DefectDojo/django-DefectDojo 2.25.0

2.25.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.24.0

• Fixing some minor typos @cneill (#8472)
• Revert "Bump debugpy from 1.6.7 to 1.6.8" @Maffooch (#8478)
• OpenAPI validator: Fetch binary from the official docker image @kiblik (#8431)
• Fix invalid OpenAPI schema + Add integration test @kiblik (#8253)
• Update DOCKER.md - Correct docker compose versions - bug from 2.19.0 … @testaccount90009 (#8427)
• helm: Add extraVolumes for initializer job @al-cheb (#8364)
• Add JSON Ingestion to Veracode Parser @Maffooch (#8414)
• fix: Sonarqube re-upload #8379 @quirinziessler (#8383)
• Update files with PEP8 standards in folder dojo/tools #1 @ajtortolero (#8282)
• Update files with PEP8 standards in folder dojo/tools #2 @ajtortolero (#8301)
• Update chromedriver fetching mechanism @Maffooch (#8403)
• Doc: API parsers: Replace copy-pasted value @kiblik (#8389)
• Update files with PEP8 standards in folder dojo/tools #3 @ajtortolero (#8302)
• Update files with PEP8 standards in folder dojo/tools #6 @ajtortolero (#8319)
• Update DOCKER.md "run with docker compose using https" @testaccount90009 (#8361)
• Fix: HTTP->HTTPS redirect path @kiblik (#8358)
• Verified defaults to true when adding a Finding from web UI @Juu (#8363)
• Extract vulnerability type for Qualys scan import @nv-pipo (#8330)
• Update files with PEP8 standards in folder dojo/tools #5 @ajtortolero (#8305)
• Update files with PEP8 standards in folder dojo/tools #4 @ajtortolero (#8304)
• Fix: STATICFILES_DIRS warning @kiblik (#8252)

💣 Breaking changes

• Update naming convention for product tags in related objects @Maffooch (#8350)

🚩 Changes to settings.dist.py / local_settings.py

• Update Nessus references to Tenable @Maffooch (#8449)

🚀 API features and enhancements

• Add Reporter field to Finding PATCH/PUT @Maffooch (#8426)
• Update files with PEP8 standards in folder dojo #2 @ajtortolero (#8321)

🐛 Bug Fixes

• Update Nessus references to Tenable @Maffooch (#8449)
• Add more SLA related fields to excel/csv reports @Maffooch (#8439)
• Correct exception of editing finding with multiple req/resp pairs @Maffooch (#8438)
• Add signal to update Finding found_by column @Maffooch (#8351)
• Dependency Track: Add CVSS Score @Maffooch (#8357)
• Fix issue of not being able to create request/response pair if finding is created from API @Maffooch (#8352)
• Update naming convention for product tags in related objects @Maffooch (#8350)
• Fix finding/test engagement tag API filter @Maffooch (#8349)

🖌 Updates in UI

• Merge Bugfix -> Dev (2.25.0) @Maffooch (#8479)
• Deprecation: OpenAPI 2.0 Documentation page @Maffooch (#8473)
• Fixed side navbar cutoff issue @blakeaowens (#8386)

