2.8.0 🌈

We released an update of our Helm chart on 2022-03-04 to fix a problem with Celery not working (#5993). Defect Dojo itself is still at v2.8.0, but the Helm chart got bumped to 1.6.29.

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.7.1

• Release: Merge back 2.8.0 into dev from: master-into-dev/2.8.0-2.9.0-dev @github-actions (#5981)
• Release: Merge release into master from: release/2.8.0 @github-actions (#5979)
• Adds duroc hog to rusty hog @manuel-sommer (#5940)
• Docker-compose: Add mailhog to dc-debug + remove noise @kiblik (#5945)
• Fix indentation in docker-compose.override.debug.yml @kiblik (#5942)
• dc-up.sh: use correct message @kiblik (#5934)
• ChoctawHog was merged into RustyHog @manuel-sommer (#5930)
• Update Quickstart section @manuel-sommer (#5929)
• Doc: fix path in "Contributing/Parsers" @kiblik (#5925)
• Use fullnames on reviewer form @dsever (#5894)
• make JIRA authentication docs more explicit @valentijnscholten (#5890)
• upgrade python:3.8.12-slim-buster -> python:3.8.12-slim-bullseye @valentijnscholten (#5688)
• Release: Merge back 2.7.1 into dev from: master-into-dev/2.7.1-2.8.0-dev @github-actions (#5870)

💣 Breaking changes

• fix(helm): update redis keys @alles-klar (#5886)

🚩 Changes to settings.dist.py / local_settings.py

• Add StackHawk HawkScan webhook event parser @Bwvolleyball (#5941)
• main(docker): remove duplicated default envs from dockerfile @alles-klar (#5932)
• Use scan_type to determine hash_code and deduplication algorithms @StefanFl (#5903)
• harbor vulnscan deduplication algorithm #5926 @manuel-sommer (#5931)
• Flexible permissions for the configuration of DefectDojo are now active by default @StefanFl (#5916)
• Ignore warning from django-auditlog @StefanFl (#5883)

🚩 Database migration

• Harmonize user format @dsever (#5949)
• Make alert the default notification in API @dsever (#5882)

🚩 Security

• Bump django from 3.2.11 to 3.2.12 @dependabot (#5858)

🚀 General features and enhancements

• Add PostgreSQL as an option for Docker Compose @StefanFl (#5816)
• Kubernetes hostname changes @nobletrout (#5745)
• Make alert the default notification in API @dsever (#5882)

🚀 API features and enhancements

• APIv2: allow searching users by parameters 'is_active' and 'is_superuser' @kiblik (#5905)
• Make alert the default notification in API @dsever (#5882)

🐛 Bug Fixes

• Use scan_type to determine hash_code and deduplication algorithms @StefanFl (#5903)
• fix(helm): update redis keys @alles-klar (#5886)
• Remove host from links for custom reports @StefanFl (#5927)
• Sum Info findings as well in metrics severity count @Maffooch (#5902)
• Add Postgres NULL char validation/removal in Endpoint cleaning @Maffooch (#5899)
• fix sslyze test type name in sample data @valentijnscholten (#5900)
• Copy only *.py files from extra_settings @StefanFl (#5884)

🧰 Maintenance

• Bump python-gitlab from 3.1.1 to 3.2.0 @dependabot (#5968)
• main(docker): remove duplicated default envs from dockerfile @alles-klar (#5932)
• Update dependency postcss from 8.4.6 to v8.4.7 (docs/package.json) @renovate (#5961)
• Bump google-auth-oauthlib from 0.4.6 to 0.5.0 @dependabot (#5957)
• Bump google-api-python-client from 2.37.0 to 2.38.0 @dependabot (#5956)
• Update mysql commit hash from 5.7.37 to v (docker-compose.yml) @renovate (#5959)
• Update actions/setup-node action from v2 to v3 (.github/workflows/gh-pages.yml) @renovate (#5963)
• Bump lxml from 4.7.1 to 4.8.0 @dependabot (#5938)
• Bump gitpython from 3.1.26 to 3.1.27 @dependabot (#5946)
• Bump coverage from 6.3.1 to 6.3.2 @dependabot (#5947)
• Bump django-watson from 1.6.1 to 1.6.2 @dependabot (#5948)
• Update mysql commit hash from 5.7.37 to v5.7.37 (docker-compose.yml) @renovate (#5936)
• Update rabbitmq commit hash from 3.9.13 to 3.9.13-alpine (docker-compose.yml) @renovate (#5919)
• Update redis commit hash from 6.2.6 to 6.2.6-alpine (docker-compose.yml) @renovate (#5920)
• Update dependency postgres from 14.1 to v14.2 (docker-compose.yml) @renovate (#5921)
• Bump packageurl-python from 0.9.8.1 to 0.9.9 @dependabot (#5922)
• Bump redis from 4.1.3 to 4.1.4 @dependabot (#5923)
• Bump google-api-python-client from 2.36.0 to 2.37.0 @dependabot (#5896)
• Update rabbitmq commit hash from 3.9.13 to 3.9.13 (docker-compose.yml) @renovate (#5908)
• Bump packageurl-python from 0.9.7 to 0.9.8.1 @dependabot (#5910)
• Bump humanize from 3.14.0 to 4.0.0 @dependabot (#5911)
• Update actions/github-script action from v5 to v6 (.github/workflows/release-3-master-into-dev.yml) @renovate (#5901)
• main(docker): sync nginx and django docker baselayer @alles-klar (#5885)
• Bump packageurl-python from 0.9.6 to 0.9.7 @dependabot (#5888)
• Bump redis from 4.1.2 to 4.1.3 @dependabot (#5889)
• Ignore warning from django-auditlog @StefanFl (#5883)
• Bump numpy from 1.22.1 to 1.22.2 @dependabot (#5880)
• Bump djangosaml2 from 1.3.5 to 1.3.6 @dependabot (#5881)
• Update release-drafter/release-drafter action from v5.17.6 to v5.18.1 (.github/workflows/release-drafter.yml) @renovate (#5878)
• Bump django from 3.2.11 to 3.2.12 @dependabot (#5858)
• Bump clipboard from 2.0.9 to 2.0.10 in /components @dependabot (#5876)
• Bump pillow from 9.0.0 to 9.0.1 @dependabot (#5875)
• Bump coverage from 6.3 to 6.3.1 @dependabot (#5872)
• Update dependency postcss from 8.4.5 to v8.4.6 (docs/package.json) @renovate (#5866)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.28.0 to v1.28.1 (helm/defectdojo/values.yaml) @renovate (#5874)

