dependency-track

mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-04-18 07:40:23 +00:00

Author	SHA1	Message	Date
Niklas	658be5695b	Add changelog for v4.14.1 Signed-off-by: Niklas <nscuro@protonmail.com>	2026-04-03 19:47:06 +02:00
Niklas	f7b8e4f659	Add release artifact checksums for 4.14.0 Signed-off-by: Niklas <nscuro@protonmail.com>	2026-03-09 23:18:10 +01:00
nscuro	0bb232797a	Add changelog for 4.14.0 Signed-off-by: nscuro <nscuro@protonmail.com>	2026-03-09 22:43:33 +01:00
valentijnscholten	9b3d85c9c2	Add EPSS score support for GitHub Advisory vulnerabilities (#5829 ) * Add EPSS score support for GitHub Advisory (GHSA) vulnerabilities Resolves https://github.com/DependencyTrack/dependency-track/issues/4330 - Map `percentage` (exploitation probability) and `percentile` (relative rank) from the GitHub EPSS API response to the `epssScore` and `epssPercentile` fields on GHSA Vulnerability records. - Extend `VulnerabilityQueryManager.hasChanges()` to also trigger an update when an advisory has EPSS data but the stored record does not, enabling backfill without relying on a changed `updatedAt` timestamp. - Add upgrade item `v4140Updater` that resets the GHSA mirror timestamp on first boot, causing the next mirror run to re-fetch all advisories and populate EPSS fields on existing records. - Add `ModelConverterTest` (unit) and extend `GitHubAdvisoryMirrorTaskTest` (integration) with EPSS test cases using real values from the GitHub API. Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> * Address PR review comments: rename changelog, use ParameterizedTest - Rename docs/_posts/2026-02-19-v4.14.0.md to 2026-xx-xx-v4.14.0.md - Convert testConvertSeverityMapping to @ParameterizedTest with display name Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> * add note to release notes Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com> --------- Signed-off-by: Valentijn Scholten <valentijnscholten@gmail.com>	2026-03-03 17:31:41 +01:00
Niklas	38f140e732	Add changelog for v4.13.6 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-11-17 09:54:30 +01:00
Niklas	2b8c531abc	Add changelog for v4.13.5 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-10-07 17:03:51 +02:00
Niklas	b3f55d70ea	Add changelog for v4.13.4 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-08-26 12:10:40 +02:00
Niklas	06a2497255	Add changelog for v4.13.3 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-08-04 15:02:53 +02:00
Niklas	c7afacda67	Rename 2025-05-09-v4.13.2 to 2025-05-09-v4.13.2.md Signed-off-by: Niklas <nscuro@protonmail.com>	2025-05-09 00:25:56 +02:00
Niklas	93d84f2ab5	Add changelog for v4.13.2 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-05-09 00:25:24 +02:00
Niklas	158f4591b9	Add changelog for v4.13.1 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-04-30 11:20:14 +02:00
Niklas	555e36520d	Add release artifact checksums for v4.13.0 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-04-07 11:43:21 +02:00
nscuro	77d1183806	Add changelog for v4.13.0 Signed-off-by: nscuro <nscuro@protonmail.com>	2025-04-07 11:06:39 +02:00
Niklas	0fca041450	Add changelog for v4.12.7 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-03-12 23:30:33 +01:00
Niklas	aa3f9def3e	Add changelog for v4.12.6 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-02-24 18:40:55 +01:00
Niklas	5e9aa61e63	Add changelog for v4.12.5 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-02-17 17:09:12 +01:00
Niklas	265c418abd	Add changelog for v4.12.4 Signed-off-by: Niklas <nscuro@protonmail.com>	2025-02-10 17:47:11 +01:00
nscuro	c5fd63c1c4	Add changelog for v4.12.3 Signed-off-by: nscuro <nscuro@protonmail.com>	2025-01-27 11:37:11 +01:00
nscuro	75e9ba8429	Fix file location of v4.12.2 changelog Signed-off-by: nscuro <nscuro@protonmail.com>	2025-01-27 11:36:14 +01:00
Niklas	6b19536e15	Add changelog for v4.12.2 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-12-04 13:35:30 +01:00
Niklas	fcdcd0885e	Add changelog for v4.12.1 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-10-25 23:14:25 +02:00
Niklas	3b8c428e0f	Add release artifact checksums for v4.12.0 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-10-01 22:53:38 +02:00
Niklas	5dc0383498	Add release artifact checksums for frontend v4.12.0 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-10-01 22:42:00 +02:00
nscuro	d36a6afd0f	Update changelog for v4.12.0 with recent changes Signed-off-by: nscuro <nscuro@protonmail.com>	2024-10-01 22:03:53 +02:00
