Skip to content

Latest commit

 

History

History
63 lines (44 loc) · 3.58 KB

2024-07-08-v4.11.5.md

File metadata and controls

63 lines (44 loc) · 3.58 KB
title type
v4.11.5
patch

This release primarily addresses an inability to mirror the NVD via its REST API. The NVD REST API recently experienced increased load, causing service disruptions. Dependency-Track users who opted into API mirroring will have seen symptoms of this as NvdApiException: NVD Returned Status Code: 503 errors in the logs.

To reduce load on their systems, NIST started to block requests with a certain User-Agent header, which Dependency-Track happens to use. Upgrading to v4.11.5 will allow Dependency-Track to no longer be subject to this block.

Users who can't immediately update, yet are reliant on NVD data being current, can switch back to the feed file based mirroring by disabling Enable mirroring via API in the administration panel.

Fixes:

  • Fix broken NVD mirroring via REST API - apiserver/#3940
  • Fix BOM processing V2 dispatching BOM_CONSUMED and BOM_PROCESSED notification with scope SYSTEM instead of PORTFOLIO - apiserver/#3941
  • Fix BOM export producing invalid CycloneDX for custom licenses - apiserver/#3942

For a complete list of changes, refer to the respective GitHub milestones:

We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.

Special thanks to everyone who contributed code to implement enhancements and fix defects:
@2000rosser

Algorithm Checksum
SHA-1 8fd45ea6ae725e8e7dac59ec9d471fcdaeb42c6d
SHA-256 c39c15849cbb7dd19833ea689c20aaf92bc9f6965b758961e1d2a01a2b09f86f
Algorithm Checksum
SHA-1 eba6cbaa6c2da9ffb295da83ed39af68ff4130a8
SHA-256 7ebb11573b2a59084ed98fe92d363240c910dc7b5aa7ebeda64bee7d47089d9a
Algorithm Checksum
SHA-1 0992c02871d536eaa1d3971a01ce815daf115129
SHA-256 fa427fd6dde55fe6a327a82f52edcdbe29a04f23d360742fe446b0c8e1714647
Software Bill of Materials (SBOM)