nightly-dev 🌈

Run the release drafter to populate the release notes.

2.56.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.55.0

• Refactor zip handling with safe_open_zip and safe_read_all_zip @Maffooch (#14408)
• feat(trivy_operator): add remediation, messages, category, and publishedDate mappings @SergK (#14360)
• fix: slight textual changes to update-sample-data workflow @valentijnscholten (#14401)
• Reimport: Do not reactivate endpoint statuses with special statuses @Maffooch (#14402)
• Update sample data @github-actions (#14400)
• [docs] scheduling for rules engine @paulOsinski (#14413)
• Set unique_id_from_tool from matrix field in Dependency Track parser @samiat4911 (#14380)
• Updates Documentation Site @devGregA (#14357)
• feat(parsers): add fix_version support to Generic Findings Import @vvpoglazov (#14307)
• [docs] add Connectors documentation, 2.55.4 changelog @paulOsinski (#14381)
• fix typo in pro demo @paulOsinski (#14378)
• Update sample data @github-actions (#14389)
• Fix DataError when Finding_Group name exceeds 255 chars @valentijnscholten (#14376)
• fix(trivy_operator): fix compliance severity logic and checkID comparison @SergK (#14359)
• Fix webp issues with Dev deployments @paulOsinski (#14377)
• Also update defect_dojo_sample_data_locations.json in sample data workflow @valentijnscholten (#14391)
• fix: Add support to parse CVSSV4 findings for the Trivy parser @coheigea (#14379)
• Create Surveys and Questionnaires documentation @dangoelz (#14394)
• Refactor get_object_or_404 calls for Engagement and Engagement_Presets @Maffooch (#14375)
• Fix update-sample-data workflow pushing to protected master branch @valentijnscholten (#14374)
• Update Quick Start guide in README for Docker Compose @Maffooch (#14335)
• Remove dead sync_process_findings / determine_process_method / process_results scaffolding @valentijnscholten (#14351)
• Fixes, expands, and modifies E2E tests @devGregA (#14329)
• fix: dedupe management command FieldError with only("id") and select_related @valentijnscholten (#14350)
• Refactor fixture-updater to python @fopina (#14336)
• Fix PGDATA path to make postgres data durable (fixes #14358) @valentijnscholten (#14362)
• Skip dispatching endpoint/location tasks when lists are empty @valentijnscholten (#14361)
• Fix release workflow: ensure helm chart is uploaded before release-drafter @valentijnscholten (#14364)
• [docs] feb release notes @paulOsinski (#14341)
• update finding_status_definitions @paulOsinski (#14356)
• fix for ms defender parser: use endpoint instead of url when not v3 @dogboat (#14343)
• Support sync kwarg in process_findings for inline post-processing @valentijnscholten (#14309)
• Propagate async_user via crum.impersonate in DojoAsyncTask base class @valentijnscholten (#14308)
• fix username logging in uwsgi for requests with TokenAuthentication @fopina (#14322)
• chore(deps): bump ruff from 0.15.0 to 0.15.1 @manuel-sommer (#14316)

🚩 Changes to settings.dist.py / local_settings.py

• Silence polymorphic.W001 and polymorphic.W002 system checks @Maffooch (#14393)
• Dependency Track parser: Store DT uuid into unique_id_from_tool instead of vuln_id_from_tool @AndreVirtimo (#14346)

🚩 Database migration

• LocationData for parsers @dogboat (#14395)
• Add 'Scheduled' status to engagement models @Maffooch (#14319)

🚀 API features and enhancements

• Updates Decorators with Certain Permission Models @devGregA (#14410)
• Optimize language import process with bulk creation and improved validation @Maffooch (#14403)
• fix: don't close old findings when reimport auto-creates a new test @valentijnscholten (#14396)
• Fix Jira integration error handling and type representation @Maffooch (#14320)

🖌 Updates in UI

• fix the way bulk update endpoints in finding view works in v3 @dogboat (#14411)

