4.11.0

版本发布时间: 2024-05-07 22:15:12

DependencyTrack/dependency-track最新发布版本:4.11.7(2024-08-14 20:36:35)

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes. If additional details are required, consult the closed issues for this release milestone.

# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

Return processing token when cloning project #2842 by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3260
Hyades backport: Preprocess CWE dictionary by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3284
Add "Show in Dependency-Graph" Button in "Affected Projects" List [improved version] by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3285
Add "Show in Dependency-Graph" Button in "Affected Projects" List by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2942
Update SPDX license list to v3.22 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3368
Store computed severities in the database by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3408
feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3425
Subject prefix by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3422
Trivy by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3259
Webhook alert token and new user alerts by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3275
Global Audit View: Vulnerabilities by @rbt-mm in https://github.com/DependencyTrack/dependency-track/pull/2472
Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3357
Bump CWE dictionary to v4.13 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3491
Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3492
Align retry configuration and behavior across analyzers by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3494
Add auto-generated changelog to GitHub releases by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3502
Bump SPDX license list to v3.23 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3508
Validate uploaded BOMs against CycloneDX schema by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3522
Add endpoint for updating API key comment by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3537
OpenAPI spec fixes and improvements by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3557
Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in https://github.com/DependencyTrack/dependency-track/pull/3574
Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3561
New feature: VulnDB Aliases! by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3588
Implement the hackage and nixpkgs meta analyzers by @MangoIV in https://github.com/DependencyTrack/dependency-track/pull/3549
Add support for component properties by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3499
Leverage component properties for Trivy scans by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3620
Improve Lucene observability by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3535
Include pagination parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3625
Include sorting query parameters in OpenAPI spec by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3631
support for experimental configurations by @fnxpt in https://github.com/DependencyTrack/dependency-track/pull/3621
Gracefully handle unique constraint violations by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3648
Add support for worker pool drain timeout by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3657
Fall back to no authentication when OSS Index API token decryption fails by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3661
Truncate ComponentProperty value at 1024 characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3662
Add the project name and project URL to bom processing notifications by @2000rosser in https://github.com/DependencyTrack/dependency-track/pull/3666
Bump bundled frontend to v4.11.0 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3681

Bug Fixes 🐛

Fix dropping of CWE table failing due to FK constraint by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3304
Fix notifications not being sent for child projects where active is null by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3305
Fix NPE in VersionDistancePolicyEvaluator when project has no direct dependencies by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3307
Fix ClassCastException when updating an existing ProjectMetadata#authors field by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3311
feat: Improve Error handling and add default version type by @jadyndev in https://github.com/DependencyTrack/dependency-track/pull/3313
Fix NVD API's last modified timestamp requiring restart to be applied by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3322
Project cloning logic for cloning policy violations and Violationanalysis by @mge-mm in https://github.com/DependencyTrack/dependency-track/pull/3248
Ignore withdrawn Github advisories by @kepten in https://github.com/DependencyTrack/dependency-track/pull/3394
Fix VulnDB parser being unable to import vulnerability records when 'nvd_additional_information' is empty by @lukas-braune in https://github.com/DependencyTrack/dependency-track/pull/3437
Fix URISyntaxException when NPM PURL contains special characters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3456
Finding Attributed On date is not retained when cloning projects by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3488
adding cargo to IMetaAnalyzer by @leec94 in https://github.com/DependencyTrack/dependency-track/pull/3511
Fix type of purl fields in Swagger docs by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3512
Perform License Resolution On Name Field During SBOM Import by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3555
Update License Of Existing Components On BOM Upload by @aravindparappil46 in https://github.com/DependencyTrack/dependency-track/pull/3556
Provide meaningful error message for bom and vex exceeding Jackson's character limit by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3558
Fix unhandled NotFoundExceptions causing a HTTP 500 response by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3559
Extend length of PURL and PURLCOORDINATES columns from 255 to 786 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3560
Validate UUID request parameters by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3590
Vuln db severity by @LaVibeX in https://github.com/DependencyTrack/dependency-track/pull/3595
Fix JDOFatalUserException for long reference URLs from OSS Index by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3650
Catch all unhandled ClientErrorExceptions by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3659
Fix unique constraint violation during NVD mirroring via feed files by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3664
De-duplicate CPEs in NVD feed file parsing by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3667
Fix missing default repos for Hackage and Nixpkgs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3678

