DefectDojo/django-DefectDojo 2.57.0

2.57.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.56.0

• Fixing header for broken unit test @rossops (#14644)
• AWS Inspector 2 Line number bug + other changes @Jino-T (#14616)
• async search index: run async instead of sync @valentijnscholten (#14639)
• Reimport: batch-refresh finding status fields in close_old_findings @valentijnscholten (#14638)
• [docs] Improve Invicti parser documentation with enterprise usage guidance @balaakasam (#14605)
• update sarif documentation @paulOsinski (#14635)
• fix: clear reverse M2M through tables before cascade deletion @valentijnscholten (#14630)
• fix(reimport): do not update finding tags on reimport for matched findings @valentijnscholten (#14627)
• [docs] changelog, maintenance @paulOsinski (#14614)
• chore(deps): bump ruff from 0.15.7 to 0.15.8 @manuel-sommer (#14624)
• when deleting a URL via API, perform_delete should call delete on the… @dogboat (#14612)
• Migration endpoints to locations fix @dogboat (#14625)
• fix(dedupe): prevent duplicate test processing in batch dedupe command @valentijnscholten (#14601)
• Add scan_date to import settings if overridden @Maffooch (#14502)
• perf(importers): batch endpoint creation and status updates during import/reimport @valentijnscholten (#14489)
• Add exact_title filter to findings API @brammie15 (#14597)
• feat: add PluggableContextTask for settings-based celery task context managers @valentijnscholten (#14572)
• fix: handle missing status_finding_non_special prefetch in reimporter @seantechco (#14569)
• Standardize CI tests on Debian AMD64 and document supported image variants @Maffooch (#14593)
• (feat) gosec parser: parse cwe_id and swap references if possible @maxi-bee (#14581)
• add semi large sample for jfrog xray unified and acunetix 360 @valentijnscholten (#14570)
• chore(deps): update dependency renovatebot/renovate from 43.76.4 to v43.91.2 (.github/workflows/renovate.yaml) @renovate (#14568)
• Parse Twistlock packagePath so that we can record where the CVE is found @coheigea (#14549)
• Fix deterministic ordering for async_dupe_delete when duplicate dates tie @valentijnscholten (#14562)
• Add upgrade guidance for existing PostgreSQL 18 volumes after PGDATA path change @DarkR0ast (#14561)
• Change dependabot and renovate to weekly on Wednesdays @Maffooch (#14552)
• [doc] various updates @paulOsinski (#14484)
• (perf) Batch duplicate marking part 2 @valentijnscholten (#14516)
• Exclude async_user from celery task @coheigea (#14506)
• Dependency Track: Support CVSS4 and also import CVSS vectors, references and publish date. @AndreVirtimo (#14498)
• fix(awssecurityhub): extract CVSS v3/v4 scores from Inspector findings @samiat4911 (#14481)
• Update PR template to reflect Ruff code compliance @valentijnscholten (#14507)
• Locations V3: add import performance test and autocorrect counts @valentijnscholten (#14501)
• docs: document BuildKit as a prerequisite for Docker Compose builds @valentijnscholten (#14503)
• chore: normalize line endings to LF (CRLF -> LF) @valentijnscholten (#14515)
• [docs] march pro changelog, Iriusrisk Connector documentation @paulOsinski (#14499)
• prefetching locations when building dedupe candidate scope queryset @dogboat (#14483)
• remove libtiff install from Dockerfiles @dogboat (#14485)
• fix: risk acceptance proof download throws 500 @valentijnscholten (#14478)
• bugfix(metrics): closed findings counter always shows 0 when no new findings are imported @vvpoglazov (#14464)
• fix(tests): prevent tag inheritance tests from polluting dev Celery queue @valentijnscholten (#14493)
• fix: endpoints not removable from finding via Edit Finding form @valentijnscholten (#14460)
• perf(fp-history): batch false positive history processing @valentijnscholten (#14449)
• [docs] append "pro" and "open source" to article names @paulOsinski (#14432)
• perf: batch duplicate marking in batch deduplication @valentijnscholten (#14458)
• feat: run single integration tests from dev mode @valentijnscholten (#14486)
• add lychee: ci test for 404s in docs @paulOsinski (#14440)
• chore: add .gitattributes to enforce LF line endings @valentijnscholten (#14448)
• Update sample data @github-actions (#14441)
• minor: use django.conf.settings over dojo.settings everywhere @fopina (#14434)
• disable group post signal default user for any social provider @fopina (#14425)
• Run dependabot so it doesnt interfere with release ops @rossops (#14477)
• use tags.add() instead of tags.set() on reimport @paulOsinski (#14459)
• fixture-updater: change missed in conflict resolution @fopina (#14433)
• [docs] split SSO config up, fix CSS issue @paulOsinski (#14431)
• Add documentation for OS Calendar feature @dangoelz (#14430)
• error message when viewing non-URL @dogboat (#14421)
• fix(sonarqube): handle missing service_key_1 in test_product_connection @samiat4911 (#14412)
• [docs] expand deduplication / reimport documentation @paulOsinski (#14392)

