Releases: DefectDojo/django-DefectDojo
Release list
nightly-dev 🌈
Run the release drafter to populate the release notes.
3.1.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 3.0.0
- Bugfix: make jfrog xray impact paths deterministic @paulOsinski (#15094)
- fix: guard legacy endpoint access in Make Template / Merge Findings under V3_FEATURE_LOCATIONS @stevewallone (#15139)
- fix: relabel finding Asset-tag (AND) filter to v3 Asset vocabulary @stevewallone (#15136)
- chore: remove legacy Slack PR reminder bot workflow @Maffooch (#15109)
- Update sample data @github-actions (#15117)
- fix(mass_model_updater): read tracked fields via attribute access for skip_unchanged @valentijnscholten (#15114)
- docs: migrate OSS asset-modelling pages to v3 Asset/Organization terminology + refresh screenshots @stevewallone (#15113)
- docs: DefectDojo Pro Customizable Dashboards (dashboard_v2) @skywalke34 (#15111)
- chore: replace archived upload-release-asset with gh release upload @Maffooch (#15110)
- docs: add Pro changelog entries for 3.0.200 @Maffooch (#15105)
- docs: split Attaching Files into OS and Pro guides with screenshots @Maffooch (#15104)
- Include analysis.detail from Dependency Track FPF in finding description @webdevred (#14931)
- fix(tags): keep user-set tags when creating a finding under product tag inheritance @valentijnscholten (#15097)
- fix(govulncheck): reject SARIF reports with a clear error pointing to the SARIF scan type @valentijnscholten (#15087)
- June18 docs @paulOsinski (#15093)
- feat(jira): support multiple components in project settings (SC-13173) @Maffooch (#15039)
- fix(rbac): resolve product-scoped users for the engagement Testing Lead selector @valentijnscholten (#15063)
- authorized users improvements @valentijnscholten (#15065)
- Fix SARIF parser: unwrap BlackDuck nested fingerprint dict values @Jino-T (#15080)
- Fix typo in README about demo environment @mo7921 (#15060)
- docs: add Pro changelog entries for 3.0.1, 3.0.2, 3.0.100 @Maffooch (#15059)
- add organization and product type articles @dangoelz (#14961)
- Fix Xygeni parser deduplicating repeated SAST/Secrets findings in the same file @lmrb-1968 (#15003)
- Fixing gha for new versioning scheme @rossops (#15052)
- Stabilize flaky notification-webhook integration test @Maffooch (#15043)
- docs: add DefectDojo Pro Report Builder guides (UI, API, LLM) @skywalke34 (#15008)
- fix(trivy): prevent import crash on legacy reports with missing Class field @stevewallone (#15006)
- test(perf): always run both v2 and v3 importer perf cases @valentijnscholten (#15042)
- feat(cargo-audit): parse CVSS vectors and derive severity (SC-13140) @Maffooch (#15041)
- perf(importers): batch Vulnerability_Id inserts @valentijnscholten (#14966)
- fix(findings): resolve single-location filter against Location model @skywalke34 (#15023)
- [docs] june wk 1 maintenance @paulOsinski (#14963)
🚩 Changes to settings.dist.py / local_settings.py
- feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
- feat: allow disabling and dismissing the open source message banner @devGregA (#15089)
- perf(dedupe): skip unchanged rows, VALUES fast-write, prefetch vulnerability_ids @valentijnscholten (#15046)
- Fix Xygeni SAST/Secrets deduplication: key on uniqueHash, not issueId @lmrb-1968 (#15061)
- Add Garak (NVIDIA LLM vulnerability scanner) parser @Dashtid (#15013)
- feat(govulncheck): add Govulncheck Scanner V2 parser @valentijnscholten (#15045)
- feat(parsers): add PICUS Breach and Attack Simulation CSV parser @skywalke34 (#14984)
- perf(importers): batch BurpRawRequestResponse inserts + re-enable perf tests @valentijnscholten (#14969)
- Added global required fields notice for WCAG H90 compliance @sym9 (#14962)
🚩 Database migration
- feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
- feat: allow disabling and dismissing the open source message banner @devGregA (#15089)
