Release Notes 6.2
Version 6.2.1 Nov 16, 2020
Resolved issue
Resolved an issue where the proxy settings were not being used in connections to Jira Cloud and Jira Server.
Version 6.2.0 Oct 2, 2020
New features
Added a View column to the Task Management screen to enable users to click the icon on a specific row to view task details.
Added Azure Boards Channel in Alert, which enables the creation of Work Items in Azure, which are based on Black Duck notifications.
Added hostname value to
values.ymlfile for deploying Alert using Helm.Alert now adds issue links in Black Duck for issues that are created through Alert's issue tracking channels such as Jira Cloud and Azure. The issue links in Black Duck provide an easy way to find Alert-created issues for specific BOM Components.
These links can be found in Black Duck Project BOMs that have at least one component for which:
Alert has created an Issue Tracking Channel issue.
Alert has created/updated an Issue Tracking Channel issue for the component since upgrading Alert to version 6.2.0.
Changed features
Only policy rules that are enabled in Black Duck will be listed as filterable options in distribution jobs.
Moved the Provider Configuration Name field under the Provider Type field.
Improved error messaging for when Jira ticket creation/transition fails because the status category is not set appropriately in Jira.
Added warning message when transition fields are not populated by the user in a distribution job that is configured for Jira Cloud or Jira Server.
In a distribution job, disabled policies are no longer available for selection in the Policy Notification Type Filter.
The Summary processing type is removed as an option in the user interface when you create a Distribution Job for the issue tracker channels such as Jira Cloud, Jira Server, or Azure Boards. Using the Summary processing type with the issue tracker channels will result in unexpected behavior with the issues that are created.
Resolved issues
Resolved an issue that blocked Azure AD SAML configuration.
Resolved an issue wherein errors that occurred with Jira issue creation when using Test Configuration in Alert Distribution screen are not shown to users.
Resolved an issue with the volume mount path in the Helm chart for the PostgreSQL database to preserve data.
Version 6.1.1 Sep 30, 2020
Resolved issues
Resolved an issue with the volume mount path in the Helm chart for the PostgreSQL database to preserve data.
Version 6.1.0 Aug 7, 2020
New features
Select fields that contain a select button and display a table, now have a clear button to remove all the selections from the field, which makes it easier to reset the field and be able to change the selection to a subset of all the possible values.
Resolved issues
Resolved a consistency issue with date-time fields in the Audit table.
The format is now as follows: yyyy/MM/dd HH:mm:ss
For example 2020/06/10 12:33:17Updated tooltip text in the Jobs table.
Resolved an issue wherein the configured Provider information is not displayed on the About screen when a user is logged with the Alert user role.
Resolved an issue with misaligned text on the certificate import screen.
Resolved issues with testing the configuration and saving the Global Configurations for email, Jira Cloud, and Jira Server channels when adding or editing a provider configuration.
Resolve an issue with text-overflow on the Audit page.
Resolved an issue wherein a custom role that was created with all global permissions and no distribution level permissions had no navigation and the About screen information was minimal.
Resolved an issue wherein testing a Black Duck Provider Configuration did not display an error message in the modal when Black Duck was not connected.
Resolved an issue wherein the Select and Clear buttons were overflowing the screen area when a long name was added to the Projects field on the Job Distribution screen.
Changed features
Improved the 404 error messaging that occurs when the message is about the marketplace listing of the Alert Issue Property Indexer app not supporting your version of Jira.
Improved the 403 error messages in the user interface, depending on the action you are attempting in the user interface, for example, ‘you are not permitted to view its information’ or 'you are not permitted to perform this action'.
Moved the Provider Configuration field under the Provider Type field in the Distribution Job screen.
Version 6.0.2 Sep 30, 2020
Resolved issues
Resolved an issue with the volume mount path in the Helm chart for the PostgreSQL database to preserve data.
Version 6.0.1 Jul 1, 2020
Resolved issues
Resolved an issue wherein renaming a Provider Configuration did not update the Distribution jobs configured for it properly.
Version 6.0.0 Jun 5, 2020
New features
Added the Certificates page to enable Alert users to manage certificates.
Added the option to enable or disable providers and to provide a unique name for the provider configuration.
Added the Enabled checkbox to enable/disable the use of the provider, and the Provider Configuration name field to the Provider page.
Added new field to the Distribution screen, where users can select a specific Provider Configuration by name for the distribution job.
The Provider Configuration name field is added to the CSV file attachment for emails.
