Fixes:

• Fix possible NPEs during tag binding - apiserver/#4595
• Fix false negatives in CPE matching for ANY and NA versions - apiserver/#4612
• Refactor VulnerabilityAnalysisTask to be more efficient - apiserver/#4625
• Refactor VulnerabilityManagementUploadTask to be more efficient - apiserver/#4626
• Bump Temurin base image to 21.0.6_7 - apiserver/#4628
• Fix erroneous URL-encoding of the Maven groupId - apiserver/#4629
• Handle invalid CVSS vectors and processing failures for OSV - apiserver/#4638
• Fix broken ordering by SWID Tag ID in component search view - frontend/#1155

For a complete list of changes, refer to the respective GitHub milestones:

• API server milestone 4.12.4
• Frontend milestone 4.12.4

We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.

dependency-track-apiserver.jar

Algorithm	Checksum
SHA-1	6467242cb3ce65fb128ded6e4d40bd45bf3c74f3
SHA-256	9abd2ec5091645779d1eecbcad0ed78c4175565fe93eddce8b600113fe66f476

dependency-track-bundled.jar

Algorithm	Checksum
SHA-1	a27297edf0da4d208c3b89d31fcd441958767e48
SHA-256	fe490211de5988fb651a8e869e36d46c33caca030b26a61172e9fc49b0d94404

frontend-dist.zip

Algorithm	Checksum
SHA-1	182da8ebc1cde3a5ca89db6649afdd19be4f63a4
SHA-256	bf2cb6079d36b113645f4c9dd31441bbcdd188b7a003f05947569007ff9d4713

Software Bill of Materials (SBOM)

• API Server: bom.json
• Frontend: bom.json