DefectDojo/django-DefectDojo 2.46.0 on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.45.0

[docs] sso maintenance @paulOsinski (#12356)
update changelog 2.45.3 @paulOsinski (#12364)
fix(GHA): Avoid some actions in forks @kiblik (#12354)
Add input validation (branch to release num) for the release gha @rossops (#12302)
Urllib3 upgrade + Rerecord JIra responses @Maffooch (#12355)
releases: publish nightly builds of dev @valentijnscholten (#12137)
Enhance OSV Parser to Include Mitigation Information with Fixed Package Versions @4b75726169736859 (#11681)
nessus: parse more fields @valentijnscholten (#12247)
Generic Parser: Support Test Type Meta @Maffooch (#12348)
False Positive Status: Update docs @Maffooch (#12332)
[docs] add Tags article @paulOsinski (#12294)
Jira webhook comment duplicate patch @Maffooch (#12333)
Release: Merge back 2.45.3 into bugfix from: master-into-bugfix/2.45.3-2.46.0-dev @github-actions (#12326)
[docs] add Pro Finding Enhancements documentation @paulOsinski (#12310)
Fortify: Handle suppressed findings as false positives @valentijnscholten (#12293)
sla: parse finding.date implicitly @valentijnscholten (#12301)
2.45.2 pro changelog @paulOsinski (#12292)
tenable: check mandatory columns before importing @valentijnscholten (#12273)
saml: provide link to saml-tracer browser add-on @valentijnscholten (#12274)
Reimport: Special statuses should be respected from reports @Maffooch (#12291)
Update Wiz parser documentation - Standard & SCA imports @skywalke34 (#12259)
Parser docstrings @Jino-T (#12253)
[docs] Add Example Cases to docs @paulOsinski (#12265)
Update wording about async import removal in 2.46.md @valentijnscholten (#12256)
Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev @github-actions (#12288)
[docs] Changelog, Jira reorg, Wiz Connector docs, Import reorg @paulOsinski (#12250)
🎉 Implement Fortify Webinspect new report format @manuel-sommer (#12155)
Deprecation notification about async import @manuel-sommer (#12244)
Update how-to-write-a-parser.md @maarten-boot (#12210)
Release: Merge back 2.45.1 into bugfix from: master-into-bugfix/2.45.1-2.46.0-dev @github-actions (#12240)
🐛 fix ruff bump to 0.11.5 #12217 @manuel-sommer (#12224)
💄 🪲 Fix Aqua parser severity justification @manuel-sommer (#12192)
changelog 2.45.0 @paulOsinski (#12213)
close old findings: don't overwrite mitigated timestamp @valentijnscholten (#12204)
Linting: Update how-to-write-a-parser.md to not contain Ruff violations @valentijnscholten (#12214)
h1: vulnerability disclosure parser improvements @valentijnscholten (#12212)
sla_config: use mass update for recalculation @valentijnscholten (#12133)
Updated Documentation on Anchore Enterprise @Sopuru (#12058)
immuniweb json parser @valentijnscholten (#12179)
fix(renovate): Add separateMinorPatch @kiblik (#12190)
wiz scan: handle more fields and unique_id_from_tool @valentijnscholten (#12198)
🔨 RustyHog: handle empty reports correctly to fix #10584 @manuel-sommer (#12129)
README: Point to sample scans for demo @valentijnscholten (#12162)
Bump Django to 5.1.8 @valentijnscholten (#12191)
Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev @github-actions (#12189)

🚩 Changes to `settings.dist.py` / `local_settings.py`

Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
Implement Albibaba Linux vulnids @manuel-sommer (#12304)
Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
Add Cyberwatch Galeax Parser @AmineHazi (#12105)
Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
🎉 Add Amazon Linux Security Center advisory to vulnid @manuel-sommer (#12242)
Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
Implement HCL Commerce KB vulnids @manuel-sommer (#12199)
🎉 Add cisco security advisory to vulnid @manuel-sommer (#12180)
Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)

🚩 Database migration

Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
Update verbose name + help text for JIRA username and password fields @valentijnscholten (#12261)
Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
Tag: Update allowed characters for a unified format @Maffooch (#12194)
Import/Reimport Stats: Change name of left untouched @Maffooch (#12193)
Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)

🚀 API features and enhancements

Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
fix(api): Enable to set recommendation and decision in risk_acceptance @kiblik (#12303)
Tag: Update allowed characters for a unified format @Maffooch (#12194)
Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)

🖌 Updates in UI

Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
Focus Indicator Disappears While Tabbing - DefectDojo Accessibility issue (Serious) @oussama-taoufiq (#12051)
view_endpoint: fix error @valentijnscholten (#12343)
most recent note: show date/author @valentijnscholten (#12329)
Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
Implement Albibaba Linux vulnids @manuel-sommer (#12304)
fix(webhook): Missing quotation -> broken rendering @kiblik (#12226)
🐛 Differentiate between slackware and siemens vulnid @manuel-sommer (#12251)
Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
Update base.html @shipko (#12228)
SLA Calculations 2/2: Simplify logic @valentijnscholten (#11924)
Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
🐛 Fix Django template engagement_pdf_report #12201 @manuel-sommer (#12206)
fix(notif): Product name not rendered correctly @kiblik (#12203)
feat(perf): Speed-up loading by using smaller resources (js,css) @kiblik (#12178)
Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)

🔧 Improved code quality with linters

Ruff: Add S324 rule @manuel-sommer (#12169)
Ruff: Final fix of PTH123 @kiblik (#12177)

