Open Sp33dy42 opened 6 days ago
Are you using project cloning by chance?
This bug was fixed in 4.11: #3464
Yes we are.
On Tue, Jul 2, 2024 at 2:59 AM Niklas @.***> wrote:
Are you using project cloning by chance?
This bug was fixed in 4.11: #3464 https://github.com/DependencyTrack/dependency-track/issues/3464
— Reply to this email directly, view it on GitHub https://github.com/DependencyTrack/dependency-track/issues/3909#issuecomment-2202607700, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJDMSOTSH7AXNM2SF2MTVALZKJ2WXAVCNFSM6AAAAABKGXRKUKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBSGYYDONZQGA . You are receiving this because you authored the thread.Message ID: @.***>
Mirroring. Not cloning. Sorry. How would I know if we were cloning.
On Tue, Jul 2, 2024 at 2:59 AM Niklas @.***> wrote:
Are you using project cloning by chance?
This bug was fixed in 4.11: #3464 https://github.com/DependencyTrack/dependency-track/issues/3464
— Reply to this email directly, view it on GitHub https://github.com/DependencyTrack/dependency-track/issues/3909#issuecomment-2202607700, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJDMSOTSH7AXNM2SF2MTVALZKJ2WXAVCNFSM6AAAAABKGXRKUKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBSGYYDONZQGA . You are receiving this because you authored the thread.Message ID: @.***>
Yes we are using Cloning. Should we shut this off.
@Sp33dy42 Cloning happens either via /api/v1/project/clone
REST API endpoint, or when using the Add Version functionality in the frontend.
DT versions prior to v4.11 had a bug where the attribution date for findings would not be retained when cloning. Instead they were assigned the current date.
You don't need to stop cloning projects, but you should update your DT installation to benefit from the bugfix.
Thank you so much Niklas!
On Wed, Jul 3, 2024 at 8:37 AM Niklas @.***> wrote:
@Sp33dy42 https://github.com/Sp33dy42 Cloning happens either via /api/v1/project/clone REST API endpoint, or when using the Add Version functionality in the frontend.
DT versions prior to v4.11 had a bug where the attribution date for findings would not be retained when cloning. Instead they were assigned the current date.
You don't need to stop cloning projects, but you should update your DT installation to benefit from the bugfix.
— Reply to this email directly, view it on GitHub https://github.com/DependencyTrack/dependency-track/issues/3909#issuecomment-2206594479, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJDMSOXSP3PPP6P6BIT7MZLZKQLFNAVCNFSM6AAAAABKGXRKUKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBWGU4TINBXHE . You are receiving this because you were mentioned.Message ID: @.***>
Current Behavior
Steps to Reproduce
Expected Behavior
Expected behavior would be for the Attributed On field to update when a vulnerability is matched to a component.
Dependency-Track Version
4.10.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist