2.43.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.42.0

• Rename DD-Architecture.png to dd-architecture.png @paulOsinski (#11704)
• Docs Updates: CLI Tools / misc @paulOsinski (#11691)
• Edit defectdojo.com/pricing link @paulOsinski (#11678)
• feat(helm-local_settings): Add option to add local_settings.py @kiblik (#10803)
• Jira Epic Mapping: Support for the removal of Epic Name custom fields @Maffooch (#11690)
• feat(bash-script): Drop all dc- scripts @kiblik (#11649)
• feat(GHA): Pin azure/setup-helm @kiblik (#11493)
• Remove makemigrations from scripts @valentijnscholten (#11638)
• Changelog update 2.42.3 + fix docs image refs @paulOsinski (#11679)
• Ruff: Add already corrected rules @kiblik (#11648)
• AnchoreCTL_Vulns parser: removes URL and corrects mapping if no fix for mitigation field @maxi-bee (#11623)
• fix: Cleanup of old files and notes @kiblik (#11628)
• fix(webhook notif): Reorg docs, add 'ping' @kiblik (#11631)
• Fix to bump ruff to 0.9.3 @manuel-sommer (#11451)
• 🎉 advance NoseyParker to support version 0.22.0 @manuel-sommer (#11565)
• RustyHog: improve description and file_path @valentijnscholten (#11433)
• January wk 3/4 docs maintenance @paulOsinski (#11632)
• Fix Webhook notification test @cneill (#11629)
• Mend SCA Parser update @testaccount90009 (#11395)
• Wiz parser: Import findings regardless of status @valentijnscholten (#11585)
• Fixing openvas parser and including script_id for openvas and nmap @LeoOMaia (#11454)
• Log hashcode config not found @valentijnscholten (#11584)
• Reimport Legacy Reimport: Bump logging from debug to warning @Maffooch (#11566)
• Ruff: Fix DJ012 @kiblik (#11543)
• Add GHA updater for keep sample data at a reasonable date @Maffooch (#11593)
• Readme docs - followup PR @paulOsinski (#11525)
• Add Valentijn to dryrun exempt list @Maffooch (#11617)
• Pro Release Notes 2.42.2 @paulOsinski (#11611)
• Request Review does not apply RBAC in an expected way @hblankenship (#11545)
• fix(doc): Fix order for upgrade notes @kiblik (#11573)
• Mitigated On/Before/After now use DateTimeFilter @hblankenship (#11472)
• Adding annotations to different resources @veneber (#11467)
• Docs updates and QA - Jan 2025 @paulOsinski (#11568)
• Async Delete: Race condition bolstering @Maffooch (#11549)
• Handling "requires login" in "fingerprint" and "lines" fields of Semgrep JSON Report (issue #11480) @farsheedify (#11495)
• Add imageTags to AWS SecurityHub and Inspector2 parsers @hblankenship (#11517)
• Ruff: Fix RUF052 @kiblik (#11499)
• Adding range filters for EPSS @hblankenship (#11469)
• extract first boot portion of script @hblankenship (#11468)
• including test for Finding in xml parser @LeoOMaia (#11464)
• Kubescape: Reduce the size of steps to reproduce @maxi-bee (#11542)
• Ruff: Fix RUF056 @kiblik (#11501)
• Ruff: Fix D403 @kiblik (#11498)
• Ruff: Fix RUF051 @kiblik (#11497)
• Ruff: Fix RUF046 @kiblik (#11492)
• Make django service type configurable @jawadqur (#10660)
• update Pro changelog 2.42.0 @paulOsinski (#11518)
• Readme docs update @paulOsinski (#11516)

🚩 Changes to settings.dist.py / local_settings.py

• Django AuditLog: Upgrade to 3.x @Maffooch (#11592)
• Ruff: Fix PTH118, merge PTH11 @kiblik (#11503)
• Add different pro banner for databases over 100k findings and endpoints @Maffooch (#11665)
• New HCL AppScan on Cloud SAST parser @xpert98 (#11375)
• 🎉 make vulnids more robust @manuel-sommer (#11569)
• remove mysql leftover @manuel-sommer (#10694)
• Feature: Checkmarx Cxflow SAST parser @biennd279 (#9719)
• Ruff: Fix PTH100, merge PTH10 @kiblik (#11502)
• 🎉 add ALBA to vulnid @manuel-sommer (#11487)

