Releases: DefectDojo/django-DefectDojo
Releases · DefectDojo/django-DefectDojo
2.47.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.0
- Fix helm chart for nightly-dev builds @valentijnscholten (#12504)
- remove google sheets leftovers @valentijnscholten (#12509)
- push to jira: check for existing jira issue inside celery task @valentijnscholten (#12508)
- Fixing linter issue @rossops (#12519)
- fix: add CVSSv4 support to auditjs parser and improve error handling @Haralishev77 (#12391)
- Include CVSS score in finding when using OpenVAS csv parser @jostaub (#12472)
- ms defender: do not cache parsed findings @valentijnscholten (#12493)
- legacy reimport: make matching on title case-insensitive @valentijnscholten (#12487)
- Checkmarx one doc update @skywalke34 (#12408)
- Updated Nexpose XML (Rapid7) Parser Documentation @skywalke34 (#12409)
- Add new "evaluations" format support to Anchorectl parser @cosmel-dojo (#12425)
- bugfix cyberwatch parser @AmineHazi (#12480)
- [docs] pro changelog 2.46.0- 2.46.3 @paulOsinski (#12484)
- 🐛 fix missing CWE in HCL Appscan #12468 @manuel-sommer (#12469)
- Update contributors in README.md @Maffooch (#12485)
- docs maintenance @paulOsinski (#12455)
- cvssv3: backport tests @valentijnscholten (#12457)
- excel export: enhance handling of finding groups, better logging @valentijnscholten (#12435)
- docs: Add non-parser Test Types to product hierarchy documentation @skywalke34 (#12419)
- defender: fix no vulnerabilities check @valentijnscholten (#12448)
- [docs] Add FAQ + minor maintenance changes @paulOsinski (#12417)
- [docs] Pro dashboards and metrics @paulOsinski (#12416)
- Managed Files: Sanitized file name before downloading @Maffooch (#12406)
- feat(helm): Drop support for postgresql-ha @kiblik (#12319)
- anchorectl: add format check @valentijnscholten (#12375)
- fix(nighly): Avoid forks @kiblik (#12396)
- Update Burp Enterprise HTML Parser Documentation @skywalke34 (#12407)
- Update Docs For Asynchronous Import Feature Removal @Jino-T (#12410)
- tags: prevent validation from removing tags @valentijnscholten (#12400)
- helm chart publisher: use proper ref for checkout @valentijnscholten (#12392)
- jira push: log inactive/verified message to debug @valentijnscholten (#12376)
- Minor Semgrep connector docs tweaks @cneill (#12373)
🚩 Changes to settings.dist.py / local_settings.py
- Bugfix @rossops (#12541)
- Product Announcements: Add messages to relevant features @Maffooch (#12525)
- ♻️ Remove async import @manuel-sommer (#12042)
- Implement ELA vulnid @manuel-sommer (#12510)
- Implement ALEA vulnid @manuel-sommer (#12500)
- Store fingerprint from bearer in unique_id_from_tool @wolframite (#12346)
- unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)
- Alibaba Cloud Linux 3 Security Advisory @manuel-sommer (#12465)
- feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
- Celery Logging: Respect CELERY_LOG_LEVEL @Maffooch (#12464)
- Session timeout notification 2 @kevin-vuong99 (#12225)
🚩 Database migration
- unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)
🚀 API features and enhancements
- Product Announcements: Add messages to relevant features @Maffooch (#12525)
- Dojo Meta: Migrate to
filterset_class+ Add case Insensitive filters @Maffooch (#12528) - Tags: Add support for comma separation for multipart forms (import/reimport) @Maffooch (#12434)
- Ruff: Add and autofix PERF401 @kiblik (#12370)
🖌 Updates in UI
- Bugfix @rossops (#12541)
- Implement ELA vulnid @manuel-sommer (#12510)
- Escape javascript breaking on backlash or special characters in finding title @c-goosen (#12514)
- Bugfix: fix gap between component header and filter body @jostaub (#12503)
- Update Support Messaging @Maffooch (#12495)
- Bugfix: fixed wrong panel-footer margin in detailed metrics @jostaub (#12494)
- Forced-contrast mode adjustments for better accessibility @littlesvensson (#12342)
