This release fixes various defects in the API server.
There are no changes for the frontend, the latest version of it remains 4.10.0.
NVD Data Feed Retirement Update:
The NVD has announced that retirement of the legacy data feeds has been delayed until further notice. Dependency-Track users who:
- ran into issues with the new NVD REST API integration, or
- did not have the time yet to migrate
can safely continue consuming the legacy feeds, or switch back to it.
- Fix alert rules not working for projects where the
- Fix NPE in version distance policy evaluation when project has no direct dependencies - apiserver/#3308
ClassCastExceptionwhen updating an existing
ProjectMetadata#authorsfield - apiserver/#3312
- Fix NPE in GitHub repository metadata analysis for components without version - apiserver/#3315
- Fix last modified timestamp for NVD mirroring via REST API not taking effect until restart - apiserver/#3323
For a complete list of changes, refer to the respective GitHub milestones:
We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.
Special thanks to everyone who contributed code to implement enhancements and fix defects:
Software Bill of Materials (SBOM) #
- API Server: bom.json