- perf(finding): add sla_expiration_date index for global finding list @rossops (#15103)
- perf(jira,product): fix finding-group push N+1 and add case-insensitive product-name index @Maffooch (#15122)
- Renumber #15058 migration and move release notes to 3.1.x @Maffooch (#15108)
- Modernize Tool Config credential encryption to AES-256-GCM @Maffooch (#15058)
- Ree/perf indexes @rossops (#15095)
- Add partial indexes for authorized finding-list queries @rossops (#15064)
- perf(migrations): bulk backfill in 0268 release_authorization_to_pro @Maffooch (#15044)
- fix(findings): normalize blank components to NULL (SC-13073) @Maffooch (#15038)
🚀 API features and enhancements
- feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
- perf(finding-api): drop blanket DISTINCT from FindingViewSet list @rossops (#15096)
- refactor(reorg): extract every type of class into modules [10/10] @valentijnscholten (#14987)
- Prefetcher updates @dogboat (#14964)
- Endpoint_Status updates @dogboat (#15012)
- Refactor and enhance API permissions @dogboat (#15034)
- fix: prevent 500 on org/product delete with deprecated endpoints, and point new-UI banner at 3.3.0 @Maffooch (#15024)
🐛 Bug Fixes
- fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
🖌 Updates in UI
- feat: allow import/reimport to wait for deduplication to complete @valentijnscholten (#15007)
- Fix: right-aligned dropdown menus overflow off the right edge of the page @stevewallone (#15137)
- feat(ui): animate collapse panels in the new UI @ksitton58 (#15116)
- feat(ui): smooth and tidy the filter category accordion in the new UI @ksitton58 (#15106)
- feat: allow disabling and dismissing the open source message banner @devGregA (#15089)
- PDF Report: Show vulnerability IDs @samiat4911 (#15115)
- fix(ui): stop client/server sort flash on asset & finding-group lists @skywalke34 (#15084)
- fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
- fix(metrics): prevent 500 on Critical Asset Metrics page when no critical products exist @valentijnscholten (#15057)
- refactor(ui): use design tokens instead of hardcoded colors on new lo… @ksitton58 (#14998)
- fix(ui): use brand color tokens instead of hardcoded hex in new UI @ksitton58 (#14999)
- fix(ui): add missing "solid" keyword to disclaimer border in new UI @ksitton58 (#15001)
- feat(ui): fold Finding Groups under Findings in the sidebar @ksitton58 (#15040)
- perf(importers): batch BurpRawRequestResponse inserts + re-enable perf tests @valentijnscholten (#14969)
- Added global required fields notice for WCAG H90 compliance @sym9 (#14962)
🧰 Maintenance
- Update dependency kubernetes/kubernetes from v1.35.4 to v1.35.6 (.github/workflows/k8s-tests.yml) @renovate (#14892)
- chore(deps): update stefanzweifel/git-auto-commit-action action from v7.1.0 to v7.2.0 (.github/workflows/release-3-master-into-dev.yml) @renovate (#15130)
- Update actions/checkout action from v6.0.3 to v7 (.github/workflows/validate_docs_build.yml) @renovate (#15132)
- chore(deps-dev): bump @tailwindcss/cli from 4.3.1 to 4.3.2 in /components @dependabot (#15131)
- chore(deps): update docker/build-push-action action from v7.2.0 to v7.3.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#15138)
- chore(deps-dev): bump tailwindcss from 4.3.1 to 4.3.2 in /components @dependabot (#15129)
- chore(deps): bump ruff from 0.15.19 to 0.15.20 @dependabot (#15128)
- chore(deps): bump humanize from 4.15.0 to 4.16.0 @dependabot (#15127)
- chore(deps): bump django-permissions-policy from 4.31.0 to 4.32.0 @dependabot (#15126)
- Update dependency kubernetes from 1.33.13 to v1.34.9 (.github/workflows/k8s-tests.yml) @renovate (#15121)
- Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.38.0 to v1.38.1 (helm/defectdojo/values.yaml) @renovate (#15119)
- chore(deps): update actions/cache action from v6.0.0 to v6.1.0 (.github/workflows/validate_docs_build.yml) @renovate (#15120)
