Features:
- The ability to manually upload a CycloneDX or SPDX BOM from the user interface
- Optional automated provisioning of LDAP users
- Optional synchronization of team membership based on a users LDAP group membership
- Added API that provides component metadata from a project in CycloneDX format
- Added ability to track the progress of work performed when a BOM is uploaded
- Added tracking of audited and unaudited metrics
- Added ability to add new project version and optionally clone source metadata
- Added ability to search by tag name when displaying projects
- Added checksum generation when publishing a release (backported to 3.2.2)
- The NSP Advisory API has been removed and replaced with the NPM Public Advisory API (backported to v3.2.1)
Fixes:
- Fixed numerous LDAP compatibility issues
- Added additional logging when BOM upload is not in a supported format
Upgrade Notes:
This release of Dependency-Track supports a wide range of LDAP implementations and has been tested with Active Directory, ApacheDS, Fedora 389 Directory, and NetIQ/Novell eDirectory. In order to ensure compatibility, some existing LDAP configuration properties have been changed.
# This property has been removed
alpine.ldap.domain
# This property now refers to the users DN
alpine.ldap.bind.username
# Format now applies only to the value of alpine.ldap.attribute.name.
# Examples have been modified. A users DN is no longer a valid format.
alpine.ldap.auth.username.format
# New properties
alpine.ldap.groups.filter
alpine.ldap.user.groups.filter
alpine.ldap.user.provisioning
alpine.ldap.team.synchronization
See Also:
- Configuration (updated)
- LDAP Configuration (examples)
dependency-track-embedded.war #
| Algorithm | Checksum |
| SHA-1 | 413b47068dd1272f0ea6c4af67dc1465fcf10674 |
| SHA-256 | 5632d6efa8c6ea2633bb767d09c73c4ee68e9319b638ce00da4c422f5123c906 |
dependency-track.war #
| Algorithm | Checksum |
| SHA-1 | 1a8dc64a7535375fdd4ff789eeb9d3635dcba019 |
| SHA-256 | 96e20c0b72e3d8c460dfe3ce2b9aca72c6114492747db9afffca9784c64d23b9 |