Niklas

DataNucleus RDBMS 6.0.2 will include fixes for issues that are critical to us: * https://github.com/datanucleus/datanucleus-rdbms/issues/446 * https://github.com/datanucleus/datanucleus-rdbms/issues/444#issuecomment-1236388248 DN RDBMS 6.0.2 is still to be released. We **must** update prior to...

## Bug Report When using `@PrimaryKey` fields of type `long` like this: ```java @PrimaryKey @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE) private long id; ``` with PostgreSQL, the column in the schema generated by...

### Description Bumps the CWE dictionary to v4.13. ### Addressed Issue N/A ### Additional Details N/A ### Checklist - [x] I have read and understand the [contributing guidelines](../CONTRIBUTING.md#pull-requests) - ~This...

It's not possible to import components with PURLs with more than 255 characters

11

### Current Behavior: Due to the chosen database schema, Dependency-Track is not able to import components with package URLs that have a length of 255 characters or more. See https://github.com/CycloneDX/cyclonedx-node-npm/issues/224...

### Current Behavior ### How Dependency Graphs Work Today Both the `PROJECT` and `COMPONENT` object have a `DIRECT_DEPENDENCIES` column, which contains a JSON array of serialized [`ComponentIdentity`](https://github.com/DependencyTrack/dependency-track/blob/master/src/main/java/org/dependencytrack/model/ComponentIdentity.java) objects. This roughly...

Validate uploaded BOMs against CycloneDX schema

2

### Current Behavior Uploaded BOMs are currently not validated against the CycloneDX schema. Users who upload (unknowingly) invalid BOMs only get to know about that fact when inspecting the logs...

Offer a query language to perform searches

2

### Current Behavior The Dependency-Track UI has multiple views where users can filter displayed items through a search field. For the *Vulnerabilities* view, here's what the search looks like: ...

Support Common Expression Language (CEL) in policy conditions

6

### Current Behavior Policy evaluation today is based on conditions that are evaluated one-by-one, for every component. Evaluations of conditions do not have a shared context. This means that for...

Description of `metadata.supplier` is confusing

8

As of v1.5, the description of `metadata.supplier` states: https://github.com/CycloneDX/specification/blob/299209abd9531d808e0cc4235e77a7c4b1b53d96/schema/bom-1.5.schema.json#L268-L271 This is in addition to `metadata.component.supplier`, which states: https://github.com/CycloneDX/specification/blob/299209abd9531d808e0cc4235e77a7c4b1b53d96/schema/bom-1.5.schema.json#L430-L434 Based on those descriptions, it is unclear what the subject of `metadata.supplier`...

`checkAutoCommitIsDisabled` fails for `kafka-clients` v3.7.0

1

When using PC with `kafka-clients` v3.7.0, PC fails while trying to determine whether the provided `Consumer` has auto-commit enabled: ``` Caused by: java.lang.IllegalStateException: Cannot check auto commit is disabled for...