Update docker.io/dependencytrack/apiserver Docker tag to v5
No problems upgrading the backend Docker container with a Docker compose yaml file within Portainer and by means of Portainer DevOps resp. GitOps with dependency update facilitated by Mend's Renovate Bot.
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.io/dependencytrack/apiserver (source, changelog) | major | 4.14.2 → 5.0.1 |
Release Notes
DependencyTrack/dependency-track (docker.io/dependencytrack/apiserver)
v5.0.1
What's Changed
Enhancements 🚀
- Backport: v4-migrator: Add TCP keepalive and optional socket timeout by @nscuro in #6348
- Backport: v4-migrator: Fail fast when detecting bootstrap being pointed at v4 database by @nscuro in #6361
- Backport: Allow out-of-order execution of Flyway migrations by @nscuro in #6366
Bug Fixes 🐛
- Backport: Make REPOSITORY.AUTHENTICATIONREQUIRED non-nullable by @nscuro in #6349
- Backport: Apply stricter PURL normalization for NPM package metadata resolution by @nscuro in #6350
- Backport: Bypass outbox for notification rule tests by @nscuro in #6351
- Backport: Fix NO_PROXY being rejected as legacy Alpine property by @nscuro in #6352
- Backport: Reject parent objects with null UUID when creating/updating/patching projects by @nscuro in #6354
- Backport: v4-migrator: only run post-load actions when load phase completes successfully by @nscuro in #6353
- Backport: Fix NPE during LDAP auth when bind credentials are not configured by @nscuro in #6356
- Backport: Fix suppressed vulns being considered for policy evaluation by @nscuro in #6357
- Backport: Fix incomplete field coverage of /v1/finding/project/{uuid}'s searchText filter by @nscuro in #6358
- Backport: Fix OIDC UserInfo endpoint not being invoked when team sync is enabled and ID token contains no teams claim by @nscuro in #6359
- Backport: Fix URL-encoding of OSV ecosystem names by @nscuro in #6360
- Backport: Support non-UTC timezones for metrics operations by @nscuro in #6363
- Backport: Fix email notification publisher not populating the "From" header by @nscuro in #6362
- Backport: v4-migrator: Fix confusing debug log for missing tgt_permission table by @nscuro in #6364
- Backport: Fix URL-encoding of OSV ecosystem names when retrieving incremental advisories by @nscuro in #6375
- Backport: Handle PAC-inaccessible target projects more gracefully for BOM uploads with autoCreate=true by @nscuro in #6377
- Backport: Fix broken HTTP proxy basic auth by @nscuro in #6381
- Backport: Fix team of API key not being auto-assigned project access after project creation by @nscuro in #6389
Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/5.0.0...5.0.1
v5.0.0
[!WARNING]
Upgrading from v4 requires manual action.
- Migration is manual. See the migration guide. v4 must be ≥ 4.14.2 and offline during the upgrade. v5 requires PostgreSQL 14+ (H2, MySQL, SQL Server dropped).
- See Changes in v5 for what's new and what changed, including container-only distribution (no more WAR), REST API v1 changes, and new notification schemas.
- The official Helm chart is not yet compatible and fails rendering on v5 tags. Hold off if you deploy via Helm. See the Kubernetes deployment guide.
What's Changed
Enhancements 🚀
- Add problem type for invalid sort field errors by @nscuro in #6281
- Change tie-breaker sort columns for finding queries to allow more efficient sorting by @nscuro in #6289
Bug Fixes 🐛
- Fix LocalFileStorageTest flakiness by @nscuro in #6282
- v4-migrator: Grant SECRET_MANAGEMENT to principals with SYSTEM_CONFIGURATION permission by @nscuro in #6283
- Do not suggest internal sort tie-breaker columns as sortable via API by @nscuro in #6286
- Fix AuthZ being enforced on CORS preflight requests by @nscuro in #6288
Documentation 📃
- Add quickstart section to README by @nscuro in #6287
- Update README for GA release by @nscuro in #6290
Other Changes
Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/5.0.0-rc.5...5.0.0
