Releases: DefectDojo/django-DefectDojo
2.41.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.41.2
- 2.41.1: docs maintenance @paulOsinski (#11413)
- fix typo in docs @manuel-sommer (#11387)
- Notifications: Convert to classes @Maffooch (#11296)
- [docs] Pro Docs release notes - 2.41.2 @paulOsinski (#11420)
🚩 Changes to settings.dist.py
/ local_settings.py
- Add Horusec Scan to Hashcode settings. @hblankenship (#11418)
- Qualys Hacker Guardian: Set Dedupe Config @Maffooch (#11442)
🧰 Maintenance
- Bump nanoid from 3.3.7 to 3.3.8 in /docs @dependabot (#11421)
2.41.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.41.1
- fix(helm): Unpin old HELM version @kiblik (#11363)
- fix(setEnv): remove debug from list @kiblik (#11374)
- [docs] rename case-sensitive refs so that site builds correctly @paulOsinski (#11403)
- [docs] Pro Docs release notes - 2.41.1 @paulOsinski (#11402)
- [docs] add reo to script header @paulOsinski (#11396)
🚩 Changes to settings.dist.py
/ local_settings.py
- fix(oauth2): google oauth2 whitelisting. @JGodin-C2C (#11372)
- 🐛 fix RHS deduplication @manuel-sommer (#11385)
2.41.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.41.0
- Docs maintenance: remove external images, article QA + updates @paulOsinski (#11376)
- feat(parser: generic): Allow epss_* parameters @kiblik (#11293)
- Hotfix filenames @paulOsinski (#11368)
- update Pro changelog 2.41.0 @paulOsinski (#11367)
- Request Review Notification Update to Usernames @hblankenship (#11295)
- Add a filter for Findings for Has Any JIRA (grouped or single) @hblankenship (#11313)
🚩 Changes to settings.dist.py
/ local_settings.py
- Settings SHA: The Removal @Maffooch (#11299)
- Add DTSA to vulnid @manuel-sommer (#11302)
🚀 API features and enhancements
- Disallow multiple single-use notes on a single object @hblankenship (#11306)
- dissallow already linked issue @hblankenship (#11298)
🖌 Updates in UI
- Update Reported Finding Severity by Month on the dashboard to be by month instead of day. @hblankenship (#11304)
2.41.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.40.0
- Fix sarif parser location files processing @dmarushkin (#11265)
- OS Docs Overhaul - theming change, many new articles @paulOsinski (#11258)
- cleanup(helm): Drop support for TCP/3000 @kiblik (#11274)
- fix(components/node_modules): put .gitkeep back - fix warning @kiblik (#11309)
- Update CheckMarx One parser for imports where description is None @hblankenship (#11308)
- 🐛 fix trivyoperator tags @manuel-sommer (#11276)
- Ruff: Add and fix A005 @kiblik (#11275)
- Ruff: Add FIX001 and FIX003 @manuel-sommer (#10240)
- AnchoreCTL Policies: Additional checks for severity in description @hblankenship (#11269)
- chore(helm): implement readinessProbe and startupProbe for uwsgi container @fcecagno (#10506)
- Ruff: Fix for version 0.7.4 @kiblik (#11270)
- Add new Mend Platform API 3.0 file types to existing Mend parser @testaccount90009 (#11259)
- 🎉 Add Trivy Operator clustercompliance report @manuel-sommer (#11279)
- Harmonize helm @JGodin-C2C (#11168)
- prowler_v4.py Prowler v4.5.0 changed the 'event_time' key with 'time_dt' @ivan-morhun (#11213)
- docs(helm): add documentation about installation and external databas… @leofvo (#11015)
- Ruff: Add and fix PTH122 @manuel-sommer (#11255)
- fix(helm): set cloudsql-proxy as sidecar container to allow initializer and dbmigration to run @jndeverteuil (#10824)