🖌 Updates in UI

• Harmonize user format @dsever (#5949)
• Remove host from links for custom reports @StefanFl (#5927)
• Don't show 'all alerts' and 'clear all alerts' when no notification found @shipko (#5898)
• Flexible permissions for the configuration of DefectDojo are now active by default @StefanFl (#5916)

2.7.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.6.0

• Release: Merge release into master from: release/2.7.1 @github-actions (#5869)
• Oauth: enable keycloak to use auto redirect @kiblik (#5835)
• WPScan - implement confidence @damiencarol (#5810)
• Make unit test for rest framework more stable @StefanFl (#5823)
• Fix RustyHog subscanner classification #5821 @manuel-sommer (#5822)
• Finetune and document release process @valentijnscholten (#5751)
• Update dependency nanoid to 3.1.31 [SECURITY] @renovate (#5804)
• Improves Rusty Hog and fixes #5730 @manuel-sommer (#5732)
• Add migitation field to cyclonedx parser @manuel-sommer (#5783)
• Advances RustyHog to also support EssexHog @manuel-sommer (#5779)
• Bugfix: For Snyk parser, preserve file paths with @ in package name @SafeEval (#5789)
• Update social authentication docs @nobletrout (#5782)
• Update values.yaml @mtcolman (#5762)
• Update labeler configuration to tag work on parsers @damiencarol (#5712)
• Adds AMI to readme and docs @devGregA (#5752)
• Update Jira Integration docs for Jira Server @jefQuery (#5741)
• Release: Merge back 2.6.2 into dev from: master-into-dev/2.6.2-2.7.0-dev @github-actions (#5724)
• Release: Merge release into master from: release/2.6.2 @github-actions (#5723)
• Release: Merge back 2.6.1 into dev from: master-into-dev/2.6.1-2.7.0-dev @github-actions (#5703)
• Release: Merge release into master from: release/2.6.1 @github-actions (#5702)
• Revert "Updated django dockerfile to work with bind mounts for local_settings.py" @Maffooch (#5701)
• Revert "Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles" @Maffooch (#5700)
• dependabot: unignore celery 5.x updates @valentijnscholten (#5669)
• Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles @mtesauro (#5691)
• Updated django dockerfile to work with bind mounts for local_settings.py @mtesauro (#5681)
• Adds Fred to HoF, Removes others who are MIA and I couldn't get in contact with @devGregA (#5679)
• add upgrade notes 2.6.0 @valentijnscholten (#5678)
• Release: Merge back 2.6.0 into dev from: master-into-dev/2.6.0-2.7.0-dev @github-actions (#5677)

🚩 Changes to settings.dist.py / local_settings.py

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Customize documentation URL @kiblik (#5861)
• Option not to create user automatically using SOCIAL_AUTH @dsever (#5842)
• feat: Rework sslyze parser for version 5 @kibernautas (#5689)
• CycloneDX 1.4 support @damiencarol (#5811)
• Edgescan integration @ShayVD (#5685)
• Oauth integration keycloak dev @oliversommer (#5726)
• Maintenance of JFrog Xray parser @StefanFl (#5775)
• Rubocop: add parser @damiencarol (#5711)

🚩 Database migration

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• feat: Rework sslyze parser for version 5 @kibernautas (#5689)
• Remove exception hiding in the importer @manuel-sommer (#5733)
• Email pattern for default group @StefanFl (#5719)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🚀 New importers

• Remove CCVS API parser @damiencarol (#5728)
• Rubocop: add parser @damiencarol (#5711)

🚀 General features and enhancements

• feat(helm): add ingressClassName value to ingress resource @KarstenSiemer (#5772)
• Facelift: borders for panels with lists @StefanFl (#5799)
• Paginated Product list in Product Type details @StefanFl (#5794)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Email pattern for default group @StefanFl (#5719)
• rustyhog replaces choctawhog and gottingenhog is added #5607 @manuel-sommer (#5614)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Allow empty report files (in API v2 and UI) @damiencarol (#5846)
• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Hide "Staff" flags in UI and API plus documentation of configuration permissions @StefanFl (#5756)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Removal of AUTHORIZATION_STAFF_OVERRIDE @StefanFl (#5699)
• Removal of is_staff for various functionalities @StefanFl (#5682)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🐛 Bug Fixes

• Async Import: Fix group_by flag @Maffooch (#5830)
• DependencyCheck maintenance @damiencarol (#5757)
• Apply filters for Findings in Product Type report @StefanFl (#5840)
• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Rendering of references is corrupted when the same URL occurs more than one time @StefanFl (#5809)
• Maintenance of JFrog Xray parser @StefanFl (#5775)
• Update wpscan data upload @prakashar11 (#5562)
• Bugfix SLA days remaining @psbelin (#5737)
• Fix bug in Product view when GitHub is enabled @damiencarol (#5758)
• Correct date format mismatch when async imports are enabled @Maffooch (#5721)
• Reinstate copying of extra_settings @StefanFl (#5693)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)

