From 8e8691c1fa5f4dba0695db370b7155f70a08242c Mon Sep 17 00:00:00 2001
From: Steffen Ohrendorf <steffen.ohrendorf@gmx.de>
Date: Fri, 17 Oct 2025 18:51:50 +0200
Subject: [PATCH] improve vulnerablesoftware cpe normalization performance

Signed-off-by: Steffen Ohrendorf <steffen.ohrendorf@gmx.de>
---
 .../org/dependencytrack/upgrade/v4135/v4135Updater.java   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/dependencytrack/upgrade/v4135/v4135Updater.java b/src/main/java/org/dependencytrack/upgrade/v4135/v4135Updater.java
index 0cc90b681..286ed57f9 100644
--- a/src/main/java/org/dependencytrack/upgrade/v4135/v4135Updater.java
+++ b/src/main/java/org/dependencytrack/upgrade/v4135/v4135Updater.java
@@ -43,7 +43,13 @@ public class v4135Updater extends AbstractUpgradeItem {
         try (final Statement statement = connection.createStatement()) {
             LOGGER.info("Normalizing \"VULNERABLESOFTWARE\" CPE columns");
             statement.execute(/* language=SQL */ """
-                    UPDATE "VULNERABLESOFTWARE" SET "PART" = LOWER("PART"), "VENDOR" = LOWER("VENDOR"), "PRODUCT" = LOWER("PRODUCT")
+                    UPDATE "VULNERABLESOFTWARE"
+                       SET "PART" = LOWER("PART"),
+                           "VENDOR" = LOWER("VENDOR"),
+                           "PRODUCT" = LOWER("PRODUCT")
+                     WHERE "PART" <> LOWER("PART")
+                        OR "VENDOR" <> LOWER("VENDOR")
+                        OR "PRODUCT" <> LOWER("PRODUCT")
                     """);
         }
     }