DefectDojo/django-DefectDojo 2.27.0

2.27.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.26.0

• Docs: Fix "data model" link in Features @kiblik (#8744)
• update parser template on awssecurityhub.md @paulOsinski (#8756)
• add parser formatting to bandit.md @paulOsinski (#8757)
• add parser documentation for burp scan & burp-enterprise @paulOsinski (#8764)
• Update govulncheck parser to new format @FelixHernandez (#8743)
• Temporarily pin versions of chrome and chrome webdriver @dwalleck (#8755)
• Temporarily pin the versions of chrome and chrome webdriver @dwalleck (#8752)
• [documentation] mark async-imports as experimental @paulOsinski (#8710)
• Excel Export throws 500 error code @FelixHernandez (#8735)
• advance harbor to show also CWE #8632 @manuel-sommer (#8634)
• add template to anchore_engine.md @paulOsinski (#8712)
• add filtering on product lifecycles @tomaszn (#8684)
• add parser template to anchore_grype.md @paulOsinski (#8718)
• setEnv: Fix symlink processing @kiblik (#8736)
• add parser documentation template to aws_prowler_v3.md @paulOsinski (#8729)
• Update Qualys CSV parser to include CVSSv3.1 data headers @FelixHernandez (#8702)
• Fix: Use default values for DD_DOCKERCOMPOSE_[BROKER|DATABASE] @kiblik (#8683)
• Optimize group list @shipko (#8554)
• Unittests: skip TestOptiEndpointStatus @kiblik (#8666)
• Kube-hunter Parser @a-ruff (#8593)
• Edit Endpoint page lag issue @FelixHernandez (#8686)
• Fix: anchorectl_policies crash when 'detail' is null @a-ruff (#8639)
• Fix: missing System_Settings raised error @kiblik (#8663)
• [ENHANCEMENT] AWS Security Hub parser: organize and extend test cases @tomaszn (#8628)
• Bump Django from 4.1.10 to 4.1.11 - CVE-2023-41164 @testaccount90009 (#8652)
• Veracode: Add additional severity mappings for other informational findings @Maffooch (#8653)
• Fix: if Development_Environment "Development" was removed @kiblik (#8644)
• Docker-compose: use variables for depends_on @kiblik (#8598)
• [bugfix] Update whispers parser references field type @adeptex (#8596)
• Fix System Settings Required Fields (Enable Jira Integration) @FelixHernandez (#8623)
• Catch malformed CVSSv3 bug in JFrog Xray API Summary parser @TheRealArlie (#8560)
• Advance ASFF report #8462 @manuel-sommer (#8588)
• advance_drheader_for_bulkimport #8573 @manuel-sommer (#8583)
• Enhance Trivy parser @FelixHernandez (#8607)

🚩 Changes to settings.dist.py / local_settings.py

• add mitigation to HASHCODE_ALLOWED_FIELDS to fix Harbor #8633 @manuel-sommer (#8701)

🚀 API features and enhancements

• SLAConfiguration: add DeletePreviewModelMixin @kiblik (#8695)
• Allow PUT in risk acceptance update @FelixHernandez (#8671)

🐛 Bug Fixes

• Correct product revenue value on the product details page @Maffooch (#8741)

🖌 Updates in UI

• Correct product revenue value on the product details page @Maffooch (#8741)
• Sanitization + Modernization: Findings, Groups, Notifications @Maffooch (#8728)
• Fix Ordering by business critically in products list @FelixHernandez (#8693)
• Fix Product Search to Filter When You Search "Product" @FelixHernandez (#8662)
• Bugfix Bulk edit drop-down @FelixHernandez (#8594)
• Finding: Add "last mentioned" and history of changes of finding @kiblik (#8562)

