Releases: DefectDojo/django-DefectDojo
Releases · DefectDojo/django-DefectDojo
1.14.0 🌈
Changes since 1.13.0
💣 Breaking changes
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
🚩 Requires settings change or database migration
- Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
- SonarQube api: allow retrieval of all issue types @dsever (#4068)
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- Authorization V2: authorization for products @StefanFl (#3926)
- Make the Django session duration configurable @bgoareguer (#3998)
- Removal of automatic nmap scans @StefanFl (#3993)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
- JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
- Add configurable disclaimer to notifications and reports @Maffooch (#3914)
🚀 New importers
- Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
- Add new parser - Wfuzz @SPoint42 (#4030)
- Nikto parser: add support for JSON format @damiencarol (#4097)
- Add PMD Parser @jis0324 (#4027)
🚀 General features and enhancements
- Authorization V2: Engagements and Tests @StefanFl (#4092)
- Publish the Helm chart tarball with each release @bgoareguer (#3849)
- Cookie cutter template parser for new scanners @aaronweaver (#4165)
- alert count: don't get them on every dropdown click @valentijnscholten (#4149)
- allow non-staff users to perform bulk edit @valentijnscholten (#4148)
- SARIF: support date of findings @damiencarol (#4111)
- allow jira reconciliation to run through celerybeat @valentijnscholten (#4110)
- Improve GitLab Dependency Scanning hash code configuration @macedogm (#3873)
- prefetch for engagements all page @valentijnscholten (#4033)
- Nexpose parser: Process all hosts + add Endpoint(and protocol) + add new reference links + test @kiblik (#4082)
- SonarQube api: allow retrieval of all issue types @dsever (#4068)
- Burp REST API: implement de-duplication and request/response @damiencarol (#4025)
- add missing ordering for api filters @valentijnscholten (#4054)
- Nexpose dedup settings @dsever (#4060)
- JIRA status reconciliation management command @valentijnscholten (#3957)
- Hash code deduplication for GitLab SAST and Checkov @StefanFl (#4055)
- Update Aqua-scanner import for CVSS3 finding field @SPoint42 (#4046)
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- Authorization V2: authorization for products @StefanFl (#3926)
- Updates Bulk Edit status combination/validation for Findings @blakeaowens (#3994)
- Anchore Grype parser: add deduplication @damiencarol (#4013)
- Performance improvement for engagements_all view @danielnaab (#3966)
- Update spotbugs parser @SPoint42 (#3906)
- Make the Django session duration configurable @bgoareguer (#3998)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
- JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
- Quick report based on current finding filters @Maffooch (#3927)
- TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
- [GHA] Lint helm charts @madchap (#3948)
- Let users not configure personal notifications to Microsoft Teams @StefanFl (#3930)
- Add configurable disclaimer to notifications and reports @Maffooch (#3914)
- Helm mount ca volume, ingress spec @dsever (#3912)
- Docker volume for media files @StefanFl (#3954)
🚀 API features and enhancements
- api docs: switch back to supported drf-yasg @valentijnscholten (#4095)
🐛 Bug Fixes
- Fix: Nexpose ref URL format @dsever (#4166)
- jira: fix crash on invalid credentials @valentijnscholten (#4164)
- alert count: don't get them on every dropdown click @valentijnscholten (#4149)
- OpenSCAP parser: fix endpoint management @damiencarol (#4139)
- Fix MobSF parser @damiencarol (#4163)
- JIRA: Always check credentials when creating/saving a JIRA instance @valentijnscholten (#4132)
- allow non-staff users to perform bulk edit @valentijnscholten (#4148)
- WPScan: Add more tests and fixes missing finding @damiencarol (#4133)
- Clair parser: fixes TypeError: string indices must be integers @alles-klar (#4120)
- SARIF parser: fix error when titles are to long @damiencarol (#4088)
- Fix title max length and add more tests @damiencarol (#4090)
- stub/potential findings: fix push to JIRA @valentijnscholten (#4094)
- jira webhook update datetime parse fix @valentijnscholten (#4093)
- edit engagement: unhide error messages, fix testing lead error @valentijnscholten (#4078)
- Arachni parser: maintenace and fix 'Info' error @damiencarol (#4081)
- Updates Bulk Edit status combination/validation for Tests @blakeaowens (#4062)
- [docker-compose] Fix image version in use @madchap (#4066)
- Fix survey submission 500 error @37b (#4072)
