DefectDojo/django-DefectDojo 2.45.0

2.45.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.44.0

• (docs) arm64: add some notes about the experimental new images @valentijnscholten (#12163)
• docs - pro user groups info @paulOsinski (#12127)
• changelog 2.44.4 @paulOsinski (#12150)
• Jira Finding Groups: Confusion on strings vs functions @Maffooch (#12128)
• 💄 beautify multiple file format choices @manuel-sommer (#12117)
• remove exclude_search from Features page @paulOsinski (#12121)
• Import Memory Handling: Do not maintain parsed findings long term @Maffooch (#12106)
• 🐛 fix PTH123 ruff rule for branch dev @manuel-sommer (#12108)
• 🎉 resolve todo in ort parser @manuel-sommer (#12082)
• sso docs: make environment variables vs local_settings more explicit @valentijnscholten (#12061)
• Add CWE to PTART parser @adam-bertrand-bib (#12068)
• 🐛 fix gitlab dast to parse request response pair #12050 @manuel-sommer (#12057)
• Fortify FPR enhancements 2025 @valentijnscholten (#12027)
• 🎉 add references to testssl @manuel-sommer (#12045)
• Changelog 2.44.2 / 2.44.3 @paulOsinski (#12040)
• add resources to wait-for-db @hoferbeck (#12023)
• Generic JSON: Explicitly process tags like other tools @Maffooch (#12056)
• 🎉 fix parser anchore engine to parse new report format #11552 @manuel-sommer (#12020)
• 💄 Remove unused burp parser method @manuel-sommer (#12026)
• add aqua vulnerabilities format @kzzz1 (#12000)
• SLA Calculations 1/2: Add unit tests to capture current behaviour @valentijnscholten (#11923)
• Docs: Pin versions and add GHA for testing build failures @Maffooch (#12038)
• 💄 Remove deprecated Django import and is_safe_url @manuel-sommer (#11991)
• 🐛 fix unittest example in docs @manuel-sommer (#11992)
• dedupe command: fix NoneType on empty set of models @valentijnscholten (#11998)
• fix(helm-metrics): Flag format for promExporter changed @kiblik (#12010)
• DOCKER.md: use docker compose everywhere @valentijnscholten (#12014)
• Docs updates: 2.44.2 @paulOsinski (#11985)
• upgrade notes: correct dedupe command lines @valentijnscholten (#12007)
• Lift the Feature Freeze @Maffooch (#12001)
• (Experimental) arm64: Publish arm64 builds for releases @valentijnscholten (#11965)
• OpenVAS endpoint and severity improvements @valentijnscholten (#11955)
• docker entrypoints: use bash everywhere @valentijnscholten (#11942)
• fix(notif): Add findings_reactivated and findings_untouched again @kiblik (#11963)
• docs: source-code-repositories: clarify default scm type @valentijnscholten (#11968)
• Pro Release notes : 2.44.1 @paulOsinski (#11983)
• 🐛 fix benchmark internal server error @manuel-sommer (#11974)
• Release notes: 2.44 @paulOsinski (#11943)
• Docs: add supported report types index / maintenance @paulOsinski (#11921)
• Notes history/edit/delete bugfix @dogboat (#11949)
• Update parser documentation template to include additional detail. @skywalke34 (#11916)

🚩 Changes to settings.dist.py / local_settings.py

• Revert "Session timeout notification" @Maffooch (#12186)
• Session timeout notification @kevin-vuong99 (#12093)
• Ruff: Add and fix N999 @kiblik (#11647)
• 🎉 Add slackware security advisory to vulnid @manuel-sommer (#12113)
• Add archlinux security advisory to vulnid @manuel-sommer (#12078)
• Add openSUSE vulnerabilities to vulnid @manuel-sommer (#12041)
• Jira Webhook: Prevent finding group findings from being reopened @Maffooch (#12048)
• 🎉 add proofpoint vulnid @manuel-sommer (#12004)
• 🎉 add fortiguard vulnid @manuel-sommer (#11926)
• Async Finding Import: Mark the feature as deprecated @Jino-T (#11915)
• Add generic OIDC login option @dandersonsw (#10614)
• 🎉 Splunk vulnIDs @manuel-sommer (#11908)

🚩 Database migration

• Product Revenue: Do no allow negative revenue @Maffooch (#12160)
• Adding new regulations @Maffooch (#12122)
• 🐛 fix broken AWS Endpoints @quirinziessler (#11902)

🚀 API features and enhancements

• Ruff: Add PTH123, merge PTH, fix in /dojo @kiblik (#12025)
• Ruff: Add and fix B007, merge B00 @kiblik (#12028)

🖌 Updates in UI

• Revert "Session timeout notification" @Maffooch (#12186)
• Ruff: Add B018 rule @manuel-sommer (#12110)
• Session timeout notification @kevin-vuong99 (#12093)
• 🎉 Add slackware security advisory to vulnid @manuel-sommer (#12113)
• Ruff: Add and fix B007, merge B00 @kiblik (#12028)
• update permissions documentation links to reflect correct paths @blakeaowens (#11986)
• Ruff: Add and fix B905 @kiblik (#11952)
• Add generic OIDC login option @dandersonsw (#10614)

