DependencyTrack/dependency-track 4.14.0

on GitHub

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
a06d7f57876befc80b6653fcc44b321958388f12  dependency-track-apiserver.jar
6573a4522dd84520859ab951d86d8a9e4dd43fb2  dependency-track-bundled.jar
# SHA256
2e3d5bcfb7b5d4ad4daf789bc5ca3802ef05d012c516090e8bc5323f46585f53  dependency-track-apiserver.jar
a8edd7c94ba811bae73d9213d769687c493e1bd95435dbe39dfeee28ff1f8008  dependency-track-bundled.jar
# SHA512
67c4c949d33cc9f8a421063cba03c6c437598fbca187963c168bba7db9cb8944b58d622c0430baa81cbdff127ec7611e2d9ddb97683efcfd5b617301c8b912a4  dependency-track-apiserver.jar
c877cab44769763a8a3db85abe47a6bd297b17e756d81971dc72a58bdf53d58eb0e1514683cf894f13e2d9e4fa230ccf773bc5f379a0c5e6ddc6195ef317ecf3  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

• Convert tests to JUnit 5 by @stohrendorf in #4832
• Make POLICY_VIOLATION emails more informative by @kacper-uminski in #4935
• handleRequestException: add baseUrl to log by @rseleven in #4857
• Classify GPL with CPE as weak copyleft by @marschall in #4942
• switch cvss handling to metaeffekt by @stohrendorf in #4968
• docs: More specific description of BOM upload by @jakub-bochenski in #4876
• Add Alpine-based container image variants by @nscuro in #5051
• Various Maven build tweaks by @nscuro in #5052
• Create pr-detect-merge-conflicts GitHub workflow by @valentijnscholten in #4516
• Remove system requirements check; Lower resource requirements by @nscuro in #5058
• Extract JRE creation with jlink into separate script by @nscuro in #5059
• Implement Version Parameter when exporting BOM's by @noevembr in #5073
• feat: support configurable match mode for internal component regex (AND/OR) by @ch8matt in #5066
• feat(findings): Add EPSS filtering support to findings API by @marineotter in #5094
• Migrate to NVD 2.0 data feeds by @nscuro in #5226
• Test performance improvements by @stohrendorf in #4901
• Make OSS Index credentials required by @framayo in #5287
• Add Support for CycloneDX Scope Data by @anantk24 in #5224
• Bump SPDX license list to 3.27.0 by @nscuro in #5338
• Run Dependabot on latest release branch by @nscuro in #5465
• Include project UUID in log messages. by @ElenaStroebele in #5500
• Added projectUuid via MDC to logger statements within VEX upload. by @ElenaStroebele in #5615
• Implemented VERS approach for PURL version matching with VERSATILE. by @ElenaStroebele in #5591
• Incremental updates for OsvDownloadTask by @jonbally in #5537
• Add Repository Bearer Authentication by @valentijnscholten in #4483
• Dockerfile tweaks by @nscuro in #5657
• Add configurable base URL for OSS Index API by @brianf in #5736
• feat(policy): add Internal Status policy condition support by @ch8matt in #5570
• Various tweaks for OSS Index analyzer by @nscuro in #5793
• Switch to G1GC and limit default Docker Compose memory to 4GB by @nscuro in #5794
• Update Trivy protos by @nscuro in #5861
• Tweak vulnerability persistence logic by @nscuro in #5862
• Add CVSSv4 support by @nscuro in #5863
• feat: add EPSS score support for GitHub Advisory (GHSA) vulnerabilities by @valentijnscholten in #5829
• Include CVSS vectors and metadata in Finding model by @AndreVirtimo in #5844
• Bump SPDX license list to v3.28.0 by @nscuro in #5888
• Bump CWE dictionary to v4.19.1 by @nscuro in #5889

Bug Fixes 🐛

• Fix NEW_VULNERABILITIES_SUMMARY notification dispatch failing for PostgreSQL by @nscuro in #4829
• Fix team email addresses not being available when publishing scheduled notification emails by @nscuro in #4845
• Prevent duplicate tag names and relationships by @nscuro in #4837
• Fix missing NONE value in classifier check constraint by @nscuro in #4884
• Fix tag deletion failing when tag is used by project collection logic by @nscuro in #4858
• Fix failing v4.13.1 migration for MSSQL deployments that pre-date v4.11.0 by @nscuro in #4907
• Fix summary notifications not sent when "skip if unchanged" is enabled by @nscuro in #4910
• Align naming of isLatest parameter between PUT and POST endpoints for BOM upload by @snieguu in #4905
• Add Metrics update trigger after cloning a project by @joshcrispo in #4806
• Enable source filtering in SARIF format for /finding/project/{UUID} by @snieguu in #4949
• Add apiserver health check to Compose files by @nscuro in #5034
• Handle dangling SPDX expression operators by @nscuro in #5033
• Improve Composer meta analyzer's ability to deal with minified metadata by @ch8matt in #5019
• Add whitespace sanitization in fuzzySearch CPE to fix CPE validation errors by @jonbally in #5061
