github DependencyTrack/dependency-track 4.14.1
on GitHub

9 hours ago

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone. 

# SHA1
750b0c768208d7c6b7e32e8f1a7500eb94788069  dependency-track-apiserver.jar
61eac5828458dfea46507c26f3384bb452ebeefe  dependency-track-bundled.jar
# SHA256
142bdfa36defffc2304d03f9ef7ecd162f1185dcbc00933a73529cac7f12980c  dependency-track-apiserver.jar
6cedc727a3f8eb2343397e50a1b5515a99c2a361b7c55aa60dbeff85c1f4af2d  dependency-track-bundled.jar
# SHA512
b2e37486f0775793c0d2dfc6a0adfae96e8bdc6b09d4708902ad504ea9e6b24505753319c183b4549d080cd4e71c8e1efa13cd916cc67434603d9d0b28aeb274  dependency-track-apiserver.jar
f0bc70a0d5e6bce155dca1ec051e7a333c8c4ff836e002a6acabacf5a8a4e8298c7a223e8cd1a86f4a5bca5fb7c0c5f99bf6aea7cc602e9c51bc3cfab1100aa2  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

  • Backport: Add support for NuGet versioning scheme by @nscuro in #5958
  • Backport: Fix wasteful existence queries by @nscuro in #5960
  • Backport: Add support for Composer versioning scheme by @nscuro in #5963
  • Backport: Support Sonatype Guide tokens for OSS Index analyzer by @nscuro in #5996

Bug Fixes 🐛

  • Backport: Fix PURL-specific version matching being bypassed for components with CPE by @nscuro in #5959
  • Backport: Fix potentially wrong version being used for CPE comparison by @nscuro in #5962
  • Backport: Fix scheduled notification query failing when ID columns are not of type BIGINT by @nscuro in #5979
  • Backport: Avoid NPE when computing Trivy pkgType (#5982) by @stohrendorf in #5987
  • Backport: Use ecosystem-aware version comparison for latest version detection by @nscuro in #5995
  • Backport: Remove leading whitespace from vulnerability badge SVG template by @nscuro in #6000

Dependency Updates 🤖

  • build(deps): bump eclipse-temurin from 2866f12 to a6884e6 in /src/main/docker by @dependabot[bot] in #5921
  • build(deps): bump debian from 85dfcff to 99fc6d2 in /src/main/docker by @dependabot[bot] in #5920
  • build(deps): bump com.microsoft.sqlserver:mssql-jdbc from 13.2.1.jre11 to 13.4.0.jre11 by @dependabot[bot] in #5916
  • build(deps): bump lib.resilience4j.version from 2.3.0 to 2.4.0 by @dependabot[bot] in #5915
  • build(deps): bump org.apache.maven:maven-artifact from 3.9.13 to 3.9.14 by @dependabot[bot] in #5905
  • build(deps-dev): bump io.swagger.parser.v3:swagger-parser from 2.1.38 to 2.1.39 by @dependabot[bot] in #5896
  • build(deps): bump io.github.nscuro:versatile-core from 0.16.1 to 0.17.0 by @dependabot[bot] in #5930
  • build(deps): bump eclipse-temurin from a6884e6 to d556bfd in /src/main/docker by @dependabot[bot] in #5928
  • build(deps): bump org.metaeffekt.core:ae-security from 0.153.1 to 0.153.2 by @dependabot[bot] in #5929
  • build(deps-dev): bump org.testcontainers:testcontainers from 2.0.3 to 2.0.4 by @dependabot[bot] in #5939
  • build(deps): bump com.google.cloud.sql:postgres-socket-factory from 1.28.1 to 1.28.2 by @dependabot[bot] in #5940
  • build(deps): bump com.google.cloud.sql:mysql-socket-factory-connector-j-8 from 1.28.1 to 1.28.2 by @dependabot[bot] in #5941
  • build(deps): bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.28.1 to 1.28.2 by @dependabot[bot] in #5942
  • build(deps): bump io.github.nscuro:versatile-core from 0.17.0 to 0.18.0 by @dependabot[bot] in #5947
  • build(deps): bump lib.protobuf-java.version from 4.34.0 to 4.34.1 by @dependabot[bot] in #5954
  • build(deps-dev): bump io.github.ascopes:protobuf-maven-plugin from 5.0.2 to 5.1.0 by @dependabot[bot] in #5983
  • build(deps): bump eclipse-temurin from d556bfd to 305fb0c in /src/main/docker by @dependabot[bot] in #5990
  • Backport: Bump bundled frontend to 4.14.1 by @nscuro in #6004

Other Changes

  • Backport: Disable Trivy integration tests by @nscuro in #5961
  • Backport: Add age and version distance to operational policy criteria by @nscuro in #5964
  • Backport: Harden GitHub Actions workflows by @nscuro in #5980
  • Backport: Address zizmor GitHub Actions findings by @nscuro in #5981
  • Backport: Fix version in docs by @nscuro in #6005
  • Backport: Fix release workflow by @nscuro in #6006
  • Add changelog for v4.14.1 by @nscuro in #5999

Full Changelog: 4.14.0...4.14.1

Check out latest releases or
releases around DependencyTrack/dependency-track 4.14.1

Don't miss a new dependency-track release

NewReleases is sending notifications on new releases.

Get notifications