Niklas

Should we offer some sort of server-side deduping for the `/finding` API? Right now it'd be the client's responsibility of deduping findings based on the aliases. But maybe we should...

> There will be occasions where a CVE does not exist initially, but a OSSINDEX finding does. That OSSINDEX finding could be audited. True. Just brainstorming here, how about we...

We may also want to include the aliases in the notification subjects, which currently have their own mapping logic: https://github.com/DependencyTrack/dependency-track/blob/a3b42a6fe4d19fc91122887dba0841f26fa7c7c4/src/main/java/org/dependencytrack/util/NotificationUtil.java#L260-L292

@stevespringett I reckon you are super busy ATM, would you like me to take over and work on the remaining outstanding issues?

> This should likely be an additional enhancement as it will have to involve changes to all of the notification templates as well. Aye. I raised https://github.com/DependencyTrack/dependency-track/issues/1992 for it. FYI:...

@stevespringett Is this ready to go from your side?

Note to self: Because `RepositoryMetaEvent`s are currently dispatched for all components of an uploaded BOM (see https://github.com/DependencyTrack/dependency-track/issues/1759#issuecomment-1178266149), there will be situations where multiple threads are analyzing the same component. This...

@syalioune At this pace, there won't be any issues left for the rest of us! 😂 Happy for you to tackle this, thank you.

Wow, that's certainly a first. Ever seen anything like this happening before, @stevespringett? ``` 2022-08-08 11:20:15,312 ERROR [LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread java.lang.StackOverflowError:...

For everyone being affected by this, could you please share: * Whether you have configured DT to use a proxy * How often you see this error; Does it only...