DefectDojo/django-DefectDojo 2.12.0

2.12.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.11.0

• Release: Merge release into master from: release/2.12.0 @github-actions (#6517)
• Create a notification if the template does not exist @coheigea (#6448)
• Take severity from Veracode rather than attempt to map the CVSS score… @coheigea (#6513)
• Setting the date of Bugcrowd findings to the 'submitted_at' value @coheigea (#6455)
• Parse CWE/CVSS3 from Nuclei classification @coheigea (#6482)
• Align severity mapping between SARIF/semgrep @coheigea (#6508)
• Add sast/sca/dast tags to Veracode findings @coheigea (#6487)
• Updated Mozilla Observatory parser to parse findings without 'name' element @0x4d4e (#6409)
• Veracode parser does not set the CVSS score for SCA @coheigea (#6489)
• Populate CWE finding field from CycloneDX JSON file @coheigea (#6470)
• Take SARIF severity and CVSS score from properties/security-severity @coheigea (#6473)
• Clean up Veracode description @coheigea (#6441)
• Only merge references if the reference is not None @coheigea (#6445)
• Fix part 2: Add DD_SITE_URL to Helm chart @Gby56 (#6432)
• Fixing typo @coheigea (#6420)
• Fix broken linting @dsever (#6427)
• Fix DD_SITE_URL in helm chart #6422 @Gby56 (#6423)
• Support Trivy Kubernetes scan @StefanFl (#6425)
• (feat) Checkmarx parser JSON support @damiencarol (#6397)
• Fix list indentation in docs @Bassadin (#6419)
• Adjust description of Generic Parser @italvi (#6421)
• Set connection charset in Dockerized setups @olafz (#6394)
• Update importing.md @derweiser (#6415)
• A couple of spelling corrections @ChaosInTheCRD (#6404)
• (feat) Semgrep parser cwe list support @kokhanevych-macpaw (#6408)
• Release: Merge back 2.11.0 into dev from: master-into-dev/2.11.0-2.12.0-dev @github-actions (#6384)

💣 Breaking changes

• main(helm): update dependencies and helm @alles-klar (#6399)

🚩 Changes to settings.dist.py / local_settings.py

• Remove CWE from Dependency Track Hash Code Field @TheocharisPetros (#6360)
• Add variable DD_CSRF_TRUSTED_ORIGINS @kiblik (#6403)

🚩 Database migration

• Enable/disable calendar @StefanFl (#6426)
• Fix automatic setting of created and updated attributes @StefanFl (#6418)

🚀 General features and enhancements

• Write out the file path and line for static findings @coheigea (#6488)
• Support postgresql ha @bgoareguer (#6307)

🚀 API features and enhancements

• Save reporter when creating finding @StefanFl (#6505)
• APIv2: Add support for configuration_permissions @kiblik (#6424)

🐛 Bug Fixes

• Revert update of postcss-cli @StefanFl (#6504)
• Save reporter when creating finding @StefanFl (#6505)
• Handle Burp Enterprise reports without CWE @StefanFl (#6507)
• Fix bug with alert title link for JIRA creation @coheigea (#6456)
• Display tags in several lists again @StefanFl (#6431)

🧰 Maintenance

• Bump djangosaml2 from 1.5.0 to 1.5.1 @dependabot (#6516)
• main(helm): update dependencies and helm @alles-klar (#6399)
• Bump requests from 2.28.0 to 2.28.1 @dependabot (#6510)
• Update styfle/cancel-workflow-action action from 0.9.1 to v0.10.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#6465)
• Bump django from 3.2.13 to 3.2.14 @dependabot (#6511)
• Bump lxml from 4.9.0 to 4.9.1 @dependabot (#6502)
• Bump sqlalchemy from 1.4.37 to 1.4.39 @dependabot (#6469)
• Bump python-gitlab from 3.5.0 to 3.6.0 @dependabot (#6477)
• Bump vcrpy from 4.1.1 to 4.2.0 @dependabot (#6503)
• Bump humanize from 4.2.2 to 4.2.3 @dependabot (#6501)
• Bump packageurl-python from 0.9.9 to 0.10.0 @dependabot (#6499)
• Bump pillow from 9.1.1 to 9.2.0 @dependabot (#6500)
• Bump google-auth from 2.8.0 to 2.9.0 @dependabot (#6480)
• Bump django-celery-results from 2.3.1 to 2.4.0 @dependabot (#6497)
• Bump google-api-python-client from 2.51.0 to 2.52.0 @dependabot (#6496)
• Update azure/setup-helm action from v1 to v3 (.github/workflows/test-helm-chart.yml) @renovate (#6472)
• Bump redis from 4.3.3 to 4.3.4 @dependabot (#6481)
• Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) @renovate (#6486)
• Bump nginx from 1.21.6-alpine to 1.23.0-alpine @dependabot (#6471)
• Bump django-auditlog from 2.0.0 to 2.1.0 @dependabot (#6474)
• Bump humanize from 4.2.0 to 4.2.2 @dependabot (#6476)
• Bump numpy from 1.22.4 to 1.23.0 @dependabot (#6457)
• Update dependency postgres from 14.3 to v14.4 (docker-compose.yml) @renovate (#6444)
• Bump humanize from 4.1.0 to 4.2.0 @dependabot (#6435)
• Bump python from 3.8.12-slim-bullseye to 3.8.13-slim-bullseye @dependabot (#6437)
• Bump django-slack from 5.17.7 to 5.17.8 @dependabot (#6416)
• Bump django-environ from 0.8.1 to 0.9.0 @dependabot (#6417)
• Bump google-auth from 2.7.0 to 2.8.0 @dependabot (#6410)
• Update dependency redis from 7.0.1 to v7.0.2 (docker-compose.yml) @renovate (#6402)
• Bump social-auth-core from 4.2.0 to 4.3.0 @dependabot (#6400)
• Bump google-api-python-client from 2.50.0 to 2.51.0 @dependabot (#6411)
• Bump google-auth-oauthlib from 0.5.1 to 0.5.2 @dependabot (#6395)
• Bump requests from 2.27.1 to 2.28.0 @dependabot (#6396)
• Update helm values gcr.io/cloudsql-docker/gce-proxy from 1.30.1 to v1.31.0 (helm/defectdojo/values.yaml) @renovate (#6385)
• Update dependency redis from 7.0.0 to v7.0.1 (docker-compose.yml) @renovate (#6392)
• Update rabbitmq digest from 3.10.5 to 3.10.5-alpine (docker-compose.yml) @renovate (#6391)
• Bump google-auth from 2.6.6 to 2.7.0 @dependabot (#6387)
• Bump google-api-python-client from 2.49.0 to 2.50.0 @dependabot (#6371)
• Update actions/setup-python action from v3 to v4 (.github/workflows/test-helm-chart.yml) @renovate (#6390)

🖌 Updates in UI

• Write out CVSS score in JIRA template @coheigea (#6509)
• Updated API sample code to py3 @0x4d4e (#6483)
• Write out the file path and line for static findings @coheigea (#6488)
• Draft: Translation of modules @shipko (#6429)
• Add Due-Date to JIRA description and don't write out None values @coheigea (#6447)
• Making the vulnerable component tag "bold" in the JIRA description @coheigea (#6440)
• Display tags in several lists again @StefanFl (#6431)
• Search for vulnerability ids @StefanFl (#6430)
• Enable/disable calendar @StefanFl (#6426)