2020 Release Notes

Sonatype encourages using the most current IQ Server release and not trailing behind more than six months. Release notes for the most current versions can be viewed here .


Release 83 (January 2020)

New Mail Server Configuration REST API and UI

The mail server configuration for email notifications is now configurable via the new Mail REST API or via IQ Server's UI. Any existing mail server configuration in config.yml will be migrated and become obsolete.

New Permissions for Waiving Policy Violations, Changing Licenses, and Changing Security Vulnerabilities

Three new permissionWaive Policy ViolationsChange Licenses, and Change Security Vulnerabilities are now available for (un)waiving policy violations, changing component licenses, and changing component security vulnerabilities. Previously, the Edit IQ Elements permission was required for these operations. All roles that have the Edit IQ Elements permission are automatically updated to have these new permissions.

Binary Fingerprinting Improvements

This release includes improvements to our proprietary advanced binary fingerprinting and will increase scan file sizes up to four times.

SHA-1 Support for Third Party Scanning

The Third-Party Scan REST API  and CLI has been extended to support the following feature.

  • Identify components based on SHA-1 value (content hash).

Legacy Application Report Link Moved

The Policy-centric Application Composition Report no longer contains a banner with a link to the legacy version of the Application Composition Report.  Instead, the legacy version may now be accessed via the Policy-centric report's Options menu.

Release 82 (January 2020)

Dependency Type Indicators and Filter

Application Composition Report now displays Dependency Type Indicators for maven components. Components can be filtered by dependency type using the new Dependency Type filter.

Note: Dependency Type is only supported for maven components. Reports created prior to January 2, 2020 will show all non-maven components as a direct dependency type. Once the application is rescanned, the non-maven components will be shown as unknown dependency types.

New Permission for Changing Access Control

A new Edit Access Control permission was added for managing the access control for applications, organizations and repositories. Previously, the Edit IQ Elements permission was required for access control management. All roles that have the Edit IQ Elements permission are automatically updated to have the new Edit Access Control permission.