From 5eb16ccf7905852a531e897cbd69bff3553e2e0e Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 9 Dec 2024 16:33:47 +0000 Subject: [PATCH 1/9] Update versions in application files --- components/package.json | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/package.json b/components/package.json index b8cfcf4669d..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.1", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index e8a60ef015f..d7568f8d5d8 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.1" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.163 +version: 1.6.164-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 4b48bddeae09578e75b9e1251f3de5084b8ecec0 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 11 Dec 2024 21:22:49 +0100 Subject: [PATCH 2/9] fix(setEnv): remove debug from list (#11374) --- docker/setEnv.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/setEnv.sh b/docker/setEnv.sh index b9336535e39..41aa804c304 100755 --- a/docker/setEnv.sh +++ b/docker/setEnv.sh @@ -40,7 +40,7 @@ function get_current { # Tell to which environments we can switch function say_switch { echo "Using '${current_env}' configuration." - for one_env in dev debug unit_tests integration_tests release + for one_env in dev unit_tests integration_tests release do if [ "${current_env}" != ${one_env} ]; then echo "-> You can switch to '${one_env}' with '${0} ${one_env}'" @@ -118,7 +118,7 @@ function set_integration_tests { # Change directory to allow working with relative paths. cd "${target_dir}" || exit -if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] +if [ ${#} -eq 1 ] && [[ 'dev unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] then set_"${1}" else From b0e2819610cd104843ca717b04291e3a137d9c89 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Wed, 11 Dec 2024 21:23:34 +0100 Subject: [PATCH 3/9] :bug: fix RHS deduplication (#11385) --- dojo/settings/settings.dist.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index dec586382fe..83794dfa22e 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1289,6 +1289,7 @@ def saml2_attrib_map_format(dict): "Invicti Scan": ["title", "description", "severity"], "HackerOne Cases": ["title", "severity"], "KrakenD Audit Scan": ["description", "mitigation", "severity"], + "Red Hat Satellite": ["description", "severity"], } # Override the hardcoded settings here via the env var @@ -1533,6 +1534,7 @@ def saml2_attrib_map_format(dict): "Invicti Scan": DEDUPE_ALGO_HASH_CODE, "KrakenD Audit Scan": DEDUPE_ALGO_HASH_CODE, "PTART Report": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + "Red Hat Satellite": DEDUPE_ALGO_HASH_CODE, } # Override the hardcoded settings here via the env var From d7dff9e122cae5dd14a425acaefd46bf0c4d80be Mon Sep 17 00:00:00 2001 From: Julien Godin <40758407+JGodin-C2C@users.noreply.github.com> Date: Thu, 12 Dec 2024 18:49:00 +0100 Subject: [PATCH 4/9] fix(oauth2): google oauth2 whitelisting. (#11372) * Update release step3 * fix(oauth2): Fix google oauth2 whitelisting. The variable is a tuple and should be managed as such Signed-off-by: Julien Godin --------- Signed-off-by: Julien Godin Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --- .../integrations/social-authentication.md | 12 ++++++++++++ dojo/settings/settings.dist.py | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md index 97d052d4fac..db2a536f775 100644 --- a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md +++ b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md @@ -86,12 +86,24 @@ to be created. Closely follow the steps below to guarantee success. DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com', 'example.org'] {{< /highlight >}} + As an environment variable: + + {{< highlight python >}} + DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = example.com,example.org + {{< /highlight >}} + or {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [''] {{< /highlight >}} + As an environment variable: + + {{< highlight python >}} + DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = email@example.com,email2@example.com + {{< /highlight >}} + ## OKTA In a similar fashion to that of Google, using OKTA as a OAuth2 provider diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 83794dfa22e..483688dcd4e 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -543,8 +543,8 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param GOOGLE_OAUTH_ENABLED = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED") SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY") SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET") -SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS") -SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS") +SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS", default=[""])) +SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS", default=[""])) SOCIAL_AUTH_LOGIN_ERROR_URL = "/login" SOCIAL_AUTH_BACKEND_ERROR_URL = "/login" From 50af85d5c8c7d03c56fa9ae2c8f6ef38aa150e32 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Sun, 15 Dec 2024 03:48:56 +0100 Subject: [PATCH 5/9] fix(helm): Unpin old HELM version (#11363) --- .github/workflows/release-x-manual-helm-chart.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index ee749cdc4a8..560e809e843 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -46,10 +46,8 @@ jobs: git config --global user.name "${{ env.GIT_USERNAME }}" git config --global user.email "${{ env.GIT_EMAIL }}" - - name: Install Helm - uses: azure/setup-helm@v4 - with: - version: v3.4.0 + - name: Set up Helm + uses: azure/setup-helm@v4.2.0 - name: Configure HELM repos run: |- From 6c70cca2c04550361f56743816aa1fc70056160c Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 16 Dec 2024 15:25:59 +0000 Subject: [PATCH 6/9] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index febe451775d..590f1cb37e0 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.42.0-dev", + "version": "2.41.2", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index f8e01957497..7edf826dd58 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.1" +__version__ = "2.41.2" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d7568f8d5d8..f76daab65f6 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.42.0-dev" +appVersion: "2.41.2" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.164-dev +version: 1.6.164 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 209fbb4ece4d6f36e1f85fdd56f41768d5abe62d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:06:48 -0600 Subject: [PATCH 7/9] Bump nanoid from 3.3.7 to 3.3.8 in /docs (#11421) Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](https://github.com/ai/nanoid/compare/3.3.7...3.3.8) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/package-lock.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 187c86624d8..254062bd28d 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -3636,16 +3636,15 @@ "license": "MIT" }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "funding": [ { "type": "github", "url": "https://github.com/sponsors/ai" } ], - "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, From f6be5e876bcc8f6519a1979f6e2e049f68bdc37c Mon Sep 17 00:00:00 2001 From: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:47:02 -0700 Subject: [PATCH 8/9] [docs] Pro Docs release notes - 2.41.2 (#11420) Co-authored-by: Paul Osinski --- docs/content/en/changelog/changelog.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md index 3d0c2c92292..e92ec689612 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/en/changelog/changelog.md @@ -5,7 +5,12 @@ description: "DefectDojo Changelog" Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes. -For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrate notes](../../open_source/upgrading/upgrading_guide). +For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide). + + +## Dec 16, 2024: v2.41.2 + +- **(Connectors)** Remove the 'Beta' logo from Connectors ## Dec 9, 2024: v2.41.1 From e80b7d99b6f2dd474f7cdbb43b2adcb41fff71b6 Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Tue, 17 Dec 2024 10:51:27 -0600 Subject: [PATCH 9/9] Release Drafter: Update upgrade notes link --- .github/release-drafter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index 05905306de6..f4eed0e81cd 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -51,7 +51,7 @@ exclude-labels: change-template: '- $TITLE @$AUTHOR (#$NUMBER)' template: | - Please consult the [Upgrade notes in the documentation ](https://documentation.defectdojo.com/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release. + Please consult the [Upgrade notes in the documentation ](https://docs.defectdojo.com/en/open_source/upgrading/upgrading_guide/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release. ## Changes since $PREVIOUS_TAG $CHANGES