🧰 Maintenance

• copy python files from extra_settings @tiagoposse (#5839)
• Bump python-gitlab from 2.10.1 to 3.1.1 @dependabot (#5836)
• Bump drf-spectacular from 0.21.1 to 0.21.2 @dependabot (#5857)
• Bump google-auth from 2.5.0 to 2.6.0 @dependabot (#5859)
• Bump nginx from 1.21.5-alpine to 1.21.6-alpine @dependabot (#5852)
• Bump django-watson from 1.6.0 to 1.6.1 @dependabot (#5850)
• Bump humanize from 3.13.1 to 3.14.0 @dependabot (#5851)
• Update rabbitmq:3.9.13 Docker digest from 3.9.13 to 3.9.13 (docker-compose.yml) @renovate (#5825)
• Bump coverage from 6.2 to 6.3 @dependabot (#5828)
• Bump google-auth from 2.4.1 to 2.5.0 @dependabot (#5829)
• Update mysql:5.7.37 Docker digest from 5.7.37 to v5.7.37 (docker-compose.yml) @renovate (#5831)
• Bump clipboard from 2.0.8 to 2.0.9 in /components @dependabot (#5837)
• Bump redis from 4.1.1 to 4.1.2 @dependabot (#5834)
• Bump django-auditlog from 1.0a1 to 1.0.0 @dependabot (#5817)
• Bump django-crispy-forms from 1.13.0 to 1.14.0 @dependabot (#5818)
• Bump google-auth from 2.3.3 to 2.4.1 @dependabot (#5819)
• Update rabbitmq Docker tag from 3.9.12 to v3.9.13 (docker-compose.yml) @renovate (#5787)
• Bump datatables.net from 1.11.3 to 1.11.4 in /components @dependabot (#5805)
• Bump datatables.net-buttons-dt from 2.1.1 to 2.2.2 in /components @dependabot (#5806)
• Bump datatables.net-dt from 1.11.3 to 1.11.4 in /components @dependabot (#5807)
• Bump datatables.net-buttons-bs from 2.1.1 to 2.2.2 in /components @dependabot (#5808)
• Bump redis from 4.1.0 to 4.1.1 @dependabot (#5764)
• Bump asteval from 0.9.25 to 0.9.26 @dependabot (#5765)
• Bump numpy from 1.22.0 to 1.22.1 @dependabot (#5766)
• Bump google-api-python-client from 2.35.0 to 2.36.0 @dependabot (#5780)
• Update release-drafter/release-drafter action from v5.17.5 to v5.17.6 (.github/workflows/release-drafter.yml) @renovate (#5788)
• Update mysql Docker tag from 5.7.36 to v5.7.37 (docker-compose.yml) @renovate (#5790)
• Bump sqlalchemy from 1.4.29 to 1.4.31 @dependabot (#5798)
• Bump social-auth-core from 4.1.0 to 4.2.0 @dependabot (#5771)
• Bump json-log-formatter from 0.5.0 to 0.5.1 @dependabot (#5763)
• Bump easymde from 2.16.0 to 2.16.1 in /components @dependabot (#5768)
• Add support for including multiple setting files via extra_settings @Maffooch (#5797)
• Update release-drafter/release-drafter action from v5.16.2 to v5.17.5 (.github/workflows/release-drafter.yml) @renovate (#5761)
• Update release-drafter/release-drafter action from v5.16.1 to v5.16.2 (.github/workflows/release-drafter.yml) @renovate (#5759)
• Update rabbitmq Docker tag from 3.9.11 to v3.9.12 (docker-compose.yml) @renovate (#5705)
• Update release-drafter/release-drafter action from v5.15.0 to v5.16.1 (.github/workflows/release-drafter.yml) @renovate (#5736)
• Update stefanzweifel/git-auto-commit-action action from v4.13.0 to v4.13.1 (.github/workflows/plantuml.yml) @renovate (#5740)
• Bump google-api-python-client from 2.34.0 to 2.35.0 @dependabot (#5748)
• Bump celery from 5.1.2 to 5.2.2 @dependabot (#5729)
• Bump numpy from 1.21.5 to 1.22.0 @dependabot (#5660)
• Bump urllib3 from 1.26.7 to 1.26.8 @dependabot (#5715)
• Bump gitpython from 3.1.24 to 3.1.26 @dependabot (#5727)
• Bump easymde from 2.15.0 to 2.16.0 in /components @dependabot (#5734)
• Remove CCVS API parser @damiencarol (#5728)
• Update stefanzweifel/git-auto-commit-action action from v4.12.0 to v4.13.0 (.github/workflows/plantuml.yml) @renovate (#5718)
• Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (docker-compose.yml) @renovate (#5716)
• Update helm/chart-testing-action action from v2.1.0 to v2.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#5710)
• Update dependency autoprefixer from 10.4.1 to v10.4.2 (docs/package.json) @renovate (#5709)
• Bump google-api-python-client from 2.33.0 to 2.34.0 @dependabot (#5696)
• Bump requests from 2.27.0 to 2.27.1 @dependabot (#5695)
• Make dashboard more modular @Maffooch (#5722)
• Bump nginx from 1.21.4-alpine to 1.21.5-alpine @dependabot (#5661)
• Bump pillow from 8.4.0 to 9.0.0 @dependabot (#5659)
• Bump requests from 2.26.0 to 2.27.0 @dependabot (#5668)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.27.1 to v1.28.0 (helm/defectdojo/values.yaml) @renovate (#...

2.7.0 🌈

This is an incomplete release, please install 2.7.1 or higher

Release 2.7.1 contains the full release notes, including the changes introduced in 2.7.0

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.6.0

• Finetune and document release process @valentijnscholten (#5751)
• Update social authentication docs @nobletrout (#5782)
• Update values.yaml @mtcolman (#5762)
• Adds AMI to readme and docs @devGregA (#5752)
• Update Jira Integration docs for Jira Server @jefQuery (#5741)
• Release: Merge back 2.6.2 into dev from: master-into-dev/2.6.2-2.7.0-dev @github-actions (#5724)
• Release: Merge release into master from: release/2.6.2 @github-actions (#5723)
• Release: Merge back 2.6.1 into dev from: master-into-dev/2.6.1-2.7.0-dev @github-actions (#5703)
• Release: Merge release into master from: release/2.6.1 @github-actions (#5702)
• Revert "Updated django dockerfile to work with bind mounts for local_settings.py" @Maffooch (#5701)
• Revert "Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles" @Maffooch (#5700)
• dependabot: unignore celery 5.x updates @valentijnscholten (#5669)
• Updated all dockerfiles to match the django dockerfile so UID/GIDs are consistent across dockerfiles @mtesauro (#5691)
• Updated django dockerfile to work with bind mounts for local_settings.py @mtesauro (#5681)
• Adds Fred to HoF, Removes others who are MIA and I couldn't get in contact with @devGregA (#5679)
• add upgrade notes 2.6.0 @valentijnscholten (#5678)
• Release: Merge back 2.6.0 into dev from: master-into-dev/2.6.0-2.7.0-dev @github-actions (#5677)

🚩 Changes to settings.dist.py / local_settings.py

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Rubocop: add parser @damiencarol (#5711)

🚩 Database migration

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Email pattern for default group @StefanFl (#5719)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🚀 New importers

• Remove CCVS API parser @damiencarol (#5728)
• Rubocop: add parser @damiencarol (#5711)

🚀 General features and enhancements

• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Email pattern for default group @StefanFl (#5719)
• rustyhog replaces choctawhog and gottingenhog is added #5607 @manuel-sommer (#5614)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Removal of AUTHORIZATION_STAFF_OVERRIDE @StefanFl (#5699)
• Removal of is_staff for various functionalities @StefanFl (#5682)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)
• API: return stats for api (re)imports @valentijnscholten (#5635)

