Releases: DefectDojo/django-DefectDojo
Releases Β· DefectDojo/django-DefectDojo
2.46.1 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.46.0
- tags: prevent validation from removing tags @valentijnscholten (#12400)
- helm chart publisher: use proper ref for checkout @valentijnscholten (#12392)
- jira push: log inactive/verified message to debug @valentijnscholten (#12376)
- Minor Semgrep connector docs tweaks @cneill (#12373)
- Release: Merge back 2.46.0 into bugfix from: master-into-bugfix/2.46.0-2.47.0-dev @github-actions[bot] (#12387)
π Updates in UI
- Release: Merge release into master from: release/2.46.1 @github-actions[bot] (#12402)
- ui: fix "retrieve my username" typo @jfyuen (#12368)
π£ Updates in localization
- Release: Merge release into master from: release/2.46.1 @github-actions[bot] (#12402)
- ui: fix "retrieve my username" typo @jfyuen (#12368)
Contributors
cneill, jfyuen, and valentijnscholten
Assets 5
2.46.0 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.0
- [docs] sso maintenance @paulOsinski (#12356)
- update changelog 2.45.3 @paulOsinski (#12364)
- fix(GHA): Avoid some actions in forks @kiblik (#12354)
- Add input validation (branch to release num) for the release gha @rossops (#12302)
- Urllib3 upgrade + Rerecord JIra responses @Maffooch (#12355)
- releases: publish nightly builds of dev @valentijnscholten (#12137)
- Enhance OSV Parser to Include Mitigation Information with Fixed Package Versions @4b75726169736859 (#11681)
- nessus: parse more fields @valentijnscholten (#12247)
- Generic Parser: Support Test Type Meta @Maffooch (#12348)
- False Positive Status: Update docs @Maffooch (#12332)
- [docs] add Tags article @paulOsinski (#12294)
- Jira webhook comment duplicate patch @Maffooch (#12333)
- Release: Merge back 2.45.3 into bugfix from: master-into-bugfix/2.45.3-2.46.0-dev @github-actions (#12326)
- [docs] add Pro Finding Enhancements documentation @paulOsinski (#12310)
- Fortify: Handle suppressed findings as false positives @valentijnscholten (#12293)
- sla: parse finding.date implicitly @valentijnscholten (#12301)
- 2.45.2 pro changelog @paulOsinski (#12292)
- tenable: check mandatory columns before importing @valentijnscholten (#12273)
- saml: provide link to saml-tracer browser add-on @valentijnscholten (#12274)
- Reimport: Special statuses should be respected from reports @Maffooch (#12291)
- Update Wiz parser documentation - Standard & SCA imports @skywalke34 (#12259)
- Parser docstrings @Jino-T (#12253)
- [docs] Add Example Cases to docs @paulOsinski (#12265)
- Update wording about async import removal in 2.46.md @valentijnscholten (#12256)
- Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev @github-actions (#12288)
- [docs] Changelog, Jira reorg, Wiz Connector docs, Import reorg @paulOsinski (#12250)
- π Implement Fortify Webinspect new report format @manuel-sommer (#12155)
- Deprecation notification about async import @manuel-sommer (#12244)
- Update how-to-write-a-parser.md @maarten-boot (#12210)
- Release: Merge back 2.45.1 into bugfix from: master-into-bugfix/2.45.1-2.46.0-dev @github-actions (#12240)
- π fix ruff bump to 0.11.5 #12217 @manuel-sommer (#12224)
- π πͺ² Fix Aqua parser severity justification @manuel-sommer (#12192)
- changelog 2.45.0 @paulOsinski (#12213)
- close old findings: don't overwrite mitigated timestamp @valentijnscholten (#12204)
- Linting: Update how-to-write-a-parser.md to not contain Ruff violations @valentijnscholten (#12214)
- h1: vulnerability disclosure parser improvements @valentijnscholten (#12212)
- sla_config: use mass update for recalculation @valentijnscholten (#12133)
- Updated Documentation on Anchore Enterprise @Sopuru (#12058)
