Anchore Enterprise Release Notes - Version 3.0.3
Anchore Enterprise 3.0.3
v3.0.3 is a patch release of Anchore Enterprise containing targeted fixes and improvements. No database upgrade is necessary.
Enterprise Service Changes
Fixes
- Better vulnerability listing API call performance
- Fixes regression in 3.0.0+ that made “hints” feature cause analysis errors of images for some package types
- Large image analysis load failures from catalog to policy engine due to connection timeout. Makes timeout configurable.
- Updates internal Syft to 0.15.1 to reduce java package CVE false positives and include CPE permutations that replace hyphens with underscores for better matching
- Adds missing recent ubuntu release vulnerability feeds (20.10, 21.04)
- Fixes Ubuntu feed mappings from name to version via configuration
- Adds new debian releases for vulnerability feeds and makes new ones configurable without software upgrades
Enterprise UI Changes
Fixes
- Adds package path to vulnerability listing table to differentiate findings packages in multiple locations
- Report manager timezone string conversion error
- The CSV report data for an image that is a descendant of a base image would not show the Inherited From Base column header in the output if the dataset contained items that were false
- In the Print Report view for Vulnerabilities in Image Analysis, the appearance of the View Report button was obscuring the values held in the Vulnerability ID column
- The Anchore Service Version (previously, Anchore Engine Version) in the About Anchore Enterprise Client modal will now update dynamically if the services are upgraded in the background
Additional minor bug fixes and enhancements
Upgrading
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified May 11, 2021: Updated with suggestions from mholt (b07f884)