DefectDojo/django-DefectDojo 2.8.0

2.8.0 🌈

on GitHub

We released an update of our Helm chart on 2022-03-04 to fix a problem with Celery not working (#5993). Defect Dojo itself is still at v2.8.0, but the Helm chart got bumped to 1.6.29.

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.7.1

• Release: Merge back 2.8.0 into dev from: master-into-dev/2.8.0-2.9.0-dev @github-actions (#5981)
• Release: Merge release into master from: release/2.8.0 @github-actions (#5979)
• Adds duroc hog to rusty hog @manuel-sommer (#5940)
• Docker-compose: Add mailhog to dc-debug + remove noise @kiblik (#5945)
• Fix indentation in docker-compose.override.debug.yml @kiblik (#5942)
• dc-up.sh: use correct message @kiblik (#5934)
• ChoctawHog was merged into RustyHog @manuel-sommer (#5930)
• Update Quickstart section @manuel-sommer (#5929)
• Doc: fix path in "Contributing/Parsers" @kiblik (#5925)
• Use fullnames on reviewer form @dsever (#5894)
• make JIRA authentication docs more explicit @valentijnscholten (#5890)
• upgrade python:3.8.12-slim-buster -> python:3.8.12-slim-bullseye @valentijnscholten (#5688)
• Release: Merge back 2.7.1 into dev from: master-into-dev/2.7.1-2.8.0-dev @github-actions (#5870)

💣 Breaking changes

• fix(helm): update redis keys @alles-klar (#5886)

🚩 Changes to settings.dist.py / local_settings.py

• Add StackHawk HawkScan webhook event parser @Bwvolleyball (#5941)
• main(docker): remove duplicated default envs from dockerfile @alles-klar (#5932)
• Use scan_type to determine hash_code and deduplication algorithms @StefanFl (#5903)
• harbor vulnscan deduplication algorithm #5926 @manuel-sommer (#5931)
• Flexible permissions for the configuration of DefectDojo are now active by default @StefanFl (#5916)
• Ignore warning from django-auditlog @StefanFl (#5883)

🚩 Database migration

• Harmonize user format @dsever (#5949)
• Make alert the default notification in API @dsever (#5882)

🚩 Security

• Bump django from 3.2.11 to 3.2.12 @dependabot (#5858)

🚀 General features and enhancements

• Add PostgreSQL as an option for Docker Compose @StefanFl (#5816)
• Kubernetes hostname changes @nobletrout (#5745)
• Make alert the default notification in API @dsever (#5882)

🚀 API features and enhancements

• APIv2: allow searching users by parameters 'is_active' and 'is_superuser' @kiblik (#5905)
• Make alert the default notification in API @dsever (#5882)

🐛 Bug Fixes

• Use scan_type to determine hash_code and deduplication algorithms @StefanFl (#5903)
• fix(helm): update redis keys @alles-klar (#5886)
• Remove host from links for custom reports @StefanFl (#5927)
• Sum Info findings as well in metrics severity count @Maffooch (#5902)
• Add Postgres NULL char validation/removal in Endpoint cleaning @Maffooch (#5899)
• fix sslyze test type name in sample data @valentijnscholten (#5900)
• Copy only *.py files from extra_settings @StefanFl (#5884)

🧰 Maintenance

• Bump python-gitlab from 3.1.1 to 3.2.0 @dependabot (#5968)
• main(docker): remove duplicated default envs from dockerfile @alles-klar (#5932)
• Update dependency postcss from 8.4.6 to v8.4.7 (docs/package.json) @renovate (#5961)
• Bump google-auth-oauthlib from 0.4.6 to 0.5.0 @dependabot (#5957)
• Bump google-api-python-client from 2.37.0 to 2.38.0 @dependabot (#5956)
• Update mysql commit hash from 5.7.37 to v (docker-compose.yml) @renovate (#5959)
• Update actions/setup-node action from v2 to v3 (.github/workflows/gh-pages.yml) @renovate (#5963)
• Bump lxml from 4.7.1 to 4.8.0 @dependabot (#5938)
• Bump gitpython from 3.1.26 to 3.1.27 @dependabot (#5946)
• Bump coverage from 6.3.1 to 6.3.2 @dependabot (#5947)
• Bump django-watson from 1.6.1 to 1.6.2 @dependabot (#5948)
• Update mysql commit hash from 5.7.37 to v5.7.37 (docker-compose.yml) @renovate (#5936)
• Update rabbitmq commit hash from 3.9.13 to 3.9.13-alpine (docker-compose.yml) @renovate (#5919)
• Update redis commit hash from 6.2.6 to 6.2.6-alpine (docker-compose.yml) @renovate (#5920)
• Update dependency postgres from 14.1 to v14.2 (docker-compose.yml) @renovate (#5921)
• Bump packageurl-python from 0.9.8.1 to 0.9.9 @dependabot (#5922)
• Bump redis from 4.1.3 to 4.1.4 @dependabot (#5923)
• Bump google-api-python-client from 2.36.0 to 2.37.0 @dependabot (#5896)
• Update rabbitmq commit hash from 3.9.13 to 3.9.13 (docker-compose.yml) @renovate (#5908)
• Bump packageurl-python from 0.9.7 to 0.9.8.1 @dependabot (#5910)
• Bump humanize from 3.14.0 to 4.0.0 @dependabot (#5911)
• Update actions/github-script action from v5 to v6 (.github/workflows/release-3-master-into-dev.yml) @renovate (#5901)
• main(docker): sync nginx and django docker baselayer @alles-klar (#5885)
• Bump packageurl-python from 0.9.6 to 0.9.7 @dependabot (#5888)
• Bump redis from 4.1.2 to 4.1.3 @dependabot (#5889)
• Ignore warning from django-auditlog @StefanFl (#5883)
• Bump numpy from 1.22.1 to 1.22.2 @dependabot (#5880)
• Bump djangosaml2 from 1.3.5 to 1.3.6 @dependabot (#5881)
• Update release-drafter/release-drafter action from v5.17.6 to v5.18.1 (.github/workflows/release-drafter.yml) @renovate (#5878)
• Bump django from 3.2.11 to 3.2.12 @dependabot (#5858)
• Bump clipboard from 2.0.9 to 2.0.10 in /components @dependabot (#5876)
• Bump pillow from 9.0.0 to 9.0.1 @dependabot (#5875)
• Bump coverage from 6.3 to 6.3.1 @dependabot (#5872)
• Update dependency postcss from 8.4.5 to v8.4.6 (docs/package.json) @renovate (#5866)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.28.0 to v1.28.1 (helm/defectdojo/values.yaml) @renovate (#5874)

🖌 Updates in UI

• Harmonize user format @dsever (#5949)
• Remove host from links for custom reports @StefanFl (#5927)
• Don't show 'all alerts' and 'clear all alerts' when no notification found @shipko (#5898)
• Flexible permissions for the configuration of DefectDojo are now active by default @StefanFl (#5916)