Since 4.11.2 on new project version uploads: [Persist] Insert of object "org.dependencytrack.model.License@57664f9f" using statement "INSERT INTO "LICENSE"

[SaberStrat]

Current Behavior

When successfully (no HTTP error) uploading a BOM of a new project version, created by the Gradle plugin org.cyclonedx.bom version 1.6.1, the apiserver container logs throw this

2024-06-03 06:16:05,093 INFO [BomUploadProcessingTask] Processing CycloneDX BOM uploaded to project: 2cd2ceed-aebd-4eef-856b-4ad20756766a
2024-06-03 06:16:06,151 ERROR [Persist] Insert of object "org.dependencytrack.model.License@57664f9f" using statement "INSERT INTO "LICENSE" ("COMMENT","ISCUSTOMLICENSE","ISDEPRECATED","FSFLIBRE","HEADER","LICENSEID","NAME","ISOSIAPPROVED","SEEALSO","TEMPLATE","TEXT","UUID") VALUES (?,?,?,?,?,?,?,?,?,?,?,?)" failed : ERROR: null value in column "NAME" of relation "LICENSE" violates not-null constraint
  Detail: Failing row contains (707, null, f, f, null, null, null, f, null, null, null, 69677ccb-c13b-4b30-8f4a-f8ab0ea5b9eb, f).
2024-06-03 06:16:06,154 ERROR [BomUploadProcessingTask] Error while processing bom
javax.jdo.JDODataStoreException: Insert of object "org.dependencytrack.model.License@57664f9f" using statement "INSERT INTO "LICENSE" ("COMMENT","ISCUSTOMLICENSE","ISDEPRECATED","FSFLIBRE","HEADER","LICENSEID","NAME","ISOSIAPPROVED","SEEALSO","TEMPLATE","TEXT","UUID") VALUES (?,?,?,?,?,?,?,?,?,?,?,?)" failed : ERROR: null value in column "NAME" of relation "LICENSE" violates not-null constraint
  Detail: Failing row contains (707, null, f, f, null, null, null, f, null, null, null, 69677ccb-c13b-4b30-8f4a-f8ab0ea5b9eb, f).
        at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:605)
        at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:702)
        at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:722)
        at alpine.persistence.AbstractAlpineQueryManager.persist(AbstractAlpineQueryManager.java:427)
        at org.dependencytrack.persistence.ComponentQueryManager.createComponent(ComponentQueryManager.java:348)
        at org.dependencytrack.persistence.QueryManager.createComponent(QueryManager.java:565)
        at org.dependencytrack.tasks.BomUploadProcessingTask.processComponent(BomUploadProcessingTask.java:252)
        at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:178)
        at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:151)
        at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "NAME" of relation "LICENSE" violates not-null constraint
  Detail: Failing row contains (707, null, f, f, null, null, null, f, null, null, null, 69677ccb-c13b-4b30-8f4a-f8ab0ea5b9eb, f).
        at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
        at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
        at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
        at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
        at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
        at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
        at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:155)
        at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61)
        at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java)
        at org.datanucleus.store.rdbms.SQLController.doExecuteStatementUpdate(SQLController.java:463)
        at org.datanucleus.store.rdbms.SQLController.executeStatementUpdateDeferRowCountCheckForBatching(SQLController.java:413)
        at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:532)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
        at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
        at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4591)
        at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2076)
        at org.datanucleus.ExecutionContext.persistObjectInternal(ExecutionContext.java:320)
        at org.datanucleus.store.rdbms.mapping.java.PersistableMapping.setObjectAsValue(PersistableMapping.java:632)
        at org.datanucleus.store.rdbms.mapping.java.PersistableMapping.setObject(PersistableMapping.java:381)
        at org.datanucleus.store.rdbms.fieldmanager.ParameterSetter.storeObjectField(ParameterSetter.java:191)
        at org.datanucleus.state.StateManagerImpl.providedObjectField(StateManagerImpl.java:1939)
        at org.dependencytrack.model.Component.dnProvideField(Component.java)
        at org.dependencytrack.model.Component.dnProvideFields(Component.java)
        at org.datanucleus.state.StateManagerImpl.provideFields(StateManagerImpl.java:2583)
        at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:395)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
        at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
        at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4591)
        at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2076)
        at org.datanucleus.ExecutionContext.persistObjectInternal(ExecutionContext.java:320)
        at org.datanucleus.ExecutionContextImpl.persistObjectWork(ExecutionContextImpl.java:1924)
        at org.datanucleus.ExecutionContextImpl.persistObject(ExecutionContextImpl.java:1785)
        at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:697)
        ... 11 common frames omitted
2024-06-03 06:16:06,158 WARN [Retrieve] Search for object with id "org.dependencytrack.model.Project:3323" using statement "SELECT 1 FROM "PROJECT" "A0" WHERE "A0"."ID" = ?" failed : ERROR: current transaction is aborted, commands ignored until end of transaction block
2024-06-03 06:16:06,158 WARN [General] ExecutionContext closed with active transaction, so rolling back the active transaction
2024-06-03 06:16:06,177 ERROR [LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread
javax.jdo.JDODataStoreException: Search for object with id "org.dependencytrack.model.Project:3323" using statement "SELECT 1 FROM "PROJECT" "A0" WHERE "A0"."ID" = ?" failed : ERROR: current transaction is aborted, commands ignored until end of transaction block
        at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:605)
        at org.datanucleus.api.jdo.JDOPersistenceManager.getObjectById(JDOPersistenceManager.java:1726)
        at alpine.persistence.AbstractAlpineQueryManager.detach(AbstractAlpineQueryManager.java:498)
        at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:230)
        at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:151)
        at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.postgresql.util.PSQLException: ERROR: current transaction is aborted, commands ignored until end of transaction block
        at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
        at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
        at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
        at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
        at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
        at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
        at org.postgresql.jdbc.PgPreparedStatement.executeQuery(PgPreparedStatement.java:137)
        at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeQuery(ProxyPreparedStatement.java:52)
        at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeQuery(HikariProxyPreparedStatement.java)
        at org.datanucleus.store.rdbms.SQLController.executeStatementQuery(SQLController.java:584)
        at org.datanucleus.store.rdbms.request.LocateRequest.execute(LocateRequest.java:290)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.locateObject(RDBMSPersistenceHandler.java:747)
        at org.datanucleus.state.StateManagerImpl.locate(StateManagerImpl.java:1302)
        at org.datanucleus.state.StateManagerImpl.validate(StateManagerImpl.java:5613)
        at org.datanucleus.ExecutionContextImpl.findObject(ExecutionContextImpl.java:3538)
        at org.datanucleus.ExecutionContextImpl.findObject(ExecutionContextImpl.java:2999)
        at org.datanucleus.api.jdo.JDOPersistenceManager.getObjectById(JDOPersistenceManager.java:1721)
        ... 7 common frames omitted
Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "NAME" of relation "LICENSE" violates not-null constraint
  Detail: Failing row contains (707, null, f, f, null, null, null, f, null, null, null, 69677ccb-c13b-4b30-8f4a-f8ab0ea5b9eb, f).
        at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
        at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
        at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
        at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
        at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
        at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
        at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:155)
        at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61)
        at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java)
        at org.datanucleus.store.rdbms.SQLController.doExecuteStatementUpdate(SQLController.java:463)
        at org.datanucleus.store.rdbms.SQLController.executeStatementUpdateDeferRowCountCheckForBatching(SQLController.java:413)
        at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:532)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
        at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
        at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4591)
        at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2076)
        at org.datanucleus.ExecutionContext.persistObjectInternal(ExecutionContext.java:320)
        at org.datanucleus.store.rdbms.mapping.java.PersistableMapping.setObjectAsValue(PersistableMapping.java:632)
        at org.datanucleus.store.rdbms.mapping.java.PersistableMapping.setObject(PersistableMapping.java:381)
        at org.datanucleus.store.rdbms.fieldmanager.ParameterSetter.storeObjectField(ParameterSetter.java:191)
        at org.datanucleus.state.StateManagerImpl.providedObjectField(StateManagerImpl.java:1939)
        at org.dependencytrack.model.Component.dnProvideField(Component.java)
        at org.dependencytrack.model.Component.dnProvideFields(Component.java)
        at org.datanucleus.state.StateManagerImpl.provideFields(StateManagerImpl.java:2583)
        at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:395)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
        at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
        at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
        at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4591)
        at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2076)
        at org.datanucleus.ExecutionContext.persistObjectInternal(ExecutionContext.java:320)
        at org.datanucleus.ExecutionContextImpl.persistObjectWork(ExecutionContextImpl.java:1924)
        at org.datanucleus.ExecutionContextImpl.persistObject(ExecutionContextImpl.java:1785)
        at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:697)
        at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:722)
        at alpine.persistence.AbstractAlpineQueryManager.persist(AbstractAlpineQueryManager.java:427)
        at org.dependencytrack.persistence.ComponentQueryManager.createComponent(ComponentQueryManager.java:348)
        at org.dependencytrack.persistence.QueryManager.createComponent(QueryManager.java:565)
        at org.dependencytrack.tasks.BomUploadProcessingTask.processComponent(BomUploadProcessingTask.java:252)
        at org.dependencytrack.tasks.BomUploadProcessingTask.inform(BomUploadProcessingTask.java:178)
        ... 5 common frames omitted

