This release fixes a cross-site scripting (XSS) vulnerability in the frontend. The bundled distribution has been updated to include the fixed frontend version. There are no changes for the API server distribution.
Fixes:
- Resolved a defect that caused HTML tags in vulnerability descriptions to be rendered on the vulnerability details page - #300
Security:
- Fixed a cross-site scripting vulnerability in the vulnerability details page - GHSA-c33w-pm52-mqvf
For a complete list of changes, refer to the respective GitHub milestones:
dependency-track-apiserver.jar
Algorithm | Checksum |
---|---|
SHA-1 | 313b2ee9bd957f8bd2b0baba524044197501b2a9 |
SHA-256 | 7ee92f572cebe6d8d8f9e37ab6067e5849c83c56c98b38a21418557260efbfdc |
dependency-track-bundled.jar
Algorithm | Checksum |
---|---|
SHA-1 | e009cc9345ae5bdb321c651df769a6d02dfc5a67 |
SHA-256 | 0e67de28a99aec1d2e3c4592b42f04e86084129f58f3d338b572fdc5b7064899 |
frontend-dist.zip
Algorithm | Checksum |
---|---|
SHA-1 | 67843f34745d4983da001ca158c0fa6aba814427 |
SHA-256 | f0cb536946117068f26845eee89975e4d7feac0b7c806bae505172e85bfadf76 |