• Fix too many query parameters when retrieving vuln aliases by @nscuro in #5101
• Fix failing v4.13.1 migration for H2 deployments that pre-date v4.11.0 by @nscuro in #5100
• Fix Issue#5105: OSV Ubuntu advisory contains severity without type (ubuntu priority) by @jonbally in #5106
• Ensure VulnerableSoftware query is able to leverage indexes by @nscuro in #5134
• Fix BOM export failing for projects of type NONE by @nscuro in #5148
• Bulk load component relationships for BOM export by @nscuro in #5147
• Fix inverted component matching by @stohrendorf in #5160
• Fix failing TrivyAnalysisTaskIntegrationTest by @nscuro in #5231
• Handle URLs in composer package metadata pattern by @nscuro in #5233
• Fix inconsistent ordering in findings endpoints by @nscuro in #5245
• Fix failing Trivy OS matching for distro versions with special characters by @nscuro in #5248
• fix null when NuGet package has only pre-released versions by @snieguu in #5264
• improve detection if version is commit sha or release tag for github purl by @snieguu in #5265
• Fix NullPointerException in GithubMetaAnalyzer when analyzing GitHub Actions by @emil-wire in #5275
• Make CPE matching case-insensitive by @stohrendorf in #5280
• fix #5291: v4135Updater SQL query by @muellerst-hg in #5292
• return only tags of the policy itself by @stohrendorf in #5314
• Check for non-empty timestamp files in doDownload of NistMirrorTask by @jonbally in #5323
• download OSV mirror files to temp files to keep connection lifetime short by @stohrendorf in #5310
• Fix referential integrity violation in project batch delete by @arjavdongaonkar in #5395
• Fix referential integrity violation in team deletion by @arjavdongaonkar in #5402
• drop missing entities in case of stale lucene data by @stohrendorf in #5408
• improve vulnerablesoftware cpe normalization performance by @stohrendorf in #5418
• fix sneaky double quote by @stohrendorf in #5420
• Corrected typo in e-mail template method and corrected test. by @ElenaStroebele in #5412
• PUT oidc/mapping should be idempotent by @snieguu in #4966
• Changed the toString() method for project objects. by @ElenaStroebele in #5438
• fix link for Sonatype OSS Index Analyzer by @arjavdongaonkar in #5444
• fix: validate description length for PUT /api/v1/project by @snieguu in #5455
• Fix NPEs in ComposerMetaAnalyzer by @stohrendorf in #5513
• fix: add correct UTF-8 encoding to notification payload by @snieguu in #5574
• Fix excessive memory usage of Nix analyzer by @nscuro in #5653
• Fix wrong NPM component coordinate separator for Trivy analysis by @arjavdongaonkar in #5679
• Fall back to generic versioning scheme if no PURL is available by @nscuro in #5714
• fix: performance issue with PURL lookups #5710 by @WoozyMasta in #5711
• Fix incorrect URL for VulnDB analyzer by @nscuro in #5751
• Ensure container zombie processes are reaped by @nscuro in #5758
• Fix singleton events not being labelled as such by @nscuro in #5775
• Fix flaky SnykAnalysisTaskTest by @nscuro in #5859
• Consider OS distro during vulnerability matching by @nscuro in #5783

Dependency Updates 🤖

• Bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot[bot] in #4822
• Bump debian from 70b337e to 00a24d7 in /src/main/docker by @dependabot[bot] in #4825
• Bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in #4839
• Bump actions/setup-java from 4.7.0 to 4.7.1 by @dependabot[bot] in #4838
• Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 by @dependabot[bot] in #4836
• Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.24.1 to 1.24.2 by @dependabot[bot] in #4853
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4 by @dependabot[bot] in #4878
• Bump org.testcontainers:testcontainers from 1.20.6 to 1.21.0 by @dependabot[bot] in #4872
• Bump Temurin base image to 21.0.7 by @nscuro in #4883
• Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.24.2 to 1.25.0 by @dependabot[bot] in #4896
• Bump debian from 00a24d7 to 88f88a2 in /src/main/docker by @dependabot[bot] in #4898
• Bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #4891
• Bump docker/build-push-action from 6.15.0 to 6.16.0 by @dependabot[bot] in #4890
• Bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in #4892
• Bump bundled frontend to 4.13.1 by @nscuro in #4902
• Bump io.github.ascopes:protobuf-maven-plugin from 3.1.2 to 3.1.3 by @dependabot[bot] in #4917
• Bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.19 to 12.0.20 by @dependabot[bot] in #4918
• Bump io.github.jeremylong:open-vulnerability-clients from 7.3.2 to 8.0.0 by @dependabot[bot] in #4916
• Bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #4915
