2.40.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.39.4

• correct broken documentation links @paulOsinski (#11178)
• Ruff: Add and fix S112, S311 @manuel-sommer (#11098)
• fix unittest documentation #11128 @manuel-sommer (#11143)
• 🎉 fix TrivyOperator new report structure @manuel-sommer (#11156)
• 🎉 add tenable plugin to reference #11127 @manuel-sommer (#11151)
• Ruff: Add and fix S101 @kiblik (#11066)
• Ruff: Add and fix D403 @kiblik (#11063)
• Change logo for docs, add knowledge base link @paulOsinski (#11158)
• fix: broker configuration fix for deployment @JGodin-C2C (#11109)

🚩 Changes to settings.dist.py / local_settings.py

• Burp Enterprise: Add hash code fields @Maffooch (#11179)
• Parser for AWS Inspector2 findings @siniysv (#10829)
• File Uploads: Allow FPR format @manuel-sommer (#11157)
• Add ELBA vulnerability URL @manuel-sommer (#11138)

🚩 Database migration

• Add toggle to dictate enforcement of verified status @hblankenship (#11131)

🚀 API features and enhancements

• Fix for engagement_end_date not being used @hblankenship (#11174)

🐛 Bug Fixes

• Burp Enterprise: Add hash code fields @Maffooch (#11179)

🖌 Updates in UI

• Always populating description, adding title for webhook payloads @cneill (#11159)

🧰 Maintenance

• Bump boto3 from 1.35.52 to 1.35.53 @dependabot (#11175)
• Bump drf-spectacular-sidecar from 2024.7.1 to 2024.11.1 @dependabot (#11176)
• Bump cvss from 3.2 to 3.3 @dependabot (#11177)
• Bump boto3 from 1.35.51 to 1.35.52 @dependabot (#11171)
• Bump jquery-ui from 1.14.0 to 1.14.1 in /components @dependabot (#11170)
• Update Helm release postgresql from 16.0.6 to ~16.1.0 (helm/defectdojo/Chart.yaml) @renovate (#11164)
• Bump boto3 from 1.35.50 to 1.35.51 @dependabot (#11160)
• Bump bleach from 6.1.0 to 6.2.0 @dependabot (#11161)
• Bump boto3 from 1.35.49 to 1.35.50 @dependabot (#11155)
• Bump python-gitlab from 4.13.0 to 5.0.0 @dependabot (#11140)
• Bump uwsgi from 2.0.26 to 2.0.28 @dependabot (#11142)
• Bump boto3 from 1.35.48 to 1.35.49 @dependabot (#11141)

2.39.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.39.3

🚀 API features and enhancements

• Import/Reimport: Restore Defaults + Help Text Differences @Maffooch (#11147)

🐛 Bug Fixes

• Import/Reimport: Restore Defaults + Help Text Differences @Maffooch (#11147)

2.39.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.39.2

• update RedHatSatellite bug description @manuel-sommer (#11101)
• Update link to Slack in Issue template @optimistic5 (#11130)
• 🐛 fix tenable #11102 @manuel-sommer (#11103)

🚩 Changes to settings.dist.py / local_settings.py

• add RXSA VULNERABILITY_URL @manuel-sommer (#11097)

🐛 Bug Fixes

• Threat Uploads: Server side file extension validation + force downloads @Maffooch (#11135)
• OSV Parser: Robustify @Maffooch (#11115)
• JIRA Finding Groups: Accommodate status function inconsistency @Maffooch (#11125)

2.39.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.39.1

• 🎉 add file_path to SonarQube findings @manuel-sommer (#11078)
• 💄 Advance architecture docs @manuel-sommer (#11074)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 ADD ELSA errata @manuel-sommer (#11069)

🚀 General features and enhancements

• SLA Config: Add new config that does not enforce SLA @Maffooch (#11086)

🚀 API features and enhancements

• Fix for issue #10207 non-existent env import @hblankenship (#11053)

🖌 Updates in UI

• 🎉 ADD ELSA errata @manuel-sommer (#11069)

2.39.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.39.0

• Parser Tests: add tag to differentiate @Maffooch (#11017)
• remove mods, add Jannik to Hall of Fame @hblankenship (#11043)
• Fix for Findings count in Dashboard based on wrong date @hblankenship (#11040)
• Netsparker: Attempt to accommodate any date string format @Maffooch (#11047)

