| DependencyTrack/dependency-track#4829 |
Bugfix |
Fix NEW_VULNERABILITIES_SUMMARY notification dispatch failing for PostgreSQL |
N/A, Outdated |
- |
| DependencyTrack/frontend#1224 |
Enhancement |
chore: Update versions in defect-report.yml |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4845 |
Bugfix |
Fix team email addresses not being available when publishing scheduled notification emails |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4837 |
Bugfix |
Prevent duplicate tag names and relationships |
✅ |
DependencyTrack/hyades-apiserver#1124 |
| DependencyTrack/frontend#1227 |
Enhancement |
Improve German Translation |
✅ |
DependencyTrack/hyades-frontend#467 |
| DependencyTrack/dependency-track#4832 |
Enhancement |
Convert tests to JUnit 5 |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4882 |
Enhancement |
Improve the stability of tag binding |
✅ |
DependencyTrack/hyades-apiserver#1124 |
| DependencyTrack/dependency-track#4883 |
Enhancement |
Bump Temurin base image to 21.0.7 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#4884 |
Bugfix |
Fix missing NONE value in classifier check constraint |
N/A, Outdated |
- |
| DependencyTrack/frontend#1237 |
Enhancement |
Show collection projects using tag in tag list |
✅ |
DependencyTrack/hyades-frontend#460 |
| DependencyTrack/dependency-track#4858 |
Bugfix |
Fix tag deletion failing when tag is used by project collection logic |
✅ |
DependencyTrack/hyades-apiserver#1938 |
| DependencyTrack/dependency-track#4902 |
Enhancement |
Bump bundled frontend to 4.13.1 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#4907 |
Bugfix |
Fix failing v4.13.1 migration for MSSQL deployments that pre-date v4.11.0 |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4912 |
Enhancement |
Migrate to maintained protobuf-maven-plugin |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4910 |
Bugfix |
Fix summary notifications not sent when "skip if unchanged" is enabled |
✅ |
DependencyTrack/hyades-apiserver#1934 |
| DependencyTrack/dependency-track#4905 |
Bugfix |
Align naming of isLatest parameter between PUT and POST endpoints for BOM upload |
✅ |
DependencyTrack/hyades-apiserver#1940 |
| DependencyTrack/dependency-track#4930 |
Enhancement |
Bump bundled frontend to 4.13.2 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#4935 |
Enhancement |
Make POLICY_VIOLATION emails more informative |
✅ |
DependencyTrack/hyades-apiserver#1941 |
| DependencyTrack/dependency-track#4806 |
Bugfix |
Add Metrics update trigger after cloning a project |
- [ ] |
|
| DependencyTrack/dependency-track#4857 |
Enhancement |
handleRequestException: add baseUrl to log |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4942 |
Enhancement |
Classify GPL with CPE as weak copyleft |
✅ |
DependencyTrack/hyades-apiserver#1945 |
| DependencyTrack/dependency-track#4949 |
Bugfix |
Enable source filtering in SARIF format for /finding/project/{UUID} |
✅ |
DependencyTrack/hyades-apiserver#1989 |
| DependencyTrack/dependency-track#4968 |
Enhancement |
switch cvss handling to metaeffekt |
- [ ] |
|
| DependencyTrack/dependency-track#4975 |
Enhancement |
docs: FAQ entry that links to outbound-connection list (fixes #4228) |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#4876 |
Enhancement |
docs: More specific description of BOM upload |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5032 |
Enhancement |
Add AWS Cognito configuration example |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5034 |
Bugfix |
Add apiserver health check to Compose files |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5033 |
Bugfix |
Handle dangling SPDX expression operators |
✅ |
DependencyTrack/hyades-apiserver#1946 |
| DependencyTrack/dependency-track#5038 |
Enhancement |
docs: Additional info on connecting Entra |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5051 |
Enhancement |
Add Alpine-based container image variants |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5052 |
Enhancement |
Various Maven build tweaks |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5019 |
Bugfix |
Improve Composer meta analyzer's ability to deal with minified metadata |
✅ |
DependencyTrack/hyades-apiserver#1981 |
| DependencyTrack/frontend#1276 |
Enhancement |
feat: add suffix to vulnerability locale keys |
- [ ] |
|
| DependencyTrack/dependency-track#4516 |
Enhancement |
Create pr-detect-merge-conflicts GitHub workflow |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5058 |
Enhancement |
Remove system requirements check; Lower resource requirements |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5059 |
Enhancement |
Extract JRE creation with jlink into separate script |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5061 |
