1.6.0 GA release

We're glad to make the 1.6.0 GA now.

Since 1.6.0-rc, the following fixes were made.

Docker images have been pushed with tag 1.6.0 and latest.

Below the list of all changes since the previous 1.5.4 GA.

Changes

🚀 New scanners

• Adding a parser for Gitleaks scanner @steeve85 (#2149)
• Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🚀 Features and enhancements

• Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
• Feature/jira overhaul (Push All Issues) @Apipia (#2140)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• Dockerfile for integration tests @alles-klar (#2114)
• Add TLS for Nginx Helm Chart @alles-klar (#2115)
• Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
• Add github integration @mestrade (#2116)
• Brakeman parser improvement @steeve85 (#2175)
• integration tests fixes and improvements @valentijnscholten (#2160)
• [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
• Move similar finding below actual finding main info @madchap (#2131)
• Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• Add bulk risk acceptance API @jvz (#1904)
• Add component name and version for JFrog scans @jvz (#1979)
• apiv2: add test.id in result of importscan @valentijnscholten (#2094)
• performance: cache system_settings in views @valentijnscholten (#1953)
• add url and product name to jira alert message @valentijnscholten (#2061)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• performance gains by prefetching in more places @valentijnscholten (#1955)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)

🐛 Bug Fixes

• fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
• Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
• Acunetix parser fix @steeve85 (#2185)
• Hadolint parser fix @steeve85 (#2186)
• integration tests fixes and improvements @valentijnscholten (#2160)
• Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
• system settings test: fix copy-paste error @valentijnscholten (#2158)
• unittests: check for existence of system_settings db record @valentijnscholten (#2105)
• Allow staff users to delete notes @madchap (#2127)
• honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
• fix dashboard graph - show values @alles-klar (#2112)
• Social-auth: Fix call-back URLs @xens (#2124)
• Fix middlewares @Nilix007 (#1863)
• product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
• DSOP parser missing fields @madchap (#2104)
• kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
• Fix kubernetes helm upgrade @ptrovatelli (#1924)
• fix migrations after #2009 @valentijnscholten (#2100)
• Fix duplication issue @MarianG (#2009)
• Fix for issue #1993 @piyarathnalakmali (#2097)
• docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
• fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
• quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
• Fix whitesource parser @MarianG (#2011)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• fix various DSOP parser issues @madchap (#2054)
• add version to filter fields @madchap (#1879)
• Anchore parser fix to consider package_path @madchap (#2086)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• fix some queries so that open include active verified and not verified @madchap (#2026)
• only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
• fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
• only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
• npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• fix removed system settings processor @valentijnscholten (#2080)
• fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🧰 Maintenance

• Minor DOCKER.md fix for ptvsd @madchap (#2177)
• Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• add doc about wrappers and branching model @ptrovatelli (#2003)
• Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
• Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
• Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
• Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
• Bump nginx from 3936fb3 to 7ac7819 @dependabot-preview (#2155)
• Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
• Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
• Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
• Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
• Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
• Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
• Pinned yarn package manager to stable version @arkwrn (#1956)
• Find and correct duplicate loops @MarianG (#2010)
• remove unused view_product_details @valentijnscholten (#2063)
• Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
• integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
• Fix duplication issue @MarianG (#2009)
• Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
• Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
• simplify and speedup integration tests @valentijnscholten (#2015)
• remove unused docker/nginx.conf @valentijnscholten (#2055)
• Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
• Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
• Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
• Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
• Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
• Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
• Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
• Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
• remove dependency pygments @alles-klar (#2017)
• Javascript dependency refactor @valentijnscholten (#2002)
• Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
• Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
• Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)

🚩 Requires settings change

• Fix middlewares @Nilix007 (#1863)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• Javascript dependency refactor @valentijnscholten (#2002)
• performance gains by prefetching in more places @valentijnscholten (#1955)

1.6.0-rc

Changes

🚀 New scanners

• Adding a parser for Gitleaks scanner @steeve85 (#2149)
• Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🚀 Features and enhancements

• Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
• Feature/jira overhaul (Push All Issues) @Apipia (#2140)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• Dockerfile for integration tests @alles-klar (#2114)
• Add TLS for Nginx Helm Chart @alles-klar (#2115)
• Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
• Add github integration @mestrade (#2116)
• Brakeman parser improvement @steeve85 (#2175)
• integration tests fixes and improvements @valentijnscholten (#2160)
• [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
• Move similar finding below actual finding main info @madchap (#2131)
• Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• Add bulk risk acceptance API @jvz (#1904)
• Add component name and version for JFrog scans @jvz (#1979)
• apiv2: add test.id in result of importscan @valentijnscholten (#2094)
• performance: cache system_settings in views @valentijnscholten (#1953)
• add url and product name to jira alert message @valentijnscholten (#2061)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• performance gains by prefetching in more places @valentijnscholten (#1955)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)

