DefectDojo/django-DefectDojo 2.20.0 on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.19.0

Fix for empty alias @lme-nca (#7746)
Update JIRA when findings are added/removed to/from the finding group @coheigea (#7707)
Make sure that we search for finding groups for "group by" in the sam… @coheigea (#7718)
BlackDuck API read timout increased @barucijah (#7716)
Release: Merge back 2.19.4 into dev from: master-into-dev/2.19.4-2.20.0-dev @github-actions (#7703)
Release: Merge back 2.19.4 into dev from: master-into-bugfix/2.19.4-2.20.0-dev @github-actions (#7704)
Release: Merge release into master from: release/2.19.4 @github-actions (#7702)
Remove Github OAuth dependencies (Credit to @hackerhumble) @Maffooch (#7701)
Fix UnboundLocalError when user remove all options for password @YuToutCourt (#7688)
Release: Merge back 2.19.3 into dev from: master-into-bugfix/2.19.3-2.20.0-dev @github-actions (#7693)
Make sure old findings are added to finding groups in the reimporter @coheigea (#7687)
Added amd64 build config for Apple Silicon @corrupt (#7680)
Update unit test flow to build containers once and store in uniform location @Maffooch (#7660)
Update the release drafter to make releases less manual @Maffooch (#7661)
[cyclonedx-json] flatten components @bruegth (#7654)
BlackduckAPI: remove test_product_connection @kiblik (#7665)
Fix for mobsfscan parser 2 @hvechtomov (#7667)
A finding isn't added to an existing finding group in the re-importer… @coheigea (#7678)
Add default announcement banner @Maffooch (#7668)
Release: Merge back 2.19.2 into dev from: master-into-bugfix/2.19.2-2.20.0-dev @github-actions (#7658)
Risk accepted findings don't close old findings in the reimporter @coheigea (#7631)
read aliases from dependencytrack FPF format @lme-nca (#7583)
Docs: Removes API Push Section @devGregA (#7635)
Release: Merge back 2.19.1 into dev from: master-into-bugfix/2.19.1-2.20.0-dev @github-actions (#7619)
Old finding endpoints are not reactivated in the reimporter @coheigea (#7615)
Enable GitHub integration for existing products @coheigea (#7614)
Docs: Groups from Identity Providers @kiblik (#7604)
Fix #7568 do_not_reactivate notes on each (re)import @Gby56 (#7569)
Only mitigate endpoints that are not already mitigated @coheigea (#7567)
Bugfix: get_accessible_url should return access_file instead of access_url @HomeSen (#7585)
Improve Fortify parser to manage new versions @damiencarol (#7592)
Set download path to /app instead of media @Maffooch (#7586)
Release: Merge back 2.19.0 into dev from: master-into-bugfix/2.19.0-2.20.0-dev @github-actions (#7565)
Release: Merge back 2.19.0 into dev from: master-into-dev/2.19.0-2.20.0-dev @github-actions (#7564)

🚩 Changes to `settings.dist.py` / `local_settings.py`

Release: Merge release into master from: release/2.20.0 @github-actions (#7767)
Fix GitHub dedupe @Demaz93 (#7754)
Release: Merge back 2.19.3 into dev from: master-into-dev/2.19.3-2.20.0-dev @github-actions (#7694)
Release: Merge release into master from: release/2.19.3 @github-actions (#7692)
Remove GitHub OAuth integration @Maffooch (#7691)
Release: Merge back 2.19.2 into dev from: master-into-dev/2.19.2-2.20.0-dev @github-actions (#7657)
Release: Merge release into master from: release/2.19.2 @github-actions (#7656)
Fix missing GitLab scanners in settings file @jahrome (#7639)
Add parser for Codechecker @drJabber (#7603)

🚩 Database migration

Release: Merge release into master from: release/2.20.0 @github-actions (#7767)
Merge bugfix into dev 2.20.0 @Maffooch (#7766)
Allowing a max length of 255 for default JIRA issue types @coheigea (#7761)
Update JIRA when a finding is edited @coheigea (#7700)

