DefectDojo/django-DefectDojo 2.47.0

2.47.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.46.0

• Fix helm chart for nightly-dev builds @valentijnscholten (#12504)
• remove google sheets leftovers @valentijnscholten (#12509)
• push to jira: check for existing jira issue inside celery task @valentijnscholten (#12508)
• Fixing linter issue @rossops (#12519)
• fix: add CVSSv4 support to auditjs parser and improve error handling @Haralishev77 (#12391)
• Include CVSS score in finding when using OpenVAS csv parser @jostaub (#12472)
• ms defender: do not cache parsed findings @valentijnscholten (#12493)
• legacy reimport: make matching on title case-insensitive @valentijnscholten (#12487)
• Checkmarx one doc update @skywalke34 (#12408)
• Updated Nexpose XML (Rapid7) Parser Documentation @skywalke34 (#12409)
• Add new "evaluations" format support to Anchorectl parser @cosmel-dojo (#12425)
• bugfix cyberwatch parser @AmineHazi (#12480)
• [docs] pro changelog 2.46.0- 2.46.3 @paulOsinski (#12484)
• 🐛 fix missing CWE in HCL Appscan #12468 @manuel-sommer (#12469)
• Update contributors in README.md @Maffooch (#12485)
• docs maintenance @paulOsinski (#12455)
• cvssv3: backport tests @valentijnscholten (#12457)
• excel export: enhance handling of finding groups, better logging @valentijnscholten (#12435)
• docs: Add non-parser Test Types to product hierarchy documentation @skywalke34 (#12419)
• defender: fix no vulnerabilities check @valentijnscholten (#12448)
• [docs] Add FAQ + minor maintenance changes @paulOsinski (#12417)
• [docs] Pro dashboards and metrics @paulOsinski (#12416)
• Managed Files: Sanitized file name before downloading @Maffooch (#12406)
• feat(helm): Drop support for postgresql-ha @kiblik (#12319)
• anchorectl: add format check @valentijnscholten (#12375)
• fix(nighly): Avoid forks @kiblik (#12396)
• Update Burp Enterprise HTML Parser Documentation @skywalke34 (#12407)
• Update Docs For Asynchronous Import Feature Removal @Jino-T (#12410)
• tags: prevent validation from removing tags @valentijnscholten (#12400)
• helm chart publisher: use proper ref for checkout @valentijnscholten (#12392)
• jira push: log inactive/verified message to debug @valentijnscholten (#12376)
• Minor Semgrep connector docs tweaks @cneill (#12373)

🚩 Changes to settings.dist.py / local_settings.py

• Bugfix @rossops (#12541)
• Product Announcements: Add messages to relevant features @Maffooch (#12525)
• ♻️ Remove async import @manuel-sommer (#12042)
• Implement ELA vulnid @manuel-sommer (#12510)
• Implement ALEA vulnid @manuel-sommer (#12500)
• Store fingerprint from bearer in unique_id_from_tool @wolframite (#12346)
• unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)
• Alibaba Cloud Linux 3 Security Advisory @manuel-sommer (#12465)
• feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
• Celery Logging: Respect CELERY_LOG_LEVEL @Maffooch (#12464)
• Session timeout notification 2 @kevin-vuong99 (#12225)

🚩 Database migration

• unique_id_from_tool: clarify values and usage @valentijnscholten (#12463)

🚀 API features and enhancements

• Product Announcements: Add messages to relevant features @Maffooch (#12525)
• Dojo Meta: Migrate to filterset_class + Add case Insensitive filters @Maffooch (#12528)
• Tags: Add support for comma separation for multipart forms (import/reimport) @Maffooch (#12434)
• Ruff: Add and autofix PERF401 @kiblik (#12370)

🖌 Updates in UI

• Bugfix @rossops (#12541)
• Implement ELA vulnid @manuel-sommer (#12510)
• Escape javascript breaking on backlash or special characters in finding title @c-goosen (#12514)
• Bugfix: fix gap between component header and filter body @jostaub (#12503)
• Update Support Messaging @Maffooch (#12495)
• Bugfix: fixed wrong panel-footer margin in detailed metrics @jostaub (#12494)
• Forced-contrast mode adjustments for better accessibility @littlesvensson (#12342)
• Alibaba Cloud Linux 3 Security Advisory @manuel-sommer (#12465)
• feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
• easymde: enable native/browser spell checker @valentijnscholten (#12377)
• UI Pagination: Reduce the options to more reasonable numbers @Maffooch (#12439)
• ui: fix "retrieve my username" typo @jfyuen (#12368)
• Session timeout notification 2 @kevin-vuong99 (#12225)