- immuniweb json parser @valentijnscholten (#12179)
- fix(renovate): Add separateMinorPatch @kiblik (#12190)
- wiz scan: handle more fields and unique_id_from_tool @valentijnscholten (#12198)
- π¨ RustyHog: handle empty reports correctly to fix #10584 @manuel-sommer (#12129)
- README: Point to sample scans for demo @valentijnscholten (#12162)
- Bump Django to 5.1.8 @valentijnscholten (#12191)
- Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev @github-actions (#12189)
π© Changes to settings.dist.py / local_settings.py
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
- Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
- Add Cyberwatch Galeax Parser @AmineHazi (#12105)
- Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
- Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
- π Add Amazon Linux Security Center advisory to vulnid @manuel-sommer (#12242)
- Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
- Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
- Implement HCL Commerce KB vulnids @manuel-sommer (#12199)
- π Add cisco security advisory to vulnid @manuel-sommer (#12180)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
π© Database migration
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Update verbose name + help text for JIRA username and password fields @valentijnscholten (#12261)
- Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion @valentijnscholten (#12131)
- Tag: Update allowed characters for a unified format @Maffooch (#12194)
- Import/Reimport Stats: Change name of left untouched @Maffooch (#12193)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
π API features and enhancements
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
- fix(api): Enable to set
recommendationanddecisioninrisk_acceptance@kiblik (#12303) - Tag: Update allowed characters for a unified format @Maffooch (#12194)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
π Updates in UI
- Release: Merge release into master from: release/2.46.0 @github-actions (#12386)
- Release 2.46.0: Merge Bugfix into Dev @rossops (#12385)
- Focus Indicator Disappears While Tabbing - DefectDojo Accessibility issue (Serious) @oussama-taoufiq (#12051)
- view_endpoint: fix error @valentijnscholten (#12343)
- most recent note: show date/author @valentijnscholten (#12329)
- Release: Merge back 2.45.3 into dev from: master-into-dev/2.45.3-2.46.0-dev @github-actions (#12325)
- Release: Merge release into master from: release/2.45.3 @github-actions (#12324)
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- fix(webhook): Missing quotation -> broken rendering @kiblik (#12226)
- π Differentiate between slackware and siemens vulnid @manuel-sommer (#12251)
- Release: Merge back 2.45.2 into dev from: master-into-dev/2.45.2-2.46.0-dev @github-actions (#12287)
- Release: Merge release into master from: release/2.45.2 @github-actions (#12286)
- Update base.html @shipko (#12228)
- SLA Calculations 2/2: Simplify logic @valentijnscholten (#11924)
- Release: Merge back 2.45.1 into dev from: master-into-dev/2.45.1-2.46.0-dev @github-actions (#12239)
- Release: Merge release into master from: release/2.45.1 @github-actions (#12236)
- π Fix Django template engagement_pdf_report #12201 @manuel-sommer (#12206)
- fix(notif): Product name not rendered correctly @kiblik (#12203)
- feat(perf): Speed-up loading by using smaller resources (js,css) @kiblik (#12178)
- Release: Merge back 2.45.0 into bugfix from: master-into-bugfix/2.45.0-2.46.0-dev @github-actions (#12188)
π§ Improved code quality with linters
- Ruff: Add S324 rule @manuel-sommer (#12169)
- Ruff: Final fix of PTH123 @kiblik (#12177)
