Releases: DefectDojo/django-DefectDojo
Releases · DefectDojo/django-DefectDojo
nightly-dev 🌈
Run the release drafter to populate the release notes.
2.50.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.50.0
- fix default order to finding_groups @LeoOMaia (#13127)
- 🐛 Fix finding_group view @manuel-sommer (#13119)
- ruff fixes @valentijnscholten (#13122)
- 🎉 Add fix_available information to jfrog xray unified parser #12633 @manuel-sommer (#13105)
- 🎉 Add fix_available information to jfrog @manuel-sommer (#13115)
- 🐛 Implement Wazuh v4.8 @manuel-sommer (#12739)
- semgrep pro parser @valentijnscholten (#12848)
- Update changelog 2.50 @paulOsinski (#13121)
- Update the Qualys Hacker Guardian parser to be compatible with larger CSV files @Jino-T (#13120)
- uwsgi: default to 4 processes x 4 threads @valentijnscholten (#13080)
- 🎉 Add fix_available information to aqua parser #12633 @manuel-sommer (#13106)
- System settings: correct page title/breadcrumbs @valentijnscholten (#13083)
- 🎉 Add fix_available to KrakenDAudit @manuel-sommer (#13055)
🚩 Changes to settings.dist.py / local_settings.py
- 🎉 add VAR vulnid @manuel-sommer (#13096)
🚀 API features and enhancements
🖌 Updates in UI
- 🎉 Add number of fix_available information to test view @manuel-sommer (#13109)
Contributors
valentijnscholten, paulOsinski, and 4 other contributors
Assets 5
2.50.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.49.0
- [docs] updates for August @paulOsinski (#13078)
- 🎉 Add fix_available to Harbor @manuel-sommer (#13053)
- Finding Filters: Add Product Life Cycle filter to be supported in both finding filters @Maffooch (#13068)
- 🎉 Add fix_available to AnchoreCTL @manuel-sommer (#13062)
- 🎉 Add fix_available to AnchoreEngine @manuel-sommer (#13060)
- 🎉 Add fix_available to TrivyOperator @manuel-sommer (#13056)
- Update References to Supported Version of Hugo to the Newest Compatible Version @Jino-T (#13047)
- 🎉 Add fix_available to Trivy @manuel-sommer (#13057)
- 🎉 Add fix_available to RedHatSatellite @manuel-sommer (#13059)
- 💄 Restructure Kubehunter json files to make it readable @manuel-sommer (#13061)
- feat(unittest): Small improvements in unittests @kiblik (#13064)
- Chartsynced charts and images for vendoring @rossops (#13063)
- fix(eng/failure_redirect): Fix rendering when coming from product site @kiblik (#13042)
- fix(eng/test-validate_forms): Show error if form is not valid @kiblik (#13045)
- feat(docker): Drop nginx debian @kiblik (#12998)
- cvss4: remove no longer needed custom parsing @valentijnscholten (#13037)
- Allow more file extensions for importers @Maffooch (#13034)
- mend: fix handling known_exploited/ransomware_used @valentijnscholten (#13036)
- [docs] update Priority & Risk docs @paulOsinski (#13035)
- feat(tests): Perform tests on latest supported k8s (1.33.4) @kiblik (#13024)
- BlackDuck: Support import in plaintext or bytes @Maffooch (#13033)
- feat(docker): Use Alpine 3.22 in docker images @kiblik (#13023)
- feat(docker-compose): Add digest pinning for busybox @kiblik (#13025)
- fix(timezone/commands): Drop obsolete 'locale' definitions @kiblik (#12995)
- Update Docs Link in Settings.py to Match Current Docs Structure @Jino-T (#13021)
- [docs] Integrations (beta) @paulOsinski (#12987)
- chore(deps): pin github actions by hash @datosh (#12958)
- Endpoint: Make
post_deletesignal more reliable @Maffooch (#12969) - feat(helm): Drop support for networking.k8s.io/v1beta1 @kiblik (#12985)
- feat(helm): Drop support for annotation "kubernetes.io/ingress.class" in GKE @kiblik (#12986)
- File Path Access: Prevent exception for non existent paths @Maffooch (#12976)
- allow .fpr extension when importing scan @fopina (#12972)
- Updates ReadMe.MD @devGregA (#12980)
- [docs] cli updates, 2.48 changelog @paulOsinski (#12902)
- Documentation: Guide to testing hugo pipeline locally @Maffooch (#12959)