🗣 Updates in localization

• ui: fix "retrieve my username" typo @jfyuen (#12368)

🔧 Improved code quality with linters

• feat(helm): allow to use an external serviceAccount @NitriKx (#12441)
• Replace Review Bot with Centralized Action @Maffooch (#12451)
• Ruff: Add PLC0206 @manuel-sommer (#12426)
• Ruff: Add and autofix PERF401 @kiblik (#12370)
• Ruff: Add and autofix PERF403 @kiblik (#12371)
• Ruff: Add PLR1730 and PLR2044 @manuel-sommer (#12380)

🧰 Maintenance

• Bump ruff from 0.11.11 to 0.11.12 @dependabot (#12532)
• Bump boto3 from 1.38.24 to 1.38.25 @dependabot (#12527)
• Bump vulners from 2.3.6 to 2.3.7 @dependabot (#12526)
• chore(deps): update docker/build-push-action action from v6.17.0 to v6.18.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12518)
• Bump boto3 from 1.38.23 to 1.38.24 @dependabot (#12522)
• Bump cryptography from 44.0.3 to 45.0.3 @dependabot (#12505)
• Bump boto3 from 1.38.22 to 1.38.23 @dependabot (#12506)
• Bump boto3 from 1.38.21 to 1.38.22 @dependabot (#12497)
• Bump ruff from 0.11.10 to 0.11.11 @dependabot (#12498)
• chore(deps): update node.js from v22.15.1 to v22.16.0 (docs/package.json) @renovate (#12490)
• Bump boto3 from 1.38.20 to 1.38.21 @dependabot (#12492)
• Bump boto3 from 1.38.19 to 1.38.20 @dependabot (#12489)
• Bump django-polymorphic from 3.1.0 to 4.1.0 @dependabot (#12488)
• Bump boto3 from 1.38.18 to 1.38.19 @dependabot (#12486)
• Bump pyopenssl from 25.0.0 to 25.1.0 @dependabot (#12479)
• Bump boto3 from 1.38.17 to 1.38.18 @dependabot (#12477)
• fix(deps): update dependency @tabler/icons from 3.31.0 to v3.33.0 (docs/package.json) @renovate (#12467)
• Bump boto3 from 1.38.16 to 1.38.17 @dependabot (#12460)
• Bump ruff from 0.11.9 to 0.11.10 @dependabot (#12461)
• chore(deps): update node.js from v22.15.0 to v22.15.1 (docs/package.json) @renovate (#12450)
• Bump sqlalchemy from 2.0.40 to 2.0.41 @dependabot (#12452)
• Bump boto3 from 1.38.15 to 1.38.16 @dependabot (#12453)
• chore(deps): update docker/build-push-action action from v6.16.0 to v6.17.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12456)
• Bump psycopg[c] from 3.2.8 to 3.2.9 @dependabot (#12444)
• Bump boto3 from 1.38.13 to 1.38.15 @dependabot (#12443)
• chore(deps): update mikefarah/yq action from v4.45.3 to v4.45.4 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12424)
• Bump ruff from 0.11.8 to 0.11.9 @dependabot (#12427)
• Bump psycopg[c] from 3.2.7 to 3.2.8 @dependabot (#12428)
• Bump boto3 from 1.38.12 to 1.38.13 @dependabot (#12429)
• Bump django-dbbackup from 4.2.1 to 4.3.0 @dependabot (#12430)
• chore(deps): update mikefarah/yq action from v4.45.2 to v4.45.3 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12421)
• chore(deps): update postgres docker tag from 17.4 to v17.5 (docker-compose.yml) @renovate (#12418)
• chore(deps): update helm release postgresql from 16.6.7 to ~16.7.0 (helm/defectdojo/chart.yaml) @renovate (#12414)
• Bump pdfmake from 0.2.19 to 0.2.20 in /components @dependabot (#12422)
• Bump boto3 from 1.38.11 to 1.38.12 @dependabot (#12423)
• Bump boto3 from 1.38.10 to 1.38.11 @dependabot (#12412)
• Bump boto3 from 1.38.9 to 1.38.10 @dependabot (#12395)
• Bump boto3 from 1.38.8 to 1.38.9 @dependabot (#12390)
• chore(deps): update mikefarah/yq action from v4.45.1 to v4.45.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12374)
• chore(deps): update dependency vite from 6.3.4 to v6.3.5 (docs/package.json) @renovate (#12379)
• Bump cryptography from 44.0.2 to 44.0.3 @dependabot (#12382)
• Bump boto3 from 1.38.7 to 1.38.8 @dependabot (#12383)