DefectDojo/django-DefectDojo 2.5.0

2.5.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.4.0

• Fix typo @fabaff (#5575)
• Release: Merge release into master from: release/2.5.0 @github-actions (#5569)
• Release: Merge release into master from: release/2.5.0 @github-actions (#5564)
• Fix alias paths in nginx config @tutasla (#5557)
• Added info on upgrading godojo installs of DefectDojo to the docs @mtesauro (#5561)
• Checkmarx: parse and set false positive, active and verified fields correctly @ptrovatelli (#5484)
• use GHA caching for integration tests @valentijnscholten (#5495)
• remove duplicated {{block.super}} lines @valentijnscholten (#5545)
• bump django to 3.2.9 @valentijnscholten (#5539)
• Checkmarx parser aggregation and deduplication with query id @jcaillon (#5506)
• update docs for SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS @shubhindia (#5529)
• fix release-drafter.xml (#5511) @valentijnscholten (#5532)
• Nessus: store only standard protocol names @kiblik (#5471)
• fix duplicate notification urls @valentijnscholten (#5515)
• Update DOCKER.md to fix broken link @rsaiprashanth (#5505)
• fix release-drafter.xml (against master) @valentijnscholten (#5511)
• add tag for each Trivy vulnerability @shubhindia (#5479)
• Add EmptyDir for CeleryBeat into /run @dsever (#5421)
• Moved all plot objects into one .js file @blakeaowens (#5456)
• optimize GHA unit test @valentijnscholten (#5488)
• master into dev @valentijnscholten (#5473)
• use buildkit master with bugfix @valentijnscholten (#5467)
• add build arg for userid integration tests @valentijnscholten (#5432)
• feat: make semgrep reports more informative @art-tykh (#5391)
• Update release-drafter template @valentijnscholten (#5431)
• fix dedupe sync usage example @shubhindia (#5446)
• Integration test warning cleanup @CharlieSears (#5445)
• Move more markdown files to github pages @valentijnscholten (#5403)
• Fix integration test users @dsever (#5425)
• Remove dependency check report file @StefanFl (#5413)
• main(tests): remove rabbitmq from unit-tests @alles-klar (#5307)
• Integration test idempotency @CharlieSears (#5397)
• master into dev @valentijnscholten (#5406)
• merge mast into dev after github pages changes @valentijnscholten (#5402)
• GitHub Pages for master and dev @valentijnscholten (#5399)
• Generate github pages for master + dev branches @valentijnscholten (#5398)
• workflow updates @valentijnscholten (#5394)
• GHA workflows: don't persist git credentials @valentijnscholten (#5393)
• update demo password @valentijnscholten (#5388)
• Release: Merge back 2.4.1 into dev from: master-into-dev/2.4.1-2.5.0-dev @github-actions (#5385)
• Release: Merge release into master from: release/2.4.1 @github-actions (#5384)
• update release date in deprecation timeline for legacy authorization @valentijnscholten (#5374)
• Update test-helm-chart.yml @valentijnscholten (#5380)
• Update test-helm-chart.yml @valentijnscholten (#5379)
• Update test-helm-chart.yml @valentijnscholten (#5378)
• merge master into dev @valentijnscholten (#5377)
• Release: Merge back 2.4.0 into dev from: master-into-dev/2.4.0-2.5.0-dev @github-actions (#5373)

🚩 Changes to settings.dist.py / local_settings.py

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• Add asynchronous re/imports (disabled by default) @Maffooch (#5553)
• Set default_auto_field after migration to Django 3.2 @StefanFl (#5552)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Auth V2 - Remove legacy authorization part 4: final removal of FEATURE_AUTHORIZATION_V2 @StefanFl (#5477)
• Use hash_code for deduplication of detect-secrets scans @StefanFl (#5483)
• New report format for Trufflehog3, use hashcode for dedupe @StefanFl (#5478)
• Add "Forgot password" functionality @kiblik (#5302)
• feat(saml): configurable login button text @alles-klar (#5449)
• Upstream dev @valentijnscholten (#5395)
• main: improve documentation @alles-klar (#5390)

