Skip to content

Release: Merge release into master from: release/2.53.5#13992

Merged
rossops merged 13 commits intomasterfrom
release/2.53.5
Dec 29, 2025
Merged

Release: Merge release into master from: release/2.53.5#13992
rossops merged 13 commits intomasterfrom
release/2.53.5

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 29, 2025

Release triggered by rossops

DefectDojo release bot and others added 13 commits December 22, 2025 17:29
Update versions in application files
e0d3304
@rossops
Merge pull request #13961 from DefectDojo/master-into-bugfix/2.53.4-2…
f1861f9 
….54.0-dev

Release: Merge back 2.53.4 into bugfix from: master-into-bugfix/2.53.4-2.54.0-dev
@Jino-T
Added relevant test name to "close old findings" comment (#13930)
7af3db2 
* added relevant test name to close old findings comment

* Added test url to close old finding comment

* Better handling for close old findings comments
@kiblik
feat(docker): Manage images via renovate (not dependabot) (#13953)
cbb0096
@rossops @valentijnscholten
Increasing timeouts for unit tests (#13849)
4eb752e 
* Increasing timeouts for unit tests

* fix timeouts

---------

Co-authored-by: Valentijn Scholten <valentijnscholten@gmail.com>
@valentijnscholten
cyclonedx scan: handle missing description (#13963)
3e15654
@valentijnscholten
Fix cross-scanner deduplication endpoint parsing (#10215) (#13964)
031c94c 
Fix incorrect endpoint parsing when endpoints lack a protocol (scheme).
When endpoints are converted to strings without a protocol, hyperlink.parse()
misinterprets the hostname as the scheme, causing deduplication to fail.

This fix normalizes endpoint strings by prepending '//' if '://' is missing,
replicating the behavior from dojo/endpoint/utils.py line 265.

Fixes #10215
@valentijnscholten
Fix Tenable CSV import fails with 'Version of CPE not implemented' (#…
b6481ba 
…13967)

- Add exception handling around CPE parsing in TenableCSVParser
- Log unsupported CPE versions at DEBUG level instead of crashing
- Allows import to continue when encountering unsupported CPE formats
- Fixes issue #11243
@valentijnscholten
Fix FileUpload.copy() to prevent title length exceeding 100 chars (#1…
6d830c1 
…3968)

Fixes #11314

When copying a FileUpload, the copy() method appends ' - clone-{hash}'
(17 characters) to the title without checking if it would exceed the
database max_length constraint of 100 characters. This causes a
DataError when copying tests with files that have long names.

The fix truncates the original title before appending the clone suffix
to ensure the total length never exceeds 100 characters.
@valentijnscholten
Fix: Populate vulnerability_id field in BlackDuck Binary Analysis par…
ed6390b 
…ser (#13973)

* Fix Tenable CSV import fails with 'Version of CPE not implemented'

- Add exception handling around CPE parsing in TenableCSVParser
- Log unsupported CPE versions at DEBUG level instead of crashing
- Allows import to continue when encountering unsupported CPE formats
- Fixes issue #11243

* Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser

- Add unsaved_vulnerability_ids assignment when CVE is present
- This ensures the vulnerability_id field is populated for de-duplication
- Fixes #12442

* Test: Add assertions for vulnerability_id field in BlackDuck Binary Analysis parser tests

- Verify unsaved_vulnerability_ids is populated with CVE value
- Add specific assertion for single vuln test case
- Add general assertion for multiple vulns test case
- Related to #12442
@valentijnscholten
Add test_type mismatch validation during reimport (#10219) (#13975)
609b024 
* Fix test_type mismatch validation during reimport (#10219)

- Add validation in consolidate_dynamic_tests to detect test_type mismatches during reimport
- Raise ValidationError with descriptive message when test_type doesn't match
- Validation occurs before any findings are processed or deduplication starts
- Add test cases for matching test_type, mismatched test_type, and initial import scenarios
- Create test data files for generic parser with different test types

Fixes #10219

* fixes

* add docs
@valentijnscholten
Fix JIRA form processing logic to not skip pushing new findings when …
ae696cb 
…finding_jira_sync is enabled (#13983)

* Fix JIRA form processing logic

* ruff
Update versions in application files
6811144
@rossops rossops closed this Dec 29, 2025
@rossops rossops reopened this Dec 29, 2025
@dryrunsecurity
Copy link

dryrunsecurity bot commented Dec 29, 2025

DryRun Security

🔴 Risk threshold exceeded.

This pull request modifies a sensitive file (dojo/importers/default_importer.py), triggering a configured codepaths edit warning; sensitive file paths and allowed authors can be adjusted in .dryrunsecurity.yaml.

🔴 Configured Codepaths Edit in dojo/importers/default_importer.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@rossops rossops merged commit 11749c1 into master Dec 29, 2025
149 checks passed
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
@rossops
Merge pull request DefectDojo#13992 from DefectDojo/release/2.53.5
77903a0 
Release: Merge release into master from: release/2.53.5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

Assignees

No one assigned

Labels

docs helm parser unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rossops @Jino-T @kiblik @valentijnscholten