Download Latest Version
2.48.4 source code.tar.gz (78.5 MB)
Get an email when there's a new version of DefectDojo
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| oas.json | 2025-07-07 | 796.1 kB | |
| oas.yaml | 2025-07-07 | 1.1 MB | |
| defectdojo-1.6.195.tgz | 2025-07-07 | 188.4 kB | |
| 2.48.0 source code.tar.gz | 2025-07-07 | 78.3 MB | |
| 2.48.0 source code.zip | 2025-07-07 | 80.5 MB | |
| README.md | 2025-07-07 | 9.9 kB | |
| Totals: 6 Items | 160.9 MB | 1 | |
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.47.0
- endpoint metrics test: ignore order @valentijnscholten (#12736)
- finding groups: filter by product if applicable @valentijnscholten (#12711)
- add management command to import all unit test sample scans @valentijnscholten (#12700)
- unittests: import query/task count capture @valentijnscholten (#12716)
- Mend Parser change - redundant field removed @testaccount90009 (#12685)
- fix import_scan open mode in closeold test @fopina (#12725)
- dev: hot reloading improvements celery/html/tpl @valentijnscholten (#12714)
- post processing: check for finding being None @valentijnscholten (#12713)
- integration tests: sync suite between GHA and entrypoint @valentijnscholten (#12703)
- Delete tests/local-integration-tests.sh/.bat @valentijnscholten (#12702)
- cobalt api: add note about v1 api keys only @valentijnscholten (#12646)
- Async Delete: Correct instances of multiple audit log entries for delete @Maffooch (#12650)
- twistlock json: safely get fields @valentijnscholten (#12701)
- trivy: map status field @valentijnscholten (#12686)
- Update Fixture-Updater binary to use latest Go version (1.24.4) @svader0 (#12704)
- metrics filters: improve handling when nothing matches the filters @valentijnscholten (#12687)
- Import EPSS data from Anchore Grype scans @bwt-sloanj (#12639)
- login next param: set default for sso redirects @valentijnscholten (#12677)
- checkmarx: close files used in unit tests @valentijnscholten (#12647)
- [docs] update pro changelog 2.47.2, remove redundant content @paulOsinski (#12649)
- ReversingLabs SpectraAssure rl-json parser for DefectDojo @rl-maartenb (#12579)
- Change CLI tool reference in docs @Jino-T (#12619)
- docs maintenance - priority @paulOsinski (#12623)
- Simple metrics closed per month query improvement @valentijnscholten (#12599)
- PR template: adjust freeze wording @valentijnscholten (#12608)
- remove outdated (mysql) test database instructions @valentijnscholten (#12609)
- add postgres 17 upgrade steps to 2.39.0 upgrade notes @valentijnscholten (#12585)
- feat(docker): Depends_on based on initializer @kiblik (#12584)
- :bug: Nmap parser: Add url info to description [#12411] @manuel-sommer (#12466)
- :lipstick: pretty print cargo audit test file @manuel-sommer (#12590)
- simple metrics: count closed findings not opened in current month @valentijnscholten (#12595)
- JIRA helper: respect simple/full risk acceptance on webhook processiing @valentijnscholten (#12594)
- :lipstick: restructure coverity scan test files @manuel-sommer (#12559)
- Changelog + Minor Docs Maintenance @paulOsinski (#12551)
- Pro Feature - Deduplication tuning documentation update @skywalke34 (#12471)
- Checkov report parsing enhanced @shodanwashere (#12398)
🚩 Changes to settings.dist.py / local_settings.py
