Skip to content

Releases: DefectDojo/django-DefectDojo

nightly-dev 🌈

nightly-dev 🌈 Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 24 May 14:42
7857ff8

Run the release drafter to populate the release notes.

3.1.0 🌈

Choose a tag to compare

@github-actions github-actions released this 06 Jul 22:11
5ddac02

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 3.0.0

🚩 Changes to settings.dist.py / local_settings.py

🚩 Database migration

  • feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
  • feat: allow disabling and dismissing the open source message banner @devGregA (#15089)
  • perf(finding): add sla_expiration_date index for global finding list @rossops (#15103)
  • perf(jira,product): fix finding-group push N+1 and add case-insensitive product-name index @Maffooch (#15122)
  • Renumber #15058 migration and move release notes to 3.1.x @Maffooch (#15108)
  • Modernize Tool Config credential encryption to AES-256-GCM @Maffooch (#15058)
  • Ree/perf indexes @rossops (#15095)
  • Add partial indexes for authorized finding-list queries @rossops (#15064)
  • perf(migrations): bulk backfill in 0268 release_authorization_to_pro @Maffooch (#15044)
  • fix(findings): normalize blank components to NULL (SC-13073) @Maffooch (#15038)

🚀 API features and enhancements

🐛 Bug Fixes

  • fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)

🖌 Updates in UI

  • feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
  • Fix: right-aligned dropdown menus overflow off the right edge of the page @stevewallone (#15137)
  • feat(ui): animate collapse panels in the new UI @ksitton58 (#15116)
  • feat(ui): smooth and tidy the filter category accordion in the new UI @ksitton58 (#15106)
  • feat: allow disabling and dismissing the open source message banner @devGregA (#15089)
  • PDF Report: Show vulnerability IDs @samiat4911 (#15115)
  • fix(ui): stop client/server sort flash on asset & finding-group lists @skywalke34 (#15084)
  • fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
  • fix(metrics): prevent 500 on Critical Asset Metrics page when no critical products exist @valentijnscholten (#15057)
  • refactor(ui): use design tokens instead of hardcoded colors on new lo… @ksitton58 (#14998)
  • fix(ui): use brand color tokens instead of hardcoded hex in new UI @ksitton58 (#14999)
  • fix(ui): add missing "solid" keyword to disclaimer border in new UI @ksitton58 (#15001)
  • feat(ui): fold Finding Groups under Findings in the sidebar @ksitton58 (#15040)
  • perf(importers): batch BurpRawRequestResponse inserts + re-enable perf tests @valentijnscholten (#14969)
  • Added global required fields notice for WCAG H90 compliance @sym9 (#14962)