🐛 Bug Fixes

• Wrong var in include_executive_summary block for product_type @Safren-tutu (#5833)
• Correct date format mismatch when async imports are enabled @Maffooch (#5721)
• Reinstate copying of extra_settings @StefanFl (#5693)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)

🧰 Maintenance

• Update stefanzweifel/git-auto-commit-action action from v4.13.0 to v4.13.1 (.github/workflows/plantuml.yml) @renovate (#5740)
• Bump google-api-python-client from 2.34.0 to 2.35.0 @dependabot (#5748)
• Bump celery from 5.1.2 to 5.2.2 @dependabot (#5729)
• Bump numpy from 1.21.5 to 1.22.0 @dependabot (#5660)
• Bump urllib3 from 1.26.7 to 1.26.8 @dependabot (#5715)
• Bump gitpython from 3.1.24 to 3.1.26 @dependabot (#5727)
• Bump easymde from 2.15.0 to 2.16.0 in /components @dependabot (#5734)
• Remove CCVS API parser @damiencarol (#5728)
• Update stefanzweifel/git-auto-commit-action action from v4.12.0 to v4.13.0 (.github/workflows/plantuml.yml) @renovate (#5718)
• Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (docker-compose.yml) @renovate (#5716)
• Update helm/chart-testing-action action from v2.1.0 to v2.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#5710)
• Update dependency autoprefixer from 10.4.1 to v10.4.2 (docs/package.json) @renovate (#5709)
• Bump google-api-python-client from 2.33.0 to 2.34.0 @dependabot (#5696)
• Bump requests from 2.27.0 to 2.27.1 @dependabot (#5695)
• Make dashboard more modular @Maffooch (#5722)
• Bump nginx from 1.21.4-alpine to 1.21.5-alpine @dependabot (#5661)
• Bump pillow from 8.4.0 to 9.0.0 @dependabot (#5659)
• Bump requests from 2.26.0 to 2.27.0 @dependabot (#5668)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.27.1 to v1.28.0 (helm/defectdojo/values.yaml) @renovate (#5680)

🖌 Updates in UI

• Release: Merge release into master from: release/2.7.0 @github-actions (#5865)
• Configuration authorization 3: Finish making more configuration permissions editable @StefanFl (#5713)
• Fixed indentation/naming of two blocks in base.html @blakeaowens (#5746)
• Removal of is_staff for various functionalities @StefanFl (#5682)
• Make dashboard more modular @Maffooch (#5722)
• API: return stats for api (re)imports @valentijnscholten (#5635)

2.6.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.6.1

• Release: Merge release into master from: release/2.6.2 @github-actions (#5723)

🐛 Bug Fixes

• Correct date format mismatch when async imports are enabled @Maffooch (#5721)

🧰 Maintenance

• Make dashboard more modular @Maffooch (#5722)

🖌 Updates in UI

• Make dashboard more modular @Maffooch (#5722)

2.6.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.6.0

• Release: Merge release into master from: release/2.6.1 @github-actions (#5702)
• dependabot: unignore celery 5.x updates @valentijnscholten (#5669)
• add upgrade notes 2.6.0 @valentijnscholten (#5678)

🚀 API features and enhancements

• Revert permission changes for test_type and development_environment @StefanFl (#5692)

🐛 Bug Fixes

• Reinstate copying of extra_settings @StefanFl (#5693)
• Revert permission changes for test_type and development_environment @StefanFl (#5692)

2.6.0 👾 (security release)

Please consult the security advisories GHSA-f82x-m585-gj24 (moderate) and GHSA-v7fv-g69g-x7p2 (high) to see what security issues were fixed in this release. These will be published and become visible at January 18th, 2022.

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.5.0

• Add header to nginx configuration @StefanFl (#5674)
• Add UI label to PR labeler and release drafter @kiblik (#5586)
• docs: add pointer to open items for DD_ASYNC_FINDING_IMPORT @valentijnscholten (#5639)
• Reversed x-axis on Product's Detailed Metrics Page @blakeaowens (#5617)
• Fix: filesystem not to be writable by the defectdojo user @dsever (#5284)
• feat(helm-chart): celery worker app_settings @qlimenoque (#5573)
• Fix typo @fabaff (#5575)
• Release: Merge back 2.5.0 into dev from: master-into-dev/2.5.0-2.6.0-dev @github-actions (#5570)
• Release: Merge release into master from: release/2.5.0 @github-actions (#5569)

🚩 Changes to settings.dist.py / local_settings.py

• Release: Merge release into master from: release/2.6.0 @github-actions (#5676)
• New parser for pip-audit @StefanFl (#5642)
• Move USER_PROFILE_EDITABLE to system_settings @dsever (#5611)
• Support version 8 of gitleaks @StefanFl (#5625)
• Solar change deduplication model @zapililirad (#5620)
• Configuration authorization: Permission checks and editing of permissions for users and groups @StefanFl (#5423)
• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)

🚩 Database migration

• Release: Merge release into master from: release/2.6.0 @github-actions (#5676)
• Remove Objects_Engagement and introduce flag to enable/disable Objects_Product @StefanFl (#5608)
• Fix database migration for deletion of development environments @StefanFl (#5649)
• Restrict deletion of environments @StefanFl (#5592)
• Move USER_PROFILE_EDITABLE to system_settings @dsever (#5611)
• Configuration authorization: Permission checks and editing of permissions for users and groups @StefanFl (#5423)
• Add migration to enable/disable Google Sheets and Rules Framework (PR 1 of 3) @Maffooch (#5587)
• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)

🚩 Security

• Give readers the permission to add notes @StefanFl (#5593)

🚀 New importers

• Revamp of the Anchore Grype parser @StefanFl (#5640)
• New parser for pip-audit @StefanFl (#5642)

🚀 General features and enhancements

• Updating engineer metrics and removing research metrics @StefanFl (#5613)
• Configuration authorization 2: Making more staff-permissions configurable @StefanFl (#5621)
• Mail notification improvement @kiblik (#5610)
• Give readers the permission to add notes @StefanFl (#5593)
• Show descriptions for scan types on pages for import and re-import @StefanFl (#5645)
• Move USER_PROFILE_EDITABLE to system_settings @dsever (#5611)
• Disable not supported notifications @dsever (#5624)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.6.0 @github-actions (#5676)
• Adjust several permissions for API and UI @StefanFl (#5672)
• Close old findings of same service only @StefanFl (#5631)
• Configuration authorization 2: Making more staff-permissions configurable @StefanFl (#5621)
• simplify and add comments for auto_create_context @valentijnscholten (#5591)
• add scan_date fix also for reimport, fix validation @valentijnscholten (#5574)
• Configuration authorization: Permission checks and editing of permissions for users and groups @StefanFl (#5423)
• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)

