DefectDojo/django-DefectDojo 2.34.0

2.34.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.33.0

• Merge Bugfix into Dev for 2.34.0 @Maffooch (#10125)
• ✨ implement progpilot SAST parser #10044 @manuel-sommer (#10052)
• 🐛 fix hcl_appscan, handle severity is None #10074 @manuel-sommer (#10101)
• 🐛 Fix RedHatSatellite components @manuel-sommer (#10082)
• fix awssecurityhub findings @manuel-sommer (#10072)
• add test description for AWS SecurityHub Scan @manuel-sommer (#9904)
• add Knowledge Base link to docs sidebar element @paulOsinski (#10075)
• remove non-working links from social-authentication.md @paulOsinski (#10071)
• ✨ implement yarn2 parser @manuel-sommer (#9985)
• Update Release Notes for 2.34.0 @manuel-sommer (#10077)
• Newlines in SARIF parser code blocks @ahmsec (#9932)
• refactor generic parser @manuel-sommer (#9922)
• Fix engagements filters in 'engagements by product view' @davidhernandeze (#10046)
• Ruff: add and fix some of DJ rules @kiblik (#9891)
• Add support for more GIT SCMs in finding view for the finding URL @eu-david (#9710)
• Ruff: add and fix EXE rules @kiblik (#9896)
• helm: Add subcomponent labels for celery beat and worker at deployment @al-cheb (#9865)
• extend _index.md with link to Knowledge Base @paulOsinski (#10002)
• Unit Tests: Correct File Close Warnings @hblankenship (#10055)
• Parser: Fix Qualys Parser Mitigation Date Issue @MarianG (#9888)
• update semgrep tests @hblankenship (#10058)
• Filter All Engagements by Date @davidhernandeze (#9914)
• Updated DryRun Security config @mtesauro (#10037)
• Updates to semgrep parser @mtesauro (#10033)
• Helm postgresql: Upgrade image @kiblik (#9966)
• Fix: Broken Swagger when Remote User enabled @kiblik (#9960)
• fix anchore_grype null characters issue, #9942 @manuel-sommer (#9962)
• GH-action: Detect Merge Conflicts - update v3 @kiblik (#9940)
• fix horusec null characters issue, #9939 @manuel-sommer (#9941)
• Remove pyproject.toml, add ruff.toml @cneill (#9929)
• resolve fixme from cobalt parser @manuel-sommer (#9921)
• 🐛 jake json output in cyclonedx not parsed @manuel-sommer (#9873)
• Checkmarx one parser support API exported files @FelixHernandez (#9917)
• Ruff: Fix UP (after couple of merges) @kiblik (#9903)
• sonarqube: cve to vulnerability_ids @manuel-sommer (#9902)
• 🔨 restructure json in scout suite unittests @manuel-sommer (#9874)
• Ruff: Add checks that are fully solved @kiblik (#9864)
• rework intsights to split csv and json @manuel-sommer (#9855)
• Remove 'version' from docker-compose @kiblik (#9831)
• osv_scanner: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9832)
• yarn_audit: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9833)
• nancy: migrate from cve to unsaved_vulnerability_ids @manuel-sommer (#9834)
• 🐛 RedHatSatellite, multiple vulnids @manuel-sommer (#9875)
• resolve generic parser fixme @manuel-sommer (#9854)
• 🐛 whitehat sentinel fix mitigated tzinfo attribute @manuel-sommer (#9872)
• Bugfix for NoneType Error in SSLyze parser @manuel-sommer (#9850)
• 🎇 refactor sonarqube and add JSON parsing for api export @manuel-sommer (#9734)
• GHA: Update docker-compose refs to docker compose @Maffooch (#9871)
• GHA: Update docker-compose refs to docker compose @Maffooch (#9870)

🚩 Changes to settings.dist.py / local_settings.py

• RemoteUser: Hide from Swagger @kiblik (#9961)
• Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
• remove aws scout2 parser @manuel-sommer (#9894)
• Ruff: add isort @kiblik (#9754)
• Make the number of request/response pairs returned by the API configurable @hblankenship (#9967)
• Gunicorn: Legacy cleanup @Maffooch (#9953)
• PreDjango 4.2 fixes @kiblik (#9882)
• ✨ add RHSA link for RedHatSatellite findings @manuel-sommer (#9877)
• Ruff: add pyupgrade @kiblik (#9755)
• Add NOTIFICATIONS_SYSTEM_LEVEL_TRUMP @kiblik (#9699)

🚩 Database migration

• Similar Findings: Create Toggle @Maffooch (#10047)
• Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)
• Severity: Extra validation and cleanup @Maffooch (#9952)