π§° Maintenance
- Bump boto3 from 1.38.6 to 1.38.7 @dependabot (#12366)
- Bump ruff from 0.11.7 to 0.11.8 @dependabot (#12367)
- Bump drf-spectacular-sidecar from 2025.4.1 to 2025.5.1 @dependabot (#12358)
- Bump boto3 from 1.38.5 to 1.38.6 @dependabot (#12359)
- Bump psycopg[c] from 3.2.6 to 3.2.7 @dependabot (#12360)
- chore(deps): update dependency vite from 6.3.3 to v6.3.4 (docs/package.json) @renovate (#12349)
- Bump boto3 from 1.38.4 to 1.38.5 @dependabot (#12352)
- Bump humanize from 4.12.2 to 4.12.3 @dependabot (#12353)
- Bump django-debug-toolbar from 5.1.0 to 5.2.0 @dependabot (#12339)
- Bump django-auditlog from 3.0.0 to 3.1.2 @dependabot (#12338)
- Bump celery from 5.5.1 to 5.5.2 @dependabot (#12337)
- Bump boto3 from 1.38.2 to 1.38.4 @dependabot (#12336)
- Bump pdfmake from 0.2.18 to 0.2.19 in /components @dependabot (#12335)
- Update manusa/actions-setup-minikube action from v2.13.1 to v2.14.0 (.github/workflows/k8s-tests.yml) @renovate (#12334)
- Bump social-auth-core from 4.6.0 to 4.6.1 @dependabot (#12340)
- Update nginx/nginx-prometheus-exporter Docker tag from 1.4.1 to v1.4.2 (helm/defectdojo/values.yaml) @renovate (#12327)
- Bump nginx from 1.27.4-alpine3.21 to 1.27.5-alpine3.21 @dependabot (#12323)
- Bump openapitools/openapi-generator-cli from v7.12.0 to v7.13.0 @dependabot (#12322)
- Bump social-auth-core from 4.5.6 to 4.6.0 @dependabot (#12316)
- Bump ruff from 0.11.6 to 0.11.7 @dependabot (#12317)
- Bump boto3 from 1.38.1 to 1.38.2 @dependabot (#12318)
- Update redis Docker tag from 7.2.7 to v7.2.8 (docker-compose.yml) @renovate (#12311)
- Update actions/download-artifact action from v4.2.1 to v4.3.0 (.github/workflows/rest-framework-tests.yml) @renovate (#12312)
- Update docker/build-push-action action from v6.15.0 to v6.16.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12309)
- Bump boto3 from 1.38.0 to 1.38.1 @dependabot (#12308)
- Update actions/setup-python action from v5.5.0 to v5.6.0 (.github/workflows/test-helm-chart.yml) @renovate (#12306)
- Update dependency vite from 6.3.2 to v6.3.3 (docs/package.json) @renovate (#12305)
- Update dependency node from 22.14.0 to v22.15.0 (.github/workflows/validate_docs_build.yml) @renovate (#12300)
- Update redis Docker tag from 7.2.5 to v7.2.7 (docker-compose.yml...
Contributors
shipko, renovate, and 14 other contributors
Assets 5
2.45.3 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.2
- [docs] add Pro Finding Enhancements documentation @paulOsinski (#12310)
- Fortify: Handle suppressed findings as false positives @valentijnscholten (#12293)
- sla: parse finding.date implicitly @valentijnscholten (#12301)
- 2.45.2 pro changelog @paulOsinski (#12292)
- tenable: check mandatory columns before importing @valentijnscholten (#12273)
- saml: provide link to saml-tracer browser add-on @valentijnscholten (#12274)
- Reimport: Special statuses should be respected from reports @Maffooch (#12291)
- [docs] Add Example Cases to docs @paulOsinski (#12265)
π© Changes to settings.dist.py / local_settings.py
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
π Updates in UI
- Implement Albibaba Linux vulnids @manuel-sommer (#12304)
- fix(webhook): Missing quotation -> broken rendering @kiblik (#12226)
- π Differentiate between slackware and siemens vulnid @manuel-sommer (#12251)
Contributors
valentijnscholten, kiblik, and 3 other contributors
Assets 5
2.45.2 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.1
- [docs] Changelog, Jira reorg, Wiz Connector docs, Import reorg @paulOsinski (#12250)
- π Implement Fortify Webinspect new report format @manuel-sommer (#12155)
π© Changes to settings.dist.py / local_settings.py
