nightly-dev 🌈

Run the release drafter to populate the release notes.

2.54.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.1

• tags from parser: fix parsers, add tests and fallback @valentijnscholten (#14111)
• prettify sample scan files @valentijnscholten (#14113)
• Add additional fields to AssetSerializer @Maffooch (#14109)
• Import/Reimport: Push to jira when findings is not grouped @Maffooch (#14107)
• 🎉 Implement json part for Cloudflare insights parser @manuel-sommer (#14096)
• 💄 ssl labs json files reformat @manuel-sommer (#14106)
• Refactor note fetching logic for improved permission checks @Maffooch (#14081)
• ⬆️ Bump ruff from 0.14.10 to 0.14.11 @manuel-sommer (#14066)
• 🐛 fix Nonetype in nuclei #14071 @manuel-sommer (#14072)
• Remove unused asteval dependency @valentijnscholten (#14079)

🚀 API features and enhancements

• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Enforce readonly name field for Test_Type instances and add dynamic serializer selection @Maffooch (#14090)
• Asset/Organizations Endpoints: Patches, permission checking, and API tests @Maffooch (#14080)

🖌 Updates in UI

• fix bleach memory leak & simplify git commit hash checker @valentijnscholten (#14117)
• Fix Content-Type header bugs in file downloads and MIME type handling @valentijnscholten (#14124)
• Consolidation of Template Tags: Make a single use case reusable, and use in report disclaimers @Maffooch (#14098)
• Add Report Builder submenu and improve form validation error messages @valentijnscholten (#14068)

2.54.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.54.0

• 🎉 Advance Google Cloud Artifact Scan to parse vulnid @manuel-sommer (#14063)
• 🎉 Implement Cloudflare insights parser @manuel-sommer (#14064)
• announcements: catch exceptions @valentijnscholten (#14045)
• fix: update redis/valkey comment @anthonwellsjo (#13858)
• [docs] pro release notes 2.54.0 @paulOsinski (#14047)
• Re order Jira Alert Description @Jino-T (#14058)
• 💄 Reformat sample scan files @manuel-sommer (#14046)
• 🐛 Fix multiple google cloud artifact scan bugs @manuel-sommer (#14052)
• 💄 Add output description reference to google cloud artifacto… @manuel-sommer (#14038)
• fix front matter in PingCastle docs @paulOsinski (#14036)
• Update migration notes for django-pghistory @valentijnscholten (#14043)

🚩 Database migration

• Product Grade: Configuration Removal @Maffooch (#14075)

🧰 Maintenance

• chore(deps): bump urllib3 from 2.6.2 to 2.6.3 @dependabot (#14059)