- 🎉 All Trivy Operator findings in one json @manuel-sommer (#11252)
- feat(helm): Allow to keep initializer if requested @kiblik (#11257)
- 🐛 fix bearer_cli #11245 @manuel-sommer (#11248)
- Fix nuclei parser: invalid CWEs @fopina (#11232)
- Ruff: Add and "fix" S106 @kiblik (#11193)
- Ruff: Add and fix PTH112 @manuel-sommer (#11195)
- Ruff: Add and fix S108 @kiblik (#11192)
- GHA Artifacts: Update to v4 @Maffooch (#11205)
- fix(helm): add missing env config on job @leofvo (#11016)
- feat(helm): Add support for staticName for initializer @kiblik (#11237)
- 🐛 fix semgrep severity logic #11218 @manuel-sommer (#11219)
- 🐛 Fix Defender broken Endpoint #11217 @manuel-sommer (#11212)
- datetime.utcnow() is scheduled for removal @manuel-sommer (#11209)
- datetime.utcfromtimestamp() is scheduled for removal @manuel-sommer (#11208)
- 🐛 fix Acunetix date #11206 @manuel-sommer (#11207)
- Ruff: Add and fix S105 @kiblik (#11068)
- Ruff: Add and fix multiple flake8-use-pathlib @manuel-sommer (#11099)
- Ruff: Add and fix D411 @kiblik (#11064)
- Ruff: Add and "fix" S104 @kiblik (#11067)
🚩 Changes to settings.dist.py
/ local_settings.py
- add RLBA to vulnid @manuel-sommer (#11271)
- Fix nuclei deduplication @fopina (#11277)
- Mobsfscan report files parsing fix @dmarushkin (#11278)
- 🔨 rework kubescape parser @manuel-sommer (#11229)
- feat(DD_DEDUPLICATION_ALGORITHM_PER_PARSER + DD_HASHCODE_FIELDS_PER_SCANNER): Add checker of values @kiblik (#11244)
- add RLSA to vulnid @manuel-sommer (#11251)
- Refactor mobsf parser for v4 reports @dmarushkin (#11056)
- Ruff: Add and fix PTH120 @manuel-sommer (#11201)
- Ruff: Add and fix PTH113 @manuel-sommer (#11194)
- Ruff: Add and fix S113 @kiblik (#11198)
- 🎉 Add DSA vulnid @manuel-sommer (#11238)
- Display reviewers on finding pages. @pedrohdjs (#11165)
- 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
- Burp Enterprise: Support newer format @Maffooch (#11220)
- add TEMP to vulnid @manuel-sommer (#11180)
🚀 API features and enhancements
- Ruff: add and fix some SIM rules @kiblik (#10926)
- Ruff: Fix Ruff FURB189 on bugfix @manuel-sommer (#11290)
- DojoMeta: Ability to create or update multiple objects in batch @hblankenship (#11268)
- API to Link an EngagementQuestionnaire's unanswered Answered_Survey to an Engagement @hblankenship (#11226)
- 🐛 fix Bump ruff from 0.7.2 to 0.7.3 @manuel-sommer (#11224)
- API: Engagement update jira epic @raouf-haddada (#11234)
- Display reviewers on finding pages. @pedrohdjs (#11165)
- FileUpload Base64 extension fix @hblankenship (#11203)
- Ruff: Add and fix D413 @kiblik (#11065)
🐛 Bug Fixes
🖌 Updates in UI
- Ruff: add and fix some SIM rules @kiblik (#10926)
- Allow sorting endpoints by ID @fopina (#11228)
- Update audit log with actual requested reviewers @hblankenship (#11289)
- 🔨 rework kubescape parser @manuel-sommer (#11229)
- Display reviewers on finding pages. @pedrohdjs (#11165)
- 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
- Burp Enterprise: Support newer format @Maffooch (#11220)
- add engagement closed MS teams, Email, Alert, and Slack template @hblankenship (#11204)
🧰 Maintenance
- Bump cryptography from 43.0.3 to 44.0.0 @dependabot (#11346)
- Bump boto3 from 1.35.70 to 1.35.71 @dependabot (#11344)
- fix(deps): update dependency @tabler/icons from 3.22.0 to v3.23.0 (docs/package.json) @renovate (#11348)
- Bump pyjwt from 2.10.0 to 2.10.1 @dependabot (#11345)