🧰 Maintenance

  • Update dependency kubernetes/kubernetes from v1.35.4 to v1.35.6 (.github/workflows/k8s-tests.yml) @renovate (#14892)
  • chore(deps): update stefanzweifel/git-auto-commit-action action from v7.1.0 to v7.2.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#15130)
  • Update actions/checkout action from v6.0.3 to v7 (.github/workflows/validate_docs_build.yml) @renovate (#15132)
  • chore(deps-dev): bump @tailwindcss/cli from 4.3.1 to 4.3.2 in /components @dependabot (#15131)
  • chore(deps): update docker/build-push-action action from v7.2.0 to v7.3.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#15138)
  • chore(deps-dev): bump tailwindcss from 4.3.1 to 4.3.2 in /components @dependabot (#15129)
  • chore(deps): bump ruff from 0.15.19 to 0.15.20 @dependabot (#15128)
  • chore(deps): bump humanize from 4.15.0 to 4.16.0 @dependabot (#15127)
  • chore(deps): bump django-permissions-policy from 4.31.0 to 4.32.0 @dependabot (#15126)
  • Update dependency kubernetes from 1.33.13 to v1.34.9 (.github/workflows/k8s-tests.yml) @renovate (#15121)
  • Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.38.0 to v1.38.1 (helm/defectdojo/values.yaml) @renovate (#15119)
  • chore(deps): update actions/cache action from v6.0.0 to v6.1.0 (.github/workflows/validate_docs_build.yml) @renovate (#15120)
  • Update python:3.14.6-slim-trixie Docker digest from 3.14.6 to 3.14.6-slim-trixie (Dockerfile.integration-tests-debian) @renovate (#15118)
  • chore(deps): update dependency renovatebot/renovate from 43.240.0 to v43.248.0 (.github/workflows/renovate.yaml) @renovate (#15099)
  • chore(deps): bump python-gitlab from 8.3.0 to 8.4.0 @dependabot (#14956)
  • chore(deps): update release-drafter/release-drafter action from v7.3.1 to v7.5.1 (.github/workflows/release-drafter.yml) @renovate (#15083)
  • chore(deps): update actions/cache action from v5.0.5 to v6 (.github/workflows/validate_docs_build.yml) @renovate (#15085)
  • chore(deps): update openapitools/openapi-generator-cli docker tag from v7.22.0 to v7.23.0 (dockerfile.integration-tests-debian) @renovate (#15079)
  • chore(deps): update mccutchen/go-httpbin docker tag from 2.18.3 to v2.23.1 (docker-compose.override.integration_tests.yml) @renovate (#15078)
  • chore(deps): update dependency node from 24.16.0 to v24.18.0 (.github/workflows/validate_docs_build.yml) @renovate (#15077)
  • chore(deps): update actions/setup-python action from v6.2.0 to v6.3.0 (.github/workflows/test-helm-chart.yml) @renovate (#15076)
  • chore(deps): bump pdfmake from 0.3.10 to 0.3.11 in /components @dependabot (#15075)
  • chore(deps): bump redis from 8.0.0 to 8.0.1 @dependabot (#15074)
  • chore(deps): bump django-environ from 0.13.0 to 0.14.0 @dependabot (#15073)
  • chore(deps): bump ruff from 0.15.16 to 0.15.19 @dependabot (#15072)
  • chore(deps-dev): bump django-debug-toolbar from 6.3.0 to 7.0.0 @dependabot (#15071)
  • chore(deps): update softprops/action-gh-release action from v3.0.0 to v3.0.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#15070)
  • chore(deps): u...
Read more

3.0.200 🌈

Choose a tag to compare

@github-actions github-actions released this 29 Jun 16:17
a7eb77f

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 3.0.100

🚩 Changes to settings.dist.py / local_settings.py

  • Fix Xygeni SAST/Secrets deduplication: key on uniqueHash, not issueId @lmrb-1968 (#15061)

🚩 Database migration

🚀 API features and enhancements

  • perf(finding-api): drop blanket DISTINCT from FindingViewSet list @rossops (#15096)

🐛 Bug Fixes

  • fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)

🖌 Updates in UI

  • fix(ui): stop client/server sort flash on asset & finding-group lists @skywalke34 (#15084)
  • fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
  • fix(metrics): prevent 500 on Critical Asset Metrics page when no critical products exist @valentijnscholten (#15057)

3.0.100 🌈

Choose a tag to compare

@github-actions github-actions released this 22 Jun 16:54
523d2f6

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 3.0.1

🚩 Changes to settings.dist.py / local_settings.py

🚩 Database migration

  • perf(migrations): bulk backfill in 0268 release_authorization_to_pro @Maffooch (#15044)
  • fix(findings): normalize blank components to NULL (SC-13073) @Maffooch (#15038)

🚀 API features and enhancements

  • Release: Merge release into master from: release/3.0.100 @github-actions (#15054)
  • Endpoint_Status updates @dogboat (#15012)

🖌 Updates in UI

  • fix(ui): add missing "solid" keyword to disclaimer border in new UI @ksitton58 (#15001)

🧰 Maintenance

3.0.1 🌈

Choose a tag to compare

@github-actions github-actions released this 17 Jun 17:38
bfd4261

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 3.0.0

🚀 API features and enhancements

  • Refactor and enhance API permissions @dogboat (#15034)
  • fix: prevent 500 on org/product delete with deprecated endpoints, and point new-UI banner at 3.3.0 @Maffooch (#15024)

🧰 Maintenance

3.0.0 🌈

Choose a tag to compare

@github-actions github-actions released this 15 Jun 22:36
b10ecf8

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Breaking Changes: Please consult the release notes for full details

