1.10.1 🌈

🐛 Bug Fixes

• jira: fix add/edit product jira logic @valentijnscholten (#3366)
• Helm posgreSQL, use existing secret even if postgres not enabled @madchap (#3350)
• Fix helm rabbitMQ not grabbing secret after move to bitnami @madchap (#3347)
• Align Qualys WAS severities with the those in the UI @Maffooch (#3348)
• jira: fix link existing jira issue @valentijnscholten (#3355)

🧰 Maintenance

• K8s additional checks 26 11 @dsever (#3363)

1.10.0 🌈

Changes

See upgrade notes for details on upgrading:https://defectdojo.readthedocs.io/en/latest/upgrading.html

💣 Breaking changes

• Move charts to bitnami's repo @madchap (#2859)
• JIRA: Allow config per engagement, incl big JIRA refactor @valentijnscholten (#3200)

🚩 Requires settings change

• Acunetix parser: Import all affected items + technical details @steeve85 (#2289)
• performance: optimize a bit view_finding, max similar findings=25 @valentijnscholten (#3293)
• Various bug fixes in various places @Maffooch (#3308)
• sla notify: disable by default, add explanation to settings @valentijnscholten (#3289)
• Celery: only send model ids and not full instances @valentijnscholten (#3092)

🚀 Features and enhancements

• tags: add testcases @valentijnscholten (#3324)
• reimport: set component_name&version on existing findings @valentijnscholten (#3288)
• API_V2 : Add metadata operation on findings endpoints @RomainJufer (#3254)
• performance: optimize a bit view_finding, max similar findings=25 @valentijnscholten (#3293)
• Various bug fixes in various places @Maffooch (#3308)
• sla notify: disable by default, add explanation to settings @valentijnscholten (#3289)
• Reintroduce HTML report builder @Maffooch (#3250)
• JIRA: Allow config per engagement, incl big JIRA refactor @valentijnscholten (#3200)
• Celery: only send model ids and not full instances @valentijnscholten (#3092)
• jira: set jira_project when creating JIRA_Issue @valentijnscholten (#3294)
• Set flag for auto refresh of alert/counts @Maffooch (#3275)

🐛 Bug Fixes

• apiv2: set mitigated date if applicable @keenan-v1 (#3285)
• Acunetix parser: Import all affected items + technical details @steeve85 (#2289)
• Correct filter for findings for non-staff users @StefanFl (#3339)
• jira: fix add/edit engagement if no jira config used @valentijnscholten (#3335)
• fix importing aws securityhub timestamp @Enigmatyk (#3329)
• Fix Product Metrics link to false positives. @tohch4 (#3334)
• jira_webhook: improve error handling @valentijnscholten (#3321)
• Nikto quick fix to hostname/url parsing (fixes #3268) @madchap (#3318)
• reimport: don't try to set component_name for absent findings @valentijnscholten (#3331)
• debug_toolbar: add known issue + fix for static files @valentijnscholten (#3309)
• Added steps to reproduce in Jira Description Template @FallenAtticus (#2990)
• aws security hub: fix handling of missing lastObservedAt @valentijnscholten (#3277)
• jira: fix mailto link in description @valentijnscholten (#3281)
• jira: split url handling for issues and projects @valentijnscholten (#3284)
• Various bug fixes in various places @Maffooch (#3308)
• Allow re-import scan to function without JIRA @Maffooch (#3295)
• Fix Accepted Risk reporter/owner in engineer metrics @Maffooch (#3297)
• Fix JIRA owner instead of reporter @madchap (#3282)
• settings.dist.py: reduce default log level from DEBUG to INFO @valentijnscholten (#3280)
• jira: use correct url for dojo_alert notification @valentijnscholten (#3273)
• Update open finding definition on product level @Maffooch (#3267)
• uwsgi: increase default buffer-size @valentijnscholten (#3269)
• Change encoding from utf-8 to utf-8-sig @jhamba (#2583)
• Commented out print statement 'ready(): initializing watson' as it breaks 'manage.py dumpdata' @mtesauro (#3274)
• Fix NoneType error on Metrics page @danielnaab (#3323)
• unittests: delete erroneously committed empty ZoneIdentifier metatdata files @valentijnscholten (#3304)

