Features:
- Added configurable option to enable/disable BOMs based on format (CycloneDX enabled by default)
- Added support for the official CPE v2.3 dictionary and vulnerabilities with CPEs of affected products
- Added ability to identify vulnerabilities in components solely by their CPE
- Added full support for VulnDB as a source of vulnerability intelligence
- Added support for SVG badges
- Added additional logging during metrics updates
- Docker container now supports Kubernetes and OpenShift
- Docker container now has configurable support for specifying logging levels
- Added Inherited Risk Score to project list view with the ability to sort on risk score
- Added an ‘active’ flag to projects with the default behavior of hiding inactive projects
- Added BOM_CONSUMED and BOM_PROCESSED notifications which can optionally deliver BOMs via webhooks
- Added support for last BOM imported including the BOM type and version
- Added an API to lookup a project by its name and version
- Added analysis interval throttle to prevent repeated analysis requests for the same components
- Slack and email alerts now contain links back to Dependency-Track
- Added support for Java 11
Fixes:
- Fix for GLOBAL_AUDIT_CHANGE not including affected projects
- Fixed issue that prevented Dependency-Track for working with non-default URL contexts
- Fixed intermittent persistence issue resulting in NPE in BomUploadProcessingTask
- Fixed issue resulting in incorrect percentage audited on project findings
- Fixed OSS Index analyzer in response to the URL changes from ossindex.net to ossindex.sonatype.org
Upgrade Notes:
- Support for SPDX BOMs and Dependency-Check XML reports are disabled by default
- Replaced embedded Dependency-Check library with internal CPE analyzer
- Dependency-Track no longer mirrors XML data feeds from the NVD
dependency-track-embedded.war
| Algorithm | Checksum |
| SHA-1 | 6cd17d5a31472f7f60e674e2d7fc2e3050085808 |
| SHA-256 | bbb72fa3b6246b7afa7c22b103f0c85daf82565a38ae12973043775e6b27fd6e |
dependency-track.war
| Algorithm | Checksum |
| SHA-1 | f7b88825dbaf8b837977954f5a7e506952ed8361 |
| SHA-256 | a1d0d308a46d30399e9ff9a0334fe3be70345aa12c30c0d1d6bfccdcafe062e2 |