Releases: DefectDojo/django-DefectDojo
2.34.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.34.0
2.34.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.0
- Merge Bugfix into Dev for 2.34.0 @Maffooch (#10125)
- ✨ implement progpilot SAST parser #10044 @manuel-sommer (#10052)
- 🐛 fix hcl_appscan, handle severity is None #10074 @manuel-sommer (#10101)
- 🐛 Fix RedHatSatellite components @manuel-sommer (#10082)
- fix awssecurityhub findings @manuel-sommer (#10072)
- add test description for AWS SecurityHub Scan @manuel-sommer (#9904)
- add Knowledge Base link to docs sidebar element @paulOsinski (#10075)
- remove non-working links from social-authentication.md @paulOsinski (#10071)
- ✨ implement yarn2 parser @manuel-sommer (#9985)
- Update Release Notes for 2.34.0 @manuel-sommer (#10077)
- Newlines in SARIF parser code blocks @ahmsec (#9932)
- refactor generic parser @manuel-sommer (#9922)
- Fix engagements filters in 'engagements by product view' @davidhernandeze (#10046)
- Ruff: add and fix some of DJ rules @kiblik (#9891)
- Add support for more GIT SCMs in finding view for the finding URL @eu-david (#9710)
- Ruff: add and fix EXE rules @kiblik (#9896)
- helm: Add subcomponent labels for celery beat and worker at deployment @al-cheb (#9865)
- extend _index.md with link to Knowledge Base @paulOsinski (#10002)
- Unit Tests: Correct File Close Warnings @hblankenship (#10055)
- Parser: Fix Qualys Parser Mitigation Date Issue @MarianG (#9888)
- update semgrep tests @hblankenship (#10058)
- Filter All Engagements by Date @davidhernandeze (#9914)
- Updated DryRun Security config @mtesauro (#10037)
- Updates to semgrep parser @mtesauro (#10033)
- Helm postgresql: Upgrade image @kiblik (#9966)
- Fix: Broken Swagger when Remote User enabled @kiblik (#9960)
- fix anchore_grype null characters issue, #9942 @manuel-sommer (#9962)
- GH-action: Detect Merge Conflicts - update v3 @kiblik (#9940)
- fix horusec null characters issue, #9939 @manuel-sommer (#9941)
- Remove pyproject.toml, add ruff.toml @cneill (#9929)
- resolve fixme from cobalt parser @manuel-sommer (#9921)
- 🐛 jake json output in cyclonedx not parsed @manuel-sommer (#9873)
- Checkmarx one parser support API exported files @FelixHernandez (#9917)
- Ruff: Fix UP (after couple of merges) @kiblik (#9903)
- sonarqube: cve to vulnerability_ids @manuel-sommer (#9902)
- 🔨 restructure json in scout suite unittests @manuel-sommer (#9874)
- Ruff: Add checks that are fully solved @kiblik (#9864)
- rework intsights to split csv and json @manuel-sommer (#9855)
- Remove 'version' from docker-compose @kiblik (#9831)
- osv_scanner: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9832)
- yarn_audit: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9833)
- nancy: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9834)
- 🐛 RedHatSatellite, multiple vulnids @manuel-sommer (#9875)
- resolve generic parser fixme @manuel-sommer (#9854)
- 🐛 whitehat sentinel fix mitigated tzinfo attribute @manuel-sommer (#9872)
- Bugfix for NoneType Error in SSLyze parser @manuel-sommer (#9850)
- 🎇 refactor sonarqube and add JSON parsing for api export @manuel-sommer (#9734)
- GHA: Update
docker-compose
refs todocker compose
@Maffooch (#9871) - GHA: Update
docker-compose
refs todocker compose
@Maffooch (#9870)
🚩 Changes to settings.dist.py
/ local_settings.py
- RemoteUser: Hide from Swagger @kiblik (#9961)
- Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
- remove aws scout2 parser @manuel-sommer (#9894)
- Ruff: add isort @kiblik (#9754)
- Make the number of request/response pairs returned by the API configurable @hblankenship (#9967)
- Gunicorn: Legacy cleanup @Maffooch (#9953)
- PreDjango 4.2 fixes @kiblik (#9882)
- ✨ add RHSA link for RedHatSatellite findings @manuel-sommer (#9877)
