Dependency-Track logov4.3

Features:

Fixes:

Security:

Portfolio ACL logic has been implemented. In its current form, Portfolio Access Control is a beta feature in v4.3. As a result, the project will not treat bypass or absent ACL logic as a security defect. There are a few known gaps in ACL logic that will exist in v4.3. These gaps are tracked in #1127.

ACL logic covers:

The user interface clearly states that Portfolio Access Control is beta. By default, Portfolio Access Control is disabled.

Upgrade Notes:

dependency-track-apiserver.jar
Algorithm Checksum
SHA-1 1c19a467705631c3c4449fa3f95c9d4a73d26caa
SHA-256 34e0cc69eb6934d9e25573d29870cefce75d07d97fb06d58e8830f566256e1dc
dependency-track-bundled.jar
Algorithm Checksum
SHA-1 3e3a9edb9a9077fc5e2b2634f5967d1a61b0e1cb
SHA-256 78c5a7acf02d5d5f7231c444fdc58b38f12ebec20453c51106200ca0d644b387
Software Bill of Materials (SBOM)

bom.json bom.xml