🔧 Improved code quality with linters

• Ruff: Add B018 rule @manuel-sommer (#12110)
• Ruff: Add B017 rule @manuel-sommer (#12109)
• Ruff: Add and fix N999 @kiblik (#11647)
• Ruff: add multiple PYI rules @manuel-sommer (#12099)
• Ruff: add multiple PT rules @manuel-sommer (#12100)
• Ruff: Add multiple PERF rules @manuel-sommer (#12136)
• Ruff: Fix PTH123 in unittests (exclude unittests/tools) @kiblik (#12112)
• Ruff: Add and autofix B028 @kiblik (#12024)
• Ruff: Add a lot of Bugbear rules @manuel-sommer (#12077)
• Ruff: Add and autofix PLR173 rules @manuel-sommer (#11988)
• Ruff: Add a couple of DTZ rules @manuel-sommer (#12081)
• Ruff: Add S321 and S611 @manuel-sommer (#12076)
• Ruff: Add PLW0602 @manuel-sommer (#12075)
• Ruff: Add PTH123, merge PTH, fix in /dojo @kiblik (#12025)
• Ruff: Add N813 @manuel-sommer (#12073)
• Ruff: Add N812 @manuel-sommer (#12074)
• Ruff: Add N817 @manuel-sommer (#12072)
• Ruff: Add and fix B031, merge B03 @kiblik (#12029)
• Ruff: Add and fix B007, merge B00 @kiblik (#12028)
• Ruff: Add and autofix PLR2044 @manuel-sommer (#11989)
• Ruff: Add TD007 and N803 @manuel-sommer (#12002)
• Ruff: Add and autofix B006 @kiblik (#11951)
• Ruff: Add and fix B903 @kiblik (#11956)
• Ruff: Add and autofix B009 @kiblik (#11950)
• Ruff: Add and autofix B010 @kiblik (#11953)
• Ruff: Add and autofix B033 @kiblik (#11954)
• Ruff: Add and fix B905 @kiblik (#11952)