🧰 Maintenance

• chore(deps): update github artifact actions (.github/workflows/rest-framework-tests.yml) (major) @renovate (#14397)
• chore(deps): update valkey/valkey docker tag from 7.2.11 to v7.2.12 (docker-compose.yml) @renovate (#14383)
• chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in /docs @dependabot (#14398)
• chore(deps): update dependency node from 24.13.1 to v24.14.0 (.github/workflows/validate_docs_build.yml) @renovate (#14387)
• chore(deps): update python:3.13.12-slim-trixie docker digest from 3.13.12 to v (dockerfile.integration-tests-debian) @renovate (#14386)
• chore(deps): bump minimatch in /docs @dependabot (#14385)
• chore(deps): bump sqlalchemy from 2.0.46 to 2.0.47 @dependabot (#14388)
• chore(deps): bump pdfmake from 0.3.4 to 0.3.5 in /components @dependabot (#14370)
• chore(deps): bump django-polymorphic from 4.11.0 to 4.11.1 @dependabot (#14369)
• chore(deps): update dependency renovatebot/renovate from 43.24.0 to v43.31.7 (.github/workflows/renovate.yaml) @renovate (#14366)
• chore(deps): bump django-imagekit from 6.0.0 to 6.1.0 @dependabot (#14368)
• chore(deps): bump django-environ from 0.12.1 to 0.13.0 @dependabot (#14338)
• chore(deps): bump ruff from 0.15.1 to 0.15.2 @dependabot (#14355)
• chore(deps): update dependency kubernetes/minikube from v1.38.0 to v1.38.1 (.github/workflows/k8s-tests.yml) @renovate (#14352)
• chore(deps): bump django-pghistory from 3.9.1 to 3.9.2 @dependabot (#14340)
• chore(deps): bump redis from 7.1.1 to 7.2.0 @dependabot (#14331)
• chore(deps): update actions/stale action from v10.1.1 to v10.2.0 (.github/workflows/close-stale.yml) @renovate (#14330)
• chore(deps): bump psycopg[c] from 3.3.2 to 3.3.3 @dependabot (#14348)
• chore(deps): update postgres:18.2-alpine docker digest from 18.2 to 18.2-alpine (docker-compose.yml) @renovate (#14344)
• chore(deps): update valkey docker tag from 0.15.4 to v0.17.0 (helm/defectdojo/chart.yaml) @renovate (#14326)
• chore(deps): bump djangosaml2 from 1.11.1 to 1.12.0 @dependabot (#14339)
• chore(deps): update manusa/actions-setup-minikube action from v2.14.0 to v2.15.0 (.github/workflows/k8s-tests.yml) @renovate (#14312)
• chore(deps): update dependency renovatebot/renovate from 43.5.6 to v43.24.0 (.github/workflows/renovate.yaml) @renovate (#14323)
• chore(deps): bump django-environ from 0.12.0 to 0.12.1 @dependabot (#14327)
• Update openapitools/openapi-generator-cli Docker tag from v7.19.0 to v7.20.0 (Dockerfile.integration-tests-debian) @renovate (#14328)

2.55.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.55.3

• fix: dedupe management command FieldError with only("id") and select_related @valentijnscholten (#14350)
• Fix PGDATA path to make postgres data durable (fixes #14358) @valentijnscholten (#14362)
• Skip dispatching endpoint/location tasks when lists are empty @valentijnscholten (#14361)
• Fix release workflow: ensure helm chart is uploaded before release-drafter @valentijnscholten (#14364)
• [docs] feb release notes @paulOsinski (#14341)
• update finding_status_definitions @paulOsinski (#14356)
• fix for ms defender parser: use endpoint instead of url when not v3 @dogboat (#14343)

2.55.3 🌈

Run the release drafter to populate the release notes.

2.55.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.55.1

• Add finding group support to jira_status_reconciliation command @valentijnscholten (#14267)
• Expose has_any_jira_issue filter for findings @valentijnscholten (#14266)
• Update dockerfiles to ensure underlying OS is always running the late… @mtesauro (#14260)
• Fix test name filter to use test__title instead of test__name @valentijnscholten (#14253)
• Add test to ensure duplicate findings are deleted in the proper order @Jino-T (#14256)
• [docs] pro changelog - 2.55.0 @paulOsinski (#14237)

🚀 API features and enhancements

• Jira keep findings in sync: Expand to import/reimport and API @Maffooch (#14262)
• Auto Create Context: Fetch all objects for correct jira project associations @Maffooch (#14259)
• Fix risk acceptance API to link to engagement and add validations and permission check @valentijnscholten (#14140)
• refactor dojo async task base task (bugfix branch) @valentijnscholten (#14240)

🖌 Updates in UI

• refactor dojo async task base task (bugfix branch) @valentijnscholten (#14240)
• [docs] replace old risk acceptance article and add calendar @dangoelz (#14244)

