Merge pull request #4439 from nscuro/4.12.2-changelog

nscuro · web-flow · commit 1572112ffc1b · 2024-12-04T13:23:21.000+01:00
diff --git a/docs/_posts/2024-12-04-v4.12.2.md b/docs/_posts/2024-12-04-v4.12.2.md
@@ -0,0 +1,97 @@
+---
+title: v4.12.2
+type: patch
+---
+
+**Fixes:**
+
+* Fix possible enumeration of managed users via `/api/v1/user/login` endpoint - [GHSA-9w3m-hm36-w32w]
+* Reduce memory usage of metrics update tasks - [apiserver/#4377]
+* Fix CPE matching for NVD mirroring via REST API - [apiserver/#4378]
+* Fix incorrect CWE schema in OpenAPI spec - [apiserver/#4379]
+* Fix NullPointerException when fetching findings - [apiserver/#4380]
+* Fix policy evaluation not happening upon creation of update of individual components - [apiserver/#4381]
+* Fix nullable metrics fields having getters of primitive type - [apiserver/#4382]
+* Fix Trivy analyzer vulnerability matching for Go packages - [apiserver/#4395]
+* Fix too frequent notifications during GHSA mirroring - [apiserver/#4417]
+* Fix `project.active` field being nullable - [apiserver/#4418]
+* Fix NullPointerException when cloning projects with broken dependency graph - [apiserver/#4419]
+* Fix missing CycloneDX JSON content type for `/api/v1/bom/cyclonedx/component/{uuid}` endpoint - [apiserver/#4420]
+* Fix no error being displayed when submitting and invalid welcome message - [frontend/#1099]
+* Fix tags with special characters breaking the tags table - [frontend/#1100]
+* Fix broken NGINX IPv6 listening - [frontend/#1101]
+* Fix viewing of component properties requiring the `PORTFOLIO_MANAGEMENT` permission - [frontend/#1102]
+* Fix missing URI encoding for vulnerability IDs - [frontend/#1103]
+* Improve Russian translation - [frontend/#1109]
+
+**Upgrade Notes:**
+
+* `ACTIVE` columns in the `PROJECT` table that previously had `NULL` values will be updated
+to `TRUE` automatically upon upgrade. The column is further assigned a default value of `TRUE`.
+No manual action is required. The SQL statements executed by Dependency-Track can be found [here](https://github.com/DependencyTrack/dependency-track/blob/92f0d605ce4fdff4a20ff408c748dd1023786fb4/src/main/java/org/dependencytrack/upgrade/v4122/v4122Updater.java#L45-L82).
+
+For a complete list of changes, refer to the respective GitHub milestones:
+
+* [API server milestone 4.12.1](https://github.com/DependencyTrack/dependency-track/milestone/46?closed=1)
+* [Frontend milestone 4.12.1](https://github.com/DependencyTrack/frontend/milestone/31?closed=1)
+
+We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes.
+
+Special thanks to everyone who contributed code to implement enhancements and fix defects:  
+[@Gepardgame], [@Shortfinga], [@WoozyMasta], [@antoinbo], [@calderonth], [@fupgang], [@rissson], [@wratner]
+
+###### dependency-track-apiserver.jar
+
+| Algorithm | Checksum |
+|:----------|:---------|
+| SHA-1     |          |
+| SHA-256   |          |
+
+###### dependency-track-bundled.jar
+
+| Algorithm | Checksum |
+|:----------|:---------|
+| SHA-1     |          |
+| SHA-256   |          |
+
+###### frontend-dist.zip
+
+| Algorithm | Checksum                                                         |
+|:----------|:-----------------------------------------------------------------|
+| SHA-1     | b1e520a4aa0d3a3dc65aa5ab7da93b81c84edf43                         |
+| SHA-256   | 0a8790def4abe6ab3c5294928cc816a266c2b746ec39b0c1f140b8a2f4c0ad74 |
+
+###### Software Bill of Materials (SBOM)
+
+* API Server: [bom.json](https://github.com/DependencyTrack/dependency-track/releases/download/4.12.2/bom.json)
+* Frontend: [bom.json](https://github.com/DependencyTrack/frontend/releases/download/4.12.2/bom.json)
+
+[GHSA-9w3m-hm36-w32w]: https://github.com/DependencyTrack/dependency-track/security/advisories/GHSA-9w3m-hm36-w32w
+
+[apiserver/#4377]: https://github.com/DependencyTrack/dependency-track/pull/4377
+[apiserver/#4378]: https://github.com/DependencyTrack/dependency-track/pull/4378
+[apiserver/#4379]: https://github.com/DependencyTrack/dependency-track/pull/4379
+[apiserver/#4380]: https://github.com/DependencyTrack/dependency-track/pull/4380
+[apiserver/#4381]: https://github.com/DependencyTrack/dependency-track/pull/4381
+[apiserver/#4382]: https://github.com/DependencyTrack/dependency-track/pull/4382
+[apiserver/#4395]: https://github.com/DependencyTrack/dependency-track/pull/4395
+[apiserver/#4417]: https://github.com/DependencyTrack/dependency-track/pull/4417
+[apiserver/#4418]: https://github.com/DependencyTrack/dependency-track/pull/4418
+[apiserver/#4419]: https://github.com/DependencyTrack/dependency-track/pull/4419
+[apiserver/#4420]: https://github.com/DependencyTrack/dependency-track/pull/4420
+
+[frontend/#1099]: https://github.com/DependencyTrack/frontend/pull/1099
+[frontend/#1100]: https://github.com/DependencyTrack/frontend/pull/1100
+[frontend/#1101]: https://github.com/DependencyTrack/frontend/pull/1101
+[frontend/#1102]: https://github.com/DependencyTrack/frontend/pull/1102
+[frontend/#1103]: https://github.com/DependencyTrack/frontend/pull/1103
+[frontend/#1109]: https://github.com/DependencyTrack/frontend/pull/1109
+
+[@Gepardgame]: https://github.com/Gepardgame
+[@Shortfinga]: https://github.com/Shortfinga
+[@WoozyMasta]: https://github.com/WoozyMasta
+[@antoinbo]: https://github.com/antoinbo
+[@calderonth]: https://github.com/calderonth
+[@fupgang]: https://github.com/fupgang
+[@rissson]: https://github.com/rissson
+[@wratner]: https://github.com/wratner
