DefectDojo/django-DefectDojo 2.41.0

2.41.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.40.0

• Fix sarif parser location files processing @dmarushkin (#11265)
• OS Docs Overhaul - theming change, many new articles @paulOsinski (#11258)
• cleanup(helm): Drop support for TCP/3000 @kiblik (#11274)
• fix(components/node_modules): put .gitkeep back - fix warning @kiblik (#11309)
• Update CheckMarx One parser for imports where description is None @hblankenship (#11308)
• 🐛 fix trivyoperator tags @manuel-sommer (#11276)
• Ruff: Add and fix A005 @kiblik (#11275)
• Ruff: Add FIX001 and FIX003 @manuel-sommer (#10240)
• AnchoreCTL Policies: Additional checks for severity in description @hblankenship (#11269)
• chore(helm): implement readinessProbe and startupProbe for uwsgi container @fcecagno (#10506)
• Ruff: Fix for version 0.7.4 @kiblik (#11270)
• Add new Mend Platform API 3.0 file types to existing Mend parser @testaccount90009 (#11259)
• 🎉 Add Trivy Operator clustercompliance report @manuel-sommer (#11279)
• Harmonize helm @JGodin-C2C (#11168)
• prowler_v4.py Prowler v4.5.0 changed the 'event_time' key with 'time_dt' @ivan-morhun (#11213)
• docs(helm): add documentation about installation and external databas… @leofvo (#11015)
• Ruff: Add and fix PTH122 @manuel-sommer (#11255)
• fix(helm): set cloudsql-proxy as sidecar container to allow initializer and dbmigration to run @jndeverteuil (#10824)
• 🎉 All Trivy Operator findings in one json @manuel-sommer (#11252)
• feat(helm): Allow to keep initializer if requested @kiblik (#11257)
• 🐛 fix bearer_cli #11245 @manuel-sommer (#11248)
• Fix nuclei parser: invalid CWEs @fopina (#11232)
• Ruff: Add and "fix" S106 @kiblik (#11193)
• Ruff: Add and fix PTH112 @manuel-sommer (#11195)
• Ruff: Add and fix S108 @kiblik (#11192)
• GHA Artifacts: Update to v4 @Maffooch (#11205)
• fix(helm): add missing env config on job @leofvo (#11016)
• feat(helm): Add support for staticName for initializer @kiblik (#11237)
• 🐛 fix semgrep severity logic #11218 @manuel-sommer (#11219)
• 🐛 Fix Defender broken Endpoint #11217 @manuel-sommer (#11212)
• datetime.utcnow() is scheduled for removal @manuel-sommer (#11209)
• datetime.utcfromtimestamp() is scheduled for removal @manuel-sommer (#11208)
• 🐛 fix Acunetix date #11206 @manuel-sommer (#11207)
• Ruff: Add and fix S105 @kiblik (#11068)
• Ruff: Add and fix multiple flake8-use-pathlib @manuel-sommer (#11099)
• Ruff: Add and fix D411 @kiblik (#11064)
• Ruff: Add and "fix" S104 @kiblik (#11067)

🚩 Changes to settings.dist.py / local_settings.py

• add RLBA to vulnid @manuel-sommer (#11271)
• Fix nuclei deduplication @fopina (#11277)
• Mobsfscan report files parsing fix @dmarushkin (#11278)
• 🔨 rework kubescape parser @manuel-sommer (#11229)
• feat(DD_DEDUPLICATION_ALGORITHM_PER_PARSER + DD_HASHCODE_FIELDS_PER_SCANNER): Add checker of values @kiblik (#11244)
• add RLSA to vulnid @manuel-sommer (#11251)
• Refactor mobsf parser for v4 reports @dmarushkin (#11056)
• Ruff: Add and fix PTH120 @manuel-sommer (#11201)
• Ruff: Add and fix PTH113 @manuel-sommer (#11194)
• Ruff: Add and fix S113 @kiblik (#11198)
• 🎉 Add DSA vulnid @manuel-sommer (#11238)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
• Burp Enterprise: Support newer format @Maffooch (#11220)
• add TEMP to vulnid @manuel-sommer (#11180)