🚩 Changes to settings.dist.py / local_settings.py

• add DLA security advisory @manuel-sommer (#11058)
• 🎉 Add USN notices for vulnids @manuel-sommer (#11002)

🚩 Database migration

• Jira: Add toggle to disable an existing project @Maffooch (#11046)

🚀 General features and enhancements

• Jira: Add toggle to disable an existing project @Maffooch (#11046)
• New Jira Form: Make express the default @Maffooch (#11041)

🚀 API features and enhancements

• Jira: Add toggle to disable an existing project @Maffooch (#11046)

🐛 Bug Fixes

• AWS Security Hub: Accommodate for reports with missing AccountID @Maffooch (#11034)
• Downgrade uwsgi to 2.0.26 @Maffooch (#11033)

🖌 Updates in UI

• Update support text and buttons @hblankenship (#11051)
• fix for Add Risk Acceptance on Finding List dropdown Not Working @hblankenship (#11042)
• New Jira Form: Make express the default @Maffooch (#11041)

🧰 Maintenance

• Bump django from 5.0.8 to 5.0.9 @dependabot (#11023)

2.39.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.38.0

• Added instructions for using an external postgresql db with defectdoj… @zazathomas (#10859)
• Update AWS SecurityHub ASFF Parser to include Impact @testaccount90009 (#10984)
• Compare trivy results cluster_name with None @paraddise (#10992)
• 🎉 Add vulnerability Id to ssh-audit @manuel-sommer (#10979)
• Integration Tests: Check for exceptions at build time @Maffooch (#10789)
• Ruff: Add more PLW @kiblik (#10848)
• 🐛 fix AWSScurityHub EPSS Score #10956 @manuel-sommer (#10959)
• Parsers: Speciy lists rather than dict.values() @Maffooch (#10945)
• New Parser: Qualys Hacker Guardian @Maffooch (#10937)
• fix(docker compose): Use 'docker compose' everywhere @kiblik (#10916)
• appcheck-severty-determination-fix Use v4, v3, v2 cvss vectors for severity @dogboat (#10918)
• Fix metrics aggregation @dogboat (#10917)
• Ruff: Add ruff PLR0915 @kiblik (#10893)
• Ruff: Add C90 @kiblik (#10892)
• [Helm] Fix typo in ingress netpol @C4tWithShell (#10898)
• Manage not defined metadata in mitigations and add assumptions comments @arivra (#10897)
• Fortify Parser: Fortification of the the FPR parsing @Maffooch (#10901)
• fix(ruff): conolidate RUF rules @kiblik (#10828)
• Fixed replica reference for celery worker in Kubernetes.MD @zazathomas (#10842)
• feat(unittests): Try to avoid assertTrue/False @kiblik (#10817)
• ✨ add epss for aqua parser #10849 @manuel-sommer (#10855)
• fix(edit-prod): Add assigned PT to queryset @kiblik (#10843)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add Alma Linux link to vulns @manuel-sommer (#10972)
• User Password:Add toggle to require on creation @Maffooch (#10962)
• Hacker One Parer: Add support for Bug Bounty Program reports @Maffooch (#10939)
• ✨ implement krakend audit parser @manuel-sommer (#10924)
• add permission for gitlab. @Ma1tobiose (#10880)
• Wiz Parser: Ad SCA parser and fortify old format @Maffooch (#10905)
• Add support for Invicti parser through Netsparker @Maffooch (#10894)
• Notifications: Add support for webhooks @kiblik (#7311)
• fix: dojo.JIRAInstance.default_issue_type: (fields.E005) 'choices' @kiblik (#10864)
• Add new parser - Threat Composer @arivra (#10795)
• Add new parser - Legitify @damianpr (#10797)

🚩 Database migration

• Jira Push All ssues: Improve help text @Maffooch (#10996)
• Notifications: Add support for webhooks @kiblik (#7311)
• Dynamic Parsin: Add flag to indicate new test types @Maffooch (#10871)

🚀 General features and enhancements

• Risk Exceptions: Add/Remove notes when finding is added/removed from risk exception @Maffooch (#10934)
• User: Make email required at all times, password required for new users @Maffooch (#10938)

