This release fixes various defects in the API server.
There are no changes for the frontend, the latest version of it remains 4.10.0.
NVD Data Feed Retirement Update:
The NVD has announced that retirement of the legacy data feeds has been delayed until further notice. Dependency-Track users who:
- ran into issues with the new NVD REST API integration, or
- did not have the time yet to migrate
can safely continue consuming the legacy feeds, or switch back to it.
Fixes:
- Fix alert rules not working for projects where the
ACTIVEcolumn isNULL- apiserver/#3306 - Fix NPE in version distance policy evaluation when project has no direct dependencies - apiserver/#3308
- Fix
ClassCastExceptionwhen updating an existingProjectMetadata#authorsfield - apiserver/#3312 - Fix NPE in GitHub repository metadata analysis for components without version - apiserver/#3315
- Fix last modified timestamp for NVD mirroring via REST API not taking effect until restart - apiserver/#3323
For a complete list of changes, refer to the respective GitHub milestones:
We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.
Special thanks to everyone who contributed code to implement enhancements and fix defects:
@jadyndev
dependency-track-apiserver.jar #
| Algorithm | Checksum |
|---|---|
| SHA-1 | 1d728ce1788e5db8b3a9308338a9e7e8ab5af12e |
| SHA-256 | e30731cd1915d3a1578cf5d8c8596d247fb11a82a3fe4c1ba2fb9fad01667aef |
dependency-track-bundled.jar #
| Algorithm | Checksum |
|---|---|
| SHA-1 | be32e1bc64d0b9b8019e340717d4ae3c12442ecd |
| SHA-256 | ffa0ab6dc9be894d0887ca3e10c4ffe3a333305d98de940413fcdbb05e2bcebd |
Software Bill of Materials (SBOM) #
- API Server: bom.json