- fix counts returned to non-staff users in apiv2 @valentijnscholten (#4074)
- Fix SSLyze scanner: Remove unnecessary read @StefanFl (#4056)
- dedupe: select oldest (lowest id) finding as original @valentijnscholten (#4048)
- JIRA: fix webhook mitigated by @valentijnscholten (#4051)
- Netsparker: Fix crashing parser at method get_findings() @AsierRF (#4045)
- OpenVAS parser: fix error and add unit tests @damiencarol (#3985)
- Fix NessusXMLParser' object has no attribute 'parse' @damiencarol (#3984)
- Backport: Safety parser: Fix unit tests and add component Backporting #3963 @valentijnscholten (#3988)
- Safety parser: Fix unit tests and add component (back-port to 1.13.x) @damiencarol (#3986)
- Safety parser: Fix unit tests and add component @damiencarol (#3963)
- set mitigation related fields correctly at close_old_findings @adiffpirate (#3929)
- TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
- fix dates and reimport history for similar / duplicate findings @valentijnscholten (#3956)
- fix typo in duplicate_reopen @valentijnscholten (#3949)
- jira helper: remove redundant .save() calls @valentijnscholten (#3953)
- remove left over risk acceptance jira comment code @valentijnscholten (#3950)
- GHA: Test multiple k8s versions @dsever (#3936)
- view_test: fix paging of findings (backport to 1.13.x) @valentijnscholten (#3941)
- view_test: fix paging of findings @valentijnscholten (#3940)
- Fix deduplication for Dependency Track scanner @SPoint42 (#4070)
- Fix Typo and duplicate code error @ankit2001 (#4053)
- Fix gitleaks import when no findings found @SPoint42 (#4026)
- Authorization V2: Rename of feature flag @StefanFl (#4034)
- Fix typo in models. Crital => Critical @SPoint42 (#4031)
📝 Documentation updates
- Add helm repo instructions @madchap (#4143)
- Cookie cutter template parser for new scanners @aaronweaver (#4165)
- Make mitigation, impact, url fields optional @ptrovatelli (#4122)
- Some typo fixes @SPoint42 (#4059)
- Remove generation of PDF reports in documentation @StefanFl (#4087)
- Fix for new parser infra @SPoint42 (#4044)
- docs: migrate to github pages @alles-klar (#3977)
- docs: Fix the new dirs for parser test and supress the need to modify facto… @SPoint42 (#4032)
🧰 Maintenance
- Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4173)
- Revert Helm chart PRs, suspected to cause GHA to hang @madchap (#4170)
- Bump google-auth-oauthlib from 0.4.3 to 0.4.4 @dependabot (#4168)
- Veracode parser: remove lxml dependency @damiencarol (#3967)
- Bump sqlalchemy from 1.4.2 to 1.4.3 @dependabot (#4126)
- Bump djangorestframework from 3.12.2 to 3.12.3 @dependabot (#4127)
- Bump cryptography from 3.4.6 to 3.4.7 @dependabot (#4128)
- Bump sqlalchemy from 1.4.1 to 1.4.2 @dependabot (#4099)
- Bump django-crispy-forms from 1.11.1 to 1.11.2 @dependabot (#4101)
- Bump humanize from 3.2.0 to 3.3.0 @dependabot (#4102)
- Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4108)
- dependabot: update django from 2.2.17 to 2.2.18 @valentijnscholten (#4098)
- SKF parser: add unit tests @damiencarol (#4091)
- api docs: switch back to supported drf-yasg @valentijnscholten (#4095)
- Qualys Infrastructure Scan parser: maintenance and fix date of finding @damiencarol (#3907)
- Bump django from 2.2.17 to 2.2.18 @dependabot (#4086)
- Add an extra javascript block to base.html @Maffooch (#4075)
- Hide reports list behind a feature flag @StefanFl (#4065)
- Bump sqlalchemy from 1.4.0 to 1.4.1 @dependabot (#4080)
- Bump google-auth from 1.27.1 to 1.28.0 @dependabot (#4076)
- Update manusa/actions-setup-minikube action from v2.3.0 to v2.3.1 (.github/workflows/k8s-testing.yml) @renovate (#4061)
- celery: allow forced synchronous execution @valentijnscholten (#4018)
- Update release-drafter/release-drafter action from v5.14.0 to v5.15.0 (.github/workflows/release-drafter.yml) @renovate (#4067)
- Bump sqlalchemy from 1.3.23 to 1.4.0 @dependabot (#4064)
- Bump urllib3 from 1.26.3 to 1.26.4 @dependabot (#4063)
- Bump nginx from 1.19.7-alpine to 1.19.8-alpine @dependabot (#4057)
- Bump clipboard from 2.0.7 to 2.0.8 in /components @dependabot (#4042)
- Bump from 1.6.5 to 1.7.0 in /components @dependabot (#4040)
- Bump from 1.10.23 to 1.10.24 in /components @dependabot (#4037)
- Bump from 1.10.23 to 1.10.24 in /components @dependabot (#4038)
- Bump from 1.6.5 to 1.7.0 in /components @dependabot (#4036)
- Bump openpyxl from 3.0.6 to 3.0.7 @dependabot (#4035)
- Bump defusedxml from 0.7.0 to 0.7.1 @dependabot (#4028)
- Bump social-auth-core from 4.0.3 to 4.1.0 @dependabot (#4019)
- Bump pillow from 8.1.1 to 8.1.2 @dependabot (#4020)
- Bump clipboard from 2.0.6 to 2.0.7 in /component...
