Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.12.0
- Release: Merge release into master from: release/2.13.0 @github-actions (#6643)
- Adds SaaS Info @devGregA (#6642)
- Management command to migrate CVEs to Vulnerability Ids @StefanFl (#6493)
- Add LDAP integration docs @jake-cryptic (#6624)
- Fix: url of the finding @dsever (#6612)
- Fix data error for Horusec parser @damiencarol (#6615)
- Add link to Parsers to README @kiblik (#6631)
- Send message only to reviewers @dsever (#6607)
- Parse CycloneDX analysis section to see if findings should be mitigated @coheigea (#6565)
- Add additional project meta attributes to Snyk scan @Maffooch (#6599)
- fix(auditjs-parser): error when npm package has scope @mikqi (#6596)
- Parse the location for Grype @coheigea (#6587)
- Expose prod_type on ApiFindingFilter @fw-work (#6590)
- Align formatting of cyclonedx title with that of the vex xml/json titles @coheigea (#6592)
- Parse CVSSv31 score for CycloneDX VEX and fix regression with severit⦠@coheigea (#6594)
- IBM AppScan: Fix parsing of cve and cwe @StefanFl (#6545)
- Fix bug with creating two finding group JIRAs on group creation @coheigea (#6524)
- Parse Acunetix360 State field for risk acceptance and false positive β¦ @coheigea (#6581)
- Don't create two notifications when an engagement is added @coheigea (#6579)
- Fix CycloneDX severity parsing @coheigea (#6559)
- Fix de-duplication bug with Veracode SCA @coheigea (#6537)
- Only group by if the name/component is not none @coheigea (#6551)
- CWE is not parsed properly for CycloneDX 1.4 @coheigea (#6553)
- fix arachni url @manuel-sommer (#6557)
- Master into dev/2.12.0 2.13.0 dev @Maffooch (#6519)
π© Changes to settings.dist.py
/ local_settings.py
- API-Swagger(drf-yasg): fix docExpansion @kiblik (#6625)
- Fix Okta OAuth2 API URL @rc-mattschwager (#6606)
- Remove legacy authorization for changing configuration @StefanFl (#6446)
- Add file upload extension allow list, Force authorization to download file @Maffooch (#6564)
- Implement PWN SAST Parser for importing pwn_sast driver source code scanning results into DefectDojo. @ninp0 (#6561)
- StackHawk HawkScan Parser Config Tweak @Bwvolleyball (#6571)
π© Database migration
- Remove legacy authorization for changing configuration @StefanFl (#6446)
- Typo fixes @coheigea (#6521)
π© Security
π General features and enhancements
- Add the merged findings as bulletpoints in the note @coheigea (#6531)
- Add file upload extension allow list, Force authorization to download file @Maffooch (#6564)
- Set the finding date for Acunetix360 from FirstSeenDate @coheigea (#6460)
- Don't wrap lines when parsing Acunetix @coheigea (#6532)
π API features and enhancements
- Deduplication for Engagement only when auto_create_context = True @37b (#6562)
- Fix format strings used in exceptions @p-l- (#6593)
- Remove legacy authorization for changing configuration @StefanFl (#6446)
π Bug Fixes
- Correct wording on copy text, add more places to copy @Maffooch (#6614)
- SonarQube API: process hotspot rules without riskDescription and fixRecommendations @StefanFl (#6530)
- Simplify saving of vulnerability ids @StefanFl (#6535)
π§° Maintenance
- Update dependency autoprefixer from 10.4.7 to v10.4.8 (docs/package.json) @renovate (#6627)
- Bump python-gitlab from 3.6.0 to 3.7.0 @dependabot (#6628)
- Bump django-auditlog from 2.1.0 to 2.1.1 @dependabot (#6618)
- Bump drf-spectacular from 0.22.1 to 0.23.1 @dependabot (#6603)
- Bump google-api-python-client from 2.54.0 to 2.55.0 @dependabot (#6611)
- Update dependency mysql from 5.7.38 to v5.7.39 (docker-compose.yml) @renovate (#6608)
- Bump urllib3 from 1.26.10 to 1.26.11 @dependabot (#6605)
- Bump cvss from 2.4 to 2.5 @dependabot (#6604)
- Bump nginx from 1.23.0-alpine to 1.23.1-alpine @dependabot (#6597)
- Bump drf-yasg from 1.21.0 to 1.21.3 @dependabot (#6584)
- Bump google-api-python-client from 2.53.0 to 2.54.0 @dependabot (#6586)
- Update manusa/actions-setup-minikube action from v2.6.0 to v2.6.1 (.github/workflows/k8s-testing.yml) @renovate (#6591)
- Bump django-dbbackup from 3.3.0 to 4.0.1 @dependabot (#6541)
- Bump google-auth from 2.9.0 to 2.9.1 @dependabot (#6555)
- Update postgres digest from 14.4 to 14.4-alpine (docker-compose.yml) @renovate (#6577)
- Bump markdown from 3.3.7 to 3.4.1 @dependabot (#6574)
- Update dependency redis from 7.0.3 to v7.0.4 (docker-compose.yml) @renovate (#6576)
- Update rabbitmq digest from 3.10.6 to 3.10.6-alpine (docker-compose.yml) @renovate (#6578)
- Bump coverage from 6.4.1 to 6.4.2 @dependabot (#6556)
- Bump google-api-python-client from 2.52.0 to 2.53.0 @dependabot (#6567)
- Bump drf-yasg from 1.20.0 to 1.21.0 @dependabot (#6568)
- Bump bleach from 4.1.0 to 5.0.1 @dependabot (#6475)
- Bump moment from 2.29.3 to 2.29.4 in /components @dependabot (#6527)
- Bump debugpy from 1.6.0 to 1.6.2 @dependabot (#6533)
- Bump urllib3 from 1.26.9 to 1.26.10 @dependabot (#6534)
- Bump django-extensions from 3.1.5 to 3.2.0 @dependabot (#6540)
- Bump numpy from 1.23.0 to 1.23.1 @dependabot (#6542)
- Update dependency rabbitmq from 3.10.5 to v3.10.6 (docker-compose.yml) @renovate (#6549)
- Update dependency redis from 7.0.2 to v7.0.3 (docker-compose.yml) @renovate (#6550)
- Update helm values gcr.io/cloudsql-docker/gce-proxy from 1.31.0 to v1.31.1 (helm/defectdojo/values.yaml) @renovate (#6552)
- Bump mysqlclient from 2.1.0 to 2.1.1 @dependabot (#6451)
- Bump django-debug-toolbar from 3.4.0 to 3.5.0 @dependabot (#6463)
- Bump cryptography from 37.0.2 to 37.0.4 @dependabot (#6522)
π Updates in UI
- API-Swagger(drf-yasg): fix docExpansion @kiblik (#6625)
- Correct wording on copy text, add more places to copy @Maffooch (#6614)
- Remove legacy authorization for changing configuration @StefanFl (#6446)
- Implement object copy to parent objects @Maffooch (#6601)
- Add file upload extension allow list, Force authorization to download file @Maffooch (#6564)
- Fix UI bug with merging fingings @coheigea (#6529)
- Fix 500 error on adding finding to group name @coheigea (#6523)
- Improvements for the default finding group JIRA template @coheigea (#6520)
- Typo fixes @coheigea (#6521)