DefectDojo Files

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.48.0

• :tada: Add Xeol parser [#12816] @manuel-sommer (#12846)
• checkov: add null check @valentijnscholten (#12906)
• Update Mend Platform parser for Ransomware, Exploitable, and KEV @testaccount90009 (#12879)
• Async Delete: Handle exceptions for duplicate requests @Maffooch (#12867)
• [docs] Add Algolia Docsearch @paulOsinski (#12890)
• perf2: skip post processing if not needed @valentijnscholten (#12862)
• anchore_grype docs: add info about --by-cve @valentijnscholten (#12874)
• sysdig: fix severity mapping @valentijnscholten (#12873)
• perf1: test cases: fix caching of system settings @valentijnscholten (#12861)
• Bulk edit push groups and findings fix @valentijnscholten (#12813)
• Docs: Update outdated URLs @9alexx3 (#12845)
• Ruff: Preparation for TRY301 @manuel-sommer (#12738)
• close old findings: make test cases test default behaviour @valentijnscholten (#12842)
• reuse Sarif base parser for snyk and mayhem parsers @valentijnscholten (#12788)
• Trivy: Use CVSS scores from other vendors where applicable @Maffooch (#12826)
• Dependency Check: Support CVSS v3 @Maffooch (#12828)
• bugfix: twistlock: fix no cvss case @valentijnscholten (#12809)
• sysdig: support 2025 formats @valentijnscholten (#12810)
• github action: close manually marked stale issues/prs after 7 days @valentijnscholten (#12812)
• ms_defender: skip empty files from zip @valentijnscholten (#12780)
• Django: update to 5.1.11 @valentijnscholten (#12786)
• Mayhem SARIF support (new parser) @xansec (#12624)
• Consistent "Close old findings" between UI and API @fopina (#12774)
• twistlock: parse compliances @valentijnscholten (#12772)
• Optimize view_engineer to use DB-side aggregation and cut load time @DenysMoskalenko (#12606)
• [docs] Add deduplication hashcode fields to parser descriptions @paulOsinski (#12648)
• allow users with edit/add user permission to force password resets @valentijnscholten (#12761)
• Zap: Add test case with more request/response pairs @valentijnscholten (#12733)
• Feat(nginx): Add support for IPv6 @kiblik (#12710)
• docs: Pro changelog update 2.47.3 / 2.47.4 @paulOsinski (#12746)
• add risk acceptance: display more fields in findings dropdown @valentijnscholten (#12745)
• include vuln_id_from_tool in group_by @LeoOMaia (#12744)

🚩 Changes to settings.dist.py / local_settings.py

• :tada: Add Sophos vulnid @manuel-sommer (#12852)
• :tada: Add NCSC vulnid @manuel-sommer (#12818)
• :tada: add GSD vulnid @manuel-sommer (#12794)

🚩 Database migration

• jira: mention PATs are not supported in OS @valentijnscholten (#12884)
• reimport: optionally restart sla on reactivation @valentijnscholten (#12843)
• :bug: Fix db_migration fix_available field to allow None @manuel-sommer (#12817)
• importers: clean tags before saving @valentijnscholten (#12811)
• :bug: rebase dev branch db_migrations @manuel-sommer (#12803)
• addition of validation to minimum and maximum password settings @blakeaowens (#12798)
• :tada: Add a 'fix_available' field to the findings [#12633] @manuel-sommer (#12793)
• pytz removal @valentijnscholten (#12792)
• Add CVSS4 support @valentijnscholten (#12751)

🚀 General features and enhancements

• bugfix: use subquery for (finding) counts @valentijnscholten (#12784)

🚀 API features and enhancements

• Support for whitelisted file extensions @Maffooch (#12891)
• Reimport: Restore default for close_old_findings to True @Maffooch (#12837)
• product api: optimize list of finding ids @valentijnscholten (#12827)
• bugfix: reimport: close_old_findings must respect service field @valentijnscholten (#12782)

🖌 Updates in UI

• fix datatable search box location with style override @blakeaowens (#12893)
• jira: add endpoint status to description @valentijnscholten (#12858)
• Bump ruff from 0.12.5 to 0.12.7 @dependabot (#12877)
• Anchore grype EPSS fix @valentijnscholten (#12825)
• Make KEV data visible on findings listing @dogboat (#12785)
• Add CVSS4 support @valentijnscholten (#12751)
• risk acceptance expiration: keep link with findings @valentijnscholten (#12737)

