DependencyTrack
Upgrade to 4.13.0 fails - ERROR: duplicate key value violates unique constraint "CONFIGPROPERTY_U1"
Current Behavior
I run Dependency Track via AWS ECS Fargate containers.
I just tried to upgrade as I normally do but the API container is failing to start. It seems to be an issue with database upgrades between the versions.
2025-04-08 05:41:15,678 INFO [EmbeddedJettyServer] alpine-executable-war v3.2.0 (e93877d0-df20-4fb1-94d1-18aaaff5eb24) built on: 2025-04-02T10:25:57Z
--
2025-04-08 05:41:17,561 INFO [Config] --------------------------------------------------------------------------------
2025-04-08 05:41:17,563 INFO [Config] OS Name: Linux
2025-04-08 05:41:17,563 INFO [Config] OS Version: 5.10.234-225.910.amzn2.x86_64
2025-04-08 05:41:17,564 INFO [Config] OS Arch: amd64
2025-04-08 05:41:17,564 INFO [Config] CPU Cores: 2
2025-04-08 05:41:17,570 INFO [Config] Max Memory: 4.0 GB (4,294,967,296.0 bytes)
2025-04-08 05:41:17,570 INFO [Config] Java Vendor: Eclipse Adoptium
2025-04-08 05:41:17,572 INFO [Config] Java Version: 21.0.6+7-LTS
2025-04-08 05:41:17,572 INFO [Config] Java Home: /opt/java/openjdk
2025-04-08 05:41:17,572 INFO [Config] Java Temp: /tmp
2025-04-08 05:41:17,573 INFO [Config] User: dtrack
2025-04-08 05:41:17,573 INFO [Config] User Home: /data/
2025-04-08 05:41:17,573 INFO [Config] --------------------------------------------------------------------------------
2025-04-08 05:41:17,574 INFO [Config] Initializing Configuration
2025-04-08 05:41:17,575 INFO [Config] System property alpine.application.properties not specified
2025-04-08 05:41:17,576 INFO [Config] Loading application.properties from classpath
2025-04-08 05:41:17,588 INFO [Config] --------------------------------------------------------------------------------
2025-04-08 05:41:17,589 INFO [Config] Application: Dependency-Track
2025-04-08 05:41:17,589 INFO [Config] Version: 4.13.0
2025-04-08 05:41:17,590 INFO [Config] Built-on: 2025-04-07T09:33:33Z
2025-04-08 05:41:17,590 INFO [Config] --------------------------------------------------------------------------------
2025-04-08 05:41:17,590 INFO [Config] Framework: Alpine
2025-04-08 05:41:17,591 INFO [Config] Version : 3.2.0
2025-04-08 05:41:17,591 INFO [Config] Built-on: 2025-04-02T10:25:57Z
2025-04-08 05:41:17,591 INFO [Config] --------------------------------------------------------------------------------
2025-04-08 05:41:17,712 INFO [RequirementsVerifier] Initializing requirements verifier
2025-04-08 05:41:17,713 INFO [UpgradeInitializer] Initializing upgrade framework
2025-04-08 05:41:18,461 INFO [UpgradeInitializer] Executing pre-upgrade hook: org.dependencytrack.upgrade.v4130.v4130PreUpgradeHook
2025-04-08 05:41:18,465 INFO [v4130PreUpgradeHook] Database is not MSSQL; Nothing to do
2025-04-08 05:41:26,870 INFO [UpgradeExecutor] Upgrade class org.dependencytrack.upgrade.v4120.v4120Updater about to run.
2025-04-08 05:41:26,871 INFO [v4120Updater] Removing ConfigProperty experimental:bom.processing.task.v2.enabled
2025-04-08 05:41:26,884 INFO [v4120Updater] Migrating ConfigProperty artifact:bom.validation.enabled to artifact:bom.validation.mode
2025-04-08 05:41:26,896 ERROR [UpgradeExecutor] Error in executing upgrade class: org.dependencytrack.upgrade.v4120.v4120Updater
org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "CONFIGPROPERTY_U1"
Detail: Key ("GROUPNAME", "PROPERTYNAME")=(artifact, bom.validation.mode) already exists.
