Merge pull request #11431 from DefectDojo/master-into-dev/2.41.2-2.42…

….0-dev

Release: Merge back 2.41.2 into dev from: master-into-dev/2.41.2-2.42.0-dev

.github/workflows/release-x-manual-helm-chart.yml

@@ -46,10 +46,8 @@ jobs:
           git config --global user.name "${{ env.GIT_USERNAME }}"
           git config --global user.email "${{ env.GIT_EMAIL }}"
       
-      - name: Install Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
-        with:
-          version: v3.4.0
+      - name: Set up Helm
+        uses: azure/[email protected]
 
       - name: Configure HELM repos
         run: |-

docker/setEnv.sh

@@ -40,7 +40,7 @@ function get_current {
 # Tell to which environments we can switch
 function say_switch {
     echo "Using '${current_env}' configuration."
-    for one_env in dev debug unit_tests integration_tests release
+    for one_env in dev unit_tests integration_tests release
     do
         if [ "${current_env}" != ${one_env} ]; then
             echo "-> You can switch to '${one_env}' with '${0} ${one_env}'"
@@ -118,7 +118,7 @@ function set_integration_tests {
 # Change directory to allow working with relative paths.
 cd "${target_dir}" || exit
 
-if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]]
+if [ ${#} -eq 1 ] && [[ 'dev unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]]
 then
     set_"${1}"
 else

docs/content/en/changelog/changelog.md

@@ -7,9 +7,17 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrate notes](../../open_source/upgrading/upgrading_guide).
 
+## Dec 9, 2024: v2.41.1
+
+- **(API)** When using the jira_finding_mappings API endpoint, trying to update a finding's Jira mapping with a Jira issue that is already assigned to another finding will now raise a validation error.
+- **(Beta UI)** A Test's Import History is now paginated by default.
+- **(Findings)** New Filter: 'Has Any JIRA' which accounts for Findings with single Issues or Findings that were pushed to Jira as part of a Group.
+- **(Classic UI)** Filters have been added to the Product Type view.  This is useful for when a single Product Type contains many Products which need to be filtered down.
+- **(Classic UI)** Reported Finding Severity by Month graph now tracks the X axis by month correctly.
+
 ## Dec 2, 2024: v2.41.0
 
-- **(Api)** `engagements/{id}/update_jira_epic` endpoint path added so that users can now push an updated Engagement to Jira, without creating a new Jira Epic.
+- **(API)** `engagements/{id}/update_jira_epic` endpoint path added so that users can now push an updated Engagement to Jira, without creating a new Jira Epic.
 - **(Beta UI)** Columns can now be reordered in tables, by clicking and dragging the column header.
 
 ![image](images/reorder-columns.png)
@@ -139,7 +147,7 @@ configuration fields.
 
 
 
-## Sept 9, 2024: v2.39.1
+## Sept 9, 2024: v2.38.1
 
 - **(Beta UI)**  Clearing a date filter and re-applying it no longer throws a 400 error.
 - **(Dashboard)**  Dashboard Tag Filters now work correctly in both legacy and beta UIs.  

docs/content/en/cloud_management/using-cloud-manager.md

@@ -16,11 +16,11 @@ This page allows you to request a [new, or additional Cloud instance](../set-up-
 The Subscription Management page shows all of your currently active Cloud instances, and allows you to configure the Firewall settings for each instance.
 
 ### Changing your Firewall Settings
-![image](images/Using_the_Cloud_Manager.png)
+![image](images/using_the_cloud_manager.png)
 
 Once on the **Edit Subscription** page, enter the IP Address, Mask, and Label for the rule you wish to add. If more than one firewall rule is needed, click **Add New Range** to create a new empty rule.
 
-![image](images/Using_the_Cloud_Manager_2.png)
+![image](images/using_the_cloud_manager_2.png)
 
 Here, you can also open your firewall to external services (GitHub & Jira Cloud).  You can also disable your firewall entirely, if you wish, by selecting **Proceed Without Firewall** from the menu.
 