🚀 API features and enhancements

Release: Merge release into master from: release/2.20.0 @github-actions (#7767)
Add Credential Mapping and API Endpoint @Maffooch (#7759)
Add Questionnaire API Endpoints (read only) @Maffooch (#7742)
Add Risk Acceptance (read) API Endpoint @Maffooch (#7735)
Add prefetch to stub findings endpoint @Maffooch (#7723)
Add prefetching to product API scan config presets endpoint @Maffooch (#7722)
Add prefetching to engagement presets endpoint @Maffooch (#7721)
Add prefetching to technologies endpoint @Maffooch (#7719)
Add prefetching to Endpoint, Endpoint Status, and Engagement @Maffooch (#7724)
Add prefetching to Tests endpoint @Maffooch (#7725)
Add API endpoint download files by ID @Maffooch (#7636)

🐛 Bug Fixes

Eliminate possibility of adding single finding to multiple risk exceptions @Maffooch (#7685)

🖌 Updates in UI

Release: Merge release into master from: release/2.20.0 @github-actions (#7767)
Merge bugfix into dev 2.20.0 @Maffooch (#7766)
Add Credential Mapping and API Endpoint @Maffooch (#7759)
Add a link to the source code in the JIRA description for finding groups @coheigea (#7755)
fix(UI): wrong button name for deleting group @Gby56 (#7753)
Release: Merge back 2.19.3 into dev from: master-into-dev/2.19.3-2.20.0-dev @github-actions (#7694)
Release: Merge release into master from: release/2.19.3 @github-actions (#7692)
Remove GitHub OAuth integration @Maffooch (#7691)
Release: Merge back 2.19.2 into dev from: master-into-dev/2.19.2-2.20.0-dev @github-actions (#7657)
Release: Merge release into master from: release/2.19.2 @github-actions (#7656)
Fix slack notifications @coheigea (#7623)
Release: Merge back 2.19.1 into dev from: master-into-dev/2.19.1-2.20.0-dev @github-actions (#7620)
Release: Merge release into master from: release/2.19.1 @github-actions (#7617)
Add blocks to users view template, add product name filter to finding… @Maffooch (#7616)
Intsights fix for zero alerts @37b (#7601)
Fix missing information in notifications @coheigea (#7593)
Implementation of Finding Group View/Edit @blakeaowens (#7566)

