Features:
- Support for advanced auditing workflow to easily triage findings
- Support for external repositories to retrieve additional component metadata from
- Support for SPDX 3.1 license IDs
- NVD mirroring support for Dependency-Check (and other) clients
- Support for out-of-date version detection (rubygems, maven, and npm)
- Enhanced API to (optionally) autocreate project on bom/scan upload
- Better support for Dependency-Check “relatedDependencies”
- Added individual component metrics (independent of dependency metrics)
- Added per project and per component overview with metrics and refresh support
- Specific table columns can now be sorted with full pagination support
- Improved error logging when issues are encountered during BOM and scan processing
- Enhanced LDAP integration to support strong authentication mechanisms and configurable user formats
- General performance improvements on multi-core machines
- Minor enhancements to user interface
Fixes:
- Fixed defect that prevented paginated results on project tag searches
- Fixed defect affecting GAV identifiers in Dependency-Check Gradle/CLI reports not being in parenthesis
Upgrade Notes:
- The VULNERABILITY_ANALYSIS permission was introduced in this release. Existing users that need the ability to audit findings will need this permission added to their account or through their team membership.
- MySQL now requires ANSI_QUOTES to be added to the SQL mode. Refer to Database Support for details.