- Bump cvss from 3.4 to 3.6 @eric-warren (#12948)
- ADD: Alternative command to change password @ThiagoCruzBr (#12931)
- Enable ipv6 in nginx (if available) @kiblik (#12938)
- restore entrypoint-unit-tests-devDocker.sh @valentijnscholten (#12904)
- performance do_not_reactivate: adding a note doesn't need a finding save @valentijnscholten (#12901)
- new snyk_issue_api parser for
codeissues (file based) @valentijnscholten (#12903) - Docs: Restore
package-lock.json@Maffooch (#12954) - Fix Mend kev_date format - add conversion @testaccount90009 (#12915)
- debug toolbar: downgrade to 5.2.0 @valentijnscholten (#12919)
- quickFix: invalid config in "Feat(nginx): Add support for IPv6" @kiblik (#12916)
🚩 Changes to settings.dist.py / local_settings.py
- Add SCA vulnid and fix example for SSA: @manuel-sommer (#13072)
- feat(form-import): DRY File Extension @kiblik (#13066)
- 🎉 Add wid-sec-w vulnid @manuel-sommer (#13038)
- API Docs: Remove space in
Defect Dojo@Maffooch (#13011)
🚩 Database migration
- FileUploads: Clean up
mediawhen related objects are deleted @Maffooch (#13028) - feat(settings): Drop time_zone @kiblik (#12999)
🚀 API features and enhancements
🖌 Updates in UI
- 🎉 Add fix_available information to engagement views @manuel-sommer (#13070)
- Ruff: Add and autofix PLR1714 @kiblik (#13004)
- Fix 12955 / Set default value of postgresql.postgresServer to 127.0.0.1 in helm chart @lchastel (#12965)
- Global Finding Groups page @LeoOMaia (#12814)
- Display Tags: Do not rely on the request object being present @Maffooch (#12939)
- Webhook Notifications: Support the owner field @Maffooch (#12940)
🔧 Improved code quality with linters
- Ruff: Add and fix PLR1704 @kiblik (#13005)
- Ruff: Add and autofix PLR1714 @kiblik (#13004)
- Ruff: Add and autofix PLR1711 @kiblik (#13003)
- Ruff: Add and fix PYI024 (+ merge PYI) @kiblik (#13002)
🧰 Maintenance
- Bump python-gitlab from 6.2.0 to 6.3.0 @dependabot (#13071)
- chore(deps): update node.js from v22.18.0 to v22.19.0 (docs/package.json) @renovate (#13073)
- Bump ruff from 0.12.10 to 0.12.11 @dependabot (#13075)
- Bump boto3 from 1.40.18 to 1.40.20 @dependabot (#13074)
- Bump boto3 from 1.40.16 to 1.40.18 @dependabot (#13069)
- Bump boto3 from 1.40.16 to 1.40.17 @dependabot (#13067)
- Bump openapitools/openapi-generator-cli from v7.14.0 to v7.15.0 @dependabot (#13048)
- chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.8 to v1.37.9 (helm/defectdojo/values.yaml) @renovate (#13049)
- Bump nginx from 1.28.0-alpine3.22 to 1.29.1-alpine3.22 @dependabot (#13050)
- Bump boto3 from 1.40.15 to 1.40.16 @dependabot (#13051)
- Bump humanize from 4.12.3 to 4.13.0 @dependabot (#13052)
- Bump datatables.net from 2.3.2 to 2.3.3 in /components @dependabot (#13027)
- Bump boto3 from 1.40.10 to 1.40.15 @dependabot (#13029)
- Bump lxml from 6.0.0 to 6.0.1 @dependabot (#13030)
- Bump ruff from 0.12.9 to 0.12.10 @dependabot (#13031)
- Bump ruff from 0.12.8 to 0.12.9 @dependabot (#12993)
- Update postgres:17.6-alpine Docker digest from 17.6 to 17.6-alpine (docker-compose.yml) @renovate (#13000)
- chore(deps): update azure/setup-helm action from v4.3.0 to v4.3.1 (.github/workflows/test-helm-chart.yml) @renovate (#13018)
- Bump brace-expansion in /docs @dependabot (#13013)
- chore(deps): update dependency vite from 7.1.2 to v7.1.3 (docs/package.json) @renovate (#13014)
- Bump requests from 2.32.4 to 2.32.5 @dependabot (#13016)
- Bump: curlimages/curl:8.15.0 @kiblik (#12977)
- chore(deps): update postgres docker tag from 17.5 to v17.6 (docker-compose.yml) @renovate (#12992)
- Bump boto3 from 1.40.6 to 1.40.10 @dependabot (#12994)
- Bump sqlalchemy from 2.0.42 to 2.0.43 @dependabot (#12978)
- chore(deps): update actions/checkout action from v4.3.0 to v5 (.github/workflows/validate_docs_build.yml) @renovate (#12961)
- Update dependency vite from 7.1.1 to v7.1.2 (docs/package.json) @renovate (#12973)