- Ruff: add pyupgrade @kiblik (#9755)
- Add NOTIFICATIONS_SYSTEM_LEVEL_TRUMP @kiblik (#9699)
🚩 Database migration
- Similar Findings: Create Toggle @Maffooch (#10047)
- Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)
- Severity: Extra validation and cleanup @Maffooch (#9952)
🚀 General features and enhancements
- Importer + Reimport: Reorg, cleanup, comment @Maffooch (#10011)
- String Based Filtering: Follow on for #10038 @Maffooch (#10050)
- Jira Webhook: Reorg logging and responses @Maffooch (#10049)
- Similar Findings: Create Toggle @Maffooch (#10047)
- Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)
🚀 API features and enhancements
- Importer + Reimport: Reorg, cleanup, comment @Maffooch (#10011)
- Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
- Ruff: add isort @kiblik (#9754)
- Ruff: add and fix EM rules @kiblik (#9892)
- Ruff: add and fix C4 @kiblik (#9889)
- Make the number of request/response pairs returned by the API configurable @hblankenship (#9967)
- Severity: Extra validation and cleanup @Maffooch (#9952)
- Ruff: add pyupgrade @kiblik (#9755)
🐛 Bug Fixes
- Set Finding date if nothing is set from the parser @Maffooch (#10018)
- Severity: Extra validation and cleanup @Maffooch (#9952)
🖌 Updates in UI
- Class based reports views @dogboat (#10124)
- Checkmarx One: Add additional parsing for different report formats @Maffooch (#10102)
- Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
- Ruff: add isort @kiblik (#9754)
- Ruff: add and fix C4 @kiblik (#9889)
- Product Metrics: Performance Enhancements @blakeaowens (#10059)
- String Based Filtering: Follow on for #10038 @Maffooch (#10050)
- Similar Findings: Create Toggle @Maffooch (#10047)
- Fix numerical sorting in the old UI for Active/Verified findings @davidhernandeze (#10045)
- Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)
- fix in engagement_list.html @manuel-sommer (#9970)
- Hide checkbox and action columns on Test view Findings listing @dogboat (#9971)
- Update dojo_sort template tag to properly handle querystrings with keys with multiple values @dogboat (#9969)
- view-finding-footer-fix Close a div so footer displays properly @dogboat (#9968)
- Edit wording on "Add group members" pages @dogboat (#9965)
- Update format_epss display tag to try/catch formatting errors @dogboat (#9934)
- Ruff: add pyupgrade @kiblik (#9755)
🧰 Maintenance
- Bump sqlalchemy from 2.0.29 to 2.0.30 @dependabot (#10120)
- Bump ruff from 0.4.2 to 0.4.3 @dependabot (#10121)
- Bump boto3 from 1.34.97 to 1.34.98 @dependabot (#10122)
- Bump coverage from 7.5.0 to 7.5.1 @dependabot (#10123)
- Update rabbitmq Docker tag from 3.13.1 to v3.13.2 (docker-compose.yml) @renovate (#10103)
- Bump boto3 from 1.34.96 to 1.34.97 @dependabot (#10106)
- Bump ruff from 0.4.1 to 0.4.2 @dependabot (#10042)
- Bump boto3 from 1.34.95 to 1.34.96 @dependabot (#10096)
- Update Helm release rabbitmq from 11.16.2 to v14 (helm/defectdojo/Chart.yaml) @renovate (#10069)
- Bump drf-spectacular-sidecar from 2024.4.1 to 2024.5.1 @dependabot (#10080)
- Bump boto3 from 1.34.94 to 1.34.95 @dependabot (#10079)
- Bump boto3 from 1.34.93 to 1.34.94 @dependabot (#10067)
- Bump social-auth-app-django from 5.4.0 to 5.4.1 @dependabot (#10026)
- Bump boto3 from 1.34.92 to 1.34.93 @dependabot (#10054)
- Bump jquery-ui from 1.13.2 to 1.13.3 in /components @dependabot (#10056)
- Bump nginx from 1.25.5-alpine to 1.26.0-alpine @dependabot (#10057)
- Bump social-auth-core from 4.5.3 to 4.5.4 @dependabot (#10030)
- Bump social-auth-app-django from 5.4.0 to 5.4.1 @dependabot (#10029)
- Bump boto3 from 1.34.90 to 1.34.92 @dependabot (#10036)
- Bump boto3 from 1.34.89 to 1.34.90 @dependabot (#10024)
- Bump django-split-settings from 1.2.0 to 1.3.1 @dependabot (#10022)
