2.36.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

🚀 API features and enhancements

• /import helptext correction: endpoint_to_add @paulOsinski (#10582)

🐛 Bug Fixes

• Option Compression: add some polish @Maffooch (#10583)
• Close Findings: Push notes if push notes is enabled @Maffooch (#10581)
• Aqua: Update parser deduplication criteria 🐛 @manuel-sommer (#10595)
• Aqua: Improve exception handling for reports without vulnerabilities 🐛 @manuel-sommer (#10594)

2.36.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.36.2

• Test Types: Return support for disabling test types via the active flag @Maffooch (#10562)
• Import: leverage the minimum severity flag @Maffooch (#10550)
• Bulk Edit: Add note when pushing finding to jira @Maffooch (#10545)
• Allow setting --max-fd argument to uwsgi to stop it from getting OOMKilled in Kubernetes @tmablunar (#10384)
• fix(flake8): remove leftover @kiblik (#10539)

🚩 Changes to settings.dist.py / local_settings.py

• 🐛 fix typo in settings.disty.py, #10529 @manuel-sommer (#10534)

🚀 API features and enhancements

• fix(api-notif): Fix order of validators @kiblik (#10533)

🐛 Bug Fixes

• Endpoint get or create: Do not raise warning when there is an existing endpoint @Maffooch (#10555)

🖌 Updates in UI

• Delete Preview: Expand on missed objects @Maffooch (#10564)
• Some Reporting Updates @dogboat (#10563)

2.36.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

🚀 API features and enhancements

• API: Convert get_filterset calls to get_queryset @Maffooch (#10543)

2.36.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.36.0

• fix(doc): Breaking Change for HELM deployments with PostgreSQL @kiblik (#10524)
• Ruff: Address migrations, reduce redundancy, and remove Flake8 @Maffooch (#10494)
• Direct Renovate to ignore MySQL and RabbitMQ packages @cneill (#10512)
• fix(docker-compose): Remove 'version' from docker-compose @kiblik (#10519)
• fix(doc): Disable markup.highlight.guessSyntax + enable mermaid @kiblik (#10509)
• fix(helm-psql): Drop pinning of old version of postgresql @kiblik (#10507)
• fix(helm-celery): Drop unused variable logLevel @kiblik (#10468)

🚀 General features and enhancements

• Rest Framework Tests: Improve speed and repeatability @Maffooch (#10503)

🚀 API features and enhancements

• Rest Framework Tests: Improve speed and repeatability @Maffooch (#10503)
• Mark Finding properties related_fields, jira_creation and jira_change as nullable @ccronca (#10371)

2.36.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.35.0

• The Jira environment is built using only existing endpoints @ccronca (#10428)
• Ruff: Add safe S* rules, fix order for EXE @kiblik (#10084)
• Ruff: add and fix INP @kiblik (#10089)
• fix(Risk_Acceptance): Remove redundancy in strings of Treatments @kiblik (#10361)
• 🐛 fix acunetix360 NoneType object #10435 @manuel-sommer (#10440)
• Shuffle tests @kiblik (#10335)
• Ruff: add T10 @kiblik (#10087)
• Ruff: add more safe TRY rules @kiblik (#10114)
• Fix create notification for group of findings @ccronca (#10433)
• 🐛 fix qualys webapp scan request body @manuel-sommer (#10422)
• fix(loc): Do not use _(...) in combination with format @kiblik (#10407)
• fix: slack address on issue template @fcecagno (#10411)
• 🐛 fix Nonetype in Acunetix, #10370 @manuel-sommer (#10381)
• Upgrade Django to 4.2.13 @kiblik (#9493)
• Rest Framework Tests: Isolate tests by request type @Maffooch (#10387)
• Entrypoint Scripts: Add container level breakouts to prevent doom loopings @Maffooch (#10374)
• fix(imp-options): Wrong type-checker in validate_api_scan_configuration @kiblik (#10345)
• Use Postgres in rest-framework-tests @kiblik (#9885)
• 🐛 fix netsparker issue #10311 @manuel-sommer (#10312)