Dependency Updates 🤖

Bump org.apache.httpcomponents.client5:httpclient5 from 5.2.1 to 5.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3282
Bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3289
Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3288
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.0 to 1.15.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3298
Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3320
Bump eclipse-temurin from 5f85d29 to e96937d in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3319
Bump github/codeql-action from 2.22.9 to 3.22.11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3318
Bump debian from 375fb84 to d4494b6 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3325
Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.18 to 10.0.19 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3331
Bump org.slf4j:log4j-over-slf4j from 2.0.9 to 2.0.10 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3345
Bump github/codeql-action from 3.22.11 to 3.22.12 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3340
Bump org.slf4j:log4j-over-slf4j from 2.0.10 to 2.0.11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3362
Bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3359
Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3358
Bump actions/download-artifact from 3.0.2 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3341
Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3317
Bump debian from d4494b6 to f7235f3 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3370
Bump actions/download-artifact from 4.1.0 to 4.1.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3378
Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3377
Bump github/codeql-action from 3.22.12 to 3.23.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3376
Bump eclipse-temurin from e96937d to 6b234f2 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3387
Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3400
Bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3401
Bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3399
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.1 to 1.15.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3391
Bump eclipse-temurin from 21.0.1_12-jre-jammy to 21.0.2_13-jre-jammy in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3410
Bump org.apache.httpcomponents.client5:httpclient5 from 5.3 to 5.3.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3409
Bump eclipse-temurin from 651d253 to 24d6ced in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3413
Bump Alpine to 2.2.5-SNAPSHOT by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3417
Bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3418
Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3419
Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.19 to 10.0.20 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3428
Bump debian from f7235f3 to 4255c9f in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3427
Bump eclipse-temurin from 24d6ced to 91e50ea in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3432
Bump com.microsoft.sqlserver:mssql-jdbc from 12.4.2.jre11 to 12.6.0.jre11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3431
Bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3435
Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.2 to 3.2.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3440
Bump org.json:json from 20231013 to 20240205 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3441
Bump org.slf4j:log4j-over-slf4j from 2.0.11 to 2.0.12 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3439
Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3460
Bump actions/download-artifact from 4.1.1 to 4.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3459
Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3458
Bump lib.lucene.version from 8.11.2 to 8.11.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3457
Bump debian from 4255c9f to 435ba09 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3462
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.2 to 1.16.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3466
Bump eclipse-temurin from 91e50ea to 0672ad3 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3471
Bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3473
Bump eclipse-temurin from 0672ad3 to 636b9a7 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3476
Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3475
Bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3474
Bump io.github.jeremylong:open-vulnerability-clients from 5.1.1 to 5.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3481
Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.4 to 3.2.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3480
Bump com.github.tomakehurst:wiremock-jre8 from 2.35.1 to 2.35.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3479
Bump com.microsoft.sqlserver:mssql-jdbc from 12.6.0.jre11 to 12.6.1.jre11 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3478
Bump net.javacrumbs.json-unit:json-unit-assertj from 3.2.5 to 3.2.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3486
Bump various dependencies by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3487
Bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3497
Bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3496
Bump Alpine to 2.2.5 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3515
Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3525
Bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3524
Bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3523
Bump org.json:json from 20240205 to 20240303 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3527
Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3526
Bump eclipse-temurin from 636b9a7 to d9f7b83 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3532
Bump org.testcontainers:testcontainers from 1.19.6 to 1.19.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3533
Bump io.github.jeremylong:open-vulnerability-clients from 5.1.2 to 6.0.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3542
Bump org.apache.commons:commons-compress from 1.26.0 to 1.26.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3541
Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3539
Bump actions/setup-java from 4.0.0 to 4.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3540
Bump debian from 435ba09 to d10f054 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3543
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.16.0 to 1.17.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3547
Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3564
Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3563
Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3562
Bump actions/setup-java from 4.1.0 to 4.2.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3565
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.17.0 to 1.17.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3567
Bump github/codeql-action from 3.24.6 to 3.24.9 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3578
Bump actions/dependency-review-action from 4.1.3 to 4.2.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3577
Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3576
Bump io.github.jeremylong:open-vulnerability-clients from 6.0.0 to 6.0.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3586
Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3592
Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3593
Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3606
Bump docker/setup-buildx-action from 3.2.0 to 3.3.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3605
Bump debian from d10f054 to 2c96e00 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3610
Bump org.slf4j:log4j-over-slf4j from 2.0.12 to 2.0.13 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3619
Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.17.1 to 1.18.0 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3623
Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3636
Bump github/codeql-action from 3.24.10 to 3.25.1 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3635
Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3634
Bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3633
Bump debian from 2c96e00 to ff39497 in /src/main/docker by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3640
Bump Temurin base image to 21.0.3_9 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3652
Bump github/codeql-action from 3.25.1 to 3.25.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3656
Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3653
Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3654
Bump actions/download-artifact from 4.1.5 to 4.1.7 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3655
Bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in https://github.com/DependencyTrack/dependency-track/pull/3671
Bump dependencies to their latest version by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3674

