Skip to main content

Track Resolved Issues

Release 185 (December 2024)

Issue ID

Description

CLM-32827

Addressed an issue where large numbers of membership mappings could cause high PostgreSQL database CPU usage. Added an index for PostgreSQL databases to improve membership mapping queries.

CLM-32249

The SBOM Manager and Lifecycle PDF Exports now include the timezone info with both Created on and Analyzed on dates.

CLM-30691

Fixed an issue where the Data Insights dashboard failed to load for some users who upgraded from IQ Server versions prior to 173.

SBOM-164

Clarified in documentation that SBOMs cannot use UTF-16. You will need to convert them to UTF-8 for them to be properly ingested.

Release 184 (November 2024)

Issue ID

Description

CLM-30501

Slow UI load while selecting between policies

NEXUS-44665

Support Cargo in Repository Firewall Evaluation REST API

Release 183 (October 2024)

Issue ID

Description

CLM-22285

Unable to authenticate with Crowd when running Java 11

CLM-31559

Reduce memory load of PolicyViolationDAO.getUnfixed()

CLM-29910

Slow performance loading UI when large numbers of applications have a notification override for a policy

CLM-30498

Component Claim REST API needs validation on the required fields

CLM-31661

Status check on SCM gets stuck in waiting stage, during a PR from feature to default branch, though the policy evaluation runs

Release 182 (September 2024)

Issue ID

Description

CLM-31091

Deadlock between "Startup license data updater" and search index update task

Release 181 (August 2024)

Issue ID

Description

CLM-31415

IQ Server shuts down when processing pull request comment

CLM-31147

SimilarWaivers API throws nullPointerException

Release 180 (August 2024)

Issue ID

Description

CLM-30754

Update to target Java 17 binaries for the IQ CLI and IQ Server.

CLM-30565

Performance issues navigating the Legal Menu obligations with large application.

CLM-29383

Support zip may attempt to include an unlimited number of cluster_log files.

CLM-25312

Violation Details remain in the loading state when viewing violation details in an old report.

CLM-30305

The user assigned to owner/developer for a repository instance on IQ cannot see the repositories under Orgs & policies.

CLM-30882

Policies assigned to more than one category are not inherited by applications assigned to one category.

CLM-25548

'View Transitive Violation' does not provide a list of violated components from an inner source component.

NEXUS-42059

Policy Compliant Component Selection no longer results in a socket timeout when requesting a PyPi component with many versions.

CLM-30841

PolicyViolationDAO.getUnfixed() method leads to OutOfMemoryError

Release 179 (July 2024)

Issue ID

Description

CLM-30821

IER DataInsight reports are empty after upgrade to v177

CLM-29783

Dev dependencies in poetry.lock/pyproject.toml files are incorrectly detected

INT-8227

Support layer tar files containing files with absolute paths

INT-8241

IQ 175 on Windows not detecting components inside docker tar file created with cli 26.0

Release 178 (June 2024)

Issue ID

Description

CLM-30755

PR commenting tests failing with "out of range of int" error

CLM-29127

Exporting an SBOM Escapes Package URL Query Parameters

CLM-30446

Repository report is using incorrect permissions check for adding waivers

CLM-30533

SBOM scanning produces empty report due to container component InvalidComponentIdentifierException The following coordinates are missing for given format: [namespace]

CLM-30491

SBOM scan with more than 65535 component ids fails with "PreparedStatement can have at most 65,535 parameters" while fetching policy evaluation via the CLI

CLM-29674

Not enough information to identify why Automated Remediate Pull Request is or is not working

CLM-30336

Improve the IQ upgrade process: ERROR: column "legacy_violation_enabled" of relation "organization" already exists

CLM-29116

CycloneDX export is generating invalid purls with incorrect escaping

Release 177 (June 2024)

Issue ID

Description

INT-7742

IQ CLI does not provide means to bypass proxy when using --proxy flag

Release 176 (May 2024)

Issue ID

Description

CLM-29612

Unable to analyze CycloneDX SBOM generated from IQ

CLM-29765

The "Request Waiver" button no longer shows up for a user who has Policy Admin and Developer roles

CLM-29585

Promote Scan Rest API sometimes removes the transitive/direct dependency icons from the promoted report

Release 175 (April 2024)

Issue ID

Description

CLM-29616

Analysis of a Docker image saved as a tar file results in “Component-Unknown”

CLM-29430

"null" is shown before the root organization name

CLM-29339

OutOfMemoryError possible in com.sonatype.insight.brain.search.index.IndexService.updateIndex because it loads all of search_index_change table into heap

