search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.49k stars 1.48k forks source link

Release: Merge back 2.36.0 into dev from: master-into-dev/2.36.0-2.37.0-dev #10485

Closed github-actions[bot] closed 2 days ago

github-actions[bot] commented 2 days ago

Release triggered by Maffooch

dryrunsecurity[bot] commented 2 days ago

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer :white_check_mark: 0 findings
Configured Codepaths Analyzer :white_check_mark: 0 findings
IDOR Analyzer :white_check_mark: 0 findings
Sensitive Files Analyzer :grey_exclamation: 1 finding
SQL Injection Analyzer :white_check_mark: 0 findings
Authn/Authz Analyzer :white_check_mark: 0 findings
Secrets Analyzer :white_check_mark: 0 findings

[!Note] :green_circle: Risk threshold not exceeded.

Change Summary (click to expand) The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. **Summary:** The changes in this pull request primarily consist of version updates to the DefectDojo application and its associated Helm chart. The updates include: 1. Updating the "defectdojo" package version in the `package.json` file from "2.36.0-dev" to "2.37.0-dev". 2. Updating the version in the `dojo/__init__.py` file from "2.36.0-dev" to "2.37.0-dev". 3. Adding a new documentation file `docs/content/en/getting_started/upgrading/2.37.md` for upgrading to DefectDojo version 2.37.x. 4. Updating the PostgreSQL dependency in the `helm/defectdojo/Chart.lock` file from version 15.5.9 to 15.5.11. 5. Updating the DefectDojo Helm chart to version 1.6.138-dev and the application version to 2.37.0-dev in the `helm/defectdojo/Chart.yaml` file. From an application security perspective, these changes do not raise any immediate concerns. Version updates are a normal part of software development and maintenance, and they typically do not introduce security vulnerabilities on their own. However, it's important to review the release notes or changelogs for the new versions to understand if there are any security-related bug fixes or improvements included in the updates. Additionally, it's crucial to ensure that all dependencies, including the PostgreSQL chart and other components used by the DefectDojo application, are kept up-to-date and secure. Regularly monitoring for security advisories and updating the application accordingly is essential for maintaining a secure and robust application. **Files Changed:** 1. `components/package.json`: The version of the "defectdojo" package has been updated from "2.36.0-dev" to "2.37.0-dev". 2. `dojo/__init__.py`: The version has been updated from "2.36.0-dev" to "2.37.0-dev". 3. `docs/content/en/getting_started/upgrading/2.37.md`: A new documentation file has been added for upgrading to DefectDojo version 2.37.x. 4. `helm/defectdojo/Chart.lock`: The PostgreSQL dependency has been updated from version 15.5.9 to 15.5.11. 5. `helm/defectdojo/Chart.yaml`: The DefectDojo Helm chart has been updated to version 1.6.138-dev, and the application version has been updated to 2.37.0-dev.

Powered by DryRun Security