🐛 Bug Fixes

• add missing comma @valentijnscholten (#5673)
• Extend scan_date functionality to Endpoints created at import time @Maffooch (#5665)
• Close old findings of same service only @StefanFl (#5631)
• Fix enclosing variable redefinition @damiencarol (#5632)
• Slack notification: get user by email instead of searching all users @valentijnscholten (#5091)
• jira: respect summary max length (255) @valentijnscholten (#5653)
• Checkmarx parser: fix empty filename @damiencarol (#5638)
• Restrict deletion of environments @StefanFl (#5592)
• add scan_date fix also for reimport, fix validation @valentijnscholten (#5574)

🧰 Maintenance

• Bump django from 3.2.10 to 3.2.11 @dependabot (#5670)
• Remove Objects_Engagement and introduce flag to enable/disable Objects_Product @StefanFl (#5608)
• Update dependency autoprefixer from 10.4.0 to v10.4.1 (docs/package.json) @renovate (#5647)
• Bump psycopg2-binary from 2.9.2 to 2.9.3 @dependabot (#5650)
• Bump redis from 4.0.2 to 4.1.0 @dependabot (#5643)
• Update busybox Docker tag to v1.35.0 (docker-compose.override.unit_tests_cicd.yml) @renovate (#5654)
• Bump supervisor from 4.2.2 to 4.2.4 @dependabot (#5655)
• add logic if external redis is used @sandroded (#5534)
• Fix database migration for deletion of development environments @StefanFl (#5649)
• simplify and add comments for auto_create_context @valentijnscholten (#5591)
• Bump sqlalchemy from 1.4.27 to 1.4.29 @dependabot (#5634)
• Bump argon2-cffi from 21.2.0 to 21.3.0 @dependabot (#5598)
• Bump django-tagulous from 1.3.2 to 1.3.3 @dependabot (#5644)
• Bump django-tagulous from 1.3.1 to 1.3.2 @dependabot (#5641)
• Bump django-prometheus from 2.1.0 to 2.2.0 @dependabot (#5622)
• Bump numpy from 1.21.4 to 1.21.5 @dependabot (#5627)
• Bump django-debug-toolbar from 3.2.2 to 3.2.4 @dependabot (#5616)
• Bump cryptography from 36.0.0 to 36.0.1 @dependabot (#5609)
• Update nginx/nginx-prometheus-exporter Docker tag from 0.9.0 to v0.10.0 (helm/defectdojo/values.yaml) @renovate (#5630)
• Bump django-test-migrations from 1.1.0 to 1.2.0 @dependabot (#5604)
• Bump json-log-formatter from 0.4.0 to 0.5.0 @dependabot (#5637)
• Bump djangorestframework from 3.12.4 to 3.13.1 @dependabot (#5615)
• Update dependency postcss-cli from 9.0.2 to v9.1.0 (docs/package.json) @renovate (#5590)
• Update dependency postcss from 8.4.4 to v8.4.5 (docs/package.json) @renovate (#5594)
• Update manusa/actions-setup-minikube action from v2.4.2 to v2.4.3 (.github/workflows/k8s-testing.yml) @renovate (#5589)
• Bump justgage from 1.5.0 to 1.5.1 in /components @dependabot (#5600)
• Bump drf-spectacular from 0.21.0 to 0.21.1 @dependabot (#5623)
• Update to Django 3.2.10 @StefanFl (#5633)
• Support version 8 of gitleaks @StefanFl (#5625)
• update tagulous to 1.3.1 instead of hotfix commit @valentijnscholten (#5626)
• Bump lxml from 4.6.4 to 4.7.1 @dependabot (#5605)
• Add migration to enable/disable Google Sheets and Rules Framework (PR 1 of 3) @Maffooch (#5587)
• Bump datatables.net-buttons-dt from 2.0.1 to 2.1.1 in /components @dependabot (#5571)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.27.0 to v1.27.1 (helm/defectdojo/values.yaml) @renovate (#5565)
• Bump datatables.net-buttons-bs from 2.0.1 to 2.1.1 in /components @dependabot (#5572)
• Bump google-api-python-client from 2.32.0 to 2.33.0 @dependabot (#5577)
• Bump argon2-cffi from 21.1.0 to 21.2.0 @dependabot (#5578)

🖌 Updates in UI

• Adjust several permissions for API and UI @StefanFl (#5672)
• Updating engineer metrics and removing research metrics @StefanFl (#5613)
• Remove Objects_Engagement and introduce flag to enable/disable Objects_Product @StefanFl (#5608)