2.54.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.0

• [docs] create sitemap at root on Hugo deploy @paulOsinski (#14024)
• [docs] Pro changelog: Dec 30 @paulOsinski (#14007)
• docs: add new page on custom trust @sNiXx (#13841)
• Vulnerability IDs: Do not allow users to import empty strings @Jino-T (#14017)
• allow alpine in docker compose dev override @valentijnscholten (#14001)
• Remove entrypoint-first-boot.sh references and implement complete initialization command @Maffooch (#14002)
• Add workflow path for GitHub Actions validation @Maffooch (#14000)
• docs: Update weight of 2.54.0 upgrade notes @valentijnscholten (#13991)
• Add status and notes columns to CSV/Excel exports @valentijnscholten (#13970)
• Fix: Apply tags to findings/endpoints when TRACK_IMPORT_HISTORY is disabled @valentijnscholten (#13969)
• Fix bulk edit validation: prevent duplicate findings from being active/verified @valentijnscholten (#13965)
• Handle System_Settings errors better in middleware @valentijnscholten (#13982)
• [docs] pro changelog: 2.53.3-4 @paulOsinski (#13978)
• Fix JIRA form processing logic to not skip pushing new findings when finding_jira_sync is enabled @valentijnscholten (#13983)
• Add test_type mismatch validation during reimport (#10219) @valentijnscholten (#13975)
• Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser @valentijnscholten (#13973)
• Fix FileUpload.copy() to prevent title length exceeding 100 chars @valentijnscholten (#13968)
• Fix Tenable CSV import fails with 'Version of CPE not implemented' @valentijnscholten (#13967)
• Fix cross-scanner deduplication endpoint parsing (#10215) @valentijnscholten (#13964)
• Fix CycloneDX XML import failing when vulnerability description is missing @valentijnscholten (#13963)
• fix(HELM): Docs for #13907 @kiblik (#13942)
• 🎉 Implement pingcastle vulnerability parser @manuel-sommer (#13933)
• feat(docker): Clean official image from (unit)tests @kiblik (#13877)
• Increasing timeouts for unit tests @rossops (#13849)
• Prowler Scan Parser @Jino-T (#13831)
• feat(docker): Manage images via renovate (not dependabot) @kiblik (#13953)
• Added relevant test name to "close old findings" comment @Jino-T (#13930)
• release process fix for 2.53.4: also start valkey is it's now required by the entrypoitn scripts @valentijnscholten (#13960)
• Github action fix for 2.53.4 @valentijnscholten (#13958)
• github action fetch openapi spec must wait for dojo to be up @valentijnscholten (#13955)
• ⬆️ Bump ruff from 0.14.9 to 0.14.10 @manuel-sommer (#13938)
• feat(broker): Add start-up checker @kiblik (#13931)
• fix(GHA): Fix annotation for renovate and dependabot @kiblik (#13941)
• Make Twistlock Parser use discoveredDate for Date @Jino-T (#13922)
• Make SonarQube Parser use creationDate for Date @Jino-T (#13919)
• make ordering by sla_age more reliable @valentijnscholten (#13918)
• Change log level from warning to debug for cwe check @Maffooch (#13909)
• docs: add dedupe batching note to 2.53 upgrade notes @valentijnscholten (#13914)
• feat(HELM): Make HPA more Argo-friendly @kiblik (#13882)
• Add DD_SOCIAL_AUTH_CREATE_USER_MAPPING to docs @manuel-sommer (#13929)
• docs: edits to deduplication-tuning docs @LeongBryan (#13924)
• Refactor GitHub integration error handling @Maffooch (#13913)
• Refactor async_delete mapping and filter logic @Maffooch (#13908)
• reimport: add internal dupe test when reimport into empty test @valentijnscholten (#13890)
• reimport: add management command to reimport sample scans @valentijnscholten (#13893)
• (chore) importers: log time spent on parsing @valentijnscholten (#13892)
• foundy_by: optimize for dedupe @valentijnscholten (#13888)
• jira: add none checks in a few places @valentijnscholten (#13886)
• Update RELEASING.md with release type clarifications @valentijnscholten (#13881)
• fix logger NoneType during single finding save @valentijnscholten (#13880)
• fix(HELM): Improve autogeneration of annotation @kiblik (#13879)
• fix(HELM): Annotation and docs correction for #13856 @kiblik (#13878)
• feat(releases): Add section for GHA @kiblik (#13867)
• async delete: retry on deadlock @valentijnscholten (#13863)
• 💄 Beautify Rubocop json @manuel-sommer (#13894)
• fix(HELM): Use renovate-compatible format @kiblik (#13866)
• fix(GHA): Failed if all dependences had not been in latest version @kiblik (#13865)
• fix(django): Upgrade to 5.2 @kiblik (#12524)
• [docs] update sso docs: permission scope @paulOsinski (#13850)
• [docs] Pro changelog updates @paulOsinski (#13855)
• [docs] asset/organization in Pro @paulOsinski (#13848)
• docs: Add Pro vs OSS comparison for cross-product risk acceptances @skywalke34 (#13703)
• Add null check for engagement in permission validation @Maffooch (#13832)
• perf: Use lazy loading for Product_Tab to improve edit finding performance Fixes#10313 @Vincent-Ngobeh (#13805)
• fix(GHA): Correction of #13722 @kiblik (#13833)
• fix(unittest): avoid ResourceWarning: unclosed file @kiblik (#13830)
• fix(node_modules): Avoid staticfiles.W004 @kiblik (#13829)
• fix(parsers): DeprecationWarning: Testing an element's truth ... @kiblik (#13828)
• fix(helm): Drop djnago.mediaPersistentVolume.fsGroup @kiblik (#13813)
• ⬆️ Bump ruff from 0.14.6 to 0.14.8 @manuel-sommer (#13799)
• 💄 reformat whispers sample scan reports @manuel-sommer (#13790)
• 🎉 Add 'fix_available' field to legitify @manuel-sommer (#13791)
• [docs] "about us" section maintenance @paulOsinski (#13783)
• UI: Add AND logic for tag filtering @PoojasPatel013 (#13789)

💣 Breaking changes

• finding template refactor @valentijnscholten (#13946)

🚩 Changes to settings.dist.py / local_settings.py

• tags: allow setting tag truncate length @valentijnscholten (#13943)
• reimport: match findings in batches @valentijnscholten (#13889)
• auditlog: switch to pghistory (for real) @valentijnscholten (#13587)
• 🎉 Add ICSA vulnid @manuel-sommer (#13895)
• 🐛 Remove unselected parsers from filters and test types @manuel-sommer (#13767)

🚩 Database migration

• finding template refactor @valentijnscholten (#13946)
• rename/reorder migrations after recent merges @dogboat (#13915)
• api tokens: allow admins to reset user tokens @valentijnscholten (#13885)
• auditlog: switch to pghistory (for real) @valentijnscholten (#13587)

🚀 General features and enhancements

• reimport: match findings in batches @valentijnscholten (#13889)

🚀 API features and enhancements

• Add permission classes and refine queryset in BurpRawRequestResponseViewSet @Maffooch (#14013)
• finding template refactor @valentijnscholten (#13946)
• pghistory: add context for each process and celery tasks @valentijnscholten (#13988)
• metrics: use mitigated_date for closed findings @valentijnscholten (#13945)
• push_to_jira: fix pushing to JIRA during import/reimport in asynchronous mode @valentijnscholten (#13916)
• api tokens: allow admins to reset user tokens @valentijnscholten (#13885)

🐛 Bug Fixes

• dedupe reopen: continue to try all match candidates @valentijnscholten (#14011)
• push_to_jira: fix pushing to JIRA during import/reimport in asynchronous mode @valentijnscholten (#13916)

🖌 Updates in UI

• finding template refactor @valentijnscholten (#13946)
• metrics: use mitigated_date for closed findings @valentijnscholten (#13945)
• Fix product.html and engagements_all.html formatting and add autoWidth false @testaccount90009 (#13884)
• api tokens: allow admins to reset user tokens @valentijnscholten (#13885)
• auditlog: switch to pghistory (for real) @valentijnscholten (#13587)
• finding list: disable autowidth to fix too wide column @valentijnscholten (#13835)

🔧 Improved code quality with linters

• reimport: match findings in batches @valentijnscholten (#13889)

🧰 Maintenance

• chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) @renovate (#14008)
• chore(deps): bump celery from 5.6.0 to 5.6.1 @dependabot (#14005)
