Skip to content

Commit

Permalink
updated release notes
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevespringett
stevespringett committed Aug 2, 2021
1 parent 17e08aa commit ff27cea
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions docs/_posts/2021-XX-XX-v4.3.0.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,23 @@ type: major

**Security:**

Portfolio ACL logic has been implemented. In its current form, Portfolio Access Control is a beta feature in v4.3. As a result, the project will not treat bypass or absent ACL logic as a security defect. There are a few known gaps in ACL logic that will exist in v4.3.
Portfolio ACL logic has been implemented. In its current form, Portfolio Access Control is a beta feature in v4.3. As a result, the project will not treat bypass or absent ACL logic as a security defect. There are a few known gaps in ACL logic that will exist in v4.3. These gaps are tracked in [#1127](https://github.com/DependencyTrack/dependency-track/issues/1127).

ACL logic covers:
* /v1/bom/*
* Uploading SBOMs to projects or exporting SBOMs from projects or components
* v1/component/*
* CRUD operations on components
* /v1/finding/*
* Security findings for projects and components
* /v1/metrics/*
* Project and component metrics
* /v1/project/*
* _RUD operations on projects
* /v1/service/*
* CRUD operations on components
* /v1/violation/*
* Project and component policy violations
* /v1/vulnerability/*
* CRUD operations on vulnerable projects or components

Expand All @@ -37,7 +43,7 @@ The user interface clearly states that Portfolio Access Control is beta. By defa
**Upgrade Notes:**
* OpenID Connect: The client ID of the frontend has to be passed to the API server via the `alpine.oidc.client.id` property
* Required for the API server to be able to validate ID tokens. Refer to the [OIDC documentation]({{ site.baseurl }}{% link _docs/getting-started/openidconnect-configuration.md %}) for details.
* Removed legacy support for SPDX - [#1053](https://github.com/DependencyTrack/dependency-track/issues/1053)
* Removed legacy support for SPDX (RDF and tag/value) - [#1053](https://github.com/DependencyTrack/dependency-track/issues/1053)
* Removed legacy support for the traditional WAR (was previously deprecated and unsupported) - [#1070](https://github.com/DependencyTrack/dependency-track/issues/1070)


Expand Down

0 comments on commit ff27cea

Please sign in to comment.