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2733)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2420)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:372)
at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:517)
at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:434)
at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:155)
at org.datanucleus.store.rdbms.datasource.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136)
at org.datanucleus.store.rdbms.datasource.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136)
at org.dependencytrack.upgrade.v4120.v4120Updater.migrateBomValidationConfigProperty(v4120Updater.java:124)
at org.dependencytrack.upgrade.v4120.v4120Updater.executeUpgrade(v4120Updater.java:48)
at alpine.server.upgrade.UpgradeExecutor.executeUpgrades(UpgradeExecutor.java:88)
at org.dependencytrack.upgrade.UpgradeInitializer.contextInitialized(UpgradeInitializer.java:99)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1589)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:500)
at org.eclipse.jetty.ee10.servlet.ServletHandler.initialize(ServletHandler.java:675)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1323)
at org.eclipse.jetty.ee10.webapp.WebAppContext.startWebapp(WebAppContext.java:1350)
at org.eclipse.jetty.ee10.webapp.WebAppContext.startContext(WebAppContext.java:1308)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.lambda$doStart$0(ServletContextHandler.java:1049)
at org.eclipse.jetty.server.handler.ContextHandler$ScopedContext.call(ContextHandler.java:1456)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.doStart(ServletContextHandler.java:1046)
at org.eclipse.jetty.ee10.webapp.WebAppContext.doStart(WebAppContext.java:504)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.server.Server.start(Server.java:643)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:120)
at org.eclipse.jetty.server.Handler$Abstract.doStart(Handler.java:491)
at org.eclipse.jetty.server.Server.doStart(Server.java:584)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at alpine.embedded.EmbeddedJettyServer.main(EmbeddedJettyServer.java:131)
Steps to Reproduce
- Change the task definitions from using container version 4.12.7 to 4.13.0
Expected Behavior
I expected the upgrade to run and the new API container to start up.
Dependency-Track Version
4.13.0
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
14.15
Browser
Microsoft Edge
Checklist
- [x] I have read and understand the contributing guidelines
- [x] I have checked the existing issues for whether this defect was already reported
My deployment failed and rolled back. I notice the logs for 4.12.7 also have the above error but the container continues to load with:
025-04-08 05:49:01,759 ERROR [UpgradeInitializer] An error occurred performing upgrade processing. org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "CONFIGPROPERTY_U1" Detail: Key ("GROUPNAME", "PROPERTYNAME")=(artifact, bom.validation.mode) already exists.
2025-04-08 05:49:01,763 INFO [PersistenceManagerFactory] Initializing persistence framework
2025-04-08 05:49:01,780 INFO [PersistenceManagerFactory] Creating transactional connection pool
2025-04-08 05:49:01,896 INFO [PersistenceManagerFactory] Creating non-transactional connection pool
2025-04-08 05:49:03,676 INFO [HealthCheckInitializer] Registering health checks
Looks like your instance never successfully completed the 4.12.0 migration. Please run the following on your database, and then restart the DT instance:
delete from "CONFIGPROPERTY" where "GROUPNAME" = 'artifact' AND "PROPERTYVALUE" = 'bom.validation.mode';
For reference, a user in Slack had the same issue: https://owasp.slack.com/archives/C6R3R32H4/p1742124513008189
Thanks @nscuro. It took me some time to figure out how to run that. In my case it meant getting a shell into the container, installing psql and running something like the following:
psql -h deptrackdatabaseinstance -d deptrack -U postgres -c "delete from \"CONFIGPROPERTY\" where \"GROUPNAME\" = 'artifact' AND \"PROPERTYVALUE\" = 'bom.validation.mode';"
Unfortunately, that returned DELETE 0 which I presume means it hasn't done anything. I tried restarting the DT container for good measure but as expected the issue persists.
