DefectDojo/django-DefectDojo 2.11.0

2.11.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.10.0

• Release: Merge release into master from: release/2.11.0 @github-actions (#6383)
• Update bitnami refs in GHA and requirements @Maffooch (#6379)
• Option to extend ingress network policy @dsever (#6370)
• [HELM] Network policies @dsever (#6197)
• Vulnerability Id: More parsers @StefanFl (#6340)
• Acunetix Parser fix - Multiple CWEs on report @TheocharisPetros (#6347)
• Revert "Bump python from 3.8.12-slim-bullseye to 3.10.4-slim-bullseye" @devGregA (#6350)
• Vulnerability Id: Last batch of parsers @StefanFl (#6335)
• Replace user id with full_name @dsever (#6337)
• Remove date feature in Fortify parser @damiencarol (#6278)
• add extraEnv to helm chart @jeffgran (#6288)
• Qualys scan csv @37b (#6282)
• Vulnerability Id: Another batch of parsers @StefanFl (#6305)
• improve testssl and skip findings #6266 @manuel-sommer (#6267)
• Moves Valentijn to Hall of Fame @devGregA (#6275)
• Fix date error for Horusec parser @damiencarol (#6277)
• Fixed INFO rating for neutral/positive Mozilla Observatory findings @0x4d4e (#6233)
• Add unique_id_from_tool for SonarQubeAPI parser @damiencarol (#6235)
• [FIX] Issue 6230 Fix: Snyk parser cannot handle Nonetype CVSSv3 / cvssScore @P440Boyd (#6240)
• Jfrog XRay API parser (summary/artifact) @madeoninfo (#6181)
• Speed-up unittests: skip irrelevant migration tests @kiblik (#6242)
• Release: Merge back 2.10.0 into dev from: master-into-dev/2.10.0-2.11.0-dev @github-actions (#6241)

🚩 Changes to settings.dist.py / local_settings.py

• feat(core): dedupe algorithm considers endpoints @alles-klar (#6101)
• Import azuread groups @wurstbrot (#6128)
• fix drheader deduplication #6280 @manuel-sommer (#6285)

🚩 Database migration

• Import azuread groups @wurstbrot (#6128)

🚀 General features and enhancements

• Import misconfigurations and secrets from Trivy @StefanFl (#6352)
• feat(core): dedupe algorithm considers endpoints @alles-klar (#6101)
• APIv2: Add preview of elements that will be affected by DELETE @kiblik (#5612)

🚀 API features and enhancements

• Vulnerability Id: Various small changes @StefanFl (#6341)
• APIv2: Add preview of elements that will be affected by DELETE @kiblik (#5612)
• Import azuread groups @wurstbrot (#6128)

🐛 Bug Fixes

• Fix spelling errors in Blackduck Parser @mike-lloyd03 (#6365)
• Fixes for missing Burp GraphQL response data @jake-cryptic (#6366)
• Fix for Kubernetes tests @StefanFl (#6362)
• Fix for error when importing from SonarQube @StefanFl (#6345)
• Raise PermissionDenied when user is not allowed to add products @StefanFl (#6346)
• Add fixes to bugcrowd parser and endpoint uri util @Maffooch (#6321)
• Add possibility for arbitrary files to get copied to extra settings @Maffooch (#6324)
• fix(helm): redis auth variables changed path @KarstenSiemer (#6149)
• Fix CSV and Excel export for findings @StefanFl (#6326)

