Anchore Enterprise Release Notes - Version 5.25.1

Anchore Enterprise v5.25.1

Enterprise Service

Requirements

• If upgrading from a v4.x release, please refer to the v4.x –> v5.x Migration Guide.
• If upgrading from a release in the range of v5.0.0 - v5.24.x
  • The upgrade will result in an automatic schema change that will require database downtime. Below are the estimated downtime durations for version that require significant downtime:
    • The v5.3.0 schema change may take more than an hour to complete depending on the amount of data in your reporting system.
    • The v5.6.0 schema change may take 2 hours or more depending on the amount of data in your system.
    • The v5.11.x schema change will take approximately 1-2 minutes to complete for every 1 million vulnerable artifacts in your reporting system.
  • If your Anchore Enterprise deployment is on FIPS enabled hosts and your database is being hosted on Amazon RDS, an upgrade to Postgres 16 or greater is required. For more information please see the FIPS section in Requirements.
• Minimum recommended memory for the Analyzer and Policy Engine services has been increased from 8GB to 16GB to better support the performance improvements in the new image analysis system. See the Deployment Requirements Documentation for more information.

Fixes

• Security Fix
  • Fixes an authenticated SQL injection vulnerability in the GraphQL Reports API CVE-2026-25076.
    • Anchore thanks Andrew Van Fleteren for reporting this issue.
• Fixes an issue where binary hints with duplicate locations were incorrectly dropped during image analysis. A binary can contain multiple packages at the same location, but the deduplication logic was treating these as duplicates and discarding them.
• Fixes an issue where provided Jave hints were only partially applied in the java content output. If the hint included the origin or location fields, those were not being applied to the java content output.
• Fixes an issue where policy evaluation could fail on certain images when the suid_or_guid_set trigger in the files gate encountered a file entry with a missing file mode value, resulting in a TriggerEvaluationError.

Deprecations

• Support for OpenStack Swift, which is an open-source object storage system, has been deprecated. Please see Object Storage for a list of supported Object Stores.
• The enterprise-gitlab-scan plugin is being deprecated in favor of using AnchoreCTL directly in your pipelines. Please see GitLab for more information on integrating Anchore Enterprise with GitLab.
• The webhook system managed in the configuration file is being deprecated in favor of the more advanced notification system which can be configured to send notifications to webhook endpoints. Please see Notifications for more information on configuring notifications.
• Images analyzed prior to Anchore Enterprise v4.0.0 will be updated to indicate that their analysis has failed, as Anchore Enterprise no longer supports the analysis artifacts produced prior to v4.0.0. Please ensure that any required images are re-analyzed after upgrading to v5.25.0.
• Images archived prior to Anchore Enterprise v4.0.0 can no longer be restored into the active dataset. Please ensure that any required archived images are restored prior to upgrading to v5.25.0.

Recommended Component Versions

Anchore Helm Chart can be found at https://github.com/anchore/anchore-charts

Syft Release Notes can be found at https://github.com/anchore/syft/releases/tag/v1.41.2

Grype Release Notes can be found at https://github.com/anchore/grype/releases/tag/v0.104.1