🚀 API features and enhancements

• Fix tag creation bug in FindingTemplateSerializer (letters instead of full tags) @StephanPillhofer (#10995)
• Ruff: Add and fix D2 @kiblik (#10844)
• User Password:Add toggle to require on creation @Maffooch (#10962)
• Prefetch: Disable on some viewsets due to payload size @Maffooch (#10961)
• Risk Exception: Add/Remove notes when finding is added/removed from risk exception @Maffooch (#10934)
• User: Make email required at all times, password required for new users @Maffooch (#10938)
• Prefetching: Add swagger docs for models already supporting prefetching @Maffooch (#10931)
• Prefetch Serialization: Add a preference during mapping @Maffooch (#10933)
• Ruff: add and fix RET @kiblik (#10111)
• JSON Parsing Erors: Make errors less verbose @Maffooch (#10891)
• Notifications: Add support for webhooks @kiblik (#7311)
• Dynamic Parsin: Add flag to indicate new test types @Maffooch (#10871)
• Ruff: Add and fix ISC001 @kiblik (#10847)

🐛 Bug Fixes

• User Password: Add toggle to require on creation @Maffooch (#10962)
• Prefetch: Disable on some viewsets due to payload size @Maffooch (#10961)
• Semgrep Parser: Add new severities @Maffooch (#10936)
• Prefetching: Add swagger docs for models already supporting prefetching @Maffooch (#10931)
• Manage Images: Do not display thumbnail for PDF @Maffooch (#10932)
• Prefetch Serialization: Add a preference during mapping @Maffooch (#10933)
• Product API scan config: Display view scan configs button for all products @Maffooch (#10889)
• Reimport: Set Vulnerability ID from incoming finding @Maffooch (#10870)

🖌 Updates in UI

• Branding Updat: Replace old logos with new logos @blakeaowens (#10969)
• Manage Images:Do not display thumbnail for PDF @Maffooch (#10932)
• Metrics findings tests @dogboat (#10930)
• Ruff: add and fix RET @kiblik (#10111)
• feat(members): List global role members in Prod and ProdType @kiblik (#10850)
• Product API scn config: Display view scan configs button for all products @Maffooch (#10889)
• Notifications: Add support for webhooks @kiblik (#7311)
• feat(ui): MakeProdType clickable (in Prod detail) @kiblik (#10840)

