Features:
- Add support for NuGet versioning scheme - apiserver/#5958
- Add support for Composer versioning scheme - apiserver/#5963
- Document age and version distance operational policy criteria - apiserver/#5964
- Use ecosystem-aware version comparison for latest version detection - apiserver/#5995
- Support Sonatype Guide tokens for OSS Index analyzer - apiserver/#5996
- Improve Chinese translations - frontend/#1490
Fixes:
- Fix PURL-specific version matching being bypassed for components with CPE - apiserver/#5959
- Fix wasteful existence queries - apiserver/#5960
- Fix potentially wrong version being used for CPE comparison - apiserver/#5962
- Fix scheduled notification query failing when ID columns are not of type BIGINT - apiserver/#5979
- Avoid NPE when computing Trivy pkgType - apiserver/#5987
- Remove leading whitespace from vulnerability badge SVG template - apiserver/#6000
- Fix Japanese Trivy analyzer strings - frontend/#1489
For a complete list of changes, refer to the respective GitHub milestones:
We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.
Special thanks to everyone who contributed code to implement enhancements and fix defects:
@Zureno, @jonbally, @retanoj, @shayFoo, @stohrendorf
dependency-track-apiserver.jar
| Algorithm | Checksum |
|---|---|
| SHA-1 | 750b0c768208d7c6b7e32e8f1a7500eb94788069 |
| SHA-256 | 142bdfa36defffc2304d03f9ef7ecd162f1185dcbc00933a73529cac7f12980c |
dependency-track-bundled.jar
| Algorithm | Checksum |
|---|---|
| SHA-1 | 61eac5828458dfea46507c26f3384bb452ebeefe |
| SHA-256 | 6cedc727a3f8eb2343397e50a1b5515a99c2a361b7c55aa60dbeff85c1f4af2d |
frontend-dist.zip
| Algorithm | Checksum |
|---|---|
| SHA-1 | a08b4280aad4e9946908ca6fd05e1fbc0ad0f1af |
| SHA-256 | e13d9b729d2082fcfb440bc1deb6f373290d1ead414447d8834368b4dbceec27 |