Bugfix |
Add whitespace sanitization in fuzzySearch CPE to fix CPE validation errors |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5073 |
Enhancement |
Implement Version Parameter when exporting BOM's |
✅ |
DependencyTrack/hyades-apiserver#1958 |
| DependencyTrack/dependency-track#5066 |
Enhancement |
feat: support configurable match mode for internal component regex (AND/OR) |
✅ |
DependencyTrack/hyades-apiserver#1959 |
| DependencyTrack/frontend#1287 |
Enhancement |
chore(i18n-uk): update Ukrainian translations |
- [ ] |
|
| DependencyTrack/dependency-track#5101 |
Bugfix |
Fix too many query parameters when retrieving vuln aliases |
NA, Outdated |
|
| DependencyTrack/dependency-track#5100 |
Bugfix |
Fix failing v4.13.1 migration for H2 deployments that pre-date v4.11.0 |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5094 |
Enhancement |
feat(findings): Add EPSS filtering support to findings API |
✅ |
DependencyTrack/hyades-apiserver#1960 |
| DependencyTrack/dependency-track#5106 |
Bugfix |
Fix Issue#5105: OSV Ubuntu advisory contains severity without type (ubuntu priority) |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5134 |
Bugfix |
Ensure VulnerableSoftware query is able to leverage indexes |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5148 |
Bugfix |
Fix BOM export failing for projects of type NONE |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5147 |
Bugfix |
Bulk load component relationships for BOM export |
✅ |
DependencyTrack/hyades-apiserver#1961 |
| DependencyTrack/dependency-track#5170 |
Enhancement |
Bump PostgreSQL JDBC driver to 42.7.7 |
N/A, Dependency version bump |
- |
| DependencyTrack/frontend#1283 |
Enhancement |
feat(ui): add match mode selector to internal component config #1282 |
- [ ] |
|
| DependencyTrack/dependency-track#5183 |
Enhancement |
Bump bundled frontend to 4.13.3 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5160 |
Bugfix |
Fix inverted component matching |
✅ |
DependencyTrack/hyades-apiserver#1962 |
| DependencyTrack/dependency-track#5226 |
Enhancement |
Migrate to NVD 2.0 data feeds |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5231 |
Bugfix |
Fix failing TrivyAnalysisTaskIntegrationTest |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5233 |
Bugfix |
Handle URLs in composer package metadata pattern |
✅ |
DependencyTrack/hyades-apiserver#1981 |
| DependencyTrack/dependency-track#5237 |
Enhancement |
Bump angus-mail to 2.0.4 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5238 |
Enhancement |
Bump commons-lang3 to 3.18.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5239 |
Enhancement |
Bump Temurin base image to 21.0.8_9 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5245 |
Bugfix |
Fix inconsistent ordering in findings endpoints |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5248 |
Bugfix |
Fix failing Trivy OS matching for distro versions with special characters |
N/A, Outdated |
- |
| DependencyTrack/frontend#1311 |
Enhancement |
feat: display license id |
- [ ] |
|
| DependencyTrack/dependency-track#5252 |
Enhancement |
Bump bundled frontend to 4.13.4 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5264 |
Bugfix |
fix null when NuGet package has only pre-released versions |
- [ ] |
|
| DependencyTrack/dependency-track#5265 |
Bugfix |
improve detection if version is commit sha or release tag for github purl |
- [ ] |
|
| DependencyTrack/dependency-track#4901 |
Enhancement |
Test performance improvements |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5275 |
Bugfix |
Fix NullPointerException in GithubMetaAnalyzer when analyzing GitHub Actions |
- [ ] |
|
| DependencyTrack/dependency-track#5280 |
Bugfix |
Make CPE matching case-insensitive |
- [ ] |
|
| DependencyTrack/dependency-track#5287 |
Enhancement |
Make OSS Index credentials required |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5292 |
Bugfix |
fix #5291: v4135Updater SQL query |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5314 |
Bugfix |
return only tags of the policy itself |
- [ ] |
|
| DependencyTrack/dependency-track#5224 |
Enhancement |
Add Support for CycloneDX Scope Data |
- [ ] |
|
| DependencyTrack/dependency-track#5323 |
Bugfix |
Check for non-empty timestamp files in doDownload of NistMirrorTask |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5334 |
Enhancement |
Bump container images to Java 25 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5336 |
Enhancement |
Bump cyclonedx-core-java to 11.0.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5337 |
Enhancement |
Bump Alpine to 3.3.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5338 |
Enhancement |