- Update python:3.14.6-slim-trixie Docker digest from 3.14.6 to 3.14.6-slim-trixie (Dockerfile.integration-tests-debian) @renovate (#15118)
- chore(deps): update dependency renovatebot/renovate from 43.240.0 to v43.248.0 (.github/workflows/renovate.yaml) @renovate (#15099)
- chore(deps): bump python-gitlab from 8.3.0 to 8.4.0 @dependabot (#14956)
- chore(deps): update release-drafter/release-drafter action from v7.3.1 to v7.5.1 (.github/workflows/release-drafter.yml) @renovate (#15083)
- chore(deps): update actions/cache action from v5.0.5 to v6 (.github/workflows/validate_docs_build.yml) @renovate (#15085)
- chore(deps): update openapitools/openapi-generator-cli docker tag from v7.22.0 to v7.23.0 (dockerfile.integration-tests-debian) @renovate (#15079)
- chore(deps): update mccutchen/go-httpbin docker tag from 2.18.3 to v2.23.1 (docker-compose.override.integration_tests.yml) @renovate (#15078)
- chore(deps): update dependency node from 24.16.0 to v24.18.0 (.github/workflows/validate_docs_build.yml) @renovate (#15077)
- chore(deps): update actions/setup-python action from v6.2.0 to v6.3.0 (.github/workflows/test-helm-chart.yml) @renovate (#15076)
- chore(deps): bump pdfmake from 0.3.10 to 0.3.11 in /components @dependabot (#15075)
- chore(deps): bump redis from 8.0.0 to 8.0.1 @dependabot (#15074)
- chore(deps): bump django-environ from 0.13.0 to 0.14.0 @dependabot (#15073)
- chore(deps): bump ruff from 0.15.16 to 0.15.19 @dependabot (#15072)
- chore(deps-dev): bump django-debug-toolbar from 6.3.0 to 7.0.0 @dependabot (#15071)
- chore(deps): update softprops/action-gh-release action from v3.0.0 to v3.0.1 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#15070)
- chore(deps): u...
3.0.200 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 3.0.100
- fix(tags): keep user-set tags when creating a finding under product tag inheritance @valentijnscholten (#15097)
- June18 docs @paulOsinski (#15093)
- fix(rbac): resolve product-scoped users for the engagement Testing Lead selector @valentijnscholten (#15063)
- authorized users improvements @valentijnscholten (#15065)
- Fix SARIF parser: unwrap BlackDuck nested fingerprint dict values @Jino-T (#15080)
- Fix typo in README about demo environment @mo7921 (#15060)
- docs: add Pro changelog entries for 3.0.1, 3.0.2, 3.0.100 @Maffooch (#15059)
- add organization and product type articles @dangoelz (#14961)
- Fix Xygeni parser deduplicating repeated SAST/Secrets findings in the same file @lmrb-1968 (#15003)
🚩 Changes to settings.dist.py / local_settings.py
- Fix Xygeni SAST/Secrets deduplication: key on uniqueHash, not issueId @lmrb-1968 (#15061)
🚩 Database migration
- Ree/perf indexes @rossops (#15095)
- Add partial indexes for authorized finding-list queries @rossops (#15064)
🚀 API features and enhancements
🐛 Bug Fixes
- fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
🖌 Updates in UI
- fix(ui): stop client/server sort flash on asset & finding-group lists @skywalke34 (#15084)
- fix(filters): don't auto-open the filter panel when only sorting a column @skywalke34 (#15082)
- fix(metrics): prevent 500 on Critical Asset Metrics page when no critical products exist @valentijnscholten (#15057)
3.0.100 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 3.0.1
- Fixing gha for new versioning scheme @rossops (#15052)
- Stabilize flaky notification-webhook integration test @Maffooch (#15043)
- docs: add DefectDojo Pro Report Builder guides (UI, API, LLM) @skywalke34 (#15008)
- test(perf): always run both v2 and v3 importer perf cases @valentijnscholten (#15042)
- feat(cargo-audit): parse CVSS vectors and derive severity (SC-13140) @Maffooch (#15041)
🚩 Changes to settings.dist.py / local_settings.py
- feat(govulncheck): add Govulncheck Scanner V2 parser @valentijnscholten (#15045)
