sw360-13.1.0-M1

This time: client libraries. This release among other things brings the client libraries taken over from the sw360antenna project and moved them into the sw360 code base. The client libraries enable Java applications to communicate with a sw360 server via REST calls. Other notable contributions include:

• Support for CouchDB 3.x
• Massive speedup of SPDX import by switching to streaming based parsing for license information for large files
• Single container setup (see Dockerfile in project root) for super easy deployment of sw360
• More UI improvement on sorting and filtering in list views
• Supporting multiple templates for the project clearing reports
• REST: Manage used attachments for license info generation and better querying of vulnerabilities

Migrations

For this version, no database migration is necessary.

Credits

The following github users have contributed to the source code since the last release (in alphabetical order):

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Features Summary

• 0b7818de feat(MyProjectsUI):Add additional filter to MY PROJECTS homepage based on clearing state
• 9e98dd3f feat(ChangeLog): Highlight changes between old and new revision of Document
• eef05a1b feat(ProjectUI): Sort & Filter for ClearingStatus TreeView table
• b6cd9df7 feat(Issue Template):Update issue templates for bug and feature
• fb15708c feat(ui):Rename and Re-arrange the Tabs under Projects section
• 98aa0859 feat(ProjectUI): Release Filter based on attachment availability
• 29308987 feat(clearingreport): Feature to select template for Project Clearing report
• fc024b45 feat(ReleaseUi): Add other / detected license in release
• 04139347 feat(ui-rest): Provide option in attachment usage to include/exclude concluded licenses during LicenseInfo Generation
• 1f995bfa feat(rest): Filter for get project vulnerabilities endpoint
• 1d771d30 feat(rest): Added endpoint to get changel og by document id
• 68ce3cf8 feat(ui): Display Id in summary page of project, component and release
• 5f2a4089 feat(http-support): add http support library for sw360
• 502d9087 feat(sw360Docker): Single container Docker for SW360
• 948924f0 client(test): add failsafe plugin

Corrections

• 7091c4b6 fix(spdxtools):Use toArray(new Node[0]) for shorter code and better performance
• 8b4ebc00 fix(version): Increase minor version to ensure proper version sequence
• 31909cce fix(pom): Fix indentation of profile
• eefcf17f fix(excelexport): Projects with linked releases excel export error
• 2ed2ad80 fix(LicenseInfo): Optimized loading of license info, source code download, Clearing report page
• 034f291c fix(mergeComponentRelease): Attachments not linked properly from source component/Release
• c3830559 fix(spdx): import large spdx rdf files
• b08d2f44 fix(datahandler): Modified ektorp queryView call to support CouchDB 3
• d9756e6a fix(Rest): Create/Update Release with name same as component name

Infrastructure, Docs and Refactorings

• 306c2080 chore(eclipse): Change Jenkinsfile to run release or commit count builds
• 948c7bac chore(eclipse): Build on eclipse ci for deployment of java artifacts
• ba666266 refactor(client): missing license headers
• 867372bd refactor(http): Change http mockito to same version
• ba72cb7d test(client): fix mockito dependency
• cfa8d512 refactor(pom): move version of purl to parent pom
• 31a239eb doc(client): add documentation of the sw360 data model
• cd3ac486 doc(http-support): Add site to http support
• 4670fffe refactor(client): Remove all antenna mentions
• b89e04ce refactor(client): remove antenna http support and switch to sw360
• 834c1c79 refactor(client): Refactor package name
• 7a6f295c refactor(client): Add dependencies to poms

sw360-13.0.0-M1

Tagged this release was necessary, because there are persons testing the current master and not seeing the migration script on the database required. The migration on the database came in because of changes on the obligations. After the major work on the obligations data model in the previous release, more work on the UI made a migration script necessary (number 042). Please note that per our versioning convention, the database migration script makes the tag 13.0 not 12.1.

Migrations

For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:

https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md

For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).

