1. Home
  2. Categories
  3. Support
  4. Wrong version shown in Usage&Statistics

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Wrong version shown in Usage&Statistics

  • C

    Looking at the Usage&Statistic of a package, we can see the Latest Version of a consumer.
    We noticed that the Latest Version is not the highest version of a consumer, but the latest version uploaded.
    E.g.: We uploaded a project in version 2.0.0 and 2.0.0 is shown as Latest Version in its dependencies. Afterwards we had to upload a fix from a branch in version 1.6.1. Now 1.6.1 is shown as Latest Versions in the same dependencies.
    One could assume that only versions below 1.6.1 are affected if a vulnerability is found in the package.

    Could anybody else observe this behavior? Is it supposed to work this way?

    0 stevedennis 1 Reply
  • stevedennis
    inedo-engineer

    Hi @caterina ,

    This behavior is intentional, but not ideal. It should only navigation - such as the "Usage & Statics" page on a package, or the "List Projects" page which has a "Latest Release" column. As long as the Release is active, you'll still see new issues come up.

    That's really what determines if a release is scanned or not - Active or not.

    The reason for this... an SCA Release's "Release Number" is a free-form field, which means there are no sorting rules. So we can't practically/easily determine what the "highest" number. Instead, we just use the order in which it was created for display purposes.

    Thanks,
    Steve

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation