DefectDojo/django-DefectDojo 2.55.0

2.55.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.0

• docs - quick patch @paulOsinski (#14226)
• [docs] 2026 overhaul @paulOsinski (#14157)
• Fix Jira webhook race condition when closing ticket with comment @valentijnscholten (#14208)
• Include Trufflehog verified secret info in report @jamesgol (#14192)
• remove duplicated openreports parser doc @fopina (#14206)
• 💄 Typo in release 2.52 @manuel-sommer (#14204)
• Fix: Suppress expected JIRA validation alerts when pushing (Fixes #12988) @valentijnscholten (#13974)
• fix(async): watchmedo was installed incorrectly @kiblik (#14183)
• Enhance risk acceptance authorization checks @Maffooch (#14174)
• authorizations: optimize queries & cache data per request @valentijnscholten (#13989)
• 🐛 No filter by "Test name" in the findings list for all products … @manuel-sommer (#14167)
• 🐛 Fix "Test Type" filter dropdown includes inactive test types #1… @manuel-sommer (#14166)
• Change pghistory backfill log level from ERROR to DEBUG for missing event tables @valentijnscholten (#14151)
• Revert "Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.… @valentijnscholten (#14158)
• 🎉 add Trivy misconfiguration fields #14136 @manuel-sommer (#14139)
• Update file upload field to accept dynamic file types and add validation for supported extensions @Maffooch (#14143)
• pro changelog: jan21 @paulOsinski (#14144)
• Fix risk-accepted findings not being closed when vulnerability is no longer present in reports @valentijnscholten (#14125)
• tags from parser: fix parsers, add tests and fallback @valentijnscholten (#14111)
• prettify sample scan files @valentijnscholten (#14113)
• Add additional fields to AssetSerializer @Maffooch (#14109)
• Import/Reimport: Push to jira when findings is not grouped @Maffooch (#14107)
• 🎉 Implement json part for Cloudflare insights parser @manuel-sommer (#14096)
• 💄 ssl labs json files reformat @manuel-sommer (#14106)
• Refactor note fetching logic for improved permission checks @Maffooch (#14081)
• ⬆️ Bump ruff from 0.14.10 to 0.14.11 @manuel-sommer (#14066)
• 🐛 fix Nonetype in nuclei #14071 @manuel-sommer (#14072)
• Remove unused asteval dependency @valentijnscholten (#14079)
• 🎉 Advance Google Cloud Artifact Scan to parse vulnid @manuel-sommer (#14063)
• 🎉 Implement Cloudflare insights parser @manuel-sommer (#14064)
• announcements: catch exceptions @valentijnscholten (#14045)
• fix: update redis/valkey comment @anthonwellsjo (#13858)
• [docs] pro release notes 2.54.0 @paulOsinski (#14047)
• Re order Jira Alert Description @Jino-T (#14058)
• 💄 Reformat sample scan files @manuel-sommer (#14046)
• 🐛 Fix multiple google cloud artifact scan bugs @manuel-sommer (#14052)
• ReadMe Updates - New Community Portal @devGregA (#14042)
• 💄 Add output description reference to google cloud artifacto… @manuel-sommer (#14038)
• fix front matter in PingCastle docs @paulOsinski (#14036)
• Update migration notes for django-pghistory @valentijnscholten (#14043)

🚩 Changes to settings.dist.py / local_settings.py

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• feat(async): Set "expires" for regular tasks @kiblik (#14172)
• feat(async): Drop args from async_dupe_delete @kiblik (#14171)
• Add django-linear-migrations for linear migration history @valentijnscholten (#14145)
• Add Permissions-Policy header settings and tests @Maffooch (#14156)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🚩 Database migration

• locations: everything else @dogboat (#14198)
• chore(deps): bump django-polymorphic from 4.8.0 to 4.10.5 @manuel-sommer (#14088)
• Add django-linear-migrations for linear migration history @valentijnscholten (#14145)
• feat: Add pghistory tracking for tag fields @valentijnscholten (#14116)
• Product Grade: Configuration Removal @Maffooch (#14075)

