DefectDojo/django-DefectDojo 1.13.0

1.13.0 🌈

on GitHub

Changes since 1.12.0

• Release: Merge release into master from: release/1.13.0 @github-actions (#3918)
• Fix factory for detailed mode @damiencarol (#3917)
• v1.13.0 upgrade notes @valentijnscholten (#3916)
• deprecation warning SAML integration @valentijnscholten (#3891)
• Updates to Engagements sidebar @blakeaowens (#3902)
• API V2 Documentation should use URL Prefix (if set) @JoseRoman (#3893)
• aftercare: don't show paging snippet if no results, fix tags field layout @valentijnscholten (#3885)
• Auth V2: three fixes for the new autorization system @StefanFl (#3888)
• Quick fix to remove a useless call to finding.save() @madchap (#3844)
• Small typo correction @Wadeck (#3833)
• Show boolean fields in product types as icons @StefanFl (#3819)
• Fix deduplication hashcode fields for Dependency Track scanner @svdm (#3822)
• Release: Merge back 1.12.1 into dev from: master-into-dev/1.12.1-1.13.0-dev @github-actions (#3792)
• Release: Merge release into master from: release/1.12.1 @github-actions (#3791)
• master-into-dev: add Detect Merge Conflicts workflow @valentijnscholten (#3789)
• Add metrics queries tests @danielnaab (#3743)
• master-into-dev: use --disable-dev-shm-usage to start chrome (#3739) @valentijnscholten (#3740)
• AWS Security Hub: set 'active' flag default to False @nlandais (#3716)
• Add info on the demo site to the README @mtesauro (#3718)
• Release: Merge back 1.12.0 into dev from: master-into-dev/1.13.0-dev @github-actions (#3713)

🚩 Requires settings change or database migration

• Rearrange for cvssv3 @madchap (#3861)
• fix typo in delete_duplicates @valentijnscholten (#3853)
• Fix risk acceptance celery handler + align @task decorators @madchap (#3866)
• AuthZv2.0: Object-based authorization (1st pull request) @StefanFl (#3757)
• Make mitigated date editable @greginvm (#3813)
• feature flag: Track Import history per Test @valentijnscholten (#3748)
• Add Close Engagement Notification @Maffooch (#3803)
• Fix google sheets + tests @madchap (#3747)
• Allow marking Qualys WAS security weaknesses as findings. @iwalton3 (#3427)
• product: prefetch verified count, add missing indexes 🏎️ @valentijnscholten (#3780)
• Nessus activate deduplication hash code algorythm @damiencarol (#3724)
• Product Type UI refresh @StefanFl (#3656)

🚩 Security

• Security fixes for reports/notes/enpoints via APIv2 @StefanFl (#3790)
• Bump bleach from 3.2.2 to 3.3.0 @dependabot (#3783)

🚀 New importers

• Add parser for Anchore Grype scan @damiencarol (#3814)

🚀 General features and enhancements

• Make the dashboard consistent @AndreyMZ (#3750)
• improve jira validation and error reporting @valentijnscholten (#3883)
• Rearrange for cvssv3 @madchap (#3861)
• Allow Login URL to be changed @JoseRoman (#3886)
• AuthZv2.0: Object-based authorization (1st pull request) @StefanFl (#3757)
• add paging + filter to list of tests, engagements. similar findings @valentijnscholten (#3812)
• Dynamic parser infrastructure part 2 @damiencarol (#3827)
• Make mitigated date editable @greginvm (#3813)
• Make the engagement view more consistent @StefanFl (#3856)
• feature flag: Track Import history per Test @valentijnscholten (#3748)
• Add Close Engagement Notification @Maffooch (#3803)
• Re-enable Jira Epic Mapping @Maffooch (#3782)
• product types: remove unused count prefetch @valentijnscholten (#3810)
• products: only prefetch github data if enabled @valentijnscholten (#3811)
• Metrics query optimizations @danielnaab (#3730)
• Allow marking Qualys WAS security weaknesses as findings. @iwalton3 (#3427)
• product: prefetch verified count, add missing indexes 🏎️ @valentijnscholten (#3780)
• Allow Findings filter by tags of all object levels @Maffooch (#3759)
• Helm: Chart improvements for running on GKE @jalseth (#3687)
• test.version: add missing places in UI, filters and importers @valentijnscholten (#3726)
• Dynamic parser infrastructure (part 1) @damiencarol (#3689)
• Product Type UI refresh @StefanFl (#3656)

