| CARVIEW |
Select Language
HTTP/2 200
date: Sun, 12 Oct 2025 06:52:22 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"2f6dd7ffe55c6b67318e557b7d1ab79d"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=oFrb1qE3aKksHP6kiTp9T1xnyp8IvbcQmBac7y4jtEmaHm6pQQuXzkAl0Sibz6oU%2FaCjjtYyO9eEdQ5Ii%2FiWjWv9NRKY2UtZCXWI%2BTCohzqHJtXmr8eYOBezsavWlRoQEiozYcSw8QZu0g9O%2BnvDCanBQkuzcDu4V5QFnAse9R3R6B1NdEPE8SAvLDn0IAD69SBA8ALfM1NryLMnVTLKYValhMO2x71J%2BXZTvrjS%2Fp5BejMxDA5UE00FuhP%2FoBHE55Rrx8fdrMXdcbbx2jmU%2Bw%3D%3D--Oj2sd7W%2FVaKw0abY--14da7GEW8rK15WcPbNwI3w%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1375397790.1760251941; Path=/; Domain=github.com; Expires=Mon, 12 Oct 2026 06:52:21 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Mon, 12 Oct 2026 06:52:21 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: E080:1D4E10:CD2CA8:11396D4:68EB5025
Releases Β· DependencyTrack/dependency-track Β· GitHub
07 Oct 14:54
Loading
26 Aug 10:01
Loading
04 Aug 12:51
Loading
08 May 22:17
Loading
30 Apr 09:05
Loading
07 Apr 09:32
Read more
Loading
12 Mar 22:22
Loading
24 Feb 17:26
Loading
17 Feb 15:57
Loading
10 Feb 16:35
Loading
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 682
Releases: DependencyTrack/dependency-track
Releases Β· DependencyTrack/dependency-track
4.13.5
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
f38abe7b93f7cb88f3bba4c78c30a9ce7dc45c0d dependency-track-apiserver.jar
5aea8e0662f8aa4d9e53b52c14367c5345602e34 dependency-track-bundled.jar
# SHA256
bf55097e63b46ed16042024636b855f676ba67e6e5824e7da80f3cec863a3f77 dependency-track-apiserver.jar
4a373de4d5aca924fb533ebfc7e1eb4fb5a249d81c948bd367a52fa53125a610 dependency-track-bundled.jar
# SHA512
ac6f680fb0db71621ad3a3aa8a7ea4bbab54feadc376fc86e236474cc9aa3457f021ea8005044b064f0d616c060ed89f51d8f84c0710805e2db9146f1f32b492 dependency-track-apiserver.jar
d93e02459d3d7026356424a903c226408ca1397844db8fa9786f18375f9f00af6e148800dd96b8405330d6cd455c1b55d43eaf311a97511d8bf9db64dc8e99dc dependency-track-bundled.jar
What's Changed
Enhancements π
- Backport: Make OSS Index credentials required by @nscuro in #5351
- Backport: Bump SPDX license list to 3.27.0 by @nscuro in #5356
Bug Fixes π
- Backport: Make CPE matching case-insensitive by @stohrendorf in #5299
- Backport: improve detection if version is commit sha or release tag for github purl by @nscuro in #5350
- Backport: only return tags directly associated with a policy by @nscuro in #5353
- Backport: Check for non-empty timestamp files in doDownload of NistMirrorTask by @nscuro in #5354
- Backport: Fix NullPointerException in GithubMetaAnalyzer when analyzing GitHub Actions by @nscuro in #5359
- Backport: download OSV mirror files to temp files to keep connection lifetime short by @nscuro in #5360
- Backport: NuGet Analyzer Improvements by @nscuro in #5381
Dependency Updates π€
- Backport: Bump open-vulnerability-clients to 9.0.1 by @nscuro in #5352
- Backport: Bump cyclonedx-core-java to 11.0.0 by @nscuro in #5355
- Backport: Bump Alpine to 3.3.0 by @nscuro in #5357
- Backport: Bump bundled frontend to 4.13.5 by @nscuro in #5384
Other Changes
Full Changelog: 4.13.4...4.13.5
Contributors
nscuro and stohrendorf
Assets 6
2 people reacted
4.13.4
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
