|
| 1 | +--- |
| 2 | +title: v4.11.5 |
| 3 | +type: patch |
| 4 | +--- |
| 5 | + |
| 6 | +This release primarily addresses an inability to mirror the NVD via its REST API. The NVD REST API recently experienced |
| 7 | +increased load, causing service disruptions. Dependency-Track users who opted into API mirroring will have seen |
| 8 | +symptoms of this as `NvdApiException: NVD Returned Status Code: 503` errors in the logs. |
| 9 | + |
| 10 | +To reduce load on their systems, [NIST started to block](https://github.com/jeremylong/Open-Vulnerability-Project/issues/184#issuecomment-2214217254) |
| 11 | +requests with a certain `User-Agent` header, which Dependency-Track happens to use. Upgrading to v4.11.5 |
| 12 | +will allow Dependency-Track to no longer be subject to this block. |
| 13 | + |
| 14 | +Users who can't immediately update, yet are reliant on NVD data being current, can switch back to the |
| 15 | +feed file based mirroring by disabling *Enable mirroring via API* in the administration panel. |
| 16 | + |
| 17 | +**Fixes:** |
| 18 | + |
| 19 | +* Fix broken NVD mirroring via REST API - [apiserver/#3940] |
| 20 | +* Fix BOM processing V2 dispatching `BOM_CONSUMED` and `BOM_PROCESSED` notification with scope `SYSTEM` instead of `PORTFOLIO` - [apiserver/#3941] |
| 21 | +* Fix BOM export producing invalid CycloneDX for custom licenses - [apiserver/#3942] |
| 22 | + |
| 23 | +For a complete list of changes, refer to the respective GitHub milestones: |
| 24 | + |
| 25 | +* [API server milestone 4.11.5](https://github.com/DependencyTrack/dependency-track/milestone/42?closed=1) |
| 26 | +* [Frontend milestone 4.11.5](https://github.com/DependencyTrack/frontend/milestone/27?closed=1) |
| 27 | + |
| 28 | +We thank all organizations and individuals who contributed to this release, from logging issues to taking part in discussions on GitHub & Slack to testing of fixes. |
| 29 | + |
| 30 | +Special thanks to everyone who contributed code to implement enhancements and fix defects: |
| 31 | +[@2000rosser] |
| 32 | + |
| 33 | +###### dependency-track-apiserver.jar |
| 34 | + |
| 35 | +| Algorithm | Checksum | |
| 36 | +|:----------|:---------| |
| 37 | +| SHA-1 | | |
| 38 | +| SHA-256 | | |
| 39 | + |
| 40 | +###### dependency-track-bundled.jar |
| 41 | + |
| 42 | +| Algorithm | Checksum | |
| 43 | +|:----------|:---------| |
| 44 | +| SHA-1 | | |
| 45 | +| SHA-256 | | |
| 46 | + |
| 47 | +###### frontend-dist.zip |
| 48 | + |
| 49 | +| Algorithm | Checksum | |
| 50 | +|:----------|:-----------------------------------------------------------------| |
| 51 | +| SHA-1 | 0992c02871d536eaa1d3971a01ce815daf115129 | |
| 52 | +| SHA-256 | fa427fd6dde55fe6a327a82f52edcdbe29a04f23d360742fe446b0c8e1714647 | |
| 53 | + |
| 54 | +###### Software Bill of Materials (SBOM) |
| 55 | + |
| 56 | +* API Server: [bom.json](https://github.com/DependencyTrack/dependency-track/releases/download/4.11.5/bom.json) |
| 57 | +* Frontend: [bom.json](https://github.com/DependencyTrack/frontend/releases/download/4.11.5/bom.json) |
| 58 | + |
| 59 | +[apiserver/#3940]: https://github.com/DependencyTrack/dependency-track/pull/3940 |
| 60 | +[apiserver/#3941]: https://github.com/DependencyTrack/dependency-track/pull/3941 |
| 61 | +[apiserver/#3942]: https://github.com/DependencyTrack/dependency-track/pull/3942 |
| 62 | + |
| 63 | +[@2000rosser]: https://github.com/2000rosser |
0 commit comments