DefectDojo/django-DefectDojo 2.52.0

2.52.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.51.0

• [docs] Prioritization Engine adjustments @paulOsinski (#13581)
• Handle missing severity field in CycloneDX parser @Maffooch (#13583)
• Fix recipient handling in create_notification method @dorkdiaries9 (#13548)
• docker compose: switch to Valkey as message broker @valentijnscholten (#13331)
• Update package versions for consistency by removing caret (^) @Maffooch (#13543)
• Added more details to the run-unittest.sh help text @Jino-T (#13557)
• Added handling for abnormal wazuh severity values @Jino-T (#13522)
• [docs] Integrators/Connectors updates @paulOsinski (#13549)
• docs: correct LDAP authentication instructions for Alpine-based Dockerfiles @yuwwx (#13544)
• chore: update notify-pr-reviewers-action to always use the latest version @Maffooch (#13567)
• fix(HELM): Add "artifacthub.io/changes" for renovate & dependabot @kiblik (#13520)
• feat(GHA): Replace ShellCheck @kiblik (#13519)
• feat(helm): Do not allow multiple celery beats @kiblik (#13527)
• fix(renovate): Clean records @kiblik (#13509)
• unittests: disable webhook notifications in unrelated tests @valentijnscholten (#13515)
• [docs] add MCP server documentation @paulOsinski (#13529)
• reimplement favicons, update theme @paulOsinski (#13502)
• docs: fix unique_id_or_hash_code docs @valentijnscholten (#13501)
• Implement authorization for class Risk_Acceptance @pablosnt (#13469)
• docs: Add note about postgresql18 path change to v2.51 upgrade notes. @pageinsec (#13498)
• feat(helm): Improve description about images/tags @kiblik (#13473)
• github action: allow detect merge conflicts to fail @valentijnscholten (#13465)
• Add tests and documentation for deduplication algorithms @valentijnscholten (#13464)
• Add more deduplication unit tests for importers @valentijnscholten (#13463)
• deduplication: log HASH_CODE_FIELDS_ALWAYS @valentijnscholten (#13462)
• Fix incorrect (inflated) numbers in top 10 metrics @valentijnscholten (#13453)
• Add Anchore Connector documentation @paulOsinski (#13455)
• Pro changelog: 2.51.0/1 and minor docs maintenance @paulOsinski (#13454)
• feat(helm): Add descriptions @kiblik (#13407)
• Replace webhook state transition diagram with PNG instead of rendering with kroki @Maffooch (#13456)
• auto_create_context: make engagement creation atomic @valentijnscholten (#13444)
• fix-loop-duplicates: optimize query @valentijnscholten (#13445)
• fix(helm): Fix renovate/dependabot helper @kiblik (#13438)
• tag based filtering: avoid duplicate rows in results @valentijnscholten (#13442)
• Downgrade django-tagulous to 2.1.0 @valentijnscholten (#13441)
• Downgrade django-tagulous to 2.1.0 @valentijnscholten (#13440)
• feat(helm): Split image locations+tags, allow digest pinning @kiblik (#13370)
• fix(renovate): Drop Bitnami @kiblik (#13403)
• feat(renovate): Add support for versioning less standard value locations @kiblik (#13406)
• fix(helm): re-add annotation hint @kiblik (#13424)
• fix(helm): Test oldest supported k8s version @kiblik (#13376)
• fix(helm): Drop initialDelaySeconds if empty @kiblik (#13398)
• fix: handle broken endpoints when includes a port number in Acunetix XML parser @Irfan-Mohd (#13371)
• add unit tests to test importer deduplication @valentijnscholten (#13372)
• feat(helm): Add support for automountServiceAccountToken @kiblik (#13375)
• feat(helm): DRY cloudsql-proxy @kiblik (#13369)
• feat(helm): Hint for correct "artifacthub.io/changes" syntax @kiblik (#13397)
• feat(gha): Help Renovate + Dependabot to update HELM docs @kiblik (#13366)
• feat(helm): Simplify k8s-tests.yml @kiblik (#13379)
• feat(helm): Make release commits more verbose @kiblik (#13367)
• fix upload error when finding groups disabled @valentijnscholten (#13334)
• importers: defend against parsers returning None @valentijnscholten (#13335)
• watson middleware: skip logging if no instances updated @valentijnscholten (#13363)
• skip duplicates: remove obsolete references @valentijnscholten (#13327)
• JIRA instance config: improve error handling on open/close status ids @valentijnscholten (#13326)
• ⬆️ Bump ruff from 0.13.2 to 0.14.0 @manuel-sommer (#13337)
• fix: add missing resources, securityContext and env entries @fernandezcuesta (#13210)
• fix(helm): Fix checker of HELM chart change @kiblik (#13310)
• fix(gha): Run Release-Nightly only once a day @kiblik (#13329)

💣 Breaking changes

• UNIQUE_ID_OR_HASH_CODE: dont stop after one candidate @valentijnscholten (#13513)