- Bump boto3 from 1.40.5 to 1.40.6 @dependabot (#12966)
- chore(deps): update actions/checkout action from v4.2.2 to v4.3.0 (.github/workflows/validate_docs_build.yml) @renovate (#12960)
- chore(deps): update dependency python from 3.9.23 to 3.13 (.github/workflows/test-helm-chart.yml) @renovate (#12957)
- fix(deps): update dependency @thulite/seo from 2.4.1 to v2.4.2 (docs/package.json) @renovate (#12928)
- Bump cryptography from 45.0.5 to 45.0.6 @dependabot (#12936)
- chore(deps): update github artifact actions (.github/workflows/rest-framework-tests.yml) (major) @renovate (#12932)
- chore(deps): update actions/cache action from v4.2.3 to v4.2.4 (.github/workflows/validate_docs_build.yml) @renovate (#12949)
- Bump ruff from 0.12.7 to 0.12.8 @dependabot (#12951)
- Bump boto3 from 1.40.0 to 1.40.5 @dependabot (#12952)
- fix(deps): update dependency @thulite/inline-svg from 1.2.0 to v1.2.1 (docs/package.json) @renovate (#12926)
- Bump djangorestframework from 3.16.0 to 3.16.1 @dependabot (#12945)
- Bump redis from 6.2.0 to 6.4.0 @dependabot (#12944)
- Bump packageurl-python from 0.17.3 to 0.17.5 @dependabot (#12943)
- chore(deps): update dependency vite from 7.0.6 to v7.1.1 (docs/package.json) @renovate (#12941)
- chore(deps): update docker/login-action action from v3.4.0 to v3.5.0 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#12909)
Contributors
fopina, renovate, and 15 other contributors
Assets 5
2.49.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.49.2
- mend: fix handling known_exploited/ransomware_used @valentijnscholten (#13036)
- [docs] update Priority & Risk docs @paulOsinski (#13035)
- BlackDuck: Support import in plaintext or bytes @Maffooch (#13033)
🚩 Changes to settings.dist.py / local_settings.py
🧰 Maintenance
- Bump brace-expansion in /docs @dependabot (#13013)
Contributors
valentijnscholten, dependabot, and 2 other contributors
Assets 5
2.49.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.49.1
- [docs] Integrations (beta) @paulOsinski (#12987)
- Endpoint: Make
post_deletesignal more reliable @Maffooch (#12969) - File Path Access: Prevent exception for non existent paths @Maffooch (#12976)
- allow .fpr extension when importing scan @fopina (#12972)
- Updates ReadMe.MD @devGregA (#12980)
- [docs] cli updates, 2.48 changelog @paulOsinski (#12902)
Contributors
fopina, devGregA, and 2 other contributors
Assets 5
2.49.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.49.0
- Documentation: Guide to testing hugo pipeline locally @Maffooch (#12959)
- ADD: Alternative command to change password @ThiagoCruzBr (#12931)
- Enable ipv6 in nginx (if available) @kiblik (#12938)
- restore entrypoint-unit-tests-devDocker.sh @valentijnscholten (#12904)
- performance do_not_reactivate: adding a note doesn't need a finding save @valentijnscholten (#12901)
- new snyk_issue_api parser for
codeissues (file based) @valentijnscholten (#12903) - Docs: Restore
package-lock.json@Maffooch (#12954) - debug toolbar: downgrade to 5.2.0 @valentijnscholten (#12919)
- quickFix: invalid config in "Feat(nginx): Add support for IPv6" @kiblik (#12916)
🖌 Updates in UI
Contributors
valentijnscholten, kiblik, and 2 other contributors
Assets 5
2.49.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.48.0
- 🎉 Add Xeol parser #12816 @manuel-sommer (#12846)
- checkov: add null check @valentijnscholten (#12906)
- Update Mend Platform parser for Ransomware, Exploitable, and KEV @testaccount90009 (#12879)
- Async Delete: Handle exceptions for duplicate requests @Maffooch (#12867)
- [docs] Add Algolia Docsearch @paulOsinski (#12890)
- perf2: skip post processing if not needed @valentijnscholten (#12862)
- anchore_grype docs: add info about --by-cve @valentijnscholten (#12874)
- sysdig: fix severity mapping @valentijnscholten (#12873)
- perf1: test cases: fix caching of system settings @valentijnscholten (#12861)
