Releases: DefectDojo/django-DefectDojo
Releases · DefectDojo/django-DefectDojo
1.7.1 🌈
1.7.0 🌈
🚀 New scanners
- github vulnerability parser added @tahir59 (#2386)
- Twistlock CSV Parser Feature @bvcelari (#2626)
- Feature/add tool huskyci @edersonbrilhante (#2612)
- Feature/add tool ccvs @edersonbrilhante (#2611)
- Eslint plugin (against dev) @omerlh (#2558)
🚀 Features and enhancements
- Partial endpoint remediation @cody-m-tibco (#2632)
- Switch Nginx image to Alpine @alles-klar (#2645)
- JIRA/GitHub: Use templates to allow customizing issue description / body @valentijnscholten (#2643)
- JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
- Add Technology (App Analysis) management via UI and APIv2 @Maffooch (#2639)
- authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
- Search by CVE and index extra fields @valentijnscholten (#2616)
- Add risk acceptance flag and simple bulk risk acceptance @valentijnscholten (#2390)
- Add SAML2 support @cody-m-tibco (#2603)
- API V2: add the possibility to filter by "is_Mitigated" status @ptrovatelli (#2602)
- Slack enhancements @madchap (#2486)
- Notes improvements (UI and Jira integration) @steeve85 (#2581)
- Update to Gitleak deduplication algorithm @steeve85 (#2699)
🐛 Bug Fixes
- Default jira severity to Low instead of None @madchap (#2667)
- jira: only set duedate when field is available in jira @valentijnscholten (#2650)
- jira hotfix when no usercontactinfo for reporter @valentijnscholten (#2648)
- JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
- jira issue and endpoints prefetching fixes @valentijnscholten (#2625)
- Exception preventing in (re)import-scan @cody-m-tibco (#2606)
- Add description to test add and edit @madchap (#2560)
- Added pwgen for all platforms. @NotBryan (#2578)
- Bugfix for burp test upload @JamesCullum (#2576)
- Jira fixes for #2521 #2577 @Apipia (#2579)
- kubernetes: add missing affinity @ptrovatelli (#2310)
- Fix 500 rendering error for duplicate without original_finding @Apipia (#2509)
- Fix push close and re-open from DDJ to JIRA @kareem-DA (#2605)
- Fix swagger finding @edersonbrilhante (#2656)
🧰 Maintenance
- Bump google-auth from 1.19.1 to 1.19.2 @dependabot-preview (#2691)
- Bump easymde from 2.10.1 to 2.11.0 in /components @dependabot-preview (#2688)
- Bump google-auth from 1.19.0 to 1.19.1 @dependabot-preview (#2685)
- Bump google-api-python-client from 1.9.3 to 1.10.0 @dependabot-preview (#2684)
- Add obvious way to delete metadata in UI @Maffooch (#2674)
- Bump django-extensions from 3.0.2 to 3.0.3 @dependabot-preview (#2678)
- Bump google-auth from 1.18.0 to 1.19.0 @dependabot-preview (#2675)
- Bump mysql-connector-python from 8.0.20 to 8.0.21 @dependabot-preview (#2672)
- Bump lxml from 4.5.1 to 4.5.2 @dependabot-preview (#2666)
- Bump nginx from 1.19.0-alpine to 1.19.1-alpine @dependabot-preview (#2673)
- Bump django-crispy-forms from 1.9.1 to 1.9.2 @dependabot-preview (#2670)
- bug report template: better git cmd @valentijnscholten (#2659)
- Bump mysqlclient from 2.0.0 to 2.0.1 @dependabot-preview (#2640)
- Bump python from 3.6.10-slim-buster to 3.6.11-slim-buster @dependabot-preview (#2646)
- Bump coverage from 5.1 to 5.2 @dependabot-preview (#2653)
- added steps for changing the password @krbalag (#2652)
- JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
- Bump humanize from 2.4.1 to 2.5.0 @dependabot-preview (#2644)
- Bump mysqlclient from 1.4.6 to 2.0.0 @dependabot-preview (#2637)
- Bump django-extensions from 3.0.1 to 3.0.2 @dependabot-preview (#2634)
- Bump django-extensions from 2.2.9 to 3.0.1 @dependabot-preview (#2621)
- Bump django from 2.2.13 to 2.2.14 @dependabot-preview (#2627)
- Bump pillow from 7.1.2 to 7.2.0 @dependabot-preview (#2624)
- Bump humanize from 2.4.0 to 2.4.1 @dependabot-preview (#2614)
- remove BREAK in html @madchap (#2613)
- Bump celery from 4.4.5 to 4.4.6 @dependabot-preview (#2608)
- Bump social-auth-app-django from 3.4.0 to 4.0.0 @dependabot-preview (#2593)
- integration tests: grep celery work logs for ERRORs @valentijnscholten (#2574)
- Bump moment from 2.26.0 to 2.27.0 in /components @dependabot-preview (#2585)
- Bump google-auth from 1.17.2 to 1.18.0 @dependabot-preview (#2582)
- travis: merge docker step with integration tests step @valentijnscholten (#2580)
- run some Integration tests with block execution = true @valentijnscholten (#2377)
- merge release/1.6.5 into dev @valentijnscholten (#2568)
- Bump uwsgi from 2.0.19 to 2.0.19.1 @dependabot-preview (#2571)
- fix: rename HuskyCi to HuskyCI Report in test_type @edersonbrilhante (#2633)
🚩 Requires settings change
- authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
- Add SAML2 support @cody-m-tibco (#2603)
🚩 Security
- kubernetes security fixes: @ptrovatelli (#2214)
🚩 Documentation
- doc: add docker-compose build @wurstbrot (#2595)
- In-page doc for twistlock now accepting CSV as input @madchap (#2676)
1.6.5 Bug fix release 🌈
Change
🐛 Bug Fixes
- mentioning a user: fix notifications @valentijnscholten (#2565)
- fix github issue creation @madchap (#2505)
- Fix JIRA webhook event type compares @kareem-DA (#2507)
- fixed duplicate_finding_set function to not throw error @Apipia (#2506)
- Fix JIRA update issue if issue already linked @madchap (#2441)
- JIRA fixes @madchap (#2462)
- Fix duplicate issues create in JIRA when creating an ad-hoc finding @kareem-DA (#2489)
- improve error handling notifications @valentijnscholten #2412
- fix alerts for product_added, and more @valentijnscholten #2359
- npm audit parser: fixes @valentijnscholten #2225
- backport fixes for integration tests to 1.6.x @valentijnscholten #2442
- False positive history: Recognized false positives marked as verified @ssridhartibco #2483
- search: fix for non-staff non-superusers @valentijnscholten #2482
🧰 Maintenance
- merge release/1.6.5 into master @valentijnscholten (#2567)
- setup.bash: print message when user selects unsupported database scen… @valentijnscholten (#2527)
- setup.bash EOL notice @madchap (#2516)
- release aftercare: merge hotfix 1.6.2 into 1.6.5 @valentijnscholten (#2499)
🚩 Security
- Disable XXE when parsing Qualys reports @eric-therond-sonarsource (#2539)
1.6.2 Hotfix release
Corrects version within DefectDojo.
Security patch release
Django update from 2.2.12 to 2.2.13 to fix several security vulnerabilities.
1.6.0 GA release
We're glad to make the 1.6.0 GA now.
Since 1.6.0-rc, the following fixes were made.
Docker images have been pushed with tag 1.6.0 and latest.
Below the list of all changes since the previous 1.5.4 GA.
