dependencytrack-bot
released this
04 Dec 12:24
·
10 commits
to 4.12.x
since this release
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.
# SHA1
114d6a9f8b87a307be324f155daf3454dcc269bb dependency-track-apiserver.jar
a15db1b85d0ac29977724deb3f9a65428c929d39 dependency-track-bundled.jar
# SHA256
ef6bb4ce3ebea410b620a91cf8347ab1e95c32b3f166103c749ece97f4098591 dependency-track-apiserver.jar
a8aba7cd926de3deeea31290be830ee90282128f1820fddde3ec8b346bba1bdd dependency-track-bundled.jar
# SHA512
c2fc89377de194af70dab631b2f385f9e9cac93b140916e795a4b43bf7f3d7091ef64b64614bc1935282f23d9f7e3ba40dc41d2c98fa33167d62b409f75c79d8 dependency-track-apiserver.jar
684666c5b5456609d4694c5ce8b793bf64a49b77219784954ec6d5a6abe38895a2637f3644ca9197061fdc4e4ba203e3699849b656730d5eb52649a11cb685bb dependency-track-bundled.jar
What's Changed
Enhancements 🚀
Bug Fixes 🐛
- Backport: Fix CPE matching for NVD mirroring via REST API by @nscuro (original change by @calderonth) in #4378
- Backport: Fix incorrect CWE schema in OpenAPI spec by @nscuro (original change by @fupgang) in #4379
- Backport: Fix NullPointerException when fetching findings by @nscuro in #4380
- Backport: Fix policy evaluation not happening upon creation or update of individual components by @nscuro (original change by @fupgang) in #4381
- Backport: Fix nullable metrics fields having getters of primitive type by @nscuro in #4382
- Backport: Fix Trivy analyzer vulnerability matching for Go packages by @nscuro in #4395
- Backport: Move GHSA notification logic outside recursion by @nscuro (original change by @antoinbo) in #4417
- Backport: Add cyclonedx json media type when exporting components by @nscuro (original change by @wratner) in #4420
- Backport: Fix NPE when cloning projects with broken dependency graph by @nscuro in #4419
- Backport: Fix
project.active
being nullable by @nscuro in #4418 - Fix incompatibility of swagger-core with newer jackson-databind versions by @nscuro in #4442
Dependency Updates 🤖
- Backport: Bump Alpine to 3.1.2 by @nscuro in #4436
- Backport: Bump bundled frontend to 4.12.2 by @nscuro in #4441
Other Changes
Full Changelog: 4.12.1...4.12.2