2.29.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.28.0

• Finding Template: Correct save ordering @Maffooch (#9088)
• Add logging statement for failed password reset validation logic @Maffooch (#9087)
• Add subcomponent labels for celery beat and worker helm templates @veneber (#9078)
• Update README.md @devGregA (#9048)
• hotfix for nuclei to get it back working #9017 @manuel-sommer (#9018)
• Fix Bundler parser @manuel-sommer (#9025)
• Fixbug: sonarqube severity property and remove sonarqube whitespace lead and trail properties @biennd279 (#9006)
• Docs: Split upgrade notes @kiblik (#8983)
• fix harbor according to issue #9014 @manuel-sommer (#9016)
• remove unused unittestfile @manuel-sommer (#8962)
• add trivy-dojo-operator docs @rndmh3ro (#8943)
• fix nuclei #8920 @manuel-sommer (#8963)
• [ENHANCEMENT] Add Product Lifecycle filtering to Report Builder @tomaszn (#8968)
• [ENHANCEMENT] Add Finding Violates SLA filtering to Report Builder @tomaszn (#8971)
• Correct typo in rate limiting @Snbig (#8982)
• Fix typo in docs @Maffooch (#8958)
• Docker-compose + TLS: fix name of DD_TLS_PORT @kiblik (#8964)
• add sunset notice to burp-plugin.md @paulOsinski (#8952)
• api_sq: small typo in documentation @kiblik (#8955)

🚩 Changes to settings.dist.py / local_settings.py

• Feature/parser jfrog xray binary scan @renejal (#9015)
• 🎉 added humble #8988 @manuel-sommer (#8989)
• Improve DD_DEDUPLICATION_ALGORITHM_PER_PARSER DD_HASHCODE_FIELDS_PER_SCANNER @Gby56 (#9038)
• fix: Bugcrowd API Import uses legacy dedupe instead of unique id from tool @Gby56 (#8994)

🚩 Database migration

• Notification: Allow to send notification even if there was no change in scan @kiblik (#8959)

🚀 API features and enhancements

• OpenAPI schema: Use renderer with small size by default @kiblik (#8973)

🐛 Bug Fixes

• fix metrics to also calculate risk acceptance and duplicate findings. @lme-nca (#9013)

🖌 Updates in UI

• UI: Show Vuln ID from tool @kiblik (#9034)
• fix button color in risk acceptance bug @FelixHernandez (#9008)
• Notification: Allow to send notification even if there was no change in scan @kiblik (#8959)
• Reporting: Exclude empty fields from report + correct host for HTML reports @Maffooch (#8961)

🧰 Maintenance

• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9089)
• Bump fontawesomefree from 6.5.0 to 6.5.1 @dependabot (#9086)
• Bump boto3 from 1.29.7 to 1.33.5 @dependabot (#9085)
• Update redis:7.2.3-alpine Docker digest from 7.2.3 to 7.2.3-alpine (docker-compose.yml) @renovate (#9083)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9082)
• Update rabbitmq Docker tag from 3.12.9 to v3.12.10 (docker-compose.yml) @renovate (#9075)
• Bump social-auth-core from 4.5.0 to 4.5.1 @dependabot (#9073)
• Bump fontawesomefree from 6.4.2 to 6.5.0 @dependabot (#9074)
• Bump cryptography from 41.0.5 to 41.0.6 @dependabot (#9070)
• Bump cryptography from 41.0.5 to 41.0.7 @dependabot (#9065)
• Bump python-gitlab from 3.15.0 to 4.2.0 @dependabot (#9064)
• Fixing README links and formatting @cneill (#9022)
• Bump celery from 5.3.5 to 5.3.6 @dependabot (#9045)
• Bump boto3 from 1.29.5 to 1.29.7 @dependabot (#9053)
• Bump boto3 from 1.29.2 to 1.29.5 @dependabot (#9042)
• Bump humanize from 4.8.0 to 4.9.0 @dependabot (#9043)
• Bump django-filter from 23.3 to 23.4 @dependabot (#9036)
• Update rabbitmq Docker tag from 3.12.8 to v3.12.9 (docker-compose.yml) @renovate (#9023)
• Bump sqlalchemy from 2.0.22 to 2.0.23 @dependabot (#8935)
• Bump boto3 from 1.29.1 to 1.29.2 @dependabot (#9020)
• Update mysql:5.7.44 Docker digest from 5.7.44 to v (docker-compose.yml) @renovate (#8999)
• Update redis:7.2.3-alpine Docker digest from 7.2.3 to 7.2.3-alpine (docker-compose.yml) @renovate (#9007)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.13 to v1.33.14 (helm/defectdojo/values.yaml) @renovate (#8998)
• Bump boto3 from 1.28.85 to 1.29.1 @dependabot (#9010)
• Bump openapitools/openapi-generator-cli from 7.0.1 to v7.1.0 @dependabot (#8981)
• Bump boto3 from 1.28.84 to 1.28.85 @dependabot (#8991)
• Update postgres Docker tag from 16.0 to v16.1 (docker-compose.yml) @renovate (#8990)
• Update actions/github-script action from v6 to v7 (.github/workflows/submodule-update.yml) @renovate (#8985)
• Bump celery from 5.3.4 to 5.3.5 @dependabot (#8979)
• Bump boto3 from 1.28.82 to 1.28.84 @dependabot (#8980)
• Bump boto3 from 1.28.79 to 1.28.82 @dependabot (#8965)
• Removed git_protect GH action @mtesauro (#8953)
• Update actions/checkout action from v2 to v4 (.github/workflows/check-protected-files.yml) @renovate (#8945)
• Update actions/setup-python action from v2 to v4 (.github/workflows/check-protected-files.yml) @renovate (#8946)
• Bump boto3 from 1.28.77 to 1.28.79 @dependabot (#8951)