🚩 Changes to settings.dist.py / local_settings.py

• ✨ add deepfence threatmapper @manuel-sommer (#9688)
• Enhance Kubescape parser @a-ruff (#10369)
• 🐛 fix trivy operator deduplication setting @manuel-sommer (#10389)

🚀 General features and enhancements

• Finding Reports: Support string based filtering @Maffooch (#10426)

🚀 API features and enhancements

• Ruff: add and fix RSE @kiblik (#10093)
• feat(api - user contact): Add all user data @kiblik (#10416)
• Finding Reports: Support string based filtering @Maffooch (#10426)
• openapi fix: allow last_login to be null @cedricbu (#10360)
• Mark UserProfile properties user_contact_info and global_role as optional @sfowl (#10314)

🐛 Bug Fixes

• Jira Finding Group Templates: Correct object links @Maffooch (#10393)
• Async Importer: Correct typing bug with DD_ASYNC_FINDING_IMPORT enabled @Maffooch (#10373)
• String Filtering: Correct Typo For Reviewers @Maffooch (#10353)
• Importer: Correct add_findings_to_auto_group args @Maffooch (#10351)
• String Filtering: Support ID matching for links on listing pages @Maffooch (#10352)

🖌 Updates in UI

• Bugfix -> Dev: Release 2.36.0 @Maffooch (#10483)
• Metrics performance improvements @dogboat (#10446)
• fix(passwords): Merge clean location of login related templates @kiblik (#10340)
• feat(email notif): Scan_added - put findings to <details> @kiblik (#10253)
• Finding Reports: Support string based filtering @Maffooch (#10426)
• Jira Finding Group Templates: Correct object links @Maffooch (#10393)

🧰 Maintenance

• Bump boto3 from 1.34.132 to 1.34.135 @dependabot (#10470)
• Bump redis from 5.0.6 to 5.0.7 @dependabot (#10465)
• Bump debugpy from 1.8.1 to 1.8.2 @dependabot (#10457)
• Bump boto3 from 1.34.131 to 1.34.132 @dependabot (#10452)
• Bump coverage from 7.5.3 to 7.5.4 @dependabot (#10447)
• Bump nginx from 69f8c2c to a45ee5d @dependabot (#10448)
• chore(deps): update redis:7.2.5-alpine docker digest from 7.2.5 to 7.2.5-alpine (docker-compose.yml) @renovate (#10444)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10441)
• chore(deps): update redis:7.2.5-alpine docker digest from 7.2.5 to 7.2.5-alpine (docker-compose.yml) @renovate (#10442)
• Bump boto3 from 1.34.130 to 1.34.131 @dependabot (#10443)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10439)
• chore(deps): update dependency ruff from 0.4.9 to v0.4.10 (requirements-lint.txt) @renovate (#10438)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10427)
• Bump sqlalchemy from 2.0.30 to 2.0.31 @dependabot (#10432)
• Bump boto3 from 1.34.128 to 1.34.130 @dependabot (#10436)
• Bump boto3 from 1.34.127 to 1.34.128 @dependabot (#10425)
• Update docker/build-push-action action from v5 to v6 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#10413)
• Bump boto3 from 1.34.126 to 1.34.127 @dependabot (#10415)
• Bump django-crispy-forms from 2.0 to 2.2 @dependabot (#10414)
• Bump django-debug-toolbar from 4.3.0 to 4.4.2 @dependabot (#10274)
• Bump django-filter from 23.5 to 24.2 @dependabot (#9993)
• Update dependency ruff from 0.4.8 to v0.4.9 (requirements-lint.txt) @renovate (#10406)
• Bump packageurl-python from 0.15.0 to 0.15.1 @dependabot (#10403)
• Bump boto3 from 1.34.125 to 1.34.126 @dependabot (#10404)
• Bump redis from 5.0.5 to 5.0.6 @dependabot (#10405)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.35.3 to v1.35.4 (helm/defectdojo/values.yaml) @renovate (#10394)
• Bump openpyxl from 3.1.3 to 3.1.4 @dependabot (#10397)
• Bump boto3 from 1.34.123 to 1.34.125 @dependabot (#10398)
• Bump braces from 3.0.2 to 3.0.3 in /docs @dependabot (#10376)
• Bump boto3 from 1.34.120 to 1.34.123 @dependabot (#10380)
• Bump boto3 from 1.34.119 to 1.34.120 @dependabot (#10349)
• chore(deps): update helm release rabbitmq from 14.3.3 to ~14.4.0 (helm/defectdojo/chart.yaml) @renovate (#10347)
• Bump redis from 5.0.4 to 5.0.5 @dependabot (#10350)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10337)
• Bump cryptography from 42.0.7 to 42.0.8 @dependabot (#10341)
• chore(deps): update dependency ruff from 0.4.7 to v0.4.8 (requirements-lint.txt) @renovate (#10344)
• Bump boto3 from 1.34.118 to 1.34.119 @dependabot (#10342)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) - autoclosed @renovate (#10327)
• Bump drf-spectacular-sidecar from 2024.5.1 to 2024.6.1 @dependabot (#10329)
• Bump uwsgi from 2.0.25.1 to 2.0.26 @dependabot (#10331)
• Bump boto3 from 1.34.117 to 1.34.118 @dependabot (#10330)