1.13.2 🌈
Changes since 1.13.1
🐛 Bug Fixes
- OpenVAS parser: fix error and add unit tests @damiencarol (#3985)
- Fix NessusXMLParser' object has no attribute 'parse' @damiencarol (#3984)
- Backport: Safety parser: Fix unit tests and add component Backporting #3963 @valentijnscholten (#3988)
- Safety parser: Fix unit tests and add component (back-port to 1.13.x) @damiencarol (#3986)
- unit tests: don't build & start unneeded services @valentijnscholten (#3992)
1.13.1 🌈
Changes since 1.13.0
- Release: Merge release into master from: release/1.13.1 @github-actions (#3945)
🐛 Bug Fixes
- view_test: fix paging of findings (backport to 1.13.x) @valentijnscholten (#3941)
1.13.0 🌈
Changes since 1.12.0
- Release: Merge release into master from: release/1.13.0 @github-actions (#3918)
- Fix factory for detailed mode @damiencarol (#3917)
- v1.13.0 upgrade notes @valentijnscholten (#3916)
- deprecation warning SAML integration @valentijnscholten (#3891)
- Updates to Engagements sidebar @blakeaowens (#3902)
- API V2 Documentation should use URL Prefix (if set) @JoseRoman (#3893)
- aftercare: don't show paging snippet if no results, fix tags field layout @valentijnscholten (#3885)
- Auth V2: three fixes for the new autorization system @StefanFl (#3888)
- Quick fix to remove a useless call to @madchap (#3844)
- Small typo correction @Wadeck (#3833)
- Show boolean fields in product types as icons @StefanFl (#3819)
- Fix deduplication hashcode fields for Dependency Track scanner @svdm (#3822)
- Release: Merge back 1.12.1 into dev from: master-into-dev/1.12.1-1.13.0-dev @github-actions (#3792)
- Release: Merge release into master from: release/1.12.1 @github-actions (#3791)
- master-into-dev: add Detect Merge Conflicts workflow @valentijnscholten (#3789)
- Add metrics queries tests @danielnaab (#3743)
- master-into-dev: use --disable-dev-shm-usage to start chrome (#3739) @valentijnscholten (#3740)
- AWS Security Hub: set 'active' flag default to False @nlandais (#3716)
- Add info on the demo site to the README @mtesauro (#3718)
- Release: Merge back 1.12.0 into dev from: master-into-dev/1.13.0-dev @github-actions (#3713)
🚩 Requires settings change or database migration
- Rearrange for cvssv3 @madchap (#3861)
- fix typo in delete_duplicates @valentijnscholten (#3853)
- Fix risk acceptance celery handler + align @task decorators @madchap (#3866)
- AuthZv2.0: Object-based authorization (1st pull request) @StefanFl (#3757)
- Make mitigated date editable @greginvm (#3813)
- feature flag: Track Import history per Test @valentijnscholten (#3748)
- Add Close Engagement Notification @Maffooch (#3803)
- Fix google sheets + tests @madchap (#3747)
- Allow marking Qualys WAS security weaknesses as findings. @iwalton3 (#3427)
- product: prefetch verified count, add missing indexes 🏎️ @valentijnscholten (#3780)
- Nessus activate deduplication hash code algorythm @damiencarol (#3724)
- Product Type UI refresh @StefanFl (#3656)
🚩 Security
- Security fixes for reports/notes/enpoints via APIv2 @StefanFl (#3790)
- Bump bleach from 3.2.2 to 3.3.0 @dependabot (#3783)
🚀 New importers
- Add parser for Anchore Grype scan @damiencarol (#3814)
🚀 General features and enhancements
- Make the dashboard consistent @AndreyMZ (#3750)
- improve jira validation and error reporting @valentijnscholten (#3883)
- Rearrange for cvssv3 @madchap (#3861)
- Allow Login URL to be changed @JoseRoman (#3886)
- AuthZv2.0: Object-based authorization (1st pull request) @StefanFl (#3757)
- add paging + filter to list of tests, engagements. similar findings @valentijnscholten (#3812)
- Dynamic parser infrastructure part 2 @damiencarol (#3827)
- Make mitigated date editable @greginvm (#3813)
- Make the engagement view more consistent @StefanFl (#3856)
- feature flag: Track Import history per Test @valentijnscholten (#3748)
- Add Close Engagement Notification @Maffooch (#3803)
- Re-enable Jira Epic Mapping @Maffooch (#3782)
- product types: remove unused count prefetch @valentijnscholten (#3810)
- products: only prefetch github data if enabled @valentijnscholten (#3811)
- Metrics query optimizations @danielnaab (#3730)
- Allow marking Qualys WAS security weaknesses as findings. @iwalton3 (#3427)
- product: prefetch verified count, add missing indexes 🏎️ @valentijnscholten (#3780)
- Allow Findings filter by tags of all object levels @Maffooch (#3759)
- Helm: Chart improvements for running on GKE @jalseth (#3687)
- test.version: add missing places in UI, filters and importers @valentijnscholten (#3726)
- Dynamic parser infrastructure (part 1) @damiencarol (#3689)
- Product Type UI refresh @StefanFl (#3656)
🚀 API features and enhancements