Other Changes

Fix GitHub purl example in v4.10.0 changelog by @lnksz in https://github.com/DependencyTrack/dependency-track/pull/3300
Updated terminology.md to describe the Risk Score calculation by @AnthonyMastrean in https://github.com/DependencyTrack/dependency-track/pull/3347
ACL: Add projects to team should only show not yet added projects by @rkg-mm in https://github.com/DependencyTrack/dependency-track/pull/3261
docs: fix build status badge by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3386
docs(azure-ad): large enterprise group configuration by @setchy in https://github.com/DependencyTrack/dependency-track/pull/3414
Fix image link on openidconnect-configuration.md by @mikkeschiren in https://github.com/DependencyTrack/dependency-track/pull/3411
Improve test coverage of Trivy integration by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3493
Adds NVD disclaimer at the top of the documentation page for NVD. by @sebD in https://github.com/DependencyTrack/dependency-track/pull/3490
Report test coverage for all branches, not just master by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3514
Fix CI Build status badge by @baburkin in https://github.com/DependencyTrack/dependency-track/pull/3513
Upload test coverage for PRs via separate workflow by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3517
Update changelog for v4.11.0 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3531
Clarify OpenID Connect group mapping to teams by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3536
Transfer copyright from Steve Springett to OWASP Foundation by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3573
Normalize capitalization of PyPI by @gtback in https://github.com/DependencyTrack/dependency-track/pull/3597
Advertise official Helm chart in docs by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3604
Update changelog for v4.11 with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3618
Trivy tweaks by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3630
Log debug information upon possible secret key corruption by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3651
Update v4.11 changelog with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3658
Start Jersey TestContainer once per class vs. once per test method by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3668
Run builds and CI on feature-* branches by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3672
Update v4.11 changelog with recent changes by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3673
Simplify BomUploadProcessingTaskTest by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3676
Disable Maven transfer progress in CI by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3677
Fix changelog typo; Set release date; Bump docs version by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3679
Reduce verbosity of ResourceTests by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/3680

New Contributors

@rkg-mm made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3260
@lnksz made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3300
@AnthonyMastrean made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3347
@mge-mm made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3248
@setchy made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3386
@kepten made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3394
@mikkeschiren made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3411
@lukas-braune made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3437
@LaVibeX made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3422
@fnxpt made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3259
@sebD made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3488
@baburkin made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3513
@aravindparappil46 made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3555
@mprencipe made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3574
@gtback made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3597
@MangoIV made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3549
@2000rosser made their first contribution in https://github.com/DependencyTrack/dependency-track/pull/3666

Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/4.10.1...4.11.0

相关地址：原始地址下载(tar) 下载(zip)

1、 bom.json 508.52KB

2、 checksums.txt 681B

3、 dependency-track-apiserver.jar 66.89MB

4、 dependency-track-bundled.jar 69.35MB

查看：2024-05-07发行的版本