DefectDojo/django-DefectDojo 2.19.0 on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.18.0

Release: Merge back 2.19.0 into dev from: master-into-dev/2.19.0-2.20.0-dev @github-actions (#7564)
Add default Dockerfile operating system @CharlieSears (#7558)
Implement support for SCA and KICS data in Checkmarx parser @damiencarol (#7552)
feat: modify gha to test and publish alpine based images @alles-klar (#7496)
Add suppression evaluation in SARIF importer @TheRealArlie (#7530)
Use the product name as the description in the importer @coheigea (#7534)
A cleanup of the endpoint code used by the importer/reimporter @coheigea (#7546)
Add the ability to group by the finding title @coheigea (#7540)
Generic: Handle incorrect json @kiblik (#7482)
Release: Merge back 2.18.4 into dev from: master-into-bugfix/2.18.4-2.19.0-dev @github-actions (#7516)
Forward parser errors to users @kiblik (#7503)
Add screenshots of what slack notifications look like @Maffooch (#7507)
Disable GHA unit tests on push to branch, limit only to PR @Maffooch (#7479)
Docs: Add documenation for #7471 @kiblik (#7504)
Update Slack Invitation link for OWASP @hblankenship (#7497)
Change url -> re-path in template-local_settings @shipko (#7483)
Release: Merge back 2.18.3 into dev from: master-into-bugfix/2.18.3-2.19.0-dev @github-actions (#7481)
Release: Merge release into master from: release/2.18.3 @github-actions (#7478)
Add dynamic Test_Type for Generic parser [originaly #5967] @kiblik (#7471)
Fix manual Jira reconciliation issue @bakalor (#7460)
Avoid "STATICFILES_DIRS" warning @kiblik (#7456)
Catch endpoint validation errors in the reimporter @coheigea (#7461)
If findings are mitigated for AWS Security Hub then set them to inactive @coheigea (#7454)
Add the old finding in the reimporter to the list of unchanged findin… @coheigea (#7447)
Rustyhog: Make JIRA/Confluence URLs clickable in description @valentijnscholten (#7419)
Release: Merge back 2.18.2 into dev from: master-into-bugfix/2.18.2-2.19.0-dev @github-actions (#7428)
Clean unsaved endpoints before comparing them to existing endpoints @coheigea (#7416)
Doc: Split doc to files + unittest for missing unittest and doc @kiblik (#7418)
Avoid unnecessary save for dynamic findings on reimport @coheigea (#7399)
SonarQube: Handle non-JSON response in test @kiblik (#7394)
Release: Merge back 2.18.1 into dev from: master-into-dev/2.18.1-2.18.1-dev @github-actions (#7383)
Release: Merge back 2.18.1 into dev from: master-into-bugfix/2.18.1-2.18.1-dev @github-actions (#7384)
Release: Merge release into master from: release/2.18.1 @github-actions (#7382)
Fixing the sla_deadline function to work with the current date and no… @coheigea (#7370)
Fixing typo in bugcrowd parser @coheigea (#7372)
In the re-importer, if the new finding is mitigated then make sure th… @coheigea (#7373)
Add gzip for nginx @shipko (#7346)
Release: Merge back 2.18.0 into dev from: master-into-dev/2.18.0-2.19.0-dev @github-actions (#7356)

🚩 Changes to `settings.dist.py` / `local_settings.py`

Release: Merge release into master from: release/2.19.0 @github-actions (#7562)
Global Announcement Banner @CharlieSears (#5802)
Change CVSS calculator to use CVSSv3.1 @HomeSen (#7541)
Qualys CSV Finding.mitigated fix @37b (#7539)
Allow to configure the deduplication algorithm in Kubernetes via an e… @coheigea (#7506)
New env var DD_HASHCODE_FIELDS_PER_SCANNER @Gby56 (#7491)
Release: Merge back 2.18.2 into dev from: master-into-dev/2.18.2-2.19.0-dev @github-actions (#7427)
Add arbitrary header setting, forward to jira @Maffooch (#7417)
Add functionality "forgot username" @Maffooch (#7406)
Set CSRF_TRUSTED_ORIGINS when it is not the default value @Maffooch (#7410)
New env var DD_JIRA_EXTRA_ISSUE_TYPES to add Jira issue types @Gby56 (#7412)
Migrate to Django 4.x @Maffooch (#7387)

🚩 Database migration

Release: Merge release into master from: release/2.19.0 @github-actions (#7562)
Global Announcement Banner @CharlieSears (#5802)
Change CVSS calculator to use CVSSv3.1 @HomeSen (#7541)
Qualys CSV Finding.mitigated fix @37b (#7539)
Make Finding verified field default to false @Maffooch (#7470)
Migrate to Django 4.x @Maffooch (#7387)

