DefectDojo/django-DefectDojo 2.32.0

2.32.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.31.0

• Upgrade drf-spectacular-sidecar to 2024.3.4 @kiblik (#9670)
• resolve doing, remove dead code @manuel-sommer (#9577)
• 🔨 restructure clair parser @manuel-sommer (#9660)
• 🔨 restructure openvas parser @manuel-sommer (#9658)
• Fix github parser issue 9582 @manuel-sommer (#9583)
• Bundler Audit Parser - Support for GHSA-Only Findings @rh0dy (#9649)
• StringAgg: use default Value('') @kiblik (#9661)
• Upgrade Notes: Move breaking helm change notice from 2.13.x -> 2.12.x @manuel-sommer (#9637)
• Anchore Grype: Default to Info severity if missing in report @manuel-sommer (#9620)
• resolve npm audit unittest doing @manuel-sommer (#9572)
• Extend APIv2 Findings endpoint and UI filters to accept new date filters @FelixHernandez (#9642)
• advance mobsf to also parse exisiting unittestfile @manuel-sommer (#9563)
• Qualys: Correct CVE assignment @Maffooch (#9653)
• ASFF Parser: Respect active status based on RecordState field @manuel-sommer (#9567)
• Add integration tests script @Maffooch (#9136)
• ✨ Fortify: Support .fpr format @manuel-sommer (#9590)
• Format cyclonedx_cwe.json unit test for legibility @paulOsinski (#9595)
• 🎉 Snyk epss update @quirinziessler (#9601)
• Revert psqlha version from v13 to v9 @Maffooch (#9630)
• Extend npm_audit.md with unsupported v7 notice @paulOsinski (#9593)
• ✨ AWS Security Hub: Add GuardDuty @manuel-sommer (#9524)
• Labeler: Add sync-labels @kiblik (#9565)
• ✨ Documentation for managing files @manuel-sommer (#9557)
• 🐛 fix nessus severity @manuel-sommer (#9549)
• Fix engagement/view if import fail @kiblik (#9544)
• 🎉 Importing EPSS score from AWS Inspector via AWS SecHub @quirinziessler (#9529)
• fix clair docs according to PR #9355 @manuel-sommer (#9523)
• 🎉 importing epss score from DependencyTrack output @quirinziessler (#9521)
• Remove handling of broken unittests @kiblik (#9504)
• ✨ add burp dastardly @manuel-sommer (#9514)
• Remove useless noqa, be more specific for usefull noqa @kiblik (#9510)
• 🐛 WFuzz: Generalize severity mapping @manuel-sommer (#9505)
• Update google-sheets-sync.md with deprecation notice @paulOsinski (#9495)
• Use full url for helm-repos and add alias in renovate.json @rndmh3ro (#9525)
• Modifying Bugcrowd API Parser to align to vendor documentation on wha… @grendel513 (#9517)
• Fix SARIF parser with CodeQL rules @ansereb (#9440)
• Parse GitHub vulnerability version @coheigea (#9462)
• 🐛 Yarn Audit: Add CI importer support @manuel-sommer (#9478)
• 🐛 Trufflehog3: Remove null characters @manuel-sommer (#9470)
• 🐛 WFuzz: Add additional severity mappings @manuel-sommer (#9486)
• fix typo in docs @manuel-sommer (#9487)
• Optimize list of Maintenance in relase notes @kiblik (#9492)
• Fix unittests with assertRaises + replace assertTrue/False with better checks @kiblik (#9435)
• API: Check missing endpoints @kiblik (#7618)
• Trivy Operator Parser additionalVulnerabilityReportFields @raouf-haddada (#9452)
• Add ruff for *tests @kiblik (#9406)
• Dependencytrack default severity @manuel-sommer (#9370)

🚩 Changes to settings.dist.py / local_settings.py

• DRF Spectacular: Enable sidecar by default @Maffooch (#9645)
• ✨ implement osv-scanner, #7321 @manuel-sommer (#9578)
• Force to use DjangoDivFormRenderer @kiblik (#9659)
• Added Snyk Code Parser @FelixHernandez (#9647)
• Remove filterwarnings for RemovedInDjango50Warning @kiblik (#9500)
• Nosey Parker Parser @tpat13 (#9067)
• Remote filterwarnings for "cgi is deprecated and slated" @kiblik (#9561)
• 🐛 fix kics, #7966 @manuel-sommer (#9542)
• improved Sonatype parser @reichertan (#9519)
• 🎉 introducing EPSS score @quirinziessler (#9516)
• Remove filterwarnings for "DateTimeField - timezone" @kiblik (#9497)
• 🐛 fix mobsf deduplication and severity mapping @manuel-sommer (#9471)
• Remove filterwarnings for "invalid escape sequence" @kiblik (#9496)
• Remove filterwarnings for "unclosed file" @kiblik (#9498)
• API: removal of drf_yasg (OpenAPI 2.0 Swagger) @kiblik (#9108)
• Remove DD_USE_L10N @kiblik (#9491)
• 🎉 Improvements for wazuh importer @quirinziessler (#9248)
• Add support for DD_APPEND_SLASH @kiblik (#9385)
• Be strict about Warnings during testing @kiblik (#9490)
• Revert adding severity to Dependency Track hash_code calculation @kepten (#9371)

🚩 Database migration

• Fix broken migration 0197 @kiblik (#9606)
• 🎉 introducing EPSS score @quirinziessler (#9516)
• Dojo_Group: Support for "RemoteUser" in model @kiblik (#9405)
• finding sla expiration date field (part two) @blakeaowens (#9494)
• Be strict about Warnings during testing @kiblik (#9490)

🚀 General features and enhancements

• Jira Webhook: Catch comments from other issue updates @Maffooch (#9513)

