- Added support for capturing dependency graphs from CycloneDX SBOMs
- Added dynamic visualization of dependency graphs in user interface
- Added support for services defined in CycloneDX SBOMs
- Added support for CWE v4
- Add support for version policy conditions and version comparisons in the coordinates condition (#390)
- Detail modals for projects, components, services, and vulnerabilities now display the object’s UUID
- Added support for Fortify SSC 20.1 and higher. This fixes a breaking change introduced in SSC 20.1
- Added missing database index to increase performance when a large number of components are in the portfolio
- Fixed multiple issues when cloning projects
- OpenID Connect: To facilitate support for post-login redirects, the valid redirect URIs client setting in IdPs may need to be updated. Refer to the OIDC documentation for details.
- The internal port the frontend container listens on has changed from port 80 to port 8080. docker-compose files may need to be updated to reflect this change. Updated compose files are available for download.
- Starting with Dependency-Track v4.2, the API Server and the Frontend now have the same major and minor (semantic) version. Patch versions however, may continue to be unique.
Software Bill of Materials (SBOM)