4.12.0

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
0cfe5d6cd014a0a25cdb0379e5a75596adc3d448  dependency-track-apiserver.jar
f7a1af3a5bf5f5b864d0db519fe2944391496f32  dependency-track-bundled.jar
# SHA256
83d31e132643249f7752154adc49690353484a66de6e77db7e25f0c1309528eb  dependency-track-apiserver.jar
3b4e27b29fd8a19cc5a250d394df43e0b046781f4d37c11720f8db8b9714d669  dependency-track-bundled.jar
# SHA512
44b47c7f864a09733b45fce747c3f6a115a0ba4d753d179b78a613404ab7bdd9008cef3539f5af72193506a7cd1b88fca5041a858a0f287612f2ac5572650fae  dependency-track-apiserver.jar
6e6b1210749d89b1ccc29ddc4dcbf2e38c926663f888f644488e63ffda00eb29c79eff1b180941dc798210f5ecf7c2a0e4175e03130f69a08beee36d66aef9fa  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

• Raise baseline Java version to 21 by @nscuro in #3682
• Add active Field To Project Versions by @aravindparappil46 in #3691
• Support ingestion of CycloneDX v1.6 BOMs by @nscuro in #3710
• Gracefully handle NotSortableExceptions by @nscuro in #3724
• Migrate from Swagger v2 to OpenAPI v3 by @nscuro in #3726
• Improve OpenAPI v3 integration by @nscuro in #3728
• Add EPSS conditions to policies by @2000rosser in #3746
• Search component by group by @rcsilva83 in #3761
• Add Notification For BOM_VALIDATION_FAILED by @aravindparappil46 in #3796
• Bump CWE dictionary to v4.14 by @nscuro in #3819
• Bump SPDX license list to v3.24.0 by @nscuro in #3846
• feat: autocreate project with tags by @JCHacking in #3843
• Improve performance of findings retrieval by @nscuro in #3869
• Add REST endpoints for tag retrieval by @nscuro in #3881
• Deprecate /api/v1/tag/{policyUuid} in favor of /api/v1/tag/policy/{uuid} by @nscuro in #3887
• Enable string de-duplication JVM option per default by @nscuro in #3893
• Add REST endpoints for bulk tagging & un-tagging of projects by @nscuro in #3894
• Add REST endpoint for tag deletion by @nscuro in #3896
• Add REST endpoints to tag and untag policies in bulk by @nscuro in #3924
• Log warning when dependency graph is missing the root node by @nscuro in #3990
• Add option to test notification publisher by @2000rosser in #3983
• Add support for authors field by @2000rosser in #3969
• Add tag support for notifications, and REST endpoints for tagging & untagging notifications in bulk by @nscuro in #4031
• Disable H2 shutdown hook by @nscuro in #4106
• Support inclusion/exclusion of projects from BOM validation with tags by @nscuro in #4109
• Migrate Trivy integration to use Protobuf instead of JSON by @nscuro in #4116
• Bump generated BOM to CycloneDX v1.5; Add external references by @nscuro in #4110
• Bump Alpine to 3.1.0 and adopt new framework features by @nscuro in #4134
• Support customizable welcome message to display on login page by @Gepardgame in #4131
• Add AUTHOR -> AUTHORS migration by @nscuro in #4143
• Bump SPDX license list to v3.25.0 by @2000rosser in #4145
• Support configuration of system-wide default locale by @Gepardgame in #4136
• Include team name in audit trail for API-submitted audit changes by @Gepardgame in #4154
• Global Audit View: Policy Violations by @rbt-mm in #3544
• Support assigning of teams for portfolio ACL when creating a project by @Gepardgame in #4093
• Introduce isLatest project flag & allow policies to be limited to latest version by @rkg-mm in #4184
• Enhance badge API to require authorization by @SaberStrat in #4059
• Exclude pre-releases from NuGet latest version check by @brentos99 in #3468
• Ensure modifying project endpoints are transactional by @nscuro in #4194
• Fix redundant ConfigProperty queries in BadgeResource by @nscuro in #4202