🚩 Changes to settings.dist.py / local_settings.py

• 🐛 Robustify create_user to handle None value @manuel-sommer (#13572)
• 🎉 Add mal vulnid @manuel-sommer (#13588)
• 🐛 add middleware to handle social auth provider unavailability gracefully @manuel-sommer (#13523)
• watson: lower async threshold from 100 to 10 @valentijnscholten (#13518)
• 🎉 Implement msrc vulnid @manuel-sommer (#13487)
• Split Github Vulnerability Scan into separate SCA & SAST parsers @Logicmn (#12773)
• Added the definition of the SOCIAL_AUTH_LOGIN_REDIRECT_URL variable @rseleven (#13428)
• feat(session): Single user session @kiblik (#13416)
• 🔨 Merge the MobSF scanner @manuel-sommer (#12501)

🚩 Database migration

• endpoint import optimize @valentijnscholten (#13521)
• jira_integration: changes risk acceptance expiration date to a better default @maxi-bee (#13488)

🚀 API features and enhancements

• Remove prefetched tags in FindingViewSet @Maffooch (#13568)
• Added Ability to Edit found_by value in API @Jino-T (#13542)
• findings-report-api: fix 404 errors @valentijnscholten (#13446)
• Fix DojoGroupSerializer to handle empty permissions list @Maffooch (#13447)
• Ruff: Fix PLC2701 + merge PLC @kiblik (#13436)
• apiv2: fix schema for engagements endpoint @valentijnscholten (#13336)

🐛 Bug Fixes

• deduplication logic: add cross scanner unique_id tests and fix bug @valentijnscholten (#13499)

🖌 Updates in UI

• 🐛 fix similiar findings severity color #13551 @manuel-sommer (#13586)
• scan_added_empty.tpl: fix symlink problem @valentijnscholten (#13514)
• fix: ui must not overwrite service field from parser @valentijnscholten (#13517)
• Show unique id from tool together with hash_code in title elements @valentijnscholten (#13460)
• report builder: ensure at least one section is present @valentijnscholten (#13443)
• pghistory improvements: backfill and "empty" changes @valentijnscholten (#13383)
• user mentioning: diplay author instead of recipient @valentijnscholten (#13332)
• engagement: allow unlinking of JIRA epic @valentijnscholten (#13333)

🔧 Improved code quality with linters

• Ruff: PT - simplify rules @kiblik (#13435)
• Ruff: Fix N805 @kiblik (#13437)
• Ruff: Add and merge safe rules (B,S) @kiblik (#13430)
• Ruff: Fix PLC2701 + merge PLC @kiblik (#13436)
• feat(docker): Use Python 3.13 in docker images @kiblik (#13022)

