Features:
- Added support for capturing dependency graphs from CycloneDX SBOMs
- Added dynamic visualization of dependency graphs in user interface
- Added support for services defined in CycloneDX SBOMs
- Added support for CWE v4
- Add support for version policy conditions and version comparisons in the coordinates condition (#390)
- Detail modals for projects, components, services, and vulnerabilities now display the object’s UUID
Fixes:
- Added support for Fortify SSC 20.1 and higher. This fixes a breaking change introduced in SSC 20.1
- Added missing database index to increase performance when a large number of components are in the portfolio
- Fixed multiple issues when cloning projects
Security:
Upgrade Notes:
- OpenID Connect: To facilitate support for post-login redirects, the valid redirect URIs client setting in IdPs may need to be updated. Refer to the OIDC documentation for details.
- The internal port the frontend container listens on has changed from port 80 to port 8080. docker-compose files may need to be updated to reflect this change. Updated compose files are available for download.
- Starting with Dependency-Track v4.2, the API Server and the Frontend now have the same major and minor (semantic) version. Patch versions however, may continue to be unique.
dependency-track-apiserver.war #
| Algorithm | Checksum |
| SHA-1 | f1776e778405b5f6be2903d317463a74153c5319 |
| SHA-256 | a47a3073def269e810d53de781cd7c22620e94ca80df3f781d528a7a5fe4c779 |
dependency-track-bundled.war #
| Algorithm | Checksum |
| SHA-1 | c3c2f931cc4f835eddd0013a885e13c16f990ea9 |
| SHA-256 | 7d61818c281c6540ff4273d4d4c5d9d6e63b86b55f13e92fca7ba2921613800c |
dependency-track.war #
| Algorithm | Checksum |
| SHA-1 | 1634d6cf94761d3b0839f4b4a4d9fdd53d314ba6 |
| SHA-256 | 792dc2adcc33c936629d014dacca8965d001bd1d236893df50dc88dc332d4d21 |