🚀 API features and enhancements

• Ruff: add and fix some SIM rules @kiblik (#10926)
• Ruff: Fix Ruff FURB189 on bugfix @manuel-sommer (#11290)
• DojoMeta: Ability to create or update multiple objects in batch @hblankenship (#11268)
• API to Link an EngagementQuestionnaire's unanswered Answered_Survey to an Engagement @hblankenship (#11226)
• 🐛 fix Bump ruff from 0.7.2 to 0.7.3 @manuel-sommer (#11224)
• API: Engagement update jira epic @raouf-haddada (#11234)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• FileUpload Base64 extension fix @hblankenship (#11203)
• Ruff: Add and fix D413 @kiblik (#11065)

🐛 Bug Fixes

• Importers: Force tags to lowercase @Maffooch (#11221)

🖌 Updates in UI

• Ruff: add and fix some SIM rules @kiblik (#10926)
• Allow sorting endpoints by ID @fopina (#11228)
• Update audit log with actual requested reviewers @hblankenship (#11289)
• 🔨 rework kubescape parser @manuel-sommer (#11229)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
• Burp Enterprise: Support newer format @Maffooch (#11220)
• add engagement closed MS teams, Email, Alert, and Slack template @hblankenship (#11204)

🧰 Maintenance

• Bump cryptography from 43.0.3 to 44.0.0 @dependabot (#11346)
• Bump boto3 from 1.35.70 to 1.35.71 @dependabot (#11344)
• fix(deps): update dependency @tabler/icons from 3.22.0 to v3.23.0 (docs/package.json) @renovate (#11348)
• Bump pyjwt from 2.10.0 to 2.10.1 @dependabot (#11345)
• Bump python-gitlab from 5.0.0 to 5.1.0 @dependabot (#11343)
• Update dependency vite from 6.0.0 to v6.0.1 (docs/package.json) @renovate (#11337)
• Bump boto3 from 1.35.69 to 1.35.70 @dependabot (#11338)
• chore(deps): update dependency prettier from 3.3.3 to v3.4.1 (docs/package.json) @renovate (#11330)
• chore(deps): update dependency vite from 5.4.11 to v6 (docs/package.json) @renovate (#11333)
• Bump boto3 from 1.35.68 to 1.35.69 @dependabot (#11335)
• Bump boto3 from 1.35.67 to 1.35.68 @dependabot (#11318)
• chore(deps): update postgres docker tag from 17.1 to v17.2 (docker-compose.yml) @renovate (#11316)
• Bump boto3 from 1.35.66 to 1.35.67 @dependabot (#11312)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.1 to v1.37.2 (helm/defectdojo/values.yaml) @renovate (#11307)
• Bump boto3 from 1.35.64 to 1.35.66 @dependabot (#11303)
• Bump boto3 from 1.35.63 to 1.35.64 @dependabot (#11292)
• Bump openapitools/openapi-generator-cli from v7.9.0 to v7.10.0 @dependabot (#11283)
• Bump nginx from 2140dad to 74175cf @dependabot (#11282)
• Bump pyjwt from 2.9.0 to 2.10.0 @dependabot (#11280)
• Bump boto3 from 1.35.62 to 1.35.63 @dependabot (#11281)
• Update postgres Docker tag from 17.0 to v17.1 (docker-compose.yml) @renovate (#11264)
• Bump boto3 from 1.35.60 to 1.35.62 @dependabot (#11267)
• Update Helm release postgresql from 16.1.2 to ~16.2.0 (helm/defectdojo/Chart.yaml) @renovate (#11260)
• Bump boto3 from 1.35.59 to 1.35.60 @dependabot (#11262)
• Bump boto3 from 1.35.58 to 1.35.59 @dependabot (#11253)
• Update dependency postcss from 8.4.47 to v8.4.49 (docs/package.json) @renovate (#11230)
• Update postgres:17.0-alpine Docker digest from 17.0 to 17.0-alpine (docker-compose.yml) @renovate (#11239)
• Bump boto3 from 1.35.56 to 1.35.58 @dependabot (#11242)
• Bump boto3 from 1.35.55 to 1.35.56 @dependabot (#11223)
• Bump boto3 from 1.35.54 to 1.35.55 @dependabot (#11214)
• Bump django from 5.1.2 to 5.1.3 @dependabot (#11197)
• Bump pdfmake from 0.2.14 to 0.2.15 in /components @dependabot (#11185)
• Bump ruff from 0.7.1 to 0.7.2 @dependabot (#11184)
• Bump boto3 from 1.35.53 to 1.35.54 @dependabot (#11183)