Added the capability to add multiple Black Duck provider configurations on the Black Duck provider screen.
Added the Task Management page that shows data about the tasks that are currently running within the Alert system.
Added a SAML and LDAP configuration test capability to the authentication screen that enables users to test the configuration.
Added capability in Alert to connect to an external PostgreSQL database, which can be configured in the Alert YAML file.
Added a hyperlink to the project field in Alert notifications that links to the project in Black Duck.
Changed features
Several LDAP and SAML environment variables that start with: ALERT_COMPONENT_SETTINGS_SETTINGS_... are no longer supported and have changed to ALERT_COMPONENT_AUTHENTICATION_SETTINGS_..., for example, ALERT_COMPONENT_SETTINGS_SETTINGS_LDAP_SERVER has changed to ALERT_COMPONENT_AUTHENTICATION_SETTINGS_LDAP_SERVER.
The environment variables: PUBLIC_HUB_WEBSERVER_HOST and PUBLIC_HUB_WEBSERVER_PORT are removed from Alert and have been replaced by ALERT_HOSTNAME and ALERT_PORT.
The volumes for the Alert container and the new AlertDB container must point to the same location.
The minimum compatible Black Duck version for Alert 6.0.0 and later is 2019.12.0.
The Format field name in the distribution job configuration is renamed as Processing.
The memory default value configured in the deployment files is changed from 512M to 640M to enable a better distribution between machine and application.
Removed the deployment files for Docker Compose because Black Duck no longer supports Docker Compose.
Added two new environment variables that are used to configure the Black Duck Provider.
Removed the environment override variable.
Added a new LDAP, SAML, and password reset environmental variables.
Alert only supports TLS 1.2 and 1.3.
Alert no longer creates a backup.zip of the database on startup, because it now uses a separate PostgreSQL database.
Resolved issues
Resolved an issue wherein users were unable to add security contexts in Alert 5.1.0 by adding the capability to add security contexts for Alert.
Version 5.3.2
Resolved issues
Resolved an issue with Alert checking that the Alert Issue Property Indexer is installed on the Jira server.
Version 5.3.1
Resolved issues
Resolved an issue wherein a null pointer exception occurred when trying to connect to Jira from Alert.
Resolved an issue wherein users could not log in to Alert as an LDAP user when LDAP authentication was configured in Alert.
Made improvements in retrieving the severities of vulnerabilities that helps to prevent null pointer exceptions (NPE).
Version 5.3.0
New features
Added a Delete button to the Black Duck Provider and Channels that enables the deletion of global configurations from the Alert server.
You can now add CSV, JSON, or XML attachments to your email distributions.
Added the Enabled column to the Distribution table that displays a checkmark or an x to show the enabled state of the job.
When using Black Duck as the provider, new notification filtering options are available. Policies can now be filtered by policy name, and vulnerabilities can be filtered by severity.
Added functionality to specify types of access for each user role.
Added functionality to create custom roles.
Added user management feature to the Alert user interface, which you use to add, remove, and modify Alert users, and to edit roles and their permissions.
You can update the passwords for the sysadmin, Job Manager, and Alert user default users in the User Management section.
Added error messaging to notify users about missing global configuration in channels when you create new distribution jobs or open existing distribution jobs in Alert.
A required field symbol (red asterisk) has been added to fields that require input.
Changed features
Distribution jobs can now be enabled or disabled.
Added messaging improvements for channels.
You can edit rows in the Users/Roles table by double-clicking the selected row.
The distribution jobs now display the name in red with a warning icon in the table when there are validation errors.
Moved the default system administration settings from Settings to User Management.
Improved messaging for users who log in with insufficient credentials to view the application.
When changing a user password, you are prompted to confirm the password in the Confirm Password field.
User roles from external systems such as LDAP and SAML, are added to the current role configuration in the Alert database for the logged-in user.
Resolved issues
Resolved an issue wherein providing a webhook with an incorrect URL (Slack and MS Teams) returns no error or success shown in the job, and a stack trace printed to the Alert log.
Resolved an issue wherein the Jira Project field in distribution jobs only accepted the name of the Jira project but not the key.
Version 5.2.3
Resolved Issues
Resolved issue wherein users could not turn off comments in issues that were created in Jira Cloud and Jira Server; the issue description is now truncated to fit the allowed length of the Jira description field if add comments is unselected and no additional comments are added.
