🚩 Security
This is a security release addressing security advisory: GHSA-qm5q-2jrx-cch3
Changes since 2.2.0
- Release/2.3.0 @Maffooch (#5222)
- gha: add pr labeler @valentijnscholten (#5199)
- gha: add PR labeler @valentijnscholten (#5198)
- Disable integration tests for export of findings @StefanFl (#5180)
- Simplify my name/links in README.md @valentijnscholten (#5172)
- Fix links in installation.md to point to existing files in dev @savek-cc (#5174)
- fix/add missing/disabled integration tests @valentijnscholten (#5159)
- release cadence update @valentijnscholten (#5168)
- merge master into dev @valentijnscholten (#5169)
- Helm - Add DD_DATABASE_NAME env @zapililirad (#5109)
- WIP - readme cleanup @devGregA (#5130)
- calendar: fix to work with bootstrap-chosen @valentijnscholten (#5094)
- Change secrets severity in detect-secrets parser @syn-4ck (#5098)
- Change Dependency Check parser to make "Location" field more informative @W0uldYk1ndlY (#4910)
- Update dropdown menu of Tool Type page @ericcornelissen (#5089)
- Checkmarx: Do not hardcode Active and Verified finding attributes @ssiriz (#4812)
- Improve bug report template @valentijnscholten (#5066)
- Release: Merge back 2.2.1 into dev from: master-into-dev/2.2.1-2.3.0-dev @github-actions (#5063)
- Release: Merge release into master from: release/2.2.1 @github-actions (#5060)
- Release: Merge back 2.2.0 into dev from: master-into-dev/2.2.0-2.3.0-dev @github-actions (#5015)
🚩 Requires settings changes, database migration, hash code recomputation
- Switch Finding.publish_date to Date type (DateField) @damiencarol (#5076)
- SQ: Fix broken migration 0120 @kiblik (#5127)
- Bandit parser: add de-duplication algorithm @damiencarol (#5206)
- Set Argon2 as default password hasher @valentijnscholten (#5205)
- Import SonarQube security hotspots @jimtsikos (#4107)
- Custom Test_Type for parsers (modify "Found by" dynamicaly) @damiencarol (#5121)
- Add Cobalt.io API parser/importer @ericcornelissen (#4962)
- safety-parser: configurable offline mode @alles-klar (#5030)
🚀 New importers
- Yet another parser: Azure Security Center @StefanFl (#5182)
- Add Cobalt.io API parser/importer @ericcornelissen (#4962)
🚀 General features and enhancements
- Optimize view finding @StefanFl (#5187)
- Set Argon2 as default password hasher @valentijnscholten (#5205)
- Use additional test types for GitLab SAST @StefanFl (#5203)
- Import SonarQube security hotspots @jimtsikos (#4107)
- Rename Azure Security Center parser @StefanFl (#5189)
- Custom Test_Type for parsers (modify "Found by" dynamicaly) @damiencarol (#5121)
- Export findings to CSV and Excel @StefanFl (#5148)
- Enhancements for KICS scans @StefanFl (#5131)
- SARIF parser: Fix severity in rule and take into account the kind attribute @StefanFl (#5125)
- Improve detect-secrets parser @syn-4ck (#5092)
- Added ability to use business days or calendar days @Hijerboa (#4260)
- SARIF parser - add more information to findings @StefanFl (#5071)
- Changed Dropdown Button Color to White @blakeaowens (#5074)
- SonarQube: use severity from issue instead of rule @zeeshan811 (#4934)
- Add a deduplication configuration for Aquasecurity's Cloudsploit @axelpavageau (#5035)
- Add support for dynamic test import for Veracode @jpbowie (#5032)
