DefectDojo/django-DefectDojo 2.7.1

2.7.1 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.6.0

• Release: Merge release into master from: release/2.7.1 @github-actions (#5869)
• Oauth: enable keycloak to use auto redirect @kiblik (#5835)
• WPScan - implement confidence @damiencarol (#5810)
• Make unit test for rest framework more stable @StefanFl (#5823)
• Fix RustyHog subscanner classification #5821 @manuel-sommer (#5822)
• Finetune and document release process @valentijnscholten (#5751)
• Update dependency nanoid to 3.1.31 [SECURITY] @renovate (#5804)
• Improves Rusty Hog and fixes #5730 @manuel-sommer (#5732)
• Add migitation field to cyclonedx parser @manuel-sommer (#5783)
• Advances RustyHog to also support EssexHog @manuel-sommer (#5779)
• Bugfix: For Snyk parser, preserve file paths with @ in package name @SafeEval (#5789)
• Update social authentication docs @nobletrout (#5782)
• Update values.yaml @mtcolman (#5762)
• Update labeler configuration to tag work on parsers @damiencarol (#5712)
• Adds AMI to readme and docs @devGregA (#5752)
• Update Jira Integration docs for Jira Server @jefQuery (#5741)
• Release: Merge back 2.6.2 into dev from: master-into-dev/2.6.2-2.7.0-dev @github-actions (#5724)
• Release: Merge release into master from: release/2.6.2 @github-actions (#5723)
• Release: Merge back 2.6.1 into dev from: master-into-dev/2.6.1-2.7.0-dev @github-actions (#5703)
• Release: Merge release into master from: release/2.6.1 @github-actions (#5702)
• Revert "Updated django dockerfile to work with bind mounts for local_settings.py" @Maffooch (#5701)
• Revert "Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles" @Maffooch (#5700)
• dependabot: unignore celery 5.x updates @valentijnscholten (#5669)
• Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles @mtesauro (#5691)
• Updated django dockerfile to work with bind mounts for local_settings.py @mtesauro (#5681)
• Adds Fred to HoF, Removes others who are MIA and I couldn't get in contact with @devGregA (#5679)
• add upgrade notes 2.6.0 @valentijnscholten (#5678)
• Release: Merge back 2.6.0 into dev from: master-into-dev/2.6.0-2.7.0-dev @github-actions (#5677)

🚩 Changes to settings.dist.py / local_settings.py

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Customize documentation URL @kiblik (#5861)
• Option not to create user automatically using SOCIAL_AUTH @dsever (#5842)
• feat: Rework sslyze parser for version 5 @kibernautas (#5689)
• CycloneDX 1.4 support @damiencarol (#5811)
• Edgescan integration @ShayVD (#5685)
• Oauth integration keycloak dev @oliversommer (#5726)
• Maintenance of JFrog Xray parser @StefanFl (#5775)
• Rubocop: add parser @damiencarol (#5711)

🚩 Database migration

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• feat: Rework sslyze parser for version 5 @kibernautas (#5689)
• Remove exception hiding in the importer @manuel-sommer (#5733)
• Email pattern for default group @StefanFl (#5719)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🚀 New importers

• Remove CCVS API parser @damiencarol (#5728)
• Rubocop: add parser @damiencarol (#5711)

🚀 General features and enhancements

• feat(helm): add ingressClassName value to ingress resource @KarstenSiemer (#5772)
• Facelift: borders for panels with lists @StefanFl (#5799)
• Paginated Product list in Product Type details @StefanFl (#5794)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Email pattern for default group @StefanFl (#5719)
• rustyhog replaces choctawhog and gottingenhog is added #5607 @manuel-sommer (#5614)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Allow empty report files (in API v2 and UI) @damiencarol (#5846)
• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Hide "Staff" flags in UI and API plus documentation of configuration permissions @StefanFl (#5756)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Removal of AUTHORIZATION_STAFF_OVERRIDE @StefanFl (#5699)
• Removal of is_staff for various functionalities @StefanFl (#5682)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🐛 Bug Fixes

• Async Import: Fix group_by flag @Maffooch (#5830)
• DependencyCheck maintenance @damiencarol (#5757)
• Apply filters for Findings in Product Type report @StefanFl (#5840)
• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Rendering of references is corrupted when the same URL occurs more than one time @StefanFl (#5809)
• Maintenance of JFrog Xray parser @StefanFl (#5775)
• Update wpscan data upload @prakashar11 (#5562)
• Bugfix SLA days remaining @psbelin (#5737)
• Fix bug in Product view when GitHub is enabled @damiencarol (#5758)
• Correct date format mismatch when async imports are enabled @Maffooch (#5721)
• Reinstate copying of extra_settings @StefanFl (#5693)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)