🧰 Maintenance

• build(deps): bump django-celery-results from 1.2.1 to 2.0.0 @dependabot-preview (#3311)
• Move charts to bitnami's repo @madchap (#2859)
• chore(deps): update mysql:5.7.32 docker digest to ec6742a (docker-compose.yml) @renovate (#3300)
• chore(deps): update rabbitmq:3.8.9 docker digest to b05476a (docker-compose.yml) @renovate (#3301)
• build(deps): bump google-api-python-client from 1.12.6 to 1.12.8 @dependabot-preview (#3305)
• build(deps): bump django-crispy-forms from 1.9.2 to 1.10.0 @dependabot-preview (#3307)
• Release drafter - add breaking changes section @madchap (#3291)
• build(deps): bump google-api-python-client from 1.12.5 to 1.12.6 @dependabot-preview (#3287)
• build(deps): bump asteval from 0.9.20 to 0.9.21 @dependabot-preview (#3266)
• Update CONTRIBUTING.md @madchap (#3314)
• Update SPONSORING.md @madchap (#3316)
• Update MAINTAINERS.md @madchap (#3315)
• Update CONTRIBUTING.md @madchap (#3317)
• Updated contributing doc to have Python 3.6 instead of 3.5 @mtesauro (#3306)
• Release: Merge release into master from: release/1.10.0 @github-actions (#3344)
• Release: Merge back master into dev from: master-into-dev/1.10.0-dev @github-actions (#3268

1.9.3 👾 (security release)

This is a security release.

Please see the security advisory for more details.

• JIRA and Tool Configuration credentials exposed in plain text (merge commit)
• Fixes report creation - missing Q import (#3263)

1.9.2 🌈

🐛 Bug Fixes

• fix jira add/edit configuration @valentijnscholten (#3165)
• fix view all endpoints: added import statement for #3167 @Seppl2202 (#3168)

🧰 Maintenance

• jira: add logging of metadata @valentijnscholten (#3187)

1.9.1 🌈

Note: Please see our upgrade notes for additional details

🐛 Bug Fixes

• Fix endpoint_status filter and bug in ad-hoc finding creation @Maffooch (#3147)
• Revoke access to authorized users after removal @Maffooch (#3146)

1.9.0 🌈

Note: Please see our upgrade notes for additional details

🚀 New scanners

• Import JSON reports of SSLyze scanner @StefanFl (#3015)

🚀 Features and enhancements

• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add annotations for pods @madchap (#3012)
• Add json logging to Django @madchap (#3062)
• Modify uwsgi entrypoint to allow for overriding settings.py @mtesauro (#3045)
• Add configurable SAML2 logout endpoint @Maffooch (#3046)
• Add filter to product metrics @Maffooch (#2974)
• Add SSL verification variable to JIRA integration @Maffooch (#3016)
• swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
• dedupe / false positive history: make queries more performant @valentijnscholten (#3028)
• Add authorized users at the product type level @Maffooch (#3007)
• Allow specifying the key for the database secrets @uncycler (#2906)
• Add delete methods for products and environments in api v2 @RomainJufer (#3014)
• Add Component overview @ricardomeulendijks (#2977)
• ZAP parser: do not resolve hostname to IP address during endpoint creation (#2284) @AlexanderTyutin (#2286)
• Remove HipChat integration, add support for Microsoft Teams instead @StefanFl (#2975)
• Fixes and add missing index for simple search @valentijnscholten (#2955)
• Add related fields on findings @xens (#2949)

🐛 Bug Fixes

• Add 'options' to JIRA connections @Maffooch (#3106)
• Test header bar - findings count fix @madchap (#3074)
• apiv2: add doc for finding's related_fields + stick to OAv3 @xens (#3066)
• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add verbose importing flow to Fortify scans @Maffooch (#3055)
• Fix nginx port in docker-compose.override.https.yml @rookies (#3059)
• Fix burp request/response encoding errors in API @Maffooch (#3044)
• Set finding is_Mitigated on finding update @madchap (#3032)
• view_test: fix javascript for bulk edit enablement @valentijnscholten (#3035)
• sonatype parser: truncate filepath @valentijnscholten (#3036)
• Fix nginx port definition in docker-compose.yml @rookies (#3041)
• fix jira column on similar findings rows @valentijnscholten (#3030)
• Fix APIv1 Endpoint_Status bug @rookies (#3020)
• Make Product Type reports more descriptive @cody-m-tibco (#2783)
• add engagement: fix permission checks @valentijnscholten (#3005)
• apiv2: add misssing fields for filtering and remove UI related stuff @xens (#3000)
• Bugfix: Authorized User only gets findings through API of which he is the reporter of #2992 @Yuuichi89 (#2998)
• Bugfix typo in docker integration tests @alles-klar (#2995)
• Fix APIv2 Endpoint Status bug @Maffooch (#2983)
• Don't copy inexistent certs folder in Dockerfile.django @uncycler (#2946)
• Fixes and add missing index for simple search @valentijnscholten (#2955)
• jira: fix looping when pushing from api @valentijnscholten (#2951)
• HackerOne: Added unique_id_from_tool to fix deduplication @reinier-vegter (#2935)
• fix: prevent saving empty cve @edersonbrilhante (#2669)