048b46829358cfde1f4d90b9298984224c75f6ae dependency-track-apiserver.jar
b3eb198254783462dc7d147791537fa50b11483e dependency-track-bundled.jar
# SHA256
2ca674108a08bf71642ddec6704125fae720161c4c40268fd19557e8b116d9d0 dependency-track-apiserver.jar
a8252f66f9b3c9253553e1d2a40fb0169f90c31895e36f57bc5992068ff473f5 dependency-track-bundled.jar
# SHA512
25d697390a5a0316b85b67e01f29caaeba8cec955318a7ecd762189aefad0175bf338228361790796b153e53953c663cd05dca940d51dc4a30d015fb897a1c47 dependency-track-apiserver.jar
698f3f8ddc9958c7bd17f17e66c3b79d04181b509bd8fd42f01ee58aeb23cf5a88b208bcc13b6815c7d5396b049881c830aee1810420ae09923fbef766cf33ea dependency-track-bundled.jar
What's Changed
Enhancements π
Bug Fixes π
- Backport: Handle URLs in composer package metadata pattern by @nscuro in #5234
- Backport: Fix failing TrivyAnalysisTaskIntegrationTest by @nscuro in #5241
- Backport: Fix inconsistent ordering in findings endpoints by @nscuro in #5247
- Handle
adduser/addgroupremoval in Debian base image by @nscuro in #5246 - Backport: Fix failing Trivy OS matching for distro versions with special characters by @nscuro in #5249
Dependency Updates π€
- Bump Debian base image to latest digest by @nscuro in #5240
- Backport: Bump angus-mail to 2.0.4 by @nscuro in #5242
- Backport: Bump Temurin base image to 21.0.8_9 by @nscuro in #5243
- Backport: Bump commons-lang3 to 3.18.0 by @nscuro in #5244
- Bump bundled frontend to 4.13.4 by @nscuro in #5253
Other Changes
Full Changelog: 4.13.3...4.13.4
Contributors
nscuro
Assets 6
3 people reacted
4.13.3
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
ba7866fa7b8be30f2058606ee77539b126ab61f1 dependency-track-apiserver.jar
70ac64f18c4b219d283df0c056e74f001287159b dependency-track-bundled.jar
# SHA256
8b6b2f29bdfd6f3e81ed2c9754a3ab2b4e27bbb9c33e52f720700d7e73558adb dependency-track-apiserver.jar
1ae9984304854845cc5741d1dd1288e7b0a748539f448e0d0899ef635bb33c28 dependency-track-bundled.jar
# SHA512
706389f889eb177701d65e1ffefb30540f0ac9761128554f37e1edb637d73a58c981c87ca783e4b4eed982b813f4d359d590ca6ccd7132c10da83056935d2328 dependency-track-apiserver.jar
09e1ce042f64bd2ea5214fab3ebf2d2c86255b7c781490c14f2afcb517c056ef791713ba939e5de20b2b32a21949e5ac8a70ae3610432da1fa42681feceff626 dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix OSV ubuntu advisory containing severity without type by @nscuro in #5168
- Backport: Fix too many query parameters when retrieving vuln aliases by @nscuro in #5167
- Backport: Add apiserver health check to Compose files by @nscuro in #5171
- Backport: Handle dangling SPDX expression operators by @nscuro in #5173
- Backport: Fix BOM export failing for projects of type NONE by @nscuro in #5178
- Backport: Ensure VulnerableSoftware query is able to leverage indexes by @nscuro in #5177
- Backport: Add whitespace sanitization in fuzzySearch CPE to fix CPE validation errors by @nscuro in #5176
- Backport: Bulk load component relationships for BOM export by @nscuro in #5179
- Backport: Improve Composer meta analyzer's ability to deal with minified metadata by @nscuro in #5175
- Backport: Fix failing v4.13.1 migration for H2 deployments that pre-date v4.11.0 by @nscuro in #5180
Dependency Updates π€
- Backport: bump org.apache.commons:commons-compress by @nscuro in #5169