🚀 API features and enhancements

• FindingGroupSerializer: not break schemas when JIRAIssue not available @kiblik (#9651)
• Engagement validation for risk_acceptance API in POST PATCH and PUT @FelixHernandez (#9599)
• 🎉 introducing EPSS score @quirinziessler (#9516)
• API: removal of drf_yasg (OpenAPI 2.0 Swagger) @kiblik (#9108)
• Disallow duplicate tool types @Maffooch (#9530)
• Improve API endpoints for Risk Acceptances @FelixHernandez (#9415)
• Be strict about Warnings during testing @kiblik (#9490)

🐛 Bug Fixes

• DRF Spectacular: Enable sidecar by default @Maffooch (#9645)
• Metrics: Status unification @Maffooch (#9654)
• Correct search queries containing colons @Maffooch (#9624)
• Update SLA Violation Filter query @Maffooch (#9614)
• CSV/Excel Report: Correct date/datetime comparison error @Maffooch (#9609)
• Deduplication: Do not reopen original finding @Maffooch (#9558)
• Correct Endpoint "Hosts" views when the host field is None @Maffooch (#9560)
• Jira: Append labels and respect priority on update @Maffooch (#9571)
• Questionnaires: Correct nested object deletions @Maffooch (#9574)
• Disallow duplicate tool types @Maffooch (#9530)
• Jira Server/DataCenter: Update meta methods @Maffooch (#9512)
• dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string should evaluate to "Info" @ninp0 (#9453)

🖌 Updates in UI

• Metrics: Status unification @Maffooch (#9654)
• View Engagement to class based view and block in engagement template @FelixHernandez (#9613)
• Engagement validation for risk_acceptance API in POST PATCH and PUT @FelixHernandez (#9599)
• Making EPSS float formatting consistent in 'view Finding' @cneill (#9591)
• EPSS Data Displayed Everywhere @dogboat (#9621)
• 🎉 introducing EPSS score @quirinziessler (#9516)
• API: removal of drf_yasg (OpenAPI 2.0 Swagger) @kiblik (#9108)
• Remove flot-axis JS library @FelixHernandez (#9540)
• Fix "Overdue" tag still visible with closed issues @FelixHernandez (#9539)
• Engagement Surveys: Add missing leading slash @Maffooch (#9531)
• add metrics page: "Product Tag Count" (fixes #9151) @tomaszn (#9152)

🗣 Updates in localization

• add metrics page: "Product Tag Count" (fixes #9151) @tomaszn (#9152)

🧰 Maintenance

• Update dependency autoprefixer from 10.4.17 to v10.4.18 (docs/package.json) @renovate (#9664)
• Update dependency ruff from 0.2.2 to v0.3.0 (requirements-lint.txt) @renovate (#9652)
• Update azure/setup-helm action from v3 to v4 (.github/workflows/test-helm-chart.yml) @renovate (#9646)
• Update rabbitmq:3.13.0-alpine Docker digest from 3.13.0 to 3.13.0-alpine (docker-compose.yml) @renovate (#9644)
• Bump es5-ext from 0.10.62 to 0.10.64 in /components @dependabot (#9640)
• Update rabbitmq Docker tag from 3.12.13 to v3.13.0 (docker-compose.yml) @renovate (#9622)
• Bump cryptography from 42.0.2 to 42.0.4 @dependabot (#9607)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.16 to v1.34.0 (helm/defectdojo/values.yaml) @renovate (#9598)
• Update dependency ruff from 0.2.1 to v0.2.2 (requirements-lint.txt) @renovate (#9576)
• Bump nginx from 1.25.3-alpine to 1.25.4-alpine @dependabot (#9580)
• Update rabbitmq Docker tag from 3.12.12 to v3.12.13 (docker-compose.yml) @renovate (#9573)
• ⬆️ Bump openapitools/openapi-generator-cli from v7.2.0 to v7.3.0 @dependabot (#9526)
• Update Helm release postgresql-ha from 9.4.11 to v13 (helm/defectdojo/Chart.yaml) @renovate (#9553)
• Update Helm release postgresql-ha from 9.1.9 to ~9.4.0 (helm/defectdojo/Chart.yaml) @renovate (#9547)
• Update Helm release postgresql from 11.6.26 to ~11.9.0 (helm/defectdojo/Chart.yaml) @renovate (#9546)
• Update Helm release rabbitmq from 11.2.2 to ~11.16.0 (helm/defectdojo/Chart.yaml) @renovate (#9548)
• Update Helm release mysql from 9.1.8 to ~9.19.0 (helm/defectdojo/Chart.yaml) @renovate (#9545)
• Update postgres Docker tag from 16.1 to v16.2 (docker-compose.yml) @renovate (#9536)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9541)
• Update Helm release redis from 16.12.3 to ~16.13.0 (helm/defectdojo/Chart.yaml) @renovate (#9550)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9535)
• Update dependency postcss from 8.4.34 to v8.4.35 (docs/package.json) @renovate (#9502)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9501)
• Bump vulners from 2.1.2 to 2.1.5 @dependabot (#9391)
• Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) @renovate (#9459)
• ⬆️ Bump boto3 from 1.34.32 to 1.34.35 @dependabot (#9489)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9458)
• Update dependency postcss from 8.4.33 to v8.4.34 (docs/package.json) @renovate (#9481)
• Bump nginx from d12e6f7 to f2802c2 @dependabot (#9477)
• Bump django-debug-toolbar from 4.2.0 to 4.3.0 @dependabot (#9466)
• Bump pytz from 2023.4 to 2024.1 @dependabot (#9465)
• Update release-drafter/release-drafter action from v5.25.0 to v6 (.github/workflows/release-drafter.yml) @renovate (#9460)