- feat(parsers): add PICUS Breach and Attack Simulation CSV parser @skywalke34 (#14984)
🚩 Database migration
- perf(migrations): bulk backfill in 0268 release_authorization_to_pro @Maffooch (#15044)
- fix(findings): normalize blank components to NULL (SC-13073) @Maffooch (#15038)
🚀 API features and enhancements
- Release: Merge release into master from: release/3.0.100 @github-actions (#15054)
- Endpoint_Status updates @dogboat (#15012)
🖌 Updates in UI
- fix(ui): add missing "solid" keyword to disclaimer border in new UI @ksitton58 (#15001)
🧰 Maintenance
- chore(deps-dev): bump vcrpy from 8.1.1 to 8.2.1 @dependabot (#15047)
3.0.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 3.0.0
- fix(findings): resolve single-location filter against Location model @skywalke34 (#15023)
- [docs] june wk 1 maintenance @paulOsinski (#14963)
🚀 API features and enhancements
- Refactor and enhance API permissions @dogboat (#15034)
- fix: prevent 500 on org/product delete with deprecated endpoints, and point new-UI banner at 3.3.0 @Maffooch (#15024)
🧰 Maintenance
- chore(deps): bump esbuild and vite in /docs @dependabot[bot] (#15004)
3.0.0 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Breaking Changes: Please consult the release notes for full details
Changes since 2.58.0
- Release: Merge release into master from: release/3.0.0 @github-actions (#15017)
- Locations updates @dogboat (#15015)
- Add release notes for upgrading to DefectDojo Version 3.0.x @Maffooch (#15010)
- test(perf) on bugfix: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14968)
- test(perf) on dev: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14967)
- fix(dependency_check): fold related dependency paths into description instead of emitting separate findings @valentijnscholten (#14941)
- Prevent reimport from reactivating duplicate findings as active/verified @valentijnscholten (#14935)
- Preserve verified flag when promoting duplicate to new original @valentijnscholten (#14934)
- feat: allow users to request peer review from themselves @valentijnscholten (#14946)
- Check statusCategory instead of the resolution field for Jira issue status @derda17 (#14611)
- feat(parser): set fix_available on GitHub Vulnerability parser @jsayerascb (#14943)
- Release: Merge back 2.59.0 into bugfix from: master-into-bugfix/2.59.0-2.60.0-dev @github-actions (#14939)
- Release: Merge back 2.59.0 into dev from: master-into-dev/2.59.0-2.60.0-dev @github-actions (#14938)
- Release 2.59.0: Merge Bugfix into Dev @rossops (#14936)
- Fix SARIF parser crash on empty extensions @kleomartiny (#14898)
- Rename title to 'Open-Source Permissions' @paulOsinski (#14908)
- docs: add 2.58.3 and 2.58.4 release notes to Pro changelog @Maffooch (#14926)
- Release: Merge back 2.58.4 into dev from: master-into-dev/2.58.4-2.59.0-dev @github-actions (#14914)
- Release: Merge back 2.58.4 into bugfix from: master-into-bugfix/2.58.4-2.59.0-dev @github-actions (#14915)
- Release: Merge release into master from: release/2.58.4 @github-actions (#14913)
- 🐛 fix cyclonedx missing vector field #14874 @manuel-sommer (#14884)
- [docs] Improve Snyk parser documentation with export instructions and enterprise workflow @balaakasam (#14675)
- Release: Merge back 2.58.3 into bugfix from: master-into-bugfix/2.58.3-2.59.0-dev @github-actions (#14886)
- Add docs for Products and Assets @dangoelz (#14876)
- May docs maintenance @paulOsinski (#14880)
- rename CLAUDE.md to AGENTS.md @valentijnscholten (#14873)
- Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after) @PDFour4 (#14786)
- Scope report views to the requesting user's authorized products @Maffooch (#14870)
- Anchor location finding reference authorization to the finding's own product @Maffooch (#14871)
- Remove gitpython @dogboat (#14808)
- Update changelog for v2.58.2 release notes @Maffooch (#14854)
- Fix URLs and expand Lychee coverage @Maffooch (#14855)