- Bulk edit push groups and findings fix @valentijnscholten (#12813)
- Docs: Update outdated URLs @9alexx3 (#12845)
- Ruff: Preparation for TRY301 @manuel-sommer (#12738)
- close old findings: make test cases test default behaviour @valentijnscholten (#12842)
- reuse Sarif base parser for snyk and mayhem parsers @valentijnscholten (#12788)
- Trivy: Use CVSS scores from other vendors where applicable @Maffooch (#12826)
- Dependency Check: Support CVSS v3 @Maffooch (#12828)
- bugfix: twistlock: fix no cvss case @valentijnscholten (#12809)
- sysdig: support 2025 formats @valentijnscholten (#12810)
- github action: close manually marked stale issues/prs after 7 days @valentijnscholten (#12812)
- ms_defender: skip empty files from zip @valentijnscholten (#12780)
- Django: update to 5.1.11 @valentijnscholten (#12786)
- Mayhem SARIF support (new parser) @xansec (#12624)
- Consistent "Close old findings" between UI and API @fopina (#12774)
- twistlock: parse compliances @valentijnscholten (#12772)
- Optimize
view_engineerto use DB-side aggregation and cut load time @DenysMoskalenko (#12606) - [docs] Add deduplication hashcode fields to parser descriptions @paulOsinski (#12648)
- allow users with edit/add user permission to force password resets @valentijnscholten (#12761)
- Zap: Add test case with more request/response pairs @valentijnscholten (#12733)
- Feat(nginx): Add support for IPv6 @kiblik (#12710)
- docs: Pro changelog update 2.47.3 / 2.47.4 @paulOsinski (#12746)
- add risk acceptance: display more fields in findings dropdown @valentijnscholten (#12745)
- include vuln_id_from_tool in group_by @LeoOMaia (#12744)
🚩 Changes to settings.dist.py / local_settings.py
- 🎉 Add Sophos vulnid @manuel-sommer (#12852)
- 🎉 Add NCSC vulnid @manuel-sommer (#12818)
- 🎉 add GSD vulnid @manuel-sommer (#12794)
🚩 Database migration
- jira: mention PATs are not supported in OS @valentijnscholten (#12884)
- reimport: optionally restart sla on reactivation @valentijnscholten (#12843)
- 🐛 Fix db_migration fix_available field to allow None @manuel-sommer (#12817)
- importers: clean tags before saving @valentijnscholten (#12811)
- 🐛 rebase dev branch db_migrations @manuel-sommer (#12803)
- addition of validation to minimum and maximum password settings @blakeaowens (#12798)
- 🎉 Add a 'fix_available' field to the findings #12633 @manuel-sommer (#12793)
- pytz removal @valentijnscholten (#12792)
- Add CVSS4 support @valentijnscholten (#12751)
🚀 General features and enhancements
- bugfix: use subquery for (finding) counts @valentijnscholten (#12784)
🚀 API features and enhancements
- Support for whitelisted file extensions @Maffooch (#12891)
- Reimport: Restore default for
close_old_findingstoTrue@Maffooch (#12837) - product api: optimize list of finding ids @valentijnscholten (#12827)
- bugfix: reimport: close_old_findings must respect service field @valentijnscholten (#12782)
🖌 Updates in UI
- fix datatable search box location with style override @blakeaowens (#12893)
- jira: add endpoint status to description @valentijnscholten (#12858)
- Bump ruff from 0.12.5 to 0.12.7 @dependabot (#12877)
- Anchore grype EPSS fix @valentijnscholten (#12825)
- Make KEV data visible on findings listing @dogboat (#12785)
- Add CVSS4 support @valentijnscholten (#12751)
- risk acceptance expiration: keep link with findings @valentijnscholten (#12737)
🧰 Maintenance
- Bump packageurl-python from 0.17.2 to 0.17.3 @dependabot (#12896)
- Bump boto3 from 1.39.16 to 1.40.0 @dependabot (#12895)
- Bump drf-spectacular-sidecar from 2025.7.1 to 2025.8.1 @dependabot (#12894)
- chore(deps): update node.js from v22.17.1 to v22.18.0 (docs/package.json) @renovate (#12892)
- Bump pygithub from 2.6.1 to 2.7.0 @dependabot (#12882)
- Bump packageurl-python from 0.17.1 to 0.17.2 @dependabot (#12869)
- Bump ruff from 0.12.5 to 0.12.7 @dependabot (#12877)