- jira: truncate description if max length exceeded @valentijnscholten (#12732)
- :tada: Add JVNDB vulnid @manuel-sommer (#12724)
- :tada: Add Lenovo vulnid @manuel-sommer (#12696)
- :tada: Add Tailscale vulnid @manuel-sommer (#12645)
- Burp Enterprise renamed to Burp DAST @valentijnscholten (#12604)
- :tada: Implement Cycognito parser @manuel-sommer (#12558)
- :tada: Add EUVD vulnid @manuel-sommer (#12589)
- :tada: Add Go vulnid @manuel-sommer (#12564)
🚩 Database migration
- rebase migrations @valentijnscholten (#12726)
- remove actual_time and estimated_time fields @valentijnscholten (#12712)
- add fields for kev-related data to finding model @dogboat (#12678)
- Improve cvssv3 validation @valentijnscholten (#12440)
- Clarify JIRA accepted and false positives mappings @valentijnscholten (#12593)
🚀 API features and enhancements
- Improve cvssv3 validation @valentijnscholten (#12440)
- API: Allow filtering users on last_login/date_joined @valentijnscholten (#12640)
- API: prevent duplicate saves of taggable entities or when pushing to JIRA @valentijnscholten (#12607)
🖌 Updates in UI
- :tada: Add JVNDB vulnid @manuel-sommer (#12724)
- Finding Groups: Respect minimum severity and active/verified rules when pushing to JIRA @valentijnscholten (#12475)
- Datatables.net package updates @devospice (#12682)
- Optimize queryset annotations & prefetches to cut DB time for test / finding / product views (issue [#12575]) @DenysMoskalenko (#12603)
- Feature/asvs 5.0 benchmark @ivhorodko (#12669)
- Fix Finding_Text @9alexx3 (#12628)
- SAML Login: Respect
nextparameter @Maffooch (#12560) - Session Warning: Prevent timeout overflow for large session ages @Maffooch (#12547)
🔧 Improved code quality with linters
- :lipstick: Restructure Ruff rules according to documentation @manuel-sommer (#12552)
🧰 Maintenance
- Bump boto3 from 1.39.0 to 1.39.1 @dependabot (#12734)
- Bump drf-spectacular-sidecar from 2025.6.1 to 2025.7.1 @dependabot (#12729)
- Bump pillow from 11.2.1 to 11.3.0 @dependabot (#12728)
- Bump boto3 from 1.38.46 to 1.39.0 @dependabot (#12727)
- Bump boto3 from 1.38.44 to 1.38.46 @dependabot (#12723)
- Bump python-gitlab from 6.0.0 to 6.1.0 @dependabot (#12720)
- Bump nginx from 1.27.5-alpine3.21 to 1.28.0-alpine3.21 @dependabot (#12719)
- Bump openapitools/openapi-generator-cli from v7.13.0 to v7.14.0 @dependabot (#12718)
- Bump lxml from 5.4.0 to 6.0.0 @dependabot (#12709)
- Bump ruff from 0.12.0 to 0.12.1 @dependabot (#12708)
- Bump boto3 from 1.38.44 to 1.38.45 @dependabot (#12707)
- Bump social-auth-core from 4.6.1 to 4.7.0 @dependabot (#12706)
- Update dependency prettier from 3.6.1 to v3.6.2 (docs/package.json) @renovate (#12705)
- Bump django-auditlog from 3.1.2 to 3.2.0 @dependabot (#12697)
- Bump django-prometheus from 2.4.0 to 2.4.1 @dependabot (#12698)
- Bump boto3 from 1.38.43 to 1.38.44 @dependabot (#12699)
- chore(deps): update node.js from v22.16.0 to v22.17.0 (docs/package.json) @renovate (#12688)
- chore(deps): update dependency prettier from 3.6.0 to v3.6.1 (docs/package.json) @renovate (#12689)
- Bump boto3 from 1.38.42 to 1.38.43 @dependabot (#12692)
- Update dependency vite from 6.3.5 to v7 (docs/package.json) @renovate (#12680)
- Bump boto3 from 1.38.41 to 1.38.42 @dependabot (#12679)
