Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What’s Changed

Enhancements

• Return processing token when cloning project #2842 by @rkg-mm in #3260
• Hyades backport: Preprocess CWE dictionary by @nscuro in #3284
• Add “Show in Dependency-Graph” Button in “Affected Projects” List [improved version] by @rkg-mm in #3285
• Add “Show in Dependency-Graph” Button in “Affected Projects” List by @rbt-mm in #2942
• Update SPDX license list to v3.22 by @nscuro in #3368
• Store computed severities in the database by @nscuro in #3408
• feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in #3425
• Subject prefix by @LaVibeX in #3422
• Trivy by @fnxpt in #3259
• Webhook alert token and new user alerts by @fnxpt in #3275
• Global Audit View: Vulnerabilities by @rbt-mm in #2472
• Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in #3357
• Bump CWE dictionary to v4.13 by @nscuro in #3491
• Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in #3492
• Align retry configuration and behavior across analyzers by @nscuro in #3494
• Add auto-generated changelog to GitHub releases by @nscuro in #3502
• Bump SPDX license list to v3.23 by @nscuro in #3508
• Validate uploaded BOMs against CycloneDX schema by @nscuro in #3522
• Add endpoint for updating API key comment by @nscuro in #3537
• OpenAPI spec fixes and improvements by @nscuro in #3557
• Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in #3574
• Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in #3561
• New feature: VulnDB Aliases! by @LaVibeX in #3588
• Implement the hackage and nixpkgs meta analyzers by @MangoIV in #3549
• Add support for component properties by @nscuro in #3499
• Leverage component properties for Trivy scans by @fnxpt in #3620
• Improve Lucene observability by @nscuro in #3535
• Include pagination parameters in OpenAPI spec by @nscuro in #3625
• Include sorting query parameters in OpenAPI spec by @nscuro in #3631
• support for experimental configurations by @fnxpt in #3621
• Gracefully handle unique constraint violations by @nscuro in #3648
• Add support for worker pool drain timeout by @nscuro in #3657
• Fall back to no authentication when OSS Index API token decryption fails by @nscuro in #3661
• Truncate ComponentProperty value at 1024 characters by @nscuro in #3662
• Add the project name and project URL to bom processing notifications by @2000rosser in #3666
• Bump bundled frontend to v4.11.0 by @nscuro in #3681

For more information click here.