🧰 Maintenance

• Bump packageurl-python from 0.17.2 to 0.17.3 @dependabot (#12896)
• Bump boto3 from 1.39.16 to 1.40.0 @dependabot (#12895)
• Bump drf-spectacular-sidecar from 2025.7.1 to 2025.8.1 @dependabot (#12894)
• chore(deps): update node.js from v22.17.1 to v22.18.0 (docs/package.json) @renovate (#12892)
• Bump pygithub from 2.6.1 to 2.7.0 @dependabot (#12882)
• Bump packageurl-python from 0.17.1 to 0.17.2 @dependabot (#12869)
• Bump ruff from 0.12.5 to 0.12.7 @dependabot (#12877)
• Bump sqlalchemy from 2.0.41 to 2.0.42 @dependabot (#12878)
• Bump django-debug-toolbar from 5.2.0 to 6.0.0 @dependabot (#12870)
• Bump pygithub from 1.58.2 to 2.6.1 @dependabot (#11886)
• Bump python-gitlab from 6.1.0 to 6.2.0 @dependabot (#12868)
• Bump boto3 from 1.39.13 to 1.39.16 @dependabot (#12876)
• Update dependency vite from 7.0.5 to v7.0.6 (docs/package.json) @renovate (#12850)
• Bump boto3 from 1.39.11 to 1.39.13 @dependabot (#12857)
• Bump ruff from 0.12.4 to 0.12.5 @dependabot (#12856)
• Bump gitpython from 3.1.44 to 3.1.45 @dependabot (#12853)
• Bump boto3 from 1.39.10 to 1.39.11 @dependabot (#12847)
• chore(deps): update mikefarah/yq action from v4.46.1 to v4.47.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12844)
• chore(deps): update dependency vite from 7.0.4 to v7.0.5 (docs/package.json) @renovate (#12832)
• Bump boto3 from 1.39.9 to 1.39.10 @dependabot (#12835)
• Update dependency @tabler/icons from 3.34.0 to v3.34.1 (docs/package.json) @renovate (#12815)
• Bump nginx from aed9973 to d83c013 @dependabot (#12820)
• Bump ruff from 0.12.3 to 0.12.4 @dependabot (#12804)
• chore(deps): update redis:7.2.10-alpine docker digest from 7.2.10 to v (docker-compose.yml) @renovate (#12802)
• chore(deps): update postgres:17.5-alpine docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12801)
• Bump boto3 from 1.39.6 to 1.39.9 @dependabot (#12821)
• Bump boto3 from 1.39.4 to 1.39.6 @dependabot (#12795)
• chore(deps): update redis:7.2.10-alpine docker digest from 7.2.10 to v (docker-compose.yml) @renovate (#12791)
• chore(deps): update postgres:17.5-alpine docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12790)
• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.7 to v1.37.8 (helm/defectdojo/values.yaml) @renovate (#12787)
• chore(deps): update node.js from v22.17.0 to v22.17.1 (docs/package.json) @renovate (#12789)
• Bump ruff from 0.12.2 to 0.12.3 @dependabot (#12776)
• Bump boto3 from 1.39.3 to 1.39.4 @dependabot (#12770)
• chore(deps): update dependency vite from 7.0.3 to v7.0.4 (docs/package.json) @renovate (#12768)
• chore(deps): update mikefarah/yq action from v4.45.4 to v4.46.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12766)
• Bump djangosaml2 from 1.10.1 to 1.11.1 @dependabot (#12763)
• chore(deps): update redis docker tag from 7.2.9 to v7.2.10 (docker-compose.yml) @renovate (#12762)
• chore(deps): update dependency vite from 7.0.2 to v7.0.3 (docs/package.json) @renovate (#12764)
• Bump cryptography from 45.0.4 to 45.0.5 @dependabot (#12741)
• chore(deps): update dependency vite from 7.0.0 to v7.0.2 (docs/package.json) @renovate (#12742)
• Bump datatables.net-buttons-bs from 3.2.3 to 3.2.4 in /components @dependabot (#12743)
• Bump boto3 from 1.39.1 to 1.39.3 @dependabot (#12747)
• Bump django-auditlog from 3.2.0 to 3.2.1 @dependabot (#12748)
• Bump ruff from 0.12.1 to 0.12.2 @dependabot (#12749)