- Alibaba Cloud Linux 3 Security Advisory @manuel-sommer (#12465)
- feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
- easymde: enable native/browser spell checker @valentijnscholten (#12377)
- UI Pagination: Reduce the options to more reasonable numbers @Maffooch (#12439)
- ui: fix "retrieve my username" typo @jfyuen (#12368)
- Session timeout notification 2 @kevin-vuong99 (#12225)
🗣 Updates in localization
🔧 Improved code quality with linters
- feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
- Replace Review Bot with Centralized Action @Maffooch (#12451)
- Ruff: Add PLC0206 @manuel-sommer (#12426)
- Ruff: Add and autofix PERF401 @kiblik (#12370)
- Ruff: Add and autofix PERF403 @kiblik (#12371)
- Ruff: Add PLR1730 and PLR2044 @manuel-sommer (#12380)
🧰 Maintenance
- Bump ruff from 0.11.11 to 0.11.12 @dependabot (#12532)
- Bump boto3 from 1.38.24 to 1.38.25 @dependabot (#12527)
- Bump vulners from 2.3.6 to 2.3.7 @dependabot (#12526)
- chore(deps): update docker/build-push-action action from v6.17.0 to v6.18.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12518)
- Bump boto3 from 1.38.23 to 1.38.24 @dependabot (#12522)
- Bump cryptography from 44.0.3 to 45.0.3 @dependabot (#12505)
- Bump boto3 from 1.38.22 to 1.38.23 @dependabot (#12506)
- Bump boto3 from 1.38.21 to 1.38.22 @dependabot (#12497)
- Bump ruff from 0.11.10 to 0.11.11 @dependabot (#12498)
- chore(deps): update node.js from v22.15.1 to v22.16.0 (docs/package.json) @renovate (#12490)
- Bump boto3 from 1.38.20 to 1.38.21 @dependabot (#12492)
- Bump boto3 from 1.38.19 to 1.38.20 @dependabot (#12489)
- Bump django-polymorphic from 3.1.0 to 4.1.0 @dependabot (#12488)
- Bump boto3 from 1.38.18 to 1.38.19 @dependabot (#12486)
- Bump pyopenssl from 25.0.0 to 25.1.0 @dependabot (#12479)
- Bump boto3 from 1.38.17 to 1.38.18 @dependabot (#12477)
- fix(deps): update dependency @tabler/icons from 3.31.0 to v3.33.0 (docs/package.json) @renovate (#12467)
- Bump boto3 from 1.38.16 to 1.38.17 @dependabot (#12460)
- Bump ruff from 0.11.9 to 0.11.10 @dependabot (#12461)
- chore(deps): update node.js from v22.15.0 to v22.15.1 (docs/package.json) @renovate (#12450)
- Bump sqlalchemy from 2.0.40 to 2.0.41 @dependabot (#12452)
- Bump boto3 from 1.38.15 to 1.38.16 @dependabot (#12453)
- chore(deps): update docker/build-push-action action from v6.16.0 to v6.17.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12456)
- Bump psycopg[c] from 3.2.8 to 3.2.9 @dependabot (#12444)
- Bump boto3 from 1.38.13 to 1.38.15 @dependabot (#12443)
- chore(deps): update mikefarah/yq action from v4.45.3 to v4.45.4 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12424)
- Bump ruff from 0.11.8 to 0.11.9 @dependabot (#12427)
- Bump psycopg[c] from 3.2.7 to 3.2.8 @dependabot (#12428)
- Bump boto3 from 1.38.12 to 1.38.13 @dependabot (#12429)
- Bump django-dbbackup from 4.2.1 to 4.3.0 @dependabot (#12430)
- chore(deps): update mikefarah/yq action from v4.45.2 to v4.45.3 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12421)
- chore(deps): update postgres docker tag from 17.4 to v17.5 (docker-compose.yml) @renovate (#12418)
- chore(deps): update helm release postgresql from 16.6.7 to ~16.7.0 (helm/defectdojo/chart.yaml) @renovate (#12414)
- Bump pdfmake from 0.2.19 to 0.2.20 in /components @dependabot (#12422)
- Bump boto3 from 1.38.11 to 1.38.12 @dependabot (#12423)
- Bump boto3 from 1.38.10 to 1.38.11 @dependabot (#12412)
- Bump boto3 from 1.38.9 to 1.38.10 @dependabot (#12395)
- Bump boto3 from 1.38.8 to 1.38.9 @dependabot (#12390)
- chore(deps): update mikefarah/yq action from v4.45.1 to v4.45.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12374)
- chore(deps): update dependency vite from 6.3.4 to v6.3.5 (docs/package.json) @renovate (#12379)
- Bump cryptography from 44.0.2 to 44.0.3 @dependabot (#12382)
- Bump boto3 from 1.38.7 to 1.38.8 @dependabot (#12383)
Contributors
NitriKx, cneill, and 19 other contributors
Assets 5
2.46.4 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.3
- fix: add CVSSv4 support to auditjs parser and improve error handling @Haralishev77 (#12391)
- ms defender: do not cache parsed findings @valentijnscholten (#12493)
- legacy reimport: make matching on title case-insensitive @valentijnscholten (#12487)
- Add new "evaluations" format support to Anchorectl parser @cosmel-dojo (#12425)
- bugfix cyberwatch parser @AmineHazi (#12480)
- [docs] pro changelog 2.46.0- 2.46.3 @paulOsinski (#12484)
- 🐛 fix missing CWE in HCL Appscan #12468 @manuel-sommer (#12469)
- Update contributors in README.md @Maffooch (#12485)
🚩 Changes to settings.dist.py / local_settings.py
- Implement ALEA vulnid @manuel-sommer (#12500)
- unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)
- Alibaba Cloud Linux 3 Security Advisory @manuel-sommer (#12465)
- Celery Logging: Respect CELERY_LOG_LEVEL @Maffooch (#12464)
🚩 Database migration
- unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)
🖌 Updates in UI
Contributors
valentijnscholten, paulOsinski, and 6 other contributors
Assets 5
2.46.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.2
- docs maintenance @paulOsinski (#12455)
- cvssv3: backport tests @valentijnscholten (#12457)
- excel export: enhance handling of finding groups, better logging @valentijnscholten (#12435)
- defender: fix no vulnerabilities check @valentijnscholten (#12448)
🚀 API features and enhancements
🖌 Updates in UI
🔧 Improved code quality with linters
Contributors
valentijnscholten, paulOsinski, and Maffooch
Assets 5
2.46.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.1
- [docs] Add FAQ + minor maintenance changes @paulOsinski (#12417)
- [docs] Pro dashboards and metrics @paulOsinski (#12416)
- Managed Files: Sanitized file name before downloading @Maffooch (#12406)
- anchorectl: add format check @valentijnscholten (#12375)
- fix(nighly): Avoid forks @kiblik (#12396)
Contributors
valentijnscholten, kiblik, and 2 other contributors
Assets 5
2.46.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.0
- tags: prevent validation from removing tags @valentijnscholten (#12400)
- helm chart publisher: use proper ref for checkout @valentijnscholten (#12392)
- jira push: log inactive/verified message to debug @valentijnscholten (#12376)
- Minor Semgrep connector docs tweaks @cneill (#12373)
- Release: Merge back 2.46.0 into bugfix from: master-into-bugfix/2.46.0-2.47.0-dev @github-actions[bot] (#12387)
🖌 Updates in UI
- Release: Merge release into master from: release/2.46.1 @github-actions[bot] (#12402)
- ui: fix "retrieve my username" typo @jfyuen (#12368)
🗣 Updates in localization
- Release: Merge release into master from: release/2.46.1 @github-actions[bot] (#12402)
- ui: fix "retrieve my username" typo @jfyuen (#12368)
Contributors
cneill, jfyuen, and valentijnscholten
Assets 5
2.46.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.0
- [docs] sso maintenance @paulOsinski (#12356)
- update changelog 2.45.3 @paulOsinski (#12364)
- fix(GHA): Avoid some actions in forks @kiblik (#12354)
- Add input validation (branch to release num) for the release gha @rossops (#12302)
- Urllib3 upgrade + Rerecord JIra responses @Maffooch (#12355)
- releases: publish nightly builds of dev @valentijnscholten (#12137)
- Enhance OSV Parser to Include Mitigation Information with Fixed Package Versions @4b75726169736859 (#11681)
- nessus: parse more fields @valentijnscholten (#12247)
- Generic Parser: Support Test Type Meta @Maffooch (#12348)
- False Positive Status: Update docs @Maffooch (#12332)
- [docs] add Tags article @paulOsinski (#12294)
- Jira webhook comment duplicate patch @Maffooch (#12333)
- Release: Merge back 2.45.3 into bugfix from: master-into-bugfix/2.45.3-2.46.0-dev @github-actions (#12326)
- [docs] add Pro Finding Enhancements documentation @paulOsinski (#12310)
- Fortify: Handle suppressed findings as false positives @valentijnscholten (#12293)