🚩 Database migration

• feat(disclaimers): Split disclaimers @kiblik (#10902)
• Verified Status Toggle: Add Granularity @Maffooch (#11548)

🚀 API features and enhancements

• Prefetching multiple endpoints should return all prefetch models @hblankenship (#11546)
• fix(ruff_sim): Wrong handling non-file API import @kiblik (#11561)
• Fix unit tests @Maffooch (#11583)
• Notes on Findings for Simple Risk Acceptance @hblankenship (#11482)

🖌 Updates in UI

• Release 2.43.0: Merge Bugfix into Dev @rossops (#11722)
• Jira Template: Do not HTML encode before shipping to jira @Maffooch (#11640)
• Django AuditLog: Upgrade to 3.x @Maffooch (#11592)
• Import History: Make the absence of action more clear @Maffooch (#11637)
• Accessibility ergonomy filtering @littlesvensson (#11634)
• Fix: Add missing aria labels and roles to buttons, links, tables @littlesvensson (#11577)
• Make links in the login page visually obvious @oussama-taoufiq (#11474)
• feat(disclaimers): Split disclaimers @kiblik (#10902)
• View Alerts: Sanitize and mark safe @Maffooch (#11594)
• Added accessibility for the pagination snippet @littlesvensson (#11591)
• fix(notification): Use site_url in notification contexts @kiblik (#11077)