- π Add Amazon Linux Security Center advisory to vulnid @manuel-sommer (#12242)
π Updates in UI
- SLA Calculations 2/2: Simplify logic @valentijnscholten (#11924)
Contributors
valentijnscholten, paulOsinski, and manuel-sommer
Assets 5
2.45.1 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.45.0
- π πͺ² Fix Aqua parser severity justification @manuel-sommer (#12192)
- changelog 2.45.0 @paulOsinski (#12213)
- close old findings: don't overwrite mitigated timestamp @valentijnscholten (#12204)
- Linting: Update how-to-write-a-parser.md to not contain Ruff violations @valentijnscholten (#12214)
- h1: vulnerability disclosure parser improvements @valentijnscholten (#12212)
- Updated Documentation on Anchore Enterprise @Sopuru (#12058)
- immuniweb json parser @valentijnscholten (#12179)
- fix(renovate): Add separateMinorPatch @kiblik (#12190)
- wiz scan: handle more fields and unique_id_from_tool @valentijnscholten (#12198)
- π¨ RustyHog: handle empty reports correctly to fix #10584 @manuel-sommer (#12129)
- README: Point to sample scans for demo @valentijnscholten (#12162)
- Bump Django to 5.1.8 @valentijnscholten (#12191)
π© Changes to settings.dist.py / local_settings.py
- Implement HCL Commerce KB vulnids @manuel-sommer (#12199)
- π Add cisco security advisory to vulnid @manuel-sommer (#12180)
π© Database migration
π API features and enhancements
π Updates in UI
- π Fix Django template engagement_pdf_report #12201 @manuel-sommer (#12206)
- fix(notif): Product name not rendered correctly @kiblik (#12203)
π§ Improved code quality with linters
Contributors
valentijnscholten, kiblik, and 3 other contributors
Assets 5
2.45.0 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.0
- (docs) arm64: add some notes about the experimental new images @valentijnscholten (#12163)
- docs - pro user groups info @paulOsinski (#12127)
- changelog 2.44.4 @paulOsinski (#12150)
- Jira Finding Groups: Confusion on strings vs functions @Maffooch (#12128)
- π beautify multiple file format choices @manuel-sommer (#12117)
- remove exclude_search from Features page @paulOsinski (#12121)
- Import Memory Handling: Do not maintain parsed findings long term @Maffooch (#12106)
- π fix PTH123 ruff rule for branch dev @manuel-sommer (#12108)
- π resolve todo in ort parser @manuel-sommer (#12082)
- sso docs: make environment variables vs local_settings more explicit @valentijnscholten (#12061)
- Add CWE to PTART parser @adam-bertrand-bib (#12068)
- π fix gitlab dast to parse request response pair #12050 @manuel-sommer (#12057)
- Fortify FPR enhancements 2025 @valentijnscholten (#12027)
- π add references to testssl @manuel-sommer (#12045)
- Changelog 2.44.2 / 2.44.3 @paulOsinski (#12040)
- add resources to wait-for-db @hoferbeck (#12023)
- Generic JSON: Explicitly process tags like other tools @Maffooch (#12056)
- π fix parser anchore engine to parse new report format #11552 @manuel-sommer (#12020)
- π Remove unused burp parser method @manuel-sommer (#12026)
- add aqua vulnerabilities format @kzzz1 (#12000)
- SLA Calculations 1/2: Add unit tests to capture current behaviour @valentijnscholten (#11923)
- Docs: Pin versions and add GHA for testing build failures @Maffooch (#12038)
- π Remove deprecated Django import and is_safe_url @manuel-sommer (#11991)
- π fix unittest example in docs @manuel-sommer (#11992)
- dedupe command: fix NoneType on empty set of models @valentijnscholten (#11998)
- fix(helm-metrics): Flag format for promExporter changed @kiblik (#12010)
- DOCKER.md: use docker compose everywhere @valentijnscholten (#12014)
- Docs updates: 2.44.2 @paulOsinski (#11985)
- upgrade notes: correct dedupe command lines @valentijnscholten (#12007)
