Note: Please see our upgrade notes for additional details
🚀 New scanners
🚀 Features and enhancements
- Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
- Add annotations for pods @madchap (#3012)
- Add json logging to Django @madchap (#3062)
- Modify uwsgi entrypoint to allow for overriding settings.py @mtesauro (#3045)
- Add configurable SAML2 logout endpoint @Maffooch (#3046)
- Add filter to product metrics @Maffooch (#2974)
- Add SSL verification variable to JIRA integration @Maffooch (#3016)
- swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
- dedupe / false positive history: make queries more performant @valentijnscholten (#3028)
- Add authorized users at the product type level @Maffooch (#3007)
- Allow specifying the key for the database secrets @uncycler (#2906)
- Add delete methods for products and environments in api v2 @RomainJufer (#3014)
- Add Component overview @ricardomeulendijks (#2977)
- ZAP parser: do not resolve hostname to IP address during endpoint creation (#2284) @AlexanderTyutin (#2286)
- Remove HipChat integration, add support for Microsoft Teams instead @StefanFl (#2975)
- Fixes and add missing index for simple search @valentijnscholten (#2955)
- Add related fields on findings @xens (#2949)
🐛 Bug Fixes
- Add 'options' to JIRA connections @Maffooch (#3106)
- Test header bar - findings count fix @madchap (#3074)
- apiv2: add doc for finding's related_fields + stick to OAv3 @xens (#3066)
- Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
- Add verbose importing flow to Fortify scans @Maffooch (#3055)
- Fix nginx port in docker-compose.override.https.yml @rookies (#3059)
- Fix burp request/response encoding errors in API @Maffooch (#3044)
- Set finding is_Mitigated on finding update @madchap (#3032)
- view_test: fix javascript for bulk edit enablement @valentijnscholten (#3035)
- sonatype parser: truncate filepath @valentijnscholten (#3036)
- Fix nginx port definition in docker-compose.yml @rookies (#3041)
- fix jira column on similar findings rows @valentijnscholten (#3030)
- Fix APIv1 Endpoint_Status bug @rookies (#3020)
- Make Product Type reports more descriptive @cody-m-tibco (#2783)
- add engagement: fix permission checks @valentijnscholten (#3005)
- apiv2: add misssing fields for filtering and remove UI related stuff @xens (#3000)
- Bugfix: Authorized User only gets findings through API of which he is the reporter of #2992 @Yuuichi89 (#2998)
- Bugfix typo in docker integration tests @alles-klar (#2995)
- Fix APIv2 Endpoint Status bug @Maffooch (#2983)
- Don't copy inexistent certs folder in Dockerfile.django @uncycler (#2946)
- Fixes and add missing index for simple search @valentijnscholten (#2955)
- jira: fix looping when pushing from api @valentijnscholten (#2951)
- HackerOne: Added unique_id_from_tool to fix deduplication @reinier-vegter (#2935)
- fix: prevent saving empty cve @edersonbrilhante (#2669)
🧰 Maintenance
- v0.1 of GHA release automation @madchap (#3094)
- apiv1 deprecation: show warning on docs and api key pages @valentijnscholten (#3089)
- build(deps): bump markdown from 3.3.2 to 3.3.3 @dependabot-preview (#3095)
- build(deps): bump cryptography from 3.1.1 to 3.2 @dependabot-preview (#3096)
- Update stefanzweifel/git-auto-commit-action action from v4.7.1 to v4.7.2 (.github/workflows/plantuml.yml) @renovate (#3086)
- build(deps): bump pillow from 8.0.0 to 8.0.1 @dependabot-preview (#3076)
- build(deps): bump drf-yasg2 from 1.19.2 to 1.19.3 @dependabot-preview (#3077)
- build(deps): bump google-api-python-client from 1.12.3 to 1.12.5 @dependabot-preview (#3075)
- master->dev: github action workflow config sync @valentijnscholten (#3078)
- integration tests: fix mark finding for review errors @valentijnscholten (#3073)
- Add endpoint_status creation script @Maffooch (#3068)
- build(deps): bump humanize from 3.0.1 to 3.1.0 @dependabot-preview (#3049)
- upgrade to drf_yasg2 which is needed for django rest framework 3.12 and higher @valentijnscholten (#3052)
- Update mysql Docker tag from 5.7.31 to v5.7.32 (docker-compose.yml) @renovate (#3070)
- Update stefanzweifel/git-auto-commit-action action from v4.6.0 to v4.7.1 (.github/workflows/plantuml.yml) @renovate (#3071)
