DefectDojo/django-DefectDojo 2.14.0

2.14.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.13.1

• Master into dev/2.14.0 2.15.0 dev @Maffooch (#6804)
• Update Chart.yaml @Maffooch (#6803)
• Release: Merge release into master from: release/2.14.0 @github-actions (#6802)
• Doc: Update local_settings.py description @kiblik (#6781)
• Fix assignee bug in JIRA view @damiencarol (#6741)
• adapted the helm chart of initializer-job.yaml to allow for metadata … @lme-nca (#6730)
• Add workflow to update external documentation repo @Maffooch (#6739)
• Upgrade Jira to 3.4.0 @Maffooch (#6738)
• Fix parser horusec @srburton (#6563)
• Add Code Flows to finding's description for SARIF test results @fhoeborn-cb (#6719)
• Fix bug with sorting top 10 products in /metrics @shipko (#6732)
• Use the CVSS parser to parse the CVSS vector @coheigea (#6714)
• Add all existing finding notes to the JIRA when created @coheigea (#6449)
• Translation & refactor test, product @shipko (#6546)
• [FIX] Reassign an engagement to another product @X0x1RG9f (#6617)
• Fixes wrong column name for pre-save function @damiencarol (#6703)
• Add native AWS SQS support to Django Docker image @jclRatepay (#6696)
• Parse the report timestamp for CycloneDX json @coheigea (#6675)
• Clean Finding Title for pwn_sast Parser @ninp0 (#6652)
• Release: Merge back 2.13.1 into dev from: master-into-dev/2.13.1-2.14.0-dev @Maffooch (#6674)
• Release: Merge release into master from: release/2.13.1 @Maffooch (#6673)
• Reintroduce missing method modify_permissions to fix OAuth2 login @StefanFl (#6669)
• Fix shebang on shell scripts @gnustavo (#6660)
• Fix a bug that caused re-imports to drop service name of findings @SStorm (#6650)
• fixes import GitLab container scan missing date @damiencarol (#6641)
• Master into dev/2.13.0 2.14.0 dev @Maffooch (#6644)

🚩 Changes to settings.dist.py / local_settings.py

• Corrected deduplication settings for 'Twistlock Image Scan' @fhoeborn-cb (#6777)
• feat: add parser and importer for BlackDuck API @damiencarol (#6679)
• Adding parser for Veracode SCA (SourceClear) JSON/CSV files @coheigea (#6698)
• feat(parser): add Whispers scanner for identifying secrets @adeptex (#6630)
• feat: add SARIF basic de-duplication data @damiencarol (#6687)
• add docker-bench-security results parser, add parser tests @drJabber (#6638)
• API: Add support for DD_API_TOKENS_ENABLED @kiblik (#6616)
• Update settings.dist.py (Blackduck Hub Deduplication) @sjs6776 (#6623)

🚩 Database migration

• Bump pytz from 2022.1 to 2022.2.1 @dependabot (#6707)
• Add vulnerability Id as a label when pushing data to JIRA @coheigea (#6686)
• Per-Project SLA Config @37b (#6413)

🚀 API features and enhancements

• Update API endpoint for file upload @Maffooch (#6712)
• Per-Project SLA Config @37b (#6413)

🐛 Bug Fixes

• Update API endpoint for file upload @Maffooch (#6712)
• Update sample fixtures with default SLA config @Maffooch (#6700)
• Modify helm test workflow for master branch @Maffooch (#6659)
• Fix: in reimporter, do not reactivate mitigated findings if they have the same date @Gby56 (#6452)
• Correct Finding Copy typo when sending notifications @Maffooch (#6670)
• Snyk: update mitigation section @Maffooch (#6657)