- Bump sqlalchemy from 2.0.41 to 2.0.42 @dependabot (#12878)
- Bump django-debug-toolbar from 5.2.0 to 6.0.0 @dependabot (#12870)
- Bump pygithub from 1.58.2 to 2.6.1 @dependabot (#11886)
- Bump python-gitlab from 6.1.0 to 6.2.0 @dependabot (#12868)
- Bump boto3 from 1.39.13 to 1.39.16 @dependabot (#12876)
- Update dependency vite from 7.0.5 to v7.0.6 (docs/package.json) @renovate (#12850)
- Bump boto3 from 1.39.11 to 1.39.13 @dependabot (#12857)
- Bump ruff from 0.12.4 to 0.12.5 @dependabot (#12856)
- Bump gitpython from 3.1.44 to 3.1.45 @dependabot (#12853)
- Bump boto3 from 1.39.10 to 1.39.11 @dependabot (#12847)
- chore(deps): update mikefarah/yq action from v4.46.1 to v4.47.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12844)
- chore(deps): update dependency vite from 7.0.4 to v7.0.5 (docs/package.json) @renovate (#12832)
- Bump boto3 from 1.39.9 to 1.39.10 @dependabot (#12835)
- Update dependency @tabler/icons from 3.34.0 to v3.34.1 (docs/package.json) @renovate (#12815)
- Bump nginx from
aed9973tod83c013@dependabot (#12820) - Bump ruff from 0.12.3 to 0.12.4 @dependabot (#12804)
- chore(deps): update redis:7.2.10-alpine docker digest from 7.2.10 to v (docker-compose.yml) @renovate (#12802)
- chore(deps): update postgres:17.5-alpine docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12801)
- Bump boto3 from 1.39.6 to 1.39.9 @dependabot (#12821)
- Bump boto3 from 1.39.4 to 1.39.6 @dependabot (#12795)
- chore(deps): update redis:7.2.10-alpine docker digest from 7.2.10 to v (docker-compose.yml) @renovate (#12791)
- chore(deps): update postgres:17.5-alpine docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12790)
- chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.7 to v1.37.8 (helm/defectdojo/values.yaml) @renovate (#12787)
- chore(deps): update node.js from v22.17.0 to v22.17.1 (docs/package.json) @renovate (#12789)
- Bump ruff from 0.12.2 to 0.12.3 @dependabot (#12776)
- Bump boto3 from 1.39.3 to 1.39.4 @dependabot (#12770)
- chore(deps): update dependency vite from 7.0.3 to v7.0.4 (docs/package.json) @renovate (#12768)
- chore(deps): update mikefarah/yq action from v4.45.4 to v4.46.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12766)
- Bump djangosaml2 from 1.10.1 to 1.11.1 @dependabot (#12763)
- chore(deps): update redis docker tag from 7.2.9 to v7.2.10 (docker-compose.yml) @renovate (#12762)
- chore(deps): update dependency vite from 7.0.2 to v7.0.3 (docs/package.json) @renovate (#12764)
- Bump cryptography from 45.0.4 to 45.0.5 @dependabot (#12741)
- chore(deps): update dependency vite from 7.0.0 to v7.0.2 (docs/package.json) @renovate (#12742)
- Bump datatables.net-buttons-bs from 3.2.3 to 3.2.4 in /components @dependabot (#12743)
- Bump boto3 from 1.39.1 to 1.39.3 @dependabot (#12747)
- Bump django-auditlog from 3.2.0 to 3.2.1 @dependabot (#12748)
- Bump ruff from 0.12.1 to 0.12.2 @dependabot (#12749)
Contributors
fopina, renovate, and 13 other contributors
Assets 5
2.48.5 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.48.4
- Ruff: Preparation for TRY301 @manuel-sommer (#12738)
- close old findings: make test cases test default behaviour @valentijnscholten (#12842)
🚩 Changes to settings.dist.py / local_settings.py
- 🎉 Add NCSC vulnid @manuel-sommer (#12818)
Contributors
valentijnscholten and manuel-sommer
Assets 5
2.48.4 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
🚀 API features and enhancements
Contributors
Maffooch
Assets 5
2.48.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.48.2
- Trivy: Use CVSS scores from other vendors where applicable @Maffooch (#12826)
- Dependency Check: Support CVSS v3 @Maffooch (#12828)
🚀 API features and enhancements
- product api: optimize list of finding ids @valentijnscholten (#12827)
🖌 Updates in UI
- Anchore grype EPSS fix @valentijnscholten (#12825)
Contributors
valentijnscholten and Maffooch