Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.43.4 into dev from: master-into-dev/2.43.4-2.44.0-dev #11888

Merged
merged 14 commits into from
Feb 24, 2025
Merged

Release: Merge back 2.43.4 into dev from: master-into-dev/2.43.4-2.44.0-dev #11888

merged 14 commits into from
Feb 24, 2025

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by rossops

DefectDojo release bot and others added 12 commits February 18, 2025 15:41
Update versions in application files
7e7efd8
@Maffooch
Merge pull request #11849 from DefectDojo/master-into-bugfix/2.43.3-2…
5396719 
….44.0-dev

Release: Merge back 2.43.3 into bugfix from: master-into-bugfix/2.43.3-2.44.0-dev
@manuel-sommer
Return Feedback about wrong File Format in ZAP (#11772)
3b32f3e 
* Return Feedback about wrong File Format in ZAP

* ruff
@Maffooch
Surveys: Correct Question 404 (#11862)
4ae1eb5 
* Surveys: Correct Question 404

When editing a survey question, a 404 is presented for a valid object. At some point, the content type for Questions changed to `Defect Dojo` (the verbose name of the app) rather than `dojo` (the common name)

There is only one place where the name of the content type is accessed, so adding some backward compatible checks corrected the issue

[sc-10195]

* Update views.py
@Maffooch
API Tags: Add filter for AND expressions (#11743)
0fb088f 
* API Tags: Add filter for `AND` expressions

* Fix some ruff stuff

* Small corrections

* Update dojo/filters.py
@paulOsinski
Release Notes: 2.43.3 (#11857)
e920a1b 
* add 2.43.0 changelog

* add 2.43.1

* v2.43.2

* 2.43.3

---------

Co-authored-by: Paul Osinski <[email protected]>
@paulOsinski
Docs Updates: Feb (#11791)
805f617 
* exclude archived docs from search

* rm index files from search results

* fix typo - CWE to CVE

* update external_tools.md with additional windows options

* remove outdated github.io links

* specify that EPSS sync is pro-only

* add universal parser documentation

* add beta notice to Universal Parser

* Update universal_parser.md

* add back defectdojo.com/pricing links

* add scss change to fix 'central column' issue

* add rules engine Pro documentation

* change casing for screenshots

* create pro features list, add to header

* Rename Enabling_Deduplication_within_an_Engagement.png to enabling_deduplication_within_an_engagement.png

* Rename Enabling_Deduplication_within_an_Engagement_2.png to enabling_deduplication_within_an_engagement_2.png

* Rename Enabling_Deduplication_within_an_Engagement_3.png to enabling_deduplication_within_an_engagement_3.png

* Rename Enabling_Deduplication_within_an_Engagement_4.png to enabling_deduplication_within_an_engagement_4.png

---------

Co-authored-by: Paul Osinski <[email protected]>
@paulOsinski
Feb docs hotfix (#11870)
2df98da 
* Rename Enabling_Product-Level_Deduplication.png to enabling_product-level_deduplication.png

* Rename Enabling_Product-Level_Deduplication_2.png to enabling_product-level_ceduplication_2.png

* Rename enabling_product-level_ceduplication_2.png to enabling_product-level_deduplication_2.png
Update versions in application files
c0be2eb
@rossops
Merge branch 'master' into release/2.43.4
a7383ef
@rossops
Merge pull request #11887 from DefectDojo/release/2.43.4
400437f 
Release: Merge release into master from: release/2.43.4
Update versions in application files
b3097a7
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 24, 2025
edited
Loading

DryRun Security Summary

Documentation updates for DefectDojo include Pro Features content, menu configuration changes, and search exclusions, with minor security observations regarding font paths, feature information disclosure, and image references.

Expand for full summary

The pull request updates documentation for DefectDojo, adding Pro Features documentation, modifying menu configurations, and adding exclude_search: true to multiple documentation pages. Security findings include:

  1. Font URL Path Observation (docs/assets/scss/common/_custom.scss): Relative font paths could potentially be manipulated if web server configuration is not properly secured.

  2. Potential Information Disclosure (docs/content/en/about_defectdojo/pro_features.md): Document reveals details about DefectDojo Pro features and supported tools, which could provide insights into the platform's capabilities.

  3. Image Reference Security (docs/content/en/about_defectdojo/ui_pro_vs_os.md): Ensure referenced image files do not expose sensitive information.

No critical security vulnerabilities were identified in this documentation patch.

Code Analysis

We ran 9 analyzers against 15 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 6 findings

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@Maffooch Maffooch merged commit 5d484e4 into dev Feb 24, 2025
73 of 74 checks passed
@Maffooch Maffooch deleted the master-into-dev/2.43.4-2.44.0-dev branch February 24, 2025 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs helm parser ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Maffooch @manuel-sommer @paulOsinski @rossops