Bump SPDX license list to 3.27.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5310 |
Bugfix |
download OSV mirror files to temp files to keep connection lifetime short |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5383 |
Enhancement |
Bump bundled frontend to 4.13.5 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5395 |
Bugfix |
Fix referential integrity violation in project batch delete |
N/A, Outdated; Hyades uses FK constraints with cascading deletes |
- |
| DependencyTrack/dependency-track#5402 |
Bugfix |
Fix referential integrity violation in team deletion |
N/A, Outdated; Hyades uses FK constraints with cascading deletes |
- |
| DependencyTrack/dependency-track#5408 |
Bugfix |
drop missing entities in case of stale lucene data |
N/A, Outdated; Lucene no longer exists |
- |
| DependencyTrack/dependency-track#5418 |
Bugfix |
improve vulnerablesoftware cpe normalization performance |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5420 |
Bugfix |
fix sneaky double quote |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5425 |
Enhancement |
Adds sbomify to list |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5412 |
Bugfix |
Corrected typo in e-mail template method and corrected test. |
- [ ] |
|
| DependencyTrack/dependency-track#4966 |
Bugfix |
PUT oidc/mapping should be idempotent |
- [ ] |
|
| DependencyTrack/dependency-track#5438 |
Bugfix |
Changed the toString() method for project objects. |
- [ ] |
|
| DependencyTrack/dependency-track#5444 |
Bugfix |
fix link for Sonatype OSS Index Analyzer |
N/A, Outdated |
- |
| DependencyTrack/frontend#1354 |
Bugfix |
fix: don't duplicate base-path in links |
- [ ] |
|
| DependencyTrack/dependency-track#5465 |
Enhancement |
Run Dependabot on latest release branch |
N/A, Outdated |
- |
| DependencyTrack/frontend#1364 |
Enhancement |
Run Dependabot on latest release branch |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5455 |
Bugfix |
fix: validate description length for PUT /api/v1/project |
- [ ] |
|
| DependencyTrack/frontend#1363 |
Bugfix |
fix(ui): remove policy UUID from tag search endpoint in SelectTagModal |
- [ ] |
|
| DependencyTrack/dependency-track#5504 |
Enhancement |
SecObserve has been moved to another GitHub organisation |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5513 |
Bugfix |
Fix NPEs in ComposerMetaAnalyzer |
- [ ] |
|
| DependencyTrack/frontend#1378 |
Bugfix |
Run welcome message through DOMPurify before rendering it |
- [ ] |
|
| DependencyTrack/dependency-track#5500 |
Enhancement |
Include project UUID in log messages. |
- [ ] |
|
| DependencyTrack/frontend#1380 |
Bugfix |
Fix redirect loop when authenticated user is lacking permissions |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5540 |
Enhancement |
Bump bundled frontend to 4.13.6 |
N/A, Dependency version bump |
- |
| DependencyTrack/frontend#1319 |
Enhancement |
feat(scope): Support for scope mentioned in cyclonedx format. |
- [ ] |
|
| DependencyTrack/frontend#1389 |
Enhancement |
chore: remove duplicate call to prebuild from package.json |
- [ ] |
|
| DependencyTrack/dependency-track#5574 |
Bugfix |
fix: add correct UTF-8 encoding to notification payload |
- [ ] |
|
| DependencyTrack/frontend#1395 |
Enhancement |
update dompurify to 3.3.0 |
- [ ] |
|
| DependencyTrack/dependency-track#5615 |
Enhancement |
Added projectUuid via MDC to logger statements within VEX upload. |
- [ ] |
|
| DependencyTrack/frontend#1410 |
Bugfix |
Reseting isDisabled and re-initialize teams when opening create-modal. |
- [ ] |
|
| DependencyTrack/dependency-track#5648 |
Enhancement |
docs: specify newer version of docker compose in readme |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5591 |
Enhancement |
Implemented VERS approach for PURL version matching with VERSATILE. |
- [ ] |
|
| DependencyTrack/dependency-track#5537 |
Enhancement |
Incremental updates for OsvDownloadTask |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5651 |
Enhancement |
Bump versatile to 0.15.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5653 |
Bugfix |
Fix excessive memory usage of Nix analyzer |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5652 |
Enhancement |
Bump Alpine to 3.5.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#4483 |
Enhancement |
Add Repository Bearer Authentication |
- [ ] |
|
| DependencyTrack/dependency-track#5657 |
Enhancement |
Dockerfile tweaks |
N/A, Outdated |
- |
| DependencyTrack/frontend#1128 |
Enhancement |
Repositories Bearer Auth: Make username optional |
- [ ] |
|
| DependencyTrack/dependency-track#5679 |
Bugfix |
Fix wrong NPM component coordinate separator for Trivy analysis |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5680 |
Enhancement |
Bump Alpine to 3.5.1 |