🐛 Bug Fixes

• fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
• Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
• Acunetix parser fix @steeve85 (#2185)
• Hadolint parser fix @steeve85 (#2186)
• integration tests fixes and improvements @valentijnscholten (#2160)
• Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
• system settings test: fix copy-paste error @valentijnscholten (#2158)
• unittests: check for existence of system_settings db record @valentijnscholten (#2105)
• Allow staff users to delete notes @madchap (#2127)
• honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
• fix dashboard graph - show values @alles-klar (#2112)
• Social-auth: Fix call-back URLs @xens (#2124)
• Fix middlewares @Nilix007 (#1863)
• product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
• DSOP parser missing fields @madchap (#2104)
• kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
• Fix kubernetes helm upgrade @ptrovatelli (#1924)
• fix migrations after #2009 @valentijnscholten (#2100)
• Fix duplication issue @MarianG (#2009)
• Fix for issue #1993 @piyarathnalakmali (#2097)
• docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
• fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
• quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
• Fix whitesource parser @MarianG (#2011)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• fix various DSOP parser issues @madchap (#2054)
• add version to filter fields @madchap (#1879)
• Anchore parser fix to consider package_path @madchap (#2086)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• fix some queries so that open include active verified and not verified @madchap (#2026)
• only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
• fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
• only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
• npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• fix removed system settings processor @valentijnscholten (#2080)
• fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🧰 Maintenance

• Minor DOCKER.md fix for ptvsd @madchap (#2177)
• Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• add doc about wrappers and branching model @ptrovatelli (#2003)
• Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
• Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
• Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
• Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
• Bump nginx from 3936fb3 to 7ac7819 @dependabot-preview (#2155)
• Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
• Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
• Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
• Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
• Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
• Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
• Pinned yarn package manager to stable version @arkwrn (#1956)
• Find and correct duplicate loops @MarianG (#2010)
• remove unused view_product_details @valentijnscholten (#2063)
• Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
• integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
• Fix duplication issue @MarianG (#2009)
• Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
• Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
• simplify and speedup integration tests @valentijnscholten (#2015)
• remove unused docker/nginx.conf @valentijnscholten (#2055)
• Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
• Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
• Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
• Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
• Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
• Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
• Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
• Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
• remove dependency pygments @alles-klar (#2017)
• Javascript dependency refactor @valentijnscholten (#2002)
• Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
• Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
• Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)

🚩 Requires settings change

• Fix middlewares @Nilix007 (#1863)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• Javascript dependency refactor @valentijnscholten (#2002)
• performance gains by prefetching in more places @valentijnscholten (#1955)

1.5.4.1 🐛

Changes

🐛 Bug Fixes

• Backport nodejs fix @madchap (#1983)

🧰 Maintenance

• release-drafter to work with dev branch @madchap (#1927)
• Remove root package.json @madchap (#1943)

1.5.4

A long awaited release.

See https://github.com/DefectDojo/django-DefectDojo/releases/tag/1.5.4rc6 for most of the changes that went into it.

Changes

• V1.5.4rc6 @ptrovatelli (#1834)
• Update slack invite URL to use the OWASP heroku invite rotator app @valentijnscholten (#1892)

1.5.4rc6

What's Changed

🚀 New scanners

• HackerOne parser (#1712) @blacklotos
• Trivy scanner support (#1700) @sergray
• Add parser for Xanitizer (#1679) @jankuehl
• Add Aqua parser (#1544) @madchap
• SonarQube integration (#1444) @twsagarcia
• Add support for Hadolint (#1424) @william-billaud
• Testssl Importer (#1397) @dr3dd589
• SSLyze importer (#1376) @dr3dd589
• JFrog XRay importer (#1375) @madchap
• SslScan importer (#1351) @dr3dd589
• Wpscan importer (#1345) @dr3dd589
• Webinspect importer (#1268) @dr3dd589
• Whitesource importer (#1243) @dr3dd589
• Mozilla Observatory importer (#1226) @dr3dd589
• Outpost24 importer (#1750) @jvz

