DefectDojo/django-DefectDojo 2.23.0

2.23.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.22.0

• Fix AWS Security Hub parser to process AWS Inspector findings @manuel-sommer (#8135)
• Fix Detect Secrets parser when .baseline is not audited @adrianasantex (#8181)
• Use sets for required & allowed fields @p-l- (#8184)
• fix Sonarqube importer @quirinziessler (#8163)
• Update views.py to fix #7015 @devsecopsale (#8149)
• Add Permissions.Engagement_Add to API_Importer @kiblik (#8084)
• API parsers: Make errors in importers more verbose (add product name and id) @kiblik (#8166)
• Fix container name in DOCKER.md @andremralves (#8157)
• Fix/technical debt dojo finding @renejal (#8043)
• Update files with PEP8 standars in folder dojo/tools @ajtortolero (#8073)
• 🐛 fix untriaged severity in wazuh, #8124 @manuel-sommer (#8143)
• Release: Merge back 2.22.3 into dev from: master-into-dev/2.22.3-2.23.0-dev @github-actions (#8142)
• Release: Merge back 2.22.3 into dev from: master-into-bugfix/2.22.3-2.23.0-dev @github-actions (#8141)
• Release: Merge release into master from: release/2.22.3 @github-actions (#8140)
• Typo fix for running-in-production.md @ola-Dell (#8131)
• Add TAGS from SARIF rules and results to findings @rzandonai (#8108)
• Make PostgreSQL database the default for containerized deploys @Maffooch (#8119)
• Update upgrading.md to add steps to docker-compose to first pull the … @testaccount90009 (#8118)
• chore: allow specifying revision history limit for deployments @celonis-eg (#8094)
• Release: Merge back 2.22.2 into dev from: master-into-bugfix/2.22.2-2.23.0-dev @github-actions (#8110)
• Update All GitLab parsers to accomodate v15 Schema @Maffooch (#8097)
• Only alert on a JIRA error where the JIRA is active @coheigea (#8083)
• Fix bug with mitigated findings @coheigea (#8091)
• Remove MySQL incompatibility from benchmarks @Maffooch (#8080)
• Release: Merge back 2.22.1 into dev from: master-into-bugfix/2.22.1-2.23.0-dev @github-actions (#8071)
• [Github parser] Parse dependabot alert number and add link in description @Gby56 (#8050)
• SLA computation throws exception when a FindingGroup doesn't have a JIRA @coheigea (#8047)
• Release: Merge back 2.22.0 into dev from: master-into-dev/2.22.0-2.23.0-dev @github-actions (#8039)

💣 Breaking changes

• Merge Nessus and Nessus WAS into single Tenable parser @Maffooch (#8072)

🚩 Changes to settings.dist.py / local_settings.py

• Release: Merge release into master from: release/2.23.0 @github-actions (#8203)
• Add support to AWS Prowler V3 json format @anderson-slompo (#8028)
• nuclei parser and unittests improvements @kir-b (#8057)
• Fix password validators @kiblik (#8081)
• Add govulncheck parser and unittests @ECOMMPAY (#7237)
• Release: Merge back 2.22.0 into dev from: master-into-bugfix/2.22.0-2.23.0-dev @github-actions (#8040)

🚩 Database migration

• Release: Merge release into master from: release/2.23.0 @github-actions (#8203)
• Add planned_remediation_version and effort_for_fixing fields @ptrovatelli (#7850)
• Implement Tag Inheritance @Maffooch (#8089)
• Merge Nessus and Nessus WAS into single Tenable parser @Maffooch (#8072)
• Fix password validators @kiblik (#8081)
• Release: Merge back 2.22.0 into dev from: master-into-bugfix/2.22.0-2.23.0-dev @github-actions (#8040)

🚀 General features and enhancements

• Add planned_remediation_version and effort_for_fixing fields @ptrovatelli (#7850)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.23.0 @github-actions (#8203)
• Implement Tag Inheritance @Maffooch (#8089)

🐛 Bug Fixes

• Unify push to jira logic for finding/groups review/open/close @Maffooch (#8162)
• Make requests of a peer review available to those with read access @Maffooch (#8158)
• Update rate limiting on the login page to only block on unsafe requests @Maffooch (#8156)
• Add support for Jira auto sync when opening and closing findings @Maffooch (#8153)
• Add the "api-token-auth" endpoint back into the swagger spec @Maffooch (#8126)
• Fix helm certificate mounts @dsever (#8085)

🖌 Updates in UI

• Release: Merge release into master from: release/2.23.0 @github-actions (#8203)
• Release: Merge back 2.22.4 into dev from: master-into-dev/2.22.4-2.23.0-dev @github-actions (#8176)
• Release: Merge release into master from: release/2.22.4 @github-actions (#8175)
• Add planned_remediation_version and effort_for_fixing fields @ptrovatelli (#7850)
• Make requests of a peer review available to those with read access @Maffooch (#8158)
• Release: Merge back 2.22.2 into dev from: master-into-dev/2.22.2-2.23.0-dev @github-actions (#8109)
• Release: Merge release into master from: release/2.22.2 @github-actions (#8107)
• Replace incorrect link in slack alert for product deletion + add product to SLA breach alert @coheigea (#8042)
• Release: Merge back 2.22.1 into dev from: master-into-dev/2.22.1-2.23.0-dev @github-actions (#8070)
• Release: Merge release into master from: release/2.22.1 @github-actions (#8069)
• Optimized calling popover plugin @shipko (#8025)

🗣 Updates in localization

• Release: Merge release into master from: release/2.23.0 @github-actions (#8203)
• Add planned_remediation_version and effort_for_fixing fields @ptrovatelli (#7850)