🧰 Maintenance

• Bump ruff from 0.11.2 to 0.11.3 @dependabot (#12170)
• Bump boto3 from 1.37.26 to 1.37.27 @dependabot (#12171)
• Update mccutchen/go-httpbin Docker tag from 2.18.0 to v2.18.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12172)
• Update dependency vite from 6.2.4 to v6.2.5 (docs/package.json) @renovate (#12164)
• Bump boto3 from 1.37.25 to 1.37.26 @dependabot (#12165)
• Bump boto3 from 1.37.24 to 1.37.25 @dependabot (#12159)
• Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12154)
• Bump drf-spectacular-sidecar from 2025.3.1 to 2025.4.1 @dependabot (#12156)
• Bump boto3 from 1.37.23 to 1.37.24 @dependabot (#12157)
• Update dependency python from 3.12.9 to 3.13 (.github/workflows/slack-pr-reminder.yml) @renovate (#12145)
• Update actions/checkout action from v2 to v4 (.github/workflows/slack-pr-reminder.yml) @renovate (#12146)
• Update dependency vite from 6.2.3 to v6.2.4 [SECURITY] @renovate (#12148)
• Update actions/setup-python action from v2 to v5 (.github/workflows/slack-pr-reminder.yml) @renovate (#12149)
• Bump djangorestframework from 3.15.2 to 3.16.0 @dependabot (#12140)
• Bump boto3 from 1.37.22 to 1.37.23 @dependabot (#12141)
• Bump boto3 from 1.37.21 to 1.37.22 @dependabot (#12125)
• Bump sqlalchemy from 2.0.39 to 2.0.40 @dependabot (#12126)
• Update Helm release postgresql from 16.5.6 to ~16.6.0 (helm/defectdojo/Chart.yaml) @renovate (#12124)
• Bump boto3 from 1.37.20 to 1.37.21 @dependabot (#12115)
• Bump boto3 from 1.37.19 to 1.37.20 @dependabot (#12111)
• Bump humanize from 4.12.1 to 4.12.2 @dependabot (#12102)
• Update dependency @tabler/icons from 3.30.0 to v3.31.0 (docs/package.json) @renovate (#12097)
• Update actions/setup-python action from v5.4.0 to v5.5.0 (.github/workflows/test-helm-chart.yml) @renovate (#12098)
• Bump boto3 from 1.37.18 to 1.37.19 @dependabot (#12103)
• Bump vite from 6.2.0 to 6.2.3 in /docs @dependabot (#12104)
• Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12095)
• Update actions/setup-node action from v4.2.0 to v4.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#12096)
• Update dependency vite from 6.2.2 to v6.2.3 (docs/package.json) @renovate (#12092)
• Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/validate_docs_build.yml) @renovate (#12089)
• Bump ruff from 0.11.1 to 0.11.2 @dependabot (#12084)
• Bump boto3 from 1.37.17 to 1.37.18 @dependabot (#12085)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.5 to v1.37.6 (helm/defectdojo/values.yaml) @renovate (#12063)
• Update mccutchen/go-httpbin Docker tag from 2.17.1 to v2.18.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12064)
• Bump boto3 from 1.37.16 to 1.37.17 @dependabot (#12069)
• Bump django-debug-toolbar from 5.0.1 to 5.1.0 @dependabot (#12070)
• Bump ruff from 0.11.0 to 0.11.1 @dependabot (#12071)
• Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/gh-pages.yml) @renovate (#12052)
• Bump boto3 from 1.37.15 to 1.37.16 @dependabot (#12059)
• Update actions/upload-artifact action from v4.6.1 to v4.6.2 (.github/workflows/fetch-oas.yml) @renovate (#12055)
• Update actions/download-artifact action from v4.2.0 to v4.2.1 (.github/workflows/rest-framework-tests.yml) @renovate (#12053)
• Bump djangosaml2 from 1.9.4 to 1.10.1 @dependabot (#12060)
• Bump boto3 from 1.37.14 to 1.37.15 @dependabot (#12049)
• Bump djangosaml2 from 1.9.3 to 1.9.4 @dependabot (#12043)
• Update actions/download-artifact action from v4.1.9 to v4.2.0 (.github/workflows/rest-framework-tests.yml) @renovate (#12046)
• Bump boto3 from 1.37.13 to 1.37.14 @dependabot (#12044)
• Update actions/setup-node action from v4.2.0 to v4.3.0 (.github/workflows/gh-pages.yml) @renovate (#12030)
• Bump ruff from 0.10.0 to 0.11.0 @dependabot (#12032)
• Bump boto3 from 1.37.12 to 1.37.13 @dependabot (#12031)
• Bump @babel/helpers from 7.26.0 to 7.26.10 in /docs @dependabot (#12034)
• Bump @babel/runtime from 7.26.0 to 7.26.10 in /docs @dependabot (#12037)
• Bump ruff from 0.9.10 to 0.10.0 @dependabot (#12012)
• Bump boto3 from 1.37.11 to 1.37.12 @dependabot (#12011)
• Update docker/login-action action from v3.3.0 to v3.4.0 (.github/workflows/release-x-manual-merge-container-digests.yml) @renovate (#12009)
• Update dependency vite from 6.2.1 to v6.2.2 (docs/package.json) @renovate (#12008)
• Bump psycopg[c] from 3.2.5 to 3.2.6 @dependabot (#12005)
• Bump sqlalchemy from 2.0.38 to 2.0.39 @dependabot (#11996)
• Bump boto3 from 1.37.10 to 1.37.11 @dependabot (#11997)
• Update Helm release postgresql from 16.4.16 to ~16.5.0 (helm/defectdojo/Chart.yaml) @renovate (#11978)
• Update mccutchen/go-httpbin Docker tag from v2.16.1 to v2.17.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#11975)
• Bump boto3 from 1.37.9 to 1.37.10 @dependabot (#11990)
• Update dependency node from 22.5.1 to v22.14.0 (.github/workflows/gh-pages.yml) @renovate (#11987)
• Bump boto3 from 1.37.8 to 1.37.9 @dependabot (#11976)
• Bump ruff from 0.9.9 to 0.9.10 @dependabot (#11977)
• Bump pycurl from 7.45.4 to 7.45.6 @dependabot (#11972)
• chore(deps): update dependency vite from 6.2.0 to v6.2.1 (docs/package.json) @renovate (#11967)
• Bump boto3 from 1.37.7 to 1.37.8 @dependabot (#11970)
• Bump django from 5.1.6 to 5.1.7 @dependabot (#11966)
• Bump boto3 from 1.37.6 to 1.37.7 @dependabot (#11961)
• Bump easymde from 2.19.0 to 2.20.0 in /components @dependabot (#11947)
• Bump boto3 from 1.37.5 to 1.37.6 @dependabot (#11946)
• fix(deps): update dependency @tabler/icons from 3.30.0 to v3.31.0 (docs/package.json) @renovate (#11944)
• chore(deps): update mccutchen/go-httpbin docker tag from v2.16.0 to v2.16.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#11941)
• chore(deps): update peter-evans/create-pull-request action from v7.0.7 to v7.0.8 (.github/workflows/update-sample-data.yml) @renovate (#11939)
• Bump boto3 from 1.37.4 to 1.37.5 @dependabot (#11940)
• chore(deps): update postgres:17.4-alpine docker digest from 17.4 to 17.4-alpine (docker-compose.yml) @renovate (#11922)
• chore(deps): update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#11927)
• Bump drf-spectacular-sidecar from 2025.2.1 to 2025.3.1 @dependabot (#11928)
• Bump boto3 from 1.37.3 to 1.37.4 @dependabot (#11929)
• Bump cryptography from 44.0.1 to 44.0.2 @dependabot (#11930)
• Bump openapitools/openapi-generator-cli from v7.11.0 to v7.12.0 @dependabot (#11931)