For upgrade notes, see https://defectdojo.readthedocs.io/en/latest/upgrading.html

Changes

🚩 Requires settings change or database migration

• Add redis transit encryption @KarstenSiemer (#3473)
• Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
• replace django-tagging by django-tagulous @valentijnscholten (#3333)
• [feat/login-form] Allowing login forms to be hidden @natebwangsut (#3423)

🚀 New importers

• Add support for GitLab Dependency Scanning reports @macedogm (#3534)
• Importer: Add OASIS SARIF format #3445 @damiencarol (#3464)

🚀 General features and enhancements

• Add redis transit encryption @KarstenSiemer (#3473)
• calendar: speedup and security fix @valentijnscholten (#3543)
• Add JIRA_Issue in related fields of Finding @RomainJufer (#3407)
• Retain SLA days for mitigated findings @madchap (#3525)
• Use full absolute url in notifications @marcosValle (#3538)
• Allow to specify the Environment when importing data from the APIv2 and the UI @xens (#3450)
• Allow use of ptvsd debugger when using k8s deployment @madchap (#3418)
• Add BlackDuck import functionality for License Risks that should be reviewed @WheelsVT (#3247)
• enable search tests @valentijnscholten (#3495)
• Tag filtering + general search improvements @valentijnscholten (#3449)
• securityContext related updates to Helm chart @namloc2001 (#3343)
• jira: add api test for adding note/comment @valentijnscholten (#3482)
• Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
• jira: don't add notes when creating/linking findings @valentijnscholten (#3481)
• logging: add DD_LOG_LEVEL setting @valentijnscholten (#3439)
• replace django-tagging by django-tagulous @valentijnscholten (#3333)
• Expose nginx status to prometheus in Kubernetes (helm) @uncycler (#3260)
• Nikto parser for scan of multiple hosts @StefanFl (#3428)
• reports: fix performance issues and small bugs @valentijnscholten (#3432)
• [feat/login-form] Allowing login forms to be hidden @natebwangsut (#3423)
• [APIv2] Update put semantic and doc for endpoint /finding/{id}/metadata @RomainJufer (#3408)
• Add duplicate finding support to API v2. @iwalton3 (#3325)

🐛 Bug Fixes

• Various Bug Fixes. Fix reupload via UI. Make 'Active' Default On Scan Import Forms. @devGregA (#3521)
• Fix(helm-unittests): add secret key and credential key @alles-klar (#3489)
• Only mitigate finding if previously active @madchap (#3523)
• fix(risk_acceptance): remove hard coded user_id @alles-klar (#3469)
• Reupload bug fixes @aaronweaver (#3531)
• Fix issue 3527 while importing some Twistlock scans @macedogm (#3532)
• (product) metrics: fixes and speedup @valentijnscholten (#3549)
• Add missing modifications for SARIF format @damiencarol (#3559)
• product list: fix last assessed displaying @valentijnscholten (#3493)
• [fix/helm-rabbitMQ]: Fix incorrect YAML key for RabbitMQ chart @natebwangsut (#3508)
• Bug fix: Add more unit tests for MobSF import #3479 @damiencarol (#3490)
• Jira: Allow status changes from dojo to jira @Maffooch (#3483)
• Fix popup message on SLA displays @Maffooch (#3477)
• Tweaked Fortify Parser To Handle Missing Code Snippet For Finding @ibcoleman (#3461)
• WebInspect Parser fails to process Issues without CWE and ReportSection with an empty SectionText @yilmi (#3492)
• Fix reports: print test names instead of test types - #3252 @yilmi (#3402)
• tagulous/reports: fix old prefetch fields - take 2 @valentijnscholten (#3491)
• tagulous/reports: fix old prefetch fields @valentijnscholten (#3486)
• Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
• report: fix report from products list and more @valentijnscholten (#3448)
• apiv2: fix endpoint status creation during scan import @alles-klar (#3468)
• [FIX] jira: fix adding note to finding and send to jira @RomainJufer (#3453)
• pin all python / pip dependencies @valentijnscholten (#3457)
• Allow Info findings to be pushed to JIRA without SLA @Maffooch (#3435)
• Fix import: binary analysis in MobSF scans #3134 @damiencarol (#3429)
• reports: fix performance issues and small bugs @valentijnscholten (#3432)
• celery imports for dojo.tools.tool_issue_updater @valentijnscholten (#3414)
• Fix finding export for non-staff users. @iwalton3 (#3286)
• Fix popup message on SLA displays @Maffooch (#3477)

