Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.49.0
- [docs] updates for August @paulOsinski (#13078)
- 🎉 Add fix_available to Harbor @manuel-sommer (#13053)
- Finding Filters: Add Product Life Cycle filter to be supported in both finding filters @Maffooch (#13068)
- 🎉 Add fix_available to AnchoreCTL @manuel-sommer (#13062)
- 🎉 Add fix_available to AnchoreEngine @manuel-sommer (#13060)
- 🎉 Add fix_available to TrivyOperator @manuel-sommer (#13056)
- Update References to Supported Version of Hugo to the Newest Compatible Version @Jino-T (#13047)
- 🎉 Add fix_available to Trivy @manuel-sommer (#13057)
- 🎉 Add fix_available to RedHatSatellite @manuel-sommer (#13059)
- 💄 Restructure Kubehunter json files to make it readable @manuel-sommer (#13061)
- feat(unittest): Small improvements in unittests @kiblik (#13064)
- Chartsynced charts and images for vendoring @rossops (#13063)
- fix(eng/failure_redirect): Fix rendering when coming from product site @kiblik (#13042)
- fix(eng/test-validate_forms): Show error if form is not valid @kiblik (#13045)
- feat(docker): Drop nginx debian @kiblik (#12998)
- cvss4: remove no longer needed custom parsing @valentijnscholten (#13037)
- Allow more file extensions for importers @Maffooch (#13034)
- mend: fix handling known_exploited/ransomware_used @valentijnscholten (#13036)
- [docs] update Priority & Risk docs @paulOsinski (#13035)
- feat(tests): Perform tests on latest supported k8s (1.33.4) @kiblik (#13024)
- BlackDuck: Support import in plaintext or bytes @Maffooch (#13033)
- feat(docker): Use Alpine 3.22 in docker images @kiblik (#13023)
- feat(docker-compose): Add digest pinning for busybox @kiblik (#13025)
- fix(timezone/commands): Drop obsolete 'locale' definitions @kiblik (#12995)
- Update Docs Link in Settings.py to Match Current Docs Structure @Jino-T (#13021)
- [docs] Integrations (beta) @paulOsinski (#12987)
- chore(deps): pin github actions by hash @datosh (#12958)
- Endpoint: Make
post_deletesignal more reliable @Maffooch (#12969) - feat(helm): Drop support for networking.k8s.io/v1beta1 @kiblik (#12985)
- feat(helm): Drop support for annotation "kubernetes.io/ingress.class" in GKE @kiblik (#12986)
- File Path Access: Prevent exception for non existent paths @Maffooch (#12976)
- allow .fpr extension when importing scan @fopina (#12972)
- Updates ReadMe.MD @devGregA (#12980)
- [docs] cli updates, 2.48 changelog @paulOsinski (#12902)
- Documentation: Guide to testing hugo pipeline locally @Maffooch (#12959)
- Bump cvss from 3.4 to 3.6 @eric-warren (#12948)
- ADD: Alternative command to change password @ThiagoCruzBr (#12931)
- Enable ipv6 in nginx (if available) @kiblik (#12938)
- restore entrypoint-unit-tests-devDocker.sh @valentijnscholten (#12904)
- performance do_not_reactivate: adding a note doesn't need a finding save @valentijnscholten (#12901)
- new snyk_issue_api parser for
codeissues (file based) @valentijnscholten (#12903) - Docs: Restore
package-lock.json@Maffooch (#12954) - Fix Mend kev_date format - add conversion @testaccount90009 (#12915)
- debug toolbar: downgrade to 5.2.0 @valentijnscholten (#12919)
- quickFix: invalid config in "Feat(nginx): Add support for IPv6" @kiblik (#12916)
🚩 Changes to settings.dist.py / local_settings.py
- Add SCA vulnid and fix example for SSA: @manuel-sommer (#13072)
- feat(form-import): DRY File Extension @kiblik (#13066)
- 🎉 Add wid-sec-w vulnid @manuel-sommer (#13038)
- API Docs: Remove space in
Defect Dojo@Maffooch (#13011)
🚩 Database migration
- FileUploads: Clean up
mediawhen related objects are deleted @Maffooch (#13028) - feat(settings): Drop time_zone @kiblik (#12999)
🚀 API features and enhancements
🖌 Updates in UI
- 🎉 Add fix_available information to engagement views @manuel-sommer (#13070)
- Ruff: Add and autofix PLR1714 @kiblik (#13004)
- Fix 12955 / Set default value of postgresql.postgresServer to 127.0.0.1 in helm chart @lchastel (#12965)