Resolved an issue wherein a 404 error message that was generated when attempting to add a comment in a Jira Cloud issue; Alert now logs the error that occurred and continues processing.
Version 5.2.2
Resolved Issues
Resolved an issue that occurred when Jira Cloud changed the expected payload for creating an issue.
Version 5.2.1
Resolved Issues
Resolved an issue wherein users couldn't disable SAML so that they could log into Alert using the administrator account.
Version 5.2.0
New features
Added jobmanager and alertuser as default users.
Added the Jira Server channel.
A last modified timestamp displays when clicking Save for any configuration provider, channel, or distribution configuration.
Changed features
All authentication functionality is now moved from Settings to the Authentication section.
Alert now sends notification emails even if an asterisk is included in the notification target project name in the Distribution job.
LDAP, SAML, and User Management settings can be expanded or collapsed.
Added support for Jira 8.x.
Several environment variables from ALERT_COMPONENT_SETTINGS_SETTINGS_... have moved to ALERT_COMPONENT_AUTHENTICATION_SETTINGS_..., The old environment variables are supported until Alert version 6.0.0.
Resolved issues
Resolved an issue wherein the wrong email addresses may be used for a project.
Resolved issue with Alert becoming unhealthy when Black Duck project names were over 255 characters long by increasing the maximum length of project names accepted by Alert.
Version 5.1.0
New features
Added a checkbox in the email channel for using only the additional email addresses.
Slack now displays in the Global channel section to show that it is available for use. It does not require configuration.
The descriptor configuration is now logged at startup.
Added vulnerability information to security-related policy notifications, including remediation content.
Tables that require you to select data; for example, the Project distribution table, are now replaced with a new type of field that hides the table and loads the data after you select the button to add data.
Added Project and Project Version notification types.
Added support for Microsoft teams.
Usage information is now included in Black Duck-related notifications.
Alert now accepts XML metadata files for SAML/SSO settings configurations.
Added functionality for adding or removing uploaded metadata files.
Added user role management, so that you can manually map LDAP users to Alert user roles. This contains the ability to customize or override the group names.
Added the Projects table project selection options when creating a new distribution job.
Changed features
The About screen is now accessed from the Alert logo, and contains your configuration information and your Alert version.
Double-clicking a row in the Distribution table now opens the edit page.
The Notification column in the Distribution and Audit tables no longer displays icons; instead, descriptive text displays.
Summary messages now specify that they are in the summary format.
Messages are now condensed.
The alert.templates.dir property and the ALERT_TEMPLATES_DIR environment variable are now deprecated.
Removed all non-functional, visual-only icons.
Additional email addresses now display only after the provider is selected.
The Send Message dialog box now enables you to send customized messages and subject lines when testing new distribution jobs.
Resolved issues
Resolved an issue wherein installing Alert inside Black Duck may cause a 502 error.
Resolved an issue wherein deploying Alert inside Black Duck with custom certificates may fail.
Resolved an issue wherein the ALERT_ALWAYS_TRUST_CERT environment variable was not being used when checking for updates.
Resolved an issue where importing a custom certificate could result in an error of PKIX path building failed.
Version 5.0.3
Resolved Issues
Resolved an issue that prevented the removal of old notification data from the database.
Version 5.0.2
Resolved Issues
Resolved an issue wherein users couldn't disable SAML so that they could log into Alert using the administrator account.
Version 5.0.0
New features
You can now copy an existing distribution job. Therefore, you are no longer required to re-enter the same distribution job data.
Added support for Jira Cloud as a channel.
The default format collapses similar items for easier viewing.
Added support for BOM edit notifications.
Added support for installing the plugin remotely.
Tickets can now be created based on Black Duck notifications.
Added a new distribution job type for JIRA Cloud.
Emails sent from Alert now feature a clickable link in the header to return you to Alert, and includes a footer with the Alert server URL.
Added cloud environment variables.
An automatic backup of the database is now performed. A zip file of the database is created every time prior to starting the Alert process.
Changed features
Changed Include All Projects to Filter By Project.
Alert now assigns the configured user to the Black Duck projects configured in the jobs.
Removed the Reset Password button.
Ended support for HipChat.
Existing tickets are automatically updated with status changes.
Updated Alert host name environment variables.
Added remediation information to regular vulnerability notification ComponentItems.
Deployment files now have updated environment variables.
Changed name of the secret salt encryption file.
Resolved issues
Resolved an issue wherein Alert was reporting availability of a newer version when the newer version was the same as the current instance.
