DefectDojo/django-DefectDojo 2.9.0

2.9.0 🌈

on GitHub

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.8.0

• Release: Merge back 2.9.0 into dev from: master-into-dev/2.9.0-2.10.0-dev @github-actions (#6132)
• Release: Merge release into master from: release/2.9.0 @github-actions (#6130)
• Deprecation notice for legacy authorization for configurations @StefanFl (#6058)
• Update Nuclei importer maintaining backwards compatibility @igorgomeszup (#6103)
• Automate helm labeling for PRs @dsever (#6115)
• HELM: Fix probes when SOCIAL_LOGIN_AUTO_REDIRECT is True @kiblik (#6102)
• Update parsers.md (Snyk support) @sguarin (#6081)
• Fix typos & deprecated methods @dsever (#6075)
• [FIX] Wrong Endpoint 'Date Discovered' @X0x1RG9f (#6079)
• [FIX] Typo fix on migrate_staff_users @TheocharisPetros (#6074)
• [FIX] Date erased when Finding created from Template @X0x1RG9f (#6065)
• fix docker entrypoint warnings on copying of settings @dsever (#6009)
• yarn: fix CWE parsing @valentijnscholten (#6000)
• merge master into dev @valentijnscholten (#5996)
• backport helm celery broker fix @valentijnscholten (#5995)
• add support_request template @valentijnscholten (#5984)
• Fix missing DD_CELERY_BROKER_PATH variable @dsever (#5990)
• Release: Merge back 2.8.0 into dev from: master-into-dev/2.8.0-2.9.0-dev @github-actions (#5981)

🚩 Changes to settings.dist.py / local_settings.py

• Add Hydra Parser @fhoeborn-cb (#6059)
• Show file selection dialogue in OpenAPI3 Swagger @StefanFl (#6098)
• Update settings.dist.py to force_auth for SAML2 @italvi (#6093)
• Finding group enhancements @dsever (#6053)
• Added GitHub & GitHub Enterprise - Social Auth Support @skattela (#5992)

🚩 Database migration

• Finding group enhancements @dsever (#6053)
• Endpoint: Remove endpoint.mitigated field @kiblik (#5953)
• WIP: Notification profile @dsever (#5824)
• Endpoint_status: fix reimport @kiblik (#5944)

🚀 General features and enhancements

• Update settings.dist.py to force_auth for SAML2 @italvi (#6093)

🚀 API features and enhancements

• APIv2: remove configuration_url from ToolConfigurationSerializer @kiblik (#6029)
• WIP: Notification profile @dsever (#5824)
• Endpoint_status: fix reimport @kiblik (#5944)

🐛 Bug Fixes

• Fix view tool product error @valentijnscholten (#6113)
• Show file selection dialogue in OpenAPI3 Swagger @StefanFl (#6098)
• npm/yarn audit: fix CWE parsing @valentijnscholten (#6016)