- sla: parse finding.date implicitly @valentijnscholten (#12301)
- 2.45.2 pro changelog @paulOsinski (#12292)
- tenable: check mandatory columns before importing @valentijnscholten (#12273)
- saml: provide link to saml-tracer browser add-on @valentijnscholten (#12274)
- Reimport: Special statuses should be respected from reports @Maffooch (#12291)
- Update Wiz parser documentation - Standard & SCA imports @skywalke34 (#12259)
- Parser docstrings @Jino-T (#12253)
- [docs] Add Example Cases to docs @paulOsinski (#12265)
- Update wording about async import removal in 2.46.md @valentijnscholten (#12256)
- Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev @github-actions (#12288)
- [docs] Changelog, Jira reorg, Wiz Connector docs, Import reorg @paulOsinski (#12250)
- 🎉 Implement Fortify Webinspect new report format @manuel-sommer (#12155)
- Deprecation notification about async import @manuel-sommer (#12244)
- Update how-to-write-a-parser.md @maarten-boot (#12210)
- Release: Merge back 2.45.1 into bugfix from: master-into-bugfix/2.45.1-2.46.0-dev @github-actions (#12240)
- 🐛 fix ruff bump to 0.11.5 #12217 @manuel-sommer (#12224)
- 💄 🪲 Fix Aqua parser severity justification @manuel-sommer (#12192)
- changelog 2.45.0 @paulOsinski (#12213)
- close old findings: don't overwrite mitigated timestamp @valentijnscholten (#12204)
- Linting: Update how-to-write-a-parser.md to not contain Ruff violations @valentijnscholten (#12214)
- h1: vulnerability disclosure parser improvements @valentijnscholten (#12212)
- sla_config: use mass update for recalculation @valentijnscholten (#12133)
- Updated Documentation on Anchore Enterprise @Sopuru (#12058)
- immuniweb json parser @valentijnscholten (#12179)
- fix(renovate): Add separateMinorPatch @kiblik (#12190)
- wiz scan: handle more fields and unique_id_from_tool @valentijnscholten (#12198)
- 🔨 RustyHog: handle empty reports correctly to fix #10584 @manuel-sommer (#12129)
- README: Point to sample scans for demo @valentijnscholten (#12162)
- Bump Django to 5.1.8 @valentijnscholten (#12191)
- Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev @github-actions (#12189)
🚩 Changes to settings.dist.py / local_settings.py
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
- Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
- Add Cyberwatch Galeax Parser @AmineHazi (#12105)
- Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
- Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
- 🎉 Add Amazon Linux Security Center advisory to vulnid @manuel-sommer (#12242)
- Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
- Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
- Implement HCL Commerce KB vulnids @manuel-sommer (#12199)
- 🎉 Add cisco security advisory to vulnid @manuel-sommer (#12180)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
🚩 Database migration
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Update verbose name + help text for JIRA username and password fields @valentijnscholten (#12261)
- Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
- Tag: Update allowed characters for a unified format @Maffooch (#12194)
- Import/Reimport Stats: Change name of left untouched @Maffooch (#12193)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
🚀 API features and enhancements
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
- fix(api): Enable to set
recommendationanddecisioninrisk_acceptance@kiblik (#12303) - Tag: Update allowed characters for a unified format @Maffooch (#12194)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
🖌 Updates in UI
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
- Focus Indicator Disappears While Tabbing - DefectDojo Accessibility issue (Serious) @oussama-taoufiq (#12051)
- view_endpoint: fix error @valentijnscholten (#12343)
- most recent note: show date/author @valentijnscholten (#12329)
- Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
- Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- fix(webhook): Missing quotation -> broken rendering @kiblik (#12226)
- 🐛 Differentiate between slackware and siemens vulnid @manuel-sommer (#12251)
- Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
- Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
- Update base.html @shipko (#12228)
- SLA Calculations 2/2: Simplify logic @valentijnscholten (#11924)
- Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
- Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
- 🐛 Fix Django template engagement_pdf_report #12201 @manuel-sommer (#12206)
- fix(notif): Product name not rendered correctly @kiblik (#12203)
- feat(perf): Speed-up loading by using smaller resources (js,css) @kiblik (#12178)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
🔧 Improved code quality with linters
- Ruff: Add S324 rule @manuel-sommer (#12169)
- Ruff: Final fix of PTH123 @kiblik (#12177)
🧰 Maintenance
- Bump boto3 from 1.38.6 to 1.38.7 @dependabot (#12366)
- Bump ruff from 0.11.7 to 0.11.8 @dependabot (#12367)
- Bump drf-spectacular-sidecar from 2025.4.1 to 2025.5.1 @dependabot (#12358)
- Bump boto3 from 1.38.5 to 1.38.6 @dependabot (#12359)
- Bump psycopg[c] from 3.2.6 to 3.2.7 @dependabot (#12360)
- chore(deps): update dependency vite from 6.3.3 to v6.3.4 (docs/package.json) @renovate (#12349)
- Bump boto3 from 1.38.4 to 1.38.5 @dependabot (#12352)
- Bump humanize from 4.12.2 to 4.12.3 @dependabot (#12353)
- Bump django-debug-toolbar from 5.1.0 to 5.2.0 @dependabot (#12339)
- Bump django-auditlog from 3.0.0 to 3.1.2 @dependabot (#12338)
- Bump celery from 5.5.1 to 5.5.2 @dependabot (#12337)
- Bump boto3 from 1.38.2 to 1.38.4 @dependabot (#12336)
- Bump pdfmake from 0.2.18 to 0.2.19 in /components @dependabot (#12335)
- Update manusa/actions-setup-minikube action from v2.13.1 to v2.14.0 (.github/workflows/k8s-tests.yml) @renovate (#12334)
- Bump social-auth-core from 4.6.0 to 4.6.1 @dependabot (#12340)
- Update nginx/nginx-prometheus-exporter Docker tag from 1.4.1 to v1.4.2 (helm/defectdojo/values.yaml) @renovate (#12327)
- Bump nginx from 1.27.4-alpine3.21 to 1.27.5-alpine3.21 @dependabot (#12323)
- Bump openapitools/openapi-generator-cli from v7.12.0 to v7.13.0 @dependabot (#12322)
- Bump social-auth-core from 4.5.6 to 4.6.0 @dependabot (#12316)
- Bump ruff from 0.11.6 to 0.11.7 @dependabot (#12317)
- Bump boto3 from 1.38.1 to 1.38.2 @dependabot (#12318)
- Update redis Docker tag from 7.2.7 to v7.2.8 (docker-compose.yml) @renovate (#12311)
- Update actions/download-artifact action from v4.2.1 to v4.3.0 (.github/workflows/rest-framework-tests.yml) @renovate (#12312)
- Update docker/build-push-action action from v6.15.0 to v6.16.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12309)
- Bump boto3 from 1.38.0 to 1.38.1 @dependabot (#12308)
- Update actions/setup-python action from v5.5.0 to v5.6.0 (.github/workflows/test-helm-chart.yml) @renovate (#12306)
- Update dependency vite from 6.3.2 to v6.3.3 (docs/package.json) @renovate (#12305)
- Update dependency node from 22.14.0 to v22.15.0 (.github/workflows/validate_docs_build.yml) @renovate (#12300)
- Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml...
Contributors
shipko, renovate, and 14 other contributors
Assets 5
2.45.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.2
- [docs] add Pro Finding Enhancements documentation @paulOsinski (#12310)
- Fortify: Handle suppressed findings as false positives @valentijnscholten (#12293)
- sla: parse finding.date implicitly @valentijnscholten (#12301)
- 2.45.2 pro changelog @paulOsinski (#12292)
- tenable: check mandatory columns before importing @valentijnscholten (#12273)
- saml: provide link to saml-tracer browser add-on @valentijnscholten (#12274)
- Reimport: Special statuses should be respected from reports @Maffooch (#12291)
- [docs] Add Example Cases to docs @paulOsinski (#12265)