2.5.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.4.0

• Fix typo @fabaff (#5575)
• Release: Merge release into master from: release/2.5.0 @github-actions (#5569)
• Release: Merge release into master from: release/2.5.0 @github-actions (#5564)
• Fix alias paths in nginx config @tutasla (#5557)
• Added info on upgrading godojo installs of DefectDojo to the docs @mtesauro (#5561)
• Checkmarx: parse and set false positive, active and verified fields correctly @ptrovatelli (#5484)
• use GHA caching for integration tests @valentijnscholten (#5495)
• remove duplicated {{block.super}} lines @valentijnscholten (#5545)
• bump django to 3.2.9 @valentijnscholten (#5539)
• Checkmarx parser aggregation and deduplication with query id @jcaillon (#5506)
• update docs for SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS @shubhindia (#5529)
• fix release-drafter.xml (#5511) @valentijnscholten (#5532)
• Nessus: store only standard protocol names @kiblik (#5471)
• fix duplicate notification urls @valentijnscholten (#5515)
• Update DOCKER.md to fix broken link @rsaiprashanth (#5505)
• fix release-drafter.xml (against master) @valentijnscholten (#5511)
• add tag for each Trivy vulnerability @shubhindia (#5479)
• Add EmptyDir for CeleryBeat into /run @dsever (#5421)
• Moved all plot objects into one .js file @blakeaowens (#5456)
• optimize GHA unit test @valentijnscholten (#5488)
• master into dev @valentijnscholten (#5473)
• use buildkit master with bugfix @valentijnscholten (#5467)
• add build arg for userid integration tests @valentijnscholten (#5432)
• feat: make semgrep reports more informative @art-tykh (#5391)
• Update release-drafter template @valentijnscholten (#5431)
• fix dedupe sync usage example @shubhindia (#5446)
• Integration test warning cleanup @CharlieSears (#5445)
• Move more markdown files to github pages @valentijnscholten (#5403)
• Fix integration test users @dsever (#5425)
• Remove dependency check report file @StefanFl (#5413)
• main(tests): remove rabbitmq from unit-tests @alles-klar (#5307)
• Integration test idempotency @CharlieSears (#5397)
• master into dev @valentijnscholten (#5406)
• merge mast into dev after github pages changes @valentijnscholten (#5402)
• GitHub Pages for master and dev @valentijnscholten (#5399)
• Generate github pages for master + dev branches @valentijnscholten (#5398)
• workflow updates @valentijnscholten (#5394)
• GHA workflows: don't persist git credentials @valentijnscholten (#5393)
• update demo password @valentijnscholten (#5388)
• Release: Merge back 2.4.1 into dev from: master-into-dev/2.4.1-2.5.0-dev @github-actions (#5385)
• Release: Merge release into master from: release/2.4.1 @github-actions (#5384)
• update release date in deprecation timeline for legacy authorization @valentijnscholten (#5374)
• Update test-helm-chart.yml @valentijnscholten (#5380)
• Update test-helm-chart.yml @valentijnscholten (#5379)
• Update test-helm-chart.yml @valentijnscholten (#5378)
• merge master into dev @valentijnscholten (#5377)
• Release: Merge back 2.4.0 into dev from: master-into-dev/2.4.0-2.5.0-dev @github-actions (#5373)

🚩 Changes to settings.dist.py / local_settings.py

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• Add asynchronous re/imports (disabled by default) @Maffooch (#5553)
• Set default_auto_field after migration to Django 3.2 @StefanFl (#5552)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Auth V2 - Remove legacy authorization part 4: final removal of FEATURE_AUTHORIZATION_V2 @StefanFl (#5477)
• Use hash_code for deduplication of detect-secrets scans @StefanFl (#5483)
• New report format for Trufflehog3, use hashcode for dedupe @StefanFl (#5478)
• Add "Forgot password" functionality @kiblik (#5302)
• feat(saml): configurable login button text @alles-klar (#5449)
• Upstream dev @valentijnscholten (#5395)
• main: improve documentation @alles-klar (#5390)

🚩 Database migration

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• fix image migration for duplicate captions @valentijnscholten (#5549)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• Set default group for all new users @StefanFl (#5501)
• Add "Forgot password" functionality @kiblik (#5302)
• Remove models for legacy api classes @StefanFl (#5387)
• Upstream dev @valentijnscholten (#5395)
• Fix migration of API configurations @StefanFl (#5383)

🚀 General features and enhancements

• Add asynchronous re/imports (disabled by default) @Maffooch (#5553)
• Add support for files in generic parser @damiencarol (#5508)
• Upgrade to Django 3.2 @valentijnscholten (#5265)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• fix(helm): allow disabling initializer job @qlimenoque (#5504)
• Set default group for all new users @StefanFl (#5501)
• Add support for pushing tags to jira @Maffooch (#5476)
• Add "Forgot password" functionality @kiblik (#5302)
• Allow to force login form @kiblik (#5444)
• feat(saml): configurable login button text @alles-klar (#5449)
• APIv2: Allow import/reimport by names not only ids @valentijnscholten (#5342)

🚀 API features and enhancements

• Revert "Release: Merge release into master from: release/2.5.0" @Maffooch (#5567)
• Respect scan_date at import time for all findings imported @Maffooch (#5547)
• api: update reimport docstring @valentijnscholten (#5560)
• Autocreate product / engagement during (re)import @valentijnscholten (#5492)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Fix files API @StefanFl (#5509)
• Fixes for typos in UI and code @StefanFl (#5531)
• Endpoint Metadata Importer for adding tags/custom fields to Endpoints @Maffooch (#5491)
• Fix for missing API_Scan_Configuration and exception handler @StefanFl (#5455)
• Auth V2 - Remove legacy authorization part 3: Remove feature flag from core classes @StefanFl (#5458)
• Authz: Allow global maintainers/owner to add Product Types @valentijnscholten (#5410)
• Upstream dev @valentijnscholten (#5395)
• APIv2: Allow import/reimport by names not only ids @valentijnscholten (#5342)

🐛 Bug Fixes

• Respect scan_date at import time for all findings imported @Maffooch (#5547)
• fix image migration for duplicate captions @valentijnscholten (#5549)
• Typo in README and a missing parser in the documentation @StefanFl (#5548)
• Fix staff permission to add product types @StefanFl (#5551)
• Fix files API @StefanFl (#5509)
• Fixes for typos in UI and code @StefanFl (#5531)
• Update Nessus WAS parser to catch the lack of a port in CSV Parser @Maffooch (#5490)
• Fix missing import/model in 0066_django_tagulous.py @valentijnscholten (#5514)
• Use hash_code for deduplication of detect-secrets scans @StefanFl (#5483)
• Fix for missing API_Scan_Configuration and exception handler @StefanFl (#5455)
• Fix for creating multiple groups containing the same Product Type @StefanFl (#5457)
• Update the nginx-prometheus-exporter entrypoint @bgoareguer (#5415)

