Merge pull request #2436 from Siemens-Healthineers/fix/pkgUpdationCausingInconsistency-2428

fix(importCDX) : Fix package's linked release updation when an SBOM is imported

Reviewed by: afsah.syeda@siemens-healthineers.com
Tested by: sameed.ahmad@siemens-healthineers.com

Author: ag4ums

backend/src-common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java

@@ -647,10 +647,12 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
                             pkg.setId(pkgAddSummary.getId());
                             if (AddDocumentRequestStatus.DUPLICATE.equals(pkgAddSummary.getRequestStatus())) {
                                 Package dupPkg = packageDatabaseHandler.getPackageById(pkg.getId());
-                                if (!release.getId().equals(dupPkg.getReleaseId())) {
-                                    log.error("Release Id of Package from BOM: '%s' and Database: '%s' is not equal!", release.getId(), dupPkg.getReleaseId());
-                                    dupPkg.setReleaseId(release.getId());
+                                String dupPkgReleaseId = dupPkg.getReleaseId();
+                                String releaseId = release.getId();
+                                if (!releaseId.equals(dupPkgReleaseId) && CommonUtils.isNullEmptyOrWhitespace(dupPkgReleaseId)) {
+                                    dupPkg.setReleaseId(releaseId);
                                     packageDatabaseHandler.updatePackage(dupPkg, user);
+                                    log.error("Release Id of Package from BOM: '%s' and Database: '%s' is not equal!", releaseId, dupPkgReleaseId);
                                 }
                                 if(!CommonUtils.nullToEmptySet(project.getPackageIds()).contains(pkg.getId())){
                                     pkgReuseCount++;