🚩 Changes to settings.dist.py / local_settings.py
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
🖌 Updates in UI
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- fix(webhook): Missing quotation -> broken rendering @kiblik (#12226)
- 🐛 Differentiate between slackware and siemens vulnid @manuel-sommer (#12251)
Contributors
valentijnscholten, kiblik, and 3 other contributors
Assets 5
2.45.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.1
- [docs] Changelog, Jira reorg, Wiz Connector docs, Import reorg @paulOsinski (#12250)
- 🎉 Implement Fortify Webinspect new report format @manuel-sommer (#12155)
🚩 Changes to settings.dist.py / local_settings.py
- 🎉 Add Amazon Linux Security Center advisory to vulnid @manuel-sommer (#12242)
🖌 Updates in UI
- SLA Calculations 2/2: Simplify logic @valentijnscholten (#11924)
Contributors
valentijnscholten, paulOsinski, and manuel-sommer
Assets 5
2.45.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.0
- 💄 🪲 Fix Aqua parser severity justification @manuel-sommer (#12192)
- changelog 2.45.0 @paulOsinski (#12213)
- close old findings: don't overwrite mitigated timestamp @valentijnscholten (#12204)
- Linting: Update how-to-write-a-parser.md to not contain Ruff violations @valentijnscholten (#12214)
- h1: vulnerability disclosure parser improvements @valentijnscholten (#12212)
- Updated Documentation on Anchore Enterprise @Sopuru (#12058)
- immuniweb json parser @valentijnscholten (#12179)
- fix(renovate): Add separateMinorPatch @kiblik (#12190)
- wiz scan: handle more fields and unique_id_from_tool @valentijnscholten (#12198)
- 🔨 RustyHog: handle empty reports correctly to fix #10584 @manuel-sommer (#12129)
- README: Point to sample scans for demo @valentijnscholten (#12162)
- Bump Django to 5.1.8 @valentijnscholten (#12191)
🚩 Changes to settings.dist.py / local_settings.py
- Implement HCL Commerce KB vulnids @manuel-sommer (#12199)
- 🎉 Add cisco security advisory to vulnid @manuel-sommer (#12180)
🚩 Database migration
🚀 API features and enhancements
🖌 Updates in UI
- 🐛 Fix Django template engagement_pdf_report #12201 @manuel-sommer (#12206)
- fix(notif): Product name not rendered correctly @kiblik (#12203)
🔧 Improved code quality with linters
Contributors
valentijnscholten, kiblik, and 3 other contributors
Assets 5
2.45.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.0
- (docs) arm64: add some notes about the experimental new images @valentijnscholten (#12163)
- docs - pro user groups info @paulOsinski (#12127)
- changelog 2.44.4 @paulOsinski (#12150)
- Jira Finding Groups: Confusion on strings vs functions @Maffooch (#12128)
- 💄 beautify multiple file format choices @manuel-sommer (#12117)
- remove exclude_search from Features page @paulOsinski (#12121)
- Import Memory Handling: Do not maintain parsed findings long term @Maffooch (#12106)
- 🐛 fix PTH123 ruff rule for branch dev @manuel-sommer (#12108)
- 🎉 resolve todo in ort parser @manuel-sommer (#12082)
- sso docs: make environment variables vs local_settings more explicit @valentijnscholten (#12061)
- Add CWE to PTART parser @adam-bertrand-bib (#12068)
- 🐛 fix gitlab dast to parse request response pair #12050 @manuel-sommer (#12057)
- Fortify FPR enhancements 2025 @valentijnscholten (#12027)
- 🎉 add references to testssl @manuel-sommer (#12045)
- Changelog 2.44.2 / 2.44.3 @paulOsinski (#12040)
- add resources to wait-for-db @hoferbeck (#12023)
- Generic JSON: Explicitly process tags like other tools @Maffooch (#12056)
- 🎉 fix parser anchore engine to parse new report format #11552 @manuel-sommer (#12020)
- 💄 Remove unused burp parser method @manuel-sommer (#12026)
- add aqua vulnerabilities format @kzzz1 (#12000)
- SLA Calculations 1/2: Add unit tests to capture current behaviour @valentijnscholten (#11923)
- Docs: Pin versions and add GHA for testing build failures @Maffooch (#12038)