Changes
🚀 New scanners
- Adding a parser for Gitleaks scanner @steeve85 (#2149)
- Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🚀 Features and enhancements
- Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
- Feature/jira overhaul (Push All Issues) @Apipia (#2140)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- Dockerfile for integration tests @alles-klar (#2114)
- Add TLS for Nginx Helm Chart @alles-klar (#2115)
- Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
- Add github integration @mestrade (#2116)
- Brakeman parser improvement @steeve85 (#2175)
- integration tests fixes and improvements @valentijnscholten (#2160)
- [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
- Move similar finding below actual finding main info @madchap (#2131)
- Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- Add bulk risk acceptance API @jvz (#1904)
- Add component name and version for JFrog scans @jvz (#1979)
- apiv2: add test.id in result of importscan @valentijnscholten (#2094)
- performance: cache system_settings in views @valentijnscholten (#1953)
- add url and product name to jira alert message @valentijnscholten (#2061)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- performance gains by prefetching in more places @valentijnscholten (#1955)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)
🐛 Bug Fixes
- fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
- Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
- Acunetix parser fix @steeve85 (#2185)
- Hadolint parser fix @steeve85 (#2186)
- integration tests fixes and improvements @valentijnscholten (#2160)
- Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
- system settings test: fix copy-paste error @valentijnscholten (#2158)
- unittests: check for existence of system_settings db record @valentijnscholten (#2105)
- Allow staff users to delete notes @madchap (#2127)
- honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
- fix dashboard graph - show values @alles-klar (#2112)
- Social-auth: Fix call-back URLs @xens (#2124)
- Fix middlewares @Nilix007 (#1863)
- product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
- DSOP parser missing fields @madchap (#2104)
- kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
- Fix kubernetes helm upgrade @ptrovatelli (#1924)
- fix migrations after #2009 @valentijnscholten (#2100)
- Fix duplication issue @MarianG (#2009)
- Fix for issue #1993 @piyarathnalakmali (#2097)
- docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
- fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
- quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
- Fix whitesource parser @MarianG (#2011)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- fix various DSOP parser issues @madchap (#2054)
- add version to filter fields @madchap (#1879)
- Anchore parser fix to consider package_path @madchap (#2086)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- fix some queries so that open include active verified and not verified @madchap (#2026)
- only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
- fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
- only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
- npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- fix removed system settings processor @valentijnscholten (#2080)
- fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🧰 Maintenance
- Minor DOCKER.md fix for ptvsd @madchap (#2177)
- Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- add doc about wrappers and branching model @ptrovatelli (#2003)
- Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
- Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
- Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
- Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
- Bump nginx from
3936fb3to7ac7819@dependabot-preview (#2155) - Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
- Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
- Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
- Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
- Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
- Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
- Pinned yarn package manager to stable version @arkwrn (#1956)
- Find and correct duplicate loops @MarianG (#2010)
- remove unused view_product_details @valentijnscholten (#2063)
- Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
- integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
- Fix duplication issue @MarianG (#2009)
- Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
- Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
- simplify and speedup integration tests @valentijnscholten (#2015)
- remove unused docker/nginx.conf @valentijnscholten (#2055)
- Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
- Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
- Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
- Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
- Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
- Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
- Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
- Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
- remove dependency pygments @alles-klar (#2017)
- Javascript dependency refactor @valentijnscholten (#2002)
- Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
- Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
- Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)
🚩 Requires settings change
- Fix middlewares @Nilix007 (#1863)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- Javascript dependency refactor @valentijnscholten (#2002)
- performance gains by prefetching in more places @valentijnscholten (#1955)
1.6.0-rc
Changes
🚀 New scanners
- Adding a parser for Gitleaks scanner @steeve85 (#2149)
- Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🚀 Features and enhancements
- Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
- Feature/jira overhaul (Push All Issues) @Apipia (#2140)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- Dockerfile for integration tests @alles-klar (#2114)
- Add TLS for Nginx Helm Chart @alles-klar (#2115)
- Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
- Add github integration @mestrade (#2116)
- Brakeman parser improvement @steeve85 (#2175)
- integration tests fixes and improvements @valentijnscholten (#2160)
- [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
- Move similar finding below actual finding main info @madchap (#2131)
- Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- Add bulk risk acceptance API @jvz (#1904)
- Add component name and version for JFrog scans @jvz (#1979)
- apiv2: add test.id in result of importscan @valentijnscholten (#2094)
- performance: cache system_settings in views @valentijnscholten (#1953)
- add url and product name to jira alert message @valentijnscholten (#2061)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- performance gains by prefetching in more places @valentijnscholten (#1955)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)
🐛 Bug Fixes
- fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
- Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
- Acunetix parser fix @steeve85 (#2185)
- Hadolint parser fix @steeve85 (#2186)
- integration tests fixes and improvements @valentijnscholten (#2160)
- Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
- system settings test: fix copy-paste error @valentijnscholten (#2158)
- unittests: check for existence of system_settings db record @valentijnscholten (#2105)
- Allow staff users to delete notes @madchap (#2127)
- honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
- fix dashboard graph - show values @alles-klar (#2112)
- Social-auth: Fix call-back URLs @xens (#2124)
- Fix middlewares @Nilix007 (#1863)
- product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
- DSOP parser missing fields @madchap (#2104)
- kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
- Fix kubernetes helm upgrade @ptrovatelli (#1924)
- fix migrations after #2009 @valentijnscholten (#2100)
- Fix duplication issue @MarianG (#2009)
- Fix for issue #1993 @piyarathnalakmali (#2097)
- docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
- fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
- quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
- Fix whitesource parser @MarianG (#2011)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- fix various DSOP parser issues @madchap (#2054)
- add version to filter fields @madchap (#1879)
- Anchore parser fix to consider package_path @madchap (#2086)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- fix some queries so that open include active verified and not verified @madchap (#2026)
- only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
- fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
- only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
- npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- fix removed system settings processor @valentijnscholten (#2080)
- fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🧰 Maintenance
- Minor DOCKER.md fix for ptvsd @madchap (#2177)
- Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- add doc about wrappers and branching model @ptrovatelli (#2003)
- Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
- Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
- Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
- Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
- Bump nginx from
3936fb3to7ac7819@dependabot-preview (#2155) - Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
- Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
- Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
- Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
- Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
- Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
- Pinned yarn package manager to stable version @arkwrn (#1956)
- Find and correct duplicate loops @MarianG (#2010)
- remove unused view_product_details @valentijnscholten (#2063)
- Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
- integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
- Fix duplication issue @MarianG (#2009)
- Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
- Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
- simplify and speedup integration tests @valentijnscholten (#2015)
- remove unused docker/nginx.conf @valentijnscholten (#2055)
- Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
- Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
- Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
- Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
- Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
- Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
- Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
- Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
- remove dependency pygments @alles-klar (#2017)
- Javascript dependency refactor @valentijnscholten (#2002)
- Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
- Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
- Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)
🚩 Requires settings change
- Fix middlewares @Nilix007 (#1863)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- Javascript dependency refactor @valentijnscholten (#2002)
- performance gains by prefetching in more places @valentijnscholten (#1955)
1.5.4.1 🐛
1.5.4
A long awaited release.
See https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.5.4rc6 for most of the changes that went into it.