• Bump bundled frontend to 4.13.2 by @nscuro in #4930
• Bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @dependabot[bot] in #4943
• Bump net.javacrumbs.json-unit:json-unit-assertj from 4.1.0 to 4.1.1 by @dependabot[bot] in #4941
• Bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.20 to 12.0.21 by @dependabot[bot] in #4946
• Bump io.github.ascopes:protobuf-maven-plugin from 3.1.3 to 3.2.0 by @dependabot[bot] in #4947
• Bump org.json:json from 20250107 to 20250517 by @dependabot[bot] in #4969
• Bump docker/build-push-action from 6.16.0 to 6.17.0 by @dependabot[bot] in #4972
• Bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #4971
• Bump io.github.ascopes:protobuf-maven-plugin from 3.2.0 to 3.2.1 by @dependabot[bot] in #4970
• Bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @dependabot[bot] in #4973
• Bump lib.protobuf-java.version from 4.30.2 to 4.31.0 by @dependabot[bot] in #4959
• Bump debian from 88f88a2 to b3ef39b in /src/main/docker by @dependabot[bot] in #4982
• Bump io.github.ascopes:protobuf-maven-plugin from 3.2.1 to 3.2.2 by @dependabot[bot] in #4980
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5 by @dependabot[bot] in #4987
• Bump lib.protobuf-java.version from 4.31.0 to 4.31.1 by @dependabot[bot] in #5003
• Bump io.github.ascopes:protobuf-maven-plugin from 3.2.2 to 3.3.1 by @dependabot[bot] in #5004
• Bump org.codehaus.mojo:exec-maven-plugin from 3.5.0 to 3.5.1 by @dependabot[bot] in #4999
• Bump io.github.ascopes:protobuf-maven-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #5011
• Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 by @dependabot[bot] in #5010
• Bump org.testcontainers:testcontainers from 1.21.0 to 1.21.1 by @dependabot[bot] in #5007
• Bump docker/build-push-action from 6.17.0 to 6.18.0 by @dependabot[bot] in #5009
• Bump org.apache.maven:maven-artifact from 3.9.9 to 3.9.10 by @dependabot[bot] in #5029
• Bump io.github.ascopes:protobuf-maven-plugin from 3.4.0 to 3.4.1 by @dependabot[bot] in #5028
• Bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.21 to 12.0.22 by @dependabot[bot] in #5022
• Bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by @dependabot[bot] in #5036
• Bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in #5035
• Bump debian from b3ef39b to 50db38a in /src/main/docker by @dependabot[bot] in #5039
• Bump io.github.ascopes:protobuf-maven-plugin from 3.4.1 to 3.4.2 by @dependabot[bot] in #5055
• Bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot[bot] in #5056
• Bump org.testcontainers:testcontainers from 1.21.1 to 1.21.2 by @dependabot[bot] in #5067
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot[bot] in #5069
• Bump com.microsoft.sqlserver:mssql-jdbc from 12.10.0.jre11 to 12.10.1.jre11 by @dependabot[bot] in #5072
• Bump io.github.ascopes:protobuf-maven-plugin from 3.4.2 to 3.6.0 by @dependabot[bot] in #5080
• Bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #5081
• Bump debian from 50db38a to 7e0b7fe in /src/main/docker by @dependabot[bot] in #5085
• Bump org.metaeffekt.core:ae-security from 0.138.0 to 0.140.0 by @dependabot[bot] in #5082
• build(deps-dev): bump org.testcontainers:testcontainers from 1.21.2 to 1.21.3 by @dependabot[bot] in #5091
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.22 to 12.0.23 by @dependabot[bot] in #5097
• build(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #5103
• build(deps): bump alpine from 8a1f59f to 4bcff63 in /src/main/docker by @dependabot[bot] in #5119
• build(deps): bump org.apache.maven:maven-artifact from 3.9.10 to 3.9.11 by @dependabot[bot] in #5120
• build(deps): bump org.metaeffekt.core:ae-security from 0.140.0 to 0.141.0 by @dependabot[bot] in #5115
• build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.3 to 2.1.4 by @dependabot[bot] in #5112
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.6.0 to 3.6.1 by @dependabot[bot] in #5125
• build(deps): bump debian from 7e0b7fe to 377ddc2 in /src/main/docker by @dependabot[bot] in #5124
• build(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by @dependabot[bot] in #5104
• build(deps): bump org.apache.commons:commons-text from 1.13.1 to 1.14.0 by @dependabot[bot] in #5138
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.25.0 to 1.25.2 by @dependabot[bot] in #5114
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #5153
• build(deps): bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 by @dependabot[bot] in #5156
• build(deps): bump org.metaeffekt.core:ae-security from 0.141.0 to 0.141.2 by @dependabot[bot] in #5151