🧰 Maintenance

• Set default_auto_field after migration to Django 3.2 @StefanFl (#5552)
• remove findingimages leftovers @valentijnscholten (#5540)
• Update rabbitmq:3.9.11 Docker digest from 3.9.11 to 3.9.11 (docker-compose.yml) @renovate (#5546)
• Add organizational blocks around metrics.js files @Maffooch (#5544)
• Auth V2 - Remove legacy authorization part 5: Removal of authorized users @StefanFl (#5518)
• Update rabbitmq Docker tag from 3.9.10 to v3.9.11 (docker-compose.yml) @renovate (#5541)
• Move unit test leftovers @StefanFl (#5543)
• Bump google-api-python-client from 2.31.0 to 2.32.0 @dependabot (#5536)
• Bump redis from 3.5.3 to 4.0.2 @dependabot (#5481)
• Bump djangosaml2 from 1.3.4 to 1.3.5 @dependabot (#5463)
• Upgrade to Django 3.2 @valentijnscholten (#5265)
• move unittests outside dojo folder @valentijnscholten (#5527)
• main(helm): remove deprecated stable repo, bump tested k8s versions @alles-klar (#5450)
• Bump humanize from 3.12.0 to 3.13.1 @dependabot (#5530)
• Bump coverage from 6.1.2 to 6.2 @dependabot (#5520)
• Auth V2 - Remove legacy authorization part 4: final removal of FEATURE_AUTHORIZATION_V2 @StefanFl (#5477)
• Update dependency postcss from 8.4.3 to v8.4.4 (docs/package.json) @renovate (#5512)
• Go to user view after user add @StefanFl (#5510)
• Update dependency postcss from 8.4.1 to v8.4.3 (docs/package.json) @renovate (#5507)
• Update dependency postcss from 8.4.0 to v8.4.1 (docs/package.json) @renovate (#5498)
• Update dependency postcss from 8.3.11 to v8.4.0 (docs/package.json) @renovate (#5493)
• Update rabbitmq:3.9.10 Docker digest from 3.9.10 to 3.9.10 (docker-compose.yml) @renovate (#5486)
• New report format for Trufflehog3, use hashcode for dedupe @StefanFl (#5478)
• Bump cryptography from 35.0.0 to 36.0.0 @dependabot (#5482)
• Update rabbitmq Docker tag from 3.9.9 to v3.9.10 (docker-compose.yml) @renovate (#5475)
• Update rabbitmq:3.9.9 Docker digest from 3.9.9 to 3.9.9 (docker-compose.yml) @renovate (#5472)
• Bump mysqlclient from 2.0.3 to 2.1.0 @dependabot (#5468)
• Bump django-polymorphic from 3.0.0 to 3.1.0 @dependabot (#5469)
• Bump markdown from 3.3.5 to 3.3.6 @dependabot (#5470)
• Bump markdown from 3.3.4 to 3.3.5 @dependabot (#5460)
• Bump google-api-python-client from 2.30.0 to 2.31.0 @dependabot (#5462)
• Update mysql:5.7.36 Docker digest from 5.7.36 to v5.7.36 (dock...

2.4.1 🌈

Changes since 2.4.0

🚩 Requires settings changes, database migration, hash code recomputation

• Fix migration of API configurations @StefanFl (#5383)

2.4.0 👾 (security release)

Security fix

This release fixes a High severity vulnerability GHSA-fwg9-752c-qh8w reported by Laddada Nadjet - Security Team - Eldjazaer Information Technology- Elit on HackerOne.

Changes since 2.3.0

• Release: Merge back 2.4.0 into dev from: master-into-dev/2.4.0-2.5.0-dev @github-actions (#5373)
• Add security info to upgrade notes @valentijnscholten (#5371)
• Change Anchore Grype parser to allow matcher lists @valentijnscholten (#5369)
• Fix for an issue with links @StefanFl (#5370)
• order findings last 7 days by -date @valentijnscholten (#5361)
• fix: string comparison using 'is' operator @seokjeon (#5347)
• Add support for CloudSQL Auth Proxy's IAM login and private IPs @dhozac (#4926)
• Adds third party notices @devGregA (#5320)
• Fix minor typo in k8s docs @thomdixon (#5297)
• [HELM] Mount media to permanent storage @dsever (#5213)
• integration tests: run as matrix @valentijnscholten (#5264)
• gha unit tests: keep test database between the 2 sets of tests @valentijnscholten (#5259)
• gha unit tests: use new GHA cache @valentijnscholten (#5258)
• PR labeler: add label to api changes @valentijnscholten (#5262)
• use relative/portable path for test_rest_framework test file @valentijnscholten (#5254)
• fix dependency check parser indentation @valentijnscholten (#5251)
• Add support for tolerations @mikeanth-dev (#5212)
• Release: Merge back 2.3.1 into dev from: master-into-dev/2.3.1-2.4.0-dev @github-actions (#5249)
• Release: Merge release into master from: release/2.3.1 @github-actions (#5248)
• add info about previous password hashing algorithm to upgrade notes @valentijnscholten (#5243)
• User: allow search by email @kiblik (#5226)
• Release: Merge back 2.3.0-part-2 into dev from: master-into-dev/2.3.0-part-2-2.4.0-dev after mistakes @github-actions (#5238)
• Add upgrade instructions for 2.3.0 @valentijnscholten (#5229)
• 2.3.0 Sync Merge @devGregA (#5225)
• Master into dev/2.3.0 2.4.0 dev @Maffooch (#5223)

💣 Breaking changes

• Remove safety parser and db @StefanFl (#5359)

🚩 Requires settings changes, database migration, hash code recomputation

• Release: Merge release into master from: release/2.4.0 @github-actions (#5372)
• Allow User Profiles to be read-only @dsever (#5275)
• Add service attribute to Findings to be used for deduplication @StefanFl (#5346)
• filter out products without configs @valentijnscholten (#5362)
• Remove safety parser and db @StefanFl (#5359)
• Deduplication settings for Semgrep and Generic Findings Import @StefanFl (#5317)
• Hadolint: set file_path and line fields @bgoareguer (#5341)
• remove X-XSS-Protection header @manuel-sommer (#5330)
• remove obselete api_v1 settings @valentijnscholten (#5323)
• Unify configuration for API based parsers @StefanFl (#5289)
• Correct database Integrity Exception @Maffooch (#5319)
• squash migrations 0001-0090 (pre-2.0.0) @valentijnscholten (#5263)
• ScoutSuite parser: refactor parser interface @damiencarol (#5268)
• Check de-duplication in initializer and fix Bandit de-duplication settings @damiencarol (#5234)
• Remove deprecated fields of Findings @StefanFl (#5261)
• Bump pytz from 2021.1 to 2021.3 @dependabot (#5211)

🚀 New importers

• Add Horusec parser @damiencarol (#5309)
• Add solar appscreener parser @zapililirad (#5288)
• Added Burp GraphQL parser @sjkubik (#4798)

🚀 General features and enhancements

• Allow User Profiles to be read-only @dsever (#5275)
• Add service attribute to Findings to be used for deduplication @StefanFl (#5346)
• improve history page layout @manuel-sommer (#5337)
• User profile in API @StefanFl (#5326)
• Enhanced exception handler @StefanFl (#5329)
• Engagement - Unified lists and CSV/Excel export @StefanFl (#5266)
• Fix package.json errors with Yarn audit @damiencarol (#5301)
• squash migrations 0001-0090 (pre-2.0.0) @valentijnscholten (#5263)
• test_rest_framework: generate openapi3 schema only once @valentijnscholten (#5255)
• Added Dependency Check Suppression parsing @emresaglam-dremio (#5082)
• Add support for context region snippets in SARIF parser @Kjeld-P (#5227)