- import_scan: add test response field to swagger docs @valentijnscholten (#3855)
🐛 Bug Fixes
- Dynamic infrastructure: implement detailed mode @damiencarol (#3915)
- aftercare: add finding from template fix @valentijnscholten (#3909)
- aftercare: fix datatables viewing duplicate findings @valentijnscholten (#3897)
- fix typo in for jsonlines @kmcquade (#3899)
- improve jira validation and error reporting @valentijnscholten (#3883)
- fix typo when editing engagement @valentijnscholten (#3895)
- Fix editing of Engagement checklist @StefanFl (#3860)
- Nexpose parser bugfixes @damiencarol (#3872)
- sonarqube & github updater: add missing import @valentijnscholten (#3892)
- update social-auth-core to support pyjwt 2.0.1 @valentijnscholten (#3889)
- Fix risk acceptance celery handler + align @task decorators @madchap (#3866)
- Reimport: keep false positive, out of scope and risk_accepted history #3848 @macedogm (#3858)
- import_scan: add test response field to swagger docs @valentijnscholten (#3855)
- + add logging of the JIRA issue key to jira webhook @madchap (#3839)
- tests: fix add finding javascript error @valentijnscholten (#3834)
- dashboard: Count all findings/engagements for staff users #3824 @michaelgibson (#3826)
- anchore parser: Fix image_digest/imageDigest error @damiencarol (#3802)
- store tags for new (ad hoc) findings @valentijnscholten (#3825)
- risk acceptance rename left over reporter to owner @valentijnscholten (#3828)
- Fix google sheets + tests @madchap (#3747)
- jira webhook: fix risk acceptance handling @valentijnscholten (#3769)
- linting that lead to a bugfix in product type report via api @valentijnscholten (#3751)
- Fix Burp blank response bug #3795 @damiencarol (#3796)
- risk acceptance: fix notes bugs @valentijnscholten (#3768)
- Updated UI product name max chars to match model and API @mtesauro (#3801)
- Multiple Endpoint object query fix @Maffooch (#3700)
- Sonarqube HTML reports fix #3725 @damiencarol (#3734)
- Safety parser: fix error in unit tests @damiencarol (#3788)
- Fix helm chart @madchap (#3767)
- api: fix authorized product allowance for Test retrieval @valentijnscholten (#3755)
- Fix broken nexpose parser @SunatP (#2604)
- Fix IP address/host decoding in Nessus CSV parser (#3655) @damiencarol (#3710)
- Webhook: Fix JIRA key error for name @madchap (#3732)
- integration tests: use --disable-dev-shm-usage to start chrome @valentijnscholten (#3739)
- UI: Make Endpoint status reflect Finding status after close/reopen @Maffooch (#3593)
- api v2: remove try-catch that swallows all exceptions @valentijnscholten (#3727)
📝 Documentation updates
- documentation: Fix edit link and integrate doc folder into docs @alles-klar (#3882)
- feat(docs): trigger gh-pages build on push to dev @alles-klar (#3880)
- feat(doc): integrate documentation in main dojo repo @alles-klar (#3809)
🧰 Maintenance
- Bump django-dbbackup from 3.2.0 to 3.3.0 @dependabot (#3900)
- Bump django-crispy-forms from 1.11.0 to 1.11.1 @dependabot (#3901)
- Bump nginx from 1.19.6-alpine to 1.19.7-alpine @dependabot (#3903)
- Update stefanzweifel/git-auto-commit-action action from v4.8.0 to v4.9.0 (.github/workflows/plantuml.yml) @renovate (#3896)
- fix typo in delete_duplicates @valentijnscholten (#3853)
- Remove an unused script that validate Acunetix files @damiencarol (#3867)
- Nmap parser remove lxml and support vulners script @damiencarol (#3868)
- Bump google-auth from 1.26.1 to 1.27.0 @dependabot (#3884)
- Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#3876)
- Update rabbitmq Docker tag from 3.8.11 to v3.8.12 (docker-compose.yml) @renovate (#3874)
- Bump cryptography from 3.4.5 to 3.4.6 @dependabot (#3875)
- node/yarn: update to v14 and 1.22.10 @valentijnscholten (#3804)
- Bump justgage from 1.4.1 to 1.4.2 in /components @dependabot (#3871)
- Bump cryptography from 3.4.4 to 3.4.5 @dependabot (#3863)
- Bump easymde from 2.13.0 to 2.14.0 in /components @dependabot (#3864)
- Update styfle/cancel-workflow-action action from 0.7.0 to v0.8.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#3857)
- Update release-drafter/release-drafter action from v5.13.0 to v5.14.0 (.github/workflows/release-drafter.yml) @renovate (#3859)
- Bump asteval from 0.9.21 to 0.9.22 @dependabot (#3845)
- Bump google-auth from 1.26.0 to 1.26.1 @dependabot (#3846)
- Bump django-jsonfield-backport from 1.0.2 to 1.0.3 @dependabot (#3847)
- Bump google-auth from 1.25.0 to 1.26.0 @dependabot (#3842)
- Bump justgage from 1.4.0 to 1.4.1 in /components @dependabot (#3838)
- Bump cryptography from 3.4.3 to 3.4.4 @dependabot (#3836)
- Bump jszip from 3.5.0 to 3.6.0 in /components @dependabot (#3837)
- Bump cryptography from 3.4.1 to 3.4.3 @dependabot (#3831)
