For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
3964cf821761609912487077fa41d513dad37d1a dependency-track-apiserver.jar
8f2aa10424403b2b201d0c48b243ea3bbe458761 dependency-track-bundled.jar
# SHA256
1048a039391992fc36b23433d8987689baca33e68cc2130254787d1a3d1c66cc dependency-track-apiserver.jar
ab47deb0c5be2d947d57cf5862fef714023b4ce4d794ac00a855cf7590eb111e dependency-track-bundled.jar
# SHA512
ded2d415406d082682cf42b4d22da6ead30623a6a9b8c751cd135ba5530367ea3e17b670243c714d972e6a14be8ec5b9a3eeb51c0ea7b46c6332af1a663de08d dependency-track-apiserver.jar
c434e3e29daf6a8d2e8d8a5cb496ebc5e4d3969d0944436d01503fb185d2f1f4f0c49ddc9cdafe832749608262ede7ee946de638e615460454580ed70837707e dependency-track-bundled.jar
What's Changed
Enhancements 🚀
Bug Fixes 🐛
- Backport: Improve vulnerablesoftware cpe normalization performance by @stohrendorf in #5419
- Backport: drop missing entities in case of stale lucene data by @stohrendorf in #5428
- Backport: Fix referential integrity violation in team deletion by @stohrendorf in #5447
- Backport: Fix referential integrity violation in project batch delete by @stohrendorf in #5446
- Backport: Corrected typo in e-mail template method and corrected test. by @stohrendorf in #5434
- Backport: avoid NPEs in ComposerMetaAnalyzer by @stohrendorf in #5519
- Backport: Change toString() of Project to use name and version instead of PURL by @nscuro in #5532
- Backport: Validate description length for PUT /api/v1/project by @nscuro in #5538
Dependency Updates 🤖
- build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.5.1 by @dependabot[bot] in #5475
- build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 by @dependabot[bot] in #5469
- build(deps): bump lib.protobuf-java.version from 4.30.2 to 4.33.0 by @dependabot[bot] in #5472
- build(deps): bump eclipse-temurin from
8234720todb16895in /src/main/docker by @dependabot[bot] in #5466 - build(deps): bump debian from
8810492toa771c85in /src/main/docker by @dependabot[bot] in #5467 - build(deps): bump org.apache.commons:commons-text from 1.13.0 to 1.14.0 by @dependabot[bot] in #5479
- build(deps): bump org.apache.maven:maven-artifact from 3.9.9 to 3.9.11 by @dependabot[bot] in #5480
- build(deps): bump com.microsoft.sqlserver:mssql-jdbc from 12.10.0.jre11 to 12.10.2.jre11 by @dependabot[bot] in #5478
- build(deps-dev): bump net.javacrumbs.json-unit:json-unit-assertj from 4.1.0 to 4.1.1 by @dependabot[bot] in #5485
- build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.6.2 by @dependabot[bot] in #5487
- build(deps): bump debian from
a771c85to17a6a8ain /src/main/docker by @dependabot[bot] in #5484 - build(deps): bump eclipse-temurin from 21.0.8_9-jre-jammy to 21.0.9_10-jre-jammy in /src/main/docker by @dependabot[bot] in #5508
- build(deps): bump debian from
17a6a8atoe024987in /src/main/docker by @dependabot[bot] in #5492 - build(deps-dev): bump com.icegreen:greenmail-junit4 from 2.1.3 to 2.1.7 by @dependabot[bot] in #5493
- build(deps): bump org.apache.maven.plugins:maven-antrun-plugin from 3.1.0 to 3.2.0 by @dependabot[bot] in #5494
- build(deps): bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 by @dependabot[bot] in #5529
- build(deps): bump org.cyclonedx:cyclonedx-core-java from 11.0.0 to 11.0.1 by @dependabot[bot] in #5528
- build(deps): bump eclipse-temurin from
8c18c36to2843f15in /src/main/docker by @dependabot[bot] in #5527 - build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.24.1 to 1.27.0 by @dependabot[bot] in #5470
- Backport: Bump bundled frontend to 4.13.6 by @nscuro in #5545
- Backport: Bump Alpine to 3.4.0 by @nscuro in #5547
Other Changes
- Backport: Fix link for Sonatype OSS Index Analyzer by @nscuro in #5531
- Backport: Add sbomify to list of community integrations by @nscuro in #5536
- Add changelog for v4.13.6 by @nscuro in #5546
Full Changelog: 4.13.5...4.13.6