🚀 API features and enhancements

Release: Merge release into master from: release/2.19.0 @github-actions (#7562)
Change CVSS calculator to use CVSSv3.1 @HomeSen (#7541)
Qualys CSV Finding.mitigated fix @37b (#7539)
Make Finding verified field default to false @Maffooch (#7470)
Release: Merge back 2.18.3 into dev from: master-into-dev/2.18.3-2.19.0-dev @github-actions (#7480)
Set default auth_group if one does not already exist @adrianasantex (#7463)
Handle test tags when reimporting with reimport_scan api @gietschess (#7446)
Use Finding.status_finding instead of endpoint_status @coheigea (#7433)
Release: Merge back 2.18.2 into dev from: master-into-dev/2.18.2-2.19.0-dev @github-actions (#7427)
API-bugfix: Endpoint_status - do not fail if date is missing @kiblik (#7395)

🐛 Bug Fixes

Set CSRF_TRUSTED_ORIGINS when it is not the default value @Maffooch (#7410)

🖌 Updates in UI

Release: Merge release into master from: release/2.19.0 @github-actions (#7562)
Merge Bugfix into Dev @Maffooch (#7560)
Global Announcement Banner @CharlieSears (#5802)
Change CVSS calculator to use CVSSv3.1 @HomeSen (#7541)
Qualys CSV Finding.mitigated fix @37b (#7539)
Remove trailing bracket for SLA information in UI @coheigea (#7533)
Add a link to the source code in the JIRA description @coheigea (#7535)
Refactoring notification @shipko (#7342)
Added Support Tab and Support Links @blakeaowens (#7519)
Release: Merge back 2.18.4 into dev from: master-into-dev/2.18.4-2.19.0-dev @github-actions (#7517)
Release: Merge release into master from: release/2.18.4 @github-actions (#7515)
Localization + refactor dashboard @shipko (#7509)
Bump bleach from 5.0.1 to 6.0.0 @dependabot (#7486)
For findings that are out of SLA display them as negative values so t… @coheigea (#7498)
Added FontAwesome icons to error pages @blakeaowens (#7489)
Release: Merge back 2.18.3 into dev from: master-into-dev/2.18.3-2.19.0-dev @github-actions (#7480)
Translate dojo/user/views.py and related pages @shipko (#7432)
Fixing typo in endpoint documentation @coheigea (#7462)
Add functionality "forgot username" @Maffooch (#7406)
Refactor API parsers @kiblik (#7002)
Optimize output in html for product/metrics page @shipko (#7339)
Notifications: Split templates per type @kiblik (#7315)

🗣 Updates in localization

Global Announcement Banner @CharlieSears (#5802)
Translate dojo/user/views.py and related pages @shipko (#7432)
Notifications: Split templates per type @kiblik (#7315)
Localization: Add missing + update lines @kiblik (#7352)

