Dependency-Track 4.11.4 : Enhancements, Bug Fixes, And Security Updates

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
19531d4f02cccf26478b3a63feba355da8726b3f  dependency-track-apiserver.jar
3c4bb658783157ae9c408b8323e25e55c9ab25fd  dependency-track-bundled.jar
# SHA256
9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b  dependency-track-apiserver.jar
73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100  dependency-track-bundled.jar
# SHA512
a357be2617e9da6d4eaf19120316927ccddbc1290b9f0179287619864ffe2f6a349c9cab729853469425e273662e64cb49a4ede5498da937817b3cda01997af9  dependency-track-apiserver.jar
13fbf6477f2820b0926ad082063332e9f34de622e64b11cfe0fa4574ba5d2d9f41c06c791740ddb69a34fc71e21b6456f20c36018eb2b52e0664fdc47a41645f  dependency-track-bundled.jar

What’s Changed

Enhancements

Backport: Support ingestion of CycloneDX v1.6 BOMs by @nscuro in #3863

Bug Fixes

Backport: Fix inverted “show inactive” filter in vulnerability audit view by @nscuro (original change by @2000rosser) in #3864
Backport: Fix BOM validation failing when URL contains encoded [ and ] characters by @nscuro in #3866
Backport: Fix external references not being updated via POST /v1/component by @nscuro (original change by @sahibamittal) in #3867
Backport: Prevent XXE injection during CycloneDX validation and parsing by @nscuro in #3871

Dependency Updates

Backport: Bump bundled frontend to 4.11.4 by @nscuro in #3875

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.