CLM-29971

Per Repository Policy Management does not work with Repository Firewall license {also referred to as Issue ID NEXUS-42040}

Release 174 (March 2024)

Issue ID

Description

CLM-28910

Scanning SBOM fails with java.lang.illegalStateException: Duplicate key

CLM-29382

"/api/v2/applications" can be slow when requesting all applications

CLM-29558

H2 DB Export emitting invalid SQL for firewall_metrics table

CLM-29431

IER missing userFirstName for LDAP realm

Release 173 (February 2024)

Issue ID

Description

CLM-29328

Higher heap usage leading to OOMs

CLM-28889

IndexOutOfBoundsException for length 0 for some users with specific app and org permissions

CLM-29264

IER data leakage

CLM-26122

Upgrading IQ instance using helm chart fails with liveness probe failure

CLM-28364

IQ HA fluentd logs output one JSON message object per line of a stack trace

CLM-28366

IQ HA fluentd request logs do not log elapased time like regular request.log

Release 171 (January 2024)

Issue ID

Description

CLM-26912

Advanced Search: READ permission set on an N-level organization may not work

CLM-28126

Add podAnnotations to helm charts

CLM-28352

Container scan of SELinux enabled image does not work

CLM-14238

CycloneDX license expressions

CLM-28057

Waiver on Component Name (all versions) - name based wild card matching, doesn't work.

CLM-28671

Not clear what the intended reporting should be for dependencyManagement section only declared dependencies

Release 170 (December 2023)

Issue ID

Description

CLM-27990

Support zip generator scans entire cluster directory for logs, resulting in very slow performance

CLM-28090

Upgrade cyclonedx-core-java to 8.0.0 for latest license data

CLM-28462

Poetry Scan Handle Null When Package Has No Dependencies

CLM-27992

"GET /api/v2/policyViolations" may cause Out-Of-MemoryError

CLM-25553

Report fails load, seemingly, due to a large bom.json

CLM-26176

Content Security Policy (CSP) Header Not Set (/saml/login)

Release 169 (November 2023)

Issue ID

Description

CLM-28142

Third-Party Scans fail in IQ 168 (CycloneDX, Sonatype Container) when running with H2

CLM-27724

Error parsing third-party scan file

CLM-26111

defaultHostUrl requires a trailing slash when importing applications from GitLab into our LifeCycle organizations

CLM-27022

"Import Applications" with a Host URL without trailing slash causes a 500 response

CLM-27893

Missing database index in insight_brain_third_party_scans causes poor performance

CLM-27857

SPDX 2.2 file inside component causes Nexus Azure DevOps scan to fail pipeline

CLM-27973

Do Not Validate Name In Hierarchy For Policy Update If Policy Name Is Same

CLM-27064

GitLab SCM Integration giving error 500

Release 168 (October 2023)

Issue ID

Description

CLM-25664

Repository view with Developer access is not available unless assigned with at least 2 organizations

CLM-26937

The waving a violation documentation seems out of date

CLM-27407

Increase column length for table saml_group column name

CLM-27408

Viewing Conan proxy repository report can cause "javax.persistence.NonUniqueResultException" with a 500 response.

CLM-27430

Scan Report History API throws NotFoundException for purged reports

CLM-27605

Bitbucket the repository name is case insensitive, so we should not be validating them case sensitively

CLM-27478

Increase the 500-char limit

CLM-27328

Bulk import API stalling for sequential import

CLM-24795

Data retention is not visible if the user has no access to the parent org

Release 166 (August 2023)

Issue ID

Description

CLM-26850

Repository evaluate/componentMetadata requests are significantly slower in IQ 165

CLM-26884

IQ Server can cause StackOverflowError while executing GET /api/v2/policyViolations/transitive/application

CLM-26738

GET requests to /platform/api/v2/config?property=quarantinedItemCustomMessage is returning a 404

CLM-24225

An error message is seen in the report when the component is removed from the vulnerability.

CLM-25847

Waivers for Violation page can't see the Policy waivers

CLM-26343

Scanning poetry.lock file includes development dependencies

CLM-26855

Scanning conda.txt with clair-scanner-output.json

CLM-27061

Firewall for Artifactory integration issue

CLM-26426

Fix for Policy Violation REST API

CLM-26612

Line Comment Links in Bitbucket PRs

CLM-27080

Bulk import issue

CLM-26837

Optimize persistence of policy violations