-
-
Notifications
You must be signed in to change notification settings - Fork 583
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
de898b5
commit 982a253
Showing
1 changed file
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| title: v3.6.0 | ||
| type: major | ||
| --- | ||
|
|
||
| **Features:** | ||
|
|
||
| * Added configurable option to enable/disable BOMs based on format (CycloneDX enabled by default) | ||
| * Added support for the official CPE v2.3 dictionary and vulnerabilities with CPEs of affected products | ||
| * Added ability to identify vulnerabilities in components solely by their CPE | ||
| * Added full support for VulnDB as a source of vulnerability intelligence | ||
| * Added support for SVG badges | ||
| * Added additional logging during metrics updates | ||
| * Docker container now supports Kubernetes and OpenShift | ||
| * Docker container now has configurable support for specifying logging levels | ||
| * Added Inherited Risk Score to project list view with the ability to sort on risk score | ||
| * Added an 'active' flag to projects with the default behavior of hiding inactive projects | ||
| * Added BOM_CONSUMED and BOM_PROCESSED notifications which can optionally deliver BOMs via webhooks | ||
| * Added support for last BOM imported including the BOM type and version | ||
| * Added an API to lookup a project by its name and version | ||
| * Added analysis interval throttle to prevent repeated analysis requests for the same components | ||
| * Slack and email alerts now contain links back to Dependency-Track | ||
| * Added support for Java 11 | ||
|
|
||
| **Fixes:** | ||
|
|
||
| * Fix for GLOBAL_AUDIT_CHANGE not including affected projects | ||
| * Fixed issue that prevented Dependency-Track for working with non-default URL contexts | ||
| * Fixed intermittent persistence issue resulting in NPE in BomUploadProcessingTask | ||
| * Fixed issue resulting in incorrect percentage audited on project findings | ||
| * Fixed OSS Index analyzer in response to the URL changes from ossindex.net to ossindex.sonatype.org | ||
|
|
||
| **Upgrade Notes:** | ||
|
|
||
| * Support for SPDX BOMs and Dependency-Check XML reports are disabled by default | ||
| * Replaced embedded Dependency-Check library with internal CPE analyzer | ||
| * Dependency-Track no longer mirrors XML data feeds from the NVD | ||
|
|
||
| ###### dependency-track-embedded.war | ||
|
|
||
| | Algorithm | Checksum | | ||
| | SHA-1 | aaa | | ||
| | SHA-256 | aaa | | ||
|
|
||
| ###### dependency-track.war | ||
|
|
||
| | Algorithm | Checksum | | ||
| | SHA-1 | aaa | | ||
| | SHA-256 | aaa | |