2.55.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.55.0

• Fix finding counts showing as 1 due to subquery ordering bug @valentijnscholten (#14242)
• jira_link: improve exception handling @paulOsinski (#14243)
• [docs] indexing improvements @paulOsinski (#14229)
• Release: Merge back 2.55.0 into bugfix from: master-into-bugfix/2.55.0-2.56.0-dev @github-actions[bot] (#14232)

🚀 API features and enhancements

• Release: Merge release into master from: release/2.55.1 @github-actions[bot] (#14248)
• Set last reviewed date and reviewer when note is added @Maffooch (#14209)

🧰 Maintenance

• chore(deps): bump django from 5.2.9 to 5.2.11 @dependabot[bot] (#14236)

2.55.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.0

• docs - quick patch @paulOsinski (#14226)
• [docs] 2026 overhaul @paulOsinski (#14157)
• Fix Jira webhook race condition when closing ticket with comment @valentijnscholten (#14208)
• Include Trufflehog verified secret info in report @jamesgol (#14192)
• remove duplicated openreports parser doc @fopina (#14206)
• 💄 Typo in release 2.52 @manuel-sommer (#14204)
• Fix: Suppress expected JIRA validation alerts when pushing (Fixes #12988) @valentijnscholten (#13974)
• fix(async): watchmedo was installed incorrectly @kiblik (#14183)
• Enhance risk acceptance authorization checks @Maffooch (#14174)
• authorizations: optimize queries & cache data per request @valentijnscholten (#13989)
• 🐛 No filter by "Test name" in the findings list for all products … @manuel-sommer (#14167)
• 🐛 Fix "Test Type" filter dropdown includes inactive test types #1… @manuel-sommer (#14166)
• Change pghistory backfill log level from ERROR to DEBUG for missing event tables @valentijnscholten (#14151)
• Revert "Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.… @valentijnscholten (#14158)
• 🎉 add Trivy misconfiguration fields #14136 @manuel-sommer (#14139)
• Update file upload field to accept dynamic file types and add validation for supported extensions @Maffooch (#14143)
• pro changelog: jan21 @paulOsinski (#14144)
• Fix risk-accepted findings not being closed when vulnerability is no longer present in reports @valentijnscholten (#14125)
• tags from parser: fix parsers, add tests and fallback @valentijnscholten (#14111)
• prettify sample scan files @valentijnscholten (#14113)
• Add additional fields to AssetSerializer @Maffooch (#14109)
• Import/Reimport: Push to jira when findings is not grouped @Maffooch (#14107)
• 🎉 Implement json part for Cloudflare insights parser @manuel-sommer (#14096)
• 💄 ssl labs json files reformat @manuel-sommer (#14106)
• Refactor note fetching logic for improved permission checks @Maffooch (#14081)
• ⬆️ Bump ruff from 0.14.10 to 0.14.11 @manuel-sommer (#14066)
• 🐛 fix Nonetype in nuclei #14071 @manuel-sommer (#14072)
• Remove unused asteval dependency @valentijnscholten (#14079)
• 🎉 Advance Google Cloud Artifact Scan to parse vulnid @manuel-sommer (#14063)
• 🎉 Implement Cloudflare insights parser @manuel-sommer (#14064)
• announcements: catch exceptions @valentijnscholten (#14045)
• fix: update redis/valkey comment @anthonwellsjo (#13858)
• [docs] pro release notes 2.54.0 @paulOsinski (#14047)
• Re order Jira Alert Description @Jino-T (#14058)
• 💄 Reformat sample scan files @manuel-sommer (#14046)
• 🐛 Fix multiple google cloud artifact scan bugs @manuel-sommer (#14052)
• ReadMe Updates - New Community Portal @devGregA (#14042)
• 💄 Add output description reference to google cloud artifacto… @manuel-sommer (#14038)
• fix front matter in PingCastle docs @paulOsinski (#14036)
• Update migration notes for django-pghistory @valentijnscholten (#14043)

🚩 Changes to settings.dist.py / local_settings.py

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• feat(async): Set "expires" for regular tasks @kiblik (#14172)
• feat(async): Drop args from async_dupe_delete @kiblik (#14171)
• Add django-linear-migrations for linear migration history @valentijnscholten (#14145)
• Add Permissions-Policy header settings and tests @Maffooch (#14156)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🚩 Database migration