Credits

The following github users have contributed to the source code since the last release (in reverse order of commit appearance):

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Features Summary

• 1246c023 feat(SplitComponent): Add tooltip for releases of component with SourceCodeDownloadUrl and BinaryDownloadUrl during split feature
• 2eafe3d5 feat(rest): Accept 'downloadurl' in request body as 'sourceCodeDownloadurl' as an alternative to original value 'sourceCodeDownloadurl' for Create and update Release APIs
• ccf05247 feat(ChangeLogs): Fixed issue related to null to empty string or collection conversion
• 20be42db fix(rest): Fixed update Project API issue - unexpected changes in some fields like moderators, contributors, etc
• cf4bdcfa feat(UtilityScript): Script for couchdb 2.x to update a field(String) in project document to a new value
• ea009aed feat(Obligation): Add License Obligation from License Database based on licenses found in accepted attachments in Release and its LicenseInfo attachmentUsage in Project
• a6cf31a3 feat(projectEdit): Project creators and moderators can edit few fields in a closed project
• 2496f037 feat(ClearingReport): Added hyperlink to release document in project clearing report, Changed Font Style (Arial) and Font Size (9) for table content
• bd07d53e feat(CR-UI): Added Advaced filter for CR & fix # of components count

Corections

• c18b42b9 fix(clearingreport): Error while downloading clearing report
• 3ff60a09 fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet
• 431e1673 fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report
• 3ff60a09 fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet
• 431e1673 fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report

Infrastructure

• 71348b4f chore(deps): Upgrade dependencies (LibreOffice et al)

sw360-12.0.0-M1

This release something special because it brings a lot, really a lot of changes in the database model, more specifically it is a refactoring of the licenses and obligation objects. Following corrections:

• Risks are dropped and migrated to obligations
• Term "todo" is eliminated and we aim at consistently use "obligation"

Then there are two new dimensions of obligations, first obligation level

• Organisation obligations: obligations that apply for all projects of the sw360 instance.
• Project obligations: obligations that apply for a specific project, for example, obligations need to be applied to software which is delivered on a device without display.
• Component obligations: obligations that apply to a release to be more precise, for example IP issues coming when using a particular release.
• License obligations: obligations which come from using software under a license.

Second, the obligations have types:

• Permissions
• Restrictions
• Obligations (finally)
• Risks (for example patent litigation clauses)
• Exceptions (for example classpath exception with GPL)

So that involves a lot of changes to the data model, and resulting a lot of migrations. We apologize in advance for the 18 migrations scripts to execute. But it will be easier to have individual migration scripts for particular changes instead of having a large one. Please refer to scripts/migrations/README.md for further details. Please note that in general, all scripts have a DRYRUN variable which is set to True by default and needs to be set to False to apply actually changes to the database.

Besides, this release has also some other changes, including:

• changing download URL into two attributes: binary download URL and source code download URL
• New REST Endpoint: Search!
• if you ant to write clients using REST: Pagination for some of the major listings!

Migrations

For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:

https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md

For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN variable and the couchdb URL (if that is not on localhost or requires password or both).

Credits

The following github users have contributed to the source code since the last release (in order of appearance):

<[email protected]>
github dependabot ;-)
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>

Features Summary

• 596ed7bb feat(ProjectListUI): Added clearing state filter in Project List
• 693dc596 feat(rest): New search resource endpoint and get releases for multiple projects
• a2577cf0 feat(rest/ui): Project vulnerability enpoint update & added new projectrating in UI
• c1b1e33b feat(ui-rest): Changes in Release information, change title "Download URL" to "Source Code Download URL", add new data filed "Binary Download URL", added new field in excel sheet
• 99b3f816 feat(ProjectTodo): Remove ProjectTodo and UI changes for Obligation and ProjectTodo
• 7b9b73a7 feat(projecttodo): Migration Scripts
• cb890218 feat(ProjectTodo): Renamed type to obligationType ,Changed required licenseIds to optional, Added optional ObligationLevel obligationLevel in ObligationStatusInfo
• 04020bef feat(CR-UI): Enhancement & Bug fixes
• 1d6d2b32 feat(licensemodel): Drop Risk and Risk category and merge it with Obligation
• 3ac3ba23 feat(ProjectObligation): Changes in Project Obligation Data Model, renamed linkedObligations to linkedObligationStatus in ProjectObligation struct, renamed struct ProjectObligation to struct ObligationList
• c009f2c8 feat(obligation): Rename product obligation to project obligation
• fcfec496 feat(LicenseDataModel): Merge LiceneObligation with Obligation
• c5e4e1e6 feat(ui): Allow access to merge/split of component and release based on user role configured in properties
• af625d7b feat(ProjectUI): Added 2 new fields in Project Obligation
• 5b837649 feat(Project-UI): Added new field in Advanced Search for Projets
• ff4a9af4 feat(LicenseInfoObligation): Rename Obligation in LicenseInfo.thrift to ObligationAtProject, added null check in change log for merge release
• 6c13cc93 feat(ObligationDataModel): Changes in Obligation data model, Renamed struct Obligations to struct Obligation in License.thrift, Renamed existing obligationType to obligationLevel, Created new obligationType field which has Permission,Risk,Exception,Restriction as options, Fixed adding obligation in licenses tab
• 067b731f feat(rest): Adding pagination while listing projects and listing project releases

Corections

• a2dd35de fix(lucene): fix parameter allow leading wildcard to true
• 9ac6e93e fix(ModerationRequest): Fixed Moderation Request not opening when associated attachment deleted
• 51ab6e0b fix(ProjectListUI): Fixed sorting of project clearing state in Project List page
• 0d525531 fix(Report): Fixed Clearing report to show project, component, organisation obligation
• 92d00ab1 fix(Obligation): Expand/Collapse all columns including comment using single leftmost toggle button for a row, Remove truncate for Obligation Text, Added expand collapse column feature for comments
• 5a1422e6 fix(obligations):cover null pointer case if file with obligations is missing
• 51860a0f fix(moderation): Project moderation fix
• 2f9a6879 fix(UserSearch): Fixed search user functionality

Infrastructure

• d04911b8 chore(deps-dev): Bump junit in /backend/src/src-attachments
• 4a3e8904 chore(deps-dev): Bump junit in /backend/src/src-licenseinfo
• 4f3c3ea8 chore(deps): Bump junit from 4.12 to 4.13.1
• ca348628 typo(rest): fix patchComponent in releasecontroller is patchRelease

sw360-11.0.0-M1

The changes for this release incorporate a larger jump from the previous release, because it changes the sw360 infrastructure to the following versions:

• From Couchdb 1.X to Couchdb 2.X and Couchdb Lucene 2.1
• From Java 8 to Java 11 - tested with the OpenJDK
• From Liferay Community Edition 7.2.1 to 7.3.3
• From thrift 0.11 to 0.13

Accordingly, also the vagrant project has changed: the current latest master of sw360/sw360vagrant builds with Java-11-based versions of sw360 (onwards from commit 0269392 at https://github.com/sw360/sw360vagrant).

Apart from the changes to the infrastructure, a number of nice new features are introduced, including:

• A Japanese language file for SW360
• Multiple values for external ids for the same keys
• A completely new health check service for better monitoring of an sw360 installation
• Improvements on project handling

For corrections and further changes on the infrastructure, please refer to the listed commits below.

Migrations

For existing installations, a data migration is required. Please go to the readme file in scripts/migrations to see more information:

https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md

For running the migrations scripts, you will need python and the couchdb package.

Credits

The following users have contributed to the source code since the last release (in order of appearance):

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

And many thanks to all the other contributions in presentation, issues, discussions!

