Anchore Engine Release Notes - Version 0.9.4

Anchore Engine 0.9.4

Anchore Engine 0.9.4 bug fixes, and improvements. The latest summary can always be found in the Anchore Engine CHANGELOG on github.

Changes of Note


  • Fixed - Server-side connection timeout of 75 seconds if client holds connection open after bytes sent, caused image load errors in some resource constrained situations. Now defaults to 3 minutes and is configurable. Fixes #990
  • Fixed - Incorrect CPE v2.3 string construction in some cases. Fixes #959
  • Fixed - Hints behavior regression. Fixes #1006


  • Improved - Reduced false positive matches for vulnerabilities in java artifacts by update to CPE generation logic via Syft upgrade to 0.15.1
  • Improved - Better vulnerability listing performance by removing unnecessary CPE hashing

Additional minor fixes and enhancements