- Bump django-extensions from 3.1.0 to 3.1.1 @dependabot (#3816)
- Bump cryptography from 3.3.1 to 3.4.1 @dependabot (#3817)
- Bump nginx from
@dependabot (#3818) - cleanup: remove Python2 unicode everywhere @valentijnscholten (#3770)
- DSOP parser: remove pandas and fix twistlock CVE @damiencarol (#3784)
- update release diagram @madchap (#3806)
- updating release diagram @madchap (#3805)
- AWS Prowler parser maintenance @damiencarol (#3763)
- Bump google-auth from 1.24.0 to 1.25.0 @dependabot (#3793)
- Improve GitLab dependency scanning parser @macedogm (#3786)
- Bump bleach from 3.2.2 to 3.3.0 @dependabot (#3783)
- Bump packageurl-python from 0.9.3 to 0.9.4 @dependabot (#3785)
- Bump bleach from 3.2.3 to 3.3.0 @dependabot (#3774)
- Bump pytz from 2020.5 to 2021.1 @dependabot (#3773)
- Bump sqlalchemy from 1.3.22 to 1.3.23 @dependabot (#3775)
- Bump django-crispy-forms from 1.10.0 to 1.11.0 @dependabot (#3760)
- Bump python-gitlab from 2.5.0 to 2.6.0 @dependabot (#3761)
- Safety p...
1.12.1 👾 (security release)
Changes since 1.12.0
Security release fixing advisory: GHSA-9jr7-2hgp-vhp8
🚩 Security
- Security fixes for reports/notes/enpoints via APIv2 @StefanFl (#3790)
- Bump bleach from 3.2.2 to 3.3.0 @dependabot (#3783)
🐛 Bug Fixes
- Safety parser: fix error in unit tests @damiencarol (#3788)
- integration tests: use --disable-dev-shm-usage to start chrome @valentijnscholten (#3739)
1.12.0 🌈
Changes since 1.11.0
- master-into-dev: use --disable-dev-shm-usage to start chrome (#3739) @valentijnscholten (#3740)
- Release: Merge release into master from: release/1.12.0 @github-actions (#3712)
- Fix access typo @joesiewert (#3706)
- integration tests: wait for findings datatable @valentijnscholten (#3704)
- release drafter and doc updates @valentijnscholten (#3691)
- master-into-dev: docs + release drafter @valentijnscholten (#3685)
- Snyk findings: deduplication enhancements @rmoldesc (#3662)
- release drafter changes @valentijnscholten (#3626)
- Release: Merge back 1.11.1 into dev from: master-into-dev/1.12.0-dev @github-actions (#3625)
- Release: Merge release into master from: release/1.11.1 @github-actions (#3624)
- Snyk parser fixes @rmoldesc (#3615)
- sync master to dev: workflow changes + renovate settings @valentijnscholten (#3618)
- Adding retry into the k8s workflow @dsever (#3614)
- Release: Merge back 1.11.0 into dev from: master-into-dev/1.12.0-dev @github-actions (#3565)
💣 Breaking changes
- APIv1: disable by default @valentijnscholten (#3608)
- remove unused / left over custom_field dependency @valentijnscholten (#3574)
🚩 Requires settings change or database migration
- Increase alert field size to 250 @madchap (#3682)
- risk acceptance: enhance! @valentijnscholten (#3529)
- feat(alerts): automated cleanup of alerts per user @alles-klar (#3598)
- remove unused / left over custom_field dependency @valentijnscholten (#3574)
🚩 Security
- Security: Prevent XEE in parsers, Prevent open redirect @valentijnscholten (#3622)
🚀 New importers
- Importer: Burp REST API (Fix #3447) @damiencarol (#3542)
- ScoutSuite parser @hasantayyar (#3602)
- Snyk parser enhancements @rmoldesc (#3616)
- 3520: Added OSSIndex Devaudit scanner import functionality @bp4151 (#3570)
- Improve Micro Focus Webinspect parser @damiencarol (#3621)
- Add Scantist Vulnerability Scan Parser @mohcer (#3610)
🚀 General features and enhancements
- risk acceptance: enhance! @valentijnscholten (#3529)
- GHA: Docker build caching and other speed improvements @valentijnscholten (#3659)
- Findings list: Display jira key instead of jira bug icon @madchap (#3605)
- Add Arbitrary File Uploads @Maffooch (#3566)
- [APIv2] Prefetch Mixins + Composable Swagger Schema @RomainJufer (#3516)
- Exposing additional securityContext settings in parent values.yaml @namloc2001 (#3582)
- Add swagger schema test with tagged test cases @RomainJufer (#3528)
- Add more unit tests for AppSpider report parser @damiencarol (#3634)
- Import Gitlab projects as DefectDojo products fix Issue #1984 @christophe226 (#2211)
- feat(clair parser): parse component name and version @alles-klar (#3600)
- system settings through apiv2 @manuel-sommer (#3562)
- feat(alerts): automated cleanup of alerts per user @alles-klar (#3598)
- Add the close_old_findings parameter also to reimport API @ccojocar (#3572)
- Component enhancements @ricardomeulendijks (#3578)
- Add unit tests for Bandit parser @damiencarol (#3568)
🚀 API features and enhancements
- [APIv2] Prefetch Mixins + Composable Swagger Schema @RomainJufer (#3516)
- Add swagger schema test with tagged test cases @RomainJufer (#3528)
🐛 Bug Fixes
- integration tests: use --disable-dev-shm-usage to start chrome @valentijnscholten (#3739)