• Bump PostgreSQL JDBC driver to 42.7.7 by @nscuro in #5170
• Bump bundled frontend to 4.13.3 by @nscuro in #5183
• build(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #5186
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.6.1 to 3.7.0 by @dependabot[bot] in #5189
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.23 to 12.0.24 by @dependabot[bot] in #5191
• build(deps): bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #5198
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #5199
• build(deps): bump docker/login-action from 3.4.0 to 3.5.0 by @dependabot[bot] in #5201
• build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.4 to 2.1.5 by @dependabot[bot] in #5200
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.25.2 to 1.25.3 by @dependabot[bot] in #5207
• build(deps): bump org.metaeffekt.core:ae-security from 0.141.2 to 0.142.0 by @dependabot[bot] in #5209
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #5230
• build(deps): bump github/codeql-action from 3.29.8 to 3.29.11 by @dependabot[bot] in #5229
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.7.0 to 3.8.1 by @dependabot[bot] in #5227
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.0.24 to 12.1.0 by @dependabot[bot] in #5219
• build(deps): bump actions/setup-java from 4.7.1 to 5.0.0 by @dependabot[bot] in #5235
• Bump angus-mail to 2.0.4 by @nscuro in #5237
• Bump commons-lang3 to 3.18.0 by @nscuro in #5238
• Bump Temurin base image to 21.0.8_9 by @nscuro in #5239
• build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by @dependabot[bot] in #5228
• build(deps): bump debian from 377ddc2 to 8810492 in /src/main/docker by @dependabot[bot] in #5206
• Bump bundled frontend to 4.13.4 by @nscuro in #5252
• build(deps): bump com.microsoft.sqlserver:mssql-jdbc from 12.10.1.jre11 to 13.2.0.jre11 by @dependabot[bot] in #5250
• build(deps): bump lib.protobuf-java.version from 4.31.1 to 4.32.0 by @dependabot[bot] in #5258
• build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0 by @dependabot[bot] in #5271
• build(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 by @dependabot[bot] in #5268
• build(deps): bump org.metaeffekt.core:ae-security from 0.142.0 to 0.143.0 by @dependabot[bot] in #5267
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.8.1 to 3.8.2 by @dependabot[bot] in #5270
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.8.2 to 3.9.0 by @dependabot[bot] in #5276
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.0 to 12.1.1 by @dependabot[bot] in #5281
• build(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 by @dependabot[bot] in #5282
• build(deps): bump github/codeql-action from 3.29.11 to 3.30.1 by @dependabot[bot] in #5283
• build(deps): bump debian from 8810492 to 0c80836 in /src/main/docker by @dependabot[bot] in #5289
• build(deps): bump org.metaeffekt.core:ae-security from 0.143.0 to 0.144.0 by @dependabot[bot] in #5288
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 8.0.0 to 9.0.0 by @dependabot[bot] in #5298
• build(deps): bump lib.protobuf-java.version from 4.32.0 to 4.32.1 by @dependabot[bot] in #5297
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.0 to 9.0.1 by @dependabot[bot] in #5300
• build(deps): bump github/codeql-action from 3.30.1 to 3.30.3 by @dependabot[bot] in #5302
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.9.0 to 3.9.1 by @dependabot[bot] in #5301
• build(deps): bump com.fasterxml.woodstox:woodstox-core from 7.0.0 to 7.1.1 by @dependabot[bot] in #5308
• build(deps): bump jakarta.validation:jakarta.validation-api from 3.0.2 to 3.1.1 by @dependabot[bot] in #5309
• build(deps): bump org.kohsuke:github-api from 1.323 to 1.330 by @dependabot[bot] in #5311
• build(deps): bump com.puppycrawl.tools:checkstyle from 10.22.0 to 11.0.1 by @dependabot[bot] in #5312
• build(deps): bump org.metaeffekt.core:ae-security from 0.144.0 to 0.144.1 by @dependabot[bot] in #5306
• build(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8 by @dependabot[bot] in #5316
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.25 to 2.1.34 by @dependabot[bot] in #5320
• build(deps): bump org.eclipse.angus:angus-mail from 2.0.4 to 2.0.5 by @dependabot[bot] in #5324
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.24.1 to 1.25.3 by @dependabot[bot] in #5317
• build(deps): bump lib.resilience4j.version from 2.2.0 to 2.3.0 by @dependabot[bot] in #5315
• Bump container images to Java 25 by @nscuro in #5334
• Bump cyclonedx-core-java to 11.0.0 by @nscuro in #5336
• Bump Alpine to 3.3.0 by @nscuro in #5337
• build(deps): bump com.puppycrawl.tools:checkstyle from 11.0.1 to 11.1.0 by @dependabot[bot] in #5344