- Lift the Feature Freeze @Maffooch (#12001)
- (Experimental) arm64: Publish arm64 builds for releases @valentijnscholten (#11965)
- OpenVAS endpoint and severity improvements @valentijnscholten (#11955)
- docker entrypoints: use bash everywhere @valentijnscholten (#11942)
- fix(notif): Add findings_reactivated and findings_untouched again @kiblik (#11963)
- docs: source-code-repositories: clarify default scm type @valentijnscholten (#11968)
- Pro Release notes : 2.44.1 @paulOsinski (#11983)
- π fix benchmark internal server error @manuel-sommer (#11974)
- Release notes: 2.44 @paulOsinski (#11943)
- Docs: add supported report types index / maintenance @paulOsinski (#11921)
- Notes history/edit/delete bugfix @dogboat (#11949)
- Update parser documentation template to include additional detail. @skywalke34 (#11916)
π© Changes to settings.dist.py / local_settings.py
- Revert "Session timeout notification" @Maffooch (#12186)
- Session timeout notification @kevin-vuong99 (#12093)
- Ruff: Add and fix N999 @kiblik (#11647)
- π Add slackware security advisory to vulnid @manuel-sommer (#12113)
- Add archlinux security advisory to vulnid @manuel-sommer (#12078)
- Add openSUSE vulnerabilities to vulnid @manuel-sommer (#12041)
- Jira Webhook: Prevent finding group findings from being reopened @Maffooch (#12048)
- π add proofpoint vulnid @manuel-sommer (#12004)
- π add fortiguard vulnid @manuel-sommer (#11926)
- Async Finding Import: Mark the feature as deprecated @Jino-T (#11915)
- Add generic OIDC login option @dandersonsw (#10614)
- π Splunk vulnIDs @manuel-sommer (#11908)
π© Database migration
- Product Revenue: Do no allow negative revenue @Maffooch (#12160)
- Adding new regulations @Maffooch (#12122)
- π fix broken AWS Endpoints @quirinziessler (#11902)
π API features and enhancements
- Ruff: Add PTH123, merge PTH, fix in
/dojo@kiblik (#12025) - Ruff: Add and fix B007, merge B00 @kiblik (#12028)
π Updates in UI
- Revert "Session timeout notification" @Maffooch (#12186)
- Ruff: Add B018 rule @manuel-sommer (#12110)
- Session timeout notification @kevin-vuong99 (#12093)
- π Add slackware security advisory to vulnid @manuel-sommer (#12113)
- Ruff: Add and fix B007, merge B00 @kiblik (#12028)
- update permissions documentation links to reflect correct paths @blakeaowens (#11986)
- Ruff: Add and fix B905 @kiblik (#11952)
- Add generic OIDC login option @dandersonsw (#10614)
π§ Improved code quality with linters
- Ruff: Add B018 rule @manuel-sommer (#12110)
- Ruff: Add B017 rule @manuel-sommer (#12109)
- Ruff: Add and fix N999 @kiblik (#11647)
- Ruff: add multiple PYI rules @manuel-sommer (#12099)
- Ruff: add multiple PT rules @manuel-sommer (#12100)
- Ruff: Add multiple PERF rules @manuel-sommer (#12136)
- Ruff: Fix PTH123 in
unittests(excludeunittests/tools) @kiblik (#12112) - Ruff: Add and autofix B028 @kiblik (#12024)
- Ruff: Add a lot of Bugbear rules @manuel-sommer (#12077)
- Ruff: Add and autofix PLR173 rules @manuel-sommer (#11988)
- Ruff: Add a couple of DTZ rules @manuel-sommer (#12081)
- Ruff: Add S321 and S611 @manuel-sommer (#12076)
- Ruff: Add PLW0602 @manuel-sommer (#12075)
- Ruff: Add PTH123, merge PTH, fix in
/dojo@kiblik (#12025) - Ruff: Add N813 @manuel-sommer (#12073)
- Ruff: Add N812 @manuel-sommer (#12074)
- Ruff: Add N817 @manuel-sommer (#12072)
- Ruff: Add and fix B031, merge B03 @kiblik (#12029)
- Ruff: Add and fix B007, merge B00 @kiblik (#12028)
- Ruff: Add and autofix PLR2044 @manuel-sommer (#11989)
- Ruff: Add TD007 and N803 @manuel-sommer (#12002)
- Ruff: Add and autofix B006 @kiblik (#11951)
- Ruff: Add and fix B903 @kiblik (#11956)
- Ruff: Add and autofix B009 @kiblik (#11950)