🚀 General features and enhancements

• Importer + Reimport: Reorg, cleanup, comment @Maffooch (#10011)
• String Based Filtering: Follow on for #10038 @Maffooch (#10050)
• Jira Webhook: Reorg logging and responses @Maffooch (#10049)
• Similar Findings: Create Toggle @Maffooch (#10047)
• Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)

🚀 API features and enhancements

• Importer + Reimport: Reorg, cleanup, comment @Maffooch (#10011)
• Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
• Ruff: add isort @kiblik (#9754)
• Ruff: add and fix EM rules @kiblik (#9892)
• Ruff: add and fix C4 @kiblik (#9889)
• Make the number of request/response pairs returned by the API configurable @hblankenship (#9967)
• Severity: Extra validation and cleanup @Maffooch (#9952)
• Ruff: add pyupgrade @kiblik (#9755)

🐛 Bug Fixes

• Set Finding date if nothing is set from the parser @Maffooch (#10018)
• Severity: Extra validation and cleanup @Maffooch (#9952)

🖌 Updates in UI

• Class based reports views @dogboat (#10124)
• Checkmarx One: Add additional parsing for different report formats @Maffooch (#10102)
• Ruff: clean-up after multiple merges not cover by new rules @kiblik (#10078)
• Ruff: add isort @kiblik (#9754)
• Ruff: add and fix C4 @kiblik (#9889)
• Product Metrics: Performance Enhancements @blakeaowens (#10059)
• String Based Filtering: Follow on for #10038 @Maffooch (#10050)
• Similar Findings: Create Toggle @Maffooch (#10047)
• Fix numerical sorting in the old UI for Active/Verified findings @davidhernandeze (#10045)
• Filtering Performance: Add opt-in setting for converting to string ba… @Maffooch (#10038)
• fix in engagement_list.html @manuel-sommer (#9970)
• Hide checkbox and action columns on Test view Findings listing @dogboat (#9971)
• Update dojo_sort template tag to properly handle querystrings with keys with multiple values @dogboat (#9969)
• view-finding-footer-fix Close a div so footer displays properly @dogboat (#9968)
• Edit wording on "Add group members" pages @dogboat (#9965)
• Update format_epss display tag to try/catch formatting errors @dogboat (#9934)
• Ruff: add pyupgrade @kiblik (#9755)

