUI): Obligation view for changes in linked release attachment255f54e
fix(ui): Added missing tooltip00c3110
fix(businessrules): NPE in clearingStateSummaryComputer6bb0cc2
fix(project): Keep release mainline state as it is while cloning project7b488d5
fix(projectUI): NPE in SW360Utils.getApprovedClxAttachmentForRelease7181861
fix(LicenseInfo): NPE in ProjectPortlet.prepareLicenseInfo and downloadLicenseInfo7df48da
fix(rest): License information generation based on attachment usages from rest.466185e
fix(project): prevent cyclic link in linked projectsdcc4192
fix(projectUI): NPE in ProjectDatabaseHandler.setReleaseRelations6f02ae7
fix(component): incorrect release edit link in component edit page20211c9
fix(component): component merge not workinge1921d7
Fix(Project UI): Removed 'Unknown' from Project Clearing Team dropdown16c3452
fix(REST): added support for createdComment field for uploadAttachements2e0d776
fix(Project/Admin): Set to default text feature is not working correctly for Obligationaa71a06
fix(Componnet): ComponentType field should be mandatoryc7a0737
fix(links): Fixed the incorrect links
This release contains a number of corrections after the Liferay Portal 7.2 CE GA1 based release has been rolled out. Therefore it contains mostly corrections for the UI. In addition to these, also the REST API endpoints were further improved. The report generation has been improved: Now, external Ids can be added to the generated documents.
Because it contains many corrections, every 5.0.0-M1 installation should be updated to this release.
c86c97b
feat(License Disclosure): Change order of listed items in disclosure documents82a45cf
feat(license-disclosure): External Ids incorporated in the license disclosure5b554ae
feature(table-filter): add filter box, fix print
9b02a75
fix(components): Recompute aggrated fields on save17d90ee
fix(DownloadLicenseInfo): Corrected license selection based on attachment selection on attachmentusaged6d8540
fix(EditRelease UI): Removed duplicate field 'Licenses' from edit releaseb9be0e4
fix(licenseDisclosure): Added acknowledgements in TEXT and Docx format of License Disclosureb123c48
fix(LicenseDisclosureDocument): Ordering and formating license disclosure document.97008f3
fix(merge): allow merging of complex fields, style improvementscd4c788
fix(merge): fix update conflict on component mergec6b3838
fix(merge): Some fields were not merged1e6f424
fix(Release-UI): Vertical scrollbar for link release to project popup20fb3d2
fix(ui): Added missing search boxdcd681b
fix(vendor): fix view name used when editing vendorsabc6404
fix(vulnerability): Vulnerability tab loading issuedc0b9d6
fix(fossology): fossology and fossolgy4fe4d4f
fix(Rest-API): Corrected 'createdBy' field value for Project and Componenteb15c85
fix(Rest-API): Small fix around ProjectClearingState during create and update projectfae1c99
fix(Rest-Component): Corrected all components by type rest end pointf7d204e
fix(REST: Project) : Fixed error response for create project from resta2750bf
fix(rest): Fixed get component API having default vendor id as empty
d9ff676
chore(pom): change snapshot version from 6.0.0-SNAPSHOT to 5.1.0-SNAPSHOTe59f8b3
chores(config): Fix friendly URL for license page81600f4
chores(merge): Retain owner as moderatora80b82c
chores(pom): Update to next development version
This release is the first release using the Liferay Portal 7.2 CE GA1 release. The codebase of the portal project has been updated from the previously used Liferay 6.2 version. As this represents a huge change also to related areas (pom files, etc.), the sw360 5.0.0 is bascially a sw360 4.0.1 with the newer Liferay. The following commits have been applied:
35165e6
feat(auth): script to add the unsafe default client directly to DB4fd501c
feat(thrift): add timeout for thrift client
3c4d3ed
chores(all): Upgrade to Liferay 7.2 (Part I)6657e79
chores(configuration): Update Liferay configuration7fbd42e
chores(all): Upgrade to Liferay 7.2 (Part II)52592bf
chores(build): add build plugin7d9e30e
chores(deploy): add new deploy profile1d5bff2
chores(liferay): Feedback from Liferay 7 review36ae2c1
chores(build): Fix deploy profile918d054
chores(configuration): allow external files- `` chores(changelog): initial commit
deb868c
fix(tests): Use configured couch db urlda1f0b8
fix(search): make search logic consistent1d830ee
fix(project): fix compare if no version is set0c2a341
fix(Components): Fix naming component error (name's component contain...c7f03c8
fix(rest): fix broken logic in updateProjectbe90070
fix(rest): auth server is broken due to LifeRay api change
This release fixes a small issue at the project creation. It was added to have a good working sw360 4 release.
c7f03c8
fix(rest): fix broken logic in updateProject
Proudly announcing a new milestone release for SW360. We have many additions since the last release 3.3.0 in November 2018. The main reason why it turned into the 4.0.0, a major version change, was the change on the database model. According to our versioning guidelines, we have major release jumps when the DB changes. Please see below for details about how to deal with the change.