- Bump uwsgi from 2.0.23 to 2.0.25.1 @dependabot (#10023)
- Bump coverage from 7.4.4 to 7.5.0 @dependabot (#10020)
- Bump celery from 5.3.6 to 5.4.0 @dependabot (#10019)
- Bump pycurl from 7.45.2 to 7.45.3 @dependabot (#10016)
- Bump djangosaml2 from 1.9.1 to 1.9.2 @dependabot (#10014)
- Bump redis from 5.0.3 to 5.0.4 @dependabot (#10017)
- Bump gitpython from 3.1.41 to 3.1.43 @dependabot (#10015)
- Bump blackduck from 1.1.0 to 1.1.3 @dependabot (#10013)
- Bump netaddr from 0.10.1 to 1.2.1 @dependabot (#10004)
- Bump packageurl-python from 0.13.4 to 0.15.0 @dependabot (#10008)
- Bump sqlalchemy from 2.0.25 to 2.0.29 @dependabot (#10006)
- Bump debugpy from 1.8.0 to 1.8.1 @dependabot (#10005)
- Bump boto3 from 1.34.35 to 1.34.89 @dependabot (#10007)
- Bump markdown from 3.5.2 to 3.6 @dependabot (#9991)
- Bump moment from 2.29.4 to 2.30.1 in /components @dependabot (#9996)
- Bump html2text from 2020.1.16 to 2024.2.26 @dependabot (#9990)
- Bump jquery from 3.7.0 to 3.7.1 in /components @dependabot (#9997)
- Bump social-auth-core from 4.5.2 to 4.5.3 @dependabot (#9992)
- Bump pdfmake from 0.2.7 to 0.2.10 in /components @dependabot (#9994)
- Bump cryptography from 42.0.4 to 42.0.5 @dependabot (#9989)
- Bump drf-spectacular from 0.27.1 to 0.27.2 @dependabot (#9981)
- Bump asteval from 0.9.31 to 0.9.32 @dependabot (#9980)
- Bump drf-spectacular-sidecar from 2024.3.4 to 2024.4.1 @dependabot (#9976)
- Bump vobject from 0.9.6.1 to 0.9.7 @dependabot (#9978)
- Bump python-dateutil from 2.8.2 to 2.9.0.post0 @dependabot (#9982)
- Bump openapitools/openapi-generator-cli from v7.4.0 to v7.5.0 @dependabot (#9983)
- Bump nginx from 1.25.4-alpine to 1.25.5-alpine @dependabot (#9984)
- Update postgres:16.2-alpine Docker digest from 16.2 to 16.2-alpine (docker-compose.yml) @renovate (#9972)
- Update redis:7.2.4-al...
2.33.7 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.6
- update semgrep tests @hblankenship (#10058)
🚩 Database migration
🚀 General features and enhancements
- String Based Filtering: Follow on for #10038 @Maffooch (#10050)
- Jira Webhook: Reorg logging and responses @Maffooch (#10049)
- Similar Findings: Create Toggle @Maffooch (#10047)
🖌 Updates in UI
- Product Metrics: Performance Enhancements @blakeaowens (#10059)
- String Based Filtering: Follow on for #10038 @Maffooch (#10050)
- Similar Findings: Create Toggle @Maffooch (#10047)
🧰 Maintenance
- Bump social-auth-app-django from 5.4.0 to 5.4.1 @dependabot (#10026)
2.33.6 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.5
🚩 Database migration
🚀 General features and enhancements
🖌 Updates in UI
2.33.5 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.4
- Fix: Broken Swagger when Remote User enabled @kiblik (#9960)
- fix anchore_grype null characters issue, #9942 @manuel-sommer (#9962)
🖌 Updates in UI
- fix in engagement_list.html @manuel-sommer (#9970)
2.33.4 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.3
- GH-action: Detect Merge Conflicts - update v3 @kiblik (#9940)
- fix horusec null characters issue, #9939 @manuel-sommer (#9941)
🚩 Changes to settings.dist.py
/ local_settings.py
🚩 Database migration
🚀 API features and enhancements
🐛 Bug Fixes
🧰 Maintenance
2.33.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.2
🖌 Updates in UI
2.33.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.1
- resolve fixme from cobalt parser @manuel-sommer (#9921)
- 🐛 jake json output in cyclonedx not parsed @manuel-sommer (#9873)
- Checkmarx one parser support API exported files @FelixHernandez (#9917)
- Remove 'version' from docker-compose @kiblik (#9831)
2.33.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.33.0
- 🐛 RedHatSatellite, multiple vulnids @manuel-sommer (#9875)
- resolve generic parser fixme @manuel-sommer (#9854)