🧰 Maintenance

Bump boto3 from 1.38.6 to 1.38.7 @dependabot (#12366)
Bump ruff from 0.11.7 to 0.11.8 @dependabot (#12367)
Bump drf-spectacular-sidecar from 2025.4.1 to 2025.5.1 @dependabot (#12358)
Bump boto3 from 1.38.5 to 1.38.6 @dependabot (#12359)
Bump psycopg[c] from 3.2.6 to 3.2.7 @dependabot (#12360)
chore(deps): update dependency vite from 6.3.3 to v6.3.4 (docs/package.json) @renovate (#12349)
Bump boto3 from 1.38.4 to 1.38.5 @dependabot (#12352)
Bump humanize from 4.12.2 to 4.12.3 @dependabot (#12353)
Bump django-debug-toolbar from 5.1.0 to 5.2.0 @dependabot (#12339)
Bump django-auditlog from 3.0.0 to 3.1.2 @dependabot (#12338)
Bump celery from 5.5.1 to 5.5.2 @dependabot (#12337)
Bump boto3 from 1.38.2 to 1.38.4 @dependabot (#12336)
Bump pdfmake from 0.2.18 to 0.2.19 in /components @dependabot (#12335)
Update manusa/actions-setup-minikube action from v2.13.1 to v2.14.0 (.github/workflows/k8s-tests.yml) @renovate (#12334)
Bump social-auth-core from 4.6.0 to 4.6.1 @dependabot (#12340)
Update nginx/nginx-prometheus-exporter Docker tag from 1.4.1 to v1.4.2 (helm/defectdojo/values.yaml) @renovate (#12327)
Bump nginx from 1.27.4-alpine3.21 to 1.27.5-alpine3.21 @dependabot (#12323)
Bump openapitools/openapi-generator-cli from v7.12.0 to v7.13.0 @dependabot (#12322)
Bump social-auth-core from 4.5.6 to 4.6.0 @dependabot (#12316)
Bump ruff from 0.11.6 to 0.11.7 @dependabot (#12317)
Bump boto3 from 1.38.1 to 1.38.2 @dependabot (#12318)
Update redis Docker tag from 7.2.7 to v7.2.8 (docker-compose.yml) @renovate (#12311)
Update actions/download-artifact action from v4.2.1 to v4.3.0 (.github/workflows/rest-framework-tests.yml) @renovate (#12312)
Update docker/build-push-action action from v6.15.0 to v6.16.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12309)
Bump boto3 from 1.38.0 to 1.38.1 @dependabot (#12308)
Update actions/setup-python action from v5.5.0 to v5.6.0 (.github/workflows/test-helm-chart.yml) @renovate (#12306)
Update dependency vite from 6.3.2 to v6.3.3 (docs/package.json) @renovate (#12305)
Update dependency node from 22.14.0 to v22.15.0 (.github/workflows/validate_docs_build.yml) @renovate (#12300)
Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml) @renovate (#12241)
Bump boto3 from 1.37.38 to 1.38.0 @dependabot (#12298)
Bump lxml from 5.3.2 to 5.4.0 @dependabot (#12297)
Update Node.js from v22.14.0 to v22.15.0 (docs/package.json) @renovate (#12296)
Bump boto3 from 1.37.36 to 1.37.38 @dependabot (#12290)
Update stefanzweifel/git-auto-commit-action action from v5.1.0 to v5.2.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#12267)
Update softprops/action-gh-release action from v2.2.1 to v2.2.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12266)
Update dependency vite from 6.3.1 to v6.3.2 (docs/package.json) @renovate (#12260)
Bump ruff from 0.11.5 to 0.11.6 @dependabot (#12263)
Bump boto3 from 1.37.35 to 1.37.36 @dependabot (#12262)
Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.6 to v1.37.7 (helm/defectdojo/values.yaml) @renovate (#12254)
Update dependency vite from 6.3.0 to v6.3.1 (docs/package.json) @renovate (#12255)
Bump boto3 from 1.37.34 to 1.37.35 @dependabot (#12257)
Update dependency vite from 6.2.6 to v6.3.0 (docs/package.json) @renovate (#12252)
Bump html2text from 2024.2.26 to 2025.4.15 @dependabot (#12246)
Bump boto3 from 1.37.33 to 1.37.34 @dependabot (#12245)
Bump pillow from 11.1.0 to 11.2.1 @dependabot (#12234)
Bump django-crispy-forms from 2.3 to 2.4 @dependabot (#12235)
chore(deps): update actions/setup-node action from v4.3.0 to v4.4.0 (.github/workflows/validate_docs_build.yml) @renovate (#12229)
Bump markdown from 3.7 to 3.8 @dependabot (#12233)
Bump boto3 from 1.37.32 to 1.37.33 @dependabot (#12232)
Bump uwsgi from 2.0.28 to 2.0.29 @dependabot (#12231)
Bump django-extensions from 4.0 to 4.1 @dependabot (#12220)
Bump boto3 from 1.37.31 to 1.37.32 @dependabot (#12219)
Update dependency vite from 6.2.5 to v6.2.6 (docs/package.json) @renovate (#12207)
Bump django-celery-results from 2.5.1 to 2.6.0 @dependabot (#12209)
Bump boto3 from 1.37.30 to 1.37.31 @dependabot (#12208)
Bump boto3 from 1.37.29 to 1.37.30 @dependabot (#12202)
Bump celery from 5.4.0 to 5.5.1 @dependabot (#12196)
Bump django-extensions from 3.2.3 to 4.0 @dependabot (#12197)
Bump boto3 from 1.37.28 to 1.37.29 @dependabot (#12195)
Bump ruff from 0.11.3 to 0.11.4 @dependabot (#12184)
Bump lxml from 5.3.1 to 5.3.2 @dependabot (#12182)
Bump boto3 from 1.37.27 to 1.37.28 @dependabot (#12183)

DefectDojo/django-DefectDojo 2.46.0 2.46.0 🌈 on GitHub