DefectDojo/django-DefectDojo 1.10.0

1.10.0 🌈

on GitHub

Changes

See upgrade notes for details on upgrading:https://defectdojo.readthedocs.io/en/latest/upgrading.html

💣 Breaking changes

• Move charts to bitnami's repo @madchap (#2859)
• JIRA: Allow config per engagement, incl big JIRA refactor @valentijnscholten (#3200)

🚩 Requires settings change

• Acunetix parser: Import all affected items + technical details @steeve85 (#2289)
• performance: optimize a bit view_finding, max similar findings=25 @valentijnscholten (#3293)
• Various bug fixes in various places @Maffooch (#3308)
• sla notify: disable by default, add explanation to settings @valentijnscholten (#3289)
• Celery: only send model ids and not full instances @valentijnscholten (#3092)

🚀 Features and enhancements

• tags: add testcases @valentijnscholten (#3324)
• reimport: set component_name&version on existing findings @valentijnscholten (#3288)
• API_V2 : Add metadata operation on findings endpoints @RomainJufer (#3254)
• performance: optimize a bit view_finding, max similar findings=25 @valentijnscholten (#3293)
• Various bug fixes in various places @Maffooch (#3308)
• sla notify: disable by default, add explanation to settings @valentijnscholten (#3289)
• Reintroduce HTML report builder @Maffooch (#3250)
• JIRA: Allow config per engagement, incl big JIRA refactor @valentijnscholten (#3200)
• Celery: only send model ids and not full instances @valentijnscholten (#3092)
• jira: set jira_project when creating JIRA_Issue @valentijnscholten (#3294)
• Set flag for auto refresh of alert/counts @Maffooch (#3275)

🐛 Bug Fixes

• apiv2: set mitigated date if applicable @keenan-v1 (#3285)
• Acunetix parser: Import all affected items + technical details @steeve85 (#2289)
• Correct filter for findings for non-staff users @StefanFl (#3339)
• jira: fix add/edit engagement if no jira config used @valentijnscholten (#3335)
• fix importing aws securityhub timestamp @Enigmatyk (#3329)
• Fix Product Metrics link to false positives. @tohch4 (#3334)
• jira_webhook: improve error handling @valentijnscholten (#3321)
• Nikto quick fix to hostname/url parsing (fixes #3268) @madchap (#3318)
• reimport: don't try to set component_name for absent findings @valentijnscholten (#3331)
• debug_toolbar: add known issue + fix for static files @valentijnscholten (#3309)
• Added steps to reproduce in Jira Description Template @FallenAtticus (#2990)
• aws security hub: fix handling of missing lastObservedAt @valentijnscholten (#3277)
• jira: fix mailto link in description @valentijnscholten (#3281)
• jira: split url handling for issues and projects @valentijnscholten (#3284)
• Various bug fixes in various places @Maffooch (#3308)
• Allow re-import scan to function without JIRA @Maffooch (#3295)
• Fix Accepted Risk reporter/owner in engineer metrics @Maffooch (#3297)
• Fix JIRA owner instead of reporter @madchap (#3282)
• settings.dist.py: reduce default log level from DEBUG to INFO @valentijnscholten (#3280)
• jira: use correct url for dojo_alert notification @valentijnscholten (#3273)
• Update open finding definition on product level @Maffooch (#3267)
• uwsgi: increase default buffer-size @valentijnscholten (#3269)
• Change encoding from utf-8 to utf-8-sig @jhamba (#2583)
• Commented out print statement 'ready(): initializing watson' as it breaks 'manage.py dumpdata' @mtesauro (#3274)
• Fix NoneType error on Metrics page @danielnaab (#3323)
• unittests: delete erroneously committed empty ZoneIdentifier metatdata files @valentijnscholten (#3304)

🧰 Maintenance

• build(deps): bump django-celery-results from 1.2.1 to 2.0.0 @dependabot-preview (#3311)
• Move charts to bitnami's repo @madchap (#2859)
• chore(deps): update mysql:5.7.32 docker digest to ec6742a (docker-compose.yml) @renovate (#3300)
• chore(deps): update rabbitmq:3.8.9 docker digest to b05476a (docker-compose.yml) @renovate (#3301)
• build(deps): bump google-api-python-client from 1.12.6 to 1.12.8 @dependabot-preview (#3305)
• build(deps): bump django-crispy-forms from 1.9.2 to 1.10.0 @dependabot-preview (#3307)
• Release drafter - add breaking changes section @madchap (#3291)
• build(deps): bump google-api-python-client from 1.12.5 to 1.12.6 @dependabot-preview (#3287)
• build(deps): bump asteval from 0.9.20 to 0.9.21 @dependabot-preview (#3266)
• Update CONTRIBUTING.md @madchap (#3314)
• Update SPONSORING.md @madchap (#3316)
• Update MAINTAINERS.md @madchap (#3315)
• Update CONTRIBUTING.md @madchap (#3317)
• Updated contributing doc to have Python 3.6 instead of 3.5 @mtesauro (#3306)
• Release: Merge release into master from: release/1.10.0 @github-actions (#3344)
• Release: Merge back master into dev from: master-into-dev/1.10.0-dev @github-actions (#3268