🚀 API features and enhancements

• Add service attribute to Findings to be used for deduplication @StefanFl (#5346)
• APIv2: Allow to set the first password when the user is created through API @kiblik (#5224)
• User profile in API @StefanFl (#5326)
• Enhanced exception handler @StefanFl (#5329)
• Unify configuration for API based parsers @StefanFl (#5289)
• APIv2: allow create/list/view/delete User Contact Info @kiblik (#5221)

🐛 Bug Fixes

• Fix problem with duplicate projects in GitLab pipeline @StefanFl (#5364)
• filter out products without configs @valentijnscholten (#5362)
• Enhanced endpoint selection and creation @StefanFl (#5327)
• Use endpoint status to determine vulnerable endpoints @StefanFl (#5336)
• Deduplication settings for Semgrep and Generic Findings Import @StefanFl (#5317)
• Hadolint: set file_path and line fields @bgoareguer (#5341)
• Bugfix: JIRA attachment upload @valentijnscholten (#5344)
• Correct database Integrity Exception @Maffooch (#5319)
• SSLlabs: fix endpoints @kiblik (#5296)
• Permissions for Stub_Finding @StefanFl (#5287)
• fix duplicate if #5256 @manuel-sommer (#5276)
• Check de-duplication in initializer and fix Bandit de-duplication settings @damiencarol (#5234)
• Correct Javascript introduced #5207. Fixes #5236 @Maffooch (#5247)

🧰 Maintenance

• Remove safety parser and db @StefanFl (#5359)
• Bump coverage from 6.0.2 to 6.1.1 @dependabot (#5358)
• Update dependency autoprefixer from 10.3.7 to v10.4.0 (docs/package.json) @renovate (#5355)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.23.1 to v1.26.0 (helm/defectdojo/values.yaml) @renovate (#5343)
• Update busybox Docker tag from 1.34.0 to v1.34.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#5353)
• Update rabbitmq:3.9.8 Docker digest from 3.9.8 to 3.9.8 (docker-compose.yml) @renovate (#5354)
• Bump google-api-python-client from 2.27.0 to 2.28.0 @dependabot (#5350)
• Bump google-auth from 2.3.1 to 2.3.2 @dependabot (#5351)
• Bump google-auth from 2.3.0 to 2.3.1 @dependabot (#5340)
• Bump datatables.net-colreorder from 1.5.4 to 1.5.5 in /components @dependabot (#5333)
• Allow API importer to edit Tests and Engagements @valentijnscholten (#5324)
• Update sample data @Maffooch (#5280)
• Bump numpy from 1.21.2 to 1.21.3 @dependabot (#5313)
• Bump django-environ from 0.8.0 to 0.8.1 @dependabot (#5314)
• Update dependency postcss from 8.3.10 to v8.3.11 (docs/package.json) @renovate (#5315)
• Update dependency postcss from 8.3.9 to v8.3.10 (docs/package.json) @renovate (#5311)
• Bump debugpy from 1.5.0 to 1.5.1 @dependabot (#5299)
• Update rabbitmq Docker tag from 3.9.7 to v3.9.8 (docker-compose.yml) @renovate (#5305)
• Bump sqlalchemy from 1.4.25 to 1.4.26 @dependabot (#5308)
• Bump django-debug-toolbar-request-history from 0.1.3 to 0.1.4 @dependabot (#5300)
• Bump google-api-python-client from 2.26.1 to 2.27.0 @dependabot (#5298)
• Update rabbitmq:3.9.7 Docker digest from 3.9.7 to v3.9.7 (docker-compose.yml) @renovate (#5303)
• Update mysql Docker tag from 5.7.35 to v5.7.36 (docker-compose.yml) @renovate (#5304)
• Bump django-environ from 0.7.0 to 0.8.0 @dependabot (#5293)
• Bump pyjwt from 2.2.0 to 2.3.0 @dependabot (#5294)
• Fix ssl_labs and nsp parsers, correct occurences of self.items, add ssl_labs and nsp parser unit test. @JOT85 (#5103)
• Bump drf-spectacular from 0.20.1 to 0.20.2 @dependabot (#5285)
• Bump pillow from 8.3.2 to 8.4.0 @dependabot (#5286)
• test(integration): Install Chromedriver during dockerbuild @alles-klar (#5283)
• ScoutSuite parser: refactor parser interface @damiencarol (#5268)
• Bump google-api-python-client from 2.24.0 to 2.26.1 @dependabot (#5274)
• Bump coverage from 6.0.1 to 6.0.2 @dependabot (#5270)
• Remove deprecated fields of Findings @StefanFl (#5261)
• Update nginx/nginx-prometheus-exporter Docker tag from 0.8.0 to v0.9.0 (helm/defectdojo/values.yaml) @renovate (#5260)
• Bump pytz from 2021.1 to 2021.3 @dependabot (#5211)
• Add unit tests for Dawnscanner @damiencarol (#5244)
• Bump google-auth from 2.2.1 to 2.3.0 @dependabot (#5252)
• Bump coverage from 6.0 to 6.0.1 @dependabot (#5239)
• Bump pyjwt from 2.1.0 to 2.2.0 @dependabot (#5240)
• Bump humanize from 3.11.0 to 3.12.0 @dependabot (#5231)
• Bump uwsgi from 2.0.19.1 to 2.0.20 @dependabot (#5232)
• Bump coverage from 5.5 to 6.0 @dependabot (#5210)
• Update dependency postcss from 8.3.8 to v8.3.9 (docs/package.json) @renovate (#5215)
• Update dependency autoprefixer from 10.3.6 to v10.3.7 (docs/package.json) @renovate (#5214)
• Bump drf-spectacular from 0.19.0 to 0.20.1 @dependabot (#5209)
• Bump debugpy from 1.4.3 to 1.5.0 @dependabot (#5218)
• Bump packageurl-python from 0.9.4 to 0.9.6 @dependabot (#5219)
• Bump google-api-python-client from 2.23.0 to 2.24.0 @dependabot (#5220)

2.3.1 🌈

Changes since 2.3.0

🐛 Bug Fixes

• Correct Javascript introduced #5207. Fixes #5236 @Maffooch (#5247)

🧰 Maintenance

• 2.3.0 Sync Merge @devGregA (#5225)