- Bump python-gitlab from 5.0.0 to 5.1.0 @dependabot (#11343)
- Update dependency vite from 6.0.0 to v6.0.1 (docs/package.json) @renovate (#11337)
- Bump boto3 from 1.35.69 to 1.35.70 @dependabot (#11338)
- chore(deps): update dependency prettier from 3.3.3 to v3.4.1 (docs/package.json) @renovate (#11330)
- chore(deps): update dependency vite from 5.4.11 to v6 (docs/package.json) @renovate (#11333)
- Bump boto3 from 1.35.68 to 1.35.69 @dependabot (#11335)
- Bump boto3 from 1.35.67 to 1.35.68 @dependabot (#11318)
- chore(deps): update postgres docker tag from 17.1 to v17.2 (docker-compose.yml) @renovate (#11316)
- Bump boto3 from 1.35.66 to 1.35.67 @dependabot (#11312)
- chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.1 to v1.37.2 (helm/defectdojo/values.yaml) @renovate (#11307)
- Bump boto3 from 1.35.64 to 1.35.66 @dependabot (#11303)
- Bump boto3 from 1.35.63 to 1.35.64 @dependabot (#11292)
- Bump openapitools/openapi-generator-cli from v7.9.0 to v7.10.0 @dependabot (#11283)
- Bump nginx from
2140dad
to74175cf
@dependabot (#11282) - Bump pyjwt from 2.9.0 to 2.10.0 @dependabot (#11280)
- Bump boto3 from 1.35.62 to 1.35.63 @dependabot (#11281)
- Update postgres Docker tag from 17.0 to v17.1 (docker-compose.yml) @renovate (#11264)
- Bump boto3 from 1.35.60 to 1.35.62 @dependabot (#11267)
- Update Helm release postgresql from 16.1.2 to ~16.2.0 (helm/defectdojo/Chart.yaml) @renovate (#11260)
- Bump boto3 from 1.35.59 to 1.35.60 @dependabot (#11262)
- Bump boto3 from 1.35.58 to 1.35.59 @dependabot (#11253)
- Update dependency postcss from 8.4.47 to v8.4.49 (docs/package.json) @renovate (#11230)
- Update postgres:17.0-alpine Docker digest from 17.0 to 17.0-alpine (docker-compose.yml) @renovate (#11239)
- Bump boto3 from 1.35.56 to 1.35.58 @dependabot (#11242)
- Bump boto3 from 1.35.55 to 1.35.56 @dependabot (#11223)
- Bump boto3 from 1.35.54 to 1.35.55 @dependabot (#11214)
- Bump django from 5.1.2 to 5.1.3 @dependabot (#11197)
- Bump pdfmake from 0.2.14 to 0.2.15 in /components @dependabot (#11185)
- Bump ruff from 0.7.1 to 0.7.2 @dependabot (#11184)
- Bump boto3 from 1.35.53 to 1.35.54 @dependabot (#11183)
2.40.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.40.2
- cleanup(helm): Drop support for TCP/3000 @kiblik (#11274)
- Update CheckMarx One parser for imports where description is None @hblankenship (#11308)
- 🐛 fix trivyoperator tags @manuel-sommer (#11276)
- AnchoreCTL Policies: Additional checks for severity in description @hblankenship (#11269)
- 🎉 Add Trivy Operator clustercompliance report @manuel-sommer (#11279)
🚩 Changes to settings.dist.py
/ local_settings.py
- add RLBA to vulnid @manuel-sommer (#11271)
- Mobsfscan report files parsing fix @dmarushkin (#11278)
🚀 API features and enhancements
- Ruff: Fix Ruff FURB189 on bugfix @manuel-sommer (#11290)
🖌 Updates in UI
- Update audit log with actual requested reviewers @hblankenship (#11289)
2.40.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.40.1
- prowler_v4.py Prowler v4.5.0 changed the 'event_time' key with 'time_dt' @ivan-morhun (#11213)
- 🎉 All Trivy Operator findings in one json @manuel-sommer (#11252)
- feat(helm): Allow to keep initializer if requested @kiblik (#11257)
- 🐛 fix bearer_cli #11245 @manuel-sommer (#11248)
🚩 Changes to settings.dist.py
/ local_settings.py
- 🔨 rework kubescape parser @manuel-sommer (#11229)
- feat(DD_DEDUPLICATION_ALGORITHM_PER_PARSER + DD_HASHCODE_FIELDS_PER_SCANNER): Add checker of values @kiblik (#11244)