nscuro	af64eeff28	Migrate Trivy integration to use Protobuf instead of JSON Closes #4065 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-09-02 22:51:03 +02:00
nscuro	5b93ffe98a	Update changelog for v4.12.0 with recent changes Signed-off-by: nscuro <nscuro@protonmail.com>	2024-09-01 21:13:33 +02:00
Niklas	11a96f5874	Add changelog for v4.11.7 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-08-14 14:44:20 +02:00
Niklas	dca7a56910	Add changelog for v4.11.6 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-08-10 22:13:49 +02:00
nscuro	3520236f92	Update changelog for v4.12.0 with recent changes Signed-off-by: nscuro <nscuro@protonmail.com>	2024-08-03 18:34:44 +02:00
JCHacking	489f39e383	fix: fix frontend link in changelog of documentation Refs: 2094 Signed-off-by: JCHacking <juancruzmencia@gmail.com>	2024-07-21 22:18:56 +02:00
JCHacking	1c71e24df0	fix: fix anchors in changelog documenation Refs: 2094 Signed-off-by: JCHacking <juancruzmencia@gmail.com>	2024-07-21 18:27:29 +02:00
Niklas	3299506a97	Add changelog for v4.11.5 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-07-08 20:17:57 +02:00
Niklas	8c36822788	Add changelog for v4.11.4 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-06-24 11:44:34 +02:00
nscuro	8ea662c929	Bump SPDX license list to v3.24.0 Closes #3830 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-06-14 15:17:26 +02:00
Niklas	5c3084bb12	Add changelog for v4.11.3 Signed-off-by: Niklas <nscuro@protonmail.com>	2024-06-03 11:40:36 +02:00
nscuro	9cc3ae08dc	Add changelog for v4.11.2 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-06-01 18:29:53 +02:00
nscuro	38c87175a8	Add changelog for v4.11.1 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-19 18:49:25 +02:00
nscuro	63d90210da	Raise baseline Java version to 21 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-07 22:42:50 +02:00
nscuro	16cfd7cbda	Update release artifact checksums for v4.11.0 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-07 16:23:59 +02:00
nscuro	7cd0013ccd	Update v4.11 changelog with frontend checksums Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-07 15:48:07 +02:00
nscuro	0f3d25cafe	Fix changelog typo; Set release date; Bump docs version Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-06 18:55:51 +02:00
nscuro	bc25ae0c41	Update v4.11 changelog with recent changes Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-06 14:11:14 +02:00
nscuro	df1174d3a8	Fix unique constraint violation during NVD mirroring The fix is achieved by using the same logic for persisting `Vulnerability` and `VulnerableSoftware` records that `NistApiMirrorTask` was already using. It handles duplicate records. This should also yield a performance boost (did not benchmark because that wasn't the focus of this change), since the transaction commit frequency is reduced compared to the previous logic. Fixes #3663 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-01 23:25:08 +02:00
nscuro	21af7b219d	Fall back to no authentication when OSS Index API token decryption fails Instead of causing a full-blown service disruption when API token decryption fails, fall back to unauthenticated API usage to limit the impact. Relates to #2366 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-05-01 19:45:18 +02:00
nscuro	6538d252ee	Catch all unhandled `ClientErrorException`s `ClientErrorException` in JAX-RS corresponds to HTTP 4xx status codes. Those were previously handled by Alpine's `GlobalExceptionHandler`, resulting in an HTTP 500 response when it really should've been a 4xx. Fixes #3645 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-04-29 23:38:03 +02:00
nscuro	efe3205f85	Update v4.11 changelog with recent changes Signed-off-by: nscuro <nscuro@protonmail.com>	2024-04-29 20:24:37 +02:00
Niklas	ee775e3a31	Merge pull request #3621 from fnxpt/experimental support for experimental configurations	2024-04-22 23:06:51 +02:00
nscuro	7840ca3fbd	Remove default values from `offset` and `limit` in OpenAPI spec Including default values for both `pageNumber`/`pageSize` and `offset`/`limit` causes the request generated by Swagger UI to use them all, which is confusing. Signed-off-by: nscuro <nscuro@protonmail.com>	2024-04-21 13:33:07 +02:00
nscuro	f500aaba81	Update Trivy docs with more instructions and known limitations Signed-off-by: nscuro <nscuro@protonmail.com>	2024-04-20 19:56:27 +02:00
nscuro	d09d3038f4	Include pagination parameters in OpenAPI spec Relates to #3608 Signed-off-by: nscuro <nscuro@protonmail.com>	2024-04-17 15:33:35 +02:00

1 2 3 4 5

203 commits