DefectDojo/django-DefectDojo 2.17.0

2.17.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.16.0

• Release: Merge back 2.17.0 into dev from: master-into-dev/2.17.0-2.18.0-dev @github-actions (#7245)
• Release: Merge release into master from: release/2.17.0 @github-actions (#7244)
• JFrog xray api corrections @madeoninfo (#7190)
• Fixed finding deletion in integration test @gietschess (#7220)
• Dockerfile for alpine-based django docker image @gietschess (#7221)
• Fixed bug with the horusec parser's date parser. @bjhijmans (#7208)
• Add upgrade docs for 2.17.x @Maffooch (#7201)
• Fixing link generation code @coheigea (#7169)
• Support jira 9 @pmilosev (#7112)
• Bugcrowd API parser fixes @Gby56 (#7163)
• Feature/add tool ggshield Parser @iamnihal (#7083)
• Fix import error when twistlock scan has no link @coheigea (#7159)
• chore(social-login): remove forbidden chars from username @karavaan (#7071)
• Fix: test_metrics_queries.py @kiblik (#7142)
• Release: Merge back 2.16.2 into dev from: master-into-dev/2.16.2-2.17.0-dev @github-actions (#7138)
• Release: Merge release into master from: release/2.16.2 @github-actions (#7137)
• Fix Doc typo @kiblik (#7127)
• Parse checkov severity @coheigea (#7124)
• Only close old findings in the importer in the same engagement. @coheigea (#7108)
• Use psycopg2 instead of psycopg2-binary. @Ayrx (#6858)
• Fix appscreener parser @ncrl (#7077)
• Release: Merge release into master from: release/2.16.1 @github-actions (#7104)
• Adjust possibility of out_of_scope when edit finding @italvi (#7095)
• Update the Cobalt API parser's severity mapping @ericcornelissen (#7084)
• feat: trivy image scan - adding file path @jerrinss5 (#7076)
• Fixed system notifications @ksotik (#7070)
• [FIX] Tag bugs when adding finding from template @X0x1RG9f (#6713)
• Release: Merge back 2.16.0 into dev from: master-into-dev/2.16.0-2.17.0-dev @github-actions (#7064)

🚩 Changes to settings.dist.py / local_settings.py

• Add middleware to alert users of missing trailing slash @Maffooch (#7198)
• Update settings.dist.py to include scan file size as env variable @italvi (#7228)
• Add parser and importer for Vulners.com reports API @vankyver (#6692)
• Added Custom Password Requirements to System Settings @blakeaowens (#7188)
• Enable notify for sla in system settings @italvi (#7167)
• Add severity for Veracode SCA hashcode calculation @coheigea (#7140)
• Adjusted Rusty Hog deduplication to be less flaky @fhoeborn-cb (#7164)
• Fix Bugcrowd API Import hashcode name @Gby56 (#7134)
• Add support to use external redis-sentinel as celery broker @tks98 (#6980)

🚩 Database migration

• Added Custom Password Requirements to System Settings @blakeaowens (#7188)
• Enable notify for sla in system settings @italvi (#7167)
• Add the ability to set the default assignee for a JIRA issue @coheigea (#7178)

🚀 API features and enhancements

• Adding API switch close_old_findings_product_scope to allow closing f… @coheigea (#7219)
• Add engagement end-date to API @italvi (#7181)
• Improve Swagger documentation for the importer/reimporter @coheigea (#7179)
• Implement create_finding_groups_for_all_findings in the Reimporter @coheigea (#7172)
• Add a parameter to the importer/reimporter to set source_code_managem… @coheigea (#7171)
• Add do_not_reactivate option to persist triages from triage-less scanners @Gby56 (#6893)
• Implement create_finding_groups_for_all_findings in the importer @coheigea (#7150)
• Add Status of Findings when Close Finding @italvi (#7068)

🐛 Bug Fixes

• Add middleware to alert users of missing trailing slash @Maffooch (#7198)
• Add additional error catching for severity in Checkov Parser @Maffooch (#7217)
• Checkov2: Correct reports that only return summaries @Maffooch (#7136)
• Make SLA calculation of a Finding Group use the most severe finding @Maffooch (#7102)