There are two columns with similar names:
The error mentions Key ("GROUPNAME", "PROPERTYNAME") not PROPERTYVALUE.
Ah, good catch @gitmln!
@hastarin Apologies, my original query had a typo, can you please retry with:
delete from "CONFIGPROPERTY" where "GROUPNAME" = 'artifact' AND "PROPERTYNAME" = 'bom.validation.mode';
I add same issue trying to upgrade my DT deployment on Azure ACS. The workaround above worked for me
Thanks this has now worked. I'll leave the ticket open in case there is any follow up needed.
We are facing the same issue, but the fix mentioned above by deleting the property doesn't solve the problem ... it occurs again after restarting the apiserver pod.
2025-05-13 08:08:57,073 INFO [RequirementsVerifier] Initializing requirements verifier
2025-05-13 08:08:57,073 INFO [UpgradeInitializer] Initializing upgrade framework
2025-05-13 08:08:57,645 INFO [UpgradeInitializer] Executing pre-upgrade hook: org.dependencytrack.upgrade.v4130.v4130PreUpgradeHook
2025-05-13 08:08:57,647 INFO [v4130PreUpgradeHook] Database is not MSSQL; Nothing to do
2025-05-13 08:08:57,648 INFO [UpgradeInitializer] Executing pre-upgrade hook: org.dependencytrack.upgrade.v4131.TagDeduplicationPreUpgradeHook
2025-05-13 08:08:57,654 INFO [TagDeduplicationPreUpgradeHook] No duplicate tags found
2025-05-13 08:08:57,656 INFO [TagDeduplicationPreUpgradeHook] No duplicate "NOTIFICATIONRULE_TAGS" records found
2025-05-13 08:08:57,657 INFO [TagDeduplicationPreUpgradeHook] No duplicate "POLICY_TAGS" records found
2025-05-13 08:08:57,658 INFO [TagDeduplicationPreUpgradeHook] No duplicate "PROJECTS_TAGS" records found
2025-05-13 08:09:03,449 INFO [UpgradeExecutor] Upgrade class org.dependencytrack.upgrade.v4120.v4120Updater about to run.
2025-05-13 08:09:03,449 INFO [v4120Updater] Removing ConfigProperty experimental:bom.processing.task.v2.enabled
2025-05-13 08:09:03,457 INFO [v4120Updater] Migrating ConfigProperty artifact:bom.validation.enabled to artifact:bom.validation.mode
2025-05-13 08:09:03,461 INFO [v4120Updater] Extending max length of column TEAM.NAME to 255
2025-05-13 08:09:03,463 INFO [v4120Updater] Migrating PROJECT.AUTHOR and COMPONENT.AUTHOR to PROJECT.AUTHORS and COMPONENT.AUTHORS
@Nitrael86 The logs you shared look like a successful migration. Did you mean to share logs with errors?
Hello Everyone,
I have the same issue as hastarin, however, simply removing the “bom.validation.mode” entry from the database and restarting the deployment did not help, as the “bom.validation.mode” reappears again and the API node throws the same error.
