You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Bouncy Castle project (ie, multiple components) released 1.80 on 14th January 2025. Two weeks ago at time of writing.
Dependency-Track is still reporting that the latest release is 1.79 for some (but not all) components....
@nscuro observed on 28th January that Maven Central reports 1.80 (well, if it did not then I would have failed in my upgrade to 1.80 that is shown in the above screenshot):
Upload component pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.77?type=jar to a project
Check what version DT reports for latest version.
Expected Behavior
Latest version for components should be correct, updating to new values within a couple of hours of (say) Maven Central making a new version available.
Majority of this work is to figure out why we're being served outdated data, specifically when requesting it via DT. The fact that it's reproducible in a unit test suggests that it's not related to caching or similar.
Current Behavior
The Bouncy Castle project (ie, multiple components) released 1.80 on 14th January 2025. Two weeks ago at time of writing.
Dependency-Track is still reporting that the latest release is 1.79 for some (but not all) components....
@nscuro observed on 28th January that Maven Central reports 1.80 (well, if it did not then I would have failed in my upgrade to 1.80 that is shown in the above screenshot):
https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15to18/maven-metadata.xml
...and, for an example
pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.77?type=jar
, DT unit tests (no caching) see:...with this response header from Central:
Steps to Reproduce
pkg:maven/org.bouncycastle/bcprov-jdk15to18@1.77?type=jar
to a projectExpected Behavior
Latest version for components should be correct, updating to new values within a couple of hours of (say) Maven Central making a new version available.
Dependency-Track Version
4.12.3
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
14.12
Browser
Mozilla Firefox
Checklist
The text was updated successfully, but these errors were encountered: