Niklas
Niklas
I have created sub-issues for some initial work items we'll need to tackle. It's mostly research at this point, but help would still be much appreciated. It might just be...
Some exploratory work has been started here: https://github.com/DependencyTrack/vuln-db
@rauburtin https://github.com/DependencyTrack/vuln-db/issues/37
@ellipse2v Unless I am missing something, vulnerability-lookup does not include any matching information at all, which is a property it shares with the EUVD. Vulnerability metadata is nice but it...
The `APIKEY` column should no longer exist past the v4.13.0 upgrade: https://github.com/DependencyTrack/dependency-track/blob/6e3b0aae13fb415225ea98fb6eb3ead39ebdea19/src/main/java/org/dependencytrack/upgrade/v4130/v4130_1Updater.java#L171-L175 Did you upgrade from a SNAPSHOT version?
For Postgres there's also [PGTune](https://pgtune.leopard.in.ua/), which yields a good starting point given the available resources. The default Postgres config is suitable for running on minimal hardware (think Raspberry Pi), so...
Could be addressed by adding a new entry to [`license-mapping.json`](https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/main/resources/license-mapping.json).
For reference, here's Microsoft's announcement: https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750 And here the relevant documentation: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth The email client we use is Eclipse Angus. The documentation to use OAuth2 with it is here: https://eclipse-ee4j.github.io/angus-mail/OAuth2...
I suspect this is a symptom of https://github.com/DependencyTrack/dependency-track/issues/5460. Likely one or more vulnerabilities were previously reported by an analyzer, but are not anymore.
Have to move this to 4.13.5 because we have to get #4742 out ASAP. I tried fixing as many of the other (trivial) issues we had planned for 4.13.4 as...