The release has the following new features:
- A first release of the project / product approval report, listing and maintaining obligations resulting from OSS use.
- Support for integration for single-sign-on and identity management server keycloak
- A lot of enhancements (new endpoints) to the REST API
- More management for using attachments (license information, source code)
- Starting to parse and show SPDX information in the Web UI
- Integration of Codescoop`s OSS library OSMAN.
There are many different contributors which lead to new releases a release, for example doing presentations and promoting sw360. If you count the committers who have commited since 3.3.0-M1 and this release, the credits for code go to the following persons:
akapti
alexbrdn
aratib
blaumeiser-at-bosch
bs-jokri
bs-matil
dreh23
greimela-si
hemarkus
henrik
imaykay
kallesoranko
lepokle
maierthomas
maxhbr
mcjaeger
nutanv1contr
smrutis1
sweetca
Larger areas of improvements include the work on the REST API (see individual changes below) and on the reporting for projects, which includes now a project clearing report.
4b12200
feat(attachment-usage): Restrict users to change the attachment usage without any WRITE access68f28f7
feat(attachment-usages): Take over the attachment usages from the original project, while cloning one.29ba68d
feat(client-management): added support to dynamically manage oauth clients4722f04
feat(codescoop): osman integration923d236
feat(default vendor): added possibility to save a default vendor for componentse21d358
feat(duplicates): added support to prevent duplicate projects/components/releasesca45db7
feat(homepage): show accepted releases in MyProjects portlet093bc8a
feat(licenseinfo): Add version string to file namefe58767
feat(licenseinfo): Use property for controlling license info generation111e99d
feat(licenseInfoMigration): added manual migration script for license infos28d252e
feat(licenses): add support for project-only obligationsed7e9f9
feat(project): Reporting Improvements4f2166a
feat(project): Reporting Improvements33397be
feat(Projects): Added new field "domain" to project summary65fa6d5
feat(Projects): displayuploadedBy
&Relation
in Attachment Usages1944686
feat(releaselink): add release to project from release view477019b
feat(report): add common rules tableb46cb4d
feat(report): add common rules table67975c2
feat(report): fill development detail and additional requirements table2acd46d
feat(REST-Doc): Updated the REST API Documentation2cdaa1c
feat(Rest-Project) : Added possibility to update project from rest endpoint.2faffb9
feat(rest): add keycloak support for sw360 rest api834e676
feat(rest): Added CORS module to fix CORS problems with JS clientsa666bc3
feat(rest): Added CORS module: fixes after reviewd9f6164
feat(rest): Added missing fields to REST API json5438233
feat(rest): Allow to search only by externalId-Key (without specific value)b35b265
feat(rest): make screenName auth case insensitivee270a28
feat(rest): REST Authentification with ScreenName390fb16
feat(rest): Search by externalIds endpoints for releases and components381469f
feat(rest): Updated response for GET requests on resource lists if there are no resources available6821256
feat(rest): Whitelist fields in REST API response2c68620
feat(rest): Whitelisting Fields in the REST API Responseeb0c44d
feat(search-dialog): improved multi item search dialog1dc69ad
feat(spdx-import): added functionality to view and use spdx information2b788b7
feat(spreadsheet): Added component categories field on spreadsheet export of Project with linked releases45ba41e
feat(sso-oauth): added possibility to get oauth access tokens when pre authenticated94971ec
feat(subproject licenses): added possibility to take over license selection from subproject8ca3200
feat(tabview): added better navigation support for tabview3bb68c9
feat(thrift): add http proxy for thrift clients26401da
feat(thrift): add newadditionalData
Field for generic data storageee7b374
feat(todoMigration): migration script for todosa903ba4
feat(UI-attachment): Create attachment bundle zip container, even for only one attachment9a59372
feat(UI-Project): Jump to edit release from ProjectDetails19bd0fa
feat(UI:PageTitle): Show selected Project/Component Name in Browser Tab2f7474f
feat(ui): Send to fossology error message.