🧰 Maintenance

• Bump ruff from 0.9.2 to 0.9.4 @dependabot (#11699)
• Bump pytz from 2024.2 to 2025.1 @dependabot (#11698)
• Bump boto3 from 1.36.9 to 1.36.10 @dependabot (#11700)
• Bump boto3 from 1.36.8 to 1.36.9 @dependabot (#11692)
• Bump python-gitlab from 5.4.0 to 5.6.0 @dependabot (#11687)
• Bump boto3 from 1.36.7 to 1.36.8 @dependabot (#11686)
• chore(deps): update actions/setup-python action from v5.3.0 to v5.4.0 (.github/workflows/test-helm-chart.yml) @renovate (#11680)
• Bump python-gitlab from 5.3.1 to 5.4.0 @dependabot (#11682)
• Bump boto3 from 1.36.6 to 1.36.7 @dependabot (#11683)
• chore(deps): update actions/checkout action from v3 to v4 (.github/workflows/update-sample-data.yml) @renovate (#11671)
• Bump boto3 from 1.36.5 to 1.36.6 @dependabot (#11663)
• Bump openapitools/openapi-generator-cli from v7.10.0 to v7.11.0 @dependabot (#11662)
• chore(deps): update mccutchen/go-httpbin docker tag from v2.15.0 to v2.16.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#11658)
• chore(deps): update actions/setup-node action from v4.1.0 to v4.2.0 (.github/workflows/gh-pages.yml) @renovate (#11657)
• Bump boto3 from 1.36.4 to 1.36.5 @dependabot (#11635)
• chore(deps): update docker/build-push-action action from v6.12.0 to v6.13.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#11636)
• Bump asteval from 1.0.5 to 1.0.6 @dependabot (#11633)
• Bump boto3 from 1.36.3 to 1.36.4 @dependabot (#11624)
• fix(deps): update dependency @tabler/icons from 3.28.1 to v3.29.0 (docs/package.json) @renovate (#11612)
• Bump boto3 from 1.36.2 to 1.36.3 @dependabot (#11616)
• chore(deps): update dependency vite from 6.0.10 to v6.0.11 (docs/package.json) @renovate (#11604)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.3 to v1.37.4 (helm/defectdojo/values.yaml) @renovate (#11587)
• chore(deps): update helm release postgresql from 16.3.5 to ~16.4.0 (helm/defectdojo/chart.yaml) @renovate (#11609)
• Bump vite from 6.0.7 to 6.0.9 in /docs @dependabot (#11610)
• Update helm/chart-testing-action action from v2.6.1 to v2.7.0 (.github/workflows/test-helm-chart.yml) @renovate (#11601)
• Bump boto3 from 1.36.0 to 1.36.2 @dependabot (#11600)
• Bump asteval from 1.0.5 to 1.0.6 @dependabot (#11599)
• Update dependency vite from 6.0.7 to v6.0.10 (docs/package.json) @renovate (#11598)
• Update release-drafter/release-drafter action from v6.0.0 to v6.1.0 (.github/workflows/release-drafter.yml) @renovate (#11596)
• Bump vcrpy from 6.0.2 to 7.0.0 @dependabot (#11481)
• Bump django from 5.1.4 to 5.1.5 @dependabot (#11580)
• Update manusa/actions-setup-minikube action from v2.13.0 to v2.13.1 (.github/workflows/k8s-tests.yml) @renovate (#11582)
• Bump psycopg[c] from 3.2.3 to 3.2.4 @dependabot (#11579)
• Bump boto3 from 1.35.99 to 1.36.0 @dependabot (#11578)
• Update docker/build-push-action action from v6.11.0 to v6.12.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#11574)
• Bump gitpython from 3.1.43 to 3.1.44 @dependabot (#11489)
• Bump pillow from 11.0.0 to 11.1.0 @dependabot (#11488)
• Bump pdfmake from 0.2.17 to 0.2.18 in /components @dependabot (#11485)
• Bump django-debug-toolbar from 4.4.6 to 5.0.1 @dependabot (#11563)
• Bump django-environ from 0.11.2 to 0.12.0 @dependabot (#11564)
• Bump boto3 from 1.35.96 to 1.35.99 @dependabot (#11571)
• Bump django from 5.1.4 to 5.1.5 @dependabot (#11567)
• Update mikefarah/yq action from v4.44.6 to v4.45.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#11551)
• Bump nginx from 4152318 to 814a8e8 @dependabot (#11556)
• Update actions/upload-artifact action from v4.5.0 to v4.6.0 (.github/workflows/fetch-oas.yml) @renovate (#11547)
• Update softprops/action-gh-release action from v2.0.9 to v2.2.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#11515)
• Update stefanzweifel/git-auto-commit-action action from v5.0.1 to v5.1.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#11550)
• Update postgres:17.2-alpine Docker digest from 17.2 to 17.2-alpine (docker-compose.yml) @renovate (#11526)
• Update dependency @tabler/icons from 3.27.1 to v3.28.1 (docs/package.json) @renovate (#11527)
• Update docker/build-push-action action from v6.10.0 to v6.11.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#11529)
• Bump python-gitlab from 5.3.0 to 5.3.1 @dependabot (#11530)
• Update nginx/nginx-prometheus-exporter Docker tag from 1.4.0 to v1.4.1 (helm/defectdojo/values.yaml) @renovate (#11534)
• Bump sqlalchemy from 2.0.36 to 2.0.37 @dependabot (#11537)
• Bump boto3 from 1.35.93 to 1.35.96 @dependabot (#11538)
• Update eps1lon/actions-label-merge-conflict action from v3.0.2 to v3.0.3 (.gith...

2.42.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.42.2

• Fix Webhook notification test @cneill (#11629)
• Wiz parser: Import findings regardless of status @valentijnscholten (#11585)
• Fixing openvas parser and including script_id for openvas and nmap @LeoOMaia (#11454)
• Log hashcode config not found @valentijnscholten (#11584)
• Reimport Legacy Reimport: Bump logging from debug to warning @Maffooch (#11566)
• Add GHA updater for keep sample data at a reasonable date @Maffooch (#11593)
• Readme docs - followup PR @paulOsinski (#11525)
• Add Valentijn to dryrun exempt list @Maffooch (#11617)
• Pro Release Notes 2.42.2 @paulOsinski (#11611)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 make vulnids more robust @manuel-sommer (#11569)
• remove mysql leftover @manuel-sommer (#10694)

🚀 API features and enhancements

• Prefetching multiple endpoints should return all prefetch models @hblankenship (#11546)

🖌 Updates in UI

• Fix: Add missing aria labels and roles to buttons, links, tables @littlesvensson (#11577)
• View Alerts: Sanitize and mark safe @Maffooch (#11594)
• Added accessibility for the pagination snippet @littlesvensson (#11591)