- Backport: Bump PostgreSQL JDBC driver to 42.7.7 by @nscuro in #5174
- Bump Docker base images to latest digests by @nscuro in #5181
- Backport: Bump bundled frontend to 4.13.3 by @nscuro in #5184
Other Changes
- Backport: Add AWS Cognito configuration example by @nscuro in #5172
- Add changelog for v4.13.3 by @nscuro in #5182
Full Changelog: 4.13.2...4.13.3
Contributors
nscuro
Assets 6
4.13.2
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
845f970ba9c00a26d6d0b5a77c24cd12ee5feeea dependency-track-apiserver.jar
61d5c535ab19a6f67e48ee8efa20bf9656d084f7 dependency-track-bundled.jar
# SHA256
f1d66b81a44d7d3528fad42d1e1fb498e2151c2c5e78c1070942be54456bf7d1 dependency-track-apiserver.jar
4494b0090cd699db2099248c0fdd67a07d130731bbc476287251aa84d008bfa4 dependency-track-bundled.jar
# SHA512
988cdaf174c32381c1ec2803439e951b48a942a8702d29743e009d3dff42129489c6e249273516bb3e084f836568caf5cd34ece6ec972145da7337c325a48201 dependency-track-apiserver.jar
f86e6a0b62be8620d581c19759b319d7902075877322c62b7c26fd9e311ed4f283e94304f3644603ad33c0798f869921bb1b574967e0fca894c6f0cf85fbe8fe dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix failing v4.13.1 migration for MSSQL deployments that pre-date v4.11.0 by @nscuro in #4911
- Backport: Fix summary notifications not sent when "skip if unchanged" is enabled by @nscuro in #4913
Dependency Updates π€
Other Changes
Full Changelog: 4.13.1...4.13.2
Contributors
nscuro
Assets 6
4.13.1
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
b5e613f1f484179e770333828ef25c020ed9f03a dependency-track-apiserver.jar
173511869286b1335950bd07477421d684c96251 dependency-track-bundled.jar
# SHA256
c88b2e7879b1d534741ce5483f96621b650d6a4dcacabb470eeeeb43e7c7c627 dependency-track-apiserver.jar
53c7fca478125fad1c35d6732815a6c09e120abc6ea57a8a88eb2af3ed2efab2 dependency-track-bundled.jar
# SHA512
b5c30fd2aaac36b5437da0802bf60f3b1740d64b413c16c6a5f6eb2bc8b44c62ff5e4d8c8789b8380e76692fbbb410b043d919c0952a3b1e166bc4d9a0683a44 dependency-track-apiserver.jar
d8cb6f7318da182f4a1ad4a94995c79211282c2d68ddf8d4cad93f5003311f79cebbe39f51b880320c01c6fe757b3334a87747cbee9940d8d70d26fd636609fd dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix
NEW_VULNERABILITIES_SUMMARYnotification dispatch failing for PostgreSQL by @nscuro in #4859 - Backport: Fix team email addresses not being available when publishing scheduled notification emails by @nscuro in #4860
- Backport: Prevent duplicate tag names and relationships by @nscuro in #4861
- Backport: Fix missing
NONEvalue in classifier check constraint by @nscuro in #4887 - Backport: Fix tag deletion failing when tag is used by project collection logic by @nscuro in #4888
Dependency Updates π€
- Backport: Bump Temurin base image to 21.0.7 by @nscuro in #4886
- Bump bundled frontend to 4.13.1 by @nscuro in #4903
Other Changes
- Backport: Improve the stability of tag binding by @nscuro in #4885
- Add changelog for v4.13.1 by @nscuro in #4889
Full Changelog: 4.13.0...4.13.1
Contributors
nscuro
Assets 6
4.13.0
Compare
Warning
Please consult the upgrade notes in the changelog before upgrading! Some changes in this release are irreversible,
and you won't be able to roll back simply by downgrading the application version!