🧰 Maintenance

• Update postgres:16.0-alpine Docker digest from 16.0 to 16.0-alpine (docker-compose.yml) @renovate (#8767)
• Update postgres:16.0-alpine Docker digest from 16.0 to 16.0-alpine (docker-compose.yml) @renovate (#8766)
• Update redis:7.2.1-alpine Docker digest from 7.2.1 to 7.2.1-alpine (docker-compose.yml) @renovate (#8759)
• Update rabbitmq:3.12.6-alpine Docker digest from 3.12.6 to 3.12.6-alpine (docker-compose.yml) @renovate (#8760)
• Bump psycopg2-binary from 2.9.7 to 2.9.8 @dependabot (#8747)
• Bump django-imagekit from 4.1.0 to 5.0.0 @dependabot (#8748)
• Update dependency postcss from 8.4.30 to v8.4.31 (docs/package.json) @renovate (#8753)
• Bump boto3 from 1.28.55 to 1.28.57 @dependabot (#8754)
• Update postgres:16.0-alpine Docker digest from 16.0 to 16.0-alpine (docker-compose.yml) @renovate (#8758)
• Bump boto3 from 1.28.54 to 1.28.55 @dependabot (#8737)
• Bump boto3 from 1.28.53 to 1.28.54 @dependabot (#8733)
• Bump redis from 5.0.0 to 5.0.1 @dependabot (#8734)
• Bump drf-spectacular from 0.26.4 to 0.26.5 @dependabot (#8724)
• Update rabbitmq Docker tag from 3.12.5 to v3.12.6 (docker-compose.yml) @renovate (#8720)
• Bump boto3 from 1.28.52 to 1.28.53 @dependabot (#8722)
• Bump titlecase from 2.3 to 2.4.1 @dependabot (#8723)
• Bump cryptography from 41.0.3 to 41.0.4 @dependabot (#8714)
• Bump gitpython from 3.1.36 to 3.1.37 @dependabot (#8717)
• Update rabbitmq Docker tag from 3.12.4 to v3.12.5 (docker-compose.yml) @renovate (#8715)
• Update dependency autoprefixer from 10.4.15 to v10.4.16 (docs/package.json) @renovate (#8706)
• Bump boto3 from 1.28.51 to 1.28.52 @dependabot (#8709)
• Update rabbitmq:3.12.4-alpine Docker digest from 3.12.4 to 3.12.4-alpine (docker-compose.yml) @renovate (#8708)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.10 to v1.33.11 (helm/defectdojo/values.yaml) @renovate (#8692)
• Bump cryptography from 41.0.3 to 41.0.4 @dependabot (#8698)
• Bump boto3 from 1.28.50 to 1.28.51 @dependabot (#8700)
• Update rabbitmq:3.12.4-alpine Docker digest from 3.12.4 to 3.12.4-alpine (docker-compose.yml) @renovate (#8696)
• Bump sqlalchemy from 2.0.19 to 2.0.21 @dependabot (#8689)
• Update dependency postcss from 8.4.29 to v8.4.30 (docs/package.json) @renovate (#8685)
• Bump boto3 from 1.28.49 to 1.28.50 @dependabot (#8690)
• Bump pillow from 10.0.0 to 10.0.1 @dependabot (#8675)
• Bump debugpy from 1.7.0 to 1.8.0 @dependabot (#8661)
• Update postgres Docker tag from 15.4 to v16 (docker-compose.yml) @renovate (#8672)
• Bump openapitools/openapi-generator-cli from v7.0.0 to v7.0.1 @dependabot (#8677)
• Bump boto3 from 1.28.47 to 1.28.49 @dependabot (#8676)
• Bump django-filter from 23.2 to 23.3 @dependabot (#8678)
• Bump boto3 from 1.28.45 to 1.28.47 @dependabot (#8667)
• Bump vulners from 2.0.10 to 2.1.0 @dependabot (#8668)
• chore(deps): update manusa/actions-setup-minikube action from v2.7.2 to v2.9.0 (.github/workflows/k8s-tests.yml) @renovate (#8645)
• chore(deps): update docker/build-push-action action from v4 to v5 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#8646)
• chore(deps): update docker/login-action action from v2 to v3 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#8648)
• chore(deps): update docker/setup-buildx-action action from v2 to v3 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#8649)
• Bump gitpython from 3.1.34 to 3.1.36 @dependabot (#8650)
• Bump boto3 from 1.28.44 to 1.28.45 @dependabot (#8651)
• Bump gitpython from 3.1.34 to 3.1.35 @dependabot (#8641)
• Bump boto3 from 1.28.43 to 1.28.44 @dependabot (#8637)
• Bump debugpy from 1.6.7 to 1.7.0 @dependabot (#8631)
• chore(deps): update rabbitmq:3.12.4-alpine docker digest from 3.12.4 to 3.12.4-alpine (docker-compose.yml) @renovate (#8635)
• Bump boto3 from 1.28.42 to 1.28.43 @dependabot (#8629)
• chore(deps): update redis docker tag from 7.2.0 to v7.2.1 (docker-compose.yml) @renovate (#8624)
• Bump boto3 from 1.28.41 to 1.28.42 @dependabot (#8625)
• Bump pytz from 2023.3 to 2023.3.post1 @dependabot (#8608)
• chore(deps): update rabbitmq:3.12.4-alpine docker digest from 3.12.4 to 3.12.4-alpine (docker-compose.yml) @renovate (#8617)
• Bump boto3 from 1.28.40 to 1.28.41 @dependabot (#8618)
• Bump coverage from 7.3.0 to 7.3.1 @dependabot (#8619)
• Bump social-auth-app-django from 5.2.0 to 5.3.0 @dependabot (#8589)