Fixed issues

(HUB-34996, HUB-44573). Fixed an issue where the Affected Projects section of the vulnerability details page could fail to load in the UI when a vulnerability was linked to a high number of projects. The underlying API query has been optimized to improve performance, preventing timeouts and ensuring the page loads successfully even for widely shared vulnerabilities.

(HUB-42633). Optimized the response time for affected-bom-components API endpoint.

(HUB-42732). Fixed an issue where policy override comments where not properly recorded in the Project Version activity when using the Override All option. Users can now enter individual comments and override expiration per each policy rule.

(HUB-43377). Fixed an issue where the Reset Adjustment function might not work for manually adjusted entries on the Source page.

(HUB-43846, HUB-43862). Improved error handling to prevent the creation of circular references. The system now detects and blocks these scenarios to ensure data integrity and avoid processing issues.

(HUB-43864). Fixed an issue where the policy-status API results did not match the UI. This discrepancy occurred because overridden policy severities were not properly excluded when calculating severity counts.

(HUB-43972). Fixed an issue where SCASS scans may display the license for components with multiple licenses as UNKNOWN in the lightweight BOM.

(HUB-44006). Fixed an issue where users with Direct Access (Project Viewer) were unable to view parent project group details on the "Project Group" page.

(HUB-44177). Fixed an issue where policy violation detection events might not appear in the Activity window after a Policy Approval Updated event was applied to a specific component's policy violation. All relevant policy events are now properly logged and visible in the Activity window.

(HUB-44178). Fixed an issue where a BOM component with mutliple policy violations did not correctly restore all violations after being unignored.

(HUB-44274). Fixed an issue where project versions without scans were not deleted by the auto-deletion feature.

(HUB-44353). Fixed an issue where the Status column on the /api/vulnerabilities/<CVE>/affected-projects page was not working as intended.

(HUB-44392). Fixed an issue where container scans could display inaccurate build information for each image layer. In certain scenarios, such as images built with Bazel, build steps were offset by one layer, causing each layer to show metadata from the previous layer. This did not affect the accuracy of the scanned contents but may have led to confusion when reviewing layer histories.

(HUB-44396). Fixed an issue where containers with duplicate layers could generate an IncorrectResultSizeDataAccessException error message.

(HUB-44408, HUB-44590). Fixed an issue where source code containing Japanese and other special characters could not be uploaded, generating a The content type is not allowed error message.

(HUB-44506). Fixed missing "HUB_MAX_MEMORY" variables for containers in Gen05 sizing yaml files.

(HUB-44551). Fixed an issue when viewing the settings of a project group in which navigating to a new project group’s settings will show the previously viewed project group data.

(HUB-44604). Fixed an issue when BD is deployed with a time zone setting, the license expiration date's UTC time was being treated as local time, causing it to expire earlier than the actual license time.

(HUB-44649). Fixed an issue where the number of file matches displayed in Snippet matching was doubled.

(HUB-44670). Fixed an issue where partially configured mTLS setups could incorrectly treat empty certificate fields as valid, causing unintended behavior during database connection. Only properly configured certificates are now included.

(HUB-44674, HUB-44970). Fixed an issue where using the --detect.clone.project.version.name parameter during a scan did not correctly copy the settings from the specified project version.

(HUB-44706). Fixed an issue where a NullPointerException error could be generated occured when creating version details report if a vulnerability’s CVSS4 vector does not contain a Exploit Maturity value.

(HUB-44747). Corrected the format of the creators field in the creationInfo section of SPDX SBOMs generated by Black Duck. Previously, the tool name and version were separated by a hyphen without surrounding spaces, which was not compliant with the SPDX specification. The formatting now includes a space on each side of the hyphen as required.

(HUB-44820). Fixed an issue where Rapid scans could miss certain vulnerabiltiies in some cases. The scoring logic used in Rapid scans has been updated to align with Full scans, ensuring consistent vulnerability detection across scan types—particularly in environments using CVSS v4 or updated ranking configurations.

(HUB-44853, HUB-44876). Resolved an issue where the Security tab for a component could display a vulnerability count but show "No results" in the list. This was caused by inconsistencies in how the CVSS version was applied when prioritizing vulnerabilities. The display logic has been corrected to ensure vulnerability data is show consistently with the reported count.

(HUB-44855). Fixed an issue where the vulnerability remediation status was incorrectly applying to all origins of a component version, instead of only the intended one. The system now correctly reflects remediation status per origin. Please note that this fix includes a database migration. For customers with large databases, the migration may take up to an hour or more to complete.

(HUB-44872). Fixed an issue where users with the Project Manager or Project Administrator roles where not able to delete LTS versions.

(HUB-44879). Fixed an issue where "Policy Violation Detected" event notifications could re-trigger unexpectedly after re-scanning, causing Alert duplicate JIRA comments to be created.

(HUB-44889). Fixed the broken Black Duck Tutorials link in the '?' drop down of the UI.

(HUB-44891). Fixed an issue where components marked as ignored continued to show security risk indicators on the Component tab. Ignored components will now correctly exclude security risk data.

(HUB-45007). Fixed an issue where users could not save a snippet match without specifying a component version, generating a "Cannot create/modify file adjustment to a project without a version ID" error.