Anchore Enterprise Release Notes - Version 3.0.3

Anchore Enterprise 3.0.3

v3.0.3 is a patch release of Anchore Enterprise containing targeted fixes and improvements. No database upgrade is necessary.

Enterprise Service Changes

Fixes

  • Better vulnerability listing API call performance
  • Fixes regression in 3.0.0+ that made “hints” feature cause analysis errors of images for some package types
  • Large image analysis load failures from catalog to policy engine due to connection timeout. Makes timeout configurable.
  • Updates internal Syft to 0.15.1 to reduce java package CVE false positives and include CPE permutations that replace hyphens with underscores for better matching
  • Adds missing recent ubuntu release vulnerability feeds (20.10, 21.04)
  • Fixes Ubuntu feed mappings from name to version via configuration
  • Adds new debian releases for vulnerability feeds and makes new ones configurable without software upgrades

Enterprise UI Changes

Fixes

  • Adds package path to vulnerability listing table to differentiate findings packages in multiple locations
  • Report manager timezone string conversion error
  • The CSV report data for an image that is a descendant of a base image would not show the Inherited From Base column header in the output if the dataset contained items that were false
  • In the Print Report view for Vulnerabilities in Image Analysis, the appearance of the View Report button was obscuring the values held in the Vulnerability ID column
  • The Anchore Service Version (previously, Anchore Engine Version) in the About Anchore Enterprise Client modal will now update dynamically if the services are upgraded in the background

Additional minor bug fixes and enhancements

Upgrading