Bug Fixes 🐛

• Fix failing JSON BOM validation when specVersion is not one of the first fields by @nscuro in #3697
• Fix broken global vuln audit view for MSSQL by @nscuro in #3700
• fix os handling when trivy sets pkgType on properties by @fnxpt in #3727
• Fix OpenAPI types of UNIX timestamp fields by @nscuro in #3731
• Handle breaking change in Trivy server API by @nscuro in #3738
• Add date format to support offset in nuget analyser by @sahibamittal in #3736
• Fix project name not showing in Jira tickets by @lgrguricmileusnic in #3745
• Fix jakarta.servlet-api not being inherited from alpine-server by @nscuro in #3770
• Fix licenses not being resolved by name by @nscuro in #3782
• Fix Slack notifications failing when no base URL is configured by @nscuro in #3791
• Issue-3769 : fix update component external references by @sahibamittal in #3805
• vulnerabilityAudit incorrectly displaying non-active projects by @2000rosser in #3839
• Fix BOM validation failing when URL contains encoded [ and ] characters by @nscuro in #3865
• Prevent XXE injection during CycloneDX validation and parsing by @nscuro in #3870
• Fix BOM_CONSUMED and BOM_PROCESSED notifications being dispatched with wrong scope by @nscuro in #3877
• Relax lowercase requirement for /api/v1/tag/{name}/project and /api/v1/tag/{name}/policy by @nscuro in #3888
• Fix NPE when querying component metadata for projects without findings by @nscuro in #3889
• Set license name instead of ID when using custom license by @2000rosser in #3915
• Fix JDOUserException when multiple licenses match a component's license name by @nscuro in #3958
• Add regression test for missing parent property in /v1/project/{uuid} response by @nscuro in #3959
• Fix missing projectTags parameter for POST /v1/bom endpoint by @nscuro in #3960
• Ensure no unique constraint violation for ProjectMetadata by @nscuro in #3982
• Fix validation error when XML BOM declares multiple namespaces by @philippn in #4020
• added missing endpoints in index html for open api upgrade by @mehab in #4022
• Handle breaking change in Trivy v0.54.0 server API by @nscuro in #4023
• Fix project link for new vulnerable dependency for email by @2000rosser in #4026
• Fix vex export returning invalid CycloneDX by @SaberStrat in https://github.com/DependencyTrack/dependency-track/pul...

4.11.7

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
9a916abcbb478a4dbad101f5335acdf2b8462062  dependency-track-apiserver.jar
c5a30ee550af8a943bb77167e515fb6422e51b36  dependency-track-bundled.jar
# SHA256
2df1b2ea67a16cdc6108c3ac2f538018e529205ce5f36a6da78f2feefeddd2c8  dependency-track-apiserver.jar
4665cdd14351d7b1c41004ffc57791297c4ec5fc7f958635cff246d1b1a95eed  dependency-track-bundled.jar
# SHA512
d83a209056a7f7ff55b42fa33818dab57668e99c97ffd63c579311743398abc3d102c4a4197577321f3cd3ef9a4654527f453be1d4c217d087d32282f7e57a91  dependency-track-apiserver.jar
2d6fc1c1dd0af04ed92f1b8383ee4524169cde1c715f1e29899cf95b5d6d50f98caa5ec9debc2bd3a2a388d60cc528adb3e861f2248c9c439e8b2f5078a0e3a8  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Fix directDependencies, externalReferences, metadata missing from /api/v1/project/{uuid} response when not already cached by @nscuro in #4071

