DefectDojo/django-DefectDojo 2.24.0

2.24.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.23.0

• Password validators: Fix validators, add tests @kiblik (#8314)
• Disable NGINX leaking its version if TLS is not terminated on NGINX @fhoeborn (#8325)
• sla_deadline doesn't work with mitigated findings @coheigea (#8279)
• fix: dont create sast object when nothing given @gotbadger (#8287)
• Docs: Fix link to key management @krizon (#8306)
• Fix DeprecationWarning and some "noqa W605" @kiblik (#8295)
• Api Bugcrowd: Fix handling of invalid endpoint @kiblik (#8289)
• fix drheader parser #8281 @manuel-sommer (#8283)
• fix fatal error in testssl result #8269 @manuel-sommer (#8270)
• Fixing type-error in Finding._age @coheigea (#8249)
• Fix BurpRawRequestResponse reference before assignment error @missy-tester (#8244)
• Replace HttpResponseForbidden with PermissionDenied @Maffooch (#8248)
• Fixing error in importer if active is not specified @coheigea (#8235)
• bugfix - Close Old Findings will close all findings even when all findings are present in current import @sarahgibs (#8198)
• Dependency Check parser mark suppressed findings as mitigated @AndreVirtimo (#8218)
• Checkmarx: Add safeguards for "null" values in result types @Maffooch (#8221)
• Pin version of selenium to maintain test coverage @Maffooch (#8223)
• Azure Group Mapping: Make group mapping less atomic @Maffooch (#8207)
• Docs: Fix typo about API parsers @kiblik (#8213)
• Enhancement - Add tags to Jira tickets for finding groups @schuman0 (#7906)

🚩 Changes to settings.dist.py / local_settings.py

• Make SameSite attribute configurable for Session / CSRF Cookie @fhoeborn (#8300)
• Update banner checks @Maffooch (#8220)
• fix - Dependency Check deduplication #8228 @quirinziessler (#8229)
• Popeye Scanner Parser addition. @veneber (#7907)

🚩 Database migration

• Revamp of the false positive history feature @adiffpirate (#8125)

🐛 Bug Fixes

• Fix occurrence where product exists, but cannot be found @Maffooch (#8318)
• SARIF: Add some extra logic around codeFlows @Maffooch (#8263)
• Tenable: Further safeguarding, hardening, and conversions @Maffooch (#8256)
• Request Review improvements @Maffooch (#8261)
• Update banner checks @Maffooch (#8220)
• Tenable parser cleanups and improvements @Maffooch (#8233)
• Set Engagement status created from auto_create_context @Maffooch (#8225)

🖌 Updates in UI

• Add the ability to bulk change finding dates in the test view @coheigea (#8185)
• Bulk edit rework @Sh1nZ0u (#7999)

🧰 Maintenance

• Bump sqlalchemy from 2.0.16 to 2.0.17 @dependabot (#8308)
• Bump redis from 4.5.5 to 4.6.0 @dependabot (#8309)
• Bump boto3 from 1.26.158 to 1.26.159 @dependabot (#8297)
• Bump drf-spectacular from 0.26.2 to 0.26.3 @dependabot (#8298)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8291)
• Bump boto3 from 1.26.157 to 1.26.158 @dependabot (#8292)
• Bump boto3 from 1.26.155 to 1.26.157 @dependabot (#8290)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.7 to v1.33.8 (helm/defectdojo/values.yaml) @renovate (#8288)
• Bump djangosaml2 from 1.5.8 to 1.6.0 @dependabot (#8286)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8272)
• Bump asteval from 0.9.29 to 0.9.30 @dependabot (#8274)
• Bump boto3 from 1.26.154 to 1.26.155 @dependabot (#8271)
• Bump nginx from 1.25.0-alpine to 1.25.1-alpine @dependabot (#8273)
• Bump celery from 5.3.0 to 5.3.1 @dependabot (#8275)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8267)
• Bump boto3 from 1.26.153 to 1.26.154 @dependabot (#8266)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8262)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8258)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8257)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8259)
• Update mysql:5.7.42 Docker digest from 5.7.42 to v (docker-compose.yml) @renovate (#8250)
• Bump boto3 from 1.26.152 to 1.26.153 @dependabot (#8251)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8254)
• Update redis:7.0.11-alpine Docker digest from 7.0.11 to 7.0.11-alpine (docker-compose.yml) @renovate (#8255)
• Bump boto3 from 1.26.151 to 1.26.152 @dependabot (#8245)
• Bump boto3 from 1.26.150 to 1.26.151 @dependabot (#8237)
• Bump sqlalchemy from 1.4.46 to 2.0.16 @dependabot (#8236)
• Bump boto3 from 1.26.149 to 1.26.150 @dependabot (#8231)
• Bump python-gitlab from 3.14.0 to 3.15.0 @dependabot (#8230)
• Update rabbitmq:3.12.0-alpine Docker digest from 3.12.0 to 3.12.0-alpine (docker-compose.yml) @renovate (#8216)
• Bump boto3 from 1.26.148 to 1.26.149 @dependabot (#8219)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8224)
• Bump boto3 from 1.26.146 to 1.26.148 @dependabot (#8211)
• Bump django-extensions from 3.2.1 to 3.2.3 @dependabot (#8209)
• Bump celery from 5.2.7 to 5.3.0 @dependabot (#8208)
• Update postgres:15.3-alpine Docker digest from 15.3 to 15.3-alpine (docker-compose.yml) @renovate (#8132)
• Bump boto3 from 1.26.144 to 1.26.146 @dependabot (#8202)
• Update rabbitmq Docker tag from 3.11.17 to v3.12.0 (docker-compose.yml) @renovate (#8199)