ba57b76
fix: Security changes in source codeaa9ccf3
fix(attachment): Multiple attachment upload stall issue94fedc4
fix(Attachments-UI):Restrict user from adding attachements with same file name31deb6f
fix(chores): updated documentation including licenses file862915f
fix(component edit): fixed an issue where external id and attachment changes were not savedd10022c
fix(cve-search): disable tests by assume statement and refactor8908b66
fix(license-import): add missing dependency0cf598a
fix(license-todo): Adding TODOs to License8fee825
fix(licenseinfo): Exclude old commons-lang3 dependencies8ac21e0
fix(licenseinfo): NPE at Generate License Reportbe69470
fix(Project UI): Fixed "Set To Default Text" feature for project license info header144a8ac
fix(Project): Only users with Admin access should be allowed to edit a closed projectbe38717
fix(ReleaseLink): Remove self link from LinkedReleases hierarchy8015cc8
fix(report): adding coverage if content exceeds the max number of characters in cell2fc4bd3
fix(report): corrections to report0525fde
fix(report): fix indentation and message textfb70f43
fix(report): Fix merge error, fix rest payloadc8d15ac
fix(REST API): Attachmentupload endpoint documentationb3615b3
fix(rest): do not answer with 404 if resource list is empty12931ff
fix(rest): Download licenseinfo file error026cb34
fix(rest): Hiding unwanted fields in project listing response in REST4a1f90c
fix(scripts): add missing dependency to scripts/install-thrift.sh06d113d
fix(sso-oauth): feedback from review00368cf
fix(treetables): fix inconsistent indentation in treetables8ddce65
fix(UI-Release): UI error on duplicate release creation7db8c86
fix(ui): After removing a task from Home page, the task is back in the list when navigating back01453cb
fix(ui): datepicker date and year selection is made available8cad8ea
fix(UI): Deleting submitted task under My Task Submission section.4f07ca5
fix(ui): Fix infinity loop by expanding empty projects in AttachmentUsagec07932b
fix(user export): fix Nullpointer Exception on user export166b03d
fix(user): migrate completly from getOpenId -> getScreenname20ea660
fix(users): write screenname into externalID field6acf644
fix(vendors): Remove vendorId and vendor of release in case of deletion6453b69
fix(vul-scheduler): fixed an issue where vulnerabilities were stored in the wrong dbc94e999
fix(wsimport): remove projects from components that are createdc54ef0e
fix(wsimport): small fixes and some refactoring for wsimporte3c47ba
fix(wsimport):download url for releases3cca3b8
fix(documentation): Fixed link to issue tracker in eclipse org71c6f6f
fix(rest): Fix self link for user resourcec2b5f90
fix(licenses): added log message and handle GPL-2.0+ case when converting licensesbbf55aa
fix(wsimport): removed unnecessary check
The most important part on the infrastructure part is the change of the thrift compile to version 0.11.0. This has an impact to all, because an update of the installed thrift compiler is required from the previous version for all machines where the sw360 projects needs to build. Note that also the ektrop lib has been updated as well as the webjars which include the Java script components for the Web UI.
7128acd
chore(common): Mail service sends notifications asynchronousbdd45d2
chore(rm): Change Thrift Version in Readmec4228b0
chore(thrift): update thrift version to 0.11.07089e19
chore(thrift): use install/fast make target5ba0ebf
chore(ui): Auto resize textarea in project view and edit mode517faaa
chore(ui): Display banner warning for IE0864e14
chore(ui): Improve lucene search logic for project versionf51c4af
chore(ui): Some fixes for UI regarding search and filtersabf5be7
chore(vulnerabilities): Linked releases can be empty or null (rest create project)b6da7ca
chores(developer): remove developer tag in pom.xmld4d522d
chores(quick-deploy): add quick deploy for portlet165f9ca
chore(REST): add documentation for Licenses in Releases53ae7b0
refactor(db-bridge): updated ektorp library version to current 1.5.00632505
refactor(velocity): update to new version6e8c349
refactor(webjars): update versions of webjars
Because of changes in the couchdb schema you likely need to run a migration script. Please find more information here: sw360/scripts/migrations/
, in summary, you will need to update in the database:
- Changes to the way how the selected licenses and resulting attachment usage information is stored leads to the need to execute
011_migrate_attachment_usages_license_info.py
. - An identified for a todo was not used, but it was changed to title, so execute
012_migrate_todoid_to_title.py
.