- Global Finding Groups page @LeoOMaia (#12814)
- Display Tags: Do not rely on the request object being present @Maffooch (#12939)
- Webhook Notifications: Support the owner field @Maffooch (#12940)
🔧 Improved code quality with linters
- Ruff: Add and fix PLR1704 @kiblik (#13005)
- Ruff: Add and autofix PLR1714 @kiblik (#13004)
- Ruff: Add and autofix PLR1711 @kiblik (#13003)
- Ruff: Add and fix PYI024 (+ merge PYI) @kiblik (#13002)
🧰 Maintenance
- Bump python-gitlab from 6.2.0 to 6.3.0 @dependabot (#13071)
- chore(deps): update node.js from v22.18.0 to v22.19.0 (docs/package.json) @renovate (#13073)
- Bump ruff from 0.12.10 to 0.12.11 @dependabot (#13075)
- Bump boto3 from 1.40.18 to 1.40.20 @dependabot (#13074)
- Bump boto3 from 1.40.16 to 1.40.18 @dependabot (#13069)
- Bump boto3 from 1.40.16 to 1.40.17 @dependabot (#13067)
- Bump openapitools/openapi-generator-cli from v7.14.0 to v7.15.0 @dependabot (#13048)
- chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.8 to v1.37.9 (helm/defectdojo/values.yaml) @renovate (#13049)
- Bump nginx from 1.28.0-alpine3.22 to 1.29.1-alpine3.22 @dependabot (#13050)
- Bump boto3 from 1.40.15 to 1.40.16 @dependabot (#13051)
- Bump humanize from 4.12.3 to 4.13.0 @dependabot (#13052)
- Bump datatables.net from 2.3.2 to 2.3.3 in /components @dependabot (#13027)
- Bump boto3 from 1.40.10 to 1.40.15 @dependabot (#13029)
- Bump lxml from 6.0.0 to 6.0.1 @dependabot (#13030)
- Bump ruff from 0.12.9 to 0.12.10 @dependabot (#13031)
- Bump ruff from 0.12.8 to 0.12.9 @dependabot (#12993)
- Update postgres:17.6-alpine Docker digest from 17.6 to 17.6-alpine (docker-compose.yml) @renovate (#13000)
- chore(deps): update azure/setup-helm action from v4.3.0 to v4.3.1 (.github/workflows/test-helm-chart.yml) @renovate (#13018)
- Bump brace-expansion in /docs @dependabot (#13013)
- chore(deps): update dependency vite from 7.1.2 to v7.1.3 (docs/package.json) @renovate (#13014)
- Bump requests from 2.32.4 to 2.32.5 @dependabot (#13016)
- Bump: curlimages/curl:8.15.0 @kiblik (#12977)
- chore(deps): update postgres docker tag from 17.5 to v17.6 (docker-compose.yml) @renovate (#12992)
- Bump boto3 from 1.40.6 to 1.40.10 @dependabot (#12994)
- Bump sqlalchemy from 2.0.42 to 2.0.43 @dependabot (#12978)
- chore(deps): update actions/checkout action from v4.3.0 to v5 (.github/workflows/validate_docs_build.yml) @renovate (#12961)
- Update dependency vite from 7.1.1 to v7.1.2 (docs/package.json) @renovate (#12973)
- Bump boto3 from 1.40.5 to 1.40.6 @dependabot (#12966)
- chore(deps): update actions/checkout action from v4.2.2 to v4.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#12960)
- chore(deps): update dependency python from 3.9.23 to 3.13 (.github/workflows/test-helm-chart.yml) @renovate (#12957)
- fix(deps): update dependency @thulite/seo from 2.4.1 to v2.4.2 (docs/package.json) @renovate (#12928)
- Bump cryptography from 45.0.5 to 45.0.6 @dependabot (#12936)
- chore(deps): update github artifact actions (.github/workflows/rest-framework-tests.yml) (major) @renovate (#12932)
- chore(deps): update actions/cache action from v4.2.3 to v4.2.4 (.github/workflows/validate_docs_build.yml) @renovate (#12949)
- Bump ruff from 0.12.7 to 0.12.8 @dependabot (#12951)
- Bump boto3 from 1.40.0 to 1.40.5 @dependabot (#12952)
- fix(deps): update dependency @thulite/inline-svg from 1.2.0 to v1.2.1 (docs/package.json) @renovate (#12926)
- Bump djangorestframework from 3.16.0 to 3.16.1 @dependabot (#12945)
- Bump redis from 6.2.0 to 6.4.0 @dependabot (#12944)
- Bump packageurl-python from 0.17.3 to 0.17.5 @dependabot (#12943)
- chore(deps): update dependency vite from 7.0.6 to v7.1.1 (docs/package.json) @renovate (#12941)
- chore(deps): update docker/login-action action from v3.4.0 to v3.5.0 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#12909)