- Ruff: Add and autofix B010 @kiblik (#11953)
- Ruff: Add and autofix B033 @kiblik (#11954)
- Ruff: Add and fix B905 @kiblik (#11952)
π§° Maintenance
- Bump ruff from 0.11.2 to 0.11.3 @dependabot (#12170)
- Bump boto3 from 1.37.26 to 1.37.27 @dependabot (#12171)
- Update mccutchen/go-httpbin Docker tag from 2.18.0 to v2.18.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12172)
- Update dependency vite from 6.2.4 to v6.2.5 (docs/package.json) @renovate (#12164)
- Bump boto3 from 1.37.25 to 1.37.26 @dependabot (#12165)
- Bump boto3 from 1.37.24 to 1.37.25 @dependabot (#12159)
- Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12154)
- Bump drf-spectacular-sidecar from 2025.3.1 to 2025.4.1 @dependabot (#12156)
- Bump boto3 from 1.37.23 to 1.37.24 @dependabot (#12157)
- Update dependency python from 3.12.9 to 3.13 (.github/workflows/slack-pr-reminder.yml) @renovate (#12145)
- Update actions/checkout action from v2 to v4 (.github/workflows/slack-pr-reminder.yml) @renovate (#12146)
- Update dependency vite from 6.2.3 to v6.2.4 [SECURITY] @renovate (#12148)
- Update actions/setup-python action from v2 to v5 (.github/workflows/slack-pr-reminder.yml) @renovate (#12149)
- Bump djangorestframework from 3.15.2 to 3.16.0 @dependabot (#12140)
- Bump boto3 from 1.37.22 to 1.37.23 @dependabot (#12141)
- Bump boto3 from 1.37.21 to 1.37.22 @dependabot (#12125)
- Bump sqlalchemy from 2.0.39 to 2.0.40 @dependabot (#12126)
- Update Helm release postgresql from 16.5.6 to ~16.6.0 (helm/defectdojo/Chart.yaml) @renovate (#12124)
- Bump boto3 from 1.37.20 to 1.37.21 @dependabot (#12115)
- Bump boto3 from 1.37.19 to 1.37.20 @dependabot (#12111)
- Bump humanize from 4.12.1 to 4.12.2 @dependabot (#12102)
- Update dependency @tabler/icons from 3.30.0 to v3.31.0 (docs/package.json) @renovate (#12097)
- Update actions/setup-python action from v5.4.0 to v5.5.0 (.github/workflows/test-helm-chart.yml) @renovate (#12098)
- Bump boto3 from 1.37.18 to 1.37.19 @dependabot (#12103)
- Bump vite from 6.2.0 to 6.2.3 in /docs @dependabot (#12104)
- Update dependency prettier from 3.5.2 to v3.5.3 (docs/package.json) @renovate (#12095)
- Update actions/setup-node action from v4.2.0 to v4.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#12096)
- Update dependency vite from 6.2.2 to v6.2.3 (docs/package.json) @renovate (#12092)
- Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/validate_docs_build.yml) @renovate (#12089)
- Bump ruff from 0.11.1 to 0.11.2 @dependabot (#12084)
- Bump boto3 from 1.37.17 to 1.37.18 @dependabot (#12085)
- Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.5 to v1.37.6 (helm/defectdojo/values.yaml) @renovate (#12063)
- Update mccutchen/go-httpbin Docker tag from 2.17.1 to v2.18.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12064)
- Bump boto3 from 1.37.16 to 1.37.17 @dependabot (#12069)
- Bump django-debug-toolbar from 5.0.1 to 5.1.0 @dependabot (#12070)
- Bump ruff from 0.11.0 to 0.11.1 @dependabot (#12071)
- Update actions/cache action from v4.2.2 to v4.2.3 (.github/workflows/gh-pages.yml) @renovate (#12052)
- Bump boto3 from 1.37.15 to 1.37.16 @dependabot (#12059)
- Update actions/upload-artifact action from v4.6.1 to v4.6.2 (.github/workflows/fetch-oas.yml) @renovate (#12055)
- Update actions/download-artifact action from v4.2.0 to v4.2.1 (.github/workflows/rest-framework-tests.yml) @renovate (#12053)
- Bump djangosaml2 from 1.9.4 to 1.10.1 @dependabot (#12060)
- Bump boto3 from 1.37.14 to 1.37.15 @dependabot (#12049)
- Bump djangosaml2 from 1.9.3 to 1.9.4 @dependabot (#12043)
- Update actions/download-artifact action from v4.1.9 to v4.2.0 (.github/workflows/rest-framework-tests.yml) @renovate (#120...