2.35.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.35.3

• 🐛 fix acunetix360 NoneType object #10435 @manuel-sommer (#10440)
• Fix create notification for group of findings @ccronca (#10433)
• 🐛 fix qualys webapp scan request body @manuel-sommer (#10422)

🚀 General features and enhancements

• Finding Reports: Support string based filtering @Maffooch (#10426)

🚀 API features and enhancements

• Finding Reports: Support string based filtering @Maffooch (#10426)

🖌 Updates in UI

• Finding Reports: Support string based filtering @Maffooch (#10426)

2.35.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.35.2

• fix(loc): Do not use _(...) in combination with format @kiblik (#10407)
• fix: slack address on issue template @fcecagno (#10411)
• 🐛 fix Nonetype in Acunetix, #10370 @manuel-sommer (#10381)

🚩 Changes to settings.dist.py / local_settings.py

• 🐛 fix trivy operator deduplication setting @manuel-sommer (#10389)

🐛 Bug Fixes

• Jira Finding Group Templates: Correct object links @Maffooch (#10393)

🖌 Updates in UI

• Jira Finding Group Templates: Correct object links @Maffooch (#10393)

🧰 Maintenance

• Bump braces from 3.0.2 to 3.0.3 in /docs @dependabot (#10376)

2.35.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.35.1

• Entrypoint Scripts: Add container level breakouts to prevent doom loopings @Maffooch (#10374)

🚀 API features and enhancements

• openapi fix: allow last_login to be null @cedricbu (#10360)

🐛 Bug Fixes

• Async Importer: Correct typing bug with DD_ASYNC_FINDING_IMPORT enabled @Maffooch (#10373)

2.35.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.35.0

• fix(imp-options): Wrong type-checker in validate_api_scan_configuration @kiblik (#10345)
• 🐛 fix netsparker issue #10311 @manuel-sommer (#10312)

🚀 API features and enhancements

• Mark UserProfile properties user_contact_info and global_role as optional @sfowl (#10314)

🐛 Bug Fixes

• String Filtering: Correct Typo For Reviewers @Maffooch (#10353)
• Importer: Correct add_findings_to_auto_group args @Maffooch (#10351)
• String Filtering: Support ID matching for links on listing pages @Maffooch (#10352)