🚩 Changes to settings.dist.py / local_settings.py

• fix(github_sast): set unique_id_from_tool for dedup @samiat4911 (#14591)
• feat: add System Status page with Celery queue monitoring and purge @valentijnscholten (#14349)
• fix: Add file_path based detail mode for Anchore Grype parser @Kasyap7 (#14592)
• perf: replace per-object async delete with SQL cascade walker @valentijnscholten (#14566)
• fix: remove django-linear-migrations @valentijnscholten (#14571)
• feat: Add JFrog Xray API Summary Artifact Scan configuration @Arthur-DTAG (#14548)
• feat(parsers): add IriusRisk threat model CSV parser @skywalke34 (#14384)
• feat(parsers): add Orca Security CSV and JSON parser @skywalke34 (#14450)

🚩 Database migration

• fix: remove django-linear-migrations @valentijnscholten (#14571)
• Fix import-languages 500 errors and optimize DB performance @Maffooch (#14553)
• Drop System_Settings "credentials" field @dogboat (#14551)
• Notifications: Clean up duplicate system notification entries @Maffooch (#14488)

🚀 API features and enhancements

• Add deprecation notices for Credential Manager and Stub Findings @Maffooch (#14613)
• feat: add System Status page with Celery queue monitoring and purge @valentijnscholten (#14349)
• Fix import-languages 500 errors and optimize DB performance @Maffooch (#14553)
• Enhance engagement close/reopen actions with permission checks @Maffooch (#14517)
• Add authorization check to link_engagement action @Maffooch (#14504)
• feat: allow sorting endpoints by active findings count @valentijnscholten (#14462)
• api: load jira custom_fields as json @paulOsinski (#14494)
• add notes endpoint to RiskAcceptanceViewSet @paulOsinski (#14487)
• Quick verify in menu and keyboard shortcuts to verify/close findings @fopina (#14318)

🖌 Updates in UI

• feat: add System Status page with Celery queue monitoring and purge @valentijnscholten (#14349)
• Fix finding title HTML encoding inconsistency in All Findings view fi… @tejas0077 (#14524)
• feat: allow sorting endpoints by active findings count @valentijnscholten (#14462)
• fix: wrap markdown_styles in CSSSanitizer for bleach.clean() @valentijnscholten (#14479)
• feat: add additional_banners support to base template @Maffooch (#14492)
• feat: add Remove from Finding bulk action on View Finding page @valentijnscholten (#14461)
• show social provider label in groups @fopina (#14457)
• Quick verify in menu and keyboard shortcuts to verify/close findings @fopina (#14318)