🧰 Maintenance

• Bump asteval from 1.0.5 to 1.0.6 @dependabot (#11633)
• Bump vite from 6.0.7 to 6.0.9 in /docs @dependabot (#11610)

2.42.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.42.1

• Request Review does not apply RBAC in an expected way @hblankenship (#11545)
• fix(doc): Fix order for upgrade notes @kiblik (#11573)
• Mitigated On/Before/After now use DateTimeFilter @hblankenship (#11472)
• Adding annotations to different resources @veneber (#11467)
• Docs updates and QA - Jan 2025 @paulOsinski (#11568)
• Async Delete: Race condition bolstering @Maffooch (#11549)
• Handling "requires login" in "fingerprint" and "lines" fields of Semgrep JSON Report (issue #11480) @farsheedify (#11495)
• Add imageTags to AWS SecurityHub and Inspector2 parsers @hblankenship (#11517)
• Adding range filters for EPSS @hblankenship (#11469)
• including test for Finding in xml parser @LeoOMaia (#11464)
• update Pro changelog 2.42.0 @paulOsinski (#11518)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add ALBA to vulnid @manuel-sommer (#11487)

🚩 Database migration

• Verified Status Toggle: Add Granularity @Maffooch (#11548)

🚀 API features and enhancements

• fix(ruff_sim): Wrong handling non-file API import @kiblik (#11561)

🖌 Updates in UI

• fix(notification): Use site_url in notification contexts @kiblik (#11077)

🧰 Maintenance

• Bump django from 5.1.4 to 5.1.5 @dependabot (#11567)

2.42.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.42.0

• Readme docs update @paulOsinski (#11516)

2.42.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.41.0

• Fix image ref on README.md @paulOsinski (#11491)
• Docs maintenance - v2.41.4 @paulOsinski (#11484)
• Update JIRA for Finding Group When Risk Acceptance Expires @hblankenship (#11401)
• Add pro release notes for 2.41.4 @paulOsinski (#11483)
• update changelog, add changelog link to navbar @paulOsinski (#11465)
• Add EPSS score and percentile to generic csv parser @hblankenship (#11449)
• bump ruff to 0.8.1 @manuel-sommer (#11350)
• 2.41.1: docs maintenance @paulOsinski (#11413)
• fix typo in docs @manuel-sommer (#11387)
• Notifications: Convert to classes @Maffooch (#11296)
• [docs] Pro Docs release notes - 2.41.2 @paulOsinski (#11420)
• fix(helm): Unpin old HELM version @kiblik (#11363)
• Add uwsgi vars to docker-compose.yml @optimistic5 (#11186)
• fix(setEnv): remove debug from list @kiblik (#11374)
• feat(GHA): Add SHA pinning @kiblik (#11364)
• [docs] rename case-sensitive refs so that site builds correctly @paulOsinski (#11403)
• [docs] Pro Docs release notes - 2.41.1 @paulOsinski (#11402)
• [docs] add reo to script header @paulOsinski (#11396)
• Docs maintenance: remove external images, article QA + updates @paulOsinski (#11376)
• feat(parser: generic): Allow epss_* parameters @kiblik (#11293)
• Hotfix filenames @paulOsinski (#11368)
• fix(ruff): Fix RUF039 for v0.8.0 @kiblik (#11326)
• Update 2.36.md to fix typo's in version number @valentijnscholten (#11319)
• Ruff: Enable and fix RUF010 @kiblik (#11331)
• Ruff: Enable and fix RUF027 @kiblik (#11332)
• update Pro changelog 2.41.0 @paulOsinski (#11367)
• Request Review Notification Update to Usernames @hblankenship (#11295)
• Add a filter for Findings for Has Any JIRA (grouped or single) @hblankenship (#11313)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add CGA vulnid @manuel-sommer (#11441)
• Add Horusec Scan to Hashcode settings. @hblankenship (#11418)
• Qualys Hacker Guardian: Set Dedupe Config @Maffooch (#11442)
• fix(oauth2): google oauth2 whitelisting. @JGodin-C2C (#11372)
• 🐛 fix RHS deduplication @manuel-sommer (#11385)
• Settings SHA: The Removal @Maffooch (#11299)
• Add DTSA to vulnid @manuel-sommer (#11302)
• Add GLSA gentoo vulnid @manuel-sommer (#9813)

