Features:
- Added support for vulnerabilities in policy violations
- Added Packagist (PHP Composer) repository support
- Added Rust Cargo repository support
- Added integration support for DefectDojo
- Added the addition of a notes field for components
- Updated Java requirements to Java 11
Fixes:
- Fixed issue that prevented SWID tag ID from being persisted when BOMs were consumed
- Added prevention that should detect future occurrences pagination of the NPM Advisory API not working
Security:
Upgrade Notes:
- Support for Java 8 was dropped. API Server now requires Java 11
-
Downloading a CycloneDX BOM for a project now results in the IANA media types in the response header.
application/vnd.cyclonedx+xml
application/vnd.cyclonedx+json
dependency-track-apiserver.war
Algorithm | Checksum |
SHA-1 | ed951e6a1db32b5541b646f7595cce28345c816d |
SHA-256 | e459525d279abef75f0d6cef756636503b1040939778df14decaaca65d284db1 |
dependency-track-bundled.war
Algorithm | Checksum |
SHA-1 | 669955757d9f5fe1e145ac61e761358986697b3d |
SHA-256 | a33f70500087fc6cfa9ffdeba1ac20de474ba28c1572f85337f04765e961f66c |
dependency-track.war
Algorithm | Checksum |
SHA-1 | a2ab12792eebcf420e6f0b07baa4a49bce5e0082 |
SHA-256 | c47fa7e5c2049e1f677b552838b7b5ee6971dfdee942f2e3ce1f0aa708a9dfaa |