2022-10-24-v4.6.2.md

title	type
v4.6.2	patch

This release fixes a cross-site scripting (XSS) vulnerability in the frontend. The bundled distribution has been updated to include the fixed frontend version. There are no changes for the API server distribution.

Fixes:

• Resolved a defect that caused HTML tags in vulnerability descriptions to be rendered on the vulnerability details page - #300

Security:

• Fixed a cross-site scripting vulnerability in the vulnerability details page - GHSA-c33w-pm52-mqvf

For a complete list of changes, refer to the respective GitHub milestones:

• API server milestone 4.6.2
• Frontend milestone 4.6.1

dependency-track-apiserver.jar

Algorithm	Checksum
SHA-1	313b2ee9bd957f8bd2b0baba524044197501b2a9
SHA-256	7ee92f572cebe6d8d8f9e37ab6067e5849c83c56c98b38a21418557260efbfdc

dependency-track-bundled.jar

Algorithm	Checksum
SHA-1	e009cc9345ae5bdb321c651df769a6d02dfc5a67
SHA-256	0e67de28a99aec1d2e3c4592b42f04e86084129f58f3d338b572fdc5b7064899

frontend-dist.zip

Algorithm	Checksum
SHA-1	67843f34745d4983da001ca158c0fa6aba814427
SHA-256	f0cb536946117068f26845eee89975e4d7feac0b7c806bae505172e85bfadf76

Software Bill of Materials (SBOM)

• API Server: bom.json
• Frontend: bom.json