2.25.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.25.1

🐛 Bug Fixes

• Endpoint Meta Importer: Do not create meta if column is empty @Maffooch (#8532)
• Remove naive format warnings during import @Maffooch (#8527)
• Update ASW-SH Inspector to accommodate findings without vulnerabilities or remediation @Maffooch (#8519)

2.25.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.25.0

• fix: uncheck verified box when toggle false positive to fix test_retr… @JoBaBe (#8499)
• added django service annotations option to helm values file to set an… @Crayeth (#8454)

🚩 Changes to settings.dist.py / local_settings.py

• Add drf-spectacular preprocessing hooks to keep a rigid definition of rendered API endpoints @Maffooch (#8507)
• Semgrep parser unique id from tool @kiberdruzhinnik (#8346)

🧰 Maintenance

• Bump cryptography from 41.0.2 to 41.0.3 @dependabot (#8456)

2.25.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.24.0

• Fixing some minor typos @cneill (#8472)
• Revert "Bump debugpy from 1.6.7 to 1.6.8" @Maffooch (#8478)
• OpenAPI validator: Fetch binary from the official docker image @kiblik (#8431)
• Fix invalid OpenAPI schema + Add integration test @kiblik (#8253)
• Update DOCKER.md - Correct docker compose versions - bug from 2.19.0 … @testaccount90009 (#8427)
• helm: Add extraVolumes for initializer job @al-cheb (#8364)
• Add JSON Ingestion to Veracode Parser @Maffooch (#8414)
• fix: Sonarqube re-upload #8379 @quirinziessler (#8383)
• Update files with PEP8 standards in folder dojo/tools #1 @ajtortolero (#8282)
• Update files with PEP8 standards in folder dojo/tools #2 @ajtortolero (#8301)
• Update chromedriver fetching mechanism @Maffooch (#8403)
• Doc: API parsers: Replace copy-pasted value @kiblik (#8389)
• Update files with PEP8 standards in folder dojo/tools #3 @ajtortolero (#8302)
• Update files with PEP8 standards in folder dojo/tools #6 @ajtortolero (#8319)
• Update DOCKER.md "run with docker compose using https" @testaccount90009 (#8361)
• Fix: HTTP->HTTPS redirect path @kiblik (#8358)
• Verified defaults to true when adding a Finding from web UI @Juu (#8363)
• Extract vulnerability type for Qualys scan import @nv-pipo (#8330)
• Update files with PEP8 standards in folder dojo/tools #5 @ajtortolero (#8305)
• Update files with PEP8 standards in folder dojo/tools #4 @ajtortolero (#8304)
• Fix: STATICFILES_DIRS warning @kiblik (#8252)

💣 Breaking changes

• Update naming convention for product tags in related objects @Maffooch (#8350)

🚩 Changes to settings.dist.py / local_settings.py

• Update Nessus references to Tenable @Maffooch (#8449)

🚀 API features and enhancements

• Add Reporter field to Finding PATCH/PUT @Maffooch (#8426)
• Update files with PEP8 standards in folder dojo #2 @ajtortolero (#8321)

🐛 Bug Fixes

• Update Nessus references to Tenable @Maffooch (#8449)
• Add more SLA related fields to excel/csv reports @Maffooch (#8439)
• Correct exception of editing finding with multiple req/resp pairs @Maffooch (#8438)
• Add signal to update Finding found_by column @Maffooch (#8351)
• Dependency Track: Add CVSS Score @Maffooch (#8357)
• Fix issue of not being able to create request/response pair if finding is created from API @Maffooch (#8352)
• Update naming convention for product tags in related objects @Maffooch (#8350)
• Fix finding/test engagement tag API filter @Maffooch (#8349)

🖌 Updates in UI

• Merge Bugfix -> Dev (2.25.0) @Maffooch (#8479)
• Deprecation: OpenAPI 2.0 Documentation page @Maffooch (#8473)
• Fixed side navbar cutoff issue @blakeaowens (#8386)

