For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
f38abe7b93f7cb88f3bba4c78c30a9ce7dc45c0d dependency-track-apiserver.jar
5aea8e0662f8aa4d9e53b52c14367c5345602e34 dependency-track-bundled.jar
# SHA256
bf55097e63b46ed16042024636b855f676ba67e6e5824e7da80f3cec863a3f77 dependency-track-apiserver.jar
4a373de4d5aca924fb533ebfc7e1eb4fb5a249d81c948bd367a52fa53125a610 dependency-track-bundled.jar
# SHA512
ac6f680fb0db71621ad3a3aa8a7ea4bbab54feadc376fc86e236474cc9aa3457f021ea8005044b064f0d616c060ed89f51d8f84c0710805e2db9146f1f32b492 dependency-track-apiserver.jar
d93e02459d3d7026356424a903c226408ca1397844db8fa9786f18375f9f00af6e148800dd96b8405330d6cd455c1b55d43eaf311a97511d8bf9db64dc8e99dc dependency-track-bundled.jar
What's Changed
Enhancements 🚀
- Backport: Make OSS Index credentials required by @nscuro in #5351
- Backport: Bump SPDX license list to 3.27.0 by @nscuro in #5356
Bug Fixes 🐛
- Backport: Make CPE matching case-insensitive by @stohrendorf in #5299
- Backport: improve detection if version is commit sha or release tag for github purl by @nscuro in #5350
- Backport: only return tags directly associated with a policy by @nscuro in #5353
- Backport: Check for non-empty timestamp files in doDownload of NistMirrorTask by @nscuro in #5354
- Backport: Fix NullPointerException in GithubMetaAnalyzer when analyzing GitHub Actions by @nscuro in #5359
- Backport: download OSV mirror files to temp files to keep connection lifetime short by @nscuro in #5360
- Backport: NuGet Analyzer Improvements by @nscuro in #5381
Dependency Updates 🤖
- Backport: Bump open-vulnerability-clients to 9.0.1 by @nscuro in #5352
- Backport: Bump cyclonedx-core-java to 11.0.0 by @nscuro in #5355
- Backport: Bump Alpine to 3.3.0 by @nscuro in #5357
- Backport: Bump bundled frontend to 4.13.5 by @nscuro in #5384
Other Changes
Full Changelog: 4.13.4...4.13.5