🧰 Maintenance

• v0.1 of GHA release automation @madchap (#3094)
• apiv1 deprecation: show warning on docs and api key pages @valentijnscholten (#3089)
• build(deps): bump markdown from 3.3.2 to 3.3.3 @dependabot-preview (#3095)
• build(deps): bump cryptography from 3.1.1 to 3.2 @dependabot-preview (#3096)
• Update stefanzweifel/git-auto-commit-action action from v4.7.1 to v4.7.2 (.github/workflows/plantuml.yml) @renovate (#3086)
• build(deps): bump pillow from 8.0.0 to 8.0.1 @dependabot-preview (#3076)
• build(deps): bump drf-yasg2 from 1.19.2 to 1.19.3 @dependabot-preview (#3077)
• build(deps): bump google-api-python-client from 1.12.3 to 1.12.5 @dependabot-preview (#3075)
• master->dev: github action workflow config sync @valentijnscholten (#3078)
• integration tests: fix mark finding for review errors @valentijnscholten (#3073)
• Add endpoint_status creation script @Maffooch (#3068)
• build(deps): bump humanize from 3.0.1 to 3.1.0 @dependabot-preview (#3049)
• upgrade to drf_yasg2 which is needed for django rest framework 3.12 and higher @valentijnscholten (#3052)
• Update mysql Docker tag from 5.7.31 to v5.7.32 (docker-compose.yml) @renovate (#3070)
• Update stefanzweifel/git-auto-commit-action action from v4.6.0 to v4.7.1 (.github/workflows/plantuml.yml) @renovate (#3071)
• master->dev sync: modifications to workflow files @valentijnscholten (#3067)
• GitHub Actions: Add unit tests workflow @valentijnscholten (#3063)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.1.2 to v4.6.0 (.github/workflows/plantuml.yml) @renovate (#3050)
• chore(deps): update actions/checkout action from v1 to v2 (.github/workflows/plantuml.yml) @renovate (#3051)
• Remove that comment to make my sed life easier @madchap (#3048)
• build(deps): bump markdown from 3.3.1 to 3.3.2 @dependabot-preview (#3047)
• build(deps): bump urllib3 from 1.25.10 to 1.25.11 @dependabot-preview (#3040)
• build(deps): bump mysql-connector-python from 8.0.21 to 8.0.22 @dependabot-preview (#3039)
• build(deps): bump lxml from 4.5.2 to 4.6.1 @dependabot-preview (#3037)
• title: suppress superfluous log lines @valentijnscholten (#3031)
• Revert "Move helm deps to Chart.yaml (#3013)" @madchap (#3022)
• build(deps): bump pillow from 7.2.0 to 8.0.0 @dependabot-preview (#3010)
• linting @valentijnscholten (#3024)
• chore(deps): update mysql:5.7.31 docker digest to 3830eda (docker-compose.yml) @renovate (#3006)
• Add required fields in package.json @alles-klar (#3008)
• Move helm deps to Chart.yaml @madchap (#3013)
• build(deps): bump markdown from 3.3 to 3.3.1 @dependabot-preview (#2996)
• more tests for import and deduplication @valentijnscholten (#2959)
• Removing deprecated keys @dsever (#2994)
• build(deps): bump nginx from 1.19.2-alpine to 1.19.3-alpine @dependabot-preview (#2988)
• build(deps): bump datatables.net-buttons-bs from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2981)
• build(deps): bump datatables.net-buttons-dt from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2982)
• build(deps): bump django-slack from 5.15.2 to 5.15.3 @dependabot-preview (#2986)
• chore(deps): update helm chart rabbitmq from 6.16.0 to v6.18.2 (helm/defectdojo/requirements.yaml) @renovate (#2967)
• build(deps): bump packageurl-python from 0.9.2 to 0.9.3 @dependabot-preview (#2971)
• build(deps): bump markdown from 3.2.2 to 3.3 @dependabot-preview (#2970)
• build(deps): bump easymde from 2.12.0 to 2.12.1 in /components @dependabot-preview (#2972)
• build(deps): bump moment from 2.29.0 to 2.29.1 in /components @dependabot-preview (#2973)
• chore(deps): update helm chart redis from 10.3.1 to v10.5.7 (helm/defectdojo/requirements.yaml) @renovate (#2968)
• chore(deps): update helm chart postgresql from 8.1.2 to v8.6.4 (helm/defectdojo/requirements.yaml) @renovate (#2966)
• chore(deps): update helm chart mysql from 1.6.2 to v1.6.7 (helm/defectdojo/requirements.yaml) @renovate (#2965)
• Veracode: use unique_id_from_tool (fixed deduplication issues) @reinier-vegter (#2909)
• build(deps): bump google-auth from 1.22.0 to 1.22.1 @dependabot-preview (#2964)
• Move onetime command code to respective files @valentijnscholten (#2960)
• Remove heroku demo from README @madchap (#2963)
• build(deps): bump humanize from 2.6.0 to 3.0.1 @dependabot-preview (#2957)
• build(deps): bump google-api-python-client from 1.12.2 to 1.12.3 @dependabot-preview (#2933)
• chore(deps): update rabbitmq docker tag from 3.7.26 to v3.8.9 (docker-compose.yml) @renovate (#2941)
• Start celery without uid @uncycler (#2923)
• chore(deps): update mysql docker tag from 5.7.29 to v5.7.31 (docker-compose.yml) @renovate (#2940)
• sync renovate config from master @valentijnscholten (#2956)
• build(deps): bump easymde from 2.11.0 to 2.12.0 in /components @dependabot-preview (#2934)
• Merge renovate config from master into dev @valentijnscholten (#2942)
• Configure Renovate dev @renovate (#2936)
• Merge back 1.8.0 from master into dev @valentijnscholten (#2932)
• Release PR - release/1.9.0 @github-actions (#3107)
• sync dev from master after renovate config update @valentijnscholten (#2953)
• Configure Renovate @renovate (#2941