- 🐛 whitehat sentinel fix mitigated tzinfo attribute @manuel-sommer (#9872)
- Bugfix for NoneType Error in SSLyze parser @manuel-sommer (#9850)
- GHA: Update
docker-compose
refs todocker compose
@Maffooch (#9871)
2.33.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.32.0
- release notes for v2.33.0 @manuel-sommer (#9836)
- Update documentation to reflect multiple SLA Configurations @paulOsinski (#9844)
- Jira link class based views @dogboat (#9846)
- Flake8: Fix leftover of W504 and E402 @kiblik (#9823)
- fix doc breaking due to colon in front matter @hblankenship (#9845)
- Move PYTHONWARNINGS to EnvVar @kiblik (#9503)
- add cve values to openvas csv parser @manuel-sommer (#9791)
- sysdig_reports: migrate cve to unsaved_vulnerability_ids @manuel-sommer (#9825)
- bundleraudit: remove cves @manuel-sommer (#9827)
- redhatsatellite: migrate cve to unsaved_vulnerability_ids @manuel-sommer (#9828)
- Refactor awssecurityhub and add endpoint @manuel-sommer (#9814)
- 🐛 fix multiple netsparker issues @manuel-sommer (#9817)
- fix qualys parser: Finding object inconsistencies - use a copy of the issue_row object @MarianG (#9792)
- ✨ Advance Trivy Operator to parse Benchmark report @manuel-sommer (#9799)
- Tenable Parser: Support the new "workbench" format @FelixHernandez (#9804)
- Ruff: add some TRY @kiblik (#9756)
- Flake8: Remove useless ignores @kiblik (#9760)
- remove xlrd @manuel-sommer (#9810)
- [k8s] Remove pgha from actions @dsever (#9784)
- Flake8: Fix E201, E202 and E231 @kiblik (#9761)
- Ruff: add FLY @kiblik (#9757)
- Flake8: Solve E704 @kiblik (#9765)
- Fix: wrong parameters for k8s redis test @dsever (#9767)
- Flake8: Change F841 @kiblik (#9764)
- remove supervisor @manuel-sommer (#9811)
- 🔨 Refactor fortify to separate xml and fpr @manuel-sommer (#9667)
- 🔨 Refactor cyclonedx @manuel-sommer (#9668)
- 🔨 Refactor nikto to separate json and xml @manuel-sommer (#9680)
- 🐛 fix snyk, multiple cwes @manuel-sommer (#9682)
- 🐛 fix wazuh date @manuel-sommer (#9728)
- Ruff: Move F403 @kiblik (#9753)
- Fix items not found in scout suite findings @jbschooley (#9796)
- Fix finding filter in API `not_test__tags' @FelixHernandez (#9805)
- Fix typo of github username in DryRun Security config @mtesauro (#9815)
- Ruff: Solve F601 @kiblik (#9752)
- set Dynamic finding to false by default in add finding manually to test @FelixHernandez (#9794)
- List more Endpoints in a Finding's Excel / CSV report @FelixHernandez (#9738)
- Ruff: Solve E713 @kiblik (#9750)
- Ruff: better log output for GitHub Actions @kiblik (#9747)
- Updated DryRun Security config @mtesauro (#9769)
- Fix version mismatch @Maffooch (#9721)
- Helm: Remove PSQLHA Test @Maffooch (#9716)
- remove flotaxis, #9700 @manuel-sommer (#9709)
- Updating pip-audit parser to handle new JSON file format @grendel513 (#9696)
- Deprecate merge_sets_safe in dojo/utils.py @manuel-sommer (#9568)
- Bugfix: checkmarx parser - datetime is no longer put into the Finding.date field @reichertan (#9570)
🚩 Changes to settings.dist.py
/ local_settings.py
- Add legacy parsing method for qualys @Maffooch (#9861)
- Filter EPSS-related values on Findings listing @dogboat (#9847)
- 🎉 added parser for Bearer CLI @quirinziessler (#9672)
- ✨ merge acunetix and acunetix360 @manuel-sommer (#9522)
- Implement Nancy Parser @grendel513 (#9801)
- Ruff: Solve E402 @kiblik (#9748)
- ✨ implement wiz parser @manuel-sommer (#9671)
- remove Clair Klar Scan deduplication @manuel-sommer (#9686)
- 🐛 Fix Tenable deduplication setting @manuel-sommer (#9619)
- Added Checkmarx One Parser @FelixHernandez (#9715)
- Npm audit v7+ Parser @grendel513 (#9692)
- Added crunch42 parser @FelixHernandez (#9714)
🚩 Database migration
- ✨ merge acunetix and acunetix360 @manuel-sommer (#9522)