• locations: everything else @dogboat (#14198)
• chore(deps): bump django-polymorphic from 4.8.0 to 4.10.5 @manuel-sommer (#14088)
• Add django-linear-migrations for linear migration history @valentijnscholten (#14145)
• feat: Add pghistory tracking for tag fields @valentijnscholten (#14116)
• Product Grade: Configuration Removal @Maffooch (#14075)

🚀 API features and enhancements

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• Refactor engagement and risk acceptance permissions @Maffooch (#14155)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Enforce readonly name field for Test_Type instances and add dynamic serializer selection @Maffooch (#14090)
• Asset/Organizations Endpoints: Patches, permission checking, and API tests @Maffooch (#14080)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🖌 Updates in UI

• Release 2.55.0: Merge Bugfix into Dev @rossops (#14227)
• locations: everything else @dogboat (#14198)
• feat(async): Show number of tasks waiting in queue @kiblik (#14180)
• feat: Add pghistory tracking for tag fields @valentijnscholten (#14116)
• fix bleach memory leak & simplify git commit hash checker @valentijnscholten (#14117)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers @Maffooch (#14098)
• Add Report Builder submenu and improve form validation error messages @valentijnscholten (#14068)
• remove dojo_model_to/from_id decorator @valentijnscholten (#13984)

🧰 Maintenance

• chore(deps): bump jquery-ui from 1.14.1 to 1.14.2 in /components @dependabot (#14201)
• Update dependency kubernetes/minikube from v1.37.0 to v1.38.0 (.github/workflows/k8s-tests.yml) @renovate (#14199)
• Update actions/cache action from v5.0.2 to v5.0.3 (.github/workflows/validate_docs_build.yml) @renovate (#14202)
• fix(deps): update dependency @thulite/doks-core from 1.8.3 to v1.8.4 (docs/package.json) @renovate (#14207)
• Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) @renovate (#14210)
• Update python:3.13.11-alpine3.22 Docker digest from 3.13.11 to v (Dockerfile.nginx-alpine) @renovate (#14211)
• Update valkey Docker tag from 0.15.2 to v0.15.3 (helm/defectdojo/Chart.yaml) @renovate (#14193)
• chore(deps): update docker/login-action action from v3.6.0 to v3.7.0 (.github/workflows/release-x-manual-tag-as-latest.yml) @renovate (#14194)
• chore(deps): bump cryptography from 46.0.3 to 46.0.4 @dependabot (#14190)
• chore(deps): bump python-gitlab from 7.1.0 to 8.0.0 @dependabot (#14189)
• chore(deps): update python:3.13.11-alpine3.22 docker digest from 3.13.11 to v (dockerfile.nginx-alpine) @renovate (#14188)
• Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) @renovate (#14187)
• Update dependency @thulite/seo from 2.4.2 to v2.4.3 (docs/package.json) @renovate (#14184)
• Update dependency @thulite/images from 3.3.3 to v3.3.4 (docs/package.json) @renovate (#14181)
• Update valkey Docker tag from 0.15.1 to v0.15.2 (helm/defectdojo/Chart.yaml) @renovate (#14175)
• Update dependency @thulite/inline-svg from 1.2.1 to v1.2.2 (docs/package.json) @renovate (#14182)
• chore(deps): bump setuptools from 80.10.1 to 80.10.2 @dependabot (#14163)
• chore(deps): update dependency renovatebot/renovate from 42.85.8 to v42.92.6 (.github/workflows/renovate.yaml) @renovate (#14159)
• fix(deps): update dependency @docsearch/js from 4.4.0 to v4.5.3 (docs/package.json) @renovate (#14129)
• fix(deps): update dependency thulite from 2.6.3 to v2.6.4 (docs/package.json) @renovate (#14154)
• chore(deps): bump vulners from 3.1.3 to 3.1.5 @dependabot (#14153)
• chore(deps): bump ruff from 0.14.11 to 0.14.14 @dependabot (#14152)
• chore(deps): update actions/checkout action from v6.0.1 to v6.0.2 (.github/workflows/validate_docs_build.yml) @renovate (#14150)
• chore(deps): update release-drafter/release-drafter action from v6.1.1 to v6.2.0 (.github/workflows/release-drafter.yml) @renovate (#14149)
• chore(deps): bump sqlalchemy from 2.0.45 to 2.0.46 @dependabot (#14148)
• chore(deps): bump markdown from 3.10 to 3.10.1 @dependabot (#14147)
• chore(deps): update actions/setup-python action from v6.1.0 to v6.2.0 (.github/workflows/test-helm-chart.yml) @renovate (#14146)
• chore(deps): update peter-evans/create-pull-request action from v8.0.0 to v8.1.0 (.github/workflows/update-sample-data.yml) @renovate (#14142)
• chore(deps): update dependency prettier from 3.8.0 to v3.8.1 (docs/package.json) @renovate (#14141)
• chore(deps): bump setuptools from 80.9.0 to 80.10.1 @dependabot (#14138)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.11 to v1.37.12 (helm/defectdojo/values.yaml) @renovate (#14135)
• Update python Docker tag from 3.13.11 to v3.14.2 (Dockerfile.nginx-alpine) @renovate (#13996)
• chore(deps): update valkey docker tag from 0.15.0 to v0.15.1 (helm/defectdojo/chart.yaml) @renovate (#14131)
• chore(deps): update dependency django-debug-toolbar from 6.1.0 to v6.2.0 (requirements-dev.txt) @renovate (#14132)
• Update dependency @docsearch/css from 4.4.0 to v4.5.3 (docs/package.json) @renovate (#14128)
• chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) @renovate (#14110)
• chore(deps): update dependency renovatebot/renovate from 42.80.1 to v42.85.8 (.github/workflows/renovate.yaml) @renovate (#14112)
• chore(deps): update losisin/helm-docs-github-action action from v1.6.2 to v1.7.1 (.github/workflows/test-helm-chart.yml) @renovate (#14114)
• chore(deps): update losisin/helm-values-schema-json-action action from v2.3.2 to v2.4.1 (.github/workflows/test-helm-chart.yml) @renovate (#14115)
• chore(deps): update openapitools/openapi-generator-cli docker tag from v7.18.0 to v7.19.0 (dockerfile.integration-te...