Resolved an issue wherein the Alert server shown in update emails contained the wrong port number.
Version 4.2.0
New features
Added Alert sensitive data storage options.
When a new version of Alert is available, a Warning system message displays informing you that there is a new version available.
Added new user roles.
Black Duck default and digest messages now include component links to filtered listings depending on the selected component.
Added SAML authentication.
Added new variables for SAML.
Changed features
Save and Cancel buttons for Email and Settings now remain in a fixed position; scrolling to the bottom to access these is no longer required.
In the channel output, Black Duck policy entries now display their severity next to the name if the severity is set for that policy in Black Duck.
The plugin now sorts the vulnerabilities listed by severity from high to low in all channels.
Removed the Policy link from the email output.
Added new summary format.
Improved the Alert digest options.
Improved component/version linking in email distributions.
Resolved issues
Policy information now combines duplicates info into a single message when possible.
Resolved an issue wherein some Slack messages, based on size, may be split into multiple messages by the Slack server.
Version 4.1.0
New features
For each field in the user interface with description text, a help icon displays at the right of that field label. Clicking the help icon displays the description until you click elsewhere.
You can now delete global configurations if all fields are empty.
If the global configuration of a provider is cleared, then the related tasks that pull data from those providers is cancelled.
Renamed from Black Duck Alert to Synopsys Alert.
Changed features
The field Collecting Black Duck notifications in is now changed to Collecting Provider data in, and the field Notification Purge Frequency is changed to Data Purge Frequency.
Slack and HipChat distribution jobs now validate the Project Name Pattern field to verify that the pattern matches at least one existing project.
Improved the process for running Alert and Black Duck in the same deployment.
The Slack code limit notification now includes a link to the server referenced in the notification.
Resolved issues
Resolved an issue wherein global configuration processes may be running without global process configurations being set up.
Resolved an issue wherein background tasks were stuck waiting for other tasks to finish before executing.
The next run time now correctly rounds to the nearest minute to resolve the extra minute issue that was happening.
Resolved an issue wherein code limit emails may not have been sent.
Deleting a provider configuration now deletes all of that provider's projects from the database until that provider is recreated.
Resolved an issue wherein Alert does not send an email notification if the project names contain commas.
Resolved an issue wherein the project information was not being updated in the Alert database.
Version 4.0.0
Changed features
Added support for Java v.11.0.
The provider timeout now supports decimals and displays timeout in seconds.
Improved and expanded Audit table functionality.
Added support for CFSSL container version 4.7.0.
Improved error messaging for Distribution configuration.
Improved text length limits for configuration fields, which can now handle up to 511 characters.
Invalid email addresses are now logged as warnings and ignored prior to sending.
Improved the job deletion confirmation which now displays complete information about jobs selected for deletion.
Added new properties for configurable values and new fields.
Resolved issues
Resolved an issue wherein reading the common configuration may prevent displaying of the job configuration.
Resolved an issue wherein clicking Show Advanced in the email channel may erase all entered values.
Resolved an issue wherein testing the email configuration test messages with invalid SMTP resulted in no action.
Resolved an issue wherein information may have been missing in the Audit page.
Resolved an issue wherein failing to provide an encryption password or SALT will not set the password fields.
Resolved an issue wherein Black Duck Alert may not function properly with Black Duck when project names contain greater than 255 characters.
Resolved an issue occurring when upgrading from Alert version 2.0.0 to version 3.0.0.
Resolved an issue wherein affirmation messages on the email channel remain on screen, even after navigating away.
Resolved an issue with the daily digest wherein removing the policy violation alert lists the last type as DELETE rather than omitting the policy notification.
Resolved an issue wherein global configuration processes may be running without global process configurations being set up.
New features
Alert now authenticates through LDAP.
Users can authenticate as the default administrator user.
Email notifications are now sent to Black Duck administrators to inform them of the percentage of reaching their code limit.
Added a new setup menu to configure the required data for Alert.
Added Environment Variables Override setup option.
You can now reset the administrator password from the login screen.
Known issues
There is a known issue with sending LICENSE_LIMIT notification data over email. The LICENSE_LIMIT notification data is not sent over email; it appears in Slack and HipChat channels.
Version 3.1.0
Changed features
Alert now displays the message Missing global configuration where appropriate when setting up HipChat distribution jobs.
HipChat Test Configuration now opens a dialog box for a test room for sending test messages to validate your HipChat configuration.
