Niklas

> My last update seems to only update on restarts read from the Config loaded at restart. Checking. Looks like the property in question is loaded from the ORMs cache...

Yup, the last modification timestamp requiring a restart to take effect is caused by inconsistencies of the ORM's L2 cache. Fixed in #3322 and backported to 4.10.1 in #3323. If...

Sorry folks, the cache implementation did not make it to 4.10.1. I'll assign this to 4.11; We can still decide to pre-pone the release to 4.10.x once it's fully implemented.

Can you please share the BOM you're uploading? Really the only relevant parts of the BOM are the components you're getting false positives on. Just to give an example, CPEs...

Okay, that's odd then. In the "Audit Vulnerabilities" tab, what is it showing as the analyzer that found the vulnerabilities? Do you have fuzzy CPE matching enabled? 

@mprencipe That sounds like a sensible thing to do. Do you fancy raising a PR for this? @rkg-mm: > 2. It shall be able to generate API keys by admins,...

Related to #3234. I already added MDC usage to the new `BomUploadProcessingTaskV2`, we merely need to continue adding MDC wherever it makes sense. https://github.com/DependencyTrack/dependency-track/blob/333c56d44a7db3447bb1e7126a05b8df6ea717b1/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTaskV2.java#L148-L151 The benefit of using MDC is...

Thanks @sebD I'll have a look over the coming days. Trying to wrap up remaining work for v4.11 at the moment.

~It's odd that you're seemingly getting a non-JSON response despite the HTTP status code indicating success~. Based on the provided stacktrace you are getting an error response from Snyk that...

The prefix of those versions looks more like the *epoch* to me: https://manpages.debian.org/stretch/dpkg-dev/deb-version.5.en.html So in a sense, if the BOMs previously generated by Trivy were missing those, that was technically...