Features:

• Configurable notifications of new vulnerabilities, vulnerable dependencies, analysis decision changes, and system events
• Added Slack, Microsoft Teams, Outbound Webhook, Email, and system console notification publishers
• Replaced NSP Check API with NPM Audit API
• Added support for Sonatype OSS Index
• Updated SPDX license IDs to v3.2
• General improvements in logging when error conditions are encountered
• Improvements to Dependency-Check XML report parsing
• Added native CPE 2.2 and 2.3 parsing capability
• Enhanced administrative interface with options for repositories and general configuration
• Updated Java version used in Docker container

Fixes:

• The audit table did not reflect the correct analysis and suppressed data
• Added validation when processing Dependency-Check XML reports containing invalid Maven GAVs
• Corrected issue with NVD mirroring affecting Docker containers and case-sensitive filesystems

Upgrade Notes:

• The PROJECT_CREATION_UPLOAD permission was introduced in this release. Existing API keys that need the ability to dynamically create projects (without providing them full PORTFOLIO_MANAGEMENT permission) will need this permission added to their account or through their team membership.

• The SYSTEM_CONFIGURATION permission was introduced in this release. Existing administrative users that need the ability to perform more general purpose system configurations need to add this permission to their accounts.

• Upgrades to v3.2.0 can be successfully performed from systems running v3.1.x. If a previous version is being used, an upgrade to 3.1.x is required prior to upgrading to v3.2.0.