Features

• 60f82182 feat(ProjectReleaseRelation): Added new Field comment, createdOn, createdBy in ProjectReleaseRelation
• c4342f38 feat(ui): Added link to project button from project detail view
• 137b46a7 feat(language): add Japanese properties
• 4d4184d3 feat(ProjectUI):Added Expand/Collapse All and Search in AttachmentUsageTable
• 1b4f2362 feat(project-report): Layout and content update in project report
• 1ee05b59 feat(ComponentUI): Added new filters in Advance search
• 30ce4db1 feat(ExternalIds): Change file permission
• 2442e1f2 feat(ExternalIds): Change file permission and fix typo of special character
• 753d3889 feat(ExternalIds): Add comments to Component, Release and Project rest APIs
• 0049dd3b feat(ExternalIds): Add byExternalIds views migration scripts, and upgrade to new version 11.0.0-SNAPSHOT
• bb2f2950 feat(ExternalIds): 1. Handle EscapeXml for external id value, 2. Fix "Upon update of existing project or Component or Release without any change in External IDs"
• 6ec67338 feat(REST): Whitelisting field in REST API response
• 5ee02f75 feat(EditProjectUI): Release table in edit project page should be sorted and omit vendor name
• c0bf7132 feat(CRView): Clearing Request Comments enhancements

Corrections

• 73894c08 fix(resource-server): Resolve logback conflict
• 40f4a3aa fix(ui): Prevent resubmission of form for Project, Component, Vendor, Moderation inorder to prevent loss of data.
• 6b484677 fix(ui): Fixed download license disclosure error upon selection of corrupted attachment
• b8446dc1 fix(license): Fixed the NullPointerException and addressed code duplication
• a92d2677 fix(byExternalIdView): Fixed the byExternalIds view not working if the value is number
• f62a685f fix(Language_ja): change datatables.lang's URL
• d65be244 fix(ImportSPDXBOM): Set Default value[Default_Category] to categories field of Component if found null or empty
• fda56f18 Fix: 'Download license archive' button in Admin>'import & Export' page is not working #906
• 56eb7074 Fix: import spdx information #927 #915 and change quotes
• 538b1aa7 fix(license): Fixed the license loading issue

Infrastructure

• c0685187 chore(script): Added support to uninstall the current thrift version
• 14b1a4af chore(deps): Bump jackson-databind in /backend/src/src-fossology
• 4f7234cc chore(java): Support for Liferay 7.3.3 GA4
• d4c6983c chore(java): Fixed Deployment issues
• 5d484ee1 chore(java): Updated Spring version
• d247a0ff chore(java): updating test deps for java 11
• 3a5958b6 chore(java): migrating to openjdk java version 11
• c5f82e0e chore(logging): Added a library containing the log4j2 classes
• aa6d5ae0 chore(logging): Fixed test failures caused by NoClassDefFound errors
• fe659050 chore(logging): Updated OSGi package imports
• 68b91bcc chore(logging): More tweaks of logging dependencies
• e4060da6 chore(logging): Switched logging configuration to log4j2 format
• ebc8f852 chore(logging): Upgraded from log4j 1 to log4j 2
• 7866a852 chore(logging): Removed unused dependency to logback
• 465fc5fa chore(couchdb): Support CouchDb Lucene 2.1.0 with CouchDb 2.1.2 and backward compatibility
• bbabafd7 chore(Portlet): Rename Moderation portlet to Requests
• f512b867 chore(changelog): fixing formatting
• a6d07505 chore(release): changing pom file for 10.0.0-SNAPSHOT

sw360-10.0.0-M1

Again, another data model change, new major version. Please see the script 018_remove_unwanted_field_from_clearing_request.py in the directory scripts/migrations to change the data model accordingly. The script is necessary for existing clearing request records; not executing the script will lead to malfunction of the sw360 application.

The update improves also runtime stability, because the escaping when displaying quotes has been improved: previously, special characters such as quotes have compromised the rendering of the page. Now, the content is rendered in a correct way.

Further improvements include:

• The ability to split releases from a component and assign this release to another component. This is the opposite case of merging components. On one hand it can undo mistaken component merges. On the other hand, user input, creating a release at the wrong component, can be corrected now.
• a new REST endpoint to request all details from a larger list in one REST call.
• a new REST endpoint to delete attachments from the REST API

More features include the ability to search for IDs when linking releases to projects or enhancements to the clearing request structures.