- safety-parser: configurable offline mode @alles-klar (#5030)
- Better support SARIF ruleId attribute @damiencarol (#5025)
- make notifications async again @valentijnscholten (#4994)
🐛 Bug Fixes
- SQ: Fix broken migration 0120 @kiblik (#5127)
- Use django-filter for quick reports and CSV and Excel reports @StefanFl (#5170)
- Fix BulkEdit severity dropdown after #4766 @Maffooch (#5207)
- SonarQube API Import: set dedup algo @kiblik (#5194)
- fix import for SonarQube findings without 'htmlDesc' @ikrenyi1 (#5123)
- Fix integration test for export of findings @StefanFl (#5177)
- Fix merge of findings - incomplete fix introduced in #5064 @cw-acroteau (#5144)
- Make integration test for exports more resilient @StefanFl (#5156)
- Fix Harbor parser @StefanFl (#5140)
- SARIF parser: Fix severity in rule and take into account the kind attribute @StefanFl (#5125)
- Fix deduplication config check @StefanFl (#5113)
- Fix Bundler Audit for version 0.9.x.x and unittests maintenance @damiencarol (#5111)
- View engagement: fix sonarqubce config error @valentijnscholten (#5110)
- Repair stub findings @StefanFl (#5108)
- Check deduplication config on startup @jhewi (#4963)
- fix incorrect encoding of urls in finding list headings @valentijnscholten (#5072)
- fix: support Aquasecurity's cloudsploit "region" as list @axelpavageau (#5055)
- fix error on merging findings due to django3 changes @37b (#5064)
- Endpoint: Fix host validation @kiblik (#5049)
📝 Documentation updates
- Use https as submodule url of google/docsy.git @MichaelGissingNC (#5192)
- Fixes build statuses, corrects image pointers, and ... @devGregA (#5133)
- Documentation update for settings and reports @StefanFl (#5122)
- docs: add MyISAM requirement @valentijnscholten (#5093)
🧰 Maintenance
- Switch Finding.publish_date to Date type (DateField) @damiencarol (#5076)
- Add customizable header and footer logo @Maffooch (#5216)
- Bandit parser: add de-duplication algorithm @damiencarol (#5206)
- Update rabbitmq:3.9.7 Docker digest from 3.9.7 to 3.9.7 (docker-compose.yml) @renovate (#5201)
- Bump cryptography from 3.4.8 to 35.0.0 @dependabot (#5196)
- Bump google-auth from 2.1.0 to 2.2.1 @dependabot (#5185)
- Bump djangosaml2 from 1.3.3 to 1.3.4 @dependabot (#5184)
- Update dependency postcss-cli from 9.0.0 to v9.0.1 (docs/package.json) @renovate (#5175)
- Bump google-api-python-client from 2.22.0 to 2.23.0 @dependabot (#5186)
- Bump django-crispy-forms from 1.12.0 to 1.13.0 @dependabot (#5160)
- Bump datatables.net from 1.11.2 to 1.11.3 in /components @dependabot (#5162)
- Bump datatables.net-buttons-dt from 2.0.0 to 2.0.1 in /components @dependabot (#5165)
- Bump django-filter from 2.4.0 to 21.1 @dependabot (#5161)
- Bump datatables.net-dt from 1.11.2 to 1.11.3 in /components @dependabot (#5163)
- Bump datatables.net-buttons-bs from 2.0.0 to 2.0.1 in /components @dependabot (#5164)
- Update dependency autoprefixer from 10.3.5 to v10.3.6 (docs/package.json) @renovate (#5157)
- Update dependency postcss from 8.3.7 to v8.3.8 (docs/package.json) @renovate (#5153)
- Update rabbitmq Docker tag from 3.9.5 to v3.9.7 (docker-compose.yml) @renovate (#5152)
- Update actions/github-script action from v4 to v5 (.github/workflows/new-release-pr.yml) @renovate (#5149)
- Update dependency postcss-cli from 8.3.1 to v9 (docs/package.json) @renovate (#5150)