📝 Documentation updates

• add note about initializer duration @valentijnscholten (#3499)
• Update README Valentijn @valentijnscholten (#3440)

🧰 Maintenance

• Release drafter categories adaptation @madchap (#3560)
• Test suite and scripts cleanup @valentijnscholten (#3500)
• celery entrypoints: support all settings related mounts @valentijnscholten (#3545)
• Bump pdfmake from 0.1.68 to 0.1.69 in /components @dependabot (#3558)
• chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3553)
• Bump pygithub from 1.54 to 1.54.1 @dependabot (#3551)
• Bump pytz from 2020.4 to 2020.5 @dependabot (#3552)
• chore(deps): update manusa/actions-setup-minikube action from v2.2.0 to v2.3.0 (.github/workflows/k8s-testing.yml) @renovate (#3541)
• chore(deps): update mysql:5.7.32 docker digest from 5.7.32 to 5.7.32 (docker-compose.yml) @renovate (#3540)
• Add PyJWT to requirements.txt @squ1rr3lly (#3536)
• Bump coverage from 5.3 to 5.3.1 @dependabot (#3509)
• Bump nginx from 1.19.5-alpine to 1.19.6-alpine @dependabot (#3510)
• Update manusa/actions-setup-minikube action from v2.1.0 to v2.2.0 (.github/workflows/k8s-testing.yml) @renovate (#3505)
• Bump datatables.net-dt from 1.10.22 to 1.10.23 in /components @dependabot (#3496)
• Bump datatables.net-bs from 1.10.22 to 1.10.23 in /components @dependabot (#3498)
• Bump requests from 2.25.0 to 2.25.1 @dependabot (#3484)
• chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3487)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.7.2 to v4.8.0 (.github/workflows/plantuml.yml) @renovate (#3476)
• Bump google-auth from 1.23.0 to 1.24.0 @dependabot (#3465)
• Bump humanize from 3.1.0 to 3.2.0 @dependabot (#3466)
• Bump nginx from 210a2dd to 6ceeeab @dependabot (#3467)
• make build image for nginx the same as django @valentijnscholten (#3415)
• chore(deps): update mysql:5.7.32 docker digest to b3b2703 (docker-compose.yml) @renovate (#3462)
• chore(deps): update rabbitmq:3.8.9 docker digest to 70dcefa (docker-compose.yml) @renovate (#3463)
• Bump bleach from 3.1.0 to 3.2.1 @dependabot (#3458)
• Bump pandas from 1.1.2 to 1.1.5 @dependabot (#3459)
• pin all python / pip dependencies @valentijnscholten (#3457)
• Revert "Revert "release workflow: simplify matrix"" @valentijnscholten (#3456)
• Revert "release workflow: simplify matrix" @valentijnscholten (#3454)
• release workflow: simplify matrix @valentijnscholten (#3416)
• Bump mysqlclient from 2.0.1 to 2.0.2 @dependabot (#3443)
• Bump cryptography from 3.3 to 3.3.1 @dependabot (#3444)
• Bump cryptography from 3.2.1 to 3.3 @dependabot (#3434)
• chore(deps): update rabbitmq:3.8.9 docker digest to 39a4fca (docker-compose.yml) @renovate (#3430)
• Bump pandas from 1.1.5 to 1.2.0 @dependabot (#3557)
• k8s testing workflow: remove docker secrets @valentijnscholten (#3519)
• gha: switch to pull_request from pull_request_target @valentijnscholten (#3512, #3514)
• Update unit-tests.yml @valentijnscholten (#3506, #3507)
• move renovate.json @valentijnscholten (#3503, #3504)
• maintenance: Update cancel-outdated-workflow-runs.yml @valentijnscholten (#3502)