Users cannot change their password except by using the “Forgot your password?” link on the login page
The CLT cannot be used to re-sign jars on Windows
Cannot use the ‘@’ symbol in the values for MergeBase docker image environment variables
Uploading a Java application will fail if the application contains multiple jars that are not recognized as known open source components and they have MANIFEST.MF files with similar metadata
Risk and Vulnerability graphs may not reflect reduction in vulnerability count if an application is scanned twice the same calendar day and:
the first scan produces an increase in vulnerabilities
the second scan removes the newly added vulnerabilities
Inoculated applications will run on Windows 10 but may not accurately report usage or apply all mitigations.