🧰 Maintenance

Bump numpy from 1.24.1 to 1.24.2 @dependabot (#7557)
Bump datatables.net-buttons-bs from 2.3.3 to 2.3.4 in /components @dependabot (#7544)
Bump boto3 from 1.26.63 to 1.26.64 @dependabot (#7556)
Bump humanize from 4.5.0 to 4.6.0 @dependabot (#7555)
Bump datatables.net from 1.13.1 to 1.13.2 in /components @dependabot (#7547)
Bump datatables.net-dt from 1.13.1 to 1.13.2 in /components @dependabot (#7548)
Bump google-api-python-client from 2.75.0 to 2.76.0 @dependabot (#7543)
Bump datatables.net-buttons-dt from 2.3.3 to 2.3.4 in /components @dependabot (#7545)
Bump boto3 from 1.26.62 to 1.26.63 @dependabot (#7542)
Refresh lock file on helm changes @dsever (#7522)
Bump boto3 from 1.26.61 to 1.26.62 @dependabot (#7537)
Bump openpyxl from 3.0.10 to 3.1.0 @dependabot (#7527)
Bump boto3 from 1.26.60 to 1.26.61 @dependabot (#7526)
Bump google-api-python-client from 2.74.0 to 2.75.0 @dependabot (#7525)
Update rabbitmq Docker tag from 3.11.7 to v3.11.8 (docker-compose.yml) @renovate (#7524)
Update docker/build-push-action action from v3 to v4 (.github/workflows/unit-tests.yml) @renovate (#7518)
Bump boto3 from 1.26.59 to 1.26.60 @dependabot (#7520)
Bump python-gitlab from 3.12.0 to 3.13.0 @dependabot (#7521)
Bump python from 79095e3 to 3d26050 @dependabot (#7513)
Bump humanize from 4.4.0 to 4.5.0 @dependabot (#7511)
Bump boto3 from 1.26.58 to 1.26.59 @dependabot (#7512)
Bump cvss from 2.5 to 2.6 @dependabot (#7510)
Update mysql:5.7.41 Docker digest from 5.7.41 to v (docker-compose.yml) @renovate (#7508)
Bump boto3 from 1.26.56 to 1.26.58 @dependabot (#7502)
Bump bleach from 5.0.1 to 6.0.0 @dependabot (#7486)
Bump google-api-python-client from 2.73.0 to 2.74.0 @dependabot (#7492)
Bump boto3 from 1.26.55 to 1.26.56 @dependabot (#7493)
Bump coverage from 7.0.5 to 7.1.0 @dependabot (#7494)
Bump debugpy from 1.6.5 to 1.6.6 @dependabot (#7485)
Bump boto3 from 1.26.54 to 1.26.55 @dependabot (#7484)
Bump boto3 from 1.26.53 to 1.26.54 @dependabot (#7474)
Bump python from 073caf6 to 79095e3 @dependabot (#7475)
Bump vulners from 2.0.5 to 2.0.6 @dependabot (#7464)
Bump boto3 from 1.26.52 to 1.26.53 @dependabot (#7465)
chore(deps): update rabbitmq:3.11.7-alpine docker digest from 3.11.7 to 3.11.7-alpine (docker-compose.yml) @renovate (#7453)
Bump boto3 from 1.26.51 to 1.26.52 @dependabot (#7455)
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.1 to v1.33.2 (helm/defectdojo/values.yaml) @renovate (#7440)
Update mysql Docker tag from 5.7.40 to v5.7.41 (docker-compose.yml) @renovate (#7441)
Update redis Docker tag from 7.0.7 to v7.0.8 (docker-compose.yml) @renovate (#7443)
Bump boto3 from 1.26.50 to 1.26.51 @dependabot (#7448)
Bump google-api-python-client from 2.72.0 to 2.73.0 @dependabot (#7449)
chore(deps): update rabbitmq docker tag from 3.11.6 to v3.11.7 (docker-compose.yml) @renovate (#7442)
Update rabbitmq:3.11.6-alpine Docker digest from 3.11.6 to 3.11.6-alpine (docker-compose.yml) @renovate (#7431)
Bump django-auditlog from 2.2.1 to 2.2.2 @dependabot (#7434)
Bump boto3 from 1.26.49 to 1.26.50 @dependabot (#7422)
Bump pytz from 2022.7 to 2022.7.1 @dependabot (#7420)
Bump django-watson from 1.6.2 to 1.6.3 @dependabot (#7424)
Bump vulners from 2.0.4 to 2.0.5 @dependabot (#7421)
Bump nginx from dd8a054 to 659610a @dependabot (#7423)
Bump python from 39cecc9 to 073caf6 @dependabot (#7425)
Bump boto3 from 1.26.48 to 1.26.49 @dependabot (#7413)
Bump requests from 2.28.1 to 2.28.2 @dependabot (#7414)
Migrate to Django 4.x @Maffooch (#7387)
Bump redis from 4.4.1 to 4.4.2 @dependabot (#7407)
Bump boto3 from 1.26.47 to 1.26.48 @dependabot (#7408)
Bump google-api-python-client from 2.71.0 to 2.72.0 @dependabot (#7400)
Bump coverage from 7.0.4 to 7.0.5 @dependabot (#7401)
Bump boto3 from 1.26.46 to 1.26.47 @dependabot (#7402)
Bump google-auth from 2.15.0 to 2.16.0 @dependabot (#7390)
Bump boto3 from 1.26.45 to 1.26.46 @dependabot (#7391)
chore(deps): update redis:7.0.7-alpine docker digest from 7.0.7 to 7.0.7-alpine (docker-compose.yml) @renovate (#7389)
chore(deps): update rabbitmq:3.11.6-alpine docker digest from 3.11.6 to 3.11.6-alpine (docker-compose.yml) @renovate (#7388)
Bump redis from 4.4.0 to 4.4.1 @dependabot (#7378)
Bump boto3 from 1.26.44 to 1.26.45 @dependabot (#7379)
Bump python from 8f39972 to 39cecc9 @dependabot (#7380)
Bump coverage from 7.0.3 to 7.0.4 @dependabot (#7381)
chore(deps): update dependency postcss from 8.4.20 to v8.4.21 (docs/package.json) @renovate (#7377)
chore(deps): update rabbitmq docker tag from 3.11.5 to v3.11.6 (docker-compose.yml) @renovate (#7376)
Bump boto3 from 1.26.42 to 1.26.44 @dependabot (#7374)
Bump debugpy from 1.6.4 to 1.6.5 @dependabot (#7375)
Bump google-api-python-client from 2.70.0 to 2.71.0 @dependabot (#7369)
chore(deps): update busybox docker tag from 1.35.0 to v1.36.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#7359)
Bump sqlalchemy from 1.4.45 to 1.4.46 @dependabot (#7362)
Bump boto3 from 1.26.41 to 1.26.42 @dependabot (#7363)
Bump coverage from 7.0.2 to 7.0.3 @dependabot (#7364)
chore(deps): update mysql:5.7.40 docker digest from 5.7.40 to v (docker-compose.yml) @renovate (#7357)
chore(deps): update postgres:15.1-alpine docker digest from 15.1 to 15.1-alpine (docker-compose.yml) @renovate (#7358)

DefectDojo/django-DefectDojo 2.19.0 2.19.0 🌈 on GitHub