🚩 Requires settings change

• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add json logging to Django @madchap (#3062)
• Add configurable SAML2 logout endpoint @Maffooch (#3046)
• Add SSL verification variable to JIRA integration @Maffooch (#3016)
• swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
• Fixes and add missing index for simple search @valentijnscholten (#2955)

📖 Documentation

• finding: document all the fields in the model @xens (#2961)
• search: restore missing index fields @valentijnscholten (#2980)
• doc: add credentials tips into quick-start @xens (#2969)
• Adding short API block in README @madchap (#2962)

1.8.0 🌈

Changes

• Release 1.8.0 @valentijnscholten (#2931)
• Helm3 transition @dsever (#2892)
• Revert "build(deps): bump python from 09bb817 to e525911" @Maffooch (#2895)
• Veracode import: fixed false-positives and added SCA findings @reinier-vegter (#2879)
• New Import Parser drHeader @SPoint42 (#2846)
• Helm run changes @madchap (#2883)
• Bugfixing when the title of a vulnerability is more than 511 characters in SonarQube API @dvelardez (#2873)
• apiv2: fix multi-value and sorting on /products @xens (#2871)
• Rework apiv2 findings filters @xens (#2717)
• Fixed endpt status table not showing for adhoc findings @sc-tibco (#2860)
• Fix notifications spam (issue #2713) @H4ckd4ddy (#2834)
• api_v2: fix push notes to Jira @xens (#2810)
• Fix AWS Scout2 importing bug. Fix #2797 @dougmorato (#2798)
• Fix checkmarx parser when an exploitable finding is hidden by a false… @ptrovatelli (#2800)
• api_v2: fix push_to_jira when using the PATCH method @xens (#2801)
• change release flow so that moderators needs to merge rather than che… @ptrovatelli (#2494)
• hotfix: do not reopen false positives and out_of_scope on behalf of SDA SE @wurstbrot (#2599)
• Fix duplicated findings in reimport @edersonbrilhante (#2770)
• #2780 Support either prop defined as findings or Findings in AWS Security Hub Parser @tohch4 (#2782)
• #2475 and enhancement - JIRA webhook notification @manav-nagla (#2786)
• Added user-agent in sonarqube api requests @felipemgurian (#2740)
• JIRA: small bugfixes, improvements and cleanup @valentijnscholten (#2737)
• Gitleaks v5 - parser update @steeve85 (#2724)
• improve deduplication on engagement wording @valentijnscholten (#2728)