2.35.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.34.0

• fix(Qualys parser): wrong handling enable_weakness @kiblik (#10105)
• fix(docker): Bump versions (python 3.11, debian bookworm) @kiblik (#10286)
• Rebased PR for Vulnerability Ids @hblankenship (#10301)
• fix NoneType exception in case of simple risk acceptance @lme-nca (#10309)
• Calm the deduplication of MsDefender @manuel-sommer (#10293)
• RedHatSatellite module_streams field is dict within list @manuel-sommer (#10291)
• Sonarqube flow field contains dict @manuel-sommer (#10290)
• fix(docker): Bump versions (python 3.11, alpine 3.20) @kiblik (#10280)
• fix: fix severity lookup in Qualys parser @nv-pipo (#10205)
• feat(django): preload django app @sebglon (#10138)
• Optimize nginx configs for performance by default @testaccount90009 (#10151)
• Update views.py to fix #10162 @devsecopsale (#10173)
• 🐛 severity mapping, ✨ defender performance improvement @manuel-sommer (#10185)
• Import History: Adding a few tests @Maffooch (#10235)
• fix(docs): Broken images in source-code-repositories.md @kiblik (#10261)
• msdefender: migrate cve to unsaved_vulnerability_ids @manuel-sommer (#10109)
• fix(integrity check): update hash + handle collectstatic @kiblik (#10241)
• Nosey Parker description fixes @tpat13 (#9856)
• Added with best practice for file open @hblankenship (#10115)
• 🐛 fix SARIF, issue #10191 @manuel-sommer (#10200)
• 🐛 reset description in progpilot after each finding @manuel-sommer (#10210)
• 🐛 fix severity in sonarqube scan detailed @manuel-sommer (#10157)
• Fix(api-sq): Doc: typo in multi branch scanning @kiblik (#10186)
• 💄 remove unnecessary content from sonarqube findings @manuel-sommer (#10133)
• 💄 remove unnecessary content from redhatsatellite findings @manuel-sommer (#10134)
• Setting status code on 400/500 errors @cneill (#10164)
• Product Metrics Bugfixes @blakeaowens (#10163)
• remove cve field from docs @manuel-sommer (#10110)
• Fix Report generation issue (pic_token template tag) @dogboat (#10153)

🚩 Changes to settings.dist.py / local_settings.py

• Introduce coverity scan parser @tschaepe-secuvera (#10097)
• feat(settings): Add integrity checker @kiblik (#10212)
• Consolidation of notification creation @kiblik (#8824)
• advance vulnerability urls @manuel-sommer (#10136)

🚩 Database migration

• Optionally Enforce SLA Remediation Days @blakeaowens (#10179)

🚀 API features and enhancements

• Risk Acceptance: Make API set/unset risk acceptance status @Maffooch (#10320)
• Importers: migrate to options class @Maffooch (#10254)
• feat(user): Show date of user creation @kiblik (#10119)
• Optionally Enforce SLA Remediation Days @blakeaowens (#10179)
• Object File Uploads: Add validations and download functionality @Maffooch (#10183)

🐛 Bug Fixes

• Risk Acceptance: Make API set/unset risk acceptance status @Maffooch (#10320)
• Test_Import: Correct exception for multiple findings in the same object @Maffooch (#10226)
• Object File Uploads: Add validations and download functionality @Maffooch (#10183)

🖌 Updates in UI

• Bugfix -> Dev: 2.35.0 @Maffooch (#10322)
• Make social login buttons fully clickable @WojTecH94 (#10304)
• numerical ordering for multiple pages @manuel-sommer (#9636)
• Importers: migrate to options class @Maffooch (#10254)
• Make endpoint names visible in reports @dogboat (#10230)
• Improving date of discovery filter @hblankenship (#10204)
• feat(user): Show date of user creation @kiblik (#10119)
• Optionally Enforce SLA Remediation Days @blakeaowens (#10179)
• Importers: Small corrections @Maffooch (#10182)
• Object File Uploads: Add validations and download functionality @Maffooch (#10183)
• fix(notifications-email): Use a for urls @kiblik (#10193)