🚀 API features and enhancements

• Add Ordering to Test_Import API Endpoint @hblankenship (#11448)
• Allow None Option for Active/Verified on Import/Reimport to Mirror UI Options @hblankenship (#11447)
• Request/Response API CRUD Endpoints @hblankenship (#11365)
• Disallow multiple single-use notes on a single object @hblankenship (#11306)
• dissallow already linked issue @hblankenship (#11298)

🖌 Updates in UI

• Ruff: Add and fix S110 (+ merge all S1 rules) @kiblik (#11256)
• Add Filters to the Products under View Product Type @hblankenship (#11321)
• Update Reported Finding Severity by Month on the dashboard to be by month instead of day. @hblankenship (#11304)
• Add GLSA gentoo vulnid @manuel-sommer (#9813)

🧰 Maintenance

• Update dependency vite from 6.0.6 to v6.0.7 (docs/package.json) @renovate (#11494)
• Bump boto3 from 1.35.90 to 1.35.91 @dependabot (#11496)
• Bump python-gitlab from 5.2.0 to 5.3.0 @dependabot (#11475)
• Bump boto3 from 1.35.88 to 1.35.90 @dependabot (#11476)
• Bump boto3 from 1.35.87 to 1.35.88 @dependabot (#11473)
• Bump boto3 from 1.35.85 to 1.35.87 @dependabot (#11466)
• chore(deps): update dependency vite from 6.0.5 to v6.0.6 (docs/package.json) @renovate (#11471)
• Bump pdfmake from 0.2.16 to 0.2.17 in /components @dependabot (#11457)
• chore(deps): update dependency vite from 6.0.4 to v6.0.5 (docs/package.json) @renovate (#11445)
• Bump boto3 from 1.35.84 to 1.35.85 @dependabot (#11443)
• chore(deps): update dependency vite from 6.0.3 to v6.0.4 (docs/package.json) @renovate (#11439)
• Bump boto3 from 1.35.83 to 1.35.84 @dependabot (#11440)
• Bump python-gitlab from 5.1.0 to 5.2.0 @dependabot (#11438)
• Bump boto3 from 1.35.82 to 1.35.83 @dependabot (#11437)
• chore(deps): update actions/upload-artifact action from v4.4.3 to v4.5.0 (.github/workflows/fetch-oas.yml) @renovate (#11436)
• Bump boto3 from 1.35.81 to 1.35.82 @dependabot (#11434)
• Bump pycurl from 7.45.3 to 7.45.4 @dependabot (#11417)
• Bump nanoid from 3.3.7 to 3.3.8 in /docs @dependabot (#11421)
• Bump pdfmake from 0.2.15 to 0.2.16 in /components @dependabot (#11428)
• chore(deps): update docker/setup-buildx-action action from v3.7.1 to v3.8.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#11427)
• Bump vobject from 0.9.8 to 0.9.9 @dependabot (#11426)
• Bump boto3 from 1.35.78 to 1.35.81 @dependabot (#11425)
• fix(deps): update dependency @tabler/icons from 3.24.0 to v3.26.0 (docs/package.json) @renovate (#11423)
• chore(deps): update helm release postgresql from 16.2.5 to ~16.3.0 (helm/defectdojo/chart.yaml) @renovate (#11406)
• chore(deps): update mikefarah/yq action from v4.44.5 to v4.44.6 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#11409)
• chore(deps): update softprops/action-gh-release action from v2.1.0 to v2.2.0 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#11412)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.2 to v1.37.3 (helm/defectdojo/values.yaml) @renovate (#11411)
• chore(deps): update actions/cache action from v4.1.2 to v4.2.0 (.github/workflows/gh-pages.yml) @renovate (#11410)
• Bump boto3 from 1.35.76 to 1.35.78 @dependabot (#11407)
• Bump nginx from 5acf10c to 4152318 @dependabot (#11391)
• chore(deps): update postgres:17.2-alpine docker digest from 17.2 to 17.2-alpine (docker-compose.yml) @renovate (#11397)
• Bump boto3 from 1.35.73 to 1.35.76 @dependabot (#11377)
• chore(deps): update dependency vite from 6.0.2 to v6.0.3 (docs/package.json) @renovate (#11380)
• chore(deps): update actions/configure-pages action from v4 to v5 (.github/workflows/gh-pages.yml) @renovate (#11329)
• fix(deps): update dependency @tabler/icons from 3.23.0 to v3.24.0 (docs/package.json) @renovate (#11360)
• chore(deps): update nginx/nginx-prometheus-exporter docker tag from 1.3.0 to v1.4.0 (helm/defectdojo/values.yaml) @renovate (#11373)
• chore(deps): update dependency prettier from 3.4.1 to v3.4.2 (docs/package.json) @renovate (#11370)
• Bump redis from 5.2.0 to 5.2.1 @dependabot (#11381)
• Bump django from 5.1.3 to 5.1.4 @dependabot (#11378)
• Bump drf-spectacular from 0.27.2 to 0.28.0 @dependabot (#11352)
• Bump boto3 from 1.35.71 to 1.35.73 @dependabot (#11362)
• Bump nginx from 1.27.2-alpine to 1.27.3-alpine @dependabot (#11355)
• Bump drf-spectacular-sidecar from 2024.11.1 to 2024.12.1 @dependabot (#11354)
• chore(deps): update dependency vite from 6.0.1 to v6.0.2 (docs/package.json) @renovate (#11351)

2.41.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.41.3

• update changelog, add changelog link to navbar @paulOsinski (#11465)
• Add EPSS score and percentile to generic csv parser @hblankenship (#11449)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add CGA vulnid @manuel-sommer (#11441)

🚀 API features and enhancements

• Allow None Option for Active/Verified on Import/Reimport to Mirror UI Options @hblankenship (#11447)

2.41.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.41.2

• 2.41.1: docs maintenance @paulOsinski (#11413)
• fix typo in docs @manuel-sommer (#11387)
• Notifications: Convert to classes @Maffooch (#11296)
• [docs] Pro Docs release notes - 2.41.2 @paulOsinski (#11420)

🚩 Changes to settings.dist.py / local_settings.py

• Add Horusec Scan to Hashcode settings. @hblankenship (#11418)
• Qualys Hacker Guardian: Set Dedupe Config @Maffooch (#11442)

🧰 Maintenance

• Bump nanoid from 3.3.7 to 3.3.8 in /docs @dependabot (#11421)

2.41.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.41.1

• fix(helm): Unpin old HELM version @kiblik (#11363)
• fix(setEnv): remove debug from list @kiblik (#11374)
• [docs] rename case-sensitive refs so that site builds correctly @paulOsinski (#11403)
• [docs] Pro Docs release notes - 2.41.1 @paulOsinski (#11402)
• [docs] add reo to script header @paulOsinski (#11396)

🚩 Changes to settings.dist.py / local_settings.py

• fix(oauth2): google oauth2 whitelisting. @JGodin-C2C (#11372)
• 🐛 fix RHS deduplication @manuel-sommer (#11385)

2.41.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.41.0

• Docs maintenance: remove external images, article QA + updates @paulOsinski (#11376)
• feat(parser: generic): Allow epss_* parameters @kiblik (#11293)
• Hotfix filenames @paulOsinski (#11368)
• update Pro changelog 2.41.0 @paulOsinski (#11367)
• Request Review Notification Update to Usernames @hblankenship (#11295)
• Add a filter for Findings for Has Any JIRA (grouped or single) @hblankenship (#11313)

🚩 Changes to settings.dist.py / local_settings.py

• Settings SHA: The Removal @Maffooch (#11299)
• Add DTSA to vulnid @manuel-sommer (#11302)

🚀 API features and enhancements

• Disallow multiple single-use notes on a single object @hblankenship (#11306)
• dissallow already linked issue @hblankenship (#11298)

🖌 Updates in UI

• Update Reported Finding Severity by Month on the dashboard to be by month instead of day. @hblankenship (#11304)

2.41.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.40.0

• Fix sarif parser location files processing @dmarushkin (#11265)
• OS Docs Overhaul - theming change, many new articles @paulOsinski (#11258)
• cleanup(helm): Drop support for TCP/3000 @kiblik (#11274)
• fix(components/node_modules): put .gitkeep back - fix warning @kiblik (#11309)
• Update CheckMarx One parser for imports where description is None @hblankenship (#11308)
• 🐛 fix trivyoperator tags @manuel-sommer (#11276)
• Ruff: Add and fix A005 @kiblik (#11275)
• Ruff: Add FIX001 and FIX003 @manuel-sommer (#10240)
• AnchoreCTL Policies: Additional checks for severity in description @hblankenship (#11269)
• chore(helm): implement readinessProbe and startupProbe for uwsgi container @fcecagno (#10506)
• Ruff: Fix for version 0.7.4 @kiblik (#11270)
• Add new Mend Platform API 3.0 file types to existing Mend parser @testaccount90009 (#11259)
• 🎉 Add Trivy Operator clustercompliance report @manuel-sommer (#11279)
• Harmonize helm @JGodin-C2C (#11168)
• prowler_v4.py Prowler v4.5.0 changed the 'event_time' key with 'time_dt' @ivan-morhun (#11213)
• docs(helm): add documentation about installation and external databas… @leofvo (#11015)
• Ruff: Add and fix PTH122 @manuel-sommer (#11255)
• fix(helm): set cloudsql-proxy as sidecar container to allow initializer and dbmigration to run @jndeverteuil (#10824)
• 🎉 All Trivy Operator findings in one json @manuel-sommer (#11252)
• feat(helm): Allow to keep initializer if requested @kiblik (#11257)
• 🐛 fix bearer_cli #11245 @manuel-sommer (#11248)
• Fix nuclei parser: invalid CWEs @fopina (#11232)
• Ruff: Add and "fix" S106 @kiblik (#11193)
• Ruff: Add and fix PTH112 @manuel-sommer (#11195)
• Ruff: Add and fix S108 @kiblik (#11192)
• GHA Artifacts: Update to v4 @Maffooch (#11205)
• fix(helm): add missing env config on job @leofvo (#11016)
• feat(helm): Add support for staticName for initializer @kiblik (#11237)
• 🐛 fix semgrep severity logic #11218 @manuel-sommer (#11219)
• 🐛 Fix Defender broken Endpoint #11217 @manuel-sommer (#11212)
• datetime.utcnow() is scheduled for removal @manuel-sommer (#11209)
• datetime.utcfromtimestamp() is scheduled for removal @manuel-sommer (#11208)
• 🐛 fix Acunetix date #11206 @manuel-sommer (#11207)
• Ruff: Add and fix S105 @kiblik (#11068)
• Ruff: Add and fix multiple flake8-use-pathlib @manuel-sommer (#11099)
• Ruff: Add and fix D411 @kiblik (#11064)
• Ruff: Add and "fix" S104 @kiblik (#11067)

🚩 Changes to settings.dist.py / local_settings.py

• add RLBA to vulnid @manuel-sommer (#11271)
• Fix nuclei deduplication @fopina (#11277)
• Mobsfscan report files parsing fix @dmarushkin (#11278)
• 🔨 rework kubescape parser @manuel-sommer (#11229)
• feat(DD_DEDUPLICATION_ALGORITHM_PER_PARSER + DD_HASHCODE_FIELDS_PER_SCANNER): Add checker of values @kiblik (#11244)
• add RLSA to vulnid @manuel-sommer (#11251)
• Refactor mobsf parser for v4 reports @dmarushkin (#11056)
• Ruff: Add and fix PTH120 @manuel-sommer (#11201)
• Ruff: Add and fix PTH113 @manuel-sommer (#11194)
• Ruff: Add and fix S113 @kiblik (#11198)
• 🎉 Add DSA vulnid @manuel-sommer (#11238)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
• Burp Enterprise: Support newer format @Maffooch (#11220)
• add TEMP to vulnid @manuel-sommer (#11180)

🚀 API features and enhancements

• Ruff: add and fix some SIM rules @kiblik (#10926)
• Ruff: Fix Ruff FURB189 on bugfix @manuel-sommer (#11290)
• DojoMeta: Ability to create or update multiple objects in batch @hblankenship (#11268)
• API to Link an EngagementQuestionnaire's unanswered Answered_Survey to an Engagement @hblankenship (#11226)
• 🐛 fix Bump ruff from 0.7.2 to 0.7.3 @manuel-sommer (#11224)
• API: Engagement update jira epic @raouf-haddada (#11234)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• FileUpload Base64 extension fix @hblankenship (#11203)
• Ruff: Add and fix D413 @kiblik (#11065)

