From 917b4c9bc9d1d2543ded58c65e00535451304d77 Mon Sep 17 00:00:00 2001 From: Paul Osinski Date: Mon, 23 Dec 2024 16:00:11 -0700 Subject: [PATCH] update changelog, add changelog menu to header --- docs/config/_default/menus/menus.en.toml | 5 +++++ docs/content/en/changelog/changelog.md | 26 ++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/docs/config/_default/menus/menus.en.toml b/docs/config/_default/menus/menus.en.toml index 421f875a28a..410c2f28373 100644 --- a/docs/config/_default/menus/menus.en.toml +++ b/docs/config/_default/menus/menus.en.toml @@ -3,6 +3,11 @@ url = "/en/about_defectdojo/about_docs/" weight = 10 + [[main]] + name = "Changelog" + url = "/en/changelog/changelog/" + weight = 11 + [[social]] name = "X" pre = '' diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md index e92ec689612..16cd606ee63 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/en/changelog/changelog.md @@ -7,6 +7,32 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide). +## Dec 24, 2024: v2.41.3 + +- **(API)** Added option to recalculate hash codes (deduplication / reimport) for a single finding via the API. Sending `recalculate_hash_code = True` on a `PUT` or `PATCH` request to `/findings/{id}` will now recalculate the hash code for that Finding. (Pro) +- **(API)** Added `/request_response_pairs` endpoint. +- **(Beta UI)** When sorting by Severity, Findings will now be ordered by **severity level** rather than alphabetically. +- **(Beta UI)** On the Findings table, the Endpoint Hosts column has been replaced with a numerical count of affected Endpoints. +- **(Beta UI)** On the Findings table, the Vulnerability ID field can now be filtered with "starts_with", "ends_with" filters. +- **(Beta UI)** Added Edit Test Type form: you can now edit the properties of a custom Test Type to determine if it is Active or Inactive, or a Static Scan or Dynamic Scan Test. +- **(Beta UI)** Same Tool Deduplication Settings / Test Type field is now searchable. +- **(Tools)** Qualys HackerGuardian now uses hashcode against "title", "severity", "description" for deduplication. +- **(Tools)** Horusec scan now uses hashcode against "title", "description", "file_path", and "line" for deduplication. + +##### Why recalculate Hash Codes for a Finding? +By default, DefectDojo assumes that incoming scans will be consistent. For example, if you're reimporting a specific file, a given Finding from Scan #1 will be represented the same as a Finding from Scan #1.1, etc. + +DefectDojo allows you to adjust the metadata for the resulting Finding without affecting deduplication - you can add additional endpoints or information to a Finding, even if they are not captured by the scan initially, because DefectDojo remembers how the Finding was initially 'seen' (via Hash Code). + +However, if a Finding's **incoming** metadata suddenly changes (for example, the scan reports a changed component name), you may want to recalculate the Hash Code of a given Finding to account for this. + +Say you have a Finding with a component named 'ABC' - you've been working with this Finding for a while, and you've made progresss. But on your latest reimport, the scan now calls that component '123'. By default, DefectDojo will not make the connection that this is the same Finding, because the component name has changed (and therefore, so has the Hash Code) This incoming report will therefore create a **new Finding**, which is likely not what you want. + +You can handle this situation by taking the following steps: + +1. Change the component name on the Finding to match the incoming scan: '123' +2. Re-calculate the Hash Code on this Finding, by sending `recalculate_hash_code = True` on a `PUT` or `PATCH` request to `/findings/{id}` +3. Re-import the scan. The incoming Hash Code should now match the existing Finding's Hash Code, so a duplicate will be correctly identified. ## Dec 16, 2024: v2.41.2