🚀 Features and enhancements

• Added CVE Reference to imported findings from clair (#1751) @Rakito
• Enable Domain and Email Whitelist for Google Oauth (#1738) @arkwrn
• Read images as binaries (#1734) @dougmorato
• Add endpoints to scan (#1733) @alles-klar
• Add jira issue type config in settings (#1731) @madchap
• Login page banner (#1723) @madchap
• Fortify Parser Overhaul (#1706) @Apipia
• [apiv2] ability to filter engagement by name (#1703) @madchap
• Documentation fixes (#1699) @sergray
• Adapting to Active findings for count (#1698) @madchap
• adding multi-procs and threads by default (#1673) @madchap
• Add more product metrics, and base off open findings (#1672) @madchap
• Deduplication configuration per parser (#1665) @ptrovatelli
• drf_yasg for api documentation (#1664) @alles-klar
• Integrating Google Sheets with DefectDojo (#1637) @piyarathnalakmali
• Add ability to quickly mark duplicate findings (#1628) @jvz
• Add nosniff header and other improvments related to installation (#1624) @ptrovatelli
• Show more elements on a page (#1620) @alles-klar
• Change note editing restrictions (#1614) @piyarathnalakmali
• Integrate Engagement Surveys (#1601) @Maffooch
• Add finding ID, Eng. Version and tags to search results (#1596) @dougmorato
• Ability to Add And Remove Notes with API v2 Finding Endpoint (#1595) @propersam
• Improve Product view filtering (#1588) @dougmorato
• Adding the All Engagements View (#1587) @dougmorato
• Introducing DataTables to Products and Findings (#1586) @dougmorato
• add v1 api enhancements (#1574) @devGregA
• [SonarQube API] Manage manual changes (#1568) @twsagarcia
• Twistlock add unittest and try-catch (#1567) @madchap
• Ease use of external db in helm charts (#1563) @william-billaud
• Add ability to import OWASP Dependency Track Finding Packaging Format (FPF) Exports as a scan (#1561) @csansone-handy
• Add note-types to organize finding notes (#1539) @piyarathnalakmali
• JS validation in template form (#1534) @no-sec-marko
• Make finding images downloadable via API (#1532) @efficiosoft
• Manually set parent of duplicate (#1516) @Maffooch
• Add option to move engagements to different products (#1512) @Maffooch
• Add table of contents to HTML/Asciidoc reports (#1509) @Maffooch
• Integrate Unit tests to Travis CI jobs (#1501) @propersam
• Add express addition of Jira configs (#1495) @Maffooch
• Add Ability to Manage Findings Tag with Api v2 (#1489) @propersam
• Add ptvsd debug option (#1485) @madchap
• Improve Retire.JS parser (#1481) @Maffooch
• Add cve to Crashtest + dawnscanner findings (#1480) @dr3dd589
• docker-compose related improvements (#1479) @ptrovatelli
• Enable reports and resolve errors (@1469) @Maffooch
• JIRA improvements (#1466, #1465) @Maffooch
• Propose finding templates based on recent activity and CVE (@1464) @Maffooch
• "Download template as..." (#1453) @devEricA
• CWE statistics in product metrics (#1451) @twsagarcia
• Added Api v2 Feature For Report Generation (#1447) @propersam
• Reactivate sonar (#1445) @ptrovatelli
• Add current commit hash in footer (#1440) @dr3dd589
• Notifications overhaul (#1437) @devEricA
• JIRA Webhook support Finding transition to Accept/False positive status (#1419) @twsagarcia
• Bulk edit tags (#1402) @devEricA
• Include tags in reports (#1400) @dr3dd589
• Add Notes Endpoint to Api v2 + private (#1360, #1358) @propersam
• Disable the 'push to jira' checkbox prevent accidental overwrite (#1324) @madchap
• Enhanced Blackduck parser (#1318) @madchap @jvz
• Implement Azure AD Tenant OAuth (#1309) @dougmorato
• Previous and Next button to navigate findings (#1269) @devEricA
• Add private notes to findings and prevent showing on reports (#1266) @Maffooch
• Clear all alerts option (#1258) @devEricA
• Get python3 branch up to dev place (#1246) @Maffooch
• Make risk acceptance accessible from finding (#1225) @devEricA

