{{#unless vars.hide_content}} This Handlebars condition is used to hide content. In release notes, this condition hides content that describes an unreleased patch for a released minor. {{/unless}} This topic contains release notes for Tanzu Application Platform v1.3
Release Date: MONTH DAY, 2022
This release includes the following changes, listed by component and area.
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Supply Chain plug-in:
- Added ability to visualize CVE scan results in the Details pane for both Source and Image Scan stages, as well as scan policy information without using the CLI.
- Added ability to visualize the deployment of a workload as a deliverable in a multicluster environment in the supply chain graph.
- Added a deeplink to view approvals for PRs in a GitOps repository so that PRs can be reviewed and approved, resulting in the deployment of a workload to any cluster configured to accept a deployment.
- Added Reason column to the Workloads table to indicate causes for errors encountered during supply chain execution.
- Added links to a downloadable log output for each execution of the Test and Build stages of the out of the box supply chains to enable more enhanced troubleshooting methods for workloads
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
- Feature 1
- Feature 2
This release has the following breaking changes, listed by area and component.
- Breaking change 1
- Breaking change 2
- Breaking change 1
- Breaking change 2
- Breaking change 1
- Breaking change 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
- Resolved issue 1
- Resolved issue 2
This release has the following known issues, listed by area and component.
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
Scanning Java source code that uses Gradle package manager may not reveal vulnerabilities:
-
For most languages, Source Code Scanning only scans files present in the source code repository. Except for support added for Java projects using Maven, no network calls are made to fetch dependencies. For languages using dependency lock files, such as Golang and Node.js, Grype uses the lock files to check the dependencies for vulnerabilities.
-
For Java using Gradle, dependency lock files are not guaranteed, so Grype uses the dependencies present in the built binaries (
.jaror.warfiles) instead. -
Because VMware does not encourage committing binaries to source code repositories, Grype fails to find vulnerabilities during a Source Scan. The vulnerabilities are still found during the Image Scan after the binaries are built and packaged as images.
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2
- Known issue 1
- Known issue 2