Bundled frontend: v1.0.0
Features:
- New user interface based on Vue.js and Bootstrap.
- User interface can optionally be deployed and upgraded independently of the Dependency-Track server.
- Package repositories are now configurable.
- Package repositories can now be identified as ‘internal’. Components identified as ‘internal’ will be analyzed using internal repositories.
- Added additional logging and notifications for OSS Index and NPM Audit analyzers.
- Added the ability to publish system notifications when vulnerability analyzers encounter communication or other errors.
- Added several occurrences of counts for various items throughout the UI.
Fixes:
- Corrected the percentage value of findings audited.
- Fixed URL to Maven Central which prevented the MavenMetaAnalyzer from retrieving component metadata.
- Changed logging behavior when internal components are identified.
- Improved accuracy of internal CPE analyzer which may have lead to false negatives in some situations.
- Fixed issue where the CPE value defined in a BOM was not being persisted if the component previously existed.
- Fixed issue which prevented the HexMetaAnalyzer from executing preventing it from retrieving component metadata for Erlang or Elixir components.
Security:
- All Dependency-Track server releases now include a complete CycloneDX software bill-of-materials.
- Added missing permission checks to repository API endpoints.
Upgrade Notes:
- The
nist
andindex
directories inside the Dependency-Track data directory will be deleted upon upgrade. This will force the NVD to be downloaded and reprocessed and the indexes to be rebuilt. - The internal vulnerable software dictionary, generated automatically from the NVD, will be wiped upon upgrade. This will take several minutes to complete and should not be interrupted.
dependency-track-embedded.war
Algorithm | Checksum |
SHA-1 | 091627dfa144a1313bf9090d8f67b4760e635b23 |
SHA-256 | 56674c40da9dc4277b6c8238d0dc6cc28bdf3b4cc51b7b845606b1a2c149070b |
dependency-track.war
Algorithm | Checksum |
SHA-1 | 1db04afbc1b66421dd6fe0db816ec14362b895d1 |
SHA-256 | 9fd73c4ea24352b6165106c1d5a1b88bd43ea9e6ba0e15a733a217a59d7bd268 |