Features:
- Improvements to Findings API
- Created Finding Packaging Format for the native exporting of findings
- Added support for external integrations including:
- Fortify Software Security Center
- Kenna Security
- Added repository (and outdated version detection) support for NuGet and PyPI
- Updated SPDX license list to v3.3
- Added support for identifying FSF Libre licenses
- Updated Java version in Docker container
- Docker container can now be fully configured with environment variables
- Added Test Configuration button when configuring SMTP settings
- Added logfile rotation with default 10MB cap (configurable)
Fixes:
- Corrected issue that incorrectly returned suppressed vulnerabilities when queried for non-suppressed ones
- Fixed issue that resulted in server/UI timeouts due to excessive license payload
- Fixed NPE that occurred when the configured SMTP server didn’t require authentication
- Added workaround for outstanding OSS Index defect where the service didn’t process PackageURLs containing qualifiers
- Updated OpenUnirest which addressed configuration issue with library not honoring proxy server settings
dependency-track-embedded.war
| Algorithm | Checksum |
| SHA-1 | 676e04e0ef002e371da3b5eab239b0ab55dffe57 |
| SHA-256 | 006801f124d190e929ab7e6352adcc0bf89047259eff5a15cf4d54a01d7b402d |
dependency-track.war
| Algorithm | Checksum |
| SHA-1 | 15309c0818034ac99f603b52f242748b255818b9 |
| SHA-256 | 624fa3e7f458b163a0bbb8f05ee7cb1cf052d6d4ea53ff2b43686dd55bb83135 |