-
Bug
-
Resolution: Done
-
Blocker
-
None
-
4.9.3
-
None
-
False
-
-
False
-
-
-
-
Rox Sprint 4.11B
-
Critical
USER PROBLEM
Updating Scanner definitions in offline mode fails with error:
the uploaded bundle is incompatible with release version number '4.9.3' please upload an offline bundle that supports this release
CONDITIONS
Since the bug is in released bundle, the issue affects every ACS version and every user that try to perform an offline update.
ROOT CAUSE
v4-definitions-v2/manifest.json incorrectly lists 4.9.4 instead of 4.9.3 in release_versions:
{
"version": "v2",
"created": "2026-02-18T00:09:22+00:00",
"release_versions": "4.6.0 4.6.1 4.6.10 4.6.2 4.6.3 4.6.4 4.6.5 4.6.6 4.6.7 4.6.8 4.6.9 4.7.0 4.7.1 4.7.2 4.7.3 4.7.4 4.7.5 4.7.6 4.7.7 4.7.8 4.7.9 4.8.0 4.8.1 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6 4.8.7 4.8.8 4.8.9 4.9.0 4.9.1 4.9.2 4.9.4"
}
FIX
Manually fixing the file solve the issue. I do know if this is the only error in the bundle, though.
HOW TO REPRODUCE IT
1. Download the definitions file from https://install.stackrox.io/scanner/scanner-vuln-updates.zip as per ACS documentation [0]
2. Perform offline definitions update:
$ roxctl scanner upload-db --scanner-db-file scanner-vuln-updates.zip
ERROR: could not connect with scanner definitions API: expected status code 200, but received 400. Response Body:
{"code":3,"message":"the uploaded bundle is incompatible with release version number '4.9.3' please upload an offline bundle that supports this release, and consider using `roxctl scanner download-db`"}