🧰 Maintenance

• Deprecation: OpenAPI 2.0 Documentation page @Maffooch (#8473)
• Bump boto3 from 1.28.16 to 1.28.18 @dependabot (#8465)
• Bump debugpy from 1.6.7 to 1.6.8 @dependabot (#8466)
• Bump fontawesomefree from 6.4.0 to 6.4.2 @dependabot (#8467)
• Update rabbitmq:3.12.2-alpine Docker digest from 3.12.2 to 3.12.2-alpine (docker-compose.yml) @renovate (#8463)
• Bump boto3 from 1.28.15 to 1.28.16 @dependabot (#8455)
• Update rabbitmq:3.12.2-alpine Docker digest from 3.12.2 to 3.12.2-alpine (docker-compose.yml) @renovate (#8451)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8444)
• Bump boto3 from 1.28.14 to 1.28.15 @dependabot (#8442)
• Bump vcrpy from 5.0.0 to 5.1.0 @dependabot (#8443)
• Bump uwsgi from 2.0.21 to 2.0.22 @dependabot (#8437)
• Bump boto3 from 1.28.12 to 1.28.14 @dependabot (#8436)
• Bump boto3 from 1.28.11 to 1.28.12 @dependabot (#8433)
• Bump markdown from 3.4.3 to 3.4.4 @dependabot (#8428)
• Bump packageurl-python from 0.11.1 to 0.11.2 @dependabot (#8429)
• Bump boto3 from 1.28.10 to 1.28.11 @dependabot (#8430)
• Bump django-ratelimit from 4.0.0 to 4.1.0 @dependabot (#8425)
• chore(deps): update mysql:5.7.42 docker digest from 5.7.42 to v (docker-compose.yml) @renovate (#8421)
• Bump boto3 from 1.28.8 to 1.28.10 @dependabot (#8424)
• Bump drf-spectacular from 0.26.3 to 0.26.4 @dependabot (#8416)
• chore(deps): update dependency postcss from 8.4.26 to v8.4.27 (docs/package.json) @renovate (#8413)
• Bump boto3 from 1.28.7 to 1.28.8 @dependabot (#8411)
• Bump word-wrap from 1.2.3 to 1.2.4 in /components @dependabot (#8397)
• Bump boto3 from 1.28.6 to 1.28.7 @dependabot (#8409)
• Bump pyjwt from 2.7.0 to 2.8.0 @dependabot (#8402)
• Bump boto3 from 1.28.4 to 1.28.6 @dependabot (#8404)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.8 to v1.33.9 (helm/defectdojo/values.yaml) @renovate (#8395)
• Update rabbitmq Docker tag from 3.12.1 to v3.12.2 (docker-compose.yml) @renovate (#8396)
• Bump gunicorn from 21.0.1 to 21.2.0 @dependabot (#8401)
• Bump cryptography from 41.0.1 to 41.0.2 @dependabot (#8384)
• Bump gunicorn from 20.1.0 to 21.0.1 @dependabot (#8391)
• Bump boto3 from 1.28.3 to 1.28.4 @dependabot (#8392)
• Bump sqlalchemy from 2.0.18 to 2.0.19 @dependabot (#8388)
• Bump asteval from 0.9.30 to 0.9.31 @dependabot (#8387)
• Bump boto3 from 1.28.1 to 1.28.3 @dependabot (#8381)
• Update redis Docker tag from 7.0.11 to v7.0.12 (docker-compose.yml) @renovate (#8371)
• Bump gitpython from 3.1.31 to 3.1.32 @dependabot (#8372)
• Bump cryptography from 41.0.1 to 41.0.2 @dependabot (#8373)
• Update dependency postcss from 8.4.25 to v8.4.26 (docs/package.json) @renovate (#8377)
• Bump boto3 from 1.28.0 to 1.28.1 @dependabot (#8366)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8367)
• Bump sqlalchemy from 2.0.17 to 2.0.18 @dependabot (#8355)
• Bump boto3 from 1.27.0 to 1.28.0 @dependabot (#8362)
• chore(deps): update dependency postcss from 8.4.24 to v8.4.25 (docs/package.json) @renovate (#8356)
• Bump django from 4.1.9 to 4.1.10 @dependabot (#8353)
• Bump lxml from 4.9.2 to 4.9.3 @dependabot (#8348)
• Bump pillow from 9.5.0 to 10.0.0 @dependabot (#8335)
• Bump boto3 from 1.26.165 to 1.27.0 @dependabot (#8342)
• Bump djangosaml2 from 1.6.0 to 1.7.0 @dependabot (#8343)
• Bump boto3 from 1.26.159 to 1.26.165 @dependabot (#8336)
• Bump humanize from 4.6.0 to 4.7.0 @dependabot (#8324)
• Bump vcrpy from 4.3.1 to 5.0.0 @dependabot (#8316)
• chore(deps): update release-drafter/release-drafter action from v5.23.0 to v5.24.0 (.github/workflows/release-drafter.yml) @renovate (#8322)
• Bump jira from 3.5.1 to 3.5.2 @dependabot (#8329)
• chore(deps): update rabbitmq docker tag from 3.12.0 to v3.12.1 (docker-compose.yml) @renovate (#8331)

