Releases: eclipse-sw360/sw360
sw360-13.0.0-M1
Tagged this release was necessary, because there are persons testing the current master and not seeing the migration script on the database required. The migration on the database came in because of changes on the obligations. After the major work on the obligations data model in the previous release, more work on the UI made a migration script necessary (number 042
). Please note that per our versioning convention, the database migration script makes the tag 13.0
not 12.1
.
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN
variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in reverse order of commit appearance):
Features Summary
1246c023
feat(SplitComponent): Add tooltip for releases of component with SourceCodeDownloadUrl and BinaryDownloadUrl during split feature2eafe3d5
feat(rest): Accept 'downloadurl' in request body as 'sourceCodeDownloadurl' as an alternative to original value 'sourceCodeDownloadurl' for Create and update Release APIsccf05247
feat(ChangeLogs): Fixed issue related to null to empty string or collection conversion20be42db
fix(rest): Fixed update Project API issue - unexpected changes in some fields like moderators, contributors, etccf4bdcfa
feat(UtilityScript): Script for couchdb 2.x to update a field(String) in project document to a new valueea009aed
feat(Obligation): Add License Obligation from License Database based on licenses found in accepted attachments in Release and its LicenseInfo attachmentUsage in Projecta6cf31a3
feat(projectEdit): Project creators and moderators can edit few fields in a closed project2496f037
feat(ClearingReport): Added hyperlink to release document in project clearing report, Changed Font Style (Arial) and Font Size (9) for table contentbd07d53e
feat(CR-UI): Added Advaced filter for CR & fix # of components count
Corections
c18b42b9
fix(clearingreport): Error while downloading clearing report3ff60a09
fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet431e1673
fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report3ff60a09
fix(ExportSpreadSheet): Fixed ClassNotFoundException while export Spreadsheet431e1673
fix(ClearingReport): Fixed null pointer issue for replace text in Clearing report
Infrastructure
71348b4f
chore(deps): Upgrade dependencies (LibreOffice et al)
sw360-12.0.0-M1
This release something special because it brings a lot, really a lot of changes in the database model, more specifically it is a refactoring of the licenses and obligation objects. Following corrections:
- Risks are dropped and migrated to obligations
- Term "todo" is eliminated and we aim at consistently use "obligation"
Then there are two new dimensions of obligations, first obligation level
- Organisation obligations: obligations that apply for all projects of the sw360 instance.
- Project obligations: obligations that apply for a specific project, for example, obligations need to be applied to software which is delivered on a device without display.
- Component obligations: obligations that apply to a release to be more precise, for example IP issues coming when using a particular release.
- License obligations: obligations which come from using software under a license.
Second, the obligations have types:
- Permissions
- Restrictions
- Obligations (finally)
- Risks (for example patent litigation clauses)
- Exceptions (for example classpath exception with GPL)
So that involves a lot of changes to the data model, and resulting a lot of migrations. We apologize in advance for the 18 migrations scripts to execute. But it will be easier to have individual migration scripts for particular changes instead of having a large one. Please refer to scripts/migrations/README.md for further details. Please note that in general, all scripts have a DRYRUN
variable which is set to True
by default and needs to be set to False
to apply actually changes to the database.
Besides, this release has also some other changes, including:
- changing download URL into two attributes: binary download URL and source code download URL
- New REST Endpoint: Search!
- if you ant to write clients using REST: Pagination for some of the major listings!
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package. Please note that you will need to change manually in the python file: the DRYRUN
variable and the couchdb URL (if that is not on localhost or requires password or both).
Credits
The following github users have contributed to the source code since the last release (in order of appearance):
<[email protected]>
github dependabot ;-)
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Features Summary
596ed7bb
feat(ProjectListUI): Added clearing state filter in Project List693dc596
feat(rest): New search resource endpoint and get releases for multiple projectsa2577cf0
feat(rest/ui): Project vulnerability enpoint update & added new projectrating in UIc1b1e33b
feat(ui-rest): Changes in Release information, change title "Download URL" to "Source Code Download URL", add new data filed "Binary Download URL", added new field in excel sheet99b3f816
feat(ProjectTodo): Remove ProjectTodo and UI changes for Obligation and ProjectTodo7b9b73a7
feat(projecttodo): Migration Scriptscb890218
feat(ProjectTodo): Renamed type to obligationType ,Changed required licenseIds to optional, Added optional ObligationLevel obligationLevel in ObligationStatusInfo04020bef
feat(CR-UI): Enhancement & Bug fixes1d6d2b32
feat(licensemodel): Drop Risk and Risk category and merge it with Obligation3ac3ba23
feat(ProjectObligation): Changes in Project Obligation Data Model, renamed linkedObligations to linkedObligationStatus in ProjectObligation struct, renamed struct ProjectObligation to struct ObligationListc009f2c8
feat(obligation): Rename product obligation to project obligationfcfec496
feat(LicenseDataModel): Merge LiceneObligation with Obligationc5e4e1e6
feat(ui): Allow access to merge/split of component and release based on user role configured in propertiesaf625d7b
feat(ProjectUI): Added 2 new fields in Project Obligation5b837649
feat(Project-UI): Added new field in Advanced Search for Projetsff4a9af4
feat(LicenseInfoObligation): Rename Obligation in LicenseInfo.thrift to ObligationAtProject, added null check in change log for merge release6c13cc93
feat(ObligationDataModel): Changes in Obligation data model, Renamed struct Obligations to struct Obligation in License.thrift, Renamed existing obligationType to obligationLevel, Created new obligationType field which has Permission,Risk,Exception,Restriction as options, Fixed adding obligation in licenses tab067b731f
feat(rest): Adding pagination while listing projects and listing project releases
Corections
a2dd35de
fix(lucene): fix parameter allow leading wildcard to true9ac6e93e
fix(ModerationRequest): Fixed Moderation Request not opening when associated attachment deleted51ab6e0b
fix(ProjectListUI): Fixed sorting of project clearing state in Project List page0d525531
fix(Report): Fixed Clearing report to show project, component, organisation obligation92d00ab1
fix(Obligation): Expand/Collapse all columns including comment using single leftmost toggle button for a row, Remove truncate for Obligation Text, Added expand collapse column feature for comments5a1422e6
fix(obligations):cover null pointer case if file with obligations is missing51860a0f
fix(moderation): Project moderation fix2f9a6879
fix(UserSearch): Fixed search user functionality
Infrastructure
d04911b8
chore(deps-dev): Bump junit in /backend/src/src-attachments4a3e8904
chore(deps-dev): Bump junit in /backend/src/src-licenseinfo4f3c3ea8
chore(deps): Bump junit from 4.12 to 4.13.1ca348628
typo(rest): fix patchComponent in releasecontroller is patchRelease
sw360-11.0.0-M1
The changes for this release incorporate a larger jump from the previous release, because it changes the sw360 infrastructure to the following versions:
- From Couchdb 1.X to Couchdb 2.X and Couchdb Lucene 2.1
- From Java 8 to Java 11 - tested with the OpenJDK
- From Liferay Community Edition 7.2.1 to 7.3.3
- From thrift 0.11 to 0.13
Accordingly, also the vagrant project has changed: the current latest master of sw360/sw360vagrant builds with Java-11-based versions of sw360 (onwards from commit 0269392
at https://github.com/sw360/sw360vagrant).
Apart from the changes to the infrastructure, a number of nice new features are introduced, including:
- A Japanese language file for SW360
- Multiple values for external ids for the same keys
- A completely new health check service for better monitoring of an sw360 installation
- Improvements on project handling
For corrections and further changes on the infrastructure, please refer to the listed commits below.
Migrations
For existing installations, a data migration is required. Please go to the readme file in scripts/migrations
to see more information:
https://github.com/eclipse/sw360/blob/master/scripts/migrations/README.md
For running the migrations scripts, you will need python and the couchdb package.
Credits
The following users have contributed to the source code since the last release (in order of appearance):
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
And many thanks to all the other contributions in presentation, issues, discussions!
