github DependencyTrack/dependency-track 4.12.2
on GitHub

15 days ago

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone. 

# SHA1
114d6a9f8b87a307be324f155daf3454dcc269bb  dependency-track-apiserver.jar
a15db1b85d0ac29977724deb3f9a65428c929d39  dependency-track-bundled.jar
# SHA256
ef6bb4ce3ebea410b620a91cf8347ab1e95c32b3f166103c749ece97f4098591  dependency-track-apiserver.jar
a8aba7cd926de3deeea31290be830ee90282128f1820fddde3ec8b346bba1bdd  dependency-track-bundled.jar
# SHA512
c2fc89377de194af70dab631b2f385f9e9cac93b140916e795a4b43bf7f3d7091ef64b64614bc1935282f23d9f7e3ba40dc41d2c98fa33167d62b409f75c79d8  dependency-track-apiserver.jar
684666c5b5456609d4694c5ce8b793bf64a49b77219784954ec6d5a6abe38895a2637f3644ca9197061fdc4e4ba203e3699849b656730d5eb52649a11cb685bb  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

  • Backport: Reduce memory usage of metrics update tasks by @nscuro in #4377

Bug Fixes 🐛

  • Backport: Fix CPE matching for NVD mirroring via REST API by @nscuro (original change by @calderonth) in #4378
  • Backport: Fix incorrect CWE schema in OpenAPI spec by @nscuro (original change by @fupgang) in #4379
  • Backport: Fix NullPointerException when fetching findings by @nscuro in #4380
  • Backport: Fix policy evaluation not happening upon creation or update of individual components by @nscuro (original change by @fupgang) in #4381
  • Backport: Fix nullable metrics fields having getters of primitive type by @nscuro in #4382
  • Backport: Fix Trivy analyzer vulnerability matching for Go packages by @nscuro in #4395
  • Backport: Move GHSA notification logic outside recursion by @nscuro (original change by @antoinbo) in #4417
  • Backport: Add cyclonedx json media type when exporting components by @nscuro (original change by @wratner) in #4420
  • Backport: Fix NPE when cloning projects with broken dependency graph by @nscuro in #4419
  • Backport: Fix project.active being nullable by @nscuro in #4418
  • Fix incompatibility of swagger-core with newer jackson-databind versions by @nscuro in #4442

Dependency Updates 🤖

Other Changes

Full Changelog: 4.12.1...4.12.2

Check out latest releases or
releases around DependencyTrack/dependency-track 4.12.2

Don't miss a new dependency-track release

NewReleases is sending notifications on new releases.

Get notifications