@@ -37,14 +37,14 @@ Enter the email associated with the user's Cloud Portal account, and click Submi
 
 The Resources page contains a Contact Us form, which you can use to get in touch with our Support team.
 
-![image](images/Using_the_Cloud_Manager_3.png)
+![image](images/using_the_cloud_manager_3.png)
 
 ## Tools
 <https://cloud.defectdojo.com/external_tools/defectdojo-cli>
 
 The Tools page is one of the places where you can download external Pro tools, such as Universal Importer or DefectDojo CLI.  These tools are external add-ons which can be used to quickly build a command-line import pipeline in your network. For more information about these tools, see the [External Tools](../../connecting_your_tools/external_tools/) documentation.
 
-![image](images/Using_the_Cloud_Manager_6.png)
+![image](images/using_the_cloud_manager_6.png)
 
 
 ## Account Settings
@@ -62,7 +62,7 @@ The account settings page has four sections:
 
 Note that this will only add MFA to your DefectDojo Cloud login, not to the login for your DefectDojo app.
 
-![image](images/Using_the_Cloud_Manager_4.png)
+![image](images/using_the_cloud_manager_4.png)
 
 1. Begin by installing an Authenticator app which supports QR code authentication on your smartphone or computer.
 2. Once you've done this, click **Generate QR Code**.

docs/content/en/open_source/archived_docs/integrations/social-authentication.md

@@ -86,12 +86,24 @@ to be created. Closely follow the steps below to guarantee success.
     DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com', 'example.org']
     {{< /highlight >}}
 
+    As an environment variable: 
+
+    {{< highlight python >}}
+    DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = example.com,example.org
+    {{< /highlight >}}
+
     or
 
     {{< highlight python >}}
     DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = ['<[email protected]>']
     {{< /highlight >}}
 
+    As an environment variable: 
+
+    {{< highlight python >}}
+    DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [email protected],[email protected]
+    {{< /highlight >}}
+
 ## OKTA
 
 In a similar fashion to that of Google, using OKTA as a OAuth2 provider

docs/layouts/partials/head/script-header.html

@@ -1 +1,6 @@
 <!-- Insert scripts NOT needed by stylesheets here -->
+<!-- Start of Reo Javascript -->
+<script type="text/javascript">
+    !function(){var e,t,n;e="a92cfcfa51eca96",t=function(){Reo.init({clientID:"a92cfcfa51eca96"})},(n=document.createElement("script")).src="https://static.reo.dev/"+e+"/reo.js",n.async=!0,n.onload=t,document.head.appendChild(n)}();
+  </script>
+  <!-- End of Reo Javascript -->

dojo/settings/settings.dist.py

@@ -543,8 +543,8 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
 GOOGLE_OAUTH_ENABLED = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED")
 SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY")
 SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET")
-SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS")
-SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS")
+SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS", default=[""]))
+SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS", default=[""]))
 SOCIAL_AUTH_LOGIN_ERROR_URL = "/login"
 SOCIAL_AUTH_BACKEND_ERROR_URL = "/login"
 
@@ -1289,6 +1289,7 @@ def saml2_attrib_map_format(dict):
     "Invicti Scan": ["title", "description", "severity"],
     "HackerOne Cases": ["title", "severity"],
     "KrakenD Audit Scan": ["description", "mitigation", "severity"],
+    "Red Hat Satellite": ["description", "severity"],
 }
 
 # Override the hardcoded settings here via the env var
@@ -1533,6 +1534,7 @@ def saml2_attrib_map_format(dict):
     "Invicti Scan": DEDUPE_ALGO_HASH_CODE,
     "KrakenD Audit Scan": DEDUPE_ALGO_HASH_CODE,
     "PTART Report": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL,
+    "Red Hat Satellite": DEDUPE_ALGO_HASH_CODE,
 }
 
 # Override the hardcoded settings here via the env var

helm/defectdojo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.42.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.164-dev
+version: 1.6.165-dev
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap