DefectDojo/django-DefectDojo 2.16.0

2.16.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.15.0

• Release: Merge back 2.16.0 into dev from: master-into-dev/2.16.0-2.17.0-dev @github-actions (#7064)
• Documentation finishing touches @Maffooch (#7063)
• Release: Merge release into master from: release/2.16.0 @github-actions (#7062)
• Fix typo in docs @karavaan (#7046)
• add scantist in the documentation #6933 @manuel-sommer (#7048)
• Make requests of a peer review available to those with read access @Maffooch (#7027)
• Add a link back to the vulnerability in the references for Acunetix360 @coheigea (#6973)
• Add the ability to only create finding groups when you have more than… @coheigea (#6916)
• Don't save vulnerability Ids on a re-import if they're already define… @coheigea (#7012)
• Add support for ZAP "XML with requests and responses" format @malexmave (#7013)
• Add a HTML link in the references back to the Bugcrowd finding @coheigea (#7018)
• [FIX] Issues on disconnection and connection using Social Auth @X0x1RG9f (#6066)
• Update the Cobalt API parser's API client @ericcornelissen (#7005)
• Enable filtering Findings on steps_to_reproduce @CharlieSears (#6970)
• Parse Veracode library_id for SCA to get the maven component name @coheigea (#6995)
• Fix issues with Bugcrowd API parser not marking not_applicable/not_re… @coheigea (#6974)
• Fix errors with risk acceptance filter @coheigea (#6984)
• Release: Merge back 2.15.1 into dev from: master-into-dev/2.15.1-2.16.0-dev @github-actions (#6983)
• Add Rubocop to parser documentation @rc-mattschwager (#6978)
• Release: Merge release into master from: release/2.15.1 @github-actions (#6982)
• Fixed 500 error for GitHub finding links @blakeaowens (#6981)
• Add the ability to specify the Epic name and priority in JIRA @coheigea (#6768)
• dojo: jira_link: improve error reporting when fetching Jira metadata @pna-nca (#6962)
• Helm Chart: Create PVC as part of the Chart @OlaniyiOdeleye (#6271)
• added option to add labels using podLabels: {} #6935 @enidevops (#6941)
• [Helm] Fix flawed logic in deployment env vars @italvi (#6865)
• Parse state, cwe and createdAt in the GitHub parser @coheigea (#6945)
• Make version optional for cyclonedx @coheigea (#6950)
• Release: Merge back 2.15.0 into dev from: master-into-dev/2.15.0-2.16.0-dev @github-actions (#6944)

🚩 Changes to settings.dist.py / local_settings.py

• 🐛 fix for wpscan @quirinziessler (#7049)
• Use DEDUPE_ALGO_HASH_CODE for Acunetix360 @coheigea (#6968)
• dojo: tool: introduce NeuVector compliance scans import support @pna-nca (#6947)

🚩 Database migration

• alter risk acceptance name length, fix for #6991 @manuel-sommer (#7044)
• Endpoint_Status: Optimize DB (remove redundancy) @kiblik (#6193)

🚀 API features and enhancements

• [FIX] Edit Finding's mitigated time (EDITABLE_MITIGATED_DATA) @X0x1RG9f (#6067)
• Endpoint_Status: Optimize DB (remove redundancy) @kiblik (#6193)
• [Fix] API - Tool Product Settings (#6170) @jpbowie (#6904)

🐛 Bug Fixes

• Add assignee_name default in jira web hook @Maffooch (#7061)
• Fix for error on pushing an adhoc finding to JIRA @coheigea (#7035)