Changes
- V1.5.4rc6 @ptrovatelli (#1834)
- Update slack invite URL to use the OWASP heroku invite rotator app @valentijnscholten (#1892)
1.5.4rc6
What's Changed
🚀 New scanners
- HackerOne parser (#1712) @blacklotos
- Trivy scanner support (#1700) @sergray
- Add parser for Xanitizer (#1679) @jankuehl
- Add Aqua parser (#1544) @madchap
- SonarQube integration (#1444) @twsagarcia
- Add support for Hadolint (#1424) @william-billaud
- Testssl Importer (#1397) @dr3dd589
- SSLyze importer (#1376) @dr3dd589
- JFrog XRay importer (#1375) @madchap
- SslScan importer (#1351) @dr3dd589
- Wpscan importer (#1345) @dr3dd589
- Webinspect importer (#1268) @dr3dd589
- Whitesource importer (#1243) @dr3dd589
- Mozilla Observatory importer (#1226) @dr3dd589
- Outpost24 importer (#1750) @jvz
🚀 Features and enhancements
- Added CVE Reference to imported findings from clair (#1751) @Rakito
- Enable Domain and Email Whitelist for Google Oauth (#1738) @arkwrn
- Read images as binaries (#1734) @dougmorato
- Add endpoints to scan (#1733) @alles-klar
- Add jira issue type config in settings (#1731) @madchap
- Login page banner (#1723) @madchap
- Fortify Parser Overhaul (#1706) @Apipia
- [apiv2] ability to filter engagement by name (#1703) @madchap
- Documentation fixes (#1699) @sergray
- Adapting to Active findings for count (#1698) @madchap
- adding multi-procs and threads by default (#1673) @madchap
- Add more product metrics, and base off open findings (#1672) @madchap
- Deduplication configuration per parser (#1665) @ptrovatelli
- drf_yasg for api documentation (#1664) @alles-klar
- Integrating Google Sheets with DefectDojo (#1637) @piyarathnalakmali
- Add ability to quickly mark duplicate findings (#1628) @jvz
- Add nosniff header and other improvments related to installation (#1624) @ptrovatelli
- Show more elements on a page (#1620) @alles-klar
- Change note editing restrictions (#1614) @piyarathnalakmali
- Integrate Engagement Surveys (#1601) @Maffooch
- Add finding ID, Eng. Version and tags to search results (#1596) @dougmorato
- Ability to Add And Remove Notes with API v2 Finding Endpoint (#1595) @propersam
- Improve Product view filtering (#1588) @dougmorato
- Adding the All Engagements View (#1587) @dougmorato
- Introducing DataTables to Products and Findings (#1586) @dougmorato
- add v1 api enhancements (#1574) @devGregA
- [SonarQube API] Manage manual changes (#1568) @twsagarcia
- Twistlock add unittest and try-catch (#1567) @madchap
- Ease use of external db in helm charts (#1563) @william-billaud
- Add ability to import OWASP Dependency Track Finding Packaging Format (FPF) Exports as a scan (#1561) @csansone-handy
- Add note-types to organize finding notes (#1539) @piyarathnalakmali
- JS validation in template form (#1534) @no-sec-marko
- Make finding images downloadable via API (#1532) @efficiosoft
- Manually set parent of duplicate (#1516) @Maffooch
- Add option to move engagements to different products (#1512) @Maffooch
- Add table of contents to HTML/Asciidoc reports (#1509) @Maffooch
- Integrate Unit tests to Travis CI jobs (#1501) @propersam
- Add express addition of Jira configs (#1495) @Maffooch
- Add Ability to Manage Findings Tag with Api v2 (#1489) @propersam
- Add ptvsd debug option (#1485) @madchap
- Improve Retire.JS parser (#1481) @Maffooch
- Add cve to Crashtest + dawnscanner findings (#1480) @dr3dd589
- docker-compose related improvements (#1479) @ptrovatelli
- Enable reports and resolve errors (@1469) @Maffooch
- JIRA improvements (#1466, #1465) @Maffooch
- Propose finding templates based on recent activity and CVE (@1464) @Maffooch
- "Download template as..." (#1453) @devEricA
- CWE statistics in product metrics (#1451) @twsagarcia
- Added Api v2 Feature For Report Generation (#1447) @propersam
- Reactivate sonar (#1445) @ptrovatelli
- Add current commit hash in footer (#1440) @dr3dd589
- Notifications overhaul (#1437) @devEricA