🧰 Maintenance

• Bump boto3 from 1.35.32 to 1.35.33 @dependabot (#10997)
• Bump python-gitlab from 4.11.1 to 4.12.2 @dependabot (#10990)
• Bump boto3 from 1.35.31 to 1.35.32 @dependabot (#10994)
• Update Helm release postgresql from 15.5.38 to v16 (helm/defectdojo/Chart.yaml) @renovate (#10993)
• Bump vobject from 0.9.7 to 0.9.8 @dependabot (#10989)
• Bump json-log-formatter from 1.0 to 1.1 @dependabot (#10988)
• Bump cpe from 1.3.0 to 1.3.1 @dependabot (#10987)
• Bump boto3 from 1.35.30 to 1.35.31 @dependabot (#10986)
• Update busybox Docker tag from 1.36.1 to v1.37.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#10985)
• Bump boto3 from 1.35.29 to 1.35.30 @dependabot (#10980)
• Update manusa/actions-setup-minikube action from v2.11.0 to v2.12.0 (.github/workflows/k8s-tests.yml) @renovate (#10983)
• Update postgres:17.0-alpine Docker digest from 17.0 to 17.0-alpine (docker-compose.yml) @renovate (#10971)
• Bump redis from 5.0.8 to 5.1.0 @dependabot (#10974)
• Bump psycopg[c] from 3.2.2 to 3.2.3 @dependabot (#10975)
• Bump asteval from 1.0.4 to 1.0.5 @dependabot (#10976)
• Bump boto3 from 1.35.28 to 1.35.29 @dependabot (#10977)
• Update postgres Docker tag from 16.4 to v17 (docker-compose.yml) @renovate (#10966)
• Bump ruff from 0.6.7 to 0.6.8 @dependabot (#10967)
• Bump boto3 from 1.35.26 to 1.35.28 @dependabot (#10968)
• Bump boto3 from 1.35.24 to 1.35.26 @dependabot (#10958)
• Bump uwsgi from 2.0.26 to 2.0.27 @dependabot (#10954)
• Bump pdfmake from 0.2.12 to 0.2.13 in /components @dependabot (#10950)
• Bump ruff from 0.6.6 to 0.6.7 @dependabot (#10947)
• Bump boto3 from 1.35.23 to 1.35.24 @dependabot (#10946)
• GHA: Remove Docker Caches @Maffooch (#10928)
• GHA Release: Update settings SHA when creating PR from master @Maffooch (#10927)
• Bump boto3 from 1.35.22 to 1.35.23 @dependabot (#10941)
• Bump ruff from 0.6.5 to 0.6.6 @dependabot (#10942)
• Bump boto3 from 1.35.21 to 1.35.22 @dependabot (#10935)
• Bump boto3 from 1.35.20 to 1.35.21 @dependabot (#10929)
• Update mccutchen/go-httpbin Docker tag from v2.14.1 to v2.15.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#10923)
• Bump sqlalchemy from 2.0.34 to 2.0.35 @dependabot (#10925)
• Bump python-gitlab from 4.10.0 to 4.11.1 @dependabot (#10912)
• Bump boto3 from 1.35.19 to 1.35.20 @dependabot (#10922)
• Update dependency postcss from 8.4.45 to v8.4.47 (docs/package.json) @renovate (#10908)
• Bump boto3 from 1.35.18 to 1.35.19 @dependabot (#10914)
• Bump pyyaml from 6.0.1 to 6.0.2 @dependabot (#10913)
• Bump asteval from 1.0.3 to 1.0.4 @dependabot (#10911)
• Bump psycopg[c] from 3.2.1 to 3.2.2 @dependabot (#10910)
• Bump ruff from 0.6.4 to 0.6.5 @dependabot (#10909)
• chore(deps): update mccutchen/go-httpbin docker tag from v2.14.0 to v2.14.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#10907)
• Bump asteval from 1.0.2 to 1.0.3 @dependabot (#10903)
• Bump boto3 from 1.35.16 to 1.35.18 @dependabot (#10904)
• Bump pytz from 2024.1 to 2024.2 @dependabot (#10896)
• Bump boto3 from 1.35.15 to 1.35.16 @dependabot (#10895)
• Bump boto3 from 1.35.14 to 1.35.15 @dependabot (#10888)
• chore(deps): update redis:7.2.5-alpine docker digest from 7.2.5 to v (docker-compose.yml) @renovate (#10878)
• chore(deps): update postgres:16.4-alpine docker digest from 16.4 to 16.4-alpine (docker-compose.yml) @renovate (#10877)
• Bump boto3 from 1.35.13 to 1.35.14 @dependabot (#10881)
• Bump cvss from 3.1 to 3.2 @dependabot (#10882)
• Bump vulners from 2.2.0 to 2.2.1 @dependabot (#10875)
• Bump ruff from 0.6.3 to 0.6.4 @dependabot (#10874)
• Bump boto3 from 1.35.12 to 1.35.13 @dependabot (#10873)
• Bump sqlalchemy from 2.0.33 to 2.0.34 @dependabot (#10868)
• Bump boto3 from 1.35.11 to 1.35.12 @dependabot (#10867)
• Bump jquery-ui from 1.13.3 to 1.14.0 in /components @dependabot (#10684)
• Bump django-tagulous from 1.3.3 to 2.1.0 @dependabot (#10821)
• chore(deps): update dependency postcss from 8.4.44 to v8.4.45 (docs/package.json) @renovate (#10860)
• Bump sqlalchemy from 2.0.32 to 2.0.33 @dependabot (#10861)
• Bump cryptography from 43.0.0 to 43.0.1 @dependabot (#10862)
• Bump boto3 from 1.35.10 to 1.35.11 @dependabot (#10863)
• Bump cryptography from 43.0.0 to 43.0.1 @dependabot (#10858)
• Bump boto3 from 1.35.9 to 1.35.10 @dependabot (#10841)
• chore(deps): update dependency postcss from 8.4.41 to v8.4.44 (docs/package.json) @renovate (#10834)

2.38.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.38.3

• 🐛 fix AWSSecurityHub EPSS Score #10956 @manuel-sommer (#10959)

🚩 Changes to settings.dist.py / local_settings.py

• User Password: Add toggle to require on creation @Maffooch (#10962)