- Bump django-tagulous from 2.1.0 to 2.1.1 @dependabot (#12672)
- Bump boto3 from 1.38.40 to 1.38.41 @dependabot (#12673)
- Update dependency prettier from 3.5.3 to v3.6.0 (docs/package.json) @renovate (#12671)
- Bump django-prometheus from 2.3.1 to 2.4.0 @dependabot (#12636)
- Bump urllib3 from 2.4.0 to 2.5.0 @dependabot (#12637)
- Bump markdown from 3.8 to 3.8.2 @dependabot (#12642)
- Bump boto3 from 1.38.38 to 1.38.40 @dependabot (#12643)
- Update docker/setup-buildx-action action from v3.11.0 to v3.11.1 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12626)
- Bump ruff from 0.11.13 to 0.12.0 @dependabot (#12630)
- Bump boto3 from 1.38.37 to 1.38.38 @dependabot (#12629)
- Update docker/setup-buildx-action action from v3.10.0 to v3.11.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12614)
- Bump boto3 from 1.38.36 to 1.38.37 @dependabot (#12621)
- Update mccutchen/go-httpbin Docker tag from 2.18.2 to v2.18.3 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12605)
- Bump boto3 from 1.38.35 to 1.38.36 @dependabot (#12600)
- Bump boto3 from 1.38.34 to 1.38.35 @dependabot (#12597)
- Update stefanzweifel/git-auto-commit-action action from v6.0.0 to v6.0.1 (.github/workflows/release-3-master-into-dev.yml) @renovate (#12592)
- Bump boto3 from 1.38.33 to 1.38.34 @dependabot (#12591)
- Update mccutchen/go-httpbin Docker tag from 2.18.1 to v2.18.2 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12588)
- Update softprops/action-gh-release action from v2.3.0 to v2.3.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12586)
- Update stefanzweifel/git-auto-commit-action action from v5.2.0 to v6 (.github/workflows/release-3-master-into-dev.yml) @renovate (#12587)
- Bump requests from 2.32.3 to 2.32.4 @dependabot (#12582)
- Bump requests from 2.32.3 to 2.32.4 @dependabot (#12578)
- Bump boto3 from 1.38.32 to 1.38.33 @dependabot (#12581)
- Bump cryptography from 45.0.3 to 45.0.4 @dependabot (#12580)
- Update softprops/action-gh-release action from v2.2.2 to v2.3.0 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12577)
- Update postgres:17.5-alpine Docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12576)
- Bump packageurl-python from 0.17.0 to 0.17.1 @dependabot (#12568)
- Bump boto3 from 1.38.31 to 1.38.32 @dependabot (#12569)
- Bump ruff from 0.11.12 to 0.11.13 @dependabot (#12562)
- Bump boto3 from 1.38.30 to 1.38.31 @dependabot (#12563)
- Update redis Docker tag from 7.2.8 to v7.2.9 (docker-compose.yml) @renovate (#12529)
- Bump boto3 from 1.38.29 to 1.38.30 @dependabot (#12557)
- Bump packageurl-python from 0.16.0 to 0.17.0 @dependabot (#12556)
- Bump boto3 from 1.38.28 to 1.38.29 @dependabot (#12554)
- Bump python-gitlab from 5.6.0 to 6.0.0 @dependabot (#12553)
- Bump redis from 5.2.1 to 6.2.0 @dependabot (#12523)
- Update postgres:17.5-alpine Docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12546)
- Bump uwsgi from 2.0.29 to 2.0.30 @dependabot (#12549)
- Bump boto3 from 1.38.27 to 1.38.28 @dependabot (#12548)
- Bump argon2-cffi from 23.1.0 to 25.1.0 @dependabot (#12550)
- Update dependency @tabler/icons from 3.33.0 to v3.34.0 (docs/package.json) @renovate (#12545)
- Bump drf-spectacular-sidecar from 2025.5.1 to 2025.6.1 @dependabot (#12537)
- Bump celery from 5.5.2 to 5.5.3 @dependabot (#12535)