Closed Maxouwell closed 4 weeks ago
This is fixed in v4.11 (https://github.com/DependencyTrack/dependency-track/pull/3522, https://github.com/DependencyTrack/frontend/pull/762). BOMs are now validated upon upload. If the CycloneDX version is not yet supported, the upload will fail.
Current Behavior
If the bom version sent is not supported, the project is updated with 0 component and a CycloneDx version "CycloneDx null"
I had the problem when the cycloneDx maven plugin switched to CycloneDx 1.5, on Dtrack 4.8.2
Proposed Behavior
Reject the bom or add a error/warning in the logs
Checklist