🧰 Maintenance

• Bump google-auth from 2.13.0 to 2.14.0 @dependabot (#7056)
• Bump boto3 from 1.25.4 to 1.25.5 @dependabot (#7057)
• Bump pytz from 2022.5 to 2022.6 @dependabot (#7058)
• Bump nginx from bffb433 to 2452715 @dependabot (#7053)
• Update manusa/actions-setup-minikube action from v2.7.0 to v2.7.1 (.github/workflows/k8s-testing.yml) @renovate (#7047)
• Bump boto3 from 1.25.3 to 1.25.4 @dependabot (#7052)
• Bump pillow from 9.2.0 to 9.3.0 @dependabot (#7051)
• Bump python-gitlab from 3.10.0 to 3.11.0 @dependabot (#7041)
• Bump boto3 from 1.25.2 to 1.25.3 @dependabot (#7040)
• Update dependency autoprefixer from 10.4.12 to v10.4.13 (docs/package.json) @renovate (#7038)
• Bump boto3 from 1.25.1 to 1.25.2 @dependabot (#7036)
• Update stefanzweifel/git-auto-commit-action action from v4.15.2 to v4.15.3 (.github/workflows/release-3-master-into-dev.yml) @renovate (#7034)
• Bump psycopg2-binary from 2.9.4 to 2.9.5 @dependabot (#7031)
• Bump google-auth-oauthlib from 0.6.0 to 0.7.0 @dependabot (#7033)
• Bump boto3 from 1.25.0 to 1.25.1 @dependabot (#7032)
• Bump google-api-python-client from 2.64.0 to 2.65.0 @dependabot (#7006)
• Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) @renovate (#6994)
• Bump google-auth from 2.12.0 to 2.13.0 @dependabot (#7004)
• Bump gitpython from 3.1.28 to 3.1.29 @dependabot (#6966)
• Bump pytz from 2022.4 to 2022.5 @dependabot (#7003)
• Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) @renovate (#7007)
• Bump pyjwt from 2.5.0 to 2.6.0 @dependabot (#7010)
• Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) @renovate (#7016)
• Bump nginx from 1.23.1-alpine to 1.23.2-alpine @dependabot (#7019)
• Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) @renovate (#7020)
• Bump google-auth-oauthlib from 0.5.3 to 0.6.0 @dependabot (#7021)
• Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) @renovate (#7024)
• Bump uwsgi from 2.0.20 to 2.0.21 @dependabot (#7023)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) @renovate (#7025)
• Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) @renovate (#7026)
• Bump boto3 from 1.24.55 to 1.25.0 @dependabot (#7022)
• Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) @renovate (#7008)
• Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) @renovate (#7014)
• Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye @dependabot (#6998)
• Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) @renovate (#7000)
• Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) @renovate (#6993)
• Bump sqlalchemy from 1.4.41 to 1.4.42 @dependabot (#6996)
• Bump packageurl-python from 0.10.3 to 0.10.4 @dependabot (#6997)
• Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) @renovate (#6989)
• Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) @renovate (#6988)
• Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) @renovate (#6952)
• Bump pygithub from 1.55 to 1.56 @dependabot (#6986)
• Bump cryptography from 38.0.1 to 38.0.2 @dependabot (#6976)
• Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) @renovate (#6979)
• Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#6977)
• Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) @renovate (#6969)
• Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) @renovate (#6964)
• Bump pdfmake from 0.2.5 to 0.2.6 in /components @dependabot (#6960)
• Bump nginx from 082f8c1 to b87c350 @dependabot (#6961)
• Bump gitpython from 3.1.27 to 3.1.28 @dependabot (#6957)
• Bump psycopg2-binary from 2.9.3 to 2.9.4 @dependabot (#6958)
• Rev actions to latest ubuntu version per deprecation @Maffooch (#6931)
• Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) @renovate (#6953)
• Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#6927)
• Bump google-api-python-client from 2.63.0 to 2.64.0 @dependabot (#6946)
• Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) @renovate (#6949)
• Bump pytz from 2022.2.1 to 2022.4 @dependabot (#6934)
• Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) @renovate (#6936)

🖌 Updates in UI

• Add the ability to the UI to delete engagements from the engagement tab @coheigea (#6514)
• Metrics Style Fixes, Calendar Filters Fix @blakeaowens (#7028)
• [FIX] Edit Finding's mitigated time (EDITABLE_MITIGATED_DATA) @X0x1RG9f (#6067)
• Endpoint_Status: Optimize DB (remove redundancy) @kiblik (#6193)
• Fix out of SLA time @coheigea (#7017)