🧰 Maintenance

• Bump jira from 3.5.0 to 3.5.1 @dependabot (#8190)
• Bump boto3 from 1.26.143 to 1.26.144 @dependabot (#8191)
• Bump cryptography from 41.0.0 to 41.0.1 @dependabot (#8192)
• Bump nginx from 1.23.4-alpine to 1.25.0-alpine @dependabot (#8171)
• Bump boto3 from 1.26.142 to 1.26.143 @dependabot (#8186)
• Bump cryptography from 40.0.2 to 41.0.0 @dependabot (#8187)
• chore(deps): update rabbitmq docker tag from 3.11.16 to v3.11.17 (docker-compose.yml) @renovate (#8183)
• Update dependency postcss from 8.4.23 to v8.4.24 (docs/package.json) @renovate (#8167)
• Bump boto3 from 1.26.141 to 1.26.142 @dependabot (#8170)
• Bump vcrpy from 4.3.0 to 4.3.1 @dependabot (#8172)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8173)
• Bump django-auditlog from 2.2.2 to 2.3.0 @dependabot (#8174)
• Bump coverage from 7.2.6 to 7.2.7 @dependabot (#8179)
• Bump djangosaml2 from 1.5.7 to 1.5.8 @dependabot (#8180)
• Bump boto3 from 1.26.140 to 1.26.141 @dependabot (#8164)
• Bump vcrpy from 4.2.1 to 4.3.0 @dependabot (#8161)
• Bump boto3 from 1.26.139 to 1.26.140 @dependabot (#8160)
• Bump coverage from 7.2.5 to 7.2.6 @dependabot (#8152)
• Bump boto3 from 1.26.138 to 1.26.139 @dependabot (#8151)
• Bump requests from 2.29.0 to 2.31.0 @dependabot (#8145)
• Bump boto3 from 1.26.137 to 1.26.138 @dependabot (#8146)
• Bump boto3 from 1.26.136 to 1.26.137 @dependabot (#8137)
• chore(deps): update busybox docker tag from 1.36.0 to v1.36.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#8134)
• Bump vulners from 2.0.9 to 2.0.10 @dependabot (#8122)
• Bump boto3 from 1.26.135 to 1.26.136 @dependabot (#8129)
• Bump boto3 from 1.26.134 to 1.26.135 @dependabot (#8121)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.33.6 to v1.33.7 (helm/defectdojo/values.yaml) @renovate (#8117)
• chore(deps): update redis:7.0.11-alpine docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8112)
• chore(deps): update rabbitmq docker tag from 3.11.15 to v3.11.16 (docker-compose.yml) @renovate (#8113)
• Bump boto3 from 1.26.133 to 1.26.134 @dependabot (#8114)
• Bump django-debug-toolbar from 4.0.0 to 4.1.0 @dependabot (#8115)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8104)
• Update postgres Docker tag from 15.2 to v15.3 (docker-compose.yml) @renovate (#8099)
• Bump jquery from 3.6.4 to 3.7.0 in /components @dependabot (#8102)
• Bump boto3 from 1.26.132 to 1.26.133 @dependabot (#8101)
• Update postgres:15.2-alpine Docker digest from 15.2 to v (docker-compose.yml) @renovate (#8098)
• Bump django from 4.1.7 to 4.1.9 @dependabot (#8082)
• Bump pyjwt from 2.6.0 to 2.7.0 @dependabot (#8087)
• Bump boto3 from 1.26.130 to 1.26.132 @dependabot (#8092)
• Bump django-celery-results from 2.5.0 to 2.5.1 @dependabot (#8075)
• Bump pygithub from 1.58.1 to 1.58.2 @dependabot (#8076)
• Bump boto3 from 1.26.129 to 1.26.130 @dependabot (#8077)
• Bump nginx from dd2a917 to 02ffd43 @dependabot (#8066)
• Bump redis from 4.5.4 to 4.5.5 @dependabot (#8068)
• Bump djangosaml2 from 1.5.6 to 1.5.7 @dependabot (#8064)
• Bump boto3 from 1.26.127 to 1.26.129 @dependabot (#8065)
• Bump python from 0ba61d0 to 9efc6e1 @dependabot (#8067)
• Bump requests from 2.29.0 to 2.30.0 @dependabot (#8059)
• Bump boto3 from 1.26.126 to 1.26.127 @dependabot (#8058)
• Bump boto3 from 1.26.125 to 1.26.126 @dependabot (#8055)
• Update rabbitmq:3.11.15-alpine Docker digest from 3.11.15 to 3.11.15-alpine (docker-compose.yml) @renovate (#8051)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8052)
• Update rabbitmq Docker tag from 3.11.14 to v3.11.15 (docker-compose.yml) @renovate (#8044)
• Bump boto3 from 1.26.124 to 1.26.125 @dependabot (#8049)
• Bump django-prometheus from 2.2.0 to 2.3.1 @dependabot (#8048)
• Update rabbitmq:3.11.14-alpine Docker digest from 3.11.14 to 3.11.14-alpine (docker-compose.yml) @renovate (#8029)
• Bump boto3 from 1.26.123 to 1.26.124 @dependabot (#8041)
• Bump boto3 from 1.26.122 to 1.26.123 @dependabot (#8030)
• Bump coverage from 7.2.4 to 7.2.5 @dependabot (#8032)
• Bump django-test-migrations from 1.2.0 to 1.3.0 @dependabot (#8033)
• Bump django-filter from 23.1 to 23.2 @dependabot (#8034)