🧰 Maintenance

• Bump google-auth from 2.10.0 to 2.11.0 @dependabot (#6745)
• Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) @renovate (#6755)
• Bump google-api-python-client from 2.57.0 to 2.58.0 @dependabot (#6757)
• Bump boto3 from 1.24.53 to 1.24.55 @dependabot (#6743)
• Bump django-debug-toolbar from 3.5.0 to 3.6.0 @dependabot (#6742)
• Bump google-api-python-client from 2.56.0 to 2.57.0 @dependabot (#6733)
• Bump boto3 from 1.24.52 to 1.24.53 @dependabot (#6734)
• Bump coverage from 6.4.3 to 6.4.4 @dependabot (#6735)
• Update release-drafter/release-drafter action from v5.20.0 to v5.20.1 (.github/workflows/release-drafter.yml) @renovate (#6715)
• Bump boto3 from 1.24.51 to 1.24.52 @dependabot (#6718)
• Bump debugpy from 1.6.2 to 1.6.3 @dependabot (#6717)
• Add new system setting to samples fixture @Maffooch (#6710)
• Bump pytz from 2022.1 to 2022.2.1 @dependabot (#6707)
• Bump nginx from 044441a to 082f8c1 @dependabot (#6708)
• Bump boto3 from 1.24.49 to 1.24.51 @dependabot (#6705)
• Bump numpy from 1.23.1 to 1.23.2 @dependabot (#6706)
• Questionnaire cleanup efforts @Maffooch (#6699)
• Update sample fixtures with default SLA config @Maffooch (#6700)
• Update postgres Docker tag from 14.4 to v14.5 (docker-compose.yml) @renovate (#6694)
• Bump python-gitlab from 3.8.0 to 3.8.1 @dependabot (#6690)
• Update helm/chart-testing-action action from v2.2.1 to v2.3.0 (.github/workflows/test-helm-chart.yml) @renovate (#6688)
• Bump coverage from 6.4.2 to 6.4.3 @dependabot (#6663)
• Bump google-api-python-client from 2.55.0 to 2.56.0 @dependabot (#6676)
• Bump sqlalchemy from 1.4.39 to 1.4.40 @dependabot (#6677)
• Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) @renovate (#6683)
• Update postgres:14.4-alpine Docker digest from 14.4 to 14.4-alpine (docker-compose.yml) @renovate (#6682)
• Update redis:7.0.4-alpine Docker digest from 7.0.4 to 7.0.4-alpine (docker-compose.yml) @renovate (#6684)
• Bump google-auth from 2.9.1 to 2.10.0 @dependabot (#6666)
• Bump nginx from 9c2030e to 044441a @dependabot (#6667)
• Bump humanize from 4.2.3 to 4.3.0 @dependabot (#6665)
• Update manusa/actions-setup-minikube action from v2.6.1 to v2.7.0 (.github/workflows/k8s-testing.yml) @renovate (#6662)
• Update dependency postcss from 8.4.14 to v8.4.16 (docs/package.json) @renovate (#6658)
• Bump python-gitlab from 3.7.0 to 3.8.0 @dependabot (#6655)
• Bump django from 3.2.14 to 3.2.15 @dependabot (#6648)
• Bump jszip from 3.10.0 to 3.10.1 in /components @dependabot (#6649)
• Update helm values gcr.io/cloudsql-docker/gce-proxy from 1.31.1 to v1.31.2 (helm/defectdojo/values.yaml) @renovate (#6646)
• Update rabbitmq digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) @renovate (#6654)
• Update dependency rabbitmq from 3.10.6 to v3.10.7 (docker-compose.yml) @renovate (#6645)
• Update redis digest from 7.0.4 to 7.0.4-alpine (docker-compose.yml) @renovate (#6647)
• Bump packageurl-python from 0.10.0 to 0.10.1 @dependabot (#6640)
• Bump nginx from 87fb6f4 to 9c2030e @dependabot (#6634)

🖌 Updates in UI

• Design fixes to footer, tags input, and filters snippet @blakeaowens (#6751)
• Questionnaire cleanup efforts @Maffooch (#6699)
• Add BleachCSS for Login Banner @Maffooch (#6701)
• API: Add support for DD_API_TOKENS_ENABLED @kiblik (#6616)
• Per-Project SLA Config @37b (#6413)