🧰 Maintenance

• chore(deps): bump cryptography from 46.0.5 to 46.0.6 @dependabot (#14619)
• chore(deps): bump celery from 5.6.2 to 5.6.3 @dependabot (#14621)
• chore(deps): bump python-gitlab from 8.1.0 to 8.2.0 @dependabot (#14622)
• chore(deps): bump requests from 2.32.5 to 2.33.1 @dependabot (#14618)
• chore(deps): bump django-permissions-policy from 4.28.0 to 4.29.0 @dependabot (#14617)
• chore(deps): update dependency renovatebot/renovate from 43.91.2 to v43.102.8 (.github/workflows/renovate.yaml) @renovate (#14603)
• chore(deps): bump cryptography from 46.0.5 to 46.0.6 @dependabot (#14602)
• chore(deps): bump brace-expansion in /docs @dependabot (#14600)
• chore(deps): bump yaml from 2.8.2 to 2.8.3 in /docs @dependabot (#14599)
• chore(deps): update dependency kubernetes/kubernetes from v1.35.2 to v1.35.3 (.github/workflows/k8s-tests.yml) @renovate (#14563)
• chore(deps): bump requests from 2.32.5 to 2.33.0 @dependabot (#14598)
• chore(deps): bump djangorestframework from 3.17.0 to 3.17.1 @dependabot (#14588)
• chore(deps): bump picomatch in /docs @dependabot (#14595)
• chore(deps): update actions/configure-pages action from v5.0.0 to v6 (.github/workflows/gh-pages.yml) @renovate (#14594)
• chore(deps): bump redis from 7.3.0 to 7.4.0 @dependabot (#14589)
• chore(deps): update dependency node from 24.14.0 to v24.14.1 (.github/workflows/validate_docs_build.yml) @renovate (#14587)
• chore(deps): update openapitools/openapi-generator-cli docker tag from v7.20.0 to v7.21.0 (dockerfile.integration-tests-debian) @renovate (#14585)
• chore(deps): bump pyopenssl from 25.3.0 to 26.0.0 @dependabot (#14578)
• chore(deps): update losisin/helm-values-schema-json-action action from v2.4.1 to v2.5.0 (.github/workflows/test-helm-chart.yml) @renovate (#14576)
• chore(deps): update losisin/helm-docs-github-action action from v1.7.1 to v1.8.0 (.github/workflows/test-helm-chart.yml) @renovate (#14575)
• chore(deps): bump pygithub from 2.8.1 to 2.9.0 @dependabot (#14574)
• chore(deps): update azure/setup-helm action from v4.3.1 to v5 (.github/workflows/test-helm-chart.yml) @renovate (#14586)
• chore(deps): bump pyopenssl from 25.3.0 to 26.0.0 @dependabot (#14536)
• chore(deps): update dependency kubernetes from 1.33.9 to v1.33.10 (.github/workflows/k8s-tests.yml) @renovate (#14557)
• chore(deps): bump ruff from 0.15.6 to 0.15.7 @dependabot (#14560)
• chore(deps): bump pyjwt from 2.12.0 to 2.12.1 @dependabot (#14535)
• chore(deps): update actions/download-artifact action from v8.0.0 to v8.0.1 (.github/workflows/performance-tests.yml) @renovate (#14541)
• chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) @renovate (#14544)
• chore(deps): update release-drafter/release-drafter action from v7.0.0 to v7.1.1 (.github/workflows/release-drafter.yml) @renovate (#14545)
• chore(deps): bump vulners from 3.1.7 to 3.1.8 @dependabot (#14546)
• chore(deps): bump pdfmake from 0.3.6 to 0.3.7 in /components @dependabot (#14547)
• chore(deps): update actions/cache action from v5.0.3 to v5.0.4 (.github/workflows/validate_docs_build.yml) @renovate (#14550)
• chore(deps): bump djangorestframework from 3.16.1 to 3.17.0 @dependabot (#14554)
• chore(deps): update valkey docker tag from 0.17.1 to v0.18.0 (helm/defectdojo/chart.yaml) @renovate (#14509)
• chore(deps): update softprops/action-gh-release action from v2.5.3 to v2.6.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#14532)
• chore(deps): update softprops/action-gh-release action from v2.5.0 to v2.5.3 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#14525)
• chore(deps): update dependency renovatebot/renovate from 43.60.4 to v43.76.4 (.github/workflows/renovate.yaml) @renovate (#14526)
