Enhancements:
- Add support for ingestion of CycloneDX v1.6 BOMs - apiserver/#3863
- Improve German translation - frontend/#917
- Improve Chinese translation - frontend/#918
Fixes:
- Fix inverted “show inactive” filter in vulnerability audit view - apiserver/#3864
- Fix BOM validation failing when URL contains encoded [and]characters - apiserver/#3866
- Fix external references not being updated via POST /v1/component- apiserver/#3867
- Fix possible XXE injection during CycloneDX validation and parsing - GHSA-7r6q-xj4c-37g4 / apiserver/#3871
For a complete list of changes, refer to the respective GitHub milestones:
We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.
Special thanks to everyone who contributed code to implement enhancements and fix defects:
@2000rosser, @fupgang, @sahibamittal, @zeed-w-beez
dependency-track-apiserver.jar
| Algorithm | Checksum | 
|---|---|
| SHA-1 | 19531d4f02cccf26478b3a63feba355da8726b3f | 
| SHA-256 | 9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b | 
dependency-track-bundled.jar
| Algorithm | Checksum | 
|---|---|
| SHA-1 | 3c4bb658783157ae9c408b8323e25e55c9ab25fd | 
| SHA-256 | 73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100 | 
frontend-dist.zip
| Algorithm | Checksum | 
|---|---|
| SHA-1 | 5c462c69fd18bdcd87dc2c2d757a1eb268e6e679 | 
| SHA-256 | ea747f848de6a6def6f73209d7f43424c6314d09bc8ea37be621be50dbac755b | 
