Anchore Enterprise Release Notes - Version 2.4.1

Anchore Enterprise 2.4.1

v2.4.1 is a patch release of Anchore Enterprise containing targeted fixes and improvements. No database upgrade is necessary.

Enterprise Service Changes

Added

  • Ability to set pool_recycle and other SQLAlchemy engine parameters via config in db_engine_args section of config.yaml
  • Updates image build to support dynamic UID mapping in OpenShift

Fixes

  • RedHat CVE normalization in feed service did not ensure only one fix record per vulnerability in all cases
  • Orphaned feed service driver tasks left in ‘running’ when the system shuts down are now cleaned up on restart and marked as failed
  • Fixes small size limit of data scanned by ClamAV, adds default 4GB max size and configuration options to make it smaller. Errors if image is larger than that (ClamAV does no support larger sizes)
  • Report ClamAV malware findings that do not include a file path as ‘unknown’ rather than skipping
  • Policy engine should return HTTP 400 with instructive message on invalid bundle upload instead of HTTP 500
  • Vulnerability fix version not correct for vulnerabilities with multiple fixes
  • NPM and Gem packages not matching GHSA sources properly
  • Update urllib3 to 1.25.9 to address CVE-2020-26137 even though Anchore not affected by that issue
  • Deactivating or deleting repo subscription does not halt in-progress repository scans and can result in analysis being added after the subscription is removed

Additional minor bug fixes and enhancements

Enterprise UI Changes

Improved

  • Only show enabled feeds and groups via system health
  • Updates image build to support dynamic UID mapping in OpenShift

Fixes

  • Repositories with no watch subscription can cause UI errors during deletion
  • Lack of error message in case of creating/updating password with value that is too short to pass validation
  • Switching account contexts breaks scheduled query recomposition flow

Additional minor bug fixes and enhancements

Upgrading

Built on Anchore Engine v0.8.2: Anchore Enterprise is built on top of the open-source Anchore Engine, which has received new features and updates as well See Anchore Engine Release Notes for information on new features, bug fixes, and improvements in Anchore Engine.


Last modified October 13, 2020: Fix typos (e275e78)