- Increase alert field size to 250 @madchap (#3682)
- Fix date format on Fortify parser @Maffooch (#3696)
- dependency track parser: fix dedupe, set hash code fields @valentijnscholten (#3667)
- add product via prod_type: use normal add product logic @valentijnscholten (#3692)
- files upload: remove from filters @valentijnscholten (#3690)
- Fix tag migration for legacy products @valentijnscholten (#3684)
- Fix bug in redirect function call @damiencarol (#3673)
- notifications: make them synchronous @valentijnscholten (#3678)
- fix engagement styling bug @valentijnscholten (#3669)
- jira: fix broken author check for cloud @valentijnscholten (#3668)
- Jira: fix support for epic as default issuetype + error handling @valentijnscholten (#3609)
- add product: fix missing error messages @valentijnscholten (#3658)
- Fix impact bug on Burp REST API parser and add more unit tests @damiencarol (#3657)
- Fix sonarqube 3-hourly sync job @valentijnscholten (#3619)
- Fix JFrog Xray JSON parser for CWE and CVSS v3 (#3597 fix) @damiencarol (#3585)
- jira webhook: fix incoming author name check @valentijnscholten (#3606)
- fix anchore reimport, sync reimport logic API<->UI, add unit tests @valentijnscholten (#3629)
- Display Active and Verified counts @madchap (#3590)
- fix(qualys-parser): map qid to vuln_id_from_tool @alles-klar (#3601)
- Parameter confidence is optional and CWE's are not always numerical in GitLab SAST @StefanFl (#3567)
- Send status changes from re-import to jira @Maffooch (#3592)
- Reimport (UI): Preserve existing tags when reimporting scan/test @valentijnscholten (#3596)
📝 Documentation updates
- Add swagger schema test with tagged test cases @RomainJufer (#3528)
- Update to release workflow @madchap (#3591)
- Initial parser doc @madchap (#3603)
🧰 Maintenance
- cleanup old comments / commented out code @valentijnscholten (#3697)
- Update rabbitmq Docker tag from 3.8.10 to v3.8.11 (docker-compose.yml) @renovate (#3688)
- Update rabbitmq:3.8.10 Docker digest from 3.8.10 to 3.8.10 (docker-compose.yml) @renovate (#3670)
- Bump bleach from 3.2.1 to 3.2.2 @dependabot (#3672)
- Bump django-celery-results from 2.0.0 to 2.0.1 @dependabot (#3661)
- Update busybox Docker tag from 1.32.0-musl to v1.33.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#3665)
- master-to-dev: GHA: Docker build caching and other speed improvements (#3659) @valentijnscholten (#3664)
- Update rabbitmq Docker tag from 3.8.9 to v3.8.10 (docker-compose.yml) @renovate (#3660)
- Bump cvss from 2.1 to 2.2 @dependabot (#3645)
- Bump mysql-connector-python from 8.0.22 to 8.0.23 @dependabot (#3652)
- Update mysql Docker tag from 5.7.32 to v5.7.33 (docker-compose.yml) @renovate (#3651)
- Bump pdfmake from 0.1.69 to 0.1.70 in /components @dependabot (#3646)
- Remove usage of django.utils.six vendored library version of six @damiencarol (#3649)
- remove old/dead/left-behind code @valentijnscholten (#3635)
- Fix #3638 Django static import deprecated @damiencarol (#3637)
- Update rabbitmq:3.8.9 Docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3633)
- Bump python-gitlab from 2.4.0 to 2.5.0 @dependabot (#3627)
- chore(deps): update mysql:5.7.32 docker digest from 5.7.32 to 5.7.32 (docker-compose.yml) @renovate (#3617)
- chore(deps): update styfle/cancel-workflow-action action from 0.6.0 to v0.7.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#3620)
- Update sample data fixture file @Maffooch (#3580)
- chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3595)
- Switch to official django-tagulous release @valentijnscholten (#3579)
- pin sqlalchemy dependency @valentijnscholten (#3583)
- remove unused / left over custom_field dependency @valentijnscholten (#3574)
- Bump jsonlines from 1.2.0 to 2.0.0 @dependabot (#3581)
- Bump pillow from 8.0.1 to 8.1.0 @dependabot (#3575)
- Bump mysqlclient from 2.0.2 to 2.0.3 @dependabot (#3576)
- Bump busybox from 1.32.0-musl to 1.33.0-musl @dependabot (#3577)
Untagged PRs
- Release: Merge release into master from: release/1.12.0 @github-actions (#3712)
- Fix access typo @joesiewert (#3706)
- integration tests: wait for findings datatable @valentijnscholten (#3704)
- release drafter and doc updates @valentijnscholten (#3691)
- master-into-dev: docs + release drafter @valentijnscholten (#3685)
- Snyk findings: deduplication enhancements @rmoldesc (#3662)
- release drafter changes @valentijnscholten (#3626)
- Release: Merge back 1.11.1 into dev from: master-into-dev/1.12.0-dev @github-actions (#3625)
Release 1.11.1 👾 (security release)
Security release, please update your instance especially if you're not running a docker based install.