🧰 Maintenance

• Deprecation: OpenAPI 2.0 Documentation page @Maffooch (#8473)
• Bump boto3 from 1.28.16 to 1.28.18 @dependabot (#8465)
• Bump debugpy from 1.6.7 to 1.6.8 @dependabot (#8466)
• Bump fontawesomefree from 6.4.0 to 6.4.2 @dependabot (#8467)
• Update rabbitmq:3.12.2-alpine Docker digest from 3.12.2 to 3.12.2-alpine (docker-compose.yml) @renovate (#8463)
• Bump boto3 from 1.28.15 to 1.28.16 @dependabot (#8455)
• Update rabbitmq:3.12.2-alpine Docker digest from 3.12.2 to 3.12.2-alpine (docker-compose.yml) @renovate (#8451)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8444)
• Bump boto3 from 1.28.14 to 1.28.15 @dependabot (#8442)
• Bump vcrpy from 5.0.0 to 5.1.0 @dependabot (#8443)
• Bump uwsgi from 2.0.21 to 2.0.22 @dependabot (#8437)
• Bump boto3 from 1.28.12 to 1.28.14 @dependabot (#8436)
• Bump boto3 from 1.28.11 to 1.28.12 @dependabot (#8433)
• Bump markdown from 3.4.3 to 3.4.4 @dependabot (#8428)
• Bump packageurl-python from 0.11.1 to 0.11.2 @dependabot (#8429)
• Bump boto3 from 1.28.10 to 1.28.11 @dependabot (#8430)
• Bump django-ratelimit from 4.0.0 to 4.1.0 @dependabot (#8425)
• chore(deps): update mysql:5.7.42 docker digest from 5.7.42 to v (docker-compose.yml) @renovate (#8421)
• Bump boto3 from 1.28.8 to 1.28.10 @dependabot (#8424)
• Bump drf-spectacular from 0.26.3 to 0.26.4 @dependabot (#8416)
• chore(deps): update dependency postcss from 8.4.26 to v8.4.27 (docs/package.json) @renovate (#8413)
• Bump boto3 from 1.28.7 to 1.28.8 @dependabot (#8411)
• Bump word-wrap from 1.2.3 to 1.2.4 in /components @dependabot (#8397)
• Bump boto3 from 1.28.6 to 1.28.7 @dependabot (#8409)
• Bump pyjwt from 2.7.0 to 2.8.0 @dependabot (#8402)
• Bump boto3 from 1.28.4 to 1.28.6 @dependabot (#8404)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.8 to v1.33.9 (helm/defectdojo/values.yaml) @renovate (#8395)
• Update rabbitmq Docker tag from 3.12.1 to v3.12.2 (docker-compose.yml) @renovate (#8396)
• Bump gunicorn from 21.0.1 to 21.2.0 @dependabot (#8401)
• Bump cryptography from 41.0.1 to 41.0.2 @dependabot (#8384)
• Bump gunicorn from 20.1.0 to 21.0.1 @dependabot (#8391)
• Bump boto3 from 1.28.3 to 1.28.4 @dependabot (#8392)
• Bump sqlalchemy from 2.0.18 to 2.0.19 @dependabot (#8388)
• Bump asteval from 0.9.30 to 0.9.31 @dependabot (#8387)
• Bump boto3 from 1.28.1 to 1.28.3 @dependabot (#8381)
• Update redis Docker tag from 7.0.11 to v7.0.12 (docker-compose.yml) @renovate (#8371)
• Bump gitpython from 3.1.31 to 3.1.32 @dependabot (#8372)
• Bump cryptography from 41.0.1 to 41.0.2 @dependabot (#8373)
• Update dependency postcss from 8.4.25 to v8.4.26 (docs/package.json) @renovate (#8377)
• Bump boto3 from 1.28.0 to 1.28.1 @dependabot (#8366)
• Bump python from 9efc6e1 to 9efc6e1 @dependabot (#8367)
• Bump sqlalchemy from 2.0.17 to 2.0.18 @dependabot (#8355)
• Bump boto3 from 1.27.0 to 1.28.0 @dependabot (#8362)
• chore(deps): update dependency postcss from 8.4.24 to v8.4.25 (docs/package.json) @renovate (#8356)
• Bump django from 4.1.9 to 4.1.10 @dependabot (#8353)
• Bump lxml from 4.9.2 to 4.9.3 @dependabot (#8348)
• Bump pillow from 9.5.0 to 10.0.0 @dependabot (#8335)
• Bump boto3 from 1.26.165 to 1.27.0 @dependabot (#8342)
• Bump djangosaml2 from 1.6.0 to 1.7.0 @dependabot (#8343)
• Bump boto3 from 1.26.159 to 1.26.165 @dependabot (#8336)
• Bump humanize from 4.6.0 to 4.7.0 @dependabot (#8324)
• Bump vcrpy from 4.3.1 to 5.0.0 @dependabot (#8316)
• chore(deps): update release-drafter/release-drafter action from v5.23.0 to v5.24.0 (.github/workflows/release-drafter.yml) @renovate (#8322)
• Bump jira from 3.5.1 to 3.5.2 @dependabot (#8329)
• chore(deps): update rabbitmq docker tag from 3.12.0 to v3.12.1 (docker-compose.yml) @renovate (#8331)