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
c5ef70f1e8df186a929a7c2ad24962a3b97af379 dependency-track-apiserver.jar
feeac3362ae6ea5d42cf6dde7e5e079599372eaa dependency-track-bundled.jar
# SHA256
0f2af7a93a21850da62c2b2e86babfb0b0f18abd80f380dfb80bf84c59f605e4 dependency-track-apiserver.jar
a81e61f1e21a732474a11345d71e7853d50ec2faea1f7d44bacfb29902673ebd dependency-track-bundled.jar
# SHA512
436330854efc77e4c3b1c0484ec0e61b80fdde07445f3a31cb35ac195e0db2e2268cf11e6b71b72d58a1b90d2ca77d0fdf0d62fdbcae4045d94346b607f21a7c dependency-track-apiserver.jar
a26173afcfd4416ef9b15e9d99d53cccff0b60510b2399c29b190a7123d200afe73c5d5d4b3d0ff7ad171bd87abfc15ddb211f3afb4627e598f8ed04271ce00e dependency-track-bundled.jar
What's Changed
Enhancements π
- Provide support for AWS JDBC Driver by @VinodAnandan in #4304
- Add property to control
verifiedflag in DefectDojo integration by @Malaydewangan09 in #4273 - Reduce memory usage of metrics update tasks by @nscuro in #4325
- Optimize vulnerability synchronization logic to not perform redundant writes by @LaVibeX in #4359
- Introduce "collection" projects for better usage of hierarchical view #2041 by @rkg-mm in #3258
- Add /v1/project/batchDelete API method that deletes with SQL by @mikael-carneholm-2-wcar in #4383
- Reduce database round-trips during BOM processing by @nscuro in #4486
- Compose Metadata Analyzer: Refactor to support V2 and V1 repositories by @valentijnscholten in #4470
- composer meta analyzer: add DEBUG logging by @valentijnscholten in #4546
- Update quickstart Compose file to use Postgres instead of H2 by @nscuro in #4576
- Bump Alpine to 3.2.0 and handle API key migration by @Gepardgame in #4566
- Prevent application startup when migrations fail by @nscuro in #4681
- Implement basic telemetry collection by @nscuro in #4651
- Add support for Snyk API version 2024-10-15 by @ad8-adriant in #4715
- #4620 add "lastVulnerabilityAnalysis" to project by @stohrendorf in #4642
- add endpoint to mass-create tags by @stohrendorf in #4766
- Add feature to define the test title for DefectDojo integration by @AndreVirtimo in #4796
- Add trivy scanning options by @mjwrona in #4782
- Bump SPDX license list to v3.26.0 by @nscuro in #4800
- Bump CWE dictionary to v4.16 by @nscuro in #4801
- Add support for scheduled summary notifications by @nscuro in #4783
Bug Fixes π
- Prevent duplicate policy violations by @nscuro in #4216
- Log contains now username when user gets deleted by @Gepardgame in #4222
- Fix unintended manual flushing mode due to DataNucleus
ExecutionContextpooling by @nscuro in #4221 - Enhance policy violation de-duplication logic by @nscuro in #4231
- Fix inaccuracies of Trivy analyzer by @nscuro in #4245
- Fix redundant query for "ignore unfixed" config during Trivy analysis by @nscuro in #4246
- Fix excessive memory usage of portfolio repository meta analysis by @nscuro in #4311
- Fix nullable metrics fields having getters of primitive type by @nscuro in #4326
- Fix CPE matching logic for NVD Rest by @calderonth in #4339
- Fix update component to allow empty values by @immalla in #4229
- Fix incorrect CWE schema in OpenAPI spec by @fupgang in #4350
- Fix component hash policy evaluator by @francislance in #4306
- Fix NullPointerException when fetching findings by @nscuro in #4369
- Fix policy evaluation not happening upon creation or update of individual components by @fupgang in #4374
- Fix Trivy analyzer vulnerability matching for Go packages by @nscuro in #4394
- Add cyclonedx json media type when exporting components by @wratner in #4409
- Fix NPE when cloning projects with broken dependency graph by @nscuro in #4414
- Fix
