DefectDojo/django-DefectDojo 2.15.0

2.15.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.14.3

• Release: Merge back 2.15.0 into dev from: master-into-dev/2.15.0-2.16.0-dev @github-actions (#6944)
• Release: Merge release into master from: release/2.15.0 @github-actions (#6943)
• changed type to regular django type to also pick up creation events @lme-nca (#6918)
• Added filter for existance of JIRA issue in finding API @fhoeborn-cb (#6919)
• Don't create finding JIRAs on a bulk update if we are creating a find… @coheigea (#6709)
• Fix url creation for github for file location @Demaz93 (#6888)
• Fix improper reactivation in reimporter, using is_mitigated @Gby56 (#6885)
• Fix error when promoting stub finding to JIRA @coheigea (#6898)
• Mitigate Veracode SourceClear findings with "Fixed" status @coheigea (#6876)
• Release: Merge release into master from: release/2.14.3 @github-actions (#6881)
• Release: Merge release into master from: release/2.14.2 @github-actions (#6871)
• fix(helm): fix postgresql svc name @ryok-0319 (#6816)
• Parse mitigation status for Veracode SCA findings @coheigea (#6855)
• Fix log_user_login_failed if username is missing @kiblik (#6854)
• Added questionnaire functionality documentation @blakeaowens (#6846)
• Update release automation to fix helm issues, Bump versions @Maffooch (#6849)
• switch to Has Capabilities @dsever (#6759)
• fix npm audit JFrog Artifactory import bug @TheRealArlie (#6786)
• Adding Closed Notes to Jira @Roooodie (#6806)
• Fix bug that caused scan imports to fail @ShayVD (#6775)
• Set finding to inactivate after creation of risk acceptance @kareem-DA (#6780)
• Master into dev/2.14.0 2.15.0 dev @Maffooch (#6804)

🚩 Changes to settings.dist.py / local_settings.py

• tools: NeuVector: introducing NeuVector (REST) scan type @pna-nca (#6809)
• Fixing broken report generation when more than one item is selected @coheigea (#6906)
• Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) @fhoeborn-cb (#6874)
• Release: Merge back 2.14.2 into dev from: master-into-dev/2.14.2-2.15.0-dev @github-actions (#6873)
• Bugfixes for Github Vulnerability Parser @Maffooch (#6870)
• Release: Merge back 2.14.1 into dev from: master-into-dev/2.14.1-2.15.0-dev @github-actions (#6853)
• Release Version 2.14.1 @Maffooch (#6852)
• Replace documentation links @Maffooch (#6764)
• #6620 Create API importer for Bugcrowd @Gby56 (#6621)
• Auth: Add RemoteUser implementation @kiblik (#6782)
• Corrected deduplication settings for 'Anchore Enterprise Policy Check' @fhoeborn-cb (#6770)

🚩 Database migration

• Add the ability to set JIRA labels per-product or engagement @coheigea (#6720)
• Add support for specifying custom JIRA fields @coheigea (#6740)
• Estimated remediation date @37b (#6302)

🚀 General features and enhancements

• TruffleHog: Add v3 support to original trufflehog parser @Maffooch (#6937)
• SonarQube API Importer: Add sonarcloud global org id, code clean up @Maffooch (#6928)
• Estimated remediation date @37b (#6302)
• Sort findings in notifications @dsever (#6817)

🚀 API features and enhancements

• Release: Merge back 2.14.1 into dev from: master-into-dev/2.14.1-2.15.0-dev @github-actions (#6853)
• Release Version 2.14.1 @Maffooch (#6852)
• API Cleanup: Set sane defaults for non required fields and safely retrieve results @Maffooch (#6847)

🐛 Bug Fixes

• Add validation error when users attempt to send email without valid SMTP server @Maffooch (#6930)
• Jira Webhook: Catch missing assignee field + code cleanup @Maffooch (#6929)
• Bugfixing when the Checkov report has no findings @dvelardez (#6097)
• added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) @Maffooch (#6879)
• Add checks for anonymous users in auth model @Maffooch (#6869)
• Bugfixes for Github Vulnerability Parser @Maffooch (#6870)
• API Cleanup: Set sane defaults for non required fields and safely retrieve results @Maffooch (#6847)

