DefectDojo/django-DefectDojo 1.12.0

1.12.0 🌈

on GitHub

Changes since 1.11.0

• master-into-dev: use --disable-dev-shm-usage to start chrome (#3739) @valentijnscholten (#3740)
• Release: Merge release into master from: release/1.12.0 @github-actions (#3712)
• Fix access typo @joesiewert (#3706)
• integration tests: wait for findings datatable @valentijnscholten (#3704)
• release drafter and doc updates @valentijnscholten (#3691)
• master-into-dev: docs + release drafter @valentijnscholten (#3685)
• Snyk findings: deduplication enhancements @rmoldesc (#3662)
• release drafter changes @valentijnscholten (#3626)
• Release: Merge back 1.11.1 into dev from: master-into-dev/1.12.0-dev @github-actions (#3625)
• Release: Merge release into master from: release/1.11.1 @github-actions (#3624)
• Snyk parser fixes @rmoldesc (#3615)
• sync master to dev: workflow changes + renovate settings @valentijnscholten (#3618)
• Adding retry into the k8s workflow @dsever (#3614)
• Release: Merge back 1.11.0 into dev from: master-into-dev/1.12.0-dev @github-actions (#3565)

💣 Breaking changes

• APIv1: disable by default @valentijnscholten (#3608)
• remove unused / left over custom_field dependency @valentijnscholten (#3574)

🚩 Requires settings change or database migration

• Increase alert field size to 250 @madchap (#3682)
• risk acceptance: enhance! @valentijnscholten (#3529)
• feat(alerts): automated cleanup of alerts per user @alles-klar (#3598)
• remove unused / left over custom_field dependency @valentijnscholten (#3574)

🚩 Security

• Security: Prevent XEE in parsers, Prevent open redirect @valentijnscholten (#3622)

🚀 New importers

• Importer: Burp REST API (Fix #3447) @damiencarol (#3542)
• ScoutSuite parser @hasantayyar (#3602)
• Snyk parser enhancements @rmoldesc (#3616)
• 3520: Added OSSIndex Devaudit scanner import functionality @bp4151 (#3570)
• Improve Micro Focus Webinspect parser @damiencarol (#3621)
• Add Scantist Vulnerability Scan Parser @mohcer (#3610)

🚀 General features and enhancements

• risk acceptance: enhance! @valentijnscholten (#3529)
• GHA: Docker build caching and other speed improvements @valentijnscholten (#3659)
• Findings list: Display jira key instead of jira bug icon @madchap (#3605)
• Add Arbitrary File Uploads @Maffooch (#3566)
• [APIv2] Prefetch Mixins + Composable Swagger Schema @RomainJufer (#3516)
• Exposing additional securityContext settings in parent values.yaml @namloc2001 (#3582)
• Add swagger schema test with tagged test cases @RomainJufer (#3528)
• Add more unit tests for AppSpider report parser @damiencarol (#3634)
• Import Gitlab projects as DefectDojo products fix Issue #1984 @christophe226 (#2211)
• feat(clair parser): parse component name and version @alles-klar (#3600)
• system settings through apiv2 @manuel-sommer (#3562)
• feat(alerts): automated cleanup of alerts per user @alles-klar (#3598)
• Add the close_old_findings parameter also to reimport API @ccojocar (#3572)
• Component enhancements @ricardomeulendijks (#3578)
• Add unit tests for Bandit parser @damiencarol (#3568)

🚀 API features and enhancements

• [APIv2] Prefetch Mixins + Composable Swagger Schema @RomainJufer (#3516)
• Add swagger schema test with tagged test cases @RomainJufer (#3528)