- 💄 Remove deprecated Django import and is_safe_url @manuel-sommer (#11991)
- 🐛 fix unittest example in docs @manuel-sommer (#11992)
- dedupe command: fix NoneType on empty set of models @valentijnscholten (#11998)
- fix(helm-metrics): Flag format for promExporter changed @kiblik (#12010)
- DOCKER.md: use docker compose everywhere @valentijnscholten (#12014)
- Docs updates: 2.44.2 @paulOsinski (#11985)
- upgrade notes: correct dedupe command lines @valentijnscholten (#12007)
- Lift the Feature Freeze @Maffooch (#12001)
- (Experimental) arm64: Publish arm64 builds for releases @valentijnscholten (#11965)
- OpenVAS endpoint and severity improvements @valentijnscholten (#11955)
- docker entrypoints: use bash everywhere @valentijnscholten (#11942)
- fix(notif): Add findings_reactivated and findings_untouched again @kiblik (#11963)
- docs: source-code-repositories: clarify default scm type @valentijnscholten (#11968)
- Pro Release notes : 2.44.1 @paulOsinski (#11983)
- 🐛 fix benchmark internal server error @manuel-sommer (#11974)
- Release notes: 2.44 @paulOsinski (#11943)
- Docs: add supported report types index / maintenance @paulOsinski (#11921)
- Notes history/edit/delete bugfix @dogboat (#11949)
- Update parser documentation template to include additional detail. @skywalke34 (#11916)
🚩 Changes to settings.dist.py / local_settings.py
- Revert "Session timeout notification" @Maffooch (#12186)
- Session timeout notification @kevin-vuong99 (#12093)
- Ruff: Add and fix N999 @kiblik (#11647)
- 🎉 Add slackware security advisory to vulnid @manuel-sommer (#12113)
- Add archlinux security advisory to vulnid @manuel-sommer (#12078)
- Add openSUSE vulnerabilities to vulnid @manuel-sommer (#12041)
- Jira Webhook: Prevent finding group findings from being reopened @Maffooch (#12048)
- 🎉 add proofpoint vulnid @manuel-sommer (#12004)
- 🎉 add fortiguard vulnid @manuel-sommer (#11926)
- Async Finding Import: Mark the feature as deprecated @Jino-T (#11915)
- Add generic OIDC login option @dandersonsw (#10614)
- 🎉 Splunk vulnIDs @manuel-sommer (#11908)
🚩 Database migration
- Product Revenue: Do no allow negative revenue @Maffooch (#12160)
- Adding new regulations @Maffooch (#12122)
- 🐛 fix broken AWS Endpoints @quirinziessler (#11902)
🚀 API features and enhancements
- Ruff: Add PTH123, merge PTH, fix in
/dojo@kiblik (#12025) - Ruff: Add and fix B007, merge B00 @kiblik (#12028)
🖌 Updates in UI
- Revert "Session timeout notification" @Maffooch (#12186)
- Ruff: Add B018 rule @manuel-sommer (#12110)
- Session timeout notification @kevin-vuong99 (#12093)
- 🎉 Add slackware security advisory to vulnid @manuel-sommer (#12113)
- Ruff: Add and fix B007, merge B00 @kiblik (#12028)
- update permissions documentation links to reflect correct paths @blakeaowens (#11986)
- Ruff: Add and fix B905 @kiblik (#11952)
- Add generic OIDC login option @dandersonsw (#10614)
🔧 Improved code quality with linters
- Ruff: Add B018 rule @manuel-sommer (#12110)
- Ruff: Add B017 rule @manuel-sommer (#12109)
- Ruff: Add and fix N999 @kiblik (#11647)
- Ruff: add multiple PYI rules @manuel-sommer (#12099)
- Ruff: add multiple PT rules @manuel-sommer (#12100)
- Ruff: Add multiple PERF rules @manuel-sommer (#12136)
- Ruff: Fix PTH123 in
unittests(excludeunittests/tools) @kiblik (#12112) - Ruff: Add and autofix B028 @kiblik (#12024)
- Ruff: Add a lot of Bugbear rules @manuel-sommer (#12077)
- Ruff: Add and autofix PLR173 rules @manuel-sommer (#11988)
- Ruff: Add a couple of DTZ rules @manuel-sommer (#12081)
- Ruff: Add S321 and S611 @manuel-sommer (#12076)
- Ruff: Add PLW0602 @manuel-sommer (#12075)
- Ruff: Add PTH123, merge PTH, fix in
/dojo@kiblik (#12025) - Ruff: Add N813 @manuel-sommer (#12073)
- Ruff: Add N812 @manuel-sommer (#12074)
- Ruff: Add N817 @manuel-sommer (#12072)
- Ruff: Add and fix B031, merge B03 @kiblik (#12029)
- Ruff: Add and fix B007, merge B00 @kiblik (#12028)
- Ruff: Add and autofix PLR2044 @manuel-sommer (#11989)
