For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9 dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49 dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3 dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3 dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198 dependency-track-bundled.jar
What’s Changed
Enhancements
- Return processing token when cloning project #2842 by @rkg-mm in #3260
- Hyades backport: Preprocess CWE dictionary by @nscuro in #3284
- Add “Show in Dependency-Graph” Button in “Affected Projects” List [improved version] by @rkg-mm in #3285
- Add “Show in Dependency-Graph” Button in “Affected Projects” List by @rbt-mm in #2942
- Update SPDX license list to v3.22 by @nscuro in #3368
- Store computed severities in the database by @nscuro in #3408
- feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in #3425
- Subject prefix by @LaVibeX in #3422
- Trivy by @fnxpt in #3259
- Webhook alert token and new user alerts by @fnxpt in #3275
- Global Audit View: Vulnerabilities by @rbt-mm in #2472
- Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in #3357
- Bump CWE dictionary to v4.13 by @nscuro in #3491
- Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in #3492
- Align retry configuration and behavior across analyzers by @nscuro in #3494
- Add auto-generated changelog to GitHub releases by @nscuro in #3502
- Bump SPDX license list to v3.23 by @nscuro in #3508
- Validate uploaded BOMs against CycloneDX schema by @nscuro in #3522
- Add endpoint for updating API key comment by @nscuro in #3537
- OpenAPI spec fixes and improvements by @nscuro in #3557
- Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in #3574
- Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in #3561
- New feature: VulnDB Aliases! by @LaVibeX in #3588
- Implement the hackage and nixpkgs meta analyzers by @MangoIV in #3549
- Add support for component properties by @nscuro in #3499
- Leverage component properties for Trivy scans by @fnxpt in #3620
- Improve Lucene observability by @nscuro in #3535
- Include pagination parameters in OpenAPI spec by @nscuro in #3625
- Include sorting query parameters in OpenAPI spec by @nscuro in #3631
- support for experimental configurations by @fnxpt in #3621
- Gracefully handle unique constraint violations by @nscuro in #3648
- Add support for worker pool drain timeout by @nscuro in #3657
- Fall back to no authentication when OSS Index API token decryption fails by @nscuro in #3661
- Truncate
ComponentProperty value at 1024 characters by @nscuro in #3662 - Add the project name and project URL to bom processing notifications by @2000rosser in #3666
- Bump bundled frontend to v4.11.0 by @nscuro in #3681
For more information click here.