Closed SaberStrat closed 3 months ago
Thanks for reporting @SaberStrat!
I've seen something similar occasionally and can only speculate that this is caused by race conditions in the ORM. There are two query compilation steps involved, and both of them have caches. The fact that the issue resolved after a restart strongly suggests that it is indeed a caching issue.
I've not yet been able to reliably reproduce it, so I couldn't raise an issue or propose a fix to the ORM's codebase so far.
You mean https://github.com/DependencyTrack/dependency-track/issues/2061 being similar @nscuro?
Yup, I suspect these two issues have the same root cause.
Confirmed to be the same as #2061. Closing as duplicate.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Current Behavior
After I updated 4.9.1 to 4.10.0 and then 4.10.1, the Audit Vulnerabilities list has been showing 0 entries for all projects and project versions. Can't say which of the two update step caused this.
Looking at the browser dev tools, the reason for the empty lists was that the /api/v1/findings API requests failed with HTTP status 500.
The 500s correlated with log entries like these, differing by the
value = ...
value:I fixed this by manually restarting the apiserver container.
I don't know DT's inner workings, but this feels like the apiserver cached some intermediate DB state from when the DB was still processing update-related background data tasks, and kept working off of that, claiming silly things like the table having no columns.
Steps to Reproduce
docker-compose up -d
Expected Behavior
Audit Vulnerabilities should not be empty and I shouldn't have to manually restart the apiserver if the Change Log didn't recommend it.
Dependency-Track Version
4.10.1
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
13.2.0
Browser
Google Chrome
Checklist