Dependency-Track 4.11.4 : Enhancements, Bug Fixes, And Security Updates

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
19531d4f02cccf26478b3a63feba355da8726b3f  dependency-track-apiserver.jar
3c4bb658783157ae9c408b8323e25e55c9ab25fd  dependency-track-bundled.jar
# SHA256
9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b  dependency-track-apiserver.jar
73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100  dependency-track-bundled.jar
# SHA512
a357be2617e9da6d4eaf19120316927ccddbc1290b9f0179287619864ffe2f6a349c9cab729853469425e273662e64cb49a4ede5498da937817b3cda01997af9  dependency-track-apiserver.jar
13fbf6477f2820b0926ad082063332e9f34de622e64b11cfe0fa4574ba5d2d9f41c06c791740ddb69a34fc71e21b6456f20c36018eb2b52e0664fdc47a41645f  dependency-track-bundled.jar

What’s Changed

Enhancements

• Backport: Support ingestion of CycloneDX v1.6 BOMs by @nscuro in #3863

Bug Fixes

• Backport: Fix inverted “show inactive” filter in vulnerability audit view by @nscuro (original change by @2000rosser) in #3864
• Backport: Fix BOM validation failing when URL contains encoded [ and ] characters by @nscuro in #3866
• Backport: Fix external references not being updated via POST /v1/component by @nscuro (original change by @sahibamittal) in #3867
• Backport: Prevent XXE injection during CycloneDX validation and parsing by @nscuro in #3871

Dependency Updates

• Backport: Bump bundled frontend to 4.11.4 by @nscuro in #3875