title	type
v3.6.0	major

Features:

Added configurable option to enable/disable BOMs based on format (CycloneDX enabled by default)
Added support for the official CPE v2.3 dictionary and vulnerabilities with CPEs of affected products
Added ability to identify vulnerabilities in components solely by their CPE
Added full support for VulnDB as a source of vulnerability intelligence
Added support for SVG badges
Added additional logging during metrics updates
Docker container now supports Kubernetes and OpenShift
Docker container now has configurable support for specifying logging levels
Added Inherited Risk Score to project list view with the ability to sort on risk score
Added an 'active' flag to projects with the default behavior of hiding inactive projects
Added BOM_CONSUMED and BOM_PROCESSED notifications which can optionally deliver BOMs via webhooks
Added support for last BOM imported including the BOM type and version
Added an API to lookup a project by its name and version
Added analysis interval throttle to prevent repeated analysis requests for the same components
Slack and email alerts now contain links back to Dependency-Track
Added support for Java 11

Fixes:

Fix for GLOBAL_AUDIT_CHANGE not including affected projects
Fixed issue that prevented Dependency-Track for working with non-default URL contexts
Fixed intermittent persistence issue resulting in NPE in BomUploadProcessingTask
Fixed issue resulting in incorrect percentage audited on project findings
Fixed OSS Index analyzer in response to the URL changes from ossindex.net to ossindex.sonatype.org

Upgrade Notes:

Provide feedback

Saved searches