- master->dev sync: modifications to workflow files @valentijnscholten (#3067)
- GitHub Actions: Add unit tests workflow @valentijnscholten (#3063)
- chore(deps): update stefanzweifel/git-auto-commit-action action from v4.1.2 to v4.6.0 (.github/workflows/plantuml.yml) @renovate (#3050)
- chore(deps): update actions/checkout action from v1 to v2 (.github/workflows/plantuml.yml) @renovate (#3051)
- Remove that comment to make my sed life easier @madchap (#3048)
- build(deps): bump markdown from 3.3.1 to 3.3.2 @dependabot-preview (#3047)
- build(deps): bump urllib3 from 1.25.10 to 1.25.11 @dependabot-preview (#3040)
- build(deps): bump mysql-connector-python from 8.0.21 to 8.0.22 @dependabot-preview (#3039)
- build(deps): bump lxml from 4.5.2 to 4.6.1 @dependabot-preview (#3037)
- title: suppress superfluous log lines @valentijnscholten (#3031)
- Revert "Move helm deps to Chart.yaml (#3013)" @madchap (#3022)
- build(deps): bump pillow from 7.2.0 to 8.0.0 @dependabot-preview (#3010)
- linting @valentijnscholten (#3024)
- chore(deps): update mysql:5.7.31 docker digest to 3830eda (docker-compose.yml) @renovate (#3006)
- Add required fields in package.json @alles-klar (#3008)
- Move helm deps to Chart.yaml @madchap (#3013)
- build(deps): bump markdown from 3.3 to 3.3.1 @dependabot-preview (#2996)
- more tests for import and deduplication @valentijnscholten (#2959)
- Removing deprecated keys @dsever (#2994)
- build(deps): bump nginx from 1.19.2-alpine to 1.19.3-alpine @dependabot-preview (#2988)
- build(deps): bump datatables.net-buttons-bs from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2981)
- build(deps): bump datatables.net-buttons-dt from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2982)
- build(deps): bump django-slack from 5.15.2 to 5.15.3 @dependabot-preview (#2986)
- chore(deps): update helm chart rabbitmq from 6.16.0 to v6.18.2 (helm/defectdojo/requirements.yaml) @renovate (#2967)
- build(deps): bump packageurl-python from 0.9.2 to 0.9.3 @dependabot-preview (#2971)
- build(deps): bump markdown from 3.2.2 to 3.3 @dependabot-preview (#2970)
- build(deps): bump easymde from 2.12.0 to 2.12.1 in /components @dependabot-preview (#2972)
- build(deps): bump moment from 2.29.0 to 2.29.1 in /components @dependabot-preview (#2973)
- chore(deps): update helm chart redis from 10.3.1 to v10.5.7 (helm/defectdojo/requirements.yaml) @renovate (#2968)
- chore(deps): update helm chart postgresql from 8.1.2 to v8.6.4 (helm/defectdojo/requirements.yaml) @renovate (#2966)
- chore(deps): update helm chart mysql from 1.6.2 to v1.6.7 (helm/defectdojo/requirements.yaml) @renovate (#2965)
- Veracode: use unique_id_from_tool (fixed deduplication issues) @reinier-vegter (#2909)
- build(deps): bump google-auth from 1.22.0 to 1.22.1 @dependabot-preview (#2964)
- Move onetime command code to respective files @valentijnscholten (#2960)
- Remove heroku demo from README @madchap (#2963)
- build(deps): bump humanize from 2.6.0 to 3.0.1 @dependabot-preview (#2957)
- build(deps): bump google-api-python-client from 1.12.2 to 1.12.3 @dependabot-preview (#2933)
- chore(deps): update rabbitmq docker tag from 3.7.26 to v3.8.9 (docker-compose.yml) @renovate (#2941)
- Start celery without uid @uncycler (#2923)
- chore(deps): update mysql docker tag from 5.7.29 to v5.7.31 (docker-compose.yml) @renovate (#2940)
- sync renovate config from master @valentijnscholten (#2956)
- build(deps): bump easymde from 2.11.0 to 2.12.0 in /components @dependabot-preview (#2934)
- Merge renovate config from master into dev @valentijnscholten (#2942)
- Configure Renovate dev @renovate (#2936)
- Merge back 1.8.0 from master into dev @valentijnscholten (#2932)
- Release PR - release/1.9.0 @github-actions (#3107)
- sync dev from master after renovate config update @valentijnscholten (#2953)
- Configure Renovate @renovate (#2941
🚩 Requires settings change
- Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
- Add json logging to Django @madchap (#3062)
- Add configurable SAML2 logout endpoint @Maffooch (#3046)
- Add SSL verification variable to JIRA integration @Maffooch (#3016)
- swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
- Fixes and add missing index for simple search @valentijnscholten (#2955)