DefectDojo/django-DefectDojo 2.2.0

2.2.0 🌈

on GitHub

Changes since 2.1.0

• Release: Merge release into master from: release/2.2.0 @github-actions (#5014)
• Master into dev/2.1.0 2.2.0 dev @Maffooch (#4878)

🚩 Requires settings changes, database migration, hash code recomputation

• Restrict deletion of users when used in product related objects @StefanFl (#4903)
• OAuth2: Default group and setting for staff members @StefanFl (#4863)

🚩 Security

• security: update npm path-parse to 1.0.7 @valentijnscholten (#4941)

🚀 New importers

• Add a parser for Aquasecurity's Cloudsploit @axelpavageau (#4916)
• add new parser - Mobsfscan @ansidorov (#4845)

🚀 General features and enhancements

• Add tags to Gitleaks parser @damiencarol (#4996)
• Helm extra volumes @dsever (#4837)
• cargo audit parser repaired @zakrush (#4867)
• Support JSON import of AWS Prowler scans @StefanFl (#4981)
• Don't allow risk acceptance on duplicates @madchap (#4342)
• Initialization of test types @StefanFl (#4979)
• Implementation for Engagement_Presets and Network_Locations API @jpbowie (#4965)
• Endpoint: Fix report generation @kiblik (#4942)
• Added API for Notifications and enhancements for MetaData API @StefanFl (#4904)
• Bugfix and enhancement for SLA notifications @StefanFl (#4896)
• SonarQube: support multiple SQ projects for one product @kiblik (#4676)
• OAuth2: Default group and setting for staff members @StefanFl (#4863)
• UI: Make all select fields searchable @kiblik (#4766)

🐛 Bug Fixes

• Fix 0120 migration when no SQ is configured @valentijnscholten (#5013)
• Semgrep: Add support for INFO severity @valentijnscholten (#5004)
• Fix newline characters in the summary (Jira issue) @Zilborg (#4954)
• Fix Incorrect False positives and Risk accepted metrics @XiChen-Tibco (#4930)
• cargo audit parser repaired @zakrush (#4867)
• Searchable fields are not displayed correctly for multiselect fields @StefanFl (#4894)
• Restrict deletion of users when used in product related objects @StefanFl (#4903)
• ZAP: Fix parsing of empty elements (fixes #4855) @iainrawson (#4935)
• Aws prowler fix @dkade (#4977)
• Truncate Path, Query and Fragment Endpoint Fields to their Max Column Length @J12934 (#4974)
• Update Google sheets to user newer libraries @StefanFl (#4968)
• Support new format of tfsec json @StefanFl (#4960)
• Dockle parser: switch to hash_code based deduplication @SoaAlex (#4886)
• Fix CWE parsing for SARIF parser (#4940) @akitibala (#4943)
• API: list all mandatory fields for FindingCreateSerializer @XiChen-Tibco (#4931)
• Fix and refactor dojo.models.Finding_Group.components @AndreyMZ (#4787)
• Remove nonexisting file reference in sample data @Maffooch (#4928)
• Two bugfixes for engagemens lists @StefanFl (#4895)
• Fix Endpoint clean in migration @kiblik (#4887)
• AWS Prowler Scan Fix and Enhancement @dkade (#4915)
• Fix heading for intsights @kiblik (#4912)
• Install chromium driver in Python @StefanFl (#4891)
• Bugfix and enhancement for SLA notifications @StefanFl (#4896)
• Nessus parser: Fix error when fqdn is missing @Juu (#4857)
• Two problems with reviews for findings @StefanFl (#4890)
• Minikube update to make k8s tests run successfully again @StefanFl (#4898)
• Fix Pagination issue on paused engagements #4840 @christophe226 (#4846)
• Trivy parser - bugfix for initialization of cvssv3 @StefanFl (#4883)
• Solution for Issue#2835 @XiChen-Tibco (#4868)

📝 Documentation updates

• docs: update java api wrapper/lib info @wurstbrot (#4997)
• Added dd-import to WRAPPERS.md @StefanFl (#4976)
• Documentation: Naming of parser classes @StefanFl (#4908)

