You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After upgrading from 4.5.0 to 4.11.5, I see a large amount of NPEs in NistMirrorTask. I have verified that "Enable mirroring via API" is unchecked in admin panel. Any suggestions to get past this error. Don't want to make it worse.
Further Update: I wiped all volumes and just ran a new install of 4.11.5 and the NPEs have disappeared. This does appear to be upgrade related. The only issue is I lose all my old projects, etc so it's not a solution.
Update: I tried enabling the REST API and there was no difference. Also went through and upgraded 4.5.0 -> 4.7.0 -> 4.11.0 and 4.11.5 with same results.
apiserver-1 | 2024-07-30 19:38:06,448 INFO [NistApiMirrorTask] CVEs were not previously mirrored via NVD API; Will mirror all CVEs
apiserver-1 | 2024-07-30 19:38:08,718 ERROR [NistApiMirrorTask] An unexpected error occurred while processing CVE-1999-0095
apiserver-1 | java.lang.NullPointerException: Cannot invoke "java.util.List.stream()" because the return value of "org.dependencytrack.model.VulnerableSoftware.getAffectedVersionAttributions()" is null
apiserver-1 | at org.dependencytrack.tasks.AbstractNistMirrorTask.lambda$synchronizeVulnerableSoftware$5(AbstractNistMirrorTask.java:133)
apiserver-1 | 2024-07-30 13:54:49,270 ERROR [NistMirrorTask] An unexpected error occurred while processing CVE-2021-0263
apiserver-1 | java.lang.NullPointerException: Cannot invoke "java.util.List.stream()" because the return value of "org.dependencytrack.model.VulnerableSoftware.getAffectedVersionAttributions()" is null
apiserver-1 | at org.dependencytrack.tasks.AbstractNistMirrorTask.lambda$synchronizeVulnerableSoftware$5(AbstractNistMirrorTask.java:133)
apiserver-1 | at org.dependencytrack.persistence.QueryManager.lambda$runInTransaction$1(QueryManager.java:1440)
apiserver-1 | at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1464)
apiserver-1 | at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1439)
apiserver-1 | at org.dependencytrack.tasks.AbstractNistMirrorTask.synchronizeVulnerableSoftware(AbstractNistMirrorTask.java:73)
apiserver-1 | at org.dependencytrack.tasks.NistMirrorTask.processVulnerability(NistMirrorTask.java:410)
apiserver-1 | at org.dependencytrack.parser.nvd.NvdParser.parseCveItem(NvdParser.java:232)
apiserver-1 | at org.dependencytrack.parser.nvd.NvdParser.parse(NvdParser.java:105)
apiserver-1 | at org.dependencytrack.tasks.NistMirrorTask.uncompress(NistMirrorTask.java:384)
apiserver-1 | at org.dependencytrack.tasks.NistMirrorTask.doDownload(NistMirrorTask.java:350)
apiserver-1 | at org.dependencytrack.tasks.NistMirrorTask.getAllFiles(NistMirrorTask.java:218)
apiserver-1 | at org.dependencytrack.tasks.NistMirrorTask.inform(NistMirrorTask.java:196)
apiserver-1 | at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
apiserver-1 | at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
apiserver-1 | at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
apiserver-1 | at java.base/java.lang.Thread.run(Unknown Source)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
After upgrading from 4.5.0 to 4.11.5, I see a large amount of NPEs in NistMirrorTask. I have verified that "Enable mirroring via API" is unchecked in admin panel. Any suggestions to get past this error. Don't want to make it worse.
Further Update: I wiped all volumes and just ran a new install of 4.11.5 and the NPEs have disappeared. This does appear to be upgrade related. The only issue is I lose all my old projects, etc so it's not a solution.
Update: I tried enabling the REST API and there was no difference. Also went through and upgraded 4.5.0 -> 4.7.0 -> 4.11.0 and 4.11.5 with same results.
apiserver-1 | 2024-07-30 19:38:06,448 INFO [NistApiMirrorTask] CVEs were not previously mirrored via NVD API; Will mirror all CVEs
apiserver-1 | 2024-07-30 19:38:08,718 ERROR [NistApiMirrorTask] An unexpected error occurred while processing CVE-1999-0095
apiserver-1 | java.lang.NullPointerException: Cannot invoke "java.util.List.stream()" because the return value of "org.dependencytrack.model.VulnerableSoftware.getAffectedVersionAttributions()" is null
apiserver-1 | at org.dependencytrack.tasks.AbstractNistMirrorTask.lambda$synchronizeVulnerableSoftware$5(AbstractNistMirrorTask.java:133)
Beta Was this translation helpful? Give feedback.
All reactions