Anchore Enterprise Release Notes - Version 5.10.0

Anchore Enterprise v5.10.0

Enterprise Service Updates

Requirements

• If upgrading from a v4.x release, please refer to the v4.x –> v5.x Migration Guide.
• If upgrading from a release in the range of v5.0.0 - v5.9.0
  • The upgrade will result in an automatic schema change that will require database downtime.
  • The v5.3.0 schema change may take more than an hour to complete depending on the amount of data in your reporting system.
  • The v5.6.0 schema change may take 2 hours or more depending on the amount of data in your system.
  • The v5.7.0 - v5.9.0 schema change will require minimal database downtime.
  • If your Anchore Enterprise deployment is on FIPS enabled hosts and your database is being hosted on Amazon RDS, an upgrade to Postgres 16 or greater is required. For more information please see the FIPS section in Requirements.

Improvements

• Data Syncer Service: The Feed Service has been replaced by a new Enterprise service called the “Data Syncer”. Enterprise no longer supports running a separate feed service. The Data Syncer Service is responsible for syncing data from the Anchore Data Service to the Enterprise installation. The Data Syncer Service is a core service in the Enterprise installation and is required for the system to function correctly.
• A new vulnerability exclusion mechanism has been added to the Policy Engine. This replaces the previous ability to disable specific providers in the on-prem feed service. See Data Syncer Configuration for more information on configuration.

Fixes

• Resolves an issue that would prevent images that had no vulnerabilities detected in the past from reporting future vulnerabilities.

Deprecations

• Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.
• Package Feeds and Policy Gates for Ruby Gems and NPMs, are now EOL. Please contact Anchore Support for more information.
• The enterprise-gitlab-scan plugin is being deprecated in favor of using AnchoreCTL directly in your pipelines. Please see GitLab for more information on integrating Anchore Enterprise with GitLab.
• Feed Service: The Feed Service has been deprecated and replaced by the Data Syncer service. The Feed Service is no longer supported in Enterprise installations.
• Package Feeds: The Ruby Gems and NPMs package feeds and policy gates have been declared End Of life and are no longer supported.

UI Updates

Improvements

• Data from Anchore Hosted Feeds is now synchronized to your local enterprise installation via the Data Syncer service, and represented in the system health view under System.

Fixes

• With very large sets of groups and users, the time taken to store an updated SSO IDP definition could be very long. This issue has now been addressed.

• Bulk selection of events when using a filtered list was including items outside of the filter context. This issue has now been fixed. In addition, the table-filter control have been updated to permit compound filter strings corresponding to different table columns, and both the table- and advanced-filter will now match whitespace in the Event Source table field.

• Various supporting libraries have been updated in order to improve security, performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.

Recommended Component Versions

Anchore Helm Chart can be found at https://github.com/anchore/anchore-charts