🚀 New scanners

• Add an importer for kube-bench reports @StefanFl (#2910)
• Adding a parser for Checkov scanner @StefanFl (#2887)
• Risk Recon API Importer @cody-m-tibco (#2778)
• Implement AWS Security Hub Scan Parser @xee5ch (#2594)

🚀 Features and enhancements

• Calculate metrics by endpoint status @Maffooch (#2926)
• docker-compose and helm: Add variables for celeryworker prefork and uwsgi thread/procs control @madchap (#2813)
• Search improvements and fixes @valentijnscholten (#2861)
• (jira) alerts: improve error handling and more @valentijnscholten (#2889)
• findings: add support for metadata @xens (#2862)
• Set component name/version for php symfony & dependency check parsers @valentijnscholten (#2845)
• Add request/response pairs to finding APIv2 calls @Maffooch (#2865)
• Add limited staff access to authorized users @cody-m-tibco (#2765)
• Add Notes at Engagement level and improvements at Test level @Maffooch (#2510)
• Custom dates on product type metrics @Maffooch (#2857)
• Adding CVSS3.0 Score to the DefectDojo @flkhndlr (#1887)
• Adding more envvars to settings.py @madchap (#2858)
• Add request_response pairs to the UI @Maffooch (#2806)
• Django saml2 plugin dedicated cert @dsever (#2791)
• Regulation gui/api extending @dsever (#2814)
• edit finding: fix parent/original duplicate + small fixes @valentijnscholten (#2843)
• K8s helm extending configs v2 @dsever (#2847)
• view finding: duplicate & similar finding improvements and fixes @valentijnscholten (#2748)
• Add Sonarqube integration endpoints to APIv2 @cody-m-tibco (#2683)

🐛 Bug Fixes

• Fix custom report endpoint_status error @Maffooch (#2929)
• fix add finding from template req_resp key error @valentijnscholten (#2927)
• closed findings: filter by is_Mitigated instead of mitigated @valentijnscholten (#2912)
• Security and Bug Fixes @Maffooch (#2899)
• Search improvements and fixes @valentijnscholten (#2861)
• Import empty Anchore policies without error @ccojocar (#2896)
• bugfix for risk acceptance migration @alles-klar (#2849)
• Fix edit findings function @Maffooch (#2885)
• Fixing helm /var/run issue @madchap (#2868)
• Replaced .ix[] with .loc[] in AWS Prowler parser.py @FallenAtticus (#2822)
• Fixed dates sorted alphabetically @sc-tibco (#2832)
• Fixed cve field showing None when importing nessus .xml reports @sc-tibco (#2856)
• Fixes problems generating AsciiDOC product report @sc-tibco (#2836)
• edit finding: fix parent/original duplicate + small fixes @valentijnscholten (#2843)
• update threat model download process @Maffooch (#2841)
• Search fix watson references to deleted findings @valentijnscholten (#2823)
• Fix product endpt html report @sc-tibco (#2827)
• BUG-2824, add missing trivy finding fields and settings for deduplication @DaniJG (#2825)
• search: fix when searching for empty string @valentijnscholten (#2817)
• npm audit parser: fix cve parsing @valentijnscholten (#2809)
• Improve Burp Enterprise parser and update gitignore @cody-m-tibco (#2725)
• ESLint parser title error checking @SPoint42 (#2736)
• fix popovers in view_test and improve js overall @valentijnscholten (#2727)