Contributors
renovate, valentijnscholten, and 15 other contributors
Assets 5
2.44.4 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.3
- Jira Finding Groups: Confusion on strings vs functions @Maffooch (#12128)
- π beautify multiple file format choices @manuel-sommer (#12117)
- remove exclude_search from Features page @paulOsinski (#12121)
- Import Memory Handling: Do not maintain parsed findings long term @Maffooch (#12106)
- π resolve todo in ort parser @manuel-sommer (#12082)
- sso docs: make environment variables vs local_settings more explicit @valentijnscholten (#12061)
- π fix gitlab dast to parse request response pair #12050 @manuel-sommer (#12057)
- π add references to testssl @manuel-sommer (#12045)
- Changelog 2.44.2 / 2.44.3 @paulOsinski (#12040)
- add resources to wait-for-db @hoferbeck (#12023)
π© Changes to settings.dist.py / local_settings.py
- π Add slackware security advisory to vulnid @manuel-sommer (#12113)
- Add archlinux security advisory to vulnid @manuel-sommer (#12078)
- Add openSUSE vulnerabilities to vulnid @manuel-sommer (#12041)
π© Database migration
π Updates in UI
- π Add slackware security advisory to vulnid @manuel-sommer (#12113)
π§ Improved code quality with linters
- Ruff: Add PLW0602 @manuel-sommer (#12075)
π§° Maintenance
- Bump vite from 6.2.0 to 6.2.3 in /docs @dependabot[bot] (#12104)
Contributors
valentijnscholten, hoferbeck, and 3 other contributors
Assets 5
2.44.3 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.2
- Generic JSON: Explicitly process tags like other tools @Maffooch (#12056)
- π fix parser anchore engine to parse new report format #11552 @manuel-sommer (#12020)
- π Remove unused burp parser method @manuel-sommer (#12026)
- add aqua vulnerabilities format @kzzz1 (#12000)
- SLA Calculations 1/2: Add unit tests to capture current behaviour @valentijnscholten (#11923)
- Docs: Pin versions and add GHA for testing build failures @Maffooch (#12038)
- π Remove deprecated Django import and is_safe_url @manuel-sommer (#11991)
- π fix unittest example in docs @manuel-sommer (#11992)
- dedupe command: fix NoneType on empty set of models @valentijnscholten (#11998)
- fix(helm-metrics): Flag format for promExporter changed @kiblik (#12010)
- DOCKER.md: use docker compose everywhere @valentijnscholten (#12014)
- Docs updates: 2.44.2 @paulOsinski (#11985)
π© Changes to settings.dist.py / local_settings.py
- Jira Webhook: Prevent finding group findings from being reopened @Maffooch (#12048)
- π add proofpoint vulnid @manuel-sommer (#12004)
π§° Maintenance
- Bump @babel/helpers from 7.26.0 to 7.26.10 in /docs @dependabot[bot] (#12034)
- Bump @babel/runtime from 7.26.0 to 7.26.10 in /docs @dependabot[bot] (#12037)
Contributors
valentijnscholten, kiblik, and 4 other contributors
Assets 5
2.44.2 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.1
- upgrade notes: correct dedupe command lines @valentijnscholten (#12007)
- Lift the Feature Freeze @Maffooch (#12001)
- OpenVAS endpoint and severity improvements @valentijnscholten (#11955)
- docker entrypoints: use bash everywhere @valentijnscholten (#11942)
- fix(notif): Add findings_reactivated and findings_untouched again @kiblik (#11963)
- docs: source-code-repositories: clarify default scm type @valentijnscholten (#11968)
- Pro Release notes : 2.44.1 @paulOsinski (#11983)
π© Changes to settings.dist.py / local_settings.py
- π add fortiguard vulnid @manuel-sommer (#11926)
π Updates in UI
- update permissions documentation links to reflect correct paths @blakeaowens (#11986)
Contributors
valentijnscholten, kiblik, and 4 other contributors
Assets 5
2.44.1 π
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.44.0
- π fix benchmark internal server error @manuel-sommer (#11974)
- Release notes: 2.44 @paulOsinski (#11943)
- Docs: add supported report types index / maintenance @paulOsinski (#11921)
- Notes history/edit/delete bugfix @dogboat (#11949)
π© Changes to settings.dist.py / local_settings.py
- Add generic OIDC login option @dandersonsw (#10614)
- π Splunk vulnIDs @manuel-sommer (#11908)
π© Database migration
- π fix broken AWS Endpoints @quirinziessler (#11902)
π API features and enhancements
π Updates in UI
- Add generic OIDC login option @dandersonsw (#10614)
π£ Updates in localization
π§° Maintenance
- Bump django from 5.1.6 to 5.1.7 @dependabot[bot] (#11966)
Contributors
dogboat, quirinziessler, and 3 other contributors