🚀 API features and enhancements

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• Refactor engagement and risk acceptance permissions @Maffooch (#14155)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Enforce readonly name field for Test_Type instances and add dynamic serializer selection @Maffooch (#14090)
• Asset/Organizations Endpoints: Patches, permission checking, and API tests @Maffooch (#14080)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🖌 Updates in UI

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• feat(async): Show number of tasks waiting in queue @kiblik (#14180)
• feat: Add pghistory tracking for tag fields @valentijnscholten (#14116)
• fix bleach memory leak & simplify git commit hash checker @valentijnscholten (#14117)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers @Maffooch (#14098)
• Add Report Builder submenu and improve form validation error messages @valentijnscholten (#14068)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🧰 Maintenance

• chore(deps): bump jquery-ui from 1.14.1 to 1.14.2 in /components @dependabot (#14201)
• Update dependency kubernetes/minikube from v1.37.0 to v1.38.0 (.github/workflows/k8s-tests.yml) @renovate (#14199)
• Update actions/cache action from v5.0.2 to v5.0.3 (.github/workflows/validate_docs_build.yml) @renovate (#14202)
• fix(deps): update dependency @thulite/doks-core from 1.8.3 to v1.8.4 (docs/package.json) @renovate (#14207)
• Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) @renovate (#14210)
• Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) @renovate (#14211)
• Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml) @renovate (#14193)
• chore(deps): update docker/login-action action from v3.6.0 to v3.7.0 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#14194)
• chore(deps): bump cryptography from 46.0.3 to 46.0.4 @dependabot (#14190)
• chore(deps): bump python-gitlab from 7.1.0 to 8.0.0 @dependabot (#14189)
• chore(deps): update python:3.13.11-alpine3.22 docker digest from 3.13.11 to v (dockerfile.nginx-alpine) @renovate (#14188)
• Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) @renovate (#14187)
• Update dependency @thulite/seo from 2.4.2 to v2.4.3 (docs/package.json) @renovate (#14184)
• Update dependency @thulite/images from 3.3.3 to v3.3.4 (docs/package.json) @renovate (#14181)
• Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml) @renovate (#14175)
• Update dependency @thulite/inline-svg from 1.2.1 to v1.2.2 (docs/package.json) @renovate (#14182)
• chore(deps): bump setuptools from 80.10.1 to 80.10.2 @dependabot (#14163)
• chore(deps): update dependency renovatebot/renovate from 42.85.8 to v42.92.6 (.github/workflows/renovate.yaml) @renovate (#14159)
• fix(deps): update dependency @docsearch/js from 4.4.0 to v4.5.3 (docs/package.json) @renovate (#14129)
• fix(deps): update dependency thulite from 2.6.3 to v2.6.4 (docs/package.json) @renovate (#14154)
• chore(deps): bump vulners from 3.1.3 to 3.1.5 @dependabot (#14153)
• chore(deps): bump ruff from 0.14.11 to 0.14.14 @dependabot (#14152)
• chore(deps): update actions/checkout action from v6.0.1 to v6.0.2 (.github/workflows/validate_docs_build.yml) @renovate (#14150)
• chore(deps): update release-drafter/release-drafter action from v6.1.1 to v6.2.0 (.github/workflows/release-drafter.yml) @renovate (#14149)
• chore(deps): bump sqlalchemy from 2.0.45 to 2.0.46 @dependabot (#14148)
• chore(deps): bump markdown from 3.10 to 3.10.1 @dependabot (#14147)
• chore(deps): update actions/setup-python action from v6.1.0 to v6.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#14146)