🧰 Maintenance

• Bump djangosaml2 from 1.4.0 to 1.5.0 @dependabot (#6116)
• Bump pillow from 9.0.1 to 9.1.0 @dependabot (#6118)
• Bump celery from 5.2.3 to 5.2.6 @dependabot (#6126)
• Bump jszip from 3.8.0 to 3.9.0 in /components @dependabot (#6127)
• Bump redis from 4.2.1 to 4.2.2 @dependabot (#6119)
• Bump moment from 2.29.1 to 2.29.2 in /components @dependabot (#6120)
• Bump nginx from 250c11e to 44e208a @dependabot (#6121)
• Bump pdfmake from 0.2.4 to 0.2.5 in /components @dependabot (#6112)
• Bump sqlalchemy from 1.4.32 to 1.4.34 @dependabot (#6109)
• Bump redis from 4.2.0 to 4.2.1 @dependabot (#6105)
• Bump jszip from 3.7.1 to 3.8.0 in /components @dependabot (#6106)
• chore(deps): update rabbitmq digest from 3.9.14 to 3.9.14-alpine (docker-compose.yml) @renovate (#6095)
• Bump nginx from 77cc350 to 250c11e @dependabot (#6090)
• Bump python-gitlab from 3.2.0 to 3.3.0 @dependabot (#6088)
• Bump minimist from 1.2.5 to 1.2.6 in /components @dependabot (#6085)
• Bump debugpy from 1.5.1 to 1.6.0 @dependabot (#6080)
• Bump redis from 4.1.4 to 4.2.0 @dependabot (#6076)
• chore(deps): update actions/download-artifact action from v2 to v3 (.github/workflows/k8s-testing.yml) @renovate (#5985)
• chore(deps): update dependency rabbitmq from 3.9.13 to v3.9.14 (docker-compose.yml) @renovate (#6056)
• Bump google-api-python-client from 2.41.0 to 2.42.0 @dependabot (#6063)
• Bump google-auth from 2.6.0 to 2.6.2 @dependabot (#6040)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.13.1 to v4.14.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#6042)
• Bump google-auth-oauthlib from 0.5.0 to 0.5.1 @dependabot (#6031)
• chore(deps): update actions/cache action from v2 to v3 (.github/workflows/release-2-tag-docker-push.yml) @renovate (#6045)
• Bump djangosaml2 from 1.3.6 to 1.4.0 @dependabot (#6047)
• Bump pytz from 2021.3 to 2022.1 @dependabot (#6048)
• Bump nginx from da9c94b to 77cc350 @dependabot (#6049)
• Bump drf-spectacular from 0.21.2 to 0.22.0 @dependabot (#6046)
• chore(deps): update dependency autoprefixer from 10.4.3 to v10.4.4 (docs/package.json) @renovate (#6027)
• chore(deps): update dependency postcss from 8.4.11 to v8.4.12 (docs/package.json) @renovate (#6028)
• Bump cryptography from 36.0.1 to 36.0.2 @dependabot (#6032)
• Bump google-api-python-client from 2.40.0 to 2.41.0 @dependabot (#6033)
• chore(deps): update postgres digest from 14.2 to 14.2-alpine (docker-compose.yml) @renovate (#6036)
• Bump urllib3 from 1.26.8 to 1.26.9 @dependabot (#6037)
• chore(deps): update redis digest from 6.2.6 to 6.2.6-alpine (docker-compose.yml) @renovate (#6039)
• chore(deps): update dependency autoprefixer from 10.4.2 to v10.4.3 (docs/package.json) @renovate (#6024)
• chore(deps): update dependency postcss from 8.4.8 to v8.4.11 (docs/package.json) @renovate (#6025)
• chore(deps): update helm/chart-testing-action action from v2.2.0 to v2.2.1 (.github/workflows/test-helm-chart.yml) @renovate (#6020)
• chore(deps): update mysql digest from 5.7.37 to v (docker-compose.yml) @renovate (#6017)
• chore(deps): update rabbitmq digest from 3.9.13 to 3.9.13-alpine (docker-compose.yml) @renovate (#6018)
• Update actions/setup-python action from v2 to v3 (.github/workflows/test-helm-chart.yml) @renovate (#5969)
• Bump google-api-python-client from 2.39.0 to 2.40.0 @dependabot (#6015)
• Update actions/checkout action from v2 to v3 (.github/workflows/unit-tests.yml) @renovate (#5980)
• Update actions/labeler action from v3 to v4 (.github/workflows/pr-labeler.yml) @renovate (#5983)
• Bump celery to 5.2.2 to 5.2.3 and django-celery-results 2.2.0 to 2.3.0 @dependabot (#5975)
• Update postgres commit hash from 14.2 to 14.2-alpine (docker-compose.yml) @renovate (#6006)
• Bump sqlalchemy from 1.4.31 to 1.4.32 @dependabot (#6001)
• Bump datatables.net-dt from 1.11.4 to 1.11.5 in /components @dependabot (#5976)
• Bump google-api-python-client from 2.38.0 to 2.39.0 @dependabot (#5974)
• Bump datatables.net from 1.11.4 to 1.11.5 in /components @dependabot (#5977)
• Update dependency postcss from 8.4.7 to v8.4.8 (docs/package.json) @renovate (#5998)
• Bump numpy from 1.22.2 to 1.22.3 @dependabot (#6005)
• Update release-drafter/release-drafter action from v5.18.1 to v5.19.0 (.github/workflows/release-drafter.yml) @renovate (#6002)
• base.html cleanup and formatting @Maffooch (#5997)
• Update helm values gcr.io/cloudsql-docker/gce-proxy from 1.28.1 to v1.29.0 (helm/defectdojo/values.yaml) @renovate (#5982)

🖌 Updates in UI

• Bulk notes @dsever (#6114)
• Fix view tool product error @valentijnscholten (#6113)
• [ADD] Allow HTML img tag resizing @X0x1RG9f (#6064)
• [FIX] Tags were not listed in the "All Products" page @X0x1RG9f (#6104)
• Finding group enhancements @dsever (#6053)
• [ADD] Finding from Template Shortcut @X0x1RG9f (#6073)
• Added GitHub & GitHub Enterprise - Social Auth Support @skattela (#5992)
• Endpoint: Remove endpoint.mitigated field @kiblik (#5953)
• WIP: Notification profile @dsever (#5824)
• base.html cleanup and formatting @Maffooch (#5997)
• First step to internationalization @shipko (#5760)