- 🐛 fix sonarqube api importer key length, issue 9611 @manuel-sommer (#9683)
- API responses more detailed (optional) @FelixHernandez (#9788)
- correcting cvss scoring behavior when updating/adding findings via ui and api [sc-4849] @grendel513 (#9744)
- Jira Epic Mapping: Add flexibility to epic issue type @Maffooch (#9666)
🚀 API features and enhancements
- Merge Bugfix -> Dev - Release/2.33.0 @Maffooch (#9866)
- CVSS Override: Revert #9744 @Maffooch (#9858)
- API Import/Reimport: Convert string tags to lists @Maffooch (#9830)
- Make tags optional for import and reimport API endpoints @FelixHernandez (#9819)
- Ruff: add preview + fix F841 and F823 @kiblik (#9759)
- API responses more detailed (optional) @FelixHernandez (#9788)
- Import/Reimport: Add toggle for applying tags to endpoints @Maffooch (#9740)
- correcting cvss scoring behavior when updating/adding findings via ui and api [sc-4849] @grendel513 (#9744)
🐛 Bug Fixes
- CVSS Override: Revert #9744 @Maffooch (#9858)
- API Import/Reimport: Convert string tags to lists @Maffooch (#9830)
- Endpoints: Redefine vulnerable definition @Maffooch (#9772)
- Ruff Linter: Resolve deprecation notice @Maffooch (#9729)
- Product Metrics: Correct week to week charts @Maffooch (#9695)
- Jira: Improve alerting on a per step basis @Maffooch (#9691)
🖌 Updates in UI
- Filter EPSS-related values on Findings listing @dogboat (#9847)
- Findings endpoint name truncated change @dogboat (#9789)
- Ruff: add preview + fix F841 and F823 @kiblik (#9759)
- improve risk acceptance UI (accept aditional findings) @FelixHernandez (#9737)
- Flake8: Fix W504 @kiblik (#9763)
- Ruff: Solve E731 @kiblik (#9749)
- Endpoints: Remove "verified" query on listing pages @Maffooch (#9717)
- Func views to class based views in finding exports @FelixHernandez (#9679)
🗣 Updates in localization
- fix
tag on django.po @paulOsinski (#9718)
🧰 Maintenance
- chore(deps): update dependency ruff from 0.3.4 to v0.3.5 (requirements-lint.txt) @renovate (#9857)
- Update softprops/action-gh-release action from v1 to v2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#9703)
- Update dependency ruff from 0.3.1 to v0.3.4 (requirements-lint.txt) @renovate (#9705)
- Update Helm release postgresql from 11.9.13 to v15 (helm/defectdojo/Chart.yaml) @renovate (#9781)
- Update dependency autoprefixer from 10.4.18 to v10.4.19 (docs/package.json) @renovate (#9806)
- Bump nginx from
02d8d94
to31bad00
@dependabot (#9818) - Update rabbitmq:3.13.0-alpine Docker digest from 3.13.0 to 3.13.0-alpine (docker-compose.yml) @renovate (#9797)
- Update redis:7.2.4-alpine Docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#9798)
- Update postgres:16.2-alpine Docker digest from 16.2 to 16.2-alpine (docker-compose.yml) @renovate (#9800)
- Update dependency postcss from 8.4.36 to v8.4.38 (docs/package.json) @renovate (#9790)
- Update Helm release redis from 16.13.2 to v19 (helm/defectdojo/Chart.yaml) @renovate (#9786)
- Refresh minikube & k8s versions @dsever (#9684)
- Update redis:7.2.4-alpine Docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#9773)
- Update dependency postcss from 8.4.35 to v8.4.36 (docs/package.json) @renovate (#9774)
- Bump nginx from
6a2f8b2
to02d8d94
@dependabot (#9771) - Update postgres:16.2-alpine Docker digest from 16.2 to 16.2-alpine (docker-compose.yml) @renovate (#9768)
- Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.34.0 to v1.34.1 (helm/defectdojo/values.yaml) @renovate (#9745)
- Update rabbitmq:3.13.0-alpine Docker digest from 3.13.0 to 3.13.0-alpine (docker-compose.yml) @renovate (#9746)
- Bump openapitools/openapi-generator-cli from v7.3.0 to v7.4.0 @dependabot (#9711)
- Update dependency ruff from 0.3.0 to v0.3.1 (requirements-lint.txt) @renovate (#9694)
- [HELM CT] Update component versions @dsever (#9665)