🧰 Maintenance

• copy python files from extra_settings @tiagoposse (#5839)
• Bump python-gitlab from 2.10.1 to 3.1.1 @dependabot (#5836)
• Bump drf-spectacular from 0.21.1 to 0.21.2 @dependabot (#5857)
• Bump google-auth from 2.5.0 to 2.6.0 @dependabot (#5859)
• Bump nginx from 1.21.5-alpine to 1.21.6-alpine @dependabot (#5852)
• Bump django-watson from 1.6.0 to 1.6.1 @dependabot (#5850)
• Bump humanize from 3.13.1 to 3.14.0 @dependabot (#5851)
• Update rabbitmq:3.9.13 Docker digest from 3.9.13 to 3.9.13 (docker-compose.yml) @renovate (#5825)
• Bump coverage from 6.2 to 6.3 @dependabot (#5828)
• Bump google-auth from 2.4.1 to 2.5.0 @dependabot (#5829)
• Update mysql:5.7.37 Docker digest from 5.7.37 to v5.7.37 (docker-compose.yml) @renovate (#5831)
• Bump clipboard from 2.0.8 to 2.0.9 in /components @dependabot (#5837)
• Bump redis from 4.1.1 to 4.1.2 @dependabot (#5834)
• Bump django-auditlog from 1.0a1 to 1.0.0 @dependabot (#5817)
• Bump django-crispy-forms from 1.13.0 to 1.14.0 @dependabot (#5818)
• Bump google-auth from 2.3.3 to 2.4.1 @dependabot (#5819)
• Update rabbitmq Docker tag from 3.9.12 to v3.9.13 (docker-compose.yml) @renovate (#5787)
• Bump datatables.net from 1.11.3 to 1.11.4 in /components @dependabot (#5805)
• Bump datatables.net-buttons-dt from 2.1.1 to 2.2.2 in /components @dependabot (#5806)
• Bump datatables.net-dt from 1.11.3 to 1.11.4 in /components @dependabot (#5807)
• Bump datatables.net-buttons-bs from 2.1.1 to 2.2.2 in /components @dependabot (#5808)
• Bump redis from 4.1.0 to 4.1.1 @dependabot (#5764)
• Bump asteval from 0.9.25 to 0.9.26 @dependabot (#5765)
• Bump numpy from 1.22.0 to 1.22.1 @dependabot (#5766)
• Bump google-api-python-client from 2.35.0 to 2.36.0 @dependabot (#5780)
• Update release-drafter/release-drafter action from v5.17.5 to v5.17.6 (.github/workflows/release-drafter.yml) @renovate (#5788)
• Update mysql Docker tag from 5.7.36 to v5.7.37 (docker-compose.yml) @renovate (#5790)
• Bump sqlalchemy from 1.4.29 to 1.4.31 @dependabot (#5798)
• Bump social-auth-core from 4.1.0 to 4.2.0 @dependabot (#5771)
• Bump json-log-formatter from 0.5.0 to 0.5.1 @dependabot (#5763)
• Bump easymde from 2.16.0 to 2.16.1 in /components @dependabot (#5768)
• Add support for including multiple setting files via extra_settings @Maffooch (#5797)
• Update release-drafter/release-drafter action from v5.16.2 to v5.17.5 (.github/workflows/release-drafter.yml) @renovate (#5761)
• Update release-drafter/release-drafter action from v5.16.1 to v5.16.2 (.github/workflows/release-drafter.yml) @renovate (#5759)
• Update rabbitmq Docker tag from 3.9.11 to v3.9.12 (docker-compose.yml) @renovate (#5705)
• Update release-drafter/release-drafter action from v5.15.0 to v5.16.1 (.github/workflows/release-drafter.yml) @renovate (#5736)
• Update stefanzweifel/git-auto-commit-action action from v4.13.0 to v4.13.1 (.github/workflows/plantuml.yml) @renovate (#5740)
• Bump google-api-python-client from 2.34.0 to 2.35.0 @dependabot (#5748)
• Bump celery from 5.1.2 to 5.2.2 @dependabot (#5729)
• Bump numpy from 1.21.5 to 1.22.0 @dependabot (#5660)
• Bump urllib3 from 1.26.7 to 1.26.8 @dependabot (#5715)
• Bump gitpython from 3.1.24 to 3.1.26 @dependabot (#5727)
• Bump easymde from 2.15.0 to 2.16.0 in /components @dependabot (#5734)
• Remove CCVS API parser @damiencarol (#5728)
• Update stefanzweifel/git-auto-commit-action action from v4.12.0 to v4.13.0 (.github/workflows/plantuml.yml) @renovate (#5718)
• Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (docker-compose.yml) @renovate (#5716)
• Update helm/chart-testing-action action from v2.1.0 to v2.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#5710)
• Update dependency autoprefixer from 10.4.1 to v10.4.2 (docs/package.json) @renovate (#5709)
• Bump google-api-python-client from 2.33.0 to 2.34.0 @dependabot (#5696)
• Bump requests from 2.27.0 to 2.27.1 @dependabot (#5695)
• Make dashboard more modular @Maffooch (#5722)
• Bump nginx from 1.21.4-alpine to 1.21.5-alpine @dependabot (#5661)
• Bump pillow from 8.4.0 to 9.0.0 @dependabot (#5659)
• Bump requests from 2.26.0 to 2.27.0 @dependabot (#5668)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.27.1 to v1.28.0 (helm/defectdojo/values.yaml) @renovate (#5680)

🖌 Updates in UI

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Customize documentation URL @kiblik (#5861)
• Product type metrics update @dsever (#5849)
• Apply filters for Findings in Product Type report @StefanFl (#5840)
• Change colour of submit button for bulk edit in Test view @StefanFl (#5841)
• Edgescan integration @ShayVD (#5685)
• Oauth integration keycloak dev @oliversommer (#5726)
• Facelift: borders for panels with lists @StefanFl (#5799)
• Hide "Staff" flags in UI and API plus documentation of configuration permissions @StefanFl (#5756)
• Paginated Product list in Product Type details @StefanFl (#5794)
• Fix bug in Product view when GitHub is enabled @damiencarol (#5758)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Fixed indentation/naming of two blocks in base.html @blakeaowens (#5746)
• Removal of is_staff for various functionalities @StefanFl (#5682)
• Make dashboard more modular @Maffooch (#5722)
• API: return stats for api (re)imports @valentijnscholten (#5635)