🧰 Maintenance

• Bump netaddr from 1.2.1 to 1.3.0 @dependabot (#10318)
• Bump requests from 2.32.2 to 2.32.3 @dependabot (#10319)
• Bump boto3 from 1.34.116 to 1.34.117 @dependabot (#10317)
• Bump nginx from 1.26.0-alpine to 1.27.0-alpine @dependabot (#10316)
• chore(deps): update dependency ruff from 0.4.6 to v0.4.7 (requirements-lint.txt) @renovate (#10310)
• Bump python-gitlab from 4.5.0 to 4.6.0 @dependabot (#10306)
• Bump openpyxl from 3.1.2 to 3.1.3 @dependabot (#10307)
• Bump boto3 from 1.34.115 to 1.34.116 @dependabot (#10308)
• Bump boto3 from 1.34.111 to 1.34.115 @dependabot (#10302)
• chore(deps): update redis:7.2.5-alpine docker digest from 7.2.5 to 7.2.5-alpine (docker-compose.yml) @renovate (#10267)
• chore(deps): update helm release redis from 19.4.0 to ~19.5.0 (helm/defectdojo/chart.yaml) @renovate (#10265)
• Bump asteval from 0.9.32 to 0.9.33 @dependabot (#10269)
• chore(deps): update nginx/nginx-prometheus-exporter docker tag from 1.1.0 to v1.2.0 (helm/defectdojo/values.yaml) @renovate (#10300)
• chore(deps): update helm release postgresql from 15.4.2 to ~15.5.0 (helm/defectdojo/chart.yaml) @renovate (#10294)
• Bump coverage from 7.5.1 to 7.5.3 @dependabot (#10298)
• Update dependency ruff from 0.4.5 to v0.4.6 (requirements-lint.txt) @renovate (#10287)
• chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml) @renovate (#10257)
• chore(deps): update dependency ruff from 0.4.4 to v0.4.5 (requirements-lint.txt) @renovate (#10258)
• Bump boto3 from 1.34.110 to 1.34.111 @dependabot (#10262)
• chore(deps): update helm release rabbitmq from 14.1.5 to ~14.3.0 (helm/defectdojo/chart.yaml) @renovate (#10245)
• Update Helm release postgresql from 15.3.5 to ~15.4.0 (helm/defectdojo/Chart.yaml) @renovate (#10244)
• Bump requests from 2.31.0 to 2.32.2 @dependabot (#10250)
• chore(deps): update helm release redis from 19.3.4 to ~19.4.0 (helm/defectdojo/chart.yaml) @renovate (#10246)
• chore(deps): update redis docker tag from 7.2.4 to v7.2.5 (docker-compose.yml) @renovate (#10234)
• Bump boto3 from 1.34.108 to 1.34.110 @dependabot (#10251)
• chore(deps): update redis:7.2.4-alpine docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#10225)
• Bump openapitools/openapi-generator-cli from v7.5.0 to v7.6.0 @dependabot (#10228)
• Bump boto3 from 1.34.107 to 1.34.108 @dependabot (#10229)
• Bump vulners from 2.1.5 to 2.1.7 @dependabot (#10220)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.35.2 to v1.35.3 (helm/defectdojo/values.yaml) @renovate (#10218)
• Bump boto3 from 1.34.106 to 1.34.107 @dependabot (#10221)
• Bump python-gitlab from 4.4.0 to 4.5.0 @dependabot (#10209)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.35.1 to v1.35.2 (helm/defectdojo/values.yaml) @renovate (#10216)
• Bump boto3 from 1.34.103 to 1.34.106 @dependabot (#10217)
• Update Helm release postgresql from 15.2.13 to ~15.3.0 (helm/defectdojo/Chart.yaml) @renovate (#10187)
• Bump boto3 from 1.34.102 to 1.34.103 @dependabot (#10189)
• Bump lxml from 5.2.1 to 5.2.2 @dependabot (#10190)
• Bump nginx from ca16009 to ef587d1 @dependabot (#10192)
• Update postgres Docker tag from 16.2 to v16.3 (docker-compose.yml) @renovate (#10177)
• Bump ruff from 0.4.3 to 0.4.4 @dependabot (#10181)
• Bump boto3 from 1.34.101 to 1.34.102 @dependabot (#10180)
• Update manusa/actions-setup-minikube action from v2.10.0 to v2.11.0 (.github/workflows/k8s-tests.yml) @renovate (#10174)
• Update Helm release redis from 19.2.0 to ~19.3.0 (helm/defectdojo/Chart.yaml) @renovate (#10170)
• Bump boto3 from 1.34.100 to 1.34.101 @dependabot (#10172)
• Update Helm release redis from 19.1.5 to ~19.2.0 (helm/defectdojo/Chart.yaml) @renovate (#10139)
• Bump boto3 from 1.34.98 to 1.34.100 @dependabot (#10158)
• Bump cryptography from 42.0.5 to 42.0.7 @dependabot (#10145)
• Bump djangosaml2 from 1.9.2 to 1.9.3 @dependabot (#10142)