• build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @dependabot[bot] in #5345
• build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in #5340
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.24.1 to 1.25.3 by @dependabot[bot] in #5347
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.0 by @dependabot[bot] in #5361
• build(deps): bump debian from 0c80836 to d6743b7 in /src/main/docker by @dependabot[bot] in #5365
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1 by @dependabot[bot] in #5362
• build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.5 to 2.1.6 by @dependabot[bot] in #5364
• build(deps): bump org.metaeffekt.core:ae-security from 0.144.1 to 0.145.0 by @dependabot[bot] in #5369
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.9.1 to 3.10.0 by @dependabot[bot] in #5367
• build(deps): bump org.metaeffekt.core:ae-security from 0.145.0 to 0.145.2 by @dependabot[bot] in #5373
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.10.0 to 3.10.1 by @dependabot[bot] in #5377
• build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in #5375
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.0 to 3.6.1 by @dependabot[bot] in #5374
• build(deps): bump docker/login-action from 3.5.0 to 3.6.0 by @dependabot[bot] in #5376
• Bump bundled frontend to 4.13.5 by @nscuro in #5383
• build(deps): bump com.puppycrawl.tools:checkstyle from 11.1.0 to 12.0.0 by @dependabot[bot] in #5394
• build(deps): bump alpine from 4bcff63 to 4b7ce07 in /src/main/docker by @dependabot[bot] in #5389
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.1 to 12.1.2 by @dependabot[bot] in #5388
• build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.6 to 2.1.7 by @dependabot[bot] in #5386
• build(deps): bump github/codeql-action from 3.30.6 to 4.30.8 by @dependabot[bot] in #5397
• build(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in #5399
• build(deps-dev): bump net.javacrumbs.json-unit:json-unit-assertj from 4.1.1 to 5.0.0 by @dependabot[bot] in #5396
• build(deps): bump com.puppycrawl.tools:checkstyle from 11.1.0 to 12.0.1 by @dependabot[bot] in #5398
• build(deps-dev): bump org.testcontainers:testcontainers from 1.21.3 to 2.0.0 by @dependabot[bot] in #5407
• build(deps): bump com.microsoft.sqlserver:mssql-jdbc from 13.2.0.jre11 to 13.2.1.jre11 by @dependabot[bot] in #5404
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.34 to 2.1.35 by @dependabot[bot] in #5403
• build(deps): bump lib.protobuf-java.version from 4.32.1 to 4.33.0 by @dependabot[bot] in #5410
• build(deps): bump org.metaeffekt.core:ae-security from 0.145.2 to 0.146.0 by @dependabot[bot] in #5411
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.25.3 to 1.26.1 by @dependabot[bot] in #5416
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.25.3 to 1.26.1 by @dependabot[bot] in #5415
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.0.1 to 12.1.0 by @dependabot[bot] in #5423
• build(deps): bump debian from d6743b7 to a771c85 in /src/main/docker by @dependabot[bot] in #5429
• build(deps-dev): bump org.testcontainers:testcontainers from 2.0.0 to 2.0.1 by @dependabot[bot] in #5422
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.25.3 to 1.26.1 by @dependabot[bot] in #5436
• build(deps): bump org.apache.maven.plugins:maven-antrun-plugin from 3.1.0 to 3.2.0 by @dependabot[bot] in #5437
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.2 to 12.1.3 by @dependabot[bot] in #5443
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.1 to 3.6.2 by @dependabot[bot] in #5442
• build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #5424
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #5451
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.1.0 to 12.1.1 by @dependabot[bot] in #5449
• build(deps): bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #5450
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #5452
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 3.10.1 to 4.0.0 by @dependabot[bot] in #5453
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.26.1 to 1.27.0 by @dependabot[bot] in #5462
• build(deps): bump org.metaeffekt.core:ae-security from 0.146.0 to 0.147.0 by @dependabot[bot] in #5463
• build(deps): bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #5468
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.26.1 to 1.27.0 by @dependabot[bot] in #5471
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.26.1 to 1.27.0 by @dependabot[bot] in #5474
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 4.0.0 to 4.0.1 by @dependabot[bot] in #5476
