| title | type |
|---|---|
v3.7.0 |
major |
Features:
- Application context is now configurable in the Docker container
- SVG badges may now be retrieved via the project name and version
- Added Hex repository support for Erlang, Elixir, and other BEAM languages
- Added configurable support for defining components as internal which are not subject to external analysis
- Increased CPE analysis precision for components with CPEs containing a value in the update field
Fixes:
- Fixed defect in /api/v1/project that returned a server error if the 'name' parameter was specified
- Fixed defect resulting in invalid gzip response body when Accept-Encoding was not specified
- Fixed defect resulting in licenses not being loaded if Dependency-Track is deployed to a directory containing a space
- Changed behavior when parsing an invalid CPE to display a single line warning rather than the full stack trace
- Fixed defect resulting in a project not being able to be deleted when that project was part of a notification rule
- Fixed encoding issue affecting project names containing special characters
Security:
- GHSA-4gqv-hcmg-jw33 Cross-Site Scripting (XSS): Persistent
- GHSA-6j82-qv49-r46p Cross-Site Scripting (XSS): Persistent
Upgrade Notes:
- Support for consuming Dependency-Check v4.x XML reports has been removed
- The following can safely be (optionally) dropped upon a successful upgrade (consult log):
- Tables:
- SCANS_COMPONENTS
- SCAN
- Columns:
- LAST_SCAN_IMPORTED (in PROJECT table)
- Tables:
| Algorithm | Checksum | | SHA-1 | e946c65ec0ff5ba12e843789b917caab635bfe62 | | SHA-256 | bd02a522a8c9beeb8dd7964f07eb27a7a02ce8bbf6a7c8af3378bb26fc98a087 |
| Algorithm | Checksum | | SHA-1 | 22da81fb91b5641fcb805c74063c11e521fe0ad4 | | SHA-256 | 9207e25b19d34b57804f25e9881e663ebb56333520b039c5ccfd93209295b0a1 |