Dependency Updates 🤖

• Bump bundled frontend to 4.11.7 by @nscuro in #4073

Other Changes

• Add changelog for v4.11.7 by @nscuro in #4072

Full Changelog: 4.11.6...4.11.7

4.11.6

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
daab7ed5b760ff909e4b9cc041b89c3374c1d955  dependency-track-apiserver.jar
8ff2bd4db69e7083d501a4c489f703677044a5f0  dependency-track-bundled.jar
# SHA256
a76cc3417728bdc880f41af613e543d3e5f033d7b0b1db84ffb397bcbcb3936b  dependency-track-apiserver.jar
fd1c25e2b2d727f377eeec8240370558a9796225fe4dc0f258021b1061fbc36f  dependency-track-bundled.jar
# SHA512
1064d3d04da4d47f35d38f04956adbd2e24a5bc8f828c0f9a7c93705fb09f4ebcdee266a9d931aa64d94f583ef7c11ddc788dad2cf0b1682546c4fe927194b57  dependency-track-apiserver.jar
e0cc1abd661c991dd2ef3e19dd09903d609d2860c8510cc120bb399fb4751757d25cb05c1ef160e935579350a1cb060add556f3535e0b340f4bcbe848b9e0038  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Backport: Handle breaking change in Trivy v0.54.0 server API by @nscuro in #4040
• Backport: Fix anchors in changelog documentation by @nscuro (original change by @JCHacking) in #4043
• Backport: Fix validation error when XML BOM declares multiple namespaces by @nscuro (original change by @philippn) in #4041
• Backport: Fix project link for new vulnerable dependency for email by @nscuro (original change by @2000rosser) in #4044
• Backport: Fix JDOUserException when multiple licenses match a component's license name by @nscuro in #4042
• Fix parent field occasionally missing in /api/v1/project/{uuid} responses by @nscuro in #4049
• Backport: Fix vex export returning invalid CycloneDX by @nscuro (original change by @SaberStrat) in #4054

Dependency Updates 🤖

• Backport: Bump Temurin base image to 21.0.4_7 by @nscuro in #4056
• Bump bundled frontend to v4.11.6 by @nscuro in #4057

Other Changes

• Add changelog for v4.11.6 by @nscuro in #4045

Full Changelog: 4.11.5...4.11.6

4.11.5

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
8fd45ea6ae725e8e7dac59ec9d471fcdaeb42c6d  dependency-track-apiserver.jar
eba6cbaa6c2da9ffb295da83ed39af68ff4130a8  dependency-track-bundled.jar
# SHA256
c39c15849cbb7dd19833ea689c20aaf92bc9f6965b758961e1d2a01a2b09f86f  dependency-track-apiserver.jar
7ebb11573b2a59084ed98fe92d363240c910dc7b5aa7ebeda64bee7d47089d9a  dependency-track-bundled.jar
# SHA512
5c885c595687f20da1792393a161e30f23bb3fdfd9deb31c6010be3da86e839a046d2ba854a52f1148ba38fd368c084c911910a90ea384391cf6cad5e52bc1cd  dependency-track-apiserver.jar
eb0e56faa86bae2cb7d81b77e95fa6f809eaa55e7ed8a412dcb15cb4491490ae8398812752e460a07d12ca03b08a0951567be60accd48462c73263388dcd21ef  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Backport: Fix BOM_CONSUMED and BOM_PROCESSED notifications being dispatched with wrong scope for BOM processing V2 by @nscuro in #3941
• Backport: Set license name instead of ID when using custom license by @nscuro (original change by @2000rosser) in #3942

Dependency Updates 🤖

• Backport: Bump io.github.jeremylong:open-vulnerability-clients from 6.1.1 to 6.1.2 by @nscuro in #3940
• Backport: Bump debian from 0200978 to f8bbfa0 by @nscuro in #3943
• Bump oauth2-oidc-sdk from 10.15 to 11.13 by @nscuro in #3944
• Bump bundled frontend to 4.11.5 by @nscuro in #3945

Other Changes

• Add changelog for v4.11.5 by @nscuro in #3946

Full Changelog: 4.11.4...4.11.5

4.11.4

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
19531d4f02cccf26478b3a63feba355da8726b3f  dependency-track-apiserver.jar
3c4bb658783157ae9c408b8323e25e55c9ab25fd  dependency-track-bundled.jar
# SHA256
9a09259ba4c19d02b81a39fb5894df758f19ff1bb43538d4b999b4a5789a9d9b  dependency-track-apiserver.jar
73fc867d347da8a8af14f8c6812e13b870037a28d7de83e2837db9c27d840100  dependency-track-bundled.jar
# SHA512
a357be2617e9da6d4eaf19120316927ccddbc1290b9f0179287619864ffe2f6a349c9cab729853469425e273662e64cb49a4ede5498da937817b3cda01997af9  dependency-track-apiserver.jar
13fbf6477f2820b0926ad082063332e9f34de622e64b11cfe0fa4574ba5d2d9f41c06c791740ddb69a34fc71e21b6456f20c36018eb2b52e0664fdc47a41645f  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

