From 8bf4664dfdb090626ce31e4abc267a82d3ce0b81 Mon Sep 17 00:00:00 2001 From: nscuro Date: Fri, 18 Feb 2022 09:37:00 +0100 Subject: [PATCH] Fix v440Updater for MSSQL The `NAME` column of the `PERMISSION` table has a `UNIQUE` constraint, using `TOP` or `LIMIT` is thus not necessary to get only a single result. Signed-off-by: nscuro --- docs/_posts/2022-xx-xx-v4.4.1.md | 32 +++++++++++++++++++ .../upgrade/v440/v440Updater.java | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 docs/_posts/2022-xx-xx-v4.4.1.md diff --git a/docs/_posts/2022-xx-xx-v4.4.1.md b/docs/_posts/2022-xx-xx-v4.4.1.md new file mode 100644 index 0000000000..5fdbff6905 --- /dev/null +++ b/docs/_posts/2022-xx-xx-v4.4.1.md @@ -0,0 +1,32 @@ +--- +title: v4.4.1 +type: patch +--- + +**Features:** + +* **Fixes:** +* Resolved defect where the automatic upgrade failed on Microsoft SQL Server databases + +**Security:** + +**Upgrade Notes:** +* For MSSQL users only: If an upgrade to v4.4.0 was previously attempted and no rollback was performed yet, + the following SQL statement must be executed before launching v4.4.1: `DELETE FROM "PERMISSION" WHERE "NAME" = 'VIEW_VULNERABILITY'` + +###### dependency-track-apiserver.war + +| Algorithm | Checksum | +| SHA-1 | | +| SHA-256 | | + +###### dependency-track-bundled.war + +| Algorithm | Checksum | +| SHA-1 | | +| SHA-256 | | + +###### Software Bill of Materials (SBOM) ###### + +[bom.json](https://github.com/DependencyTrack/dependency-track/releases/download/4.4.1/bom.json) +[bom.xml](https://github.com/DependencyTrack/dependency-track/releases/download/4.4.1/bom.xml) diff --git a/src/main/java/org/dependencytrack/upgrade/v440/v440Updater.java b/src/main/java/org/dependencytrack/upgrade/v440/v440Updater.java index 1f547b120f..5674e11cba 100644 --- a/src/main/java/org/dependencytrack/upgrade/v440/v440Updater.java +++ b/src/main/java/org/dependencytrack/upgrade/v440/v440Updater.java @@ -16,7 +16,7 @@ public class v440Updater extends AbstractUpgradeItem { private static final Logger LOGGER = Logger.getLogger(v440Updater.class); private static final String STMT_1 = "INSERT INTO \"PERMISSION\" (\"NAME\", \"DESCRIPTION\") VALUES (?, ?)"; - private static final String STMT_2 = "SELECT \"ID\" FROM \"PERMISSION\" WHERE \"NAME\" = ? LIMIT 1"; + private static final String STMT_2 = "SELECT \"ID\" FROM \"PERMISSION\" WHERE \"NAME\" = ?"; private static final String STMT_3 = "SELECT \"u\".\"ID\" FROM \"MANAGEDUSER\" AS \"u\" INNER JOIN \"MANAGEDUSERS_PERMISSIONS\" AS \"up\" ON \"up\".\"MANAGEDUSER_ID\" = \"u\".\"ID\" WHERE \"up\".\"PERMISSION_ID\" = %d"; private static final String STMT_4 = "INSERT INTO \"MANAGEDUSERS_PERMISSIONS\" (\"MANAGEDUSER_ID\", \"PERMISSION_ID\") VALUES (?, ?)"; private static final String STMT_5 = "SELECT \"u\".\"ID\" FROM \"LDAPUSER\" AS \"u\" INNER JOIN \"LDAPUSERS_PERMISSIONS\" AS \"up\" ON \"up\".\"LDAPUSER_ID\" = \"u\".\"ID\" WHERE \"up\".\"PERMISSION_ID\" = %d";