• chore(deps): update peter-evans/create-pull-request action from v8.0.0 to v8.1.0 (.github/workflows/update-sample-data.yml) @renovate (#14142)
• chore(deps): update dependency prettier from 3.8.0 to v3.8.1 (docs/package.json) @renovate (#14141)
• chore(deps): bump setuptools from 80.9.0 to 80.10.1 @dependabot (#14138)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml) @renovate (#14135)
• Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) @renovate (#13996)
• chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml) @renovate (#14131)
• chore(deps): update dependency django-debug-toolbar from 6.1.0 to v6.2.0 (requirements-dev.txt) @renovate (#14132)
• Update dependency @docsearch/css from 4.4.0 to v4.5.3 (docs/package.json) @renovate (#14128)
• chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) @renovate (#14110)
• chore(deps): update dependency renovatebot/renovate from 42.80.1 to v42.85.8 (.github/workflows/renovate.yaml) @renovate (#14112)
• chore(deps): update losisin/helm-docs-github-action action from v1.6.2 to v1.7.1 (.github/workflows/test-helm-chart.yml) @renovate (#14114)
• chore(deps): update losisin/helm-values-schema-json-action action from v2.3.2 to v2.4.1 (.github/workflows/test-helm-chart.yml) @renovate (#14115)
• chore(deps): update openapitools/openapi-generator-cli docker tag from v7.18.0 to v7.19.0 (dockerfile.integration-tests-debian) @renovate (#14121)
• chore(deps): bump pdfmake from 0.3.2 to 0.3.3 in /components @dependabot (#14122)
• Update release-drafter/release-drafter action from v6.1.0 to v6.1.1 (.github/workflows/release-drafter.yml) @renovate (#14126)
• chore(deps): update actions/cache action from v5.0.1 to v5.0.2 (.github/workflows/validate_docs_build.yml) @renovate (#14108)
• Update suzuki-shunsuke/github-action-renovate-config-validator action from v1.1.1 to v2 (.github/workflows/renovate.yaml) @renovate (#14102)
• chore(deps): update styfle/cancel-workflow-action action from 0.12.1 to v0.13.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#14093)
• chore(deps): bump django-dbbackup from 5.1.1 to 5.1.2 @dependabot (#14094)
• Update actions/setup-node action from v6.1.0 to v6.2.0 (.github/workflows/validate_docs_build.yml) @renovate (#14092)
• chore(deps): update dependency prettier from 3.7.4 to v3.8.0 (docs/package.json) @renovate (#14091)
• Update valkey Docker tag from 0.13.0 to v0.15.0 (helm/defectdojo/Chart.yaml) @renovate (#14099)
• chore(deps): update dependency node from 24.12.0 to v24.13.0 (.github/workflows/validate_docs_build.yml) @renovate (#14086)
• chore(deps): update dependency yamllint from 1.37.1 to v1.38.0 (.github/workflows/test-helm-chart.yml) @renovate (#14084)
• Update python:3.13.11-slim-trixie Docker digest from 3.13.11 to v (Dockerfile.integration-tests-debian) @renovate (#14083)
• chore(deps): bump pdfmake from 0.3.1 to 0.3.2 in /components @dependabot (#14074)
• Update dependency renovatebot/renovate from 42.71.0 to v42.80.1 (.github/workflows/renovate.yaml) @renovate (#14070)
• chore(deps): update dependency vite from 7.3.0 to v7.3.1 (docs/package.json) @renovate (#14053)
• chore(deps): bump celery[sqs] from 5.6.1 to 5.6.2 @dependabot (#14039)
• chore(deps): bump pdfmake from 0.3.0 to 0.3.1 in /components @dependabot (#14055)
• chore(deps): update mccutchen/go-httpbin docker tag from 2.19.0 to v2.20.0 (docker-compose.override.dev.yml) @renovate (#14057)
• chore(deps): bump urllib3 from 2.6.2 to 2.6.3 @dependabot (#14059)
• chore(deps): bump django-polymorphic from 4.6.0 to 4.8.0 @dependabot (#14060)
• chore(deps): bump django-dbbackup from 5.1.0 to 5.1.1 @dependabot (#14062)
• chore(deps): bump django-polymorphic from 4.5.2 to 4.6.0 @dependabot (#14030)