🧰 Maintenance

• Bump pillow from 9.1.0 to 9.1.1 @dependabot (#6357)
• Bump sqlalchemy from 1.4.36 to 1.4.37 @dependabot (#6355)
• Update dependency rabbitmq from 3.10.2 to v3.10.5 (docker-compose.yml) @renovate (#6361)
• Bump lxml from 4.8.0 to 4.9.0 @dependabot (#6354)
• Bump coverage from 6.4 to 6.4.1 @dependabot (#6358)
• Bump redis from 4.3.1 to 4.3.3 @dependabot (#6363)
• Bump python from 3.8.12-slim-bullseye to 3.10.4-slim-bullseye @dependabot (#6089)
• Bump celery from 5.2.6 to 5.2.7 @dependabot (#6343)
• Bump python-gitlab from 3.4.0 to 3.5.0 @dependabot (#6344)
• Bump google-api-python-client from 2.48.0 to 2.49.0 @dependabot (#6336)
• Update rabbitmq digest from 3.10.2 to 3.10.2-alpine (docker-compose.yml) @renovate (#6333)
• Bump asteval from 0.9.26 to 0.9.27 @dependabot (#6332)
• Update redis digest from 7.0.0 to 7.0.0-alpine (docker-compose.yml) @renovate (#6334)
• Bump coverage from 6.3.3 to 6.4 @dependabot (#6327)
• Bump nginx from 5a0df7f to a74534e @dependabot (#6328)
• Bump jszip from 3.9.1 to 3.10.0 in /components @dependabot (#6325)
• Update dependency rabbitmq from 3.10.1 to v3.10.2 (docker-compose.yml) @renovate (#6320)
• Fix empty line between Ingres apiVersion and Kind @jiramot (#6262)
• Bump openpyxl from 3.0.9 to 3.0.10 @dependabot (#6317)
• Bump datatables.net from 1.12.0 to 1.12.1 in /components @dependabot (#6318)
• Bump datatables.net-dt from 1.12.0 to 1.12.1 in /components @dependabot (#6319)
• Bump numpy from 1.22.3 to 1.22.4 @dependabot (#6322)
• Bump google-api-python-client from 2.47.0 to 2.48.0 @dependabot (#6312)
• Bump django-slack from 5.17.6 to 5.17.7 @dependabot (#6315)
• Update dependency postcss from 8.4.13 to v8.4.14 (docs/package.json) @renovate (#6314)
• Bump pillow from 9.1.0 to 9.1.1 @dependabot (#6311)
• Update postgres digest from 14.3 to 14.3-alpine (docker-compose.yml) @renovate (#6310)
• Bump cvss from 2.3 to 2.4 @dependabot (#6313)
• Update dependency postgres from 14.2 to v14.3 (docker-compose.yml) @renovate (#6309)
• Bump datatables.net from 1.11.5 to 1.12.0 in /components @dependabot (#6304)
• Bump pyjwt from 2.3.0 to 2.4.0 @dependabot (#6299)
• Bump datatables.net-dt from 1.11.5 to 1.12.0 in /components @dependabot (#6294)
• Bump datatables.net-colreorder from 1.5.5 to 1.5.6 in /components @dependabot (#6292)
• Bump datatables.net-buttons-bs from 2.2.2 to 2.2.3 in /components @dependabot (#6293)
• Bump coverage from 6.3.2 to 6.3.3 @dependabot (#6300)
• Bump datatables.net-buttons-dt from 2.2.2 to 2.2.3 in /components @dependabot (#6295)
• Update release-drafter/release-drafter action from v5.19.0 to v5.20.0 (.github/workflows/release-drafter.yml) @renovate (#6286)
• Update mysql digest from 5.7.38 to v (docker-compose.yml) @renovate (#6284)
• Update dependency rabbitmq from 3.10.0 to v3.10.1 (docker-compose.yml) @renovate (#6283)
• Bump redis from 4.3.0 to 4.3.1 @dependabot (#6276)
• Bump django-auditlog from 1.0.0 to 2.0.0 @dependabot (#6268)
• Update manusa/actions-setup-minikube action from v2.5.0 to v2.6.0 (.github/workflows/k8s-testing.yml) @renovate (#6270)
• Bump redis from 4.2.2 to 4.3.0 @dependabot (#6269)
• Update manusa/actions-setup-minikube action from v2.4.3 to v2.5.0 (.github/workflows/k8s-testing.yml) @renovate (#6257)
• Update docker/login-action action from v1 to v2 (.github/workflows/release-2-tag-docker-push.yml) @renovate (#6254)
• Bump clipboard from 2.0.10 to 2.0.11 in /components @dependabot (#6251)
• Update docker/setup-buildx-action action from v1 to v2 (.github/workflows/unit-tests.yml) @renovate (#6255)
• Update docker/build-push-action action from v2 to v3 (.github/workflows/unit-tests.yml) @renovate (#6253)
• Bump markdown from 3.3.6 to 3.3.7 @dependabot (#6256)
• Bump cryptography from 37.0.1 to 37.0.2 @dependabot (#6246)
• Update dependency redis from 6.2.7 to v7 (docker-compose.yml) @renovate (#6203)
• Bump humanize from 4.0.0 to 4.1.0 @dependabot (#6232)
• Bump google-api-python-client from 2.46.0 to 2.47.0 @dependabot (#6238)
• Bump django-debug-toolbar from 3.3.0 to 3.4.0 @dependabot (#6239)
• Update dependency rabbitmq from 3.9.16 to v3.10.0 (docker-compose.yml) @renovate (#6244)
• Update helm values gcr.io/cloudsql-docker/gce-proxy from 1.30.0 to v1.30.1 (helm/defectdojo/values.yaml) @renovate (#6245)

🖌 Updates in UI

• Localize some modules @shipko (#6364)
• Settings/notification: localization + refactoring @shipko (#6353)
• Vulnerability Id: 3 changes on the way to remove the CVE attribute @StefanFl (#6265)
• Fix get slack id at 1st notification and disclaimer in slack notifications @Antoningggg (#6301)
• fix links in engagement_added template @bgoareguer (#6297)