🚩 Database migration

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• fix image migration for duplicate captions @valentijnscholten (#5549)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• Set default group for all new users @StefanFl (#5501)
• Add "Forgot password" functionality @kiblik (#5302)
• Remove models for legacy api classes @StefanFl (#5387)
• Upstream dev @valentijnscholten (#5395)
• Fix migration of API configurations @StefanFl (#5383)

🚀 General features and enhancements

• Add asynchronous re/imports (disabled by default) @Maffooch (#5553)
• Add support for files in generic parser @damiencarol (#5508)
• Upgrade to Django 3.2 @valentijnscholten (#5265)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• fix(helm): allow disabling initializer job @qlimenoque (#5504)
• Set default group for all new users @StefanFl (#5501)
• Add support for pushing tags to jira @Maffooch (#5476)
• Add "Forgot password" functionality @kiblik (#5302)
• Allow to force login form @kiblik (#5444)
• feat(saml): configurable login button text @alles-klar (#5449)
• APIv2: Allow import/reimport by names not only ids @valentijnscholten (#5342)

🚀 API features and enhancements

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• Respect scan_date at import time for all findings imported @Maffooch (#5547)
• api: update reimport docstring @valentijnscholten (#5560)
• Autocreate product / engagement during (re)import @valentijnscholten (#5492)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Fix files API @StefanFl (#5509)
• Fixes for typos in UI and code @StefanFl (#5531)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• Fix for missing API_Scan_Configuration and exception handler @StefanFl (#5455)
• Auth V2 - Remove legacy authorization part 3: Remove feature flag from core classes @StefanFl (#5458)
• Authz: Allow global maintainers/owner to add Product Types @valentijnscholten (#5410)
• Upstream dev @valentijnscholten (#5395)
• APIv2: Allow import/reimport by names not only ids @valentijnscholten (#5342)

🐛 Bug Fixes

• Respect scan_date at import time for all findings imported @Maffooch (#5547)
• fix image migration for duplicate captions @valentijnscholten (#5549)
• Typo in README and a missing parser in the documentation @StefanFl (#5548)
• Fix staff permission to add product types @StefanFl (#5551)
• Fix files API @StefanFl (#5509)
• Fixes for typos in UI and code @StefanFl (#5531)
• Update Nessus WAS parser to catch the lack of a port in CSV Parser @Maffooch (#5490)
• Fix missing import/model in 0066_django_tagulous.py @valentijnscholten (#5514)
• Use hash_code for deduplication of detect-secrets scans @StefanFl (#5483)
• Fix for missing API_Scan_Configuration and exception handler @StefanFl (#5455)
• Fix for creating multiple groups containing the same Product Type @StefanFl (#5457)
• Update the nginx-prometheus-exporter entrypoint @bgoareguer (#5415)