🐛 Bug Fixes

• Importers: Force tags to lowercase @Maffooch (#11221)

🖌 Updates in UI

• Ruff: add and fix some SIM rules @kiblik (#10926)
• Allow sorting endpoints by ID @fopina (#11228)
• Update audit log with actual requested reviewers @hblankenship (#11289)
• 🔨 rework kubescape parser @manuel-sommer (#11229)
• Display reviewers on finding pages. @pedrohdjs (#11165)
• 🎉 Make Trivy Operator K8s vulnids consistent @manuel-sommer (#11188)
• Burp Enterprise: Support newer format @Maffooch (#11220)
• add engagement closed MS teams, Email, Alert, and Slack template @hblankenship (#11204)

🧰 Maintenance

• Bump cryptography from 43.0.3 to 44.0.0 @dependabot (#11346)
• Bump boto3 from 1.35.70 to 1.35.71 @dependabot (#11344)
• fix(deps): update dependency @tabler/icons from 3.22.0 to v3.23.0 (docs/package.json) @renovate (#11348)
• Bump pyjwt from 2.10.0 to 2.10.1 @dependabot (#11345)
• Bump python-gitlab from 5.0.0 to 5.1.0 @dependabot (#11343)
• Update dependency vite from 6.0.0 to v6.0.1 (docs/package.json) @renovate (#11337)
• Bump boto3 from 1.35.69 to 1.35.70 @dependabot (#11338)
• chore(deps): update dependency prettier from 3.3.3 to v3.4.1 (docs/package.json) @renovate (#11330)
• chore(deps): update dependency vite from 5.4.11 to v6 (docs/package.json) @renovate (#11333)
• Bump boto3 from 1.35.68 to 1.35.69 @dependabot (#11335)
• Bump boto3 from 1.35.67 to 1.35.68 @dependabot (#11318)
• chore(deps): update postgres docker tag from 17.1 to v17.2 (docker-compose.yml) @renovate (#11316)
• Bump boto3 from 1.35.66 to 1.35.67 @dependabot (#11312)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.1 to v1.37.2 (helm/defectdojo/values.yaml) @renovate (#11307)
• Bump boto3 from 1.35.64 to 1.35.66 @dependabot (#11303)
• Bump boto3 from 1.35.63 to 1.35.64 @dependabot (#11292)
• Bump openapitools/openapi-generator-cli from v7.9.0 to v7.10.0 @dependabot (#11283)
• Bump nginx from 2140dad to 74175cf @dependabot (#11282)
• Bump pyjwt from 2.9.0 to 2.10.0 @dependabot (#11280)
• Bump boto3 from 1.35.62 to 1.35.63 @dependabot (#11281)
• Update postgres Docker tag from 17.0 to v17.1 (docker-compose.yml) @renovate (#11264)
• Bump boto3 from 1.35.60 to 1.35.62 @dependabot (#11267)
• Update Helm release postgresql from 16.1.2 to ~16.2.0 (helm/defectdojo/Chart.yaml) @renovate (#11260)
• Bump boto3 from 1.35.59 to 1.35.60 @dependabot (#11262)
• Bump boto3 from 1.35.58 to 1.35.59 @dependabot (#11253)
• Update dependency postcss from 8.4.47 to v8.4.49 (docs/package.json) @renovate (#11230)
• Update postgres:17.0-alpine Docker digest from 17.0 to 17.0-alpine (docker-compose.yml) @renovate (#11239)
• Bump boto3 from 1.35.56 to 1.35.58 @dependabot (#11242)
• Bump boto3 from 1.35.55 to 1.35.56 @dependabot (#11223)
• Bump boto3 from 1.35.54 to 1.35.55 @dependabot (#11214)
• Bump django from 5.1.2 to 5.1.3 @dependabot (#11197)
• Bump pdfmake from 0.2.14 to 0.2.15 in /components @dependabot (#11185)
• Bump ruff from 0.7.1 to 0.7.2 @dependabot (#11184)
• Bump boto3 from 1.35.53 to 1.35.54 @dependabot (#11183)