OWASP Dependency-Track v5.0.2 Released

OWASP Dependency-Track is an intelligent component analysis platform that helps organizations identify and reduce software supply chain risk. It ingests Software Bill of Materials (SBOM) data, monitors components for known vulnerabilities and policy violations, and integrates with existing security and development toolchains.

Version 5.0.2 is a maintenance release with six bug fixes backported to the v5 branch, covering CPE query performance, admin seeding, email notifications, and a bump of the Alpine base image to 3.24.1.

Changelog for v5.0.2:

## What's Changed
### Bug Fixes 🐛
* Backport: Fix bad CPE query performance for internal vuln analyzer by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6441
* Backport: Fix admin re-seeding when USER table is populated by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6442
* Backport: v4-migrator: Don't migrate obsolete notification groups for notification rules by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6444
* Backport: dex: Fix over-reporting of activity task queue depth metric by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6447
* Backport: Fix duplicate project name/version handling for /v1/project POST and PATCH endpoints by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6448
* Backport: Fix MIME type of email notification templates not being set correctly by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6455
### Dependency Updates 🤖
* Backport: Bump Alpine base image to 3.24.1 by @nscuro in https://github.com/DependencyTrack/dependency-track/pull/6451

Full Changelog: https://github.com/DependencyTrack/dependency-track/compare/5.0.1...5.0.2

Full release notes: GitHub releases

• News
• Tools