Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pro Release Notes 2.42.2 #11611

Merged
merged 3 commits into from
Jan 21, 2025
Merged

Pro Release Notes 2.42.2 #11611

merged 3 commits into from
Jan 21, 2025

Conversation

paulOsinski
Copy link
Contributor

Adding user-facing changes to Changelog page in docs.

@github-actions github-actions bot added the docs label Jan 21, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 21, 2025
edited
Loading

DryRun Security Summary

The pull request introduces improvements to DefectDojo Pro's user interface, API, security features, and tool integrations, enhancing the application's functionality, usability, and security capabilities.

Expand for full summary

Summary:

The changes outlined in this pull request cover a range of improvements and bug fixes across different features of the DefectDojo Pro (Cloud Version) application. The key areas of focus include:

  1. Classic UI and Beta UI Improvements: Enhancements to the user interface, such as correcting a link in the Classic UI and improving filtering, sorting, and pagination in the Beta UI Findings table.

  2. API Enhancements: Additions to the API, including the ability for Pro users to specify the fields they want to return in API payloads, and new endpoints for finding groups and validating file extensions.

  3. Security and Compliance Features: Improvements to Azure AD integration, RBAC handling for Request Review functionality, and the addition of a "Mitigated Within SLA" finding filter and metric.

  4. Connector and Tool Integrations: New connectors for Dependency-Track and SonarQube/SonarCloud, as well as improved parsing and deduplication for various tool integrations.

From an application security perspective, the notable changes include the improvements to the OAuth integration, the RBAC enhancements, and the addition of the Deduplication Tuner in the Beta UI. These changes help to strengthen the security and compliance features of the application, as well as provide users with more control over the deduplication process, which is an important aspect of accurate and reliable security findings.

Files Changed:

  • docs/content/en/changelog/changelog.md: This file has been updated to document the changes and improvements made in this pull request, covering a range of features across the Classic UI, Beta UI, API, security and compliance, and tool integrations.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jan 21, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 5372984 into DefectDojo:master Jan 21, 2025
72 of 73 checks passed
Maffooch added a commit that referenced this pull request Jan 24, 2025
@dependabot @paulOsinski @Maffooch
Bump asteval from 1.0.5 to 1.0.6 (#11633)
85e0e46 
* Bump vite from 6.0.7 to 6.0.9 in /docs (#11610)

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.0.9.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.0.9/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Pro Release Notes 2.42.2 (#11611)

* update changelog 2.42.2

* add additional 2.42.1 features

---------

Co-authored-by: Paul Osinski <[email protected]>

* Update .dryrunsecurity.yaml (#11617)

* Readme docs - followup PR (#11525)

* follow on to readme update

* remove broken /pricing link

* chg local_settings refs ldap-authentication.md

---------

Co-authored-by: Paul Osinski <[email protected]>

* Bump asteval from 1.0.5 to 1.0.6

Bumps [asteval](https://github.com/lmfit/asteval) from 1.0.5 to 1.0.6.
- [Release notes](https://github.com/lmfit/asteval/releases)
- [Commits](lmfit/asteval@1.0.5...1.0.6)

---
updated-dependencies:
- dependency-name: asteval
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paulOsinski @grendel513 @cneill @mtesauro @Maffooch