48741ac
feat(rest): Token Generate with API Keys implementation (9 days ago)a20a225
feat(licenseImport): fix and improve26e4c55
feat(rest): Add externalId endpoint (projects) to REST API20e4472
feat(projects): add a flag to enable/disable displaying project's vulnerabilities0a3a636
feat(wsimport): Whitesource import service1386a75
feat(rest): Specify properties dynamically in GET /releases7918a40
feat(rest) Added route DELETE /releases/{ID},{ID2} to delete releases8d36000
feat(rest): Update REST Attachment endpoints and documentationc55c5f7
feat(rest) Paging/Sorting for GET /components, response contains pagination...dd7025a
feat(attachments): enable viewing/editing of attachment usages...dc1be63
feat(rest) Route PATCH /release/{id} added to update an existing releaseed79f9a
feature: codescoop integration590841b
feat(rest) Batch-Deletion for components5933bb7
feat(rest) Route PATCH /component/{id} added to update an existing componentcc5a5a1
feat(search): Improve lucene search logic and handling of resultsf9f6604
feat(licenses): allow to create unchecked licenses897acbf
feat(rest) Specify required fields for components in GET /components0ed834a
feat(rest): Read client id and client secret from configuration file7fa5164
feat(ui): Add preferred external id keys for projects, components and releases0eb74f9
feat(ui): Pagination of entries in project and component view5581b19
feat(release): Add project mainline state to export spreadsheet (clearing status)
5ddf781
fix(license): fix problem in editing licenses06ea9d0
fix(rest): GET /components response will contain all components...942f263
fix(projects): prevent duplicate attachment usages from crashing project display0f936d7
fix(wsimport): add lar filef145f0b
fix(rest): Correct REST embedded User to prevent error messagesc2c0afe
fix(rest): Show attachments as embedded resource list187756b
fix(projects): fix assertion exception when requesting attachment uses with empty...ffd6884
fix(licenseInfo): remove the unnecessary license text input field from license info...90791fc
fix(rest): Trying to sort components by an unsupported property causes NPE74c6512
fix(projects): Enable phrase search for group and tag in projectsa4a4244
fix(components): Remove updateOnlyRequested condition47045ad
fix(component): No update for all component properties if they are not in requestd7c6fec
fix(licenseinfo): Update merge handling for licenseInfo objects02d1289
fix(search): impose the defined search limit on all searches by defaultf844a42
fix(attachments): Set content encoding to identity only for gzip files4b7a2f3
fix(attachments): Set content encoding to identity in case of gzip filesc19298b
fix(licenses): Validate obligation list in LicenseDatabaseHandler7e75dfb
fix(moderation): Add external id map to moderation request4f7b441
fix(releases): Show release summary if the search text is emptyf28df1b
fix(search): Remove special characters in lucene search48ad171
fix(datahandler): Handle duplicate names in source code bundle generation...a149ff9
fix(user): Change user id field to optional1b7aa8a
fix(ui): Fix table styling for components and projects54e5286
fix(users): handle external change of user email address by storing...4bfaea3
fix(home): Truncate long document names in homepage datatablesb70bc7f
fix(test): replace "BLACK_HOLE_ADDRESS" with real onee693af5
fix(test): add IOException to the expected ones in BlackHole testa1f8433
fix(attachments): Allows to set attachments for source bundle generation
7d41a20
chore(vulnerabilities): Improve handling of null values in lastUpdated553979
chore(licenseinfo): Add separate DOCX template for reports56834d7
chore(rest): Change docs reference in HAL Browser7ffab39
chore: move attachments db classes to commonc638bb8
chore(rakefile): drop Rakefile, since it is unused and partially does no longer work3da002e
chore(moderation): Adjust footer length with datatable width (columns)ba44539
chore(projects): Remove default value for clearingTeam in projectse480824
chore(datahandler): Fix typo Repostitory to Repositorybc4128a
chore(components): Autoset ECC options should check if component is OSS59cf17a
chore(projects): Change the file name of export spreadsheet756d7b9
chore(rest): Add delivery start date to REST API guide37b61cd
chore(docs): removing orphan architecture document to wikiae16c73
chore(config): Restore sw360.properties configuration file1c156ce
chore(travis): Add travis configuration file to project848c233
chore(config): Change sw360portal specific links because of new repository69a4fd7
chore(git): restore .gitignore that's gone missing during move to eclipse repository
This program and the accompanying materials are made available under the terms of the Eclipse Public License 2.0 which is available at https://www.eclipse.org/legal/epl-2.0/
SPDX-License-Identifier: EPL-2.0