2.24.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.24.3

• Update DOCKER.md - Correct docker compose versions - bug from 2.19.0 … @testaccount90009 (#8427)

🐛 Bug Fixes

• Add more SLA related fields to excel/csv reports @Maffooch (#8439)
• Correct exception of editing finding with multiple req/resp pairs @Maffooch (#8438)

2.24.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

🧰 Maintenance

• Bump word-wrap from 1.2.3 to 1.2.4 in /components @dependabot (#8397)
• Bump cryptography from 41.0.1 to 41.0.2 @dependabot (#8384)

2.24.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.24.1

• Doc: API parsers: Replace copy-pasted value @kiblik (#8389)

🖌 Updates in UI

• Fixed side navbar cutoff issue @blakeaowens (#8386)

2.24.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.24.0

• Fix: HTTP->HTTPS redirect path @kiblik (#8358)
• Verified defaults to true when adding a Finding from web UI @Juu (#8363)

🐛 Bug Fixes

• Add signal to update Finding found_by column @Maffooch (#8351)
• Dependency Track: Add CVSS Score @Maffooch (#8357)
• Fix issue of not being able to create request/response pair if finding is created from API @Maffooch (#8352)
• Fix finding/test engagement tag API filter @Maffooch (#8349)

🧰 Maintenance

• Bump django from 4.1.9 to 4.1.10 @dependabot (#8353)

2.24.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.23.0

• Password validators: Fix validators, add tests @kiblik (#8314)
• Disable NGINX leaking its version if TLS is not terminated on NGINX @fhoeborn (#8325)
• sla_deadline doesn't work with mitigated findings @coheigea (#8279)
• fix: dont create sast object when nothing given @gotbadger (#8287)
• Docs: Fix link to key management @krizon (#8306)
• Fix DeprecationWarning and some "noqa W605" @kiblik (#8295)
• Api Bugcrowd: Fix handling of invalid endpoint @kiblik (#8289)
• fix drheader parser #8281 @manuel-sommer (#8283)
• fix fatal error in testssl result #8269 @manuel-sommer (#8270)
• Fixing type-error in Finding._age @coheigea (#8249)
• Fix BurpRawRequestResponse reference before assignment error @missy-tester (#8244)
• Replace HttpResponseForbidden with PermissionDenied @Maffooch (#8248)
• Fixing error in importer if active is not specified @coheigea (#8235)
• bugfix - Close Old Findings will close all findings even when all findings are present in current import @sarahgibs (#8198)
• Dependency Check parser mark suppressed findings as mitigated @AndreVirtimo (#8218)
• Checkmarx: Add safeguards for "null" values in result types @Maffooch (#8221)
• Pin version of selenium to maintain test coverage @Maffooch (#8223)
• Azure Group Mapping: Make group mapping less atomic @Maffooch (#8207)
• Docs: Fix typo about API parsers @kiblik (#8213)
• Enhancement - Add tags to Jira tickets for finding groups @schuman0 (#7906)

🚩 Changes to settings.dist.py / local_settings.py

• Make SameSite attribute configurable for Session / CSRF Cookie @fhoeborn (#8300)
• Update banner checks @Maffooch (#8220)
• fix - Dependency Check deduplication #8228 @quirinziessler (#8229)
• Popeye Scanner Parser addition. @veneber (#7907)