Email Test Configuration now opens a dialog box for a test email address for sending test messages to validate your email configuration.
Resolved issues
Resolved an issue wherein the audit table search was case-sensitive; this search is now case-insensitive.
Resolved an issue wherein components with multiple origins may display duplicate linked items.
Resolved an issue wherein proxy settings for email servers may not always function as expected.
Resolved an issue wherein the component name may be missing from the output of policy rule violation messages.
Resolved an issue wherein multiple policies attached to a single project may link violations to incorrect policies.
Resolved an issue wherein the Black Duck Alert emails may not contain the component name.
New features
Configuration errors now display on the login screen.
If stored variable and credentials are missing, a form displays at login for completing the missing items.
Alert can now send notifications about projects matching a regular expression.
Environment variables now take precedence over settings in the user interface.
Version 3.0.0
Changed features
Updated Black Duck Alert properties and environment variables.
Can now send alerts to individual users or to all members of a project.
Alert no longer sends emails to a group specified in the distribution job; instead it now sends emails to the users/groups assigned to the projects configured in the job.
The Distribution job provider now defaults to Black Duck.
Resolved issues
Resolved an issue wherein the browse was caching the API key when saving.
Resolved an issue wherein Template Exceptions errors were thrown when dealing with versionless components.
Resolved an issue wherein the distribution jobs fields may not retain changes.
Resolved an issue wherein editing a distribution job while auto-refresh is enabled may remove edits and changes to the job.
Resolved an issue wherein the Audit table may not have been correctly displaying the audit data.
Resolved an issue wherein required properties for the SchedulingConfiguration component (purgeDataFrequencyDays and dailyDigestHourOfDay) were not being set and causing UI errors.
Resolved an issue wherein the UI may request an incorrect page size and page number when using the Search function in the Audit table.
Resolved an issue wherein some group roles were not allowing access to the Alert user interface.
Resolved an issue wherein the Audit table pages may not be updating correctly.
Resolved an issue with the environment variables in the deployment files.
Resolved an issue wherein the browser was caching the API key.
New features
Added an About menu in the user interface.
Added links to the vulnerability record on the Hub from the email generated by Alert.
Direct links are now included in notification emails.
Alert now acquires the severity of each vulnerability and adds it to the list of linkable items displaying the severity of the notifications in the channel.
Added new properties for HipChat, scheduling, and required properties.
Version 2.1.0
Changed features
In the *.yml file, the user was previously hubalert. This is now updated to the user name alert.
Resolved issues
Resolved an issue wherein the Audit table search bar and table sorting were not functioning as expected.
Resolved an issue wherein the Audit table search function may request an incorrect page size and page number.
Resolved an issue wherein the Audit table pages were not updating as expected.
Resolved an issue wherein the high vulnerability email generated by Alert contains repetitions of the same data.
Resolved an issue with the SchedulingConfiguration component in the user interface.
Resolved an issue wherein enabling auto-refresh did not persist between pages.
Resolved an issue wherein some group roles were not allowing access to the Alert user interface.
Version 2.0.1
Changed features
Resolved an issue wherein after upgrading from Alert version 1.0.0 to version 2.0.0, the distribution jobs may have been broken.
Version 2.0.0
Changed features
The hub-alert.env file is renamed to blackduck-alert.env.
The container name is renamed from hub-alert to blackduck-alert. You can find it in Docker Hub as blackduck-alert.
New features
Added support for Kubernetes.
Added support for Docker Swarm.
Added a new universal channel controller.
Version 1.1.0
Resolved issues
Resolved an issue involving multiple Slack notifications.
Resolved an issue wherein the Notification Types field was not filtering the notifications sent using email, Slack, or HipChat.
Resolved an issue wherein a single new vulnerability could result in nine identical changes in Slack notifications.
Resolved an issue wherein a null pointer exception (NPE) could occur when adding components to jobs having their distributions removed.
Resolved an issue wherein selecting multiple projects does not work if a single project is de-selected.
Resolved an issue wherein the HipChat distribution Notify checkbox may not create HipChat notifications.
Resolved an issue with the audit stack trace display.
Resolved an issue wherein the Test Configuration button may not always work as expected.
New features
Added support for nginx.
Added support for using Alert in a Hub SaaS environment.
Added support for self-hosted HipChat environments.
Added support for configuring logging levels for debugging issues.
The Alert version now displays in the user interface.
Version 1.0.0
First release of product.
©2018 Synopsys, Inc. All Rights Reserved