N/A, Dependency version bump |
- |
| DependencyTrack/frontend#1412 |
Enhancement |
feat(i18n): add Traditional Chinese (zh-TW) language support and update related translations |
- [ ] |
|
| DependencyTrack/frontend#1421 |
Enhancement |
Remove database information from About dialogue |
- [ ] |
|
| DependencyTrack/dependency-track#5714 |
Bugfix |
Fall back to generic versioning scheme if no PURL is available |
- [ ] |
|
| DependencyTrack/dependency-track#5719 |
Enhancement |
Bump versatile to 0.16.1 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5711 |
Bugfix |
fix: performance issue with PURL lookups #5710 |
- [ ] |
|
| DependencyTrack/dependency-track#5721 |
Enhancement |
Bump cyclonedx-core-java to 12.0.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5722 |
Enhancement |
Bump Alpine to 3.6.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5751 |
Bugfix |
Fix incorrect URL for VulnDB analyzer |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5736 |
Enhancement |
Add configurable base URL for OSS Index API |
N/A, Outdated |
- |
| DependencyTrack/frontend#1431 |
Enhancement |
Add OSS Index Base URL configuration field |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5758 |
Bugfix |
Ensure container zombie processes are reaped |
- [ ] |
|
| DependencyTrack/dependency-track#5774 |
Enhancement |
Update OSS Index documentation |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5775 |
Bugfix |
Fix singleton events not being labelled as such |
- [ ] |
|
| DependencyTrack/dependency-track#5570 |
Enhancement |
feat(policy): add Internal Status policy condition support |
- [ ] |
|
| DependencyTrack/frontend#1394 |
Enhancement |
feat: Add support for IS_INTERNAL policy condition |
- [ ] |
|
| DependencyTrack/dependency-track#5793 |
Enhancement |
Various tweaks for OSS Index analyzer |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5794 |
Enhancement |
Switch to G1GC and limit default Docker Compose memory to 4GB |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5858 |
Enhancement |
Add Makefile and AGENTS.md |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5859 |
Bugfix |
Fix flaky SnykAnalysisTaskTest |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5860 |
Enhancement |
Fix enhance profile missing from test make targets |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5783 |
Bugfix |
Consider OS distro during vulnerability matching |
- [ ] |
|
| DependencyTrack/dependency-track#5861 |
Enhancement |
Update Trivy protos |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5862 |
Enhancement |
Tweak vulnerability persistence logic |
- [ ] |
|
| DependencyTrack/dependency-track#5863, DependencyTrack/frontend#1455 |
Enhancement |
Add CVSSv4 support |
- [ ] |
|
| DependencyTrack/frontend#1455, DependencyTrack/dependency-track#5863 |
Enhancement |
Add CVSSv4 support |
- [ ] |
|
| DependencyTrack/frontend#1456 |
Enhancement |
Add missing internal_status i18n key for zh-TW locale |
- [ ] |
|
| DependencyTrack/dependency-track#5829 |
Enhancement |
feat: add EPSS score support for GitHub Advisory (GHSA) vulnerabilities |
Need to consider mapping of EPSS to CDX VulnerabilityRating |
DependencyTrack/hyades-apiserver#1993 |
| DependencyTrack/dependency-track#5883 |
Enhancement |
Bump Alpine to 3.7.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5844 |
Enhancement |
Include CVSS vectors and metadata in Finding model |
✅ |
DependencyTrack/hyades-apiserver#1980 |
| DependencyTrack/dependency-track#5831 |
Enhancement |
Add page on users and permissions |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5886 |
Enhancement |
Delete NVD feed timestamp files during v4.14.0 upgrade |
N/A, Outdated |
- |
| DependencyTrack/dependency-track#5885 |
Enhancement |
Bump FPF version to 1.3 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5888 |
Enhancement |
Bump SPDX license list to v3.28.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5889 |
Enhancement |
Bump CWE dictionary to v4.19.1 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5890 |
Enhancement |
Bump bundled frontend to 4.14.0 |
N/A, Dependency version bump |
- |
| DependencyTrack/dependency-track#5887 |
Enhancement |
Add changelog for 4.14.0 |
N/A, Outdated |
- |
Current Behavior
v4.14.0 of vanilla Dependency-Track has been released. We need to port the relevant changes to Hyades.
For reference, changes from v4.13 were ported here: #2104
API server: https://github.com/DependencyTrack/dependency-track/milestone/49?closed=1
Frontend: https://github.com/DependencyTrack/frontend/milestone/34?closed=1
Proposed Behavior
NEW_VULNERABILITIES_SUMMARYnotification dispatch failing for PostgreSQLNONEvalue in classifier check constraintprebuildfrompackage.jsonChecklist