🚀 API features and enhancements

• User Password: Add toggle to require on creation @Maffooch (#10962)
• Prefetch: Disable on some viewsets due to payload size @Maffooch (#10961)

🐛 Bug Fixes

• User Password: Add toggle to require on creation @Maffooch (#10962)
• Prefetch: Disable on some viewsets due to payload size @Maffooch (#10961)

2.38.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.38.2

• Parsers: Specify lists rather than dict.values() @Maffooch (#10945)
• New Parser: Qualys Hacker Guardian @Maffooch (#10937)
• fix(docker compose): Use 'docker compose' everywhere @kiblik (#10916)

🚩 Changes to settings.dist.py / local_settings.py

• Hacker One Parser: Add support for Bug Bounty Program reports @Maffooch (#10939)
• ✨ implement krakend audit parser @manuel-sommer (#10924)

🚀 General features and enhancements

• Risk Exceptions: Add/Remove notes when finding is added/removed from risk exception @Maffooch (#10934)
• User: Make email required at all times, password required for new users @Maffooch (#10938)

🚀 API features and enhancements

• Risk Exceptions: Add/Remove notes when finding is added/removed from risk exception @Maffooch (#10934)
• User: Make email required at all times, password required for new users @Maffooch (#10938)
• Prefetching: Add swagger docs for models already supporting prefetching @Maffooch (#10931)
• Prefetch Serialization: Add a preference during mapping @Maffooch (#10933)

🐛 Bug Fixes

• Semgrep Parser: Add new severities @Maffooch (#10936)
• Prefetching: Add swagger docs for models already supporting prefetching @Maffooch (#10931)
• Manage Images: Do not display thumbnail for PDF @Maffooch (#10932)
• Prefetch Serialization: Add a preference during mapping @Maffooch (#10933)

🖌 Updates in UI

• Manage Images: Do not display thumbnail for PDF @Maffooch (#10932)
• Metrics findings tests @dogboat (#10930)
• feat(members): List global role members in Prod and ProdType @kiblik (#10850)

🧰 Maintenance

• GHA: Remove Docker Caches @Maffooch (#10928)
• GHA Release: Update settings SHA when creating PR from master @Maffooch (#10927)

2.38.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.38.1

• appcheck-severity-determination-fix Use v4, v3, v2 cvss vectors for severity @dogboat (#10918)
• Fix metrics aggregation @dogboat (#10917)
• [Helm] Fix typo in ingress netpol @C4tWithShell (#10898)
• Manage not defined metadata in mitigations and add assumptions comments @arivra (#10897)
• Fortify Parser: Fortification of the the FPR parsing @Maffooch (#10901)

🚩 Changes to settings.dist.py / local_settings.py

• Wiz Parser: Add SCA parser and fortify old format @Maffooch (#10905)
• Add support for Invicti parser through Netsparker @Maffooch (#10894)

🚀 API features and enhancements

• JSON Parsing Errors: Make errors less verbose @Maffooch (#10891)

🐛 Bug Fixes

• Product API scan config: Display view scan configs button for all products @Maffooch (#10889)

🖌 Updates in UI

• Product API scan config: Display view scan configs button for all products @Maffooch (#10889)

2.38.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.38.0

• ✨ add epss for aqua parser #10849 @manuel-sommer (#10855)
• fix(edit-prod): Add assigned PT to queryset @kiblik (#10843)

🚩 Changes to settings.dist.py / local_settings.py

• fix: dojo.JIRA_Instance.default_issue_type: (fields.E005) 'choices' @kiblik (#10864)
• Add new parser - Threat Composer @arivra (#10795)
• Add new parser - Legitify @damianpr (#10797)

🚩 Database migration

• Dynamic Parsing: Add flag to indicate new test types @Maffooch (#10871)

🚀 API features and enhancements

• Dynamic Parsing: Add flag to indicate new test types @Maffooch (#10871)

🐛 Bug Fixes

• Reimport: Set Vulnerability ID from incoming finding @Maffooch (#10870)

🖌 Updates in UI

• feat(ui): Make ProdType clickable (in Prod detail) @kiblik (#10840)

🧰 Maintenance

• Bump cryptography from 43.0.0 to 43.0.1 @dependabot (#10858)