For upgrade notes, see
🚩 Security
1.11.0 🌈
For upgrade notes, see
🚩 Requires settings change or database migration
- Add redis transit encryption @KarstenSiemer (#3473)
- Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
- replace django-tagging by django-tagulous @valentijnscholten (#3333)
- [feat/login-form] Allowing login forms to be hidden @natebwangsut (#3423)
🚀 New importers
- Add support for GitLab Dependency Scanning reports @macedogm (#3534)
- Importer: Add OASIS SARIF format #3445 @damiencarol (#3464)
🚀 General features and enhancements
- Add redis transit encryption @KarstenSiemer (#3473)
- calendar: speedup and security fix @valentijnscholten (#3543)
- Add JIRA_Issue in related fields of Finding @RomainJufer (#3407)
- Retain SLA days for mitigated findings @madchap (#3525)
- Use full absolute url in notifications @marcosValle (#3538)
- Allow to specify the
when importing data from the APIv2 and the UI @xens (#3450) - Allow use of ptvsd debugger when using k8s deployment @madchap (#3418)
- Add BlackDuck import functionality for License Risks that should be reviewed @WheelsVT (#3247)
- enable search tests @valentijnscholten (#3495)
- Tag filtering + general search improvements @valentijnscholten (#3449)
- securityContext related updates to Helm chart @namloc2001 (#3343)
- jira: add api test for adding note/comment @valentijnscholten (#3482)
- Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
- jira: don't add notes when creating/linking findings @valentijnscholten (#3481)
- logging: add DD_LOG_LEVEL setting @valentijnscholten (#3439)
- replace django-tagging by django-tagulous @valentijnscholten (#3333)
- Expose nginx status to prometheus in Kubernetes (helm) @uncycler (#3260)
- Nikto parser for scan of multiple hosts @StefanFl (#3428)
- reports: fix performance issues and small bugs @valentijnscholten (#3432)
- [feat/login-form] Allowing login forms to be hidden @natebwangsut (#3423)
- [APIv2] Update put semantic and doc for endpoint /finding/{id}/metadata @RomainJufer (#3408)
- Add duplicate finding support to API v2. @iwalton3 (#3325)
🐛 Bug Fixes
- Various Bug Fixes. Fix reupload via UI. Make 'Active' Default On Scan Import Forms. @devGregA (#3521)
- Fix(helm-unittests): add secret key and credential key @alles-klar (#3489)
- Only mitigate finding if previously active @madchap (#3523)
- fix(risk_acceptance): remove hard coded user_id @alles-klar (#3469)
- Reupload bug fixes @aaronweaver (#3531)
- Fix issue 3527 while importing some Twistlock scans @macedogm (#3532)
- (product) metrics: fixes and speedup @valentijnscholten (#3549)
- Add missing modifications for SARIF format @damiencarol (#3559)
- product list: fix last assessed displaying @valentijnscholten (#3493)
- [fix/helm-rabbitMQ]: Fix incorrect YAML key for RabbitMQ chart @natebwangsut (#3508)
- Bug fix: Add more unit tests for MobSF import #3479 @damiencarol (#3490)
- Jira: Allow status changes from dojo to jira @Maffooch (#3483)
- Fix popup message on SLA displays @Maffooch (#3477)
- Tweaked Fortify Parser To Handle Missing Code Snippet For Finding @ibcoleman (#3461)
- WebInspect Parser fails to process Issues without CWE and ReportSection with an empty SectionText @yilmi (#3492)
- Fix reports: print test names instead of test types - #3252 @yilmi (#3402)
- tagulous/reports: fix old prefetch fields - take 2 @valentijnscholten (#3491)
- tagulous/reports: fix old prefetch fields @valentijnscholten (#3486)
- Fix exception during excess duplicate deletion tasks @valentijnscholten (#3480)
- report: fix report from products list and more @valentijnscholten (#3448)
- apiv2: fix endpoint status creation during scan import @alles-klar (#3468)
- [FIX] jira: fix adding note to finding and send to jira @RomainJufer (#3453)