- Ruff: Add TD007 and N803 @manuel-sommer (#12002)
- Ruff: Add and autofix B006 @kiblik (#11951)
- Ruff: Add and fix B903 @kiblik (#11956)
- Ruff: Add and autofix B009 @kiblik (#11950)
- Ruff: Add and autofix B010 @kiblik (#11953)
- Ruff: Add and autofix B033 @kiblik (#11954)
- Ruff: Add and fix B905 @kiblik (#11952)
🧰 Maintenance
- Bump ruff from 0.11.2 to 0.11.3 @dependabot (#12170)
- Bump boto3 from 1.37.26 to 1.37.27 @dependabot (#12171)
- Update mccutchen/go-httpbin Docker tag from 2.18.0 to v2.18.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12172)
- Update dependency vite from 6.2.4 to v6.2.5 (docs/package.json) @renovate (#12164)
- Bump boto3 from 1.37.25 to 1.37.26 @dependabot (#12165)
- Bump boto3 from 1.37.24 to 1.37.25 @dependabot (#12159)
- Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12154)
- Bump drf-spectacular-sidecar from 2025.3.1 to 2025.4.1 @dependabot (#12156)
- Bump boto3 from 1.37.23 to 1.37.24 @dependabot (#12157)
- Update dependency python from 3.12.9 to 3.13 (.github/workflows/slack-pr-reminder.yml) @renovate (#12145)
- Update actions/checkout action from v2 to v4 (.github/workflows/slack-pr-reminder.yml) @renovate (#12146)
- Update dependency vite from 6.2.3 to v6.2.4 [SECURITY] @renovate (#12148)
- Update actions/setup-python action from v2 to v5 (.github/workflows/slack-pr-reminder.yml) @renovate (#12149)
- Bump djangorestframework from 3.15.2 to 3.16.0 @dependabot (#12140)
- Bump boto3 from 1.37.22 to 1.37.23 @dependabot (#12141)
- Bump boto3 from 1.37.21 to 1.37.22 @dependabot (#12125)
- Bump sqlalchemy from 2.0.39 to 2.0.40 @dependabot (#12126)
- Update Helm release postgresql from 16.5.6 to ~16.6.0 (helm/defectdojo/Chart.yaml) @renovate (#12124)
- Bump boto3 from 1.37.20 to 1.37.21 @dependabot (#12115)
- Bump boto3 from 1.37.19 to 1.37.20 @dependabot (#12111)
- Bump humanize from 4.12.1 to 4.12.2 @dependabot (#12102)
- Update dependency @tabler/icons from 3.30.0 to v3.31.0 (docs/package.json) @renovate (#12097)
- Update actions/setup-python action from v5.4.0 to v5.5.0 (.github/workflows/test-helm-chart.yml) @renovate (#12098)
- Bump boto3 from 1.37.18 to 1.37.19 @dependabot (#12103)
- Bump vite from 6.2.0 to 6.2.3 in /docs @dependabot (#12104)
- Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12095)
- Update actions/setup-node action from v4.2.0 to v4.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#12096)
- Update dependency vite from 6.2.2 to v6.2.3 (docs/package.json) @renovate (#12092)
- Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/validate_docs_build.yml) @renovate (#12089)
- Bump ruff from 0.11.1 to 0.11.2 @dependabot (#12084)
- Bump boto3 from 1.37.17 to 1.37.18 @dependabot (#12085)
- Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.5 to v1.37.6 (helm/defectdojo/values.yaml) @renovate (#12063)
- Update mccutchen/go-httpbin Docker tag from 2.17.1 to v2.18.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12064)
- Bump boto3 from 1.37.16 to 1.37.17 @dependabot (#12069)
- Bump django-debug-toolbar from 5.0.1 to 5.1.0 @dependabot (#12070)
- Bump ruff from 0.11.0 to 0.11.1 @dependabot (#12071)
- Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/gh-pages.yml) @renovate (#12052)
- Bump boto3 from 1.37.15 to 1.37.16 @dependabot (#12059)
- Update actions/upload-artifact action from v4.6.1 to v4.6.2 (.github/workflows/fetch-oas.yml) @renovate (#12055)
- Update actions/download-artifact action from v4.2.0 to v4.2.1 (.github/workflows/rest-framework-tests.yml) @renovate (#12053)
- Bump djangosaml2 from 1.9.4 to 1.10.1 @dependabot (#12060)
- Bump boto3 from 1.37.14 to 1.37.15 @dependabot (#12049)
- Bump djangosaml2 from 1.9.3 to 1.9.4 @dependabot (#12043)
- Update actions/download-artifact action from v4.1.9 to v4.2.0 (.github/workflows/rest-framework-tests.yml) @renovate (#120...
Contributors
renovate, valentijnscholten, and 15 other contributors