Features

• ef6170e1 feat(attachments): Evaluate check status before deletion.
• ea6d31ad feat(CRUI): Modifications in Clearing Request table in moderation tab.
• 90dbdb52 feat(attachments): Updated REST documentation.
• 220f991f feat(attachments): ComponentController can now delete attachments.
• 5f504aef feat(attachments): ReleaseController now supports deleting attachments.
• 2930cea5 feat(attachments): Added function to prepare deleting attachments.
• 8adb9147 feat(attachments): Implemented ThriftAttachmentServiceProvider.
• daa3b3fb feat(attachments): Introduced ThriftServiceProvider interface.
• 5783cc3b feat(rest): Whitelisting project 'state' and 'phaseOutSince' field.
• fc0c7e43 feat(ui/search): Search using rel. id and added link to the release in the search result.
• 2ec0e6d9 feat(REST): Added new allDetails Parameter to List Projects and List Releases API to fetch records with all details.
• c0bf7132 feat(CRView): Clearing Request Comments enhancements.
• 8528ecfe feat(SplitComponentUI): Move Component data like releases and attachments from Source Component to Target Component.

Corrections

• 9c01170b fix(escapeXML): Added missing escapeXML, to prevent js script execution and rendering break due to single or double quotes, Added missing escapeXml to merge-split Component, merge releases, license details view, list-details-edit view of project, component and release.
• 887533ba fix(ProjectModeration): Fixed isWriteActionAllowedOnProject check for project update, Fixed incorrect value for Visibility in Edit Project view which has existing moderation request.

sw360-9.0.0-M1

This release brings new features which also change the data model. Therefore, a major version step is justified. Major new features are:

• Support for custom field layout using the referring Liferay mechanism, fully transparent with the REST API using additional data fields
• Changelog for changed data for projects, components and releases
• Reordered sections in detail view
• A completely new view Clearing Status offering tree and list view

Besides bug fixes and features correct bugs so far. In order to fix a bug with the REST API, note that a migration script should be executed. It corrects a missing value for the status of the release which is also now automatically set when creating releases using the REST API (and not only in the Web user interface).

Features

• a2e65103 feat(PreferenceUI): Enabled Email notification for CR
• 49311164 feat(ProjectUI): Custom Field for Additional data in Project
• 1d3423cb feat(ReadmeOss): Filter linked project from ReadmeOss based on selection
• 03000401 feat(ProjectUI): Unified view of Linked Project and Releases, Clearing status, Linked Release Hierarchy. View includes tree view and list view
• 89714248 feat: Support custom fields in additionalData group in Component and Release page
• 04b57fd1 feat(ChangeLogs): Revision history of Document

Corrections

• fb09ccee fix(MigrationScript): Update releases with empty clearingState to default value - NEW_CLEARING
• 7bbd4235 fix(ClearingStatus): Tree View Release name getting truncated, Sort for Project mainline state and Clearing State in List View fixed , added search filter
• 4c7b0e72 fix(ClearingStatusView): Fixed uneven button height, console error related to createVulnerabilityTable, takes lot of time to load Clearing status list view for large dataset.
• d1c3731f fix(ChangelogBasicInfoUI): Applied generic style and reordered the metadatas for Basic Info.
• 78bff1ba fix(UI): Clearing Request and Obligations fixes
• 79f5c9d4 fix(mergeComponent): Prevent multiple releases with same name and version for a component, which may occur during merge component
• a4b44107 fix: Resolve conflict
• cd4cba10 fix(Changelog): Fixed missing fields like componentType in Changelog history
• 3ee65c9b fix(REST): Added default value(NEW_CLEARING) for Clearing status while create and update Release
• 67875856 fix(spreadsheet-export): Project spreadsheet export returns blank spreadsheet
• b91b9e2d fix(ui): Release overview from component details
• cd29922a fix(UI): Clearing Request bug fix and improvements

Infrastructure

• 79850290 chore(deps): Bump spring-security-core in /frontend/sw360-portlet
• e1aabab1 chore(deps-dev): Bump dom4j in /backend/src/src-licenseinfo

sw360-8.2.0-M1

Although there are only few commits listed below for this release, the change from 8.1 to 8.2 is huge: sw360 supports now an UI which can be extended with different languages.