🧰 Maintenance

• chore(deps): bump boto3 from 1.40.62 to 1.40.63 @dependabot (#13579)
• chore(deps): bump ruff from 0.14.2 to 0.14.3 @dependabot (#13577)
• chore(deps): update dependency renovatebot/renovate from 41.165.7 to v41.168.0 (.github/workflows/renovate.yaml) @renovate (#13576)
• chore(deps): update dependency django-debug-toolbar from 6.0.0 to v6.1.0 (requirements-dev.txt) @renovate (#13575)
• chore(deps): update dependency renovatebot/renovate from 41.165.5 to v41.165.7 (.github/workflows/renovate.yaml) @renovate (#13574)
• chore(deps): bump python-gitlab from 6.5.0 to 7.0.0 @dependabot (#13570)
• chore(deps): bump boto3 from 1.40.60 to 1.40.62 @dependabot (#13569)
• chore(deps): update dependency renovatebot/renovate from 41.163.7 to v41.165.5 (.github/workflows/renovate.yaml) @renovate (#13559)
• chore(deps): update dependency node from 24.10.0 to v24.11.0 (.github/workflows/validate_docs_build.yml) @renovate (#13560)
• chore(deps): update dependency renovatebot/renovate from 41.163.6 to v41.163.7 (.github/workflows/renovate.yaml) @renovate (#13558)
• chore(deps): update dependency renovatebot/renovate from 41.163.1 to v41.163.6 (.github/workflows/renovate.yaml) @renovate (#13556)
• chore(deps): bump boto3 from 1.40.58 to 1.40.60 @dependabot (#13554)
• chore(deps): bump bleach from 6.2.0 to 6.3.0 @dependabot (#13553)
• chore(deps): bump redis from 7.0.0 to 7.0.1 @dependabot (#13552)
• chore(deps): update dependency node from 22.21.0 to v24 (.github/workflows/validate_docs_build.yml) @renovate (#13550)
• Bump psycopg[c] from 3.2.11 to 3.2.12 @dependabot (#13535)
• chore(deps): update dependency renovatebot/renovate from 41.159.4 to v41.163.1 (.github/workflows/renovate.yaml) @renovate (#13533)
• chore(deps): update dependency vite from 7.1.11 to v7.1.12 (docs/package.json) @renovate (#13532)
• chore(deps): update github artifact actions (.github/workflows/rest-framework-tests.yml) (major) @renovate (#13531)
• Bump redis from 6.4.0 to 7.0.0 @dependabot (#13510)
• chore(deps): update dependency vite from 7.1.9 to v7.1.11 [security] @renovate (#13480)
• chore(deps): update postgres:18.0-alpine docker digest from 18.0 to 18.0-alpine (docker-compose.yml) @renovate (#13503)
• Bump boto3 from 1.40.55 to 1.40.58 @dependabot (#13524)
• Bump ruff from 0.14.1 to 0.14.2 @dependabot (#13525)
• chore(deps): update dependency renovatebot/renovate from 41.146.8 to v41.159.4 (.github/workflows/renovate.yaml) @renovate (#13507)
• chore(deps): update node.js from v22.20.0 to v22.21.0 (docs/package.json) @renovate (#13508)
• chore(deps): update dependency renovatebot/renovate from 41.146.0 to v41.146.8 (.github/workflows/renovate.yaml) @renovate (#13484)
• Bump psycopg[c] from 3.2.10 to 3.2.11 @dependabot (#13471)
• fix(deps): update dependency @docsearch/css from 4.1.0 to v4.2.0 (docs/package.json) @renovate (#13381)
• Bump boto3 from 1.40.54 to 1.40.55 @dependabot (#13472)
• Bump python-gitlab from 6.4.0 to 6.5.0 @dependabot (#13470)
• Bump boto3 from 1.40.53 to 1.40.54 @dependabot (#13450)
• Bump ruff from 0.14.0 to 0.14.1 @dependabot (#13452)
• Bump pillow from 11.3.0 to 12.0.0 @dependabot (#13434)
• Bump humanize from 4.13.0 to 4.14.0 @dependabot (#13433)
• Bump boto3 from 1.40.52 to 1.40.53 @dependabot (#13432)
• Bump cryptography from 46.0.2 to 46.0.3 @dependabot (#13431)
• fix(GHA/HELM): Bump yamale & yamllint @kiblik (#13401)
• Bump django-imagekit from 5.0.0 to 6.0.0 @dependabot (#13414)
• Bump boto3 from 1.40.49 to 1.40.52 @dependabot (#13426)
• chore(deps): update actions/setup-node action from v5.0.0 to v6 (.github/workflows/validate_docs_build.yml) @renovate (#13417)
• Bump nginx from 1.29.1-alpine3.22 to 1.29.2-alpine3.22 @dependabot (#13413)
• chore(deps): update losisin/helm-values-schema-json-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) @renovate (#13412)
• Bump sqlalchemy from 2.0.43 to 2.0.44 @dependabot (#13411)
• Bump uwsgi from 2.0.30 to 2.0.31 @dependabot (#13410)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v6.0.1 to v7 (.github/workflows/release-3-master-into-dev.yml) @renovate (#13404)
• chore(deps): update mikefarah/yq action from v4.47.2 to v4.48.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#13402)
• chore(deps): update softprops/action-gh-release action from v2.4.0 to v2.4.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#13400)
• chore(deps): update redis:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) @renovate (#13399)
• Bump social-auth-app-django from 5.5.1 to 5.6.0 @dependabot (#13388)
• chore(deps): update dependency python from 3.13.8 to 3.14 (.github/workflows/test-helm-chart.yml) @renovate (#13374)
• fix(deps): update dependency @docsearch/js from 4.1.0 to v4.2.0 (docs/package.json) @renovate (#13382)
• chore(deps): update postgres:18.0-alpine docker digest from 18.0 to 18.0-alpine (docker-compose.yml) @renovate (#13385)
• chore(deps): update redis:7.2.11-alpine docker digest from 7.2.11 to v (docker-compose.yml) @renovate (#13386)
• Bump social-auth-core from 4.8.0 to 4.8.1 @dependabot (#13389)
• Bump boto3 from 1.40.46 to 1.40.49 @dependabot (#13395)
• Bump datatables.net-colreorder from 2.1.1 to 2.1.2 in /components @dependabot (#13396)
• Bump social-auth-core from 4.7.0 to 4.8.0 @dependabot (#13360)
• Bump boto3 from 1.40.44 to 1.40.46 @dependabot (#13361)
• Update softprops/action-gh-release action from v2.3.4 to v2.4.0 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#13358)
• Bump django from 5.1.12 to 5.1.13 @dependabot (#13353)
• Update actions/stale action from v9.1.0 to v10 (.github/workflows/close-stale.yml) @renovate (#13349)
• ⬆️ Bump jira from 3.8.0 to 3.10.5 @dependabot (#13345)
• ⬆️ Bump social-auth-app-django from 5.4.3 to 5.5.1 @dependabot (#13344)
• ⬆️ Bump vulners from 2.3.7 to 3.1.1 @dependabot (#13342)
• Update redis:7.2.11-alpine Docker digest from 7.2.11 to v (docker-compose.yml) @renovate (#13325)
• ⬆️ Bump django-pghistory from 3.7.0 to 3.8.3 @dependabot (#13347)