Features
60f82182
feat(ProjectReleaseRelation): Added new Field comment, createdOn, createdBy in ProjectReleaseRelationc4342f38
feat(ui): Added link to project button from project detail view137b46a7
feat(language): add Japanese properties4d4184d3
feat(ProjectUI):Added Expand/Collapse All and Search in AttachmentUsageTable1b4f2362
feat(project-report): Layout and content update in project report1ee05b59
feat(ComponentUI): Added new filters in Advance search30ce4db1
feat(ExternalIds): Change file permission2442e1f2
feat(ExternalIds): Change file permission and fix typo of special character753d3889
feat(ExternalIds): Add comments to Component, Release and Project rest APIs0049dd3b
feat(ExternalIds): Add byExternalIds views migration scripts, and upgrade to new version 11.0.0-SNAPSHOTbb2f2950
feat(ExternalIds): 1. Handle EscapeXml for external id value, 2. Fix "Upon update of existing project or Component or Release without any change in External IDs"6ec67338
feat(REST): Whitelisting field in REST API response5ee02f75
feat(EditProjectUI): Release table in edit project page should be sorted and omit vendor namec0bf7132
feat(CRView): Clearing Request Comments enhancements
Corrections
73894c08
fix(resource-server): Resolve logback conflict40f4a3aa
fix(ui): Prevent resubmission of form for Project, Component, Vendor, Moderation inorder to prevent loss of data.6b484677
fix(ui): Fixed download license disclosure error upon selection of corrupted attachmentb8446dc1
fix(license): Fixed the NullPointerException and addressed code duplicationa92d2677
fix(byExternalIdView): Fixed the byExternalIds view not working if the value is numberf62a685f
fix(Language_ja): change datatables.lang's URLd65be244
fix(ImportSPDXBOM): Set Default value[Default_Category] to categories field of Component if found null or emptyfda56f18
Fix: 'Download license archive' button in Admin>'import & Export' page is not working #90656eb7074
Fix: import spdx information #927 #915 and change quotes538b1aa7
fix(license): Fixed the license loading issue
Infrastructure
c0685187
chore(script): Added support to uninstall the current thrift version14b1a4af
chore(deps): Bump jackson-databind in /backend/src/src-fossology4f7234cc
chore(java): Support for Liferay 7.3.3 GA4d4c6983c
chore(java): Fixed Deployment issues5d484ee1
chore(java): Updated Spring versiond247a0ff
chore(java): updating test deps for java 113a5958b6
chore(java): migrating to openjdk java version 11c5f82e0e
chore(logging): Added a library containing the log4j2 classesaa6d5ae0
chore(logging): Fixed test failures caused by NoClassDefFound errorsfe659050
chore(logging): Updated OSGi package imports68b91bcc
chore(logging): More tweaks of logging dependenciese4060da6
chore(logging): Switched logging configuration to log4j2 formatebc8f852
chore(logging): Upgraded from log4j 1 to log4j 27866a852
chore(logging): Removed unused dependency to logback465fc5fa
chore(couchdb): Support CouchDb Lucene 2.1.0 with CouchDb 2.1.2 and backward compatibilitybbabafd7
chore(Portlet): Rename Moderation portlet to Requestsf512b867
chore(changelog): fixing formattinga6d07505
chore(release): changing pom file for 10.0.0-SNAPSHOT
sw360-10.0.0-M1
Again, another data model change, new major version. Please see the script 018_remove_unwanted_field_from_clearing_request.py
in the directory scripts/migrations
to change the data model accordingly. The script is necessary for existing clearing request records; not executing the script will lead to malfunction of the sw360 application.
The update improves also runtime stability, because the escaping when displaying quotes has been improved: previously, special characters such as quotes have compromised the rendering of the page. Now, the content is rendered in a correct way.
Further improvements include:
- The ability to split releases from a component and assign this release to another component. This is the opposite case of merging components. On one hand it can undo mistaken component merges. On the other hand, user input, creating a release at the wrong component, can be corrected now.
- a new REST endpoint to request all details from a larger list in one REST call.
- a new REST endpoint to delete attachments from the REST API
More features include the ability to search for IDs when linking releases to projects or enhancements to the clearing request structures.
Features
ef6170e1
feat(attachments): Evaluate check status before deletion.ea6d31ad
feat(CRUI): Modifications in Clearing Request table in moderation tab.90dbdb52
feat(attachments): Updated REST documentation.220f991f
feat(attachments): ComponentController can now delete attachments.5f504aef
feat(attachments): ReleaseController now supports deleting attachments.2930cea5
feat(attachments): Added function to prepare deleting attachments.8adb9147
feat(attachments): Implemented ThriftAttachmentServiceProvider.daa3b3fb
feat(attachments): Introduced ThriftServiceProvider interface.5783cc3b
feat(rest): Whitelisting project 'state' and 'phaseOutSince' field.fc0c7e43
feat(ui/search): Search using rel. id and added link to the release in the search result.2ec0e6d9
feat(REST): Added new allDetails Parameter to List Projects and List Releases API to fetch records with all details.c0bf7132
feat(CRView): Clearing Request Comments enhancements.8528ecfe
feat(SplitComponentUI): Move Component data like releases and attachments from Source Component to Target Component.
Corrections
9c01170b
fix(escapeXML): Added missing escapeXML, to prevent js script execution and rendering break due to single or double quotes, Added missing escapeXml to merge-split Component, merge releases, license details view, list-details-edit view of project, component and release.887533ba
fix(ProjectModeration): Fixed isWriteActionAllowedOnProject check for project update, Fixed incorrect value for Visibility in Edit Project view which has existing moderation request.
sw360-9.0.0-M1
This release brings new features which also change the data model. Therefore, a major version step is justified. Major new features are:
- Support for custom field layout using the referring Liferay mechanism, fully transparent with the REST API using additional data fields
- Changelog for changed data for projects, components and releases
- Reordered sections in detail view
- A completely new view Clearing Status offering tree and list view
Besides bug fixes and features correct bugs so far. In order to fix a bug with the REST API, note that a migration script should be executed. It corrects a missing value for the status of the release which is also now automatically set when creating releases using the REST API (and not only in the Web user interface).
Features
a2e65103
feat(PreferenceUI): Enabled Email notification for CR49311164
feat(ProjectUI): Custom Field for Additional data in Project1d3423cb
feat(ReadmeOss): Filter linked project from ReadmeOss based on selection03000401
feat(ProjectUI): Unified view of Linked Project and Releases, Clearing status, Linked Release Hierarchy. View includes tree view and list view89714248
feat: Support custom fields in additionalData group in Component and Release page04b57fd1
feat(ChangeLogs): Revision history of Document
Corrections
fb09ccee
fix(MigrationScript): Update releases with empty clearingState to default value - NEW_CLEARING7bbd4235
fix(ClearingStatus): Tree View Release name getting truncated, Sort for Project mainline state and Clearing State in List View fixed , added search filter4c7b0e72
fix(ClearingStatusView): Fixed uneven button height, console error related to createVulnerabilityTable, takes lot of time to load Clearing status list view for large dataset.d1c3731f
fix(ChangelogBasicInfoUI): Applied generic style and reordered the metadatas for Basic Info.78bff1ba
fix(UI): Clearing Request and Obligations fixes79f5c9d4
fix(mergeComponent): Prevent multiple releases with same name and version for a component, which may occur during merge componenta4b44107
fix: Resolve conflictcd4cba10
fix(Changelog): Fixed missing fields like componentType in Changelog history3ee65c9b
fix(REST): Added default value(NEW_CLEARING) for Clearing status while create and update Release67875856
fix(spreadsheet-export): Project spreadsheet export returns blank spreadsheetb91b9e2d
fix(ui): Release overview from component detailscd29922a
fix(UI): Clearing Request bug fix and improvements
Infrastructure
79850290
chore(deps): Bump spring-security-core in /frontend/sw360-portlete1aabab1
chore(deps-dev): Bump dom4j in /backend/src/src-licenseinfo
sw360-8.2.0-M1
Although there are only few commits listed below for this release, the change from 8.1 to 8.2 is huge: sw360 supports now an UI which can be extended with different languages.
With the initial pull request, the English and Vietnamese languages is supported. More languages can be supported. For this, a translation file must be added. Please see README_LANG.md
in the root level of the project directory for more details.
Many thanks to the colleagues at Toshiba for providing this big feature to the community.
Features
8bd91be
feat: SW360 support multi-language update after review994ad5c
feat: SW360 support multi-language
Corrections
ae45236
fix(mergeUI): Provided fix for error message on merge component, release, vendor.
sw360-8.1.0-M1
A version upgrade is justified, because of a number of new features have been integrated: FOSSology scans can be now triggered over the SW360 REST API. By this feature, an upload, for example from sw360antenna, could also trigger the FOSSology scan right away. It requires FOSSology being integrated with sw360.
Another new endpoint is the query for SHA1 values of a file to check if that attachment is actually already found at some release. With this endpoint, one would not need to search for release names and version before making a new entry, but just search for the source code attachment using its SHA1 value to check if an upload has been performed already.
A third new feature is the ability to agree on a clearing job for the software components of a project or product. A project owner can now send to a clearing expert a request to perform the clearing of software components right from SW360.
Features
bb9f2ba
feat(REST): Trigger FOSSology process and check status99e23dc
feat(ObligationUI): Added new status fields for Obligationd025c4a
feat(rest): Attachement sha1 improvement9a53e7b
feat(ProjectUI): Project Clearing Report
Corrections
7bd1fd5
fix(UI/REST): Remove Trailing and leading whitespace for all fields in component, release and projecta2a4b16
fix(components): components listing limited to 200 entries both in UI and excel spreadseet0de1db1
fix(vulerability): vulnerability view breaks at backslash in description83e6f28
fix(REST): Updated upload attachment documentation
Chores
1fc2e0b
Add pull request tempalte and .github folder (11 days ago) [email protected]
sw360-8.0.1-M1
There is some small but very relevant bug in 8.0.0, which prevents the user from creating records in special conditions. Therefore, version 8.0.0 is deprecated and replaced by version 8.0.1.
Corrections
c20fa46
fix(component/release): Add component and release error in UI
sw360-8.0.0-M1
It is not really that we like to ignore minor releases, but release 8 is coming because:
- changes in the DB for external id handling, pls see migration script:
scripts/migrations/016_update_byExternalIds_component_view.py
- changes in the Thrift API, allowing for SPDX BOM import pls see:
libraries/lib-datahandler/src/main/thrift/projects.thrift
And as a larger, very important feature, there is the SPDX BOM import there in a first version, adding two modes:
- Import a project with linked releases from a SPDX BOM file
- Import a list of components and releases from a SPDX BOM file
Moreover a very important feature or fix has been provided for ensuring that malformed REST requests do not lead to failure in the application. Previously, providing wrong typed references (for example: linking releases to a project) was accepted by the application and can lead to malfunction then. The following list lists the detailed changes since 7.0.1:
New Features
712ba79
feat(rest): validate the linked document ids in the payload before updating it in the DBf90fcc4
feat(bomImport): implement SPDX BOM import for projects and releases24999ce
feat(AddProjectReleaseRelation): add a project release relation for source code snippets48de678
feat(REST): Patch Releases to Project
Corrections
d34d454
fix(ReleaseUI): fixed reload report in FOSSology Process336534a
fix(REST): fixed search component by external idbc28c54
fix(EditReleaseUI): Fixed missing functionality of button to delete release to release relatione437a5b
fix(spreadsheet-export): fixed the secuence of values based on headers4c0d5c9
fix(thrift): add should return ID on duplicate1d65e70
fix(html): fix minor bugs and stylingb7a83d6
fix(ui): saving attachment usage issue for source code bundle and others
sw360-7.0.1-M1
After tagging 7.0.0, we found two bugs to be corrected to provide a sound SW360. Therefore, here a new tagged version of sw360. Everyone should use 7.0.1-M1 instead of 7.0.0.
Adding rolling version since last tag will prepare automated tagging with incrementing patch level, retaining manual tagging for major and minor version only.
Corrections
0dcd109
fix(ProjectUI: fixed blank / non-responsive screen on projectda677b5
fix(ui): fix issue #762
Infrastructure
a37e24d
chore(readme): adding some more badgesf1a7c63
feat(chore): adding rolling versions based on commit count