🐛 Bug Fixes

• owasp_dependency_checker: truncate too long cve fields (#1768) @valentijnscholten
• Fix dedupe for dynamic parsers: fix addition of endpoints (#1730) @ptrovatelli
• [Helm] Fix resources indentation (#1727) @carlosjgp
• Fix hover issue in product list (#1718) @Maffooch
• Updated datatable because the endpoint popup didnt work (#1715) @MarianG
• No staff for new social logins (#1711) @madchap
• Updated php parser to report on warnings even with no errors (#1705) @Apipia
• Whitesource cvss3 fix, improvements (#1690, #1685) @madchap
• Fixing endpoint pop-up in add_findings.html (#1689) @no-sec-marko
• Blackduck importer update and fixes (#1683) @Apipia
• Fix undefined and null value issue in netsparker import (#1677) @H4ckd4ddy
• Fix sslyze XML parser for undefined value (#1676) @H4ckd4ddy
• Checkmarx set false positive status (#1675) @ptrovatelli
• Fix bug with endpoints without colons (#1667) @alles-klar
• Fix bug in simple metrics (#1666) @alles-klar
• argument type for json.loads (#1662) @frannovo
• Repair Simple Metrics data displayed on /metrics/simple route (#1655) @amnesik
• Fix CVE regex (#1632) @blacklotos
• Fix bug when using tags with spaces (#1621) @alles-klar
• Fix bug in qualys parser (#1619) @alles-klar
• Fix Spotbugs import (#1615) @Tibo-le-canard
• fix dependency-check cwe parsing (#1611) @madchap
• Fix "Under Review" not showing in test view (#1599) @madchap
• fix finding.cwe in filters (#1591) @legik
• Fix Import OpenVas Scan Result (#1585) @gogo02
• Fix Closed/Accepted Finding errors (#1578) @Maffooch
• fix introduced regression to ingesting Xray scan (#1564) @madchap
• Fix tables of contents and test pdf report (#1556) @Maffooch
• promote_to_finding crash on endpoints (#1551) @agix
• json_output does not exist (#1548) @agix
• Urlunsplit crash fix (#1547) @agix
• Fix bug when displaying accepted findings (#1538) @alles-klar
• Remove unique constraint from jira_id (#1529) @madchap
• Expand default bleach whitelist (#1524) @no-sec-marko
• Show test lead name in the test summary table instead name of eng lead (#1519) @no-sec-marko
• fix initial date format (#1499) @madchap
• fix release mode git commit showing issue (#1483) @dr3dd589
• Fix tags in all finding templates (#1463) @Maffooch
• Fix Clair importer (#1459) @dr3dd589
• Fix Dependency Check parser (#1455) @dr3dd589
• Fix json based import scanners (#1449) @Maffooch
• Fix deprecated filter argument (#1405) @frannovo
• Fix Qualys parsing and importing (#1386) @dougmorato
• Fix Veracode static and dynamic issue (#1377) @dr3dd589

🧰 Maintenance activities

• Bumping parent docker images (#1786) @madchap
• Update python dependencies (#1758) @alles-klar
• Pushing dependabot config to master (#1732) @madchap
• README's installation update (#1642, #1641) @Maffooch
• Update migrations to make builds happy (#1523) @Maffooch
• Adjust finding status to display product metrics (#1520) @madchap
• Fix unit-tests not working in docker env (#1429) @ptrovatelli
• Refactor deduplication and implement with django signals (#1395) @Maffooch
• Fix DefectDojo build caused by Python3 docker update (#1379) @alles-klar
• Use git+https instead of git+git for GitHub on requirements.txt (#1297) @dougmorato

Python3

Merge pull request #1508 from Maffooch/dedupe

Return dedupe to a "working" state

1.5.4rc5: Merge pull request #1227 from DefectDojo/dev

What's Changed

• New Importers
  • Cobalt.io Scan Importer (#1215)
  • Implement Importer For Immuniweb scan parser (#1208)
  • Wapiti scan importer (#1206)
  • Openscap Scan Importer (#1193)
  • Sonatype parser (#1182)
  • Blackduck hub parser (#1127)
  • Twistlock parser (#1123, #1113)
  • PHP Symfony Security Check parser (#1115)
• Bug Fixes
  • Email not being received because of missing From header (#1213)
  • Fix open finding filter inconsistency (#1207)
  • Fix 1176 checkmarx deduplication (#1202)
  • Kiuwan import improvements #1198
• New Features
  • Add Google/OKTA OAUTH2 Sign-in options (#1209)
• Functional unit test (#1167, #1130, #1131, #1132, #1133, #1134)

1.5.4rc4

What's Changed

• Entrypoint fix for docker, accessibility and engagement redirect (#1041) @aaronweaver

1.5.4rc3

What's Changed

• Fixes an issue with certain reports (#974) @adracea
• Migrations for containers and deployment pipeline (#976) @aaronweaver
• Move GitHub issue templates to newer GitHub workflow - fixes #977 (#978) @ppiotr3k
• ASVS v4 and CWE fixtures (#986) @barbich
• #991 and #993: Fix snyk import (#992) @madchap
• Fix twitter handle in README.md (#996) @valentijnscholten
• Added DawnScanner json report importer (#995) @jaguasch
• Anchore-Engine JSON vulnerability report importer (#999) @jaguasch
• Minor bug fixes (#1005) @aaronweaver

1.5.4rc2

What's Changed

• Updated Readme & made hash_code uneditable from UI (#959) @devGregA
• Added container security checks (#961) @aaronweaver
• annotations and secretName (#963) @sebbrandt87
• Add Kubernetes option in ISSUE_TEMPLATE.md (#965) @ppiotr3k
• Fix 964, first issue (#968) @Ravenons
• Change initializer to urandom (#971) @aaronweaver
• Container fix, helm secrets and memory optimizations (#972) @aaronweaver