2.54.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.2

• 🎉 add Trivy misconfiguration fields #14136 @manuel-sommer (#14139)
• Update file upload field to accept dynamic file types and add validation for supported extensions @Maffooch (#14143)
• pro changelog: jan21 @paulOsinski (#14144)

🚩 Changes to settings.dist.py / local_settings.py

• Add Permissions-Policy header settings and tests @Maffooch (#14156)

2.54.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.1

• tags from parser: fix parsers, add tests and fallback @valentijnscholten (#14111)
• prettify sample scan files @valentijnscholten (#14113)
• Add additional fields to AssetSerializer @Maffooch (#14109)
• Import/Reimport: Push to jira when findings is not grouped @Maffooch (#14107)
• 🎉 Implement json part for Cloudflare insights parser @manuel-sommer (#14096)
• 💄 ssl labs json files reformat @manuel-sommer (#14106)
• Refactor note fetching logic for improved permission checks @Maffooch (#14081)
• ⬆️ Bump ruff from 0.14.10 to 0.14.11 @manuel-sommer (#14066)
• 🐛 fix Nonetype in nuclei #14071 @manuel-sommer (#14072)
• Remove unused asteval dependency @valentijnscholten (#14079)

🚀 API features and enhancements

• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Enforce readonly name field for Test_Type instances and add dynamic serializer selection @Maffooch (#14090)
• Asset/Organizations Endpoints: Patches, permission checking, and API tests @Maffooch (#14080)

🖌 Updates in UI

• fix bleach memory leak & simplify git commit hash checker @valentijnscholten (#14117)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers @Maffooch (#14098)
• Add Report Builder submenu and improve form validation error messages @valentijnscholten (#14068)

2.54.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.0

• 🎉 Advance Google Cloud Artifact Scan to parse vulnid @manuel-sommer (#14063)
• 🎉 Implement Cloudflare insights parser @manuel-sommer (#14064)
• announcements: catch exceptions @valentijnscholten (#14045)
• fix: update redis/valkey comment @anthonwellsjo (#13858)
• [docs] pro release notes 2.54.0 @paulOsinski (#14047)
• Re order Jira Alert Description @Jino-T (#14058)
• 💄 Reformat sample scan files @manuel-sommer (#14046)
• 🐛 Fix multiple google cloud artifact scan bugs @manuel-sommer (#14052)
• 💄 Add output description reference to google cloud artifacto… @manuel-sommer (#14038)
• fix front matter in PingCastle docs @paulOsinski (#14036)
• Update migration notes for django-pghistory @valentijnscholten (#14043)

🚩 Database migration

• Product Grade: Configuration Removal @Maffooch (#14075)

🧰 Maintenance

• chore(deps): bump urllib3 from 2.6.2 to 2.6.3 @dependabot (#14059)