🚀 API features and enhancements

• import_scan: add test response field to swagger docs @valentijnscholten (#3855)

🐛 Bug Fixes

• Dynamic infrastructure: implement detailed mode @damiencarol (#3915)
• aftercare: add finding from template fix @valentijnscholten (#3909)
• aftercare: fix datatables viewing duplicate findings @valentijnscholten (#3897)
• fix typo in setup.py for jsonlines @kmcquade (#3899)
• improve jira validation and error reporting @valentijnscholten (#3883)
• fix typo when editing engagement @valentijnscholten (#3895)
• Fix editing of Engagement checklist @StefanFl (#3860)
• Nexpose parser bugfixes @damiencarol (#3872)
• sonarqube & github updater: add missing import @valentijnscholten (#3892)
• update social-auth-core to support pyjwt 2.0.1 @valentijnscholten (#3889)
• Fix risk acceptance celery handler + align @task decorators @madchap (#3866)
• Reimport: keep false positive, out of scope and risk_accepted history #3848 @macedogm (#3858)
• import_scan: add test response field to swagger docs @valentijnscholten (#3855)
• finding.save() + add logging of the JIRA issue key to jira webhook @madchap (#3839)
• tests: fix add finding javascript error @valentijnscholten (#3834)
• dashboard: Count all findings/engagements for staff users #3824 @michaelgibson (#3826)
• anchore parser: Fix image_digest/imageDigest error @damiencarol (#3802)
• store tags for new (ad hoc) findings @valentijnscholten (#3825)
• risk acceptance rename left over reporter to owner @valentijnscholten (#3828)
• Fix google sheets + tests @madchap (#3747)
• jira webhook: fix risk acceptance handling @valentijnscholten (#3769)
• linting that lead to a bugfix in product type report via api @valentijnscholten (#3751)
• Fix Burp blank response bug #3795 @damiencarol (#3796)
• risk acceptance: fix notes bugs @valentijnscholten (#3768)
• Updated UI product name max chars to match model and API @mtesauro (#3801)
• Multiple Endpoint object query fix @Maffooch (#3700)
• Sonarqube HTML reports fix #3725 @damiencarol (#3734)
• Safety parser: fix error in unit tests @damiencarol (#3788)
• Fix helm chart @madchap (#3767)
• api: fix authorized product allowance for Test retrieval @valentijnscholten (#3755)
• Fix broken nexpose parser @SunatP (#2604)
• Fix IP address/host decoding in Nessus CSV parser (#3655) @damiencarol (#3710)
• Webhook: Fix JIRA key error for name @madchap (#3732)
• integration tests: use --disable-dev-shm-usage to start chrome @valentijnscholten (#3739)
• UI: Make Endpoint status reflect Finding status after close/reopen @Maffooch (#3593)
• api v2: remove try-catch that swallows all exceptions @valentijnscholten (#3727)

📝 Documentation updates

• documentation: Fix edit link and integrate doc folder into docs @alles-klar (#3882)
• feat(docs): trigger gh-pages build on push to dev @alles-klar (#3880)
• feat(doc): integrate documentation in main dojo repo @alles-klar (#3809)