• Backport: Support ingestion of CycloneDX v1.6 BOMs by @nscuro in #3863

Bug Fixes 🐛

• Backport: Fix inverted "show inactive" filter in vulnerability audit view by @nscuro (original change by @2000rosser) in #3864
• Backport: Fix BOM validation failing when URL contains encoded [ and ] characters by @nscuro in #3866
• Backport: Fix external references not being updated via POST /v1/component by @nscuro (original change by @sahibamittal) in #3867
• Backport: Prevent XXE injection during CycloneDX validation and parsing by @nscuro in #3871

Dependency Updates 🤖

• Backport: Bump bundled frontend to 4.11.4 by @nscuro in #3875

Other Changes

• Add changelog for v4.11.4 by @nscuro in #3868

Full Changelog: 4.11.3...4.11.4

4.11.3

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
ff4284ce635f4da916e907af20bb0e9339349ecd  dependency-track-apiserver.jar
beea18173e6a52180ac1a8ee721dd7f775eaaf2d  dependency-track-bundled.jar
# SHA256
f1e34cc7a0c5e2fe444e934aa221853ac762ee79997bc10fa712ee6ac8f776d8  dependency-track-apiserver.jar
d62557345bb244b5d34e7a56d057e264044524d8df7964df23383a2ace658cbd  dependency-track-bundled.jar
# SHA512
230d1e5eb4d883e1f2d3dfba734b6c8e92a55dbb56e263dab53cb127f01f1ca0f6fc36ac65acfb751dfa11c2a63d8f312a71411a329038dff974e772cb4446da  dependency-track-apiserver.jar
832fe98ba16b01b7411ff8a292f9e090295936406e521b3c8794868dc5665bc92c9d5db2657e4441be63a558b23b0da291aec4d277c0b0a50f63d2b5e2bdc38e  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Fix JDODataStoreException for unresolved licenses during BOM upload processing by @nscuro in #3801

Full Changelog: 4.11.2...4.11.3

4.11.2

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
174956bf3cd2dab16cfd36e7ab1b5d7001b99160  dependency-track-apiserver.jar
af75c903b033418ea6326cbb4e6885afba99ee94  dependency-track-bundled.jar
# SHA256
135cf4361bbbc65f488796bf196c8d2d3cbebec931b249e037551c6fbbae2ed7  dependency-track-apiserver.jar
5020ac51158038439b7482d5c5fec151773162724dce1779249bf73053456d34  dependency-track-bundled.jar
# SHA512
2002e27260b5cd4f96384828ef57f753916faab5ad06e0299958c3ab3e328045f2e805d0b1c3c56c85b4602d473c10d2c23d1098c94a4db93af0959c45b6ede8  dependency-track-apiserver.jar
262b582bd2dcbbb8966acd5dae3df88bc318590da0e66a7ac11f2197ccdca89b773013f317b5fe945650f16a48d2c4601356df10d77c10666d899917755cc0c8  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Backport: Handle breaking change in Trivy server API by @nscuro in #3785
• Backport: Fix project name not showing in Jira tickets by @nscuro (original change by @lgrguricmileusnic) in #3787
• Backport: Add date format to support offset in NuGet timestamps by @nscuro (original change by @sahibamittal) in #3788
• Backport: Fix licenses not being resolved by name by @nscuro in #3786
• Backport: Fix Slack notifications failing when no base URL is configured by @nscuro in #3792

Dependency Updates 🤖

• Backport: Bump bundled frontend to 4.11.2 by @nscuro in #3794

Other Changes

• Backport: Update database support docs by @nscuro in #3789
• Add changelog for v4.11.2 by @nscuro in #3790

Full Changelog: 4.11.1...4.11.2

4.11.1

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
aa3d8ffc6b8f9d15a801148a93275ebeba922010  dependency-track-apiserver.jar
c57f1b8c003d95daa871096cbc37a6c03cd08907  dependency-track-bundled.jar
# SHA256
ed08e60e0761ced93454c14194da02be5950805911dbc7f7c611bdf0e753b437  dependency-track-apiserver.jar
e7613d6654083ab6e2c4ae24459444efe4d83df5d2c4d27e58a94bc809e2627a  dependency-track-bundled.jar
# SHA512
75f4fcd203ccbbf494047b5866942b7a08fd1f97e98f40cd5aac57dd3401fcb2dc0e2e8953d54035dd3dd96e28c4df563ecee52df05769e8e530dc27e3e72f9b  dependency-track-apiserver.jar
10e590eb849e1179688c787c3f52a5e333f20962c8f2ab4cec0b6a3f872991ff7d9f80748439bb33281e615c0bcd8ed65530abcc34f018f8b7f171c104e5caf5  dependency-track-bundled.jar