- ⚡ speed up migrate_endpoints_to_locations (~14× fewer queries) @Maffooch (#14841)
- docs: Add Components page and glossary entry @Jino-T (#14840)
- Release: Merge back 2.58.2 into bugfix from: master-into-bugfix/2.58.2-2.59.0-dev @github-actions (#14851)
- [docs] locations (pro feature), maintenance @paulOsinski (#14834)
- feat(importers): apply import-time tags per batch before post-processing, do not tag old findings @valentijnscholten (#14839)
- perf(tags): centralize tag inheritance + replace signal disconnect with batch context manager (Phase B) @valentijnscholten (#14827)
- perf(tags): bulk-propagate inherited tags + gate child post_save on create @valentijnscholten (#14812)
- Add mitigation finding filters and complete mitigation filter tests @bendnema (#14790)
- cascade delete: prepare preview_only parameter @valentijnscholten (#14810)
- test: add background param to import all unit tests command @valentijnscholten (#14805)
- perf(dupe-delete): use bulk_delete_findings + correlated subquery in async_dupe_delete @valentijnscholten (#14797)
- test: pin query-count baselines for tag inheritance hot paths @valentijnscholten (#14811)
- Update changelog for May 2026 release (v2.58.0) @Maffooch (#14807)
- Release: Merge back 2.58.1 into dev from: master-into-dev/2.58.1-2.59.0-dev @github-actions (#14830)
- Release: Merge back 2.58.1 into bugfix from: master-into-bugfix/2.58.1-2.59.0-dev @github-actions (#14829)
- Release: Merge release into master from: release/2.58.1 @github-actions (#14828)
- endpoint: optimize eq via product_id @valentijnscholten (#14806)
- Fix broken links @paulOsinski (#14802)
- Release: Merge back 2.58.0 into dev from: master-into-dev/2.58.0-2.59.0-dev @github-actions (#14803)
🚩 Changes to settings.dist.py / local_settings.py
- Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
- Enable v3 functionality and organization/asset relabeling by default @Maffooch (#15011)
- Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
- feat(parsers): add Alert Logic CSV parser @skywalke34 (#14930)
- Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
- perf(watson): prefetch relations + force async indexing @valentijnscholten (#14881)
- perf(tag inheritance): batch_mode + per-batch bulk during import + reorganize @valentijnscholten (#14877)
- Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
- Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
- Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
- feat(parsers): add Xygeni JSON parser (SAST, SCA, Secrets) @lmrb-1968 (#14769)
- 🎉 add ksa security advisory @manuel-sommer (#14809)
- Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)
🚩 Database migration
- Refactor removal of deprecated features while preserving database state @Maffooch (#15009)
- Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
- Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
- remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
- remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
- Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)
🚀 API features and enhancements
- Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
- Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
- Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
- refactor: rename dispatch kwarg sync= to force_sync= @valentijnscholten (#14882)
- Release: Merge back 2.58.3 into dev from: master-into-dev/2.58.3-2.59.0-dev @github-actions (#14887)
- Release: Merge release into master from: release/2.58.3 @github-actions (#14885)
- Apply object-level permission check to finding duplicate API actions @Maffooch (#14866)
- Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
- Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
- Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
- remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
