Vulnerability Analysis

Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What’s Changed

Enhancements

  • Return processing token when cloning project #2842 by @rkg-mm in #3260
  • Hyades backport: Preprocess CWE dictionary by @nscuro in #3284
  • Add “Show in Dependency-Graph” Button in “Affected Projects” List [improved version] by @rkg-mm in #3285
  • Add “Show in Dependency-Graph” Button in “Affected Projects” List by @rbt-mm in #2942
  • Update SPDX license list to v3.22 by @nscuro in #3368
  • Store computed severities in the database by @nscuro in #3408
  • feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in #3425
  • Subject prefix by @LaVibeX in #3422
  • Trivy by @fnxpt in #3259
  • Webhook alert token and new user alerts by @fnxpt in #3275
  • Global Audit View: Vulnerabilities by @rbt-mm in #2472
  • Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in #3357
  • Bump CWE dictionary to v4.13 by @nscuro in #3491
  • Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in #3492
  • Align retry configuration and behavior across analyzers by @nscuro in #3494
  • Add auto-generated changelog to GitHub releases by @nscuro in #3502
  • Bump SPDX license list to v3.23 by @nscuro in #3508
  • Validate uploaded BOMs against CycloneDX schema by @nscuro in #3522
  • Add endpoint for updating API key comment by @nscuro in #3537
  • OpenAPI spec fixes and improvements by @nscuro in #3557
  • Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in #3574
  • Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in #3561
  • New feature: VulnDB Aliases! by @LaVibeX in #3588
  • Implement the hackage and nixpkgs meta analyzers by @MangoIV in #3549
  • Add support for component properties by @nscuro in #3499
  • Leverage component properties for Trivy scans by @fnxpt in #3620
  • Improve Lucene observability by @nscuro in #3535
  • Include pagination parameters in OpenAPI spec by @nscuro in #3625
  • Include sorting query parameters in OpenAPI spec by @nscuro in #3631
  • support for experimental configurations by @fnxpt in #3621
  • Gracefully handle unique constraint violations by @nscuro in #3648
  • Add support for worker pool drain timeout by @nscuro in #3657
  • Fall back to no authentication when OSS Index API token decryption fails by @nscuro in #3661
  • Truncate ComponentProperty value at 1024 characters by @nscuro in #3662
  • Add the project name and project URL to bom processing notifications by @2000rosser in #3666
  • Bump bundled frontend to v4.11.0 by @nscuro in #3681

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

2 weeks ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

2 weeks ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

2 weeks ago