- add RLSA to vulnid @manuel-sommer (#11251)
- 🎉 Add DSA vulnid @manuel-sommer (#11238)
- 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
🖌 Updates in UI
- 🔨 rework kubescape parser @manuel-sommer (#11229)
- 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
2.40.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.40.0
- GHA Artifacts: Update to v4 @Maffooch (#11205)
- feat(helm): Add support for staticName for initializer @kiblik (#11237)
- 🐛 fix semgrep severity logic #11218 @manuel-sommer (#11219)
- 🐛 Fix Defender broken Endpoint #11217 @manuel-sommer (#11212)
- datetime.utcnow() is scheduled for removal @manuel-sommer (#11209)
- datetime.utcfromtimestamp() is scheduled for removal @manuel-sommer (#11208)
- 🐛 fix Acunetix date #11206 @manuel-sommer (#11207)
🚩 Changes to settings.dist.py
/ local_settings.py
- Burp Enterprise: Support newer format @Maffooch (#11220)
- add TEMP to vulnid @manuel-sommer (#11180)
🚀 API features and enhancements
- FileUpload Base64 extension fix @hblankenship (#11203)
🐛 Bug Fixes
🖌 Updates in UI
2.40.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.39.4
- correct broken documentation links @paulOsinski (#11178)
- Ruff: Add and fix S112, S311 @manuel-sommer (#11098)
- fix unittest documentation #11128 @manuel-sommer (#11143)
- 🎉 fix TrivyOperator new report structure @manuel-sommer (#11156)
- 🎉 add tenable plugin to reference #11127 @manuel-sommer (#11151)
- Ruff: Add and fix S101 @kiblik (#11066)
- Ruff: Add and fix D403 @kiblik (#11063)
- Change logo for docs, add knowledge base link @paulOsinski (#11158)
- fix: broker configuration fix for deployment @JGodin-C2C (#11109)
🚩 Changes to settings.dist.py
/ local_settings.py
- Burp Enterprise: Add hash code fields @Maffooch (#11179)
- Parser for AWS Inspector2 findings @siniysv (#10829)
- File Uploads: Allow FPR format @manuel-sommer (#11157)
- Add ELBA vulnerability URL @manuel-sommer (#11138)
🚩 Database migration
- Add toggle to dictate enforcement of verified status @hblankenship (#11131)
🚀 API features and enhancements
- Fix for engagement_end_date not being used @hblankenship (#11174)
🐛 Bug Fixes
🖌 Updates in UI
🧰 Maintenance
- Bump boto3 from 1.35.52 to 1.35.53 @dependabot (#11175)
- Bump drf-spectacular-sidecar from 2024.7.1 to 2024.11.1 @dependabot (#11176)
- Bump cvss from 3.2 to 3.3 @dependabot (#11177)
- Bump boto3 from 1.35.51 to 1.35.52 @dependabot (#11171)
- Bump jquery-ui from 1.14.0 to 1.14.1 in /components @dependabot (#11170)
- Update Helm release postgresql from 16.0.6 to ~16.1.0 (helm/defectdojo/Chart.yaml) @renovate (#11164)
- Bump boto3 from 1.35.50 to 1.35.51 @dependabot (#11160)
- Bump bleach from 6.1.0 to 6.2.0 @dependabot (#11161)
- Bump boto3 from 1.35.49 to 1.35.50 @dependabot (#11155)
- Bump python-gitlab from 4.13.0 to 5.0.0 @dependabot (#11140)
- Bump uwsgi from 2.0.26 to 2.0.28 @dependabot (#11142)
- Bump boto3 from 1.35.48 to 1.35.49 @dependabot (#11141)
2.39.4 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.39.3
🚀 API features and enhancements
🐛 Bug Fixes
2.39.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.39.2
- update RedHatSatellite bug description @manuel-sommer (#11101)
- Update link to Slack in Issue template @optimistic5 (#11130)
- 🐛 fix tenable #11102 @manuel-sommer (#11103)
🚩 Changes to settings.dist.py
/ local_settings.py
- add RXSA VULNERABILITY_URL @manuel-sommer (#11097)