Changes since 2.58.0

  • Release: Merge release into master from: release/3.0.0 @github-actions (#15017)
  • Locations updates @dogboat (#15015)
  • Add release notes for upgrading to DefectDojo Version 3.0.x @Maffooch (#15010)
  • test(perf) on bugfix: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14968)
  • test(perf) on dev: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14967)
  • fix(dependency_check): fold related dependency paths into description instead of emitting separate findings @valentijnscholten (#14941)
  • Prevent reimport from reactivating duplicate findings as active/verified @valentijnscholten (#14935)
  • Preserve verified flag when promoting duplicate to new original @valentijnscholten (#14934)
  • feat: allow users to request peer review from themselves @valentijnscholten (#14946)
  • Check statusCategory instead of the resolution field for Jira issue status @derda17 (#14611)
  • feat(parser): set fix_available on GitHub Vulnerability parser @jsayerascb (#14943)
  • Release: Merge back 2.59.0 into bugfix from: master-into-bugfix/2.59.0-2.60.0-dev @github-actions (#14939)
  • Release: Merge back 2.59.0 into dev from: master-into-dev/2.59.0-2.60.0-dev @github-actions (#14938)
  • Release 2.59.0: Merge Bugfix into Dev @rossops (#14936)
  • Fix SARIF parser crash on empty extensions @kleomartiny (#14898)
  • Rename title to 'Open-Source Permissions' @paulOsinski (#14908)
  • docs: add 2.58.3 and 2.58.4 release notes to Pro changelog @Maffooch (#14926)
  • Release: Merge back 2.58.4 into dev from: master-into-dev/2.58.4-2.59.0-dev @github-actions (#14914)
  • Release: Merge back 2.58.4 into bugfix from: master-into-bugfix/2.58.4-2.59.0-dev @github-actions (#14915)
  • Release: Merge release into master from: release/2.58.4 @github-actions (#14913)
  • 🐛 fix cyclonedx missing vector field #14874 @manuel-sommer (#14884)
  • [docs] Improve Snyk parser documentation with export instructions and enterprise workflow @balaakasam (#14675)
  • Release: Merge back 2.58.3 into bugfix from: master-into-bugfix/2.58.3-2.59.0-dev @github-actions (#14886)
  • Add docs for Products and Assets @dangoelz (#14876)
  • May docs maintenance @paulOsinski (#14880)
  • rename CLAUDE.md to AGENTS.md @valentijnscholten (#14873)
  • Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after) @PDFour4 (#14786)
  • Scope report views to the requesting user's authorized products @Maffooch (#14870)
  • Anchor location finding reference authorization to the finding's own product @Maffooch (#14871)
  • Remove gitpython @dogboat (#14808)
  • Update changelog for v2.58.2 release notes @Maffooch (#14854)
  • Fix URLs and expand Lychee coverage @Maffooch (#14855)
  • ⚡ speed up migrate_endpoints_to_locations (~14× fewer queries) @Maffooch (#14841)
  • docs: Add Components page and glossary entry @Jino-T (#14840)
  • Release: Merge back 2.58.2 into bugfix from: master-into-bugfix/2.58.2-2.59.0-dev @github-actions (#14851)
  • [docs] locations (pro feature), maintenance @paulOsinski (#14834)
  • feat(importers): apply import-time tags per batch before post-processing, do not tag old findings @valentijnscholten (#14839)
  • perf(tags): centralize tag inheritance + replace signal disconnect with batch context manager (Phase B) @valentijnscholten (#14827)
  • perf(tags): bulk-propagate inherited tags + gate child post_save on create @valentijnscholten (#14812)
  • Add mitigation finding filters and complete mitigation filter tests @bendnema (#14790)
  • cascade delete: prepare preview_only parameter @valentijnscholten (#14810)
  • test: add background param to import all unit tests command @valentijnscholten (#14805)
  • perf(dupe-delete): use bulk_delete_findings + correlated subquery in async_dupe_delete @valentijnscholten (#14797)
  • test: pin query-count baselines for tag inheritance hot paths @valentijnscholten (#14811)
  • Update changelog for May 2026 release (v2.58.0) @Maffooch (#14807)
  • Release: Merge back 2.58.1 into dev from: master-into-dev/2.58.1-2.59.0-dev @github-actions (#14830)
  • Release: Merge back 2.58.1 into bugfix from: master-into-bugfix/2.58.1-2.59.0-dev @github-actions (#14829)
  • Release: Merge release into master from: release/2.58.1 @github-actions (#14828)
  • endpoint: optimize eq via product_id @valentijnscholten (#14806)
  • Fix broken links @paulOsinski (#14802)
  • Release: Merge back 2.58.0 into dev from: master-into-dev/2.58.0-2.59.0-dev @github-actions (#14803)

