For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
19531d4f02cccf26478b3a63feba355da8726b3f dependency-track-apiserver.jar
3c4bb658783157ae9c408b8323e25e55c9ab25fd dependency-track-bundled.jar
# SHA256
9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b dependency-track-apiserver.jar
73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100 dependency-track-bundled.jar
# SHA512
a357be2617e9da6d4eaf19120316927ccddbc1290b9f0179287619864ffe2f6a349c9cab729853469425e273662e64cb49a4ede5498da937817b3cda01997af9 dependency-track-apiserver.jar
13fbf6477f2820b0926ad082063332e9f34de622e64b11cfe0fa4574ba5d2d9f41c06c791740ddb69a34fc71e21b6456f20c36018eb2b52e0664fdc47a41645f dependency-track-bundled.jar
What’s Changed
Enhancements
Bug Fixes
- Backport: Fix inverted “show inactive” filter in vulnerability audit view by @nscuro (original change by @2000rosser) in #3864
- Backport: Fix BOM validation failing when URL contains encoded
[
and]
characters by @nscuro in #3866 - Backport: Fix external references not being updated via
POST /v1/component
by @nscuro (original change by @sahibamittal) in #3867 - Backport: Prevent XXE injection during CycloneDX validation and parsing by @nscuro in #3871