🧰 Maintenance

Bump drf-spectacular from 0.25.1 to 0.26.0 @dependabot (#7763)
Bump boto3 from 1.26.83 to 1.26.84 @dependabot (#7764)
chore(deps): update rabbitmq docker tag from 3.11.9 to v3.11.10 (docker-compose.yml) @renovate (#7744)
Bump cryptography from 39.0.1 to 39.0.2 @dependabot (#7748)
Bump boto3 from 1.26.81 to 1.26.83 @dependabot (#7749)
Bump django-environ from 0.9.0 to 0.10.0 @dependabot (#7750)
Bump google-auth from 2.16.1 to 2.16.2 @dependabot (#7751)
Bump django-slack from 5.18.0 to 5.19.0 @dependabot (#7738)
chore(deps): update postgres:15.2-alpine docker digest from 15.2 to 15.2-alpine (docker-compose.yml) @renovate (#7732)
Bump boto3 from 1.26.80 to 1.26.81 @dependabot (#7730)
Bump google-api-python-client from 2.79.0 to 2.80.0 @dependabot (#7729)
chore(deps): update redis docker tag from 7.0.8 to v7.0.9 (docker-compose.yml) @renovate (#7726)
Bump datatables.net-buttons-bs from 2.3.4 to 2.3.5 in /components @dependabot (#7710)
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.3 to v1.33.4 (helm/defectdojo/values.yaml) @renovate (#7686)
Bump boto3 from 1.26.77 to 1.26.80 @dependabot (#7708)
Bump datatables.net from 1.13.2 to 1.13.3 in /components @dependabot (#7711)
Bump datatables.net-buttons-dt from 2.3.4 to 2.3.5 in /components @dependabot (#7712)
Bump datatables.net-dt from 1.13.2 to 1.13.3 in /components @dependabot (#7713)
Bump coverage from 7.2.0 to 7.2.1 @dependabot (#7698)
Bump blackduck from 1.0.7 to 1.1.0 @dependabot (#7699)
Bump vulners from 2.0.8 to 2.0.9 @dependabot (#7670)
chore(deps): update release-drafter/release-drafter action from v5.22.0 to v5.23.0 (.github/workflows/release-drafter.yml) @renovate (#7663)
Bump google-api-python-client from 2.78.0 to 2.79.0 @dependabot (#7669)
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.2 to v1.33.3 (helm/defectdojo/values.yaml) @renovate (#7675)
Bump boto3 from 1.26.74 to 1.26.77 @dependabot (#7681)
Bump coverage from 7.1.0 to 7.2.0 @dependabot (#7682)
Bump django-crispy-forms from 1.14.0 to 2.0 @dependabot (#7626)
Bump google-auth from 2.16.0 to 2.16.1 @dependabot (#7651)
Bump boto3 from 1.26.72 to 1.26.74 @dependabot (#7650)
Bump pygithub from 1.57 to 1.58.0 @dependabot (#7653)
Bump gitpython from 3.1.30 to 3.1.31 @dependabot (#7644)
chore(deps): update rabbitmq:3.11.9-alpine docker digest from 3.11.9 to 3.11.9-alpine (docker-compose.yml) @renovate (#7647)
chore(deps): update redis:7.0.8-alpine docker digest from 7.0.8 to 7.0.8-alpine (docker-compose.yml) @renovate (#7642)
Bump boto3 from 1.26.70 to 1.26.72 @dependabot (#7640)
Bump google-api-python-client from 2.77.0 to 2.78.0 @dependabot (#7633)
Update mysql:5.7.41 Docker digest from 5.7.41 to v (docker-compose.yml) @renovate (#7553)
Bump django from 4.1.5 to 4.1.7 @dependabot (#7637)
Update rabbitmq Docker tag from 3.11.8 to v3.11.9 (docker-compose.yml) @renovate (#7622)
Bump boto3 from 1.26.69 to 1.26.70 @dependabot (#7625)
Bump openpyxl from 3.1.0 to 3.1.1 @dependabot (#7627)
Bump boto3 from 1.26.68 to 1.26.69 @dependabot (#7610)
Bump asteval from 0.9.28 to 0.9.29 @dependabot (#7612)
Update postgres Docker tag from 15.1 to v15.2 (docker-compose.yml) @renovate (#7606)
Update postgres:15.1-alpine Docker digest from 15.1 to v (docker-compose.yml) @renovate (#7605)
Bump boto3 from 1.26.67 to 1.26.68 @dependabot (#7594)
Bump drf-yasg from 1.21.4 to 1.21.5 @dependabot (#7596)
Update redis:7.0.8-alpine Docker digest from 7.0.8 to 7.0.8-alpine (docker-compose.yml) @renovate (#7607)
Bump vulners from 2.0.6 to 2.0.8 @dependabot (#7578)
Update rabbitmq:3.11.8-alpine Docker digest from 3.11.8 to 3.11.8-alpine (docker-compose.yml) @renovate (#7572)
Bump cryptography from 39.0.0 to 39.0.1 @dependabot (#7576)
Bump fontawesomefree from 6.2.1 to 6.3.0 @dependabot (#7577)
Bump google-auth-oauthlib from 0.8.0 to 1.0.0 @dependabot (#7579)
Bump google-api-python-client from 2.76.0 to 2.77.0 @dependabot (#7580)
Bump boto3 from 1.26.65 to 1.26.67 @dependabot (#7588)
Bump redis from 4.4.2 to 4.5.1 @dependabot (#7587)
Bump boto3 from 1.26.64 to 1.26.65 @dependabot (#7571)

DefectDojo/django-DefectDojo 2.20.0 2.20.0 🌈 on GitHub