Skip to content

5.2.0
Compare
Choose a tag to compare
@dependencytrack-bot dependencytrack-bot released this 02 Nov 16:24
5.2.0
8bb3729

What's Changed

Enhancements 🚀

  • Port cyclonedx vex importer change from upstream by @VithikaS in #368
  • Added transient List of ProjectVersions and set Metrics in Project by @nscuro in #367
  • Allow operator and violation when creating policy resource by @VithikaS in #373
  • Bump CWE dictionary to v4.12 by @nscuro in #369
  • Add support for custom license resolution by name by @nscuro in #364
  • Move scripts directory; Use standard directory for IntelliJ run configurations; Add project icon by @nscuro in #370
  • Version Distance policy evaluator by @VithikaS in #374
  • Add new endpoint for DependencyGraph by @sahibamittal in #366
  • Update SPDX license list to v3.21 by @nscuro in #375
  • changes for end points with integrity meta by @mehab in #377
  • Support pass-through properties for Kafka Streams and Kafka Producer by @nscuro in #376
  • Vex resource test by @VithikaS in #381
  • Include Cloud SQL database connector for PostgreSQL by @nscuro in #383
  • Let GitHub generate release notes by @nscuro in #386
  • Port image upgrades from upstream by @VithikaS in #387
  • Implement SPDX expressions by @nscuro in #393
  • Cyclonedx-core-java library version bump by @VithikaS in #397
  • SPDX expression support improvements by @nscuro in #396
  • Schema upgrade v5.2.0 by @VithikaS in #402
  • Diff changes made by scanners to existing vulnerabilities by @nscuro in #423

Bug Fixes 🐛

  • Fix repo meta and vuln analysis tasks not considering projects with active=null by @nscuro in #357
  • port change for jsonignore on transient field by @VithikaS in #362
  • Fix NPE during BOM processing when component doesn't have a PURL by @nscuro in #363
  • Fix NullPointerException when checking for existence of projects without version - port upstream fix by @VithikaS in #365
  • Fix version distance policy being evaluated despite not being configured by @VithikaS in #382
  • Fix AffectedComponent format for CPEs with version ranges by @VithikaS in #385
  • Fix invalid Mattermost & Slack notification templates by @nscuro in #384
  • Fix integrity meta initializer by @VithikaS in #391
  • Fix impossible SQL query conditions causing DB indexes to be bypassed by @nscuro in #403
  • Integrity analysis if integrity metadata is present by @VithikaS in #409
  • Add null check on publishedAt by @VithikaS in #412
  • Fix inconsistent purlCoordinates by @nscuro in #413
  • Send integrity meta events only for supported types by @VithikaS in #416
  • Fix BOM validation failing for spec versions lower than 1.5 by @nscuro in #414
  • Downgrade Jetty Maven Plugin to 10.x by @nscuro in #415
  • Address performance regression during BOM processing by @nscuro in #419
  • Fix FK violation during BOM processing by @nscuro in #422
  • Fix singleton events not being untracked upon unexpected failures by @nscuro in #425

Dependency Updates 🤖

  • Bump lib.kafka.version from 3.5.1 to 3.6.0 by @dependabot in #344
  • Bump bufbuild/buf-setup-action from 1.26.1 to 1.27.0 by @dependabot in #347
  • Bump us.springett:cvss-calculator from 1.4.1 to 1.4.2 by @dependabot in #349
  • Bump lib.protobuf-java.version from 3.24.3 to 3.24.4 by @dependabot in #345
  • Bump org.apache.maven:maven-artifact from 3.9.4 to 3.9.5 by @dependabot in #346
  • Bump debian from bullseye-20230919-slim to bullseye-20231009-slim in /src/main/docker by @dependabot in #354
  • Bump org.json:json from 20230618 to 20231013 by @dependabot in #353
  • Bump lib.net.javacrumbs.shedlock.version from 5.8.0 to 5.9.0 by @dependabot in #352
  • Bump bufbuild/buf-lint-action from 1.0.3 to 1.1.0 by @dependabot in #351
  • Bump lib.net.javacrumbs.shedlock.version from 5.9.0 to 5.9.1 by @dependabot in #378
  • Bump Snappy to 1.1.10.5 by @nscuro in #379
  • Bump bufbuild/buf-setup-action from 1.27.0 to 1.27.1 by @dependabot in #390
  • Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #389
  • Bump debian from 9071e18 to 8cfbea7 in /src/main/docker by @dependabot in #388
  • Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.3.1 by @dependabot in #394
  • Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2 by @dependabot in #400
  • Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2 by @dependabot in #406
  • Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 by @dependabot in #407
  • Bump org.eclipse.jetty:jetty-maven-plugin from 10.0.16 to 11.0.18 by @dependabot in #411
  • Bump Redpanda to v23.2.13 by @nscuro in #398
  • Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 by @dependabot in #418
  • Bump debian from 8cfbea7 to 1529b15 in /src/main/docker by @dependabot in #417

Other Changes

  • Incoming events with hash information for apiserver by @mehab in #343
  • added integrity analysis event on apiserver by @mehab in #339
  • Integrity check by @VithikaS in #355
  • clean up of integrity anlysis table by @VithikaS in #359
  • Cleanup leftovers of bundled distribution and H2 by @nscuro in #360
  • Fix GHA set-output deprecation warnings by @nscuro in #361
  • Feature/add component age policy by @mehab in #358
  • Add outdated components and direct dependencies in component endpoint by @sahibamittal in #372
  • send integrity meta events outside of transaction and handle integrity violation by @VithikaS in #380
  • converting to single query for getting component meta information by @mehab in #395
  • Integrity analysis if enabled by @VithikaS in #399
  • Force downgrade of logstash-logback-encoder to 7.3 by @nscuro in #404
  • Remove unused frontend.version property by @nscuro in #405
  • Remove mockserver-netty dependency by @nscuro in #408
  • fix query for fetching integrity data by @VithikaS in #410
  • modify batch update query by @VithikaS in #420
  • Bump version to 5.2.0-SNAPSHOT by @nscuro in #421
  • Added id column to sorting by @VithikaS in #426

Full Changelog: 5.1.0...5.2.0

Contributors

nscuro, sahibamittal, and 3 other contributors
Assets 5
Loading