🧰 Maintenance

• Bump sqlalchemy from 2.0.29 to 2.0.30 @dependabot (#10120)
• Bump ruff from 0.4.2 to 0.4.3 @dependabot (#10121)
• Bump boto3 from 1.34.97 to 1.34.98 @dependabot (#10122)
• Bump coverage from 7.5.0 to 7.5.1 @dependabot (#10123)
• Update rabbitmq Docker tag from 3.13.1 to v3.13.2 (docker-compose.yml) @renovate (#10103)
• Bump boto3 from 1.34.96 to 1.34.97 @dependabot (#10106)
• Bump ruff from 0.4.1 to 0.4.2 @dependabot (#10042)
• Bump boto3 from 1.34.95 to 1.34.96 @dependabot (#10096)
• Update Helm release rabbitmq from 11.16.2 to v14 (helm/defectdojo/Chart.yaml) @renovate (#10069)
• Bump drf-spectacular-sidecar from 2024.4.1 to 2024.5.1 @dependabot (#10080)
• Bump boto3 from 1.34.94 to 1.34.95 @dependabot (#10079)
• Bump boto3 from 1.34.93 to 1.34.94 @dependabot (#10067)
• Bump social-auth-app-django from 5.4.0 to 5.4.1 @dependabot (#10026)
• Bump boto3 from 1.34.92 to 1.34.93 @dependabot (#10054)
• Bump jquery-ui from 1.13.2 to 1.13.3 in /components @dependabot (#10056)
• Bump nginx from 1.25.5-alpine to 1.26.0-alpine @dependabot (#10057)
• Bump social-auth-core from 4.5.3 to 4.5.4 @dependabot (#10030)
• Bump social-auth-app-django from 5.4.0 to 5.4.1 @dependabot (#10029)
• Bump boto3 from 1.34.90 to 1.34.92 @dependabot (#10036)
• Bump boto3 from 1.34.89 to 1.34.90 @dependabot (#10024)
• Bump django-split-settings from 1.2.0 to 1.3.1 @dependabot (#10022)
• Bump uwsgi from 2.0.23 to 2.0.25.1 @dependabot (#10023)
• Bump coverage from 7.4.4 to 7.5.0 @dependabot (#10020)
• Bump celery from 5.3.6 to 5.4.0 @dependabot (#10019)
• Bump pycurl from 7.45.2 to 7.45.3 @dependabot (#10016)
• Bump djangosaml2 from 1.9.1 to 1.9.2 @dependabot (#10014)
• Bump redis from 5.0.3 to 5.0.4 @dependabot (#10017)
• Bump gitpython from 3.1.41 to 3.1.43 @dependabot (#10015)
• Bump blackduck from 1.1.0 to 1.1.3 @dependabot (#10013)
• Bump netaddr from 0.10.1 to 1.2.1 @dependabot (#10004)
• Bump packageurl-python from 0.13.4 to 0.15.0 @dependabot (#10008)
• Bump sqlalchemy from 2.0.25 to 2.0.29 @dependabot (#10006)
• Bump debugpy from 1.8.0 to 1.8.1 @dependabot (#10005)
• Bump boto3 from 1.34.35 to 1.34.89 @dependabot (#10007)
• Bump markdown from 3.5.2 to 3.6 @dependabot (#9991)
• Bump moment from 2.29.4 to 2.30.1 in /components @dependabot (#9996)
• Bump html2text from 2020.1.16 to 2024.2.26 @dependabot (#9990)
• Bump jquery from 3.7.0 to 3.7.1 in /components @dependabot (#9997)
• Bump social-auth-core from 4.5.2 to 4.5.3 @dependabot (#9992)
• Bump pdfmake from 0.2.7 to 0.2.10 in /components @dependabot (#9994)
• Bump cryptography from 42.0.4 to 42.0.5 @dependabot (#9989)
• Bump drf-spectacular from 0.27.1 to 0.27.2 @dependabot (#9981)
• Bump asteval from 0.9.31 to 0.9.32 @dependabot (#9980)
• Bump drf-spectacular-sidecar from 2024.3.4 to 2024.4.1 @dependabot (#9976)
• Bump vobject from 0.9.6.1 to 0.9.7 @dependabot (#9978)
• Bump python-dateutil from 2.8.2 to 2.9.0.post0 @dependabot (#9982)
• Bump openapitools/openapi-generator-cli from v7.4.0 to v7.5.0 @dependabot (#9983)
• Bump nginx from 1.25.4-alpine to 1.25.5-alpine @dependabot (#9984)
• Update postgres:16.2-alpine Docker digest from 16.2 to 16.2-alpine (docker-compose.yml) @renovate (#9972)
• Update redis:7.2.4-alpine Docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#9973)
• Update dependency ruff from 0.3.7 to v0.4.1 (requirements-lint.txt) @renovate (#9974)
• Bump lxml from 5.1.0 to 5.2.1 @dependabot (#9946)
• Update azure/setup-helm action from v4.1.0 to v4.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#9928)
• Update rabbitmq:3.13.1-alpine Docker digest from 3.13.1 to 3.13.1-alpine (docker-compose.yml) @renovate (#9927)
• Bump json-log-formatter from 0.5.2 to 1.0 @dependabot (#9959)
• Bump jira from 3.6.0 to 3.8.0 @dependabot (#9947)
• Bump cvss from 3.0 to 3.1 @dependabot (#9949)
• Bump pillow from 10.2.0 to 10.3.0 @dependabot (#9950)
• Bump redis from 5.0.1 to 5.0.3 @dependabot (#9951)
• Bump coverage from 7.4.1 to 7.4.4 @dependabot (#9943)
• Update peaceiris/actions-hugo action from v2 to v3 (.github/workflows/gh-pages.yml) @renovate (#9863)
• Update peaceiris/actions-gh-pages action from v3 to v4 (.github/workflows/gh-pages.yml) @renovate (#9897)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.34.1 to v1.35.1 (helm/defectdojo/values.yaml) @renovate (#9933)
• Gunicorn: Legacy cleanup @Maffooch (#9953)
• chore(deps): update dependency ruff from 0.3.6 to v0.3.7 (requirements-lint.txt) @renovate (#9919)
• Update stefanzweifel/git-auto-commit-action action from v5.0.0 to v5.0.1 (.github/workflows/release-3-master-into-dev.yml) @renovate (#9920)
• chore(deps): update dependency ruff from 0.3.5 to v0.3.6 (requirements-lint.txt) @renovate (#9918)
• Update Helm release redis from 19.0.2 to ~19.1.0 (helm/defectdojo/Chart.yaml) @renovate (#9890)
• chore(deps): update rabbitmq docker tag from 3.13.0 to v3.13.1 (docker-compose.yml) @renovate (#9862)
• chore(deps): update helm release postgresql from 15.1.4 to ~15.2.0 (helm/defectdojo/chart.yaml) @renovate (#9852)