Anchore Enterprise Release Notes - Version 4.1.1

Anchore Enterprise 4.1.1

Anchore Enterprise release v4.1.1 contains targeted fixes and improvements.

Enterprise Service Updates

Improvements

  • Introduced a Recommendation field that is available in the Policy Rule. This field will be visible in the image policy check results. It will allow the Policy Rule creator to provide a generic hint on how to fix policy findings.
  • Improved the description of the “max days since creation” parameter within the vulnerability->package rule. It now states, “A grace period, in days, for a vulnerability match to be present after which the vulnerability is a policy violation”.

Fixes

  • Fixed enterprise database schema upgrade process from 4.0.x to 4.1.0 schema when run on a fips-enabled host.
  • Improved error message when providing invalid tag to the External API Inventory calls.
  • Improved error messages around registry access failures.
  • Improved detection and error handling of an image that contains an empty or unknown distro.
  • Image analysis will succeed when the image contains an uncompressed layer.
  • Image analysis will succeed when the image contains un-parsable rpmdb file entries.
  • On a restart or a manual resync of the feed service, the system will maintain no more than 2 versions of the grype database records.
  • Tag status is updated immediately in reporting data. Previously, the tag status updates maybe have been delayed.

Deprecation Reminders

  • The Embedded Inventory Mode Feature, has been deprecated. During the future Enterprise Release v4.2.0, it will be removed.
  • The anchore-cli python client will be deprecated as of the future Enterprise Release v4.2.0. AnchoreCTL will be the only supported command line tool for interacting with Anchore Enterprise.

UI Updates

Improvements

  • A Recommendation field has been added to the policy rule editor to allow policy creators to provide bespoke remediation guidance. This information will be surfaced within the output for any matched rule within the Policy Compliance results table in the Artifact Analysis view.
  • The service log output for the application has been overhauled. Administrators with access to the running app instance are now able to view detailed timestamped information—categorized by level—that describes the routes being accessed, connection and configuration details, and information about the major operations taking place within the runtime. Additional logging data will be added in subsequent releases.

Fixes

  • The management of database connectivity details from the app has been updated to handle special characters in configuration strings.
  • A Forbidden error is displayed when a non-administrative user tries to directly access the /system/notifications tab via URL. It also blocks a fetch for the LDAP configuration details for non-admins.
  • Various supporting libraries have been updated in order to improve security and performance, and also to remove deprecation warnings from browser and server output logs. Redundant libraries have been removed to reduce the app startup time and overall size.
Last modified September 30, 2024