Resolved Issues
The following issues are resolved in this release.
|
Issue |
Resolution Notes |
|
SCA-27385 |
Previously, component lookup and searches on SQL Server were slower compared to those on MySQL. The lookup and search features have now been optimized for enhanced performance on SQL Server. |
|
SCA-32546 |
Marking codebase files as reviewed/not reviewed in batch or in rapid succession no longer causes the UI to hang. |
|
SCA-41937 |
Previously, when users attempted to scan certain projects using the Jenkins scan-agent plugin, Jenkins integration failed when they clicked Build Now. The issue was occurring because the project being scanned was based on Java 11; and the Jenkins plugin provided support for Java 8 only. The plugin has now extended its Java support to include Java 11. See Jenkins and Generic Plugin Support for Java 11. |
|
SCA-42222 |
Custom filters created in the Advanced File Search feature for codebase files were not being saved properly for subsequent searches. This issue has been resolved so that custom filters persist as they were defined. |
|
SCA-42588 |
Previously, during those scans enabled for transitive-dependency reporting, direct dependencies that had no version in pom files were not reported. Such dependencies are now being reported. |
|
SCA-42874 |
Previously, LDAP and ALM synchronizations and Electronic Updates were grouped as tasks in such away that, when a user changed the frequency of one these tasks, the change would wipe out the schedule for the other two tasks. Hence, the other tasks would not run. This scheduling design has been revised so that changes to the frequency of one task no longer impacts the schedule defined for the other tasks. Each of the tasks runs at the frequency at which they are set. |
|
SCA-43519 |
Previously, if the SPDX identifier did not exist for a license in the Code Insight database, the spdxIdentifier field in the response showed the short name or full name of the license. In this release, if the SPDX identifier is not available in the database, spdxIdentifier now properly shows “N/A” in response. This fix is also discussed in Updates to Existing APIs. |
|
SCA-43687 |
Even though inventory existed, no inventory was being reported when users scanned their Packagist repository using composer.json. This issue has been resolved. |
|
SCA-43790 |
Previously, when a user initiated a project deletion and then logged out of Code Insight (or the Code Insight session timed out), the deletion would not complete. Additionally, no error for was shown in the UI or the logs. Project deletions are now scheduled in the Code Insight Jobs Queue and run in the background. If the user logs out of Code Insight or the session times out, the project deletion still runs as scheduled. See Project Deletions Now Queued and Run in Background. |
|
SCA-44029 |
The issue with scans failing with “EncryptionOperationNotPossibleException” has been resolved. |
|
SCA-44030 |
This release shows an overall significant improvement in scan times for Docker images (compared to the scan times in the 2022 R4 release). |
|
SCA-44157 |
Previously the Get Inventory Summary of the project REST API was not always retrieving the URL for the component forge even though the URL was displayed in the UI. The API now uses the same internal database-search process that the UI uses to located the URL. If the URL is still not located during this process, the URL value is listed as N/A in the API response and similarly in the UI. |
|
SCA-44189 |
Deadlocks among projects were occurring during parallel project deletions. Project deletions are now scheduled in the Code Insight Jobs Queue and run in the background, helping to avoid these deadlocks. See Project Deletions Now Queued and Run in Background. |
|
SCA-44245 |
An invalid project status error that was listed in core.log prior to a Project Copy is no longer being listed in the log. |
|
SCA-44274 |
Previously, if you right-clicked a file in the Codebase Files or File Search Results pane to mark it a reviewed or not reviewed (or to add it to inventory with Mark files as reviewed selected) and information for that file was still loading in the UI, the UI could hang. This issue has been resolved so that both the file information is loaded and the file is marked as reviewed or not reviewed as indicated. |
|
SCA-44290 |
Components recently added to the Code Insight data library are now showing their correct URL in scan results. |
|
SCA-44383 |
Previously, when you attempted to add a large number files to an inventory item (for example, by selecting a folder with all its subfolders) and selected Mark files as reviewed as part of the add process, the UI could hang. This issue has been resolved. Note:This issue applied to only those Code Insight systems that used SQL Server. |
|
SCA-44398 |
Code Insight previously ignored copyrights if they used certain formats. Copyrights using these formats are now being detected as valid copyrights. |
|
SCA-44372 |
Previously, the correct license for certain components was not being detected. The Code Insight data library has been updated to resolve this issue. |
|
SCA-44421 |
Scans were erroneously giving an “unpublished” status to certain inventory items. Scans now properly assign the “published” status to these items. |
|
SCA-44910 |
To avoid a deadlock on a project, measures are now in place to prevent a scan and a report to run in parallel on the same project. See Report Generation Not Allowed During a Scan on Same Project (and Vice Versa). |
|
SCA-45214 |
Previously, the security vulnerability CVE-2020-10683 was missed for the dom4j 1.6.1 component. The vulnerability is now reported. |
|
SCA-45935 |
Previously, Mozilla Public License 1.1 was not being detected for the html-parser.js file. Scan are now detecting this license. |
|
SCA-45980 |
Commercial licenses are now assigned an appropriate priority. If no license priority exists in the database, the default is P2. Previously, no priority was assigned to commercial licenses. |