With the initial pull request, the English and Vietnamese languages is supported. More languages can be supported. For this, a translation file must be added. Please see README_LANG.md in the root level of the project directory for more details.

Many thanks to the colleagues at Toshiba for providing this big feature to the community.

Features

• 8bd91be feat: SW360 support multi-language update after review
• 994ad5c feat: SW360 support multi-language

Corrections

• ae45236 fix(mergeUI): Provided fix for error message on merge component, release, vendor.

sw360-8.1.0-M1

A version upgrade is justified, because of a number of new features have been integrated: FOSSology scans can be now triggered over the SW360 REST API. By this feature, an upload, for example from sw360antenna, could also trigger the FOSSology scan right away. It requires FOSSology being integrated with sw360.

Another new endpoint is the query for SHA1 values of a file to check if that attachment is actually already found at some release. With this endpoint, one would not need to search for release names and version before making a new entry, but just search for the source code attachment using its SHA1 value to check if an upload has been performed already.

A third new feature is the ability to agree on a clearing job for the software components of a project or product. A project owner can now send to a clearing expert a request to perform the clearing of software components right from SW360.

Features

• bb9f2ba feat(REST): Trigger FOSSology process and check status
• 99e23dc feat(ObligationUI): Added new status fields for Obligation
• d025c4a feat(rest): Attachement sha1 improvement
• 9a53e7b feat(ProjectUI): Project Clearing Report

Corrections

• 7bd1fd5 fix(UI/REST): Remove Trailing and leading whitespace for all fields in component, release and project
• a2a4b16 fix(components): components listing limited to 200 entries both in UI and excel spreadseet
• 0de1db1 fix(vulerability): vulnerability view breaks at backslash in description
• 83e6f28 fix(REST): Updated upload attachment documentation

Chores

• 1fc2e0b Add pull request tempalte and .github folder (11 days ago) [email protected]

sw360-8.0.1-M1

There is some small but very relevant bug in 8.0.0, which prevents the user from creating records in special conditions. Therefore, version 8.0.0 is deprecated and replaced by version 8.0.1.

Corrections

• c20fa46 fix(component/release): Add component and release error in UI

sw360-8.0.0-M1

It is not really that we like to ignore minor releases, but release 8 is coming because:

• changes in the DB for external id handling, pls see migration script: scripts/migrations/016_update_byExternalIds_component_view.py
• changes in the Thrift API, allowing for SPDX BOM import pls see: libraries/lib-datahandler/src/main/thrift/projects.thrift

And as a larger, very important feature, there is the SPDX BOM import there in a first version, adding two modes:

• Import a project with linked releases from a SPDX BOM file
• Import a list of components and releases from a SPDX BOM file

Moreover a very important feature or fix has been provided for ensuring that malformed REST requests do not lead to failure in the application. Previously, providing wrong typed references (for example: linking releases to a project) was accepted by the application and can lead to malfunction then. The following list lists the detailed changes since 7.0.1:

New Features

• 712ba79 feat(rest): validate the linked document ids in the payload before updating it in the DB
• f90fcc4 feat(bomImport): implement SPDX BOM import for projects and releases
• 24999ce feat(AddProjectReleaseRelation): add a project release relation for source code snippets
• 48de678 feat(REST): Patch Releases to Project

Corrections

• d34d454 fix(ReleaseUI): fixed reload report in FOSSology Process
• 336534a fix(REST): fixed search component by external id
• bc28c54 fix(EditReleaseUI): Fixed missing functionality of button to delete release to release relation
• e437a5b fix(spreadsheet-export): fixed the secuence of values based on headers
• 4c0d5c9 fix(thrift): add should return ID on duplicate
• 1d65e70 fix(html): fix minor bugs and styling
• b7a83d6 fix(ui): saving attachment usage issue for source code bundle and others