DefectDojo/django-DefectDojo 2.10.0

2.10.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.9.1

• Release: Merge release into master from: release/2.10.0 @github-actions (#6237)
• dc command improvements @dsever (#6227)
• Fix unittest: migration from 0158 to 0160 @kiblik (#6234)
• Add CVSS3 to nessus XML parser @bjhijmans (#5955)
• Performance optimization: Don't read all endpoints or findings in filters @StefanFl (#6231)
• Typos in documentation for asynchronous functions @StefanFl (#6229)
• Removes Sponsors Section @devGregA (#6222)
• Performance optimization: Don't read product in Product_Tab @StefanFl (#6219)
• Enlarge RAM Request @wurstbrot (#6194)
• APIv2: Add Endpoint filter fields @kiblik (#6210)
• extra settings docs: fix broken link @valentijnscholten (#6212)
• added filter for status under review @italvi (#6184)
• Release: Merge release into master from: release/2.9.1 @github-actions (#6188)
• Vulnerability References: Change to vulnerability reference in risk acceptance API @StefanFl (#6178)
• Unittests speed-up - skip TestRemoveEndpointMitigatedMigration @kiblik (#6135)
• Enhanced documentation for Docker scripts @StefanFl (#6165)
• Improve notifications on Exceptions @dsever (#6160)
• Helm Chart: Fix indentation for ingressClassName @MeNsaaH (#6140)
• Release: Merge back 2.9.0 into dev from: master-into-dev/2.9.0-2.10.0-dev @github-actions (#6132)

🚩 Changes to settings.dist.py / local_settings.py

• Hash_code calculation with Vulnerability Ids @StefanFl (#6220)
• Add Async Delete to Product Type, Product, Engagment, and Test @Maffooch (#6183)
• Allow configurable logging pattern, default to Apache format @dsever (#6041)
• Replace CVE with Vulnerability references in Findings @StefanFl (#5904)

🚩 Database migration

• Endpoint_status: Disable to set "endpoint" and "finding" to null @kiblik (#6192)
• Rename vulnerability reference to vulnerability id @StefanFl (#6187)
• Release: Merge back 2.9.1 into dev from: master-into-dev/2.9.1-2.10.0-dev @github-actions (#6189)
• Hotfix 0150 - skip broken endpoint_statuses + command for removal of broken endpoints @kiblik (#6185)
• Replace CVE with Vulnerability references in Findings @StefanFl (#5904)

🚀 General features and enhancements

• Add Async Delete to Product Type, Product, Engagment, and Test @Maffooch (#6183)
• Replace CVE with Vulnerability references in Findings @StefanFl (#5904)

🚀 API features and enhancements

• Add Async Delete to Product Type, Product, Engagment, and Test @Maffooch (#6183)
• Rename vulnerability reference to vulnerability id @StefanFl (#6187)
• Replace CVE with Vulnerability references in Findings @StefanFl (#5904)

🐛 Bug Fixes

• Checkmarx parser: deduplicate vuln_id_from_tool to fix "value too lon… @ptrovatelli (#6209)
• Fix 500 error when editing or adding user and new FEATURE_CONFIGURATION_AUTHORIZATION configuration if not superuser @martinmarsicano (#6199)
• Endpoint Meta Importer - Import UTF-8-BOM files @Maffooch (#6151)

🧰 Maintenance

• Bump django-debug-toolbar from 3.2.4 to 3.3.0 @dependabot (#6225)
• Update dependency autoprefixer from 10.4.6 to v10.4.7 (docs/package.json) @renovate (#6228)
• Update dependency autoprefixer from 10.4.5 to v10.4.6 (docs/package.json) @renovate (#6223)
• Update dependency postcss from 8.4.12 to v8.4.13 (docs/package.json) @renovate (#6218)
• Bump python-gitlab from 3.3.0 to 3.4.0 @dependabot (#6205)
• Bump cryptography from 37.0.0 to 37.0.1 @dependabot (#6206)
• Update dependency rabbitmq from 3.9.15 to v3.9.16 (docker-compose.yml) @renovate (#6200)
• Update dependency redis from 6.2.6 to v6.2.7 (docker-compose.yml) @renovate (#6201)
• Update dependency mysql from 5.7.37 to v5.7.38 (docker-compose.yml) @renovate (#6202)
• Bump sqlalchemy from 1.4.35 to 1.4.36 @dependabot (#6196)
• Bump cryptography from 36.0.2 to 37.0.0 @dependabot (#6190)
• Bump google-api-python-client from 2.45.0 to 2.46.0 @dependabot (#6191)
• Bump drf-spectacular from 0.22.0 to 0.22.1 @dependabot (#6186)
• Update redis digest from 6.2.6 to 6.2.6-alpine (docker-compose.yml) @renovate (#6175)
• Update stefanzweifel/git-auto-commit-action action from v4.14.0 to v4.14.1 (.github/workflows/release-3-master-into-dev.yml) @renovate (#6152)
• Update postgres digest from 14.2 to 14.2-alpine (docker-compose.yml) @renovate (#6174)
• Update mysql digest from 5.7.37 to v (docker-compose.yml) @renovate (#6173)
• Bump google-auth from 2.6.5 to 2.6.6 @dependabot (#6176)
• Update dependency autoprefixer from 10.4.4 to v10.4.5 (docs/package.json) @renovate (#6180)
• Bump google-api-python-client from 2.44.0 to 2.45.0 @dependabot (#6169)
• chore(deps): update helm values gcr.io/cloudsql-docker/gce-proxy from 1.29.0 to v1.30.0 (helm/defectdojo/values.yaml) @renovate (#6131)
• Bump google-api-python-client from 2.43.0 to 2.44.0 @dependabot (#6155)
• Bump django-celery-results from 2.3.0 to 2.3.1 @dependabot (#6166)
• Bump moment from 2.29.2 to 2.29.3 in /components @dependabot (#6167)
• chore(deps): update dependency rabbitmq from 3.9.14 to v3.9.15 (docker-compose.yml) @renovate (#6159)
• Bump google-auth from 2.6.3 to 2.6.5 @dependabot (#6163)
• Bump django from 3.2.12 to 3.2.13 @dependabot (#6147)
• Bump nginx from 44e208a to 5a0df7f @dependabot (#6148)
• Bump google-api-python-client from 2.42.0 to 2.43.0 @dependabot (#6133)
• Bump sqlalchemy from 1.4.34 to 1.4.35 @dependabot (#6138)
• Bump jszip from 3.9.0 to 3.9.1 in /components @dependabot (#6139)
• Bump google-auth from 2.6.2 to 2.6.3 @dependabot (#6144)

🖌 Updates in UI

• Localization: search page @shipko (#6214)
• Read only authorized users in filters and calendar @StefanFl (#6211)
• Rename vulnerability reference to vulnerability id @StefanFl (#6187)
• Notifications enhancement @dsever (#6150)
• Replace CVE with Vulnerability references in Findings @StefanFl (#5904)
• Changed blue panel CSS, plus a few minor design fixes @blakeaowens (#6123)