In the Dependency-Track UI, the project version is shown as unprocessed (empty fields "Last BOM Import", "BOM Format", and no vulnerabilities).

Restarting the apiserver does not help this from happening on new uploads.

Workaround: trigger a Reanalyze manually.

Steps to Reproduce

1. Optional: restart apiserver container
2. Upload new version of a project (though didn't test if this happens on uploads of entirely new projects too, had to roll back to make processing work again) with BOM created by Gradle plugin org.cyclonedx.bom version 1.6.1, and which does not trigger any errors in Dependency-Track <=4.10.1

Expected Behavior

No Errors upon upload of the BOM

Dependency-Track Version

4.11.2

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

13.2.0

Browser

Google Chrome

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[nscuro]

Confirmed, will push out a fix ASAP.

This only affects the old BOM processing task though. You can enable the new one in the settings (Experimental -> BOM Processing V2), or alternatively roll back to 4.11.1 in the meantime.

[nscuro]

v4.11.3 is out, apologies for the inconvenience.

https://github.com/DependencyTrack/dependency-track/releases/tag/4.11.3

[SaberStrat]

Thank you for the lightning fast reaction!

I rolled back to .1. Didn't want to switch to BOM Processing v2 because of its experimental nature yet. Oh well ;)

I'll try .3 later today.

[SaberStrat]

Looking good, no error upon upload anymore.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.