Anchore Enterprise Release Notes - Version 3.0.3

Anchore Enterprise 3.0.3

v3.0.3 is a patch release of Anchore Enterprise containing targeted fixes and improvements. No database upgrade is necessary.

Better vulnerability listing API call performance
Fixes regression in 3.0.0+ that made “hints” feature cause analysis errors of images for some package types
Large image analysis load failures from catalog to policy engine due to connection timeout. Makes timeout configurable.
Updates internal Syft to 0.15.1 to reduce java package CVE false positives and include CPE permutations that replace hyphens with underscores for better matching
Adds missing recent ubuntu release vulnerability feeds (20.10, 21.04)
Fixes Ubuntu feed mappings from name to version via configuration
Adds new debian releases for vulnerability feeds and makes new ones configurable without software upgrades

Adds package path to vulnerability listing table to differentiate findings packages in multiple locations
Report manager timezone string conversion error
The CSV report data for an image that is a descendant of a base image would not show the Inherited From Base column header in the output if the dataset contained items that were false
In the Print Report view for Vulnerabilities in Image Analysis, the appearance of the View Report button was obscuring the values held in the Vulnerability ID column
The Anchore Service Version (previously, Anchore Engine Version) in the About Anchore Enterprise Client modal will now update dynamically if the services are upgraded in the background

Additional minor bug fixes and enhancements

Was this page helpful?

Sorry to hear that. Please tell us how we can improve.