project.activebeing nullable by @nscuro in #4415 - Move GHSA notification logic outside recursion by @antoinbo in #4401
- Fix broken pagination in
/api/v1/cweendpoint by @nscuro in #4421 - Fix notification tests not working for Jira by @nscuro in #4456
- Fix component de-duplication potentially causing duplicate dependency graph entries by @nscuro in #4458
- Fix component SWID tag ID not being considered in project cloning by @nscuro in #4480
- Fix onlyOutdated ungrouped component filtering by @sedan07 in #4511
- Fix REST endpoints for adding tags by @nscuro in #4541
- Recreate outdated check constraints for
CLASSIFIERcolumns by @nscuro in #4544 - Handle GitHub GraphQL API rate limiting by @nscuro in #4578
- Fix possible NPEs during tag binding by @nscuro in #4594
- Fix erroneous URL-encoding of the Maven groupId by @nscuro in #4602
- Fix false negatives in CPE matching for ANY and NA versions by @nscuro in #4610
- Refactor
VulnerabilityAnalysisTaskto be more efficient by @nscuro in #4623 - Refactor
VulnerabilityManagementUploadTaskto be more efficient by @nscuro in #4624 - Handle invalid CVSS vectors and processing failures for OSV by @nscuro in #4636
- Fix possible NPEs in TrivyAnalysisTask by @nscuro in #4668
- Analyze all components of a project at once instead of in batches by @nscuro in #4670
- Fix notification webhook sending blank headers by @LennartC in #4679
- Fix incomplete API key migration by @nscuro in #4682
- Disable
includetag for Pebble templates by @nscuro in #4684 - Fix NPE during NVD mirroring via REST API when encountering invalid CPEs by @nscuro in #4732
- Remove erroneous client-side caching in Trivy analyzer by @nscuro in #4735
- Fix notification limiting to tags not working reliably by @nscuro in #4733
- Fix tags from BOM upload request not being applied for existing projects by @nscuro in #4738
- Fix component properties not being cloned by @nscuro in #4745
- handle corner case if no vulnerabilities have compatible aliases by @stohrendorf in https://github.com/DependencyTrack/dependency-tra...
Contributors
Granjow, setchy, and 28 other contributors
Assets 6
7 people reacted
4.12.7
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
a3a30181b15a14bcd3ea3ef7ed338d2ce5e86bb5 dependency-track-apiserver.jar
2c416320eda0aee60a268047643da006ad7edf24 dependency-track-bundled.jar
# SHA256
cc271be5577eee0a562c19acd60a693accbe6b8b1a24294472a43462f6aa94fd dependency-track-apiserver.jar
48defc20ebe19214bb7cf73bf61f8c09f467d0c8585a5e6c0671ad563bbd4884 dependency-track-bundled.jar
# SHA512
29561b22a734a6d8fb33cb48c51d081dbece71a4530ec0296a1d8d3e8ae16027245b62387aa7057b916db891093824df04dd265550cfd0f4dc181ceff4f64ea5 dependency-track-apiserver.jar
c86816d53570e459a57d54254192aa26c5132c0e4b9662bdb347bbe3fc9e500d3dd2b4359679bce984d5ba124c68926d5cc0079e634908c975cc3c8ee8dd3e24 dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix NPE during NVD mirroring via REST API when encountering invalid CPEs by @nscuro in #4734
- Backport: Remove erroneous client-side caching in Trivy analyzer by @nscuro in #4736
- Backport: Fix notification limiting to tags not working reliably by @nscuro in #4737
- Backport: Fix tags from BOM upload request not being applied for existing projects by @nscuro in #4740
- Backport: Fix component properties not being cloned by @nscuro in #4746
Dependency Updates π€
Other Changes
Full Changelog: 4.12.6...4.12.7
Contributors
nscuro
Assets 6
4.12.6
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
f59a0777e631a6bd4e4dc7b42c3df2ac9e8ce4d8 dependency-track-apiserver.jar
be4ed743244851cd47873cbbb6c065f0c2eace9d dependency-track-bundled.jar
# SHA256
4196b1eb91cb27304a53a0b897f0ffb766e3f49607094880618b480ce9ee3124 dependency-track-apiserver.jar