• chore(deps): bump pyjwt from 2.11.0 to 2.12.0 @dependabot (#14518)
• chore(deps): bump pyjwt from 2.11.0 to 2.12.0 @dependabot (#14510)
• chore(deps): bump ruff from 0.15.5 to 0.15.6 @dependabot (#14511)
• chore(deps): update release-drafter/release-drafter action from v6.4.0 to v7 (.github/workflows/release-drafter.yml) @renovate (#14513)
• chore(deps): bump pdfmake from 0.3.5 to 0.3.6 in /components @dependabot (#14495)
• chore(deps): update styfle/cancel-workflow-action action from 0.13.0 to v0.13.1 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#14491)
• chore(deps): update actions/download-artifact action from v8.0.0 to v8.0.1 (.github/workflows/rest-framework-tests.yml) @renovate (#14490)
• chore(deps): update valkey/valkey docker tag from 7.2.12 to v9 (docker-compose.yml) @renovate (#13582)
• chore(deps): bump pdfmake from 0.3.5 to 0.3.6 in /components @dependabot (#14482)
• chore(deps): update docker/build-push-action action from v6.19.2 to v7 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14451)
• chore(deps): update valkey/valkey:7.2.12-alpine docker digest from 7.2.12 to v (docker-compose.yml) @renovate (#14480)
• chore(deps): bump django-crispy-forms from 2.5 to 2.6 @dependabot (#14422)
• chore(deps): bump ruff from 0.15.4 to 0.15.5 @dependabot (#14456)
• chore(deps): update valkey docker tag from 0.17.0 to v0.17.1 (helm/defectdojo/chart.yaml) @renovate (#14466)
• chore(deps): update manusa/actions-setup-minikube action from v2.15.0 to v2.16.1 (.github/workflows/k8s-tests.yml) @renovate (#14465)
• chore(deps): bump django-polymorphic from 4.11.1 to 4.11.2 @dependabot (#14468)
• chore(deps): bump redis from 7.2.0 to 7.3.0 @dependabot (#14469)
• chore(deps): bump setuptools from 82.0.0 to 82.0.1 @dependabot (#14470)
• chore(deps): update release-drafter/release-drafter action from v6.2.0 to v6.4.0 (.github/workflows/release-drafter.yml) @renovate (#14455)
• chore(deps): update docker/setup-buildx-action action from v3.12.0 to v4 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#14447)
• chore(deps): update dependency renovatebot/renovate from 43.51.2 to v43.60.4 (.github/workflows/renovate.yaml) @renovate (#14463)
• chore(deps): bump python-gitlab from 8.0.0 to 8.1.0 @dependabot (#14424)
• chore(deps): bump django from 5.2.11 to 5.2.12 @dependabot (#14443)
• chore(deps): update docker/login-action action from v3.7.0 to v4 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#14438)
• chore(deps): update actions/setup-node action from v6.2.0 to v6.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#14437)
• chore(deps): bump drf-spectacular-sidecar from 2026.1.1 to 2026.3.1 @dependabot (#14423)
• chore(deps): bump sqlalchemy from 2.0.47 to 2.0.48 @dependabot (#14436)
• chore(deps): bump vulners from 3.1.6 to 3.1.7 @dependabot (#14406)
• chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) @renovate (#14420)
• chore(deps): update dependency renovatebot/renovate from 43.31.7 to v43.51.2 (.github/workflows/renovate.yaml) @renovate (#14419)
• chore(deps): update dependency kubernetes from 1.32.12 to v1.33.9 (.github/workflows/k8s-tests.yml) @renovate (#14418)
• chore(deps): update dependency kubernetes/kubernetes from v1.35.1 to v1.35.2 (.github/workflows/k8s-tests.yml) @renovate (#14417)
• chore(deps): update suzuki-shunsuke/github-action-renovate-config-validator action from v2.0.0 to v2.1.0 (.github/workflows/renovate.yaml) @renovate (#14407)
• chore(deps): update postgres docker tag from 18.2 to v18.3 (docker-compose.yml) @renovate (#14399)
• chore(deps): update mccutchen/go-httpbin docker tag from 2.20.0 to v2.21.0 (docker-compose.override.dev.yml) @renovate (#14415)
• chore(deps): bump ruff from 0.15.2 to 0.15.4 @dependabot (#14405)