Features:

• Support for advanced auditing workflow to easily triage findings
• Support for external repositories to retrieve additional component metadata from
• Support for SPDX 3.1 license IDs
• NVD mirroring support for Dependency-Check (and other) clients
• Support for out-of-date version detection (rubygems, maven, and npm)
• Enhanced API to (optionally) autocreate project on bom/scan upload
• Better support for Dependency-Check “relatedDependencies”
• Added individual component metrics (independent of dependency metrics)
• Added per project and per component overview with metrics and refresh support
• Specific table columns can now be sorted with full pagination support
• Improved error logging when issues are encountered during BOM and scan processing
• Enhanced LDAP integration to support strong authentication mechanisms and configurable user formats
• General performance improvements on multi-core machines
• Minor enhancements to user interface

Fixes:

• Fixed defect that prevented paginated results on project tag searches
• Fixed defect affecting GAV identifiers in Dependency-Check Gradle/CLI reports not being in parenthesis

Upgrade Notes:

• The VULNERABILITY_ANALYSIS permission was introduced in this release. Existing users that need the ability to audit findings will need this permission added to their account or through their team membership.
• MySQL now requires ANSI_QUOTES to be added to the SQL mode. Refer to Database Support for details.