e036fc1bd0d0914f421307a59911cb7cab1ba158599b125e404a4a3079e6ea26 dependency-track-bundled.jar
# SHA512
3ffe4f6e7139e2a562c94edeb0f8197816ed468ccfc30baf3cfd2faeacda00ddea4c2b8a4b82f99a47ec34b52008d155e9f5d7b1cecc25f93542bcd29395565f dependency-track-apiserver.jar
a9dec98602080cba59f3c7e01ece4e090cc9b695e55fabbc0ce9eee042121964a340dcec8844d438dc37ed26b62219234b71278b42e102c253b815ad6f8b9d5d dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix possible NPEs in TrivyAnalysisTask by @nscuro in #4671
- Backport: Analyze all components of a project at once instead of in batches by @nscuro in #4673
- Backport: Fix notification webhook sending blank header by @nscuro (original change by @LennartC) in #4680
- Backport: Disable
includetag for Pebble templates by @nscuro in #4685
Dependency Updates π€
- Backport: Bump net.minidev:json-smart to 2.5.2 by @nscuro in #4672
- Backport: Bump bundled frontend to 4.12.6 by @nscuro in #4690
Other Changes
Full Changelog: 4.12.5...4.12.6
Contributors
LennartC and nscuro
Assets 6
4.12.5
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
d5c8c84612e6f09dcbefe596545c11384615f14c dependency-track-apiserver.jar
c4c020b2652413f99daf41965231a8c17f90e2a8 dependency-track-bundled.jar
# SHA256
b0e9a93c06fb92d2c4bba2724689d58cc8455ac92c42cb5cf844686fad2d2820 dependency-track-apiserver.jar
ba569456a971f772d4d8a70fddc6fea2c9d4fbc6b12dfc7458d102dc97ed0206 dependency-track-bundled.jar
# SHA512
925cd222dad2715483cb3f5e9a7d85468d557448293a529d564957ad70429546e8d67d3a832a569df3ded79a4d486d4219f6e0f4fb7cce2358776164d0d7b9ed dependency-track-apiserver.jar
7ea8917def588a57de9bbca9e8bf9420097e48946e6a9a50b4b2678b02b652279b79075f8c8cbbd48083532ccbfa477314dd712d885e207e56c0780a764c8f3e dependency-track-bundled.jar
What's Changed
Dependency Updates π€
- Backport: Bump io.github.jeremylong:open-vulnerability-clients from 7.2.1 to 7.2.2 by @nscuro in #4656
- Backport: Bump bundled frontend to 4.12.5 by @nscuro in #4659
Other Changes
Full Changelog: 4.12.4...4.12.5
Contributors
nscuro
Assets 6
3 people reacted
4.12.4
Compare
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
6467242cb3ce65fb128ded6e4d40bd45bf3c74f3 dependency-track-apiserver.jar
a27297edf0da4d208c3b89d31fcd441958767e48 dependency-track-bundled.jar
# SHA256
9abd2ec5091645779d1eecbcad0ed78c4175565fe93eddce8b600113fe66f476 dependency-track-apiserver.jar
fe490211de5988fb651a8e869e36d46c33caca030b26a61172e9fc49b0d94404 dependency-track-bundled.jar
# SHA512
b7289546a53ec598430a0c2e435d9dee6c2e53ca0eedfa7232ba882c77c18bf54b92185817e05181d0081ffe35d7250c61f18f3a80109afa90e1bd4c8273a268 dependency-track-apiserver.jar
1aebd3967192d6749059ab31b30e3faed0e7fba416692d0096d82ae6e4f212e820b4432093e665cd169657e8e2dca786be808694dcf685d7475b0f6699491373 dependency-track-bundled.jar
What's Changed
Bug Fixes π
- Backport: Fix possible NPEs during tag binding by @nscuro in #4595
- Backport: Fix false negatives in CPE matching for ANY and NA versions by @nscuro in #4612
- Backport: Refactor
VulnerabilityAnalysisTaskto be more efficient by @nscuro in #4625 - Backport: Refactor
VulnerabilityManagementUploadTaskto be more efficient by @nscuro in #4626 - Backport: Fix erroneous URL-encoding of the Maven groupId by @nscuro in #4629
- Backport: Handle invalid CVSS vectors and processing failures for OSV by @nscuro in #4638
Dependency Updates π€
- Backport: Bump Temurin base image to 21.0.6_7 by @nscuro in #4628
- Backport: Bump bundled frontend to 4.12.4 by @nscuro in #4641
Other Changes
Full Changelog: 4.12.3...4.12.4
Contributors
nscuro
Assets 6
3 people reacted
Previous Next
You canβt perform that action at this time.