🧰 Maintenance

• Questionnaire Renaming and Fixes @JoseRoman (#2420)
• build(deps): bump google-auth from 1.21.3 to 1.22.0 @dependabot-preview (#2928)
• fix chosen js dependency @valentijnscholten (#2904)
• build(deps): bump django-filter from 2.3.0 to 2.4.0 @dependabot-preview (#2920)
• build(deps): bump google-auth from 1.21.2 to 1.21.3 @dependabot-preview (#2915)
• add GitHub action for integration tests @valentijnscholten (#2918)
• build(deps): bump google-api-python-client from 1.12.1 to 1.12.2 @dependabot-preview (#2914)
• add flake8 check as github action @valentijnscholten (#2917)
• build(deps): bump python from 09bb817 to e525911 @dependabot-preview (#2903)
• build(deps): bump moment from 2.28.0 to 2.29.0 in /components @dependabot-preview (#2902)
• build(deps): bump cryptography from 3.1 to 3.1.1 @dependabot-preview (#2901)
• Security and Bug Fixes @Maffooch (#2899)
• Add user post endpoint to APIv2 @Maffooch (#2875)
• build(deps): bump packageurl-python from 0.9.1 to 0.9.2 @dependabot-preview (#2893)
• build(deps): bump django-extensions from 3.0.8 to 3.0.9 @dependabot-preview (#2884)
• build(deps): bump python from 09bb817 to e525911 @dependabot-preview (#2891)
• Quantify endpoint status objects when viewing findings @cody-m-tibco (#2855)
• build(deps): bump google-auth from 1.21.1 to 1.21.2 @dependabot-preview (#2874)
• build(deps): bump google-api-python-client from 1.11.0 to 1.12.1 @dependabot-preview (#2870)
• build(deps): bump coverage from 5.2.1 to 5.3 @dependabot-preview (#2866)
• build(deps): bump moment from 2.27.0 to 2.28.0 in /components @dependabot-preview (#2864)
• Bump helm chart versions @madchap (#2853)
• Dockerfile improvements @madchap (#2839)
• build(deps): bump psycopg2-binary from 2.8.5 to 2.8.6 @dependabot-preview (#2844)
• build(deps): bump google-auth from 1.21.0 to 1.21.1 @dependabot-preview (#2840)
• build(deps): bump django-extensions from 3.0.6 to 3.0.8 @dependabot-preview (#2842)
• build(deps): bump django from 2.2.15 to 2.2.16 @dependabot-preview (#2828)
• build(deps): bump asteval from 0.9.18 to 0.9.19 @dependabot-preview (#2830)
• build(deps): bump jquery from 3.5.0 to 3.5.1 in /components @dependabot-preview (#2829)
• Bump jquery from 3.4.1 to 3.5.0 in /components @dependabot (#2416)
• build(deps): bump django-extensions from 3.0.5 to 3.0.6 @dependabot-preview (#2820)
• Upgrade components minikube k8s helm @dsever (#2826)
• build(deps): bump python from 3.6.11-slim-buster to 3.6.12-slim-buster @dependabot-preview (#2793)
• build(deps): bump django-polymorphic from 2.1.2 to 3.0.0 @dependabot-preview (#2796)
• build(deps): bump cryptography from 3.0 to 3.1 @dependabot-preview (#2804)
• build(deps): bump django-prometheus from 2.0.0 to 2.1.0 @dependabot-preview (#2799)
• build(deps): bump google-api-python-client from 1.10.1 to 1.11.0 @dependabot-preview (#2811)
• build(deps): bump google-auth from 1.20.1 to 1.21.0 @dependabot-preview (#2812)
• build(deps): bump google-api-python-client from 1.10.0 to 1.10.1 @dependabot-preview (#2802)
• build(deps): bump python from d9cc855 to 1ea811c @dependabot-preview (#2751)
• build(deps): bump django from 2.2.14 to 2.2.15 @dependabot-preview (#2752)
• build(deps): bump justgage from 1.3.5 to 1.4.0 in /components @dependabot-preview (#2756)
• build(deps): bump django-slack from 5.14.4 to 5.15.2 @dependabot-preview (#2757)
• build(deps): bump djangorestframework from 3.11.0 to 3.11.1 @dependabot-preview (#2758)
• build(deps): bump google-auth from 1.20.0 to 1.20.1 @dependabot-preview (#2766)
• build(deps): bump django-extensions from 3.0.3 to 3.0.5 @dependabot-preview (#2768)
• build(deps): bump humanize from 2.5.0 to 2.6.0 @dependabot-preview (#2779)
• build(deps): bump nginx from 1.19.1-alpine to 1.19.2-alpine @dependabot-preview (#2785)
• build(deps): bump pygithub from 1.51 to 1.53 @dependabot-preview (#2789)
• build(deps): bump supervisor from 4.2.0 to 4.2.1 @dependabot-preview (#2792)
• Add Sonarqube integration endpoints to APIv2 @cody-m-tibco (#2683)
• build(deps): bump celery from 4.4.6 to 4.4.7 @dependabot-preview (#2749)
• build(deps): bump python-jose from 3.1.0 to 3.2.0 @dependabot-preview (#2741)
• build(deps): bump google-auth from 1.19.2 to 1.20.0 @dependabot-preview (#2739)
• build(deps): bump python from 9111ff3 to d9cc855 @dependabot-preview (#2729)
• build(deps): bump coverage from 5.2 to 5.2.1 @dependabot-preview (#2723)
• Merge release/1.7.1 into dev @Maffooch (#2732)

🚩 Requires settings change

• Search improvements and fixes @valentijnscholten (#2861)
• BUG-2824, add missing trivy finding fields and settings for deduplication @DaniJG (#2825)

🚩 Security

• Security and Bug Fixes @Maffooch (#2899)
• Dockerfile improvements @madchap (#2839)
• build(deps): bump django from 2.2.15 to 2.2.16 @dependabot-preview (#2828)

1.7.1 🌈

🐛 Bug Fixes

• Add migration to create endpoint_status objects @cody-m-tibco (#2730)

🧰 Maintenance

• Update master version @Maffooch (#2731)
• Merge release/1.7.1 into dev @Maffooch (#2732)

1.7.0 🌈

🚀 New scanners

• github vulnerability parser added @tahir59 (#2386)
• Twistlock CSV Parser Feature @bvcelari (#2626)
• Feature/add tool huskyci @edersonbrilhante (#2612)
• Feature/add tool ccvs @edersonbrilhante (#2611)
• Eslint plugin (against dev) @omerlh (#2558)

🚀 Features and enhancements

• Partial endpoint remediation @cody-m-tibco (#2632)
• Switch Nginx image to Alpine @alles-klar (#2645)
• JIRA/GitHub: Use templates to allow customizing issue description / body @valentijnscholten (#2643)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• Add Technology (App Analysis) management via UI and APIv2 @Maffooch (#2639)
• authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
• Search by CVE and index extra fields @valentijnscholten (#2616)
• Add risk acceptance flag and simple bulk risk acceptance @valentijnscholten (#2390)
• Add SAML2 support @cody-m-tibco (#2603)
• API V2: add the possibility to filter by "is_Mitigated" status @ptrovatelli (#2602)
• Slack enhancements @madchap (#2486)
• Notes improvements (UI and Jira integration) @steeve85 (#2581)
• Update to Gitleak deduplication algorithm @steeve85 (#2699)

🐛 Bug Fixes

• Default jira severity to Low instead of None @madchap (#2667)
• jira: only set duedate when field is available in jira @valentijnscholten (#2650)
• jira hotfix when no usercontactinfo for reporter @valentijnscholten (#2648)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• jira issue and endpoints prefetching fixes @valentijnscholten (#2625)
• Exception preventing in (re)import-scan @cody-m-tibco (#2606)
• Add description to test add and edit @madchap (#2560)
• Added pwgen for all platforms. @NotBryan (#2578)
• Bugfix for burp test upload @JamesCullum (#2576)
• Jira fixes for #2521 #2577 @Apipia (#2579)
• kubernetes: add missing affinity @ptrovatelli (#2310)
• Fix 500 rendering error for duplicate without original_finding @Apipia (#2509)
• Fix push close and re-open from DDJ to JIRA @kareem-DA (#2605)
• Fix swagger finding @edersonbrilhante (#2656)