🧰 Maintenance

• Bump djangosaml2 from 1.5.3 to 1.5.4 @dependabot (#7239)
• Bump boto3 from 1.26.21 to 1.26.23 @dependabot (#7240)
• Bump django-debug-toolbar from 3.7.0 to 3.8.1 @dependabot (#7232)
• Update rabbitmq:3.11.4-alpine Docker digest from 3.11.4 to 3.11.4-alpine (docker-compose.yml) @renovate (#7227)
• Update stefanzweifel/git-auto-commit-action action from v4.15.4 to v4.16.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#7218)
• Bump google-auth from 2.14.1 to 2.15.0 @dependabot (#7224)
• Bump justgage from 1.6.0 to 1.6.1 in /components @dependabot (#7225)
• Bump boto3 from 1.26.20 to 1.26.21 @dependabot (#7223)
• Remove last instance of "is_Mitigated" @Maffooch (#7199)
• Attempt correction of documentation building and helm linting @Maffooch (#7200)
• Rev k8 supported versions @Maffooch (#7226)
• Bump google-api-python-client from 2.66.0 to 2.68.0 @dependabot (#7213)
• Bump boto3 from 1.26.17 to 1.26.20 @dependabot (#7214)
• Bump justgage from 1.5.1 to 1.6.0 in /components @dependabot (#7215)
• Update rabbitmq Docker tag from 3.11.3 to v3.11.4 (docker-compose.yml) @renovate (#7197)
• Bump debugpy from 1.6.3 to 1.6.4 @dependabot (#7206)
• Update dependency postcss-cli from 10.0.0 to v10.1.0 (docs/package.json) @renovate (#7207)
• Bump django-auditlog from 2.2.0 to 2.2.1 @dependabot (#7191)
• Bump boto3 from 1.26.16 to 1.26.17 @dependabot (#7192)
• Bump cryptography from 38.0.3 to 38.0.4 @dependabot (#7193)
• Bump python-gitlab from 3.11.0 to 3.12.0 @dependabot (#7194)
• Bump python from f8cc89f to 1cd45c5 @dependabot (#7195)
• Bump boto3 from 1.26.15 to 1.26.16 @dependabot (#7180)
• Bump boto3 from 1.26.14 to 1.26.15 @dependabot (#7177)
• Bump boto3 from 1.26.13 to 1.26.14 @dependabot (#7173)
• Bump redis from 4.3.4 to 4.3.5 @dependabot (#7174)
• Bump boto3 from 1.26.12 to 1.26.13 @dependabot (#7168)
• Bump datatables.net-buttons-dt from 2.2.3 to 2.3.3 in /components @dependabot (#7149)
• Bump datatables.net-buttons-bs from 2.2.3 to 2.3.3 in /components @dependabot (#7148)
• Bump datatables.net from 1.12.1 to 1.13.1 in /components @dependabot (#7100)
• Bump datatables.net-dt from 1.12.1 to 1.13.1 in /components @dependabot (#7101)
• Bump datatables.net-colreorder from 1.5.6 to 1.6.1 in /components @dependabot (#7092)
• Bump google-api-python-client from 2.65.0 to 2.66.0 @dependabot (#7157)
• Bump boto3 from 1.26.9 to 1.26.12 @dependabot (#7162)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.0 to v1.33.1 (helm/defectdojo/values.yaml) @renovate (#7144)
• Bump boto3 from 1.26.8 to 1.26.9 @dependabot (#7141)
• Bump python from 244c0b0 to f8cc89f @dependabot (#7130)
• Bump boto3 from 1.26.7 to 1.26.8 @dependabot (#7128)
• Bump sqlalchemy from 1.4.43 to 1.4.44 @dependabot (#7129)
• Bump nginx from 2452715 to 455c39a @dependabot (#7131)
• Update rabbitmq:3.11.3-alpine Docker digest from 3.11.3 to 3.11.3-alpine (docker-compose.yml) @renovate (#7121)
• Update postgres:15.1-alpine Docker digest from 15.1 to 15.1-alpine (docker-compose.yml) @renovate (#7122)
• Fix deprecations of GHA (set-output and node12) @Maffooch (#7117)
• Bump boto3 from 1.26.6 to 1.26.7 @dependabot (#7123)
• Update postgres Docker tag from 15.0 to v15.1 (docker-compose.yml) @renovate (#7120)
• Update rabbitmq Docker tag from 3.11.2 to v3.11.3 (docker-compose.yml) @renovate (#7119)
• Update dependency postcss from 8.4.18 to v8.4.19 (docs/package.json) @renovate (#7118)
• Bump django-auditlog from 2.1.1 to 2.2.0 @dependabot (#7085)
• Bump boto3 from 1.26.5 to 1.26.6 @dependabot (#7113)
• Migrate from python3.8 to python3.11 @Maffooch (#7115)
• Bump boto3 from 1.26.4 to 1.26.5 @dependabot (#7099)
• Rev cryptography as the the current version has been yanked from pypi @Maffooch (#7103)
• Bump google-auth from 2.14.0 to 2.14.1 @dependabot (#7088)
• Bump boto3 from 1.26.3 to 1.26.4 @dependabot (#7086)
• Bump asteval from 0.9.27 to 0.9.28 @dependabot (#7087)
• Bump pygithub from 1.56 to 1.57 @dependabot (#7080)
• Bump sqlalchemy from 1.4.42 to 1.4.43 @dependabot (#7081)
• Bump boto3 from 1.26.2 to 1.26.3 @dependabot (#7082)
• Update stefanzweifel/git-auto-commit-action action from v4.15.3 to v4.15.4 (.github/workflows/release-3-master-into-dev.yml) @renovate (#7078)
• Bump google-auth-oauthlib from 0.7.0 to 0.7.1 @dependabot (#7075)
• Bump boto3 from 1.26.1 to 1.26.2 @dependabot (#7074)
• Bump boto3 from 1.26.0 to 1.26.1 @dependabot (#7072)
• Bump boto3 from 1.25.5 to 1.26.0 @dependabot (#7065)
• Bump cryptography from 38.0.2 to 38.0.3 @dependabot (#7066)

🖌 Updates in UI

• Improved the design of the custom html report findings @madeoninfo (#7236)
• Fix for languages plot legend expanding out of panel @blakeaowens (#7185)
• Added/Updated Custom HTTP Error Handlers @blakeaowens (#7176)
• Remove enforcement of unnecessary notes @italvi (#7161)
• Add do_not_reactivate option to persist triages from triage-less scanners @Gby56 (#6893)
• Release: Merge back 2.16.1 into dev from: master-into-dev/2.16.1-2.17.0-dev @github-actions (#7107)
• Make SLA calculation of a Finding Group use the most severe finding @Maffooch (#7102)