- pin all python / pip dependencies @valentijnscholten (#3457)
- Allow Info findings to be pushed to JIRA without SLA @Maffooch (#3435)
- Fix import: binary analysis in MobSF scans #3134 @damiencarol (#3429)
- reports: fix performance issues and small bugs @valentijnscholten (#3432)
- celery imports for @valentijnscholten (#3414)
- Fix finding export for non-staff users. @iwalton3 (#3286)
- Fix popup message on SLA displays @Maffooch (#3477)
📝 Documentation updates
- add note about initializer duration @valentijnscholten (#3499)
- Update README Valentijn @valentijnscholten (#3440)
🧰 Maintenance
- Release drafter categories adaptation @madchap (#3560)
- Test suite and scripts cleanup @valentijnscholten (#3500)
- celery entrypoints: support all settings related mounts @valentijnscholten (#3545)
- Bump pdfmake from 0.1.68 to 0.1.69 in /components @dependabot (#3558)
- chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3553)
- Bump pygithub from 1.54 to 1.54.1 @dependabot (#3551)
- Bump pytz from 2020.4 to 2020.5 @dependabot (#3552)
- chore(deps): update manusa/actions-setup-minikube action from v2.2.0 to v2.3.0 (.github/workflows/k8s-testing.yml) @renovate (#3541)
- chore(deps): update mysql:5.7.32 docker digest from 5.7.32 to 5.7.32 (docker-compose.yml) @renovate (#3540)
- Add PyJWT to requirements.txt @squ1rr3lly (#3536)
- Bump coverage from 5.3 to 5.3.1 @dependabot (#3509)
- Bump nginx from 1.19.5-alpine to 1.19.6-alpine @dependabot (#3510)
- Update manusa/actions-setup-minikube action from v2.1.0 to v2.2.0 (.github/workflows/k8s-testing.yml) @renovate (#3505)
- Bump from 1.10.22 to 1.10.23 in /components @dependabot (#3496)
- Bump from 1.10.22 to 1.10.23 in /components @dependabot (#3498)
- Bump requests from 2.25.0 to 2.25.1 @dependabot (#3484)
- chore(deps): update rabbitmq:3.8.9 docker digest from 3.8.9 to 3.8.9 (docker-compose.yml) @renovate (#3487)
- chore(deps): update stefanzweifel/git-auto-commit-action action from v4.7.2 to v4.8.0 (.github/workflows/plantuml.yml) @renovate (#3476)
- Bump google-auth from 1.23.0 to 1.24.0 @dependabot (#3465)
- Bump humanize from 3.1.0 to 3.2.0 @dependabot (#3466)
- Bump nginx from
@dependabot (#3467) - make build image for nginx the same as django @valentijnscholten (#3415)
- chore(deps): update mysql:5.7.32 docker digest to b3b2703 (docker-compose.yml) @renovate (#3462)
- chore(deps): update rabbitmq:3.8.9 docker digest to 70dcefa (docker-compose.yml) @renovate (#3463)
- Bump bleach from 3.1.0 to 3.2.1 @dependabot (#3458)
- Bump pandas from 1.1.2 to 1.1.5 @dependabot (#3459)
- pin all python / pip dependencies @valentijnscholten (#3457)
- Revert "Revert "release workflow: simplify matrix"" @valentijnscholten (#3456)
- Revert "release workflow: simplify matrix" @valentijnscholten (#3454)
- release workflow: simplify matrix @valentijnscholten (#3416)
- Bump mysqlclient from 2.0.1 to 2.0.2 @dependabot (#3443)
- Bump cryptography from 3.3 to 3.3.1 @dependabot (#3444)
- Bump cryptography from 3.2.1 to 3.3 @dependabot (#3434)
- chore(deps): update rabbitmq:3.8.9 docker digest to 39a4fca (docker-compose.yml) @renovate (#3430)
- Bump pandas from 1.1.5 to 1.2.0 @dependabot (#3557)
- k8s testing workflow: remove docker secrets @valentijnscholten (#3519)
- gha: switch to pull_request from pull_request_target @valentijnscholten (#3512, #3514)
- Update unit-tests.yml @valentijnscholten (#3506, #3507)
- move renovate.json @valentijnscholten (#3503, #3504)
- maintenance: Update cancel-outdated-workflow-runs.yml @valentijnscholten (#3502)
1.10.4 👾 (security release)
🚩 Security
- security: correct incomplete fix for #3410 / GHSA-96vq-gqr9-vf2c @StefanFl (#3417)
1.10.3 👾 (security release)
This is a security release addressing GHSA-96vq-gqr9-vf2c