- JIRA Webhook support Finding transition to Accept/False positive status (#1419) @twsagarcia
- Bulk edit tags (#1402) @devEricA
- Include tags in reports (#1400) @dr3dd589
- Add Notes Endpoint to Api v2 + private (#1360, #1358) @propersam
- Disable the 'push to jira' checkbox prevent accidental overwrite (#1324) @madchap
- Enhanced Blackduck parser (#1318) @madchap @jvz
- Implement Azure AD Tenant OAuth (#1309) @dougmorato
- Previous and Next button to navigate findings (#1269) @devEricA
- Add private notes to findings and prevent showing on reports (#1266) @Maffooch
- Clear all alerts option (#1258) @devEricA
- Get python3 branch up to dev place (#1246) @Maffooch
- Make risk acceptance accessible from finding (#1225) @devEricA
🐛 Bug Fixes
- owasp_dependency_checker: truncate too long cve fields (#1768) @valentijnscholten
- Fix dedupe for dynamic parsers: fix addition of endpoints (#1730) @ptrovatelli
- [Helm] Fix resources indentation (#1727) @carlosjgp
- Fix hover issue in product list (#1718) @Maffooch
- Updated datatable because the endpoint popup didnt work (#1715) @MarianG
- No staff for new social logins (#1711) @madchap
- Updated php parser to report on warnings even with no errors (#1705) @Apipia
- Whitesource cvss3 fix, improvements (#1690, #1685) @madchap
- Fixing endpoint pop-up in add_findings.html (#1689) @no-sec-marko
- Blackduck importer update and fixes (#1683) @Apipia
- Fix undefined and null value issue in netsparker import (#1677) @H4ckd4ddy
- Fix sslyze XML parser for undefined value (#1676) @H4ckd4ddy
- Checkmarx set false positive status (#1675) @ptrovatelli
- Fix bug with endpoints without colons (#1667) @alles-klar
- Fix bug in simple metrics (#1666) @alles-klar
- argument type for json.loads (#1662) @frannovo
- Repair Simple Metrics data displayed on /metrics/simple route (#1655) @amnesik
- Fix CVE regex (#1632) @blacklotos
- Fix bug when using tags with spaces (#1621) @alles-klar
- Fix bug in qualys parser (#1619) @alles-klar
- Fix Spotbugs import (#1615) @Tibo-le-canard
- fix dependency-check cwe parsing (#1611) @madchap
- Fix "Under Review" not showing in test view (#1599) @madchap
- fix finding.cwe in filters (#1591) @legik
- Fix Import OpenVas Scan Result (#1585) @gogo02
- Fix Closed/Accepted Finding errors (#1578) @Maffooch
- fix introduced regression to ingesting Xray scan (#1564) @madchap
- Fix tables of contents and test pdf report (#1556) @Maffooch
- promote_to_finding crash on endpoints (#1551) @agix
- json_output does not exist (#1548) @agix
- Urlunsplit crash fix (#1547) @agix
- Fix bug when displaying accepted findings (#1538) @alles-klar
- Remove unique constraint from jira_id (#1529) @madchap
- Expand default bleach whitelist (#1524) @no-sec-marko
- Show test lead name in the test summary table instead name of eng lead (#1519) @no-sec-marko
- fix initial date format (#1499) @madchap
- fix release mode git commit showing issue (#1483) @dr3dd589
- Fix tags in all finding templates (#1463) @Maffooch
- Fix Clair importer (#1459) @dr3dd589
- Fix Dependency Check parser (#1455) @dr3dd589
- Fix json based import scanners (#1449) @Maffooch
- Fix deprecated filter argument (#1405) @frannovo
- Fix Qualys parsing and importing (#1386) @dougmorato
- Fix Veracode static and dynamic issue (#1377) @dr3dd589
🧰 Maintenance activities
- Bumping parent docker images (#1786) @madchap
- Update python dependencies (#1758) @alles-klar
- Pushing dependabot config to master (#1732) @madchap
- README's installation update (#1642, #1641) @Maffooch
- Update migrations to make builds happy (#1523) @Maffooch
- Adjust finding status to display product metrics (#1520) @madchap
- Fix unit-tests not working in docker env (#1429) @ptrovatelli
- Refactor deduplication and implement with django signals (#1395) @Maffooch
- Fix DefectDojo build caused by Python3 docker update (#1379) @alles-klar
- Use git+https instead of git+git for GitHub on requirements.txt (#1297) @dougmorato