What's Changed

Bug Fixes 🐛

• Backport: Fix failing JSON BOM validation when specVersion is not one of the first fields by @nscuro in #3698
• Backport: Fix broken global vuln audit view for MSSQL by @nscuro in #3701
• Backport: fix os handling when trivy sets pkgType on properties by @nscuro (original change by @fnxpt) in #3729

Other Changes

• Add changelog for v4.11.1 and bump bundled frontend by @nscuro in #3733

Full Changelog: 4.11.0...4.11.1

4.11.0

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
a9dae58a25c8aeeb54134ff054214505eb170db9  dependency-track-apiserver.jar
59b78c3f6b1979ba29c1bd754b7dc1005101fc49  dependency-track-bundled.jar
# SHA256
03160957fced99c3d923bbb5c6cb352740da1970bd4775b52bb451b95c4cefaf  dependency-track-apiserver.jar
1a34808cd6c7a9bf7b181e4f175c077f1ee5d5a9daf327b330db9b1c63aac2d3  dependency-track-bundled.jar
# SHA512
79a34a20a93f57a1bde94fa876c03141c7696f177c560397ecf4fdd68da168419f3703eb0a4c7e40cb677536b15640f89dddb8f5e8cf32dda3115b8f6d5cf6b3  dependency-track-apiserver.jar
af25807596c617d2bdff437ba9fd4d2e8cdf28f220b8844d8ab3a53fe0510d65ac30167dbb752c22e5f96536362389099e5c4b25302e4adec84d48d6c4d15198  dependency-track-bundled.jar

What's Changed

Enhancements 🚀

• Return processing token when cloning project #2842 by @rkg-mm in #3260
• Hyades backport: Preprocess CWE dictionary by @nscuro in #3284
• Add "Show in Dependency-Graph" Button in "Affected Projects" List [improved version] by @rkg-mm in #3285
• Add "Show in Dependency-Graph" Button in "Affected Projects" List by @rbt-mm in #2942
• Update SPDX license list to v3.22 by @nscuro in #3368
• Store computed severities in the database by @nscuro in #3408
• feat(vulnerabilities): enhance API to support frontend changes for active/inactive affected projects by @setchy in #3425
• Subject prefix by @LaVibeX in #3422
• Trivy by @fnxpt in #3259
• Webhook alert token and new user alerts by @fnxpt in #3275
• Global Audit View: Vulnerabilities by @rbt-mm in #2472
• Refactor BOM upload processing for better efficiency, correctness, and consistency by @nscuro in #3357
• Bump CWE dictionary to v4.13 by @nscuro in #3491
• Apply consistent formatting to SQL queries; Use text blocks instead of string concatenation by @nscuro in #3492
• Align retry configuration and behavior across analyzers by @nscuro in #3494
• Add auto-generated changelog to GitHub releases by @nscuro in #3502
• Bump SPDX license list to v3.23 by @nscuro in #3508
• Validate uploaded BOMs against CycloneDX schema by @nscuro in #3522
• Add endpoint for updating API key comment by @nscuro in #3537
• OpenAPI spec fixes and improvements by @nscuro in #3557
• Disable automatic API key generation for teams. Fixes part of issue #2552. by @mprencipe in #3574
• Generate SARIF File Of Project Vulnerability Findings by @aravindparappil46 in #3561
• New feature: VulnDB Aliases! by @LaVibeX in #3588
• Implement the hackage and nixpkgs meta analyzers by @MangoIV in #3549
• Add support for component properties by @nscuro in #3499
• Leverage component properties for Trivy scans by @fnxpt in #3620
• Improve Lucene observability by @nscuro in #3535
• Include pagination parameters in OpenAPI spec by @nscuro in #3625
• Include sorting query parameters in OpenAPI spec by @nscuro in #3631
• support for experimental configurations by @fnxpt in #3621
• Gracefully handle unique constraint violations by @nscuro in #3648
• Add support for worker pool drain timeout by @nscuro in #3657
• Fall back to no authentication when OSS Index API token decryption fails by @nscuro in #3661
• Truncate ComponentProperty value at 1024 characters by @nscuro in #3662
• Add the project name and project URL to bom processing notifications by @2000rosser in #3666
• Bump bundled frontend to v4.11.0 by @nscuro in #3681