🧰 Maintenance

• Bump django-dbbackup from 3.2.0 to 3.3.0 @dependabot (#3900)
• Bump django-crispy-forms from 1.11.0 to 1.11.1 @dependabot (#3901)
• Bump nginx from 1.19.6-alpine to 1.19.7-alpine @dependabot (#3903)
• Update stefanzweifel/git-auto-commit-action action from v4.8.0 to v4.9.0 (.github/workflows/plantuml.yml) @renovate (#3896)
• fix typo in delete_duplicates @valentijnscholten (#3853)
• Remove an unused script that validate Acunetix files @damiencarol (#3867)
• Nmap parser remove lxml and support vulners script @damiencarol (#3868)
• Bump google-auth from 1.26.1 to 1.27.0 @dependabot (#3884)
• Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#3876)
• Update rabbitmq Docker tag from 3.8.11 to v3.8.12 (docker-compose.yml) @renovate (#3874)
• Bump cryptography from 3.4.5 to 3.4.6 @dependabot (#3875)
• node/yarn: update to v14 and 1.22.10 @valentijnscholten (#3804)
• Bump justgage from 1.4.1 to 1.4.2 in /components @dependabot (#3871)
• Bump cryptography from 3.4.4 to 3.4.5 @dependabot (#3863)
• Bump easymde from 2.13.0 to 2.14.0 in /components @dependabot (#3864)
• Update styfle/cancel-workflow-action action from 0.7.0 to v0.8.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#3857)
• Update release-drafter/release-drafter action from v5.13.0 to v5.14.0 (.github/workflows/release-drafter.yml) @renovate (#3859)
• Bump asteval from 0.9.21 to 0.9.22 @dependabot (#3845)
• Bump google-auth from 1.26.0 to 1.26.1 @dependabot (#3846)
• Bump django-jsonfield-backport from 1.0.2 to 1.0.3 @dependabot (#3847)
• Bump google-auth from 1.25.0 to 1.26.0 @dependabot (#3842)
• Bump justgage from 1.4.0 to 1.4.1 in /components @dependabot (#3838)
• Bump cryptography from 3.4.3 to 3.4.4 @dependabot (#3836)
• Bump jszip from 3.5.0 to 3.6.0 in /components @dependabot (#3837)
• Bump cryptography from 3.4.1 to 3.4.3 @dependabot (#3831)
• Bump django-extensions from 3.1.0 to 3.1.1 @dependabot (#3816)
• Bump cryptography from 3.3.1 to 3.4.1 @dependabot (#3817)
• Bump nginx from 0174730 to c2ce58e @dependabot (#3818)
• cleanup: remove Python2 unicode everywhere @valentijnscholten (#3770)
• DSOP parser: remove pandas and fix twistlock CVE @damiencarol (#3784)
• update release diagram @madchap (#3806)
• updating release diagram @madchap (#3805)
• AWS Prowler parser maintenance @damiencarol (#3763)
• Bump google-auth from 1.24.0 to 1.25.0 @dependabot (#3793)
• Improve GitLab dependency scanning parser @macedogm (#3786)
• Bump bleach from 3.2.2 to 3.3.0 @dependabot (#3783)
• Bump packageurl-python from 0.9.3 to 0.9.4 @dependabot (#3785)
• Bump bleach from 3.2.3 to 3.3.0 @dependabot (#3774)
• Bump pytz from 2020.5 to 2021.1 @dependabot (#3773)
• Bump sqlalchemy from 1.3.22 to 1.3.23 @dependabot (#3775)
• Bump django-crispy-forms from 1.10.0 to 1.11.0 @dependabot (#3760)
• Bump python-gitlab from 2.5.0 to 2.6.0 @dependabot (#3761)
• Safety parser: fix error in unit tests @damiencarol (#3764)
• cleanup: remove empty unittests_legacy folder @valentijnscholten (#3752)
• Bump pyjwt from 1.7.1 to 2.0.1 @dependabot (#3644)
• template tags: remove unused leftover tags @valentijnscholten (#3709)
• Contrast parser: maintenance @damiencarol (#3737)
• Bump urllib3 from 1.26.2 to 1.26.3 @dependabot (#3719)
• Bump bleach from 3.2.2 to 3.2.3 @dependabot (#3720)
• Bump coverage from 5.3.1 to 5.4 @dependabot (#3721)
• Update mysql:5.7.33 Docker digest from 5.7.33 to 5.7.33 (docker-compose.yml) @renovate (#3722)
• Update rabbitmq:3.8.11 Docker digest from 3.8.11 to 3.8.11 (docker-compose.yml) @renovate (#3723)
• Bump django-auditlog to 1.0a1 @damiencarol (#3639)
• Bump titlecase from 1.1.1 to 2.0.0 @dependabot (#3705)
• initializer: import fixtures all at once, skip watson build @valentijnscholten (#3711)