🧰 Maintenance

• SonarQube API Importer: Add sonarcloud global org id, code clean up @Maffooch (#6928)
• Bump django from 3.2.15 to 3.2.16 @dependabot (#6938)
• Bump coverage from 6.4.4 to 6.5.0 @dependabot (#6921)
• Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) @renovate (#6923)
• Bump python-gitlab from 3.9.0 to 3.10.0 @dependabot (#6912)
• Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) @renovate (#6915)
• Bump google-auth from 2.11.1 to 2.12.0 @dependabot (#6913)
• Bump django-split-settings from 1.1.0 to 1.2.0 @dependabot (#6914)
• Bump django-dbbackup from 4.0.1 to 4.0.2 @dependabot (#6911)
• Bump djangorestframework from 3.13.1 to 3.14.0 @dependabot (#6883)
• Bump google-api-python-client from 2.60.0 to 2.63.0 @dependabot (#6910)
• Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) @renovate (#6902)
• Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#6895)
• Bump easymde from 2.16.1 to 2.18.0 in /components @dependabot (#6872)
• Bump humanize from 4.3.0 to 4.4.0 @dependabot (#6884)
• Bump django-debug-toolbar from 3.6.0 to 3.7.0 @dependabot (#6900)
• Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) @renovate (#6903)
• Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) @renovate (#6905)
• Bump drf-yasg from 1.21.3 to 1.21.4 @dependabot (#6908)
• Bump drf-spectacular from 0.24.0 to 0.24.2 @dependabot (#6909)
• Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) @renovate (#6887)
• Bump djangosaml2 from 1.5.2 to 1.5.3 @dependabot (#6877)
• Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) @renovate (#6868)
• Bump google-auth from 2.11.0 to 2.11.1 @dependabot (#6863)
• Bump pyjwt from 2.4.0 to 2.5.0 @dependabot (#6860)
• Bump packageurl-python from 0.10.1 to 0.10.3 @dependabot (#6856)
• Bump drf-spectacular from 0.23.1 to 0.24.0 @dependabot (#6838)
• Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) @renovate (#6841)
• Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) @renovate (#6842)
• Bump google-auth-oauthlib from 0.5.2 to 0.5.3 @dependabot (#6843)
• Replace documentation links @Maffooch (#6764)
• Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) @renovate (#6828)
• Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye @dependabot (#6832)
• Bump django-extensions from 3.2.0 to 3.2.1 @dependabot (#6831)
• Bump numpy from 1.23.2 to 1.23.3 @dependabot (#6830)
• Bump python-gitlab from 3.8.1 to 3.9.0 @dependabot (#6765)
• Bump jquery from 3.6.0 to 3.6.1 in /components @dependabot (#6766)
• Bump vcrpy from 4.2.0 to 4.2.1 @dependabot (#6785)
• Bump django-slack from 5.17.8 to 5.18.0 @dependabot (#6789)
• Bump djangosaml2 from 1.5.1 to 1.5.2 @dependabot (#6799)
• Bump jira from 3.4.0 to 3.4.1 @dependabot (#6800)
• Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) @renovate (#6805)
• Bump google-api-python-client from 2.58.0 to 2.60.0 @dependabot (#6812)
• Bump sqlalchemy from 1.4.40 to 1.4.41 @dependabot (#6813)
• Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) @renovate (#6818)
• Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) @renovate (#6820)
• Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) @renovate (#6821)
• Bump cryptography from 37.0.4 to 38.0.1 @dependabot (#6822)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) @renovate (#6823)

🖌 Updates in UI

• Estimated remediation date @37b (#6302)
• [FIX] JQuery Error on Edit Finding @X0x1RG9f (#6619)
• Fix accepted by name @JoshBrodieTM (#6867)
• Fixing broken report generation when more than one item is selected @coheigea (#6906)
• Release: Merge back 2.14.3 into dev from: master-into-dev/2.14.3-2.15.0-dev @github-actions (#6882)
• SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning @Maffooch (#6880)
• Release: Merge back 2.14.1 into dev from: master-into-dev/2.14.1-2.15.0-dev @github-actions (#6853)
• Release Version 2.14.1 @Maffooch (#6852)
• Fixed bleach clean not allowing links in descriptions @blakeaowens (#6848)
• Replace documentation links @Maffooch (#6764)
• Fix simple search width @blakeaowens (#6850)
• Center the "No Endpoints" text to match the other objects @Maffooch (#6851)
• Optimize metrics @shipko (#6798)
• #6620 Create API importer for Bugcrowd @Gby56 (#6621)
• Update the text that slack notification shows @Ruedaja (#6825)
• Translate metrics @shipko (#6819)