I'm getting an error trying to use the new vulnerability detection. I'm using MariaDB

sql: Scan error on column index 5, name "vulnerabilities": json: cannot unmarshal object into Go value of type fleet.VulnerabilitiesSlice

Hi Esteban, sorry to hear you're having trouble with that feature. Could you tell me a bit more about your deployment? How many hosts do you have? And would you be able to run a SQL query so that we can understand what data might be causing that error?

Hello, I have aprox 100hosts. Right now I can't run any query on the host since it shows me an error page with that message. The only thing I did was declaring the FLEET_BETA_SOFTWARE_INVENTORY=1 environmental variable on my docker compose.

would you be able to provide us with the result of the following sql query:

SELECT s.id, s.name, s.version, s.source, coalesce(scp.cpe, "") as generated_cpe, 
			IF(
				JSON_ARRAYAGG(scv.cve) = JSON_ARRAYAGG(null), 
				null, 
				JSON_ARRAYAGG(
					JSON_OBJECT(
						"cve", scv.cve, 
						"details_link", CONCAT('<https://nvd.nist.gov/vuln/detail/>', scv.cve)
					)
				)
			) as vulnerabilities FROM software s
		LEFT JOIN software_cpe scp ON (s.id=scp.software_id)
		LEFT JOIN software_cve scv ON (scp.id=scv.cpe_id)
		group by s.id, s.name, s.version, s.source, generated_cpe

?

I've sent you the result of the query

the work around for now would be: disable software inventory, and clear the table host_software. That should break it seems mariadb is behaving unexpectedly with the query. We'll need to tweak it

Version: 5.7

is that mariadb? or the mysql compatibility? if it's the mariadb version, sounds quite old, I see it's on 10.x now

Let me check

great, will check against that

I see, I can't update the service right now. There's a possible fix?

there is, there's a PR for review, we might push a minor release with that fix and another one

Thanks, I'll be waiting for the release