It all started when I upgraded the Dependency Track API Server from version 4.12.4 to 4.13.2. I have then started to see the following output on the API server pod:
2025-08-28 08:58:19,011 INFO [EmbeddedJettyServer] alpine-executable-war v3.2.0 (e93877d0-df20-4fb1-94d1-18aaaff5eb24) built on: 2025-04-02T10:25:57Z
2025-08-28 08:58:22,226 INFO [Config] --------------------------------------------------------------------------------
2025-08-28 08:58:22,228 INFO [Config] OS Name: Linux
2025-08-28 08:58:22,229 INFO [Config] OS Version: 5.15.0-1090-azure
2025-08-28 08:58:22,229 INFO [Config] OS Arch: amd64
2025-08-28 08:58:22,230 INFO [Config] CPU Cores: 4
2025-08-28 08:58:22,237 INFO [Config] Max Memory: 8.0 GB (8,589,934,592.0 bytes)
2025-08-28 08:58:22,238 INFO [Config] Java Vendor: Eclipse Adoptium
2025-08-28 08:58:22,240 INFO [Config] Java Version: 21.0.7+6-LTS
2025-08-28 08:58:22,240 INFO [Config] Java Home: /opt/java/openjdk
2025-08-28 08:58:22,240 INFO [Config] Java Temp: /tmp
2025-08-28 08:58:22,241 INFO [Config] User: dtrack
2025-08-28 08:58:22,241 INFO [Config] User Home: /data/
2025-08-28 08:58:22,241 INFO [Config] --------------------------------------------------------------------------------
2025-08-28 08:58:22,242 INFO [Config] Initializing Configuration
2025-08-28 08:58:22,243 INFO [Config] System property alpine.application.properties not specified
2025-08-28 08:58:22,244 INFO [Config] Loading application.properties from classpath
2025-08-28 08:58:22,252 INFO [Config] --------------------------------------------------------------------------------
2025-08-28 08:58:22,253 INFO [Config] Application: Dependency-Track
2025-08-28 08:58:22,254 INFO [Config] Version: 4.13.2
2025-08-28 08:58:22,254 INFO [Config] Built-on: 2025-05-08T22:18:12Z
2025-08-28 08:58:22,254 INFO [Config] --------------------------------------------------------------------------------
2025-08-28 08:58:22,255 INFO [Config] Framework: Alpine
2025-08-28 08:58:22,255 INFO [Config] Version : 3.2.0
2025-08-28 08:58:22,255 INFO [Config] Built-on: 2025-04-02T10:25:57Z
2025-08-28 08:58:22,256 INFO [Config] --------------------------------------------------------------------------------
2025-08-28 08:58:22,412 INFO [RequirementsVerifier] Initializing requirements verifier
2025-08-28 08:58:22,412 INFO [UpgradeInitializer] Initializing upgrade framework
2025-08-28 08:58:24,025 INFO [UpgradeInitializer] Executing pre-upgrade hook: org.dependencytrack.upgrade.v4130.v4130PreUpgradeHook
2025-08-28 08:58:24,042 INFO [v4130PreUpgradeHook] PUBLIC_ID column already exists in APIKEY table; Nothing to do
2025-08-28 08:58:24,047 INFO [UpgradeInitializer] Executing pre-upgrade hook: org.dependencytrack.upgrade.v4131.TagDeduplicationPreUpgradeHook
2025-08-28 08:58:24,071 INFO [TagDeduplicationPreUpgradeHook] No duplicate tags found
2025-08-28 08:58:24,074 INFO [TagDeduplicationPreUpgradeHook] No duplicate "NOTIFICATIONRULE_TAGS" records found
2025-08-28 08:58:24,079 INFO [TagDeduplicationPreUpgradeHook] No duplicate "POLICY_TAGS" records found
2025-08-28 08:58:24,084 INFO [TagDeduplicationPreUpgradeHook] No duplicate "PROJECTS_TAGS" records found
2025-08-28 08:58:27,788 INFO [UpgradeExecutor] Upgrade class org.dependencytrack.upgrade.v4120.v4120Updater about to run.
2025-08-28 08:58:27,789 INFO [v4120Updater] Removing ConfigProperty experimental:bom.processing.task.v2.enabled
2025-08-28 08:58:27,804 INFO [v4120Updater] Migrating ConfigProperty artifact:bom.validation.enabled to artifact:bom.validation.mode
2025-08-28 08:58:27,845 ERROR [UpgradeExecutor] Error in executing upgrade class: org.dependencytrack.upgrade.v4120.v4120Updater
com.microsoft.sqlserver.jdbc.SQLServerException: Violation of UNIQUE KEY constraint 'CONFIGPROPERTY_U1'. Cannot insert duplicate key in object 'dbo.CONFIGP
ROPERTY'. The duplicate key value is (artifact, bom.validation.mode).
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:276)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(SQLServerStatement.java:1787)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(SQLServerPreparedStatement.java:688)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(SQLServerPreparedStatement.java:607)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7745)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:4700)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:321)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(SQLServerStatement.java:253)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeUpdate(SQLServerPreparedStatement.java:549)
at org.datanucleus.store.rdbms.datasource.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136)
at org.datanucleus.store.rdbms.datasource.dbcp2.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:136)
at org.dependencytrack.upgrade.v4120.v4120Updater.migrateBomValidationConfigProperty(v4120Updater.java:124)
at org.dependencytrack.upgrade.v4120.v4120Updater.executeUpgrade(v4120Updater.java:48)
at alpine.server.upgrade.UpgradeExecutor.executeUpgrades(UpgradeExecutor.java:88)
at org.dependencytrack.upgrade.UpgradeInitializer.contextInitialized(UpgradeInitializer.java:107)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:1589)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.contextInitialized(ServletContextHandler.java:500)
at org.eclipse.jetty.ee10.servlet.ServletHandler.initialize(ServletHandler.java:675)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.startContext(ServletContextHandler.java:1323)
at org.eclipse.jetty.ee10.webapp.WebAppContext.startWebapp(WebAppContext.java:1350)
at org.eclipse.jetty.ee10.webapp.WebAppContext.startContext(WebAppContext.java:1308)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.lambda$doStart$0(ServletContextHandler.java:1049)
at org.eclipse.jetty.server.handler.ContextHandler$ScopedContext.call(ContextHandler.java:1456)
at org.eclipse.jetty.ee10.servlet.ServletContextHandler.doStart(ServletContextHandler.java:1046)
at org.eclipse.jetty.ee10.webapp.WebAppContext.doStart(WebAppContext.java:504)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.server.Server.start(Server.java:643)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:120)
at org.eclipse.jetty.server.Handler$Abstract.doStart(Handler.java:491)
at org.eclipse.jetty.server.Server.doStart(Server.java:584)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at alpine.embedded.EmbeddedJettyServer.main(EmbeddedJettyServer.java:131)
I have already tried the following, in an attempt to resolve these issues: • Removed the “bom.validation.mode” entry from the database and restarted the deployment. • Shut down the API server deployment, removed the database entry and restarted the deployment. • Shut down the API server deployment, changed the database entry from “bom.validation.mode” to “bom.validation.enabled” and restarted the deployment. • Shut down the API server deployment, removed the database entry of “bom.validation.mode” and then manually inserted the “bom.validation.enabled” entry into the database. Restarted the deployment.
In all cases, the “bom.validation.mode” entry re-appeared in the database as soon as the pod restarted and the same error popped up. Can someone please suggest another possible fix for this issue?
Thank you!
@romboc It sounds like there's something after that property change in the 4.12.0 migration that fails. If you're deploying via Docker Compose or k8s, likely the failing container is automatically getting restarted.
Can you try disabling the automatic restarts and inspect the logs when the container is failing startup? AFAIK Docker Compose doesn't retain logs of the previous container but k8s might.
@nscuro, thank you for the suggestion. I'm deploying the solution via k8s.
And I have managed to resolve the issues on my end! So I was getting the errors, mentioned in my previous comments, with Dependency Track API version 4.13.2, but when I would revert back to version 4.12.4 - everything would start working again. The resolution for this error, in my case, was to remove the “bom.validation.mode” entry from the database while still being on version 4.12.4 and only then performing the upgrade of the API to version 4.13.2.
I had similar issue and upgrade minor versions one by one. applied the mentioned query on v4.12.7 then successfully upgraded to v4.13.0. Thanks.