• build(deps): bump debian from a771c85 to 17a6a8a in /src/main/docker by @dependabot[bot] in #5483
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 4.0.1 to 4.0.2 by @dependabot[bot] in #5482
• build(deps): bump eclipse-temurin from 25_36-jdk-alpine to 25.0.1_8-jdk-alpine in /src/main/docker by @dependabot[bot] in #5507
• build(deps): bump debian from 17a6a8a to e024987 in /src/main/docker by @dependabot[bot] in #5491
• build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #5506
• build(deps): bump org.cyclonedx:cyclonedx-core-java from 11.0.0 to 11.0.1 by @dependabot[bot] in #5510
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.1.1 to 12.1.2 by @dependabot[bot] in #5514
• build(deps): bump us.springett:cpe-parser from 3.0.0 to 3.0.1 by @dependabot[bot] in #5505
• build(deps): bump lib.protobuf-java.version from 4.33.0 to 4.33.1 by @dependabot[bot] in #5524
• build(deps): bump eclipse-temurin from 9292ea0 to 1f12ca3 in /src/main/docker by @dependabot[bot] in #5526
• build(deps-dev): bump org.testcontainers:testcontainers from 2.0.1 to 2.0.2 by @dependabot[bot] in #5525
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #5544
• build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @dependabot[bot] in #5543
• build(deps): bump lib.alpine.version from 3.3.0 to 3.4.0 by @dependabot[bot] in #5542
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.1 to 9.0.2 by @dependabot[bot] in #5541
• Bump bundled frontend to 4.13.6 by @nscuro in #5540
• build(deps): bump debian from e024987 to 067a7e8 in /src/main/docker by @dependabot[bot] in #5553
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.3 to 12.1.4 by @dependabot[bot] in #5552
• build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #5573
• build(deps): bump github/codeql-action from 4.31.3 to 4.31.4 by @dependabot[bot] in #5572
• build(deps): bump org.metaeffekt.core:ae-security from 0.147.0 to 0.148.0 by @dependabot[bot] in #5571
• build(deps): bump debian from 067a7e8 to 7cb087f in /src/main/docker by @dependabot[bot] in #5563
• build(deps-dev): bump net.javacrumbs.json-unit:json-unit-assertj from 5.0.0 to 5.1.0 by @dependabot[bot] in #5562
• build(deps): bump io.pebbletemplates:pebble from 3.2.4 to 4.0.0 by @dependabot[bot] in #5580
• build(deps): bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in #5585
• build(deps): bump alpine from 3.22 to 3.23 in /src/main/docker by @dependabot[bot] in #5592
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.1.2 to 12.2.0 by @dependabot[bot] in #5588
• build(deps): bump org.metaeffekt.core:ae-security from 0.148.0 to 0.149.0 by @dependabot[bot] in #5579
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 4.0.2 to 4.0.3 by @dependabot[bot] in #5598
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.35 to 2.1.36 by @dependabot[bot] in #5599
• build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #5606
• build(deps): bump github/codeql-action from 4.31.5 to 4.31.7 by @dependabot[bot] in #5605
• build(deps): bump actions/setup-java from 5.0.0 to 5.1.0 by @dependabot[bot] in #5604
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 4.0.3 to 4.1.1 by @dependabot[bot] in #5603
• build(deps): bump lib.protobuf-java.version from 4.33.1 to 4.33.2 by @dependabot[bot] in #5602
• build(deps): bump debian from 7cb087f to 1c25564 in /src/main/docker by @dependabot[bot] in #5611
• build(deps): bump org.apache.commons:commons-text from 1.14.0 to 1.15.0 by @dependabot[bot] in #5610
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.27.0 to 1.27.1 by @dependabot[bot] in #5609
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.27.0 to 1.27.1 by @dependabot[bot] in #5619
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.27.0 to 1.27.1 by @dependabot[bot] in #5618
• build(deps): bump org.eclipse.jetty.ee10:jetty-ee10-maven-plugin from 12.1.4 to 12.1.5 by @dependabot[bot] in #5623
• build(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #5631
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 by @dependabot[bot] in #5629
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.2.0 to 12.3.0 by @dependabot[bot] in #5627
• build(deps): bump dessant/lock-threads from 4.0.1 to 6.0.0 by @dependabot[bot] in #5628
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #5630
• build(deps-dev): bump com.icegreen:greenmail-junit5 from 2.1.7 to 2.1.8 by @dependabot[bot] in #5634
• build(deps): bump alpine from 51183f2 to 865b95f in /src/main/docker by @dependabot[bot] in #5638
• build(deps): bump org.apache.maven:maven-artifact from 3.9.11 to 3.9.12 by @dependabot[bot] in #5635