Bug Fixes 🐛

• Fix dropping of CWE table failing due to FK constraint by @nscuro in #3304
• Fix notifications not being sent for child projects where active is null by @nscuro in #3305
• Fix NPE in VersionDistancePolicyEvaluator when project has no direct dependencies by @nscuro in #3307
• Fix ClassCastException when updating an existing ProjectMetadata#authors field by @nscuro in #3311
• feat: Improve Error handling and add default version type by @jadyndev in #3313
• Fix NVD API's last modified timestamp requiring restart to be applied by @nscuro in #3322
• Project cloning logic for cloning policy violations and Violationanalysis by @mge-mm in #3248
• Ignore withdrawn Github advisories by @kepten in #3394
• Fix VulnDB parser being unable to import vulnerability records when 'nvd_additional_information' is empty by @lukas-braune in #3437
• Fix URISyntaxException when NPM PURL contains special characters by @nscuro in #3456
• Finding Attributed On date is not retained when cloning projects by @sebD in #3488
• adding cargo to IMetaAnalyzer by @leec94 in #3511
• Fix type of purl fields in Swagger docs by @sebD in #3512
• Perform License Resolution On Name Field During SBOM Import by @aravindparappil46 in #3555
• Update License Of Existing Components On BOM Upload by @aravindparappil46 in #3556
• Provide meaningful error message for bom and vex exceeding Jackson's character limit by @nscuro in #3558
• Fix unhandled NotFoundExceptions causing a HTTP 500 response by @nscuro in #3559
• Extend length of PURL and PURLCOORDINATES columns from 255 to 786 by @nscuro in #3560
• Validate UUID request parameters by @nscuro in #3590
• Vuln db severity by @LaVibeX in #3595
• Fix JDOFatalUserException for long reference URLs from OSS Index by @nscuro in #3650
• Catch all unhandled ClientErrorExceptions by @nscuro in #3659
• Fix unique constraint violation during NVD mirroring via feed files by @nscuro in #3664
• De-duplicate CPEs in NVD feed file parsing by @nscuro in #3667
• Fix missing default repos for Hackage and Nixpkgs by @nscuro in #3678

Dependency Updates 🤖

• Bump org.apache.httpcomponents.client5:httpclient5 from 5.2.1 to 5.3 by @dependabot in #3282
• Bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in #3289
• Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 by @dependabot in #3288
• Bump com.google.cloud.sql:cloud-sql-connector-jdbc-sqlserver from 1.15.0 to 1.15.1 by @dependabot in #3298
• Bump io.github.jeremylong:open-vulnerability-clients from 5.1.0 to 5.1.1 by @dependabot in #3320
• Bump eclipse-temurin from 5f85d29 to e96937d in /src/main/docker by @depen...

4.10.1

For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and upgrade notes.
If additional details are required, consult the closed issues for this release milestone.

# SHA1
1d728ce1788e5db8b3a9308338a9e7e8ab5af12e  dependency-track-apiserver.jar
be32e1bc64d0b9b8019e340717d4ae3c12442ecd  dependency-track-bundled.jar
# SHA256
e30731cd1915d3a1578cf5d8c8596d247fb11a82a3fe4c1ba2fb9fad01667aef  dependency-track-apiserver.jar
ffa0ab6dc9be894d0887ca3e10c4ffe3a333305d98de940413fcdbb05e2bcebd  dependency-track-bundled.jar
# SHA512
6c6d31ff9c7545225932af0f7315a37e657833717fb10be5402dc5f7c8db160d3c6482b290197238731d845d8e4ee8e4f215f5266314dd761d64396f7d6c42c7  dependency-track-apiserver.jar
00078670bd970beca99a7711a2afa7858ba9d4ee5c51adf4af0a9f5a025f16ac99ec8138f9fc9fd139caf428f6084a8107281f620a5f4a21161a5c1538b91fe7  dependency-track-bundled.jar