🧰 Maintenance

• Bump nginx from 8adf523 to bfe377b @dependabot (#4999)
• Bump python-gitlab from 2.10.0 to 2.10.1 @dependabot (#4998)
• chore(deps): update rabbitmq docker tag from 3.9.4 to v3.9.5 (docker-compose.yml) @renovate (#4993)
• Deprecation notice for legacy authorization @StefanFl (#4982)
• Bump django-tagulous from 1.1.0 to 1.2.0 @dependabot (#4984)
• Bump bleach from 4.0.0 to 4.1.0 @dependabot (#4986)
• chore(deps): update dependency autoprefixer from 10.3.2 to v10.3.3 (docs/package.json) @renovate (#4990)
• Bump django-slack from 5.16.2 to 5.17.6 @dependabot (#4992)
• Add Leak URL to Gitleaks parser @ed-wp (#4959)
• Bump cryptography from 3.4.7 to 3.4.8 @dependabot (#4980)
• chore(deps): update rabbitmq:3.9.4 docker digest from 3.9.4 to 3.9.4 (docker-compose.yml) @renovate (#4978)
• Bump nginx from f5c8441 to 8adf523 @dependabot (#4972)
• Bump google-api-python-client from 2.17.0 to 2.18.0 @dependabot (#4975)
• Update Google sheets to user newer libraries @StefanFl (#4968)
• chore(deps): update dependency autoprefixer from 10.3.1 to v10.3.2 (docs/package.json) @renovate (#4966)
• chore(deps): update busybox docker tag from 1.33.1 to v1.34.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#4964)
• chore(deps): update rabbitmq docker tag from 3.9.3 to v3.9.4 (docker-compose.yml) @renovate (#4955)
• Bump sqlalchemy from 1.4.22 to 1.4.23 @dependabot (#4957)
• Bump social-auth-app-django from 4.0.0 to 5.0.0 @dependabot (#4918)
• chore(deps): update mysql:5.7.35 docker digest from 5.7.35 to v5.7.35 (docker-compose.yml) @renovate (#4947)
• Bump google-auth from 1.34.0 to 1.35.0 @dependabot (#4948)
• Bump django-debug-toolbar from 3.2.1 to 3.2.2 @dependabot (#4945)
• Bump django-split-settings from 1.0.1 to 1.1.0 @dependabot (#4944)
• Bump django-fieldsignals from 0.6.0 to 0.7.0 @dependabot (#4946)
• chore(deps): update rabbitmq docker tag from 3.9.2 to v3.9.3 (docker-compose.yml) @renovate (#4938)
• [GHA - release] Bump chart version when merging master back to dev @madchap (#4923)
• chore(deps): update rabbitmq docker tag from 3.9.1 to v3.9.2 (docker-compose.yml) @renovate (#4929)
• [GHA] Remove un-needed docker login @madchap (#4924)
• Bump nginx from e22b3ba to f5c8441 @dependabot (#4927)
• Update Chart.yaml @madchap (#4925)
• Bump drf-spectacular from 0.17.2 to 0.17.3 @dependabot (#4873)
• Bump sqlalchemy from 1.4.21 to 1.4.22 @dependabot (#4853)
• Upgrade celery to 5.1.2 @Homopatrol (#4917)
• Bump jszip from 3.6.0 to 3.7.1 in /components @dependabot (#4913)
• Bump google-auth from 1.33.0 to 1.34.0 @dependabot (#4882)
• Bump python-gitlab from 2.9.0 to 2.10.0 @dependabot (#4881)
• Bump bleach from 3.3.1 to 4.0.0 @dependabot (#4909)
• chore(deps): update rabbitmq docker tag from 3.8.19 to v3.9.1 (docker-compose.yml) @renovate (#4870)
• Bump debugpy from 1.3.0 to 1.4.1 @dependabot (#4864)
• chore(deps): update dependency postcss from 8.3.5 to v8.3.6 (docs/package.json) @renovate (#4849)
• chore(deps): update rabbitmq:3.8.19 docker digest from 3.8.19 to v3.8.19 (docker-compose.yml) @renovate (#4869)
• Bump nginx from 2c2dfbb to e22b3ba @dependabot (#4866)
• chore(deps): update mysql docker tag from 5.7.34 to v5.7.35 (docker-compose.yml) @renovate (#4841)
• chore(deps): update styfle/cancel-workflow-action action from 0.9.0 to v0.9.1 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#4892)
• Bump google-auth-oauthlib from 0.4.4 to 0.4.5 @dependabot (#4893)
• Bump humanize from 3.10.0 to 3.11.0 @dependabot (#4901)
• Bump pdfmake from 0.2.0 to 0.2.2 in /components @dependabot (#4905)
• Remove setup.py from GHA @madchap (#4879)