You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While working on supporting Drupal vulnerabilities from Composer repositories in DT, I stumbled upon a VulnerableVersions value exceeding 255 characters.
javax.jdo.JDOFatalUserException: Attempt to store value ">=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<9.0.0|>=9.0.0,<9.1.0|>=9.1.0,<9.2.0|>=9.2.0,<9.3.0|>=9.3.0,<9.4.0|>=9.4.0,<9.5.0|>=9.5.0,<10.0.0|>=10.0.0,<10.1.0|>=10.1.0,<10.1.8|>=10.2.0,<10.2.2" in column "VULNERABLEVERSIONS" that has maximum length of 255. Please correct your data!
at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:681)
at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:702)
at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:722)
at alpine.persistence.AbstractAlpineQueryManager.lambda$persist$1(AbstractAlpineQueryManager.java:316)
at alpine.persistence.Transaction.call(Transaction.java:139)
at alpine.persistence.AbstractAlpineQueryManager.callInTransaction(AbstractAlpineQueryManager.java:542)
at alpine.persistence.AbstractAlpineQueryManager.callInTransaction(AbstractAlpineQueryManager.java:553)
at alpine.persistence.AbstractAlpineQueryManager.persist(AbstractAlpineQueryManager.java:316)
at org.dependencytrack.persistence.VulnerabilityQueryManager.createVulnerability(VulnerabilityQueryManager.java:81)
at org.dependencytrack.persistence.VulnerabilityQueryManager.lambda$59(VulnerabilityQueryManager.java:166)
at alpine.persistence.Transaction.call(Transaction.java:139)
at alpine.persistence.AbstractAlpineQueryManager.callInTransaction(AbstractAlpineQueryManager.java:542)
at alpine.persistence.AbstractAlpineQueryManager.callInTransaction(AbstractAlpineQueryManager.java:553)
at org.dependencytrack.persistence.VulnerabilityQueryManager.synchronizeVulnerability(VulnerabilityQueryManager.java:162)
at org.dependencytrack.persistence.QueryManager.synchronizeVulnerability(QueryManager.java:802)
at org.dependencytrack.tasks.ComposerAdvisoryMirrorTask.updateDatasource(ComposerAdvisoryMirrorTask.java:155)
at org.dependencytrack.tasks.ComposerAdvisoryMirrorTask.retrieveAdvisories(ComposerAdvisoryMirrorTask.java:134)
at org.dependencytrack.tasks.ComposerAdvisoryMirrorTask.inform(ComposerAdvisoryMirrorTask.java:90)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: org.datanucleus.exceptions.NucleusUserException: Attempt to store value ">=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.8.0|>=8.8.0,<8.9.0|>=8.9.0,<9.0.0|>=9.0.0,<9.1.0|>=9.1.0,<9.2.0|>=9.2.0,<9.3.0|>=9.3.0,<9.4.0|>=9.4.0,<9.5.0|>=9.5.0,<10.0.0|>=10.0.0,<10.1.0|>=10.1.0,<10.1.8|>=10.2.0,<10.2.2" in column "VULNERABLEVERSIONS" that has maximum length of 255. Please correct your data!
at org.datanucleus.store.rdbms.mapping.column.CharColumnMapping.setString(CharColumnMapping.java:253)
at org.datanucleus.store.rdbms.mapping.java.SingleFieldMapping.setString(SingleFieldMapping.java:202)
at org.datanucleus.store.rdbms.fieldmanager.ParameterSetter.storeStringField(ParameterSetter.java:158)
at org.datanucleus.state.StateManagerImpl.providedStringField(StateManagerImpl.java:1927)
at org.dependencytrack.model.Vulnerability.dnProvideField(Vulnerability.java)
at org.dependencytrack.model.Vulnerability.dnProvideFields(Vulnerability.java)
at org.datanucleus.state.StateManagerImpl.provideFields(StateManagerImpl.java:2583)
at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:395)
at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4591)
at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2077)
at org.datanucleus.ExecutionContext.persistObjectInternal(ExecutionContext.java:320)
at org.datanucleus.ExecutionContextImpl.persistObjectWork(ExecutionContextImpl.java:1925)
at org.datanucleus.ExecutionContextImpl.persistObject(ExecutionContextImpl.java:1786)
at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:697)
... 20 common frames omitted
Expected Behavior
The field is used to detect changes in vulnerabilities during mirroring, so we can't just truncate the values.
I guess we should extend the column to 1024? Or change it to a CLOB?
Current Behavior
While working on supporting Drupal vulnerabilities from Composer repositories in DT, I stumbled upon a VulnerableVersions value exceeding 255 characters.
Steps to Reproduce
It will generate an obvious exception:
Expected Behavior
The field is used to detect changes in vulnerabilities during mirroring, so we can't just truncate the values.
I guess we should extend the column to 1024? Or change it to a CLOB?
Dependency-Track Version
4.13.0-SNAPSHOT
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist
The text was updated successfully, but these errors were encountered: