- Configurable notifications of new vulnerabilities, vulnerable dependencies, analysis decision changes, and system events
- Added Slack, Microsoft Teams, Outbound Webhook, Email, and system console notification publishers
- Replaced NSP Check API with NPM Audit API
- Added support for Sonatype OSS Index
- Updated SPDX license IDs to v3.2
- General improvements in logging when error conditions are encountered
- Improvements to Dependency-Check XML report parsing
- Added native CPE 2.2 and 2.3 parsing capability
- Enhanced administrative interface with options for repositories and general configuration
- Updated Java version used in Docker container
- The audit table did not reflect the correct analysis and suppressed data
- Added validation when processing Dependency-Check XML reports containing invalid Maven GAVs
- Corrected issue with NVD mirroring affecting Docker containers and case-sensitive filesystems
The PROJECT_CREATION_UPLOAD permission was introduced in this release. Existing API keys that need the ability to dynamically create projects (without providing them full PORTFOLIO_MANAGEMENT permission) will need this permission added to their account or through their team membership.
The SYSTEM_CONFIGURATION permission was introduced in this release. Existing administrative users that need the ability to perform more general purpose system configurations need to add this permission to their accounts.
Upgrades to v3.2.0 can be successfully performed from systems running v3.1.x. If a previous version is being used, an upgrade to 3.1.x is required prior to upgrading to v3.2.0.