Vulnerability Analysis

Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What’s Changed

Enhancements

  • Return processing token when cloning project #2842 by @rkg-mm in #3260
  • Hyades backport: Preprocess CWE dictionary by @nscuro in #3284
  • Add “Show in Dependency-Graph” Button in “Affected Projects” List [improved version] by @rkg-mm in #3285
  • Add “Show in Dependency-Graph” Button in “Affected Projects” List by @rbt-mm in #2942
  • Update SPDX license list to v3.22 by @nscuro in #3368
  • Store computed severities in the database by @nscuro in #3408
  • feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in #3425
  • Subject prefix by @LaVibeX in #3422
  • Trivy by @fnxpt in #3259
  • Webhook alert token and new user alerts by @fnxpt in #3275
  • Global Audit View: Vulnerabilities by @rbt-mm in #2472
  • Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in #3357
  • Bump CWE dictionary to v4.13 by @nscuro in #3491
  • Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in #3492
  • Align retry configuration and behavior across analyzers by @nscuro in #3494
  • Add auto-generated changelog to GitHub releases by @nscuro in #3502
  • Bump SPDX license list to v3.23 by @nscuro in #3508
  • Validate uploaded BOMs against CycloneDX schema by @nscuro in #3522
  • Add endpoint for updating API key comment by @nscuro in #3537
  • OpenAPI spec fixes and improvements by @nscuro in #3557
  • Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in #3574
  • Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in #3561
  • New feature: VulnDB Aliases! by @LaVibeX in #3588
  • Implement the hackage and nixpkgs meta analyzers by @MangoIV in #3549
  • Add support for component properties by @nscuro in #3499
  • Leverage component properties for Trivy scans by @fnxpt in #3620
  • Improve Lucene observability by @nscuro in #3535
  • Include pagination parameters in OpenAPI spec by @nscuro in #3625
  • Include sorting query parameters in OpenAPI spec by @nscuro in #3631
  • support for experimental configurations by @fnxpt in #3621
  • Gracefully handle unique constraint violations by @nscuro in #3648
  • Add support for worker pool drain timeout by @nscuro in #3657
  • Fall back to no authentication when OSS Index API token decryption fails by @nscuro in #3661
  • Truncate ComponentProperty value at 1024 characters by @nscuro in #3662
  • Add the project name and project URL to bom processing notifications by @2000rosser in #3666
  • Bump bundled frontend to v4.11.0 by @nscuro in #3681

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

3 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

3 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago