2.37.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.36.0

• fix(multiselectfield): Use original repo @kiblik (#10420)
• Feature addition: Wizcli Parser @OsamaMahmood (#10603)
• Parser name matches module name test @cneill (#10656)
• remove coverage from requirements.txt @manuel-sommer (#10565)
• 🐛 fix Bearer CLI missing Scan Type #10652 @manuel-sommer (#10654)
• remove defusedxml in favor of lxml @manuel-sommer (#9840)
• 🐛 extend aqua format issue #10611 @manuel-sommer (#10616)
• feat(initContainer): Tune start-up process @kiblik (#10454)
• remove outdated skip_duplicates API reference from docs @paulOsinski (#10615)
• Aqua: Update parser deduplication criteria 🐛 @manuel-sommer (#10595)
• Aqua: Improve exception handling for reports without vulnerabilities 🐛 @manuel-sommer (#10594)
• Test Types: Return support for disabling test types via the active flag @Maffooch (#10562)
• fix: Dockerfile warnings @fcecagno (#10505)
• Import: leverage the minimum severity flag @Maffooch (#10550)
• Bulk Edit: Add note when pushing finding to jira @Maffooch (#10545)
• Fix(django): Upgrade of 4.2.14 @kiblik (#10553)
• fix(deps): build psycopg3 instead of using pre-build binary @gietschess (#10491)
• Allow setting --max-fd argument to uwsgi to stop it from getting OOMKilled in Kubernetes @tmablunar (#10384)
• fix(flake8): remove leftover @kiblik (#10539)
• Ruff: add and fix G1 and G2 @kiblik (#10088)
• fix(doc): Breaking Change for HELM deployments with PostgreSQL @kiblik (#10524)
• Ruff: Address migrations, reduce redundancy, and remove Flake8 @Maffooch (#10494)
• Direct Renovate to ignore MySQL and RabbitMQ packages @cneill (#10512)
• fix(docker-compose): Remove 'version' from docker-compose @kiblik (#10519)
• fix(doc): Disable markup.highlight.guessSyntax + enable mermaid @kiblik (#10509)
• fix(helm-psql): Drop pinning of old version of postgresql @kiblik (#10507)
• extend AWS prowler v3 parser @kagahd (#10372)
• Feat(psql): Use psycopg3 @kiblik (#10348)
• fix(helm-celery): Drop unused variable logLevel @kiblik (#10468)
• Revert "Shuffle tests" @Maffooch (#10495)
• Ruff: add and fix TID @kiblik (#10113)

💣 Breaking Changes

• Remove MySQL and RabbitMQ @Maffooch (#10661)

🚩 Changes to settings.dist.py / local_settings.py

• Remove MySQL and RabbitMQ @Maffooch (#10661)
• Add new parser - Rapplex @AlperenY-cs (#10202)
• New Parser: Kiuwan SCA @mwager (#10522)
• Deprecate Python-jose and migrate okta to python_social_auth @manuel-sommer (#10117)
• 🐛 fix typo in settings.disty.py, #10529 @manuel-sommer (#10534)
• Ruff: Add and fix Q000 @kiblik (#10095)
• Ruff: add and fix COM @kiblik (#10086)

🚩 Database migration

• Listing Tables: Add toggle switch in system settings @Maffooch (#10617)

🚀 General features and enhancements

• Rest Framework Tests: Improve speed and repeatability @Maffooch (#10503)

🚀 API features and enhancements

• Remove MySQL and RabbitMQ @Maffooch (#10661)
• Uploaded File Management: Centralize file serving and bolster error handling @Maffooch (#10638)
• Ruff: add and fix T20 @kiblik (#10091)
• /import helptext correction: endpoint_to_add @paulOsinski (#10582)
• Ruff: Add and fix Q000 @kiblik (#10095)
• fix(api-notif): Fix order of validators @kiblik (#10533)
• API: Convert get_filterset calls to get_queryset @Maffooch (#10543)
• Rest Framework Tests: Improve speed and repeatability @Maffooch (#10503)
• Ruff: add and fix COM @kiblik (#10086)
• Mark Finding properties related_fields, jira_creation and jira_change as nullable @ccronca (#10371)
• Ruff: add and fix Q (except Q000) @kiblik (#10094)

🐛 Bug Fixes

• Report ToC: Expand on whitespace escaping @Maffooch (#10646)
• Importer: Correct logic bug for empty scan reports @Maffooch (#10645)
• Refresh Helm Chart Lock File: The removal @Maffooch (#10641)
• Benchmarks: Add additional permissions for AJAX calls @Maffooch (#10640)
• Finding notes cascading deletes @dogboat (#10636)
• Engagement: Add missing permission check to view an Engagement @Maffooch (#10639)
• Uploaded File Management: Centralize file serving and bolster error handling @Maffooch (#10638)
• Update Qualys WebApp parser to use DefusedXML @Maffooch (#10637)
• Option Compression: Accommodate unsaved objects a bit better @Maffooch (#10623)
• Finding Open/Close/Review: Enforce more status standardization @Maffooch (#10606)
• Option Compression: add some polish @Maffooch (#10583)
• Close Findings: Push notes if push notes is enabled @Maffooch (#10581)
• Endpoint get or create: Do not raise warning when there is an existing endpoint @Maffooch (#10555)

🖌 Updates in UI

• Bugfix -> Dev for 2.37.0 @Maffooch (#10677)
• report-builder-sort-fixes Fix report builder finding and endpoints widgets @dogboat (#10650)
• Cosmetic UX change - clickable product metrics - redirect to findings with severity filter @KJana12 (#10613)
• Groups/users labels text @dogboat (#10663)
• Report ToC: Expand on whitespace escaping @Maffooch (#10646)
• creds-notes-fixes Some updates to creds/cred-related notes @dogboat (#10644)
• Listing Tables: Add toggle switch in system settings @Maffooch (#10617)
• Delete Preview: Expand on missed objects @Maffooch (#10564)
• Some Reporting Updates @dogboat (#10563)
• Ruff: Add and fix Q000 @kiblik (#10095)
• Ruff: add and fix COM @kiblik (#10086)
• Ruff: add and fix Q (except Q000) @kiblik (#10094)
• Ruff: add and fix PIE @kiblik (#10090)

