cyclonedx-core-java-9.0.5

What's Changed

Enhancements 🚀

• Teach versions / generators about their supported file formats by @sschuberth in #445
• BOM string creation improvements by @sschuberth in #459
• Make Vulnerability objects comparable by value by @SaberStrat in #464

Bug Fixes 🐛

• Handle serialization of empty LicenseChoice correctly by @patveck in #441
• Fix missing offline mapping for jsf-0.82.schema.json by @nscuro in #469
• Fix ObjectLocator not working when BOM doesn't have a metadata.component node by @nscuro in #456

Dependency Updates 🤖

• Bump com.networknt:json-schema-validator from 1.4.2 to 1.4.3 by @dependabot in #440
• Bump org.junit.jupiter:junit-jupiter-engine from 5.10.2 to 5.10.3 by @dependabot in #442
• Bump org.junit.jupiter:junit-jupiter-params from 5.10.2 to 5.10.3 by @dependabot in #443
• Bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #451
• Bump actions/download-artifact from 4.1.7 to 4.1.8 by @dependabot in #452
• Bump JamesIves/github-pages-deploy-action from 4.6.1 to 4.6.3 by @dependabot in #450
• Bump com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.17.1 to 2.17.2 by @dependabot in #449
• Bump com.networknt:json-schema-validator from 1.4.3 to 1.5.0 by @dependabot in #448
• Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 by @dependabot in #453
• Bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #444
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.0 to 3.3.1 by @dependabot in #454
• Bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #458
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.0 to 3.1.1 by @dependabot in #457
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 by @dependabot in #461
• Bump commons-codec:commons-codec from 1.17.0 to 1.17.1 by @dependabot in #460
• Bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot in #474
• Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot in #473
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 by @dependabot in #472
• Bump github/codeql-action from 3.25.12 to 3.25.15 by @dependabot in #470
• Bump com.networknt:json-schema-validator from 1.5.0 to 1.5.1 by @dependabot in #467
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.7.0 to 3.8.0 by @dependabot in #465

New Contributors

• @patveck made their first contribution in #441
• @SaberStrat made their first contribution in #464

Full Changelog: cyclonedx-core-java-9.0.4...cyclonedx-core-java-9.0.5

9.0.4

What's Changed

Enhancements 🚀

• Add GitHub release notes config; Remove release-drafter by @nscuro in #432

Bug Fixes 🐛

• Fix possible XXE during XML schema version detection by @mr-zepol in #434
  • See also security advisory GHSA-683x-4444-jxh8
• Fix path to jacoco.xml for PR coverage reporting by @nscuro in #433

Dependency Updates 🤖

• Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 by @dependabot in #435
• Bump com.networknt:json-schema-validator from 1.4.0 to 1.4.2 by @dependabot in #436

Full Changelog: cyclonedx-core-java-9.0.3...cyclonedx-core-java-9.0.4

cyclonedx-core-java-9.0.3

What's Changed

• Code Improvements by @mr-zepol in #376
• Add extensible types during license serialization by @mr-zepol in #414
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0 by @dependabot in #417
• Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 by @dependabot in #415
• Add missing equals and hashCode by @mr-zepol in #419
• Bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #420
• Fix Evidence Serialization by @mr-zepol in #423
• Improve De/Serializer by @mr-zepol in #421
• Add Missing Annotations to filter based on spec by @mr-zepol in #416
• External References and Metadata Validations by @mr-zepol in #426
• Add CODEOWNERS file by @nscuro in #425
• Serializer for Properties and Hashes for backwards compatibility by @mr-zepol in #428
• Bump org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0 by @dependabot in #429
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 by @dependabot in #430
• CI pipeline improvements by @nscuro in #424
• Fix order of elements for generated SBOMs to match the specs by @mr-zepol in #431

Full Changelog: https://github.com/CycloneDX/cyclonedx-core-java/commits/cyclonedx-core-java-9.0.3