- Use a dedicated permission class for BurpRawRequestResponseViewSet @Maffooch (#14838)
- remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
- remove: questionnaire API endpoints (2.56 deprecation, 2.59 EOL) @Maffooch (#14835)
- Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)
🖌 Updates in UI
- Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
- fix 500 error on critical product metrics page @valentijnscholten (#14945)
- Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
- Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
- remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
- remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
- Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)
🗣 Updates in localization
- Add pt-BR locale translation @GraoMelo (#14909)
- add russian locale @polishchukd (#14799)
🔧 Improved code quality with linters
- chore(deps): bump ruff from 0.15.13 to 0.15.14 @manuel-sommer (#14929)
🧰 Maintenance
- chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.12 to v1.38.0 (helm/defectdojo/values.yaml) @renovate (#14993)
- chore(deps): bump sqlalchemy from 2.0.49 to 2.0.50 @dependabot (#14918)
- chore(deps): update actions/stale action from v10.2.0 to v10.3.0 (.github/workflows/close-stale.yml) @renovate (#14949)
- chore(deps): bump redis from 7.4.0 to 8.0.0 @dependabot (#14958)
- chore(deps): update dependency node from 24.15.0 to v24.16.0 (.github/workflows/validate_docs_build.yml) @renovate (#14950)
- chore(deps): update docker/build-push-action action from v7.1.0 to v7.2.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14951)
- chore(deps): bump drf-spectacular-sidecar from 2026.5.1 to 2026.6.1 @dependabot (#14955)
- chore(deps): bump ruff from 0.15.14 to 0.15.15 @dependabot (#14959)
- chore(deps): update actions/checkout action from v6.0.2 to v6.0.3 (.github/workflows/validate_docs_build.yml) @renovate (#14947)
- chore(deps): update release-drafter/release-drafter action from v7.3.0 to v7.3.1 (.github/workflows/release-drafter.yml) @renovate (#14948)
- chore(de...
2.58.4 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.58.3
- 🐛 fix cyclonedx missing vector field #14874 @manuel-sommer (#14884)
2.58.3 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.58.2
- Add docs for Products and Assets @dangoelz (#14876)
- May docs maintenance @paulOsinski (#14880)
- rename CLAUDE.md to AGENTS.md @valentijnscholten (#14873)
- Scope report views to the requesting user's authorized products @Maffooch (#14870)
- Anchor location finding reference authorization to the finding's own product @Maffooch (#14871)
- Remove gitpython @dogboat (#14808)
- Update changelog for v2.58.2 release notes @Maffooch (#14854)
- Fix URLs and expand Lychee coverage @Maffooch (#14855)
- ⚡ speed up migrate_endpoints_to_locations (~14× fewer queries) @Maffooch (#14841)
- docs: Add Components page and glossary entry @Jino-T (#14840)
🚀 API features and enhancements
🧰 Maintenance
- chore(deps): bump urllib3 from 2.6.3 to 2.7.0 @dependabot (#14853)
2.58.2 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.58.1
- [docs] locations (pro feature), maintenance @paulOsinski (#14834)
- Update changelog for May 2026 release (v2.58.0) @Maffooch (#14807)
🚩 Changes to settings.dist.py / local_settings.py
- 🎉 add ksa security advisory @manuel-sommer (#14809)
🚀 API features and enhancements
🧰 Maintenance
- chore(deps): bump gitpython from 3.1.49 to 3.1.50 @dependabot (#14845)
- chore(deps): bump django from 5.2.13 to 5.2.14 @dependabot (#14846)
- chore(deps): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in /docs @dependabot (#14844)
- chore(deps): bump django from 5.2.13 to 5.2.14 @dependabot (#14843)
2.58.1 🌈
Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
Changes since 2.58.0
- endpoint: optimize eq via product_id @valentijnscholten (#14806)
- Fix broken links @paulOsinski (#14802)