🧰 Maintenance

• Remove MySQL and RabbitMQ @Maffooch (#10661)
• chore(deps): update dependency autoprefixer from 10.4.19 to v10.4.20 (docs/package.json) @renovate (#10672)
• Bump asteval from 1.0.1 to 1.0.2 @dependabot (#10671)
• Bump pyjwt from 2.8.0 to 2.9.0 @dependabot (#10670)
• Bump boto3 from 1.34.151 to 1.34.152 @dependabot (#10669)
• Bump redis from 5.0.7 to 5.0.8 @dependabot (#10659)
• Bump boto3 from 1.34.150 to 1.34.151 @dependabot (#10658)
• Bump boto3 from 1.34.149 to 1.34.150 @dependabot (#10653)
• Bump nginx from a45ee5d to 208b70e @dependabot (#10643)
• Bump ruff from 0.5.4 to 0.5.5 @dependabot (#10635)
• Bump boto3 from 1.34.148 to 1.34.149 @dependabot (#10634)
• Bump boto3 from 1.34.147 to 1.34.148 @dependabot (#10632)
• Bump packageurl-python from 0.15.4 to 0.15.6 @dependabot (#10633)
• Update redis:7.2.5-alpine Docker digest from 7.2.5 to 7.2.5-alpine (docker-compose.yml) @renovate (#10609)
• Update dependency postcss from 8.4.39 to v8.4.40 (docs/package.json) @renovate (#10624)
• Update nginx/nginx-prometheus-exporter Docker tag from 1.2.0 to v1.3.0 (helm/defectdojo/values.yaml) @renovate (#10625)
• Update postgres:16.3-alpine Docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10608)
• Bump boto3 from 1.34.145 to 1.34.147 @dependabot (#10621)
• Bump django-crispy-forms from 2.2 to 2.3 @dependabot (#10601)
• Bump cryptography from 42.0.8 to 43.0.0 @dependabot (#10599)
• Bump ruff from 0.5.3 to 0.5.4 @dependabot (#10600)
• Bump ruff from 0.5.2 to 0.5.3 @dependabot (#10588)
• Bump boto3 from 1.34.144 to 1.34.145 @dependabot (#10587)
• Bump vulners from 2.1.7 to 2.2.0 @dependabot (#10579)
• Bump python-gitlab from 4.7.0 to 4.8.0 @dependabot (#10580)
• Bump fontawesomefree from 6.5.1 to 6.6.0 @dependabot (#10578)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.35.4 to v1.36.0 (helm/defectdojo/values.yaml) @renovate (#10577)
• Bump justgage from 1.6.1 to 1.7.0 in /components @dependabot (#10574)
• Bump ruff from 0.5.1 to 0.5.2 @dependabot (#10567)
• Bump boto3 from 1.34.143 to 1.34.144 @dependabot (#10569)
• Bump packageurl-python from 0.15.3 to 0.15.4 @dependabot (#10570)
• Bump social-auth-app-django from 5.4.1 to 5.4.2 @dependabot (#10568)
• Bump coverage from 7.5.4 to 7.6.0 @dependabot (#10560)
• Bump asteval from 1.0.0 to 1.0.1 @dependabot (#10561)
• Bump djangorestframework from 3.14.0 to 3.15.2 @dependabot (#10431)
• Bump boto3 from 1.34.142 to 1.34.143 @dependabot (#10558)
• Bump django-debug-toolbar from 4.4.5 to 4.4.6 @dependabot (#10557)
• Bump boto3 from 1.34.141 to 1.34.142 @dependabot (#10551)
• Bump packageurl-python from 0.15.2 to 0.15.3 @dependabot (#10541)
• Bump boto3 from 1.34.140 to 1.34.141 @dependabot (#10542)
• Bump django-debug-toolbar from 4.4.4 to 4.4.5 @dependabot (#10527)
• Bump openapitools/openapi-generator-cli from v7.6.0 to v7.7.0 @dependabot (#10531)
• Bump boto3 from 1.34.139 to 1.34.140 @dependabot (#10528)
• Bump django-split-settings from 1.3.1 to 1.3.2 @dependabot (#10526)
• Bump humanize from 4.9.0 to 4.10.0 @dependabot (#10525)
• Update dependency ruff from 0.5.0 to v0.5.1 (requirements-lint.txt) @renovate (#10521)
• Bump django-debug-toolbar from 4.4.2 to 4.4.4 @dependabot (#10520)
• Bump boto3 from 1.34.138 to 1.34.139 @dependabot (#10518)
• Bump psycopg[binary] from 3.1.19 to 3.2.1 @dependabot (#10517)
• Bump packageurl-python from 0.15.1 to 0.15.2 @dependabot (#10516)
• Bump boto3 from 1.34.137 to 1.34.138 @dependabot (#10508)
• Bump boto3 from 1.34.136 to 1.34.137 @dependabot (#10489)
• Bump asteval from 0.9.33 to 1.0.0 @dependabot (#10488)
• Bump drf-spectacular-sidecar from 2024.6.1 to 2024.7.1 @dependabot (#10479)
• Bump pillow from 10.3.0 to 10.4.0 @dependabot (#10482)
• Update dependency postcss from 8.4.38 to v8.4.39 (docs/package.json) @renovate (#10476)
• Bump openpyxl from 3.1.4 to 3.1.5 @dependabot (#10478)
• Bump django-test-migrations from 1.3.0 to 1.4.0 @dependabot (#10481)
• Bump boto3 from 1.34.135 to 1.34.136 @dependabot (#10480)
• Update dependency ruff from 0.4.10 to v0.5.0 (requirements-lint.txt) @renovate (#10466)
• Bump python-gitlab from 4.6.0 to 4.7.0 @dependabot (#10469)
• Update Helm release redis from 19.5.5 to ~19.6.0 (helm/defectdojo/Chart.yaml) @renovate (#10461)