DefectDojo/django-DefectDojo 2.56.0

2.56.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.55.0

• Refactor zip handling with safe_open_zip and safe_read_all_zip @Maffooch (#14408)
• feat(trivy_operator): add remediation, messages, category, and publishedDate mappings @SergK (#14360)
• fix: slight textual changes to update-sample-data workflow @valentijnscholten (#14401)
• Reimport: Do not reactivate endpoint statuses with special statuses @Maffooch (#14402)
• Update sample data @github-actions (#14400)
• [docs] scheduling for rules engine @paulOsinski (#14413)
• Set unique_id_from_tool from matrix field in Dependency Track parser @samiat4911 (#14380)
• Updates Documentation Site @devGregA (#14357)
• [docs] add Connectors documentation, 2.55.4 changelog @paulOsinski (#14381)
• fix typo in pro demo @paulOsinski (#14378)
• Update sample data @github-actions (#14389)
• Fix DataError when Finding_Group name exceeds 255 chars @valentijnscholten (#14376)
• fix(trivy_operator): fix compliance severity logic and checkID comparison @SergK (#14359)
• Fix webp issues with Dev deployments @paulOsinski (#14377)
• Also update defect_dojo_sample_data_locations.json in sample data workflow @valentijnscholten (#14391)
• fix: Add support to parse CVSSV4 findings for the Trivy parser @coheigea (#14379)
• Create Surveys and Questionnaires documentation @dangoelz (#14394)
• Refactor get_object_or_404 calls for Engagement and Engagement_Presets @Maffooch (#14375)
• Fix update-sample-data workflow pushing to protected master branch @valentijnscholten (#14374)
• Update Quick Start guide in README for Docker Compose @Maffooch (#14335)
• Remove dead sync_process_findings / determine_process_method / process_results scaffolding @valentijnscholten (#14351)
• Fixes, expands, and modifies E2E tests @devGregA (#14329)
• fix: dedupe management command FieldError with only("id") and select_related @valentijnscholten (#14350)
• Refactor fixture-updater to python @fopina (#14336)
• Fix PGDATA path to make postgres data durable (fixes #14358) @valentijnscholten (#14362)
• Skip dispatching endpoint/location tasks when lists are empty @valentijnscholten (#14361)
• Fix release workflow: ensure helm chart is uploaded before release-drafter @valentijnscholten (#14364)
• [docs] feb release notes @paulOsinski (#14341)
• update finding_status_definitions @paulOsinski (#14356)
• fix for ms defender parser: use endpoint instead of url when not v3 @dogboat (#14343)
• Support sync kwarg in process_findings for inline post-processing @valentijnscholten (#14309)
• Propagate async_user via crum.impersonate in DojoAsyncTask base class @valentijnscholten (#14308)
• fix username logging in uwsgi for requests with TokenAuthentication @fopina (#14322)
• chore(deps): bump ruff from 0.15.0 to 0.15.1 @manuel-sommer (#14316)

🚩 Changes to settings.dist.py / local_settings.py

• Silence polymorphic.W001 and polymorphic.W002 system checks @Maffooch (#14393)
• Dependency Track parser: Store DT uuid into unique_id_from_tool instead of vuln_id_from_tool @AndreVirtimo (#14346)

🚩 Database migration

• LocationData for parsers @dogboat (#14395)
• Add 'Scheduled' status to engagement models @Maffooch (#14319)

🚀 API features and enhancements

• Updates Decorators with Certain Permission Models @devGregA (#14410)
• Optimize language import process with bulk creation and improved validation @Maffooch (#14403)
• fix: don't close old findings when reimport auto-creates a new test @valentijnscholten (#14396)
• Fix Jira integration error handling and type representation @Maffooch (#14320)

🖌 Updates in UI

• fix the way bulk update endpoints in finding view works in v3 @dogboat (#14411)

🧰 Maintenance

• chore(deps): update github artifact actions (.github/workflows/rest-framework-tests.yml) (major) @renovate (#14397)
• chore(deps): update valkey/valkey docker tag from 7.2.11 to v7.2.12 (docker-compose.yml) @renovate (#14383)
• chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in /docs @dependabot (#14398)
• chore(deps): update dependency node from 24.13.1 to v24.14.0 (.github/workflows/validate_docs_build.yml) @renovate (#14387)
• chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) @renovate (#14386)
• chore(deps): bump minimatch in /docs @dependabot (#14385)
• chore(deps): bump sqlalchemy from 2.0.46 to 2.0.47 @dependabot (#14388)
• chore(deps): bump pdfmake from 0.3.4 to 0.3.5 in /components @dependabot (#14370)
• chore(deps): bump django-polymorphic from 4.11.0 to 4.11.1 @dependabot (#14369)
• chore(deps): update dependency renovatebot/renovate from 43.24.0 to v43.31.7 (.github/workflows/renovate.yaml) @renovate (#14366)
• chore(deps): bump django-imagekit from 6.0.0 to 6.1.0 @dependabot (#14368)
• chore(deps): bump django-environ from 0.12.1 to 0.13.0 @dependabot (#14338)
• chore(deps): bump ruff from 0.15.1 to 0.15.2 @dependabot (#14355)
• chore(deps): update dependency kubernetes/minikube from v1.38.0 to v1.38.1 (.github/workflows/k8s-tests.yml) @renovate (#14352)
• chore(deps): bump django-pghistory from 3.9.1 to 3.9.2 @dependabot (#14340)
• chore(deps): bump redis from 7.1.1 to 7.2.0 @dependabot (#14331)
• chore(deps): update actions/stale action from v10.1.1 to v10.2.0 (.github/workflows/close-stale.yml) @renovate (#14330)
• chore(deps): bump psycopg[c] from 3.3.2 to 3.3.3 @dependabot (#14348)
• chore(deps): update postgres:18.2-alpine docker digest from 18.2 to 18.2-alpine (docker-compose.yml) @renovate (#14344)
• chore(deps): update valkey docker tag from 0.15.4 to v0.17.0 (helm/defectdojo/chart.yaml) @renovate (#14326)
• chore(deps): bump djangosaml2 from 1.11.1 to 1.12.0 @dependabot (#14339)
• chore(deps): update manusa/actions-setup-minikube action from v2.14.0 to v2.15.0 (.github/workflows/k8s-tests.yml) @renovate (#14312)
• chore(deps): update dependency renovatebot/renovate from 43.5.6 to v43.24.0 (.github/workflows/renovate.yaml) @renovate (#14323)
• chore(deps): bump django-environ from 0.12.0 to 0.12.1 @dependabot (#14327)
• Update openapitools/openapi-generator-cli Docker tag from v7.19.0 to v7.20.0 (Dockerfile.integration-tests-debian) @renovate (#14328)