🚩 Changes to settings.dist.py / local_settings.py

  • Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
  • Enable v3 functionality and organization/asset relabeling by default @Maffooch (#15011)
  • Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
  • feat(parsers): add Alert Logic CSV parser @skywalke34 (#14930)
  • Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
  • perf(watson): prefetch relations + force async indexing @valentijnscholten (#14881)
  • perf(tag inheritance): batch_mode + per-batch bulk during import + reorganize @valentijnscholten (#14877)
  • Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
  • Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
  • Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
  • feat(parsers): add Xygeni JSON parser (SAST, SCA, Secrets) @lmrb-1968 (#14769)
  • 🎉 add ksa security advisory @manuel-sommer (#14809)
  • Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🚩 Database migration

  • Refactor removal of deprecated features while preserving database state @Maffooch (#15009)
  • Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
  • Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
  • remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
  • remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
  • Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🚀 API features and enhancements

  • Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
  • Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
  • Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
  • refactor: rename dispatch kwarg sync= to force_sync= @valentijnscholten (#14882)
  • Release: Merge back 2.58.3 into dev from: master-into-dev/2.58.3-2.59.0-dev @github-actions (#14887)
  • Release: Merge release into master from: release/2.58.3 @github-actions (#14885)
  • Apply object-level permission check to finding duplicate API actions @Maffooch (#14866)
  • Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
  • Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
  • Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
  • remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
  • Use a dedicated permission class for BurpRawRequestResponseViewSet @Maffooch (#14838)
  • remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
  • remove: questionnaire API endpoints (2.56 deprecation, 2.59 EOL) @Maffooch (#14835)
  • Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🖌 Updates in UI

  • Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
  • fix 500 error on critical product metrics page @valentijnscholten (#14945)
  • Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
  • Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
  • remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
  • remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
  • Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🗣 Updates in localization

🔧 Improved code quality with linters

🧰 Maintenance

  • chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.12 to v1.38.0 (helm/defectdojo/values.yaml) @renovate (#14993)
  • chore(deps): bump sqlalchemy from 2.0.49 to 2.0.50 @dependabot (#14918)
  • chore(deps): update actions/stale action from v10.2.0 to v10.3.0 (.github/workflows/close-stale.yml) @renovate (#14949)
  • chore(deps): bump redis from 7.4.0 to 8.0.0 @dependabot (#14958)
  • chore(deps): update dependency node from 24.15.0 to v24.16.0 (.github/workflows/validate_docs_build.yml) @renovate (#14950)
  • chore(deps): update docker/build-push-action action from v7.1.0 to v7.2.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14951)
  • chore(deps): bump drf-spectacular-sidecar from 2026.5.1 to 2026.6.1 @dependabot (#14955)
  • chore(deps): bump ruff from 0.15.14 to 0.15.15 @dependabot (#14959)
  • chore(deps): update actions/checkout action from v6.0.2 to v6.0.3 (.github/workflows/validate_docs_build.yml) @renovate (#14947)
  • chore(deps): update release-drafter/release-drafter action from v7.3.0 to v7.3.1 (.github/workflows/release-drafter.yml) @renovate (#14948)
  • chore(de...
Read more

2.58.4 🌈

Choose a tag to compare

@github-actions github-actions released this 26 May 15:54
5b1d60e

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.3

2.58.3 🌈

Choose a tag to compare

@github-actions github-actions released this 18 May 15:06
ea61111

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.2

🚀 API features and enhancements

  • Apply object-level permission check to finding duplicate API actions @Maffooch (#14866)

🧰 Maintenance

2.58.2 🌈

Choose a tag to compare

@github-actions github-actions released this 11 May 16:12
6eab873

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.1

🚩 Changes to settings.dist.py / local_settings.py

🚀 API features and enhancements

  • Use a dedicated permission class for BurpRawRequestResponseViewSet @Maffooch (#14838)

🧰 Maintenance

2.58.1 🌈

Choose a tag to compare

@github-actions github-actions released this 06 May 21:12
8a99ad6

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.0