2023-12-19-v4.10.1.md

title	type
v4.10.1	patch

This release fixes various defects in the API server.
There are no changes for the frontend, the latest version of it remains 4.10.0.

NVD Data Feed Retirement Update:

The NVD has announced that retirement of the legacy data feeds has been delayed until further notice. Dependency-Track users who:

• ran into issues with the new NVD REST API integration, or
• did not have the time yet to migrate

can safely continue consuming the legacy feeds, or switch back to it.

Fixes:

• Fix alert rules not working for projects where the ACTIVE column is NULL - apiserver/#3306
• Fix NPE in version distance policy evaluation when project has no direct dependencies - apiserver/#3308
• Fix ClassCastException when updating an existing ProjectMetadata#authors field - apiserver/#3312
• Fix NPE in GitHub repository metadata analysis for components without version - apiserver/#3315
• Fix last modified timestamp for NVD mirroring via REST API not taking effect until restart - apiserver/#3323

For a complete list of changes, refer to the respective GitHub milestones:

• API server milestone 4.10.1

We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.

Special thanks to everyone who contributed code to implement enhancements and fix defects:
@jadyndev

dependency-track-apiserver.jar

Algorithm	Checksum
SHA-1	1d728ce1788e5db8b3a9308338a9e7e8ab5af12e
SHA-256	e30731cd1915d3a1578cf5d8c8596d247fb11a82a3fe4c1ba2fb9fad01667aef

dependency-track-bundled.jar

Algorithm	Checksum
SHA-1	be32e1bc64d0b9b8019e340717d4ae3c12442ecd
SHA-256	ffa0ab6dc9be894d0887ca3e10c4ffe3a333305d98de940413fcdbb05e2bcebd

Software Bill of Materials (SBOM)

• API Server: bom.json