- The ability to manually upload a CycloneDX or SPDX BOM from the user interface
- Optional automated provisioning of LDAP users
- Optional synchronization of team membership based on a users LDAP group membership
- Added API that provides component metadata from a project in CycloneDX format
- Added ability to track the progress of work performed when a BOM is uploaded
- Added tracking of audited and unaudited metrics
- Added ability to add new project version and optionally clone source metadata
- Added ability to search by tag name when displaying projects
- Added checksum generation when publishing a release (backported to 3.2.2)
- The NSP Advisory API has been removed and replaced with the NPM Public Advisory API (backported to v3.2.1)
- Fixed numerous LDAP compatibility issues
- Added additional logging when BOM upload is not in a supported format
This release of Dependency-Track supports a wide range of LDAP implementations and has been tested with Active Directory, ApacheDS, Fedora 389 Directory, and NetIQ/Novell eDirectory. In order to ensure compatibility, some existing LDAP configuration properties have been changed.
# This property has been removed
# This property now refers to the users DN
# Format now applies only to the value of alpine.ldap.attribute.name.
# Examples have been modified. A users DN is no longer a valid format.
# New properties