• build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #5645
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3 by @dependabot[bot] in #5643
• build(deps): bump debian from 1c25564 to 449673e in /src/main/docker by @dependabot[bot] in #5649
• build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #5644
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.36 to 2.1.37 by @dependabot[bot] in #5647
• build(deps): bump io.pebbletemplates:pebble from 4.0.0 to 4.1.0 by @dependabot[bot] in #5625
• Bump versatile to 0.15.0 by @nscuro in #5651
• Bump Alpine to 3.5.0 by @nscuro in #5652
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.3.0 to 12.3.1 by @dependabot[bot] in #5654
• build(deps): bump org.metaeffekt.core:ae-security from 0.149.0 to 0.150.2 by @dependabot[bot] in #5655
• build(deps): bump io.github.ascopes:protobuf-maven-plugin from 4.1.1 to 4.1.2 by @dependabot[bot] in #5658
• build(deps): bump org.json:json from 20250517 to 20251224 by @dependabot[bot] in #5659
• build(deps): bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6 by @dependabot[bot] in #5665
• build(deps): bump com.puppycrawl.tools:checkstyle from 12.3.1 to 13.0.0 by @dependabot[bot] in #5664
• build(deps-dev): bump org.testcontainers:testcontainers from 2.0.2 to 2.0.3 by @dependabot[bot] in #5668
• Bump Alpine to 3.5.1 by @nscuro in #5680
• build(deps): bump lib.protobuf-java.version from 4.33.2 to 4.33.3 by @dependabot[bot] in #5682
• build(deps): bump debian from 449673e to f668110 in /src/main/docker by @dependabot[bot] in #5687
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.27.1 to 1.28.0 by @dependabot[bot] in #5686
• build(deps): bump debian from f668110 to ed542b2 in /src/main/docker by @dependabot[bot] in #5693
• build(deps): bump lib.protobuf-java.version from 4.33.3 to 4.33.4 by @dependabot[bot] in #5692
• build(deps): bump eclipse-temurin from 1f12ca3 to 1cccec6 in /src/main/docker by @dependabot[bot] in #5701
• build(deps): bump org.postgresql:postgresql from 42.7.8 to 42.7.9 by @dependabot[bot] in #5700
• build(deps): bump org.metaeffekt.core:ae-security from 0.150.2 to 0.151.0 by @dependabot[bot] in #5706
• build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #5707
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.27.1 to 1.28.0 by @dependabot[bot] in #5715
• Bump versatile to 0.16.1 by @nscuro in #5719
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.27.1 to 1.28.0 by @dependabot[bot] in #5685
• Bump cyclonedx-core-java to 12.0.0 by @nscuro in #5721
• Bump Alpine to 3.6.0 by @nscuro in #5722
• build(deps): bump org.cyclonedx:cyclonedx-core-java from 12.0.0 to 12.0.1 by @dependabot[bot] in #5732
• build(deps): bump org.metaeffekt.core:ae-security from 0.151.0 to 0.152.0 by @dependabot[bot] in #5733
• build(deps): bump actions/setup-java from 5.1.0 to 5.2.0 by @dependabot[bot] in #5741
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #5742
• build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #5743
• build(deps): bump io.github.jeremylong:open-vulnerability-clients from 9.0.2 to 9.0.3 by @dependabot[bot] in #5746
• build(deps): bump eclipse-temurin from 1cccec6 to 1cccec6 in /src/main/docker by @dependabot[bot] in #5754
• build(deps): bump alpine from 865b95f to 2510918 in /src/main/docker by @dependabot[bot] in #5753
• build(deps): bump lib.protobuf-java.version from 4.33.4 to 4.33.5 by @dependabot[bot] in #5761
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 4.1.2 to 4.1.3 by @dependabot[bot] in #5767
• build(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #5770
• build(deps): bump com.puppycrawl.tools:checkstyle from 13.0.0 to 13.1.0 by @dependabot[bot] in #5768
• build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 by @dependabot[bot] in #5769
• build(deps): bump debian from ed542b2 to 4448d44 in /src/main/docker by @dependabot[bot] in #5772
• build(deps): bump io.pebbletemplates:pebble from 4.1.0 to 4.1.1 by @dependabot[bot] in #5784
• build(deps): bump com.puppycrawl.tools:checkstyle from 13.1.0 to 13.2.0 by @dependabot[bot] in #5788
• build(deps): bump org.cyclonedx:cyclonedx-core-java from 12.0.1 to 12.1.0 by @dependabot[bot] in #5787
• build(deps): bump eclipse-temurin from 25.0.1_8-jdk-alpine to 25.0.2_10-jdk-alpine in /src/main/docker by @dependabot[bot] in #5789
• build(deps): bump org.postgresql:postgresql from 42.7.9 to 42.7.10 by @dependabot[bot] in #5800
• build(deps): bump github/codeql-action from 4.32.0 to 4.32.2 by @dependabot[bot] in #5795
• build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #5805