🧰 Maintenance

• Bump google-auth from 1.19.1 to 1.19.2 @dependabot-preview (#2691)
• Bump easymde from 2.10.1 to 2.11.0 in /components @dependabot-preview (#2688)
• Bump google-auth from 1.19.0 to 1.19.1 @dependabot-preview (#2685)
• Bump google-api-python-client from 1.9.3 to 1.10.0 @dependabot-preview (#2684)
• Add obvious way to delete metadata in UI @Maffooch (#2674)
• Bump django-extensions from 3.0.2 to 3.0.3 @dependabot-preview (#2678)
• Bump google-auth from 1.18.0 to 1.19.0 @dependabot-preview (#2675)
• Bump mysql-connector-python from 8.0.20 to 8.0.21 @dependabot-preview (#2672)
• Bump lxml from 4.5.1 to 4.5.2 @dependabot-preview (#2666)
• Bump nginx from 1.19.0-alpine to 1.19.1-alpine @dependabot-preview (#2673)
• Bump django-crispy-forms from 1.9.1 to 1.9.2 @dependabot-preview (#2670)
• bug report template: better git cmd @valentijnscholten (#2659)
• Bump mysqlclient from 2.0.0 to 2.0.1 @dependabot-preview (#2640)
• Bump python from 3.6.10-slim-buster to 3.6.11-slim-buster @dependabot-preview (#2646)
• Bump coverage from 5.1 to 5.2 @dependabot-preview (#2653)
• added steps for changing the password @krbalag (#2652)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• Bump humanize from 2.4.1 to 2.5.0 @dependabot-preview (#2644)
• Bump mysqlclient from 1.4.6 to 2.0.0 @dependabot-preview (#2637)
• Bump django-extensions from 3.0.1 to 3.0.2 @dependabot-preview (#2634)
• Bump django-extensions from 2.2.9 to 3.0.1 @dependabot-preview (#2621)
• Bump django from 2.2.13 to 2.2.14 @dependabot-preview (#2627)
• Bump pillow from 7.1.2 to 7.2.0 @dependabot-preview (#2624)
• Bump humanize from 2.4.0 to 2.4.1 @dependabot-preview (#2614)
• remove BREAK in html @madchap (#2613)
• Bump celery from 4.4.5 to 4.4.6 @dependabot-preview (#2608)
• Bump social-auth-app-django from 3.4.0 to 4.0.0 @dependabot-preview (#2593)
• integration tests: grep celery work logs for ERRORs @valentijnscholten (#2574)
• Bump moment from 2.26.0 to 2.27.0 in /components @dependabot-preview (#2585)
• Bump google-auth from 1.17.2 to 1.18.0 @dependabot-preview (#2582)
• travis: merge docker step with integration tests step @valentijnscholten (#2580)
• run some Integration tests with block execution = true @valentijnscholten (#2377)
• merge release/1.6.5 into dev @valentijnscholten (#2568)
• Bump uwsgi from 2.0.19 to 2.0.19.1 @dependabot-preview (#2571)
• fix: rename HuskyCi to HuskyCI Report in test_type @edersonbrilhante (#2633)

🚩 Requires settings change

• authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
• Add SAML2 support @cody-m-tibco (#2603)

🚩 Security

• kubernetes security fixes: @ptrovatelli (#2214)

🚩 Documentation

• doc: add docker-compose build @wurstbrot (#2595)
• In-page doc for twistlock now accepting CSV as input @madchap (#2676)

1.6.5 Bug fix release 🌈

Change

🐛 Bug Fixes

• mentioning a user: fix notifications @valentijnscholten (#2565)
• fix github issue creation @madchap (#2505)
• Fix JIRA webhook event type compares @kareem-DA (#2507)
• fixed duplicate_finding_set function to not throw error @Apipia (#2506)
• Fix JIRA update issue if issue already linked @madchap (#2441)
• JIRA fixes @madchap (#2462)
• Fix duplicate issues create in JIRA when creating an ad-hoc finding @kareem-DA (#2489)
• improve error handling notifications @valentijnscholten #2412
• fix alerts for product_added, and more @valentijnscholten #2359
• npm audit parser: fixes @valentijnscholten #2225
• backport fixes for integration tests to 1.6.x @valentijnscholten #2442
• False positive history: Recognized false positives marked as verified @ssridhartibco #2483
• search: fix for non-staff non-superusers @valentijnscholten #2482

🧰 Maintenance

• merge release/1.6.5 into master @valentijnscholten (#2567)
• setup.bash: print message when user selects unsupported database scen… @valentijnscholten (#2527)
• setup.bash EOL notice @madchap (#2516)
• release aftercare: merge hotfix 1.6.2 into 1.6.5 @valentijnscholten (#2499)

🚩 Security

• Disable XXE when parsing Qualys reports @eric-therond-sonarsource (#2539)