🚩 Database migration

• Revamp of the false positive history feature @adiffpirate (#8125)

🐛 Bug Fixes

• Fix occurrence where product exists, but cannot be found @Maffooch (#8318)
• SARIF: Add some extra logic around codeFlows @Maffooch (#8263)
• Tenable: Further safeguarding, hardening, and conversions @Maffooch (#8256)
• Request Review improvements @Maffooch (#8261)
• Update banner checks @Maffooch (#8220)
• Tenable parser cleanups and improvements @Maffooch (#8233)
• Set Engagement status created from auto_create_context @Maffooch (#8225)

🖌 Updates in UI

• Add the ability to bulk change finding dates in the test view @coheigea (#8185)
• Bulk edit rework @Sh1nZ0u (#7999)

🧰 Maintenance

• Bump sqlalchemy from 2.0.16 to 2.0.17 @dependabot (#8308)
• Bump redis from 4.5.5 to 4.6.0 @dependabot (#8309)
• Bump boto3 from 1.26.158 to 1.26.159 @dependabot (#8297)
• Bump drf-spectacular from 0.26.2 to 0.26.3 @dependabot (#8298)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8291)
• Bump boto3 from 1.26.157 to 1.26.158 @dependabot (#8292)
• Bump boto3 from 1.26.155 to 1.26.157 @dependabot (#8290)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.7 to v1.33.8 (helm/defectdojo/values.yaml) @renovate (#8288)
• Bump djangosaml2 from 1.5.8 to 1.6.0 @dependabot (#8286)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8272)
• Bump asteval from 0.9.29 to 0.9.30 @dependabot (#8274)
• Bump boto3 from 1.26.154 to 1.26.155 @dependabot (#8271)
• Bump nginx from 1.25.0-alpine to 1.25.1-alpine @dependabot (#8273)
• Bump celery from 5.3.0 to 5.3.1 @dependabot (#8275)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8267)
• Bump boto3 from 1.26.153 to 1.26.154 @dependabot (#8266)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8262)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8258)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8257)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8259)
• Update mysql:5.7.42 Docker digest from 5.7.42 to v (docker-compose.yml) @renovate (#8250)
• Bump boto3 from 1.26.152 to 1.26.153 @dependabot (#8251)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8254)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8255)
• Bump boto3 from 1.26.151 to 1.26.152 @dependabot (#8245)
• Bump boto3 from 1.26.150 to 1.26.151 @dependabot (#8237)
• Bump sqlalchemy from 1.4.46 to 2.0.16 @dependabot (#8236)
• Bump boto3 from 1.26.149 to 1.26.150 @dependabot (#8231)
• Bump python-gitlab from 3.14.0 to 3.15.0 @dependabot (#8230)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8216)
• Bump boto3 from 1.26.148 to 1.26.149 @dependabot (#8219)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8224)
• Bump boto3 from 1.26.146 to 1.26.148 @dependabot (#8211)
• Bump django-extensions from 3.2.1 to 3.2.3 @dependabot (#8209)
• Bump celery from 5.2.7 to 5.3.0 @dependabot (#8208)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8132)
• Bump boto3 from 1.26.144 to 1.26.146 @dependabot (#8202)
• Update rabbitmq Docker tag from 3.11.17 to v3.12.0 (docker-compose.yml) @renovate (#8199)

2.23.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.23.2

• Docs: Fix link to key management @krizon (#8306)
• Api Bugcrowd: Fix handling of invalid endpoint @kiblik (#8289)

2.23.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.23.1

• Fixing type-error in Finding._age @coheigea (#8249)
• Fix BurpRawRequestResponse reference before assignment error @missy-tester (#8244)
• Replace HttpResponseForbidden with PermissionDenied @Maffooch (#8248)

🐛 Bug Fixes

• SARIF: Add some extra logic around codeFlows @Maffooch (#8263)
• Tenable: Further safeguarding, hardening, and conversions @Maffooch (#8256)
• Request Review improvements @Maffooch (#8261)