- Bump openpyxl from 3.0.7 to 3.0.9 @dependabot (#5145)
- Bump sqlalchemy from 1.4.23 to 1.4.25 @dependabot (#5146)
- Bump urllib3 from 1.26.6 to 1.26.7 @dependabot (#5147)
- Add unit tests for Dawnscanner @damiencarol (#5143)
- Update dependency autoprefixer from 10.3.4 to v10.3.5 (docs/package.json) @renovate (#5135)
- Update dependency postcss from 8.3.6 to v8.3.7 (docs/package.json) @renovate (#5136)
- Bump google-api-python-client from 2.21.0 to 2.22.0 @dependabot (#5138)
- Bump drf-spectacular from 0.18.2 to 0.19.0 @dependabot (#5139)
- Bump gitpython from 3.1.23 to 3.1.24 @dependabot (#5124)
- ZAP parser maintenance @damiencarol (#5099)
- Make scan type list rely on Dynamic parser infra. @damiencarol (#5084)
- Bump google-auth from 2.0.2 to 2.1.0 @dependabot (#5104)
- Bump google-api-python-client from 2.20.0 to 2.21.0 @dependabot (#5105)
- Bump numpy from 1.19.5 to 1.21.2 @dependabot (#5097)
- UI improvements @StefanFl (#5090)
- Bump openpyxl from 3.0.7 to 3.0.8 @dependabot (#5086)
- Bump django-environ from 0.6.0 to 0.7.0 @dependabot (#5087)
- Bump nginx from 1.21.1-alpine to 1.21.3-alpine @dependabot (#5088)
- Bump django-tagulous from 1.2.1 to 1.3.0 @dependabot (#5050)
- Bump gitpython from 3.1.18 to 3.1.23 @dependabot (#5077)
- Update stefanzweifel/git-auto-commit-action action from v4.11.0 to v4.12.0 (.github/workflows/plantuml.yml) @renovate (#5081)
- Bump debugpy from 1.4.1 to 1.4.3 @dependabot (#5078)
- Fix errors with Spotbugs 4.4.x @damiencarol (#5068)
- Bump google-api-python-client from 2.19.1 to 2.20.0 @dependabot (#5067)
- Bump datatables.net from 1.11.1 to 1.11.2 in /components @dependabot (#5057)
- Update mysql:5.7.35 Docker digest from 5.7.35 to v5.7.35 (docker-compose.yml) @renovate (#5061)
- Update dependency autoprefixer from 10.3.3 to v10.3.4 (docs/package.json) @renovate (#5062)
- Bump datatables.net-dt from 1.11.1 to 1.11.2 in /components @dependabot (#5056)
- Bump datatables.net-buttons-bs from 1.7.1 to 2.0.0 in /components @dependabot (#4987)
- Support Docker Compose V2 @StefanFl (#5047)
- fix(rest-api): fix some warnings from drf @alles-klar (#5031)
- Bump datatables.net from 1.10.25 to 1.11.1 in /components @dependabot (#5041)
- Bump google-api-python-client from 2.19.0 to 2.19.1 @dependabot (#5029)
- Bump drf-spectacular from 0.18.1 to 0.18.2 @dependabot (#5039)
- Bump django-environ from 0.5.0 to 0.6.0 @dependabot (#5040)
- Bump datatables.net-dt from 1.10.25 to 1.11.1 in /components @dependabot (#5042)
- Bump python from 3.8.11-slim-buster to 3.8.12-slim-buster @dependabot (#5043)
- Bump pillow from 8.3.1 to 8.3.2 @dependabot (#5034)
- Bump google-auth-oauthlib from 0.4.5 to 0.4.6 @dependabot (#5023)
- Bump django-tagulous from 1.2.0 to 1.2.1 @dependabot (#5022)
- Bump google-auth from 2.0.1 to 2.0.2 @dependabot (#5024)
- fix javascript regex error detection @valentijnscholten (#5038)
- Bump datatables.net-buttons-dt from 1.7.1 to 2.0.0 in /components @dependabot (#4988)
- Bump drf-spectacular from 0.17.3 to 0.18.1 @dependabot (#5009)
- Bump django-environ from 0.4.5 to 0.5.0 @dependabot (#5007)
- Bump google-api-python-client from 2.18.0 to 2.19.0 @dependabot (#5008)
- Update rabbitmq:3.9.5 Docker digest from 3.9.5 to 3.9.5 (docker-compose.yml) @renovate (#5005)