🐛 Bug Fixes

• integration tests: use --disable-dev-shm-usage to start chrome @valentijnscholten (#3739)
• Increase alert field size to 250 @madchap (#3682)
• Fix date format on Fortify parser @Maffooch (#3696)
• dependency track parser: fix dedupe, set hash code fields @valentijnscholten (#3667)
• add product via prod_type: use normal add product logic @valentijnscholten (#3692)
• files upload: remove from filters @valentijnscholten (#3690)
• Fix tag migration for legacy products @valentijnscholten (#3684)
• Fix bug in redirect function call @damiencarol (#3673)
• notifications: make them synchronous @valentijnscholten (#3678)
• fix engagement styling bug @valentijnscholten (#3669)
• jira: fix broken author check for cloud @valentijnscholten (#3668)
• Jira: fix support for epic as default issuetype + error handling @valentijnscholten (#3609)
• add product: fix missing error messages @valentijnscholten (#3658)
• Fix impact bug on Burp REST API parser and add more unit tests @damiencarol (#3657)
• Fix sonarqube 3-hourly sync job @valentijnscholten (#3619)
• Fix JFrog Xray JSON parser for CWE and CVSS v3 (#3597 fix) @damiencarol (#3585)
• jira webhook: fix incoming author name check @valentijnscholten (#3606)
• fix anchore reimport, sync reimport logic API<->UI, add unit tests @valentijnscholten (#3629)
• Display Active and Verified counts @madchap (#3590)
• fix(qualys-parser): map qid to vuln_id_from_tool @alles-klar (#3601)
• Parameter confidence is optional and CWE's are not always numerical in GitLab SAST @StefanFl (#3567)
• Send status changes from re-import to jira @Maffooch (#3592)
• Reimport (UI): Preserve existing tags when reimporting scan/test @valentijnscholten (#3596)

📝 Documentation updates

• Add swagger schema test with tagged test cases @RomainJufer (#3528)
• Update to release workflow @madchap (#3591)
• Initial parser doc @madchap (#3603)

🧰 Maintenance

• cleanup old comments / commented out code @valentijnscholten (#3697)
• Update rabbitmq Docker tag from 3.8.10 to v3.8.11 (docker-compose.yml) @renovate (#3688)
• Update rabbitmq:3.8.10 Docker digest from 3.8.10 to 3.8.10 (docker-compose.yml) @renovate (#3670)
• Bump bleach from 3.2.1 to 3.2.2 @dependabot (#3672)
• Bump django-celery-results from 2.0.0 to 2.0.1 @dependabot (#3661)
• Update busybox Docker tag from 1.32.0-musl to v1.33.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#3665)
• master-to-dev: GHA: Docker build caching and other speed improvements (#3659) @valentijnscholten (#3664)
• Update rabbitmq Docker tag from 3.8.9 to v3.8.10 (docker-compose.yml) @renovate (#3660)
• Bump cvss from 2.1 to 2.2 @dependabot (#3645)
• Bump mysql-connector-python from 8.0.22 to 8.0.23 @dependabot (#3652)
• Update mysql Docker tag from 5.7.32 to v5.7.33 (docker-compose.yml) @renovate (#3651)
• Bump pdfmake from 0.1.69 to 0.1.70 in /components @dependabot (#3646)
• Remove usage of django.utils.six vendored library version of six @damiencarol (#3649)
• remove old/dead/left-behind code @valentijnscholten (#3635)
• Fix #3638 Django static import deprecated @damiencarol (#3637)
• Update rabbitmq:3.8.9 Docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3633)
• Bump python-gitlab from 2.4.0 to 2.5.0 @dependabot (#3627)
• chore(deps): update mysql:5.7.32 docker digest from 5.7.32 to 5.7.32 (docker-compose.yml) @renovate (#3617)
• chore(deps): update styfle/cancel-workflow-action action from 0.6.0 to v0.7.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#3620)
• Update sample data fixture file @Maffooch (#3580)
• chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3595)
• Switch to official django-tagulous release @valentijnscholten (#3579)
• pin sqlalchemy dependency @valentijnscholten (#3583)
• remove unused / left over custom_field dependency @valentijnscholten (#3574)
• Bump jsonlines from 1.2.0 to 2.0.0 @dependabot (#3581)
• Bump pillow from 8.0.1 to 8.1.0 @dependabot (#3575)
• Bump mysqlclient from 2.0.2 to 2.0.3 @dependabot (#3576)
• Bump busybox from 1.32.0-musl to 1.33.0-musl @dependabot (#3577)

Untagged PRs

• Release: Merge release into master from: release/1.12.0 @github-actions (#3712)
• Fix access typo @joesiewert (#3706)
• integration tests: wait for findings datatable @valentijnscholten (#3704)
• release drafter and doc updates @valentijnscholten (#3691)
• master-into-dev: docs + release drafter @valentijnscholten (#3685)
• Snyk findings: deduplication enhancements @rmoldesc (#3662)
• release drafter changes @valentijnscholten (#3626)
• Release: Merge back 1.11.1 into dev from: master-into-dev/1.12.0-dev @github-actions (#3625)