🧰 Maintenance

• Set default_auto_field after migration to Django 3.2 @StefanFl (#5552)
• remove findingimages leftovers @valentijnscholten (#5540)
• Update rabbitmq:3.9.11 Docker digest from 3.9.11 to 3.9.11 (docker-compose.yml) @renovate (#5546)
• Add organizational blocks around metrics.js files @Maffooch (#5544)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Update rabbitmq Docker tag from 3.9.10 to v3.9.11 (docker-compose.yml) @renovate (#5541)
• Move unit test leftovers @StefanFl (#5543)
• Bump google-api-python-client from 2.31.0 to 2.32.0 @dependabot (#5536)
• Bump redis from 3.5.3 to 4.0.2 @dependabot (#5481)
• Bump djangosaml2 from 1.3.4 to 1.3.5 @dependabot (#5463)
• Upgrade to Django 3.2 @valentijnscholten (#5265)
• move unittests outside dojo folder @valentijnscholten (#5527)
• main(helm): remove deprecated stable repo, bump tested k8s versions @alles-klar (#5450)
• Bump humanize from 3.12.0 to 3.13.1 @dependabot (#5530)
• Bump coverage from 6.1.2 to 6.2 @dependabot (#5520)
• Auth V2 - Remove legacy authorization part 4: final removal of FEATURE_AUTHORIZATION_V2 @StefanFl (#5477)
• Update dependency postcss from 8.4.3 to v8.4.4 (docs/package.json) @renovate (#5512)
• Go to user view after user add @StefanFl (#5510)
• Update dependency postcss from 8.4.1 to v8.4.3 (docs/package.json) @renovate (#5507)
• Update dependency postcss from 8.4.0 to v8.4.1 (docs/package.json) @renovate (#5498)
• Update dependency postcss from 8.3.11 to v8.4.0 (docs/package.json) @renovate (#5493)
• Update rabbitmq:3.9.10 Docker digest from 3.9.10 to 3.9.10 (docker-compose.yml) @renovate (#5486)
• New report format for Trufflehog3, use hashcode for dedupe @StefanFl (#5478)
• Bump cryptography from 35.0.0 to 36.0.0 @dependabot (#5482)
• Update rabbitmq Docker tag from 3.9.9 to v3.9.10 (docker-compose.yml) @renovate (#5475)
• Update rabbitmq:3.9.9 Docker digest from 3.9.9 to 3.9.9 (docker-compose.yml) @renovate (#5472)
• Bump mysqlclient from 2.0.3 to 2.1.0 @dependabot (#5468)
• Bump django-polymorphic from 3.0.0 to 3.1.0 @dependabot (#5469)
• Bump markdown from 3.3.5 to 3.3.6 @dependabot (#5470)
• Bump markdown from 3.3.4 to 3.3.5 @dependabot (#5460)
• Bump google-api-python-client from 2.30.0 to 2.31.0 @dependabot (#5462)
• Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (docker-compose.yml) @renovate (#5464)
• Auth V2 - Remove legacy authorization part 2: Remove dojo/user/helper.py @StefanFl (#5412)
• add defectdojo license to yarn package.json @alles-klar (#5447)
• Bump nginx from 1.21.3-alpine to 1.21.4-alpine @dependabot (#5452)
• Bump sqlalchemy from 1.4.26 to 1.4.27 @dependabot (#5440)
• Bump psycopg2-binary from 2.9.1 to 2.9.2 @dependabot (#5439)
• Update rabbitmq Docker tag from 3.9.8 to v3.9.9 (docker-compose.yml) @renovate (#5434)
• Bump drf-spectacular from 0.20.2 to 0.21.0 @dependabot (#5427)
• Bump coverage from 6.1.1 to 6.1.2 @dependabot (#5428)
• Bump pdfmake from 0.2.3 to 0.2.4 in /components @dependabot (#5429)
• Bump google-api-python-client from 2.29.0 to 2.30.0 @dependabot (#5418)
• Auth V2 - Remove legacy authorization part 1: Remove legacy auth from templates @StefanFl (#5382)
• Remove models for legacy api classes @StefanFl (#5387)
• Bump django-extensions from 3.1.3 to 3.1.5 @dependabot (#5408)
• Bump pdfmake from 0.2.2 to 0.2.3 in /components @dependabot (#5409)
• Bump numpy from 1.21.3 to 1.21.4 @dependabot (#5396)
• Update dependency postcss-cli from 9.0.1 to v9.0.2 (docs/package.json) @renovate (#5392)
• main: improve documentation @alles-klar (#5390)
• Bump django-watson from 1.5.5 to 1.6.0 @dependabot (#5389)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.26.0 to v1.27.0 (helm/defectdojo/values.yaml) @renovate (#5375)
• Bump lxml from 4.6.3 to 4.6.4 @dependabot (#5381)
• Bump google-api-python-client from 2.28.0 to 2.29.0 @dependabot (#5365)
• Bump django-imagekit from 4.0.2 to 4.1.0 @dependabot (#5366)
• Bump google-auth from 2.3.2 to 2.3.3 @dependabot (#5367)