• build(deps): bump docker/build-push-action from 6.18.0 to 6.19.2 by @dependabot[bot] in #5806
• build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 by @dependabot[bot] in #5804
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 4.1.3 to 5.0.0 by @dependabot[bot] in #5803
• build(deps): bump eclipse-temurin from ef1219e to 2866f12 in /src/main/docker by @dependabot[bot] in #5814
• build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.37 to 2.1.38 by @dependabot[bot] in #5813
• build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.28.0 to 1.28.1 by @dependabot[bot] in #5820
• build(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 by @dependabot[bot] in #5834
• build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 by @dependabot[bot] in #5835
• build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #5833
• build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.28.0 to 1.28.1 by @dependabot[bot] in #5821
• build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.28.0 to 1.28.1 by @dependabot[bot] in #5822
• build(deps): bump debian from 4448d44 to 85dfcff in /src/main/docker by @dependabot[bot] in #5840
• build(deps): bump lib.protobuf-java.version from 4.33.5 to 4.34.0 by @dependabot[bot] in #5846
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.0.0 to 5.0.1 by @dependabot[bot] in #5851
• build(deps): bump com.puppycrawl.tools:checkstyle from 13.2.0 to 13.3.0 by @dependabot[bot] in #5852
• build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in #5853
• build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #5854
• build(deps): bump org.metaeffekt.core:ae-security from 0.152.0 to 0.153.0 by @dependabot[bot] in #5865
• build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @dependabot[bot] in #5880
• build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 by @dependabot[bot] in #5881
• build(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in #5879
• build(deps): bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in #5878
• build(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #5877
• build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.0.1 to 5.0.2 by @dependabot[bot] in #5876
• build(deps): bump org.metaeffekt.core:ae-security from 0.153.0 to 0.153.1 by @dependabot[bot] in #5875
• build(deps): bump org.apache.maven:maven-artifact from 3.9.12 to 3.9.13 by @dependabot[bot] in #5874
• Bump Alpine to 3.7.0 by @nscuro in #5883
• Bump bundled frontend to 4.14.0 by @nscuro in #5890

Other Changes

• Improve the stability of tag binding by @nscuro in #4882
• Migrate to maintained protobuf-maven-plugin by @nscuro in #4912
• docs: FAQ entry that links to outbound-connection list (fixes #4228) by @dmtkfs in #4975
• Add AWS Cognito configuration example by @vdieieva in #5032
• docs: Additional info on connecting Entra by @jakub-bochenski in #5038
• Adds sbomify to list by @vpetersson in #5425
• SecObserve has been moved to another GitHub organisation by @StefanFl in #5504
• docs: specify newer version of docker compose in readme by @jvirgovic in #5648
• Update OSS Index documentation by @nscuro in #5774
• Add Makefile and AGENTS.md by @nscuro in #5858
• Fix enhance profile missing from test make targets by @nscuro in #5860
• Add page on users and permissions by @Granjow in #5831
• Delete NVD feed timestamp files during v4.14.0 upgrade by @nscuro in #5886
• Bump FPF version to 1.3 by @nscuro in #5885
• Add changelog for 4.14.0 by @nscuro in #5887

New Contributors

• @snieguu made their first contribution in #4905
• @kacper-uminski made their first contribution in #4935
• @joshcrispo made their first contribution in #4806
• @rseleven made their first contribution in #4857
• @marschall made their first contribution in #4942
• @dmtkfs made their first contribution in #4975
• @jakub-bochenski made their first contribution in #4876
• @vdieieva made their first contribution in #5032
• @jonbally made their first contribution in #5061
• @noevembr made their first contribution in #5073
• @marineotter made their first contribution in #5094
• @emil-wire made their first contribution in #5275
• @framayo made their first contribution in #5287
• @muellerst-hg made their first contribution in #5292
• @anantk24 made their first contribution in #5224
• @arjavdongaonkar made their first contribution in #5395
• @vpetersson made their first contribution in #5425
• @ElenaStroebele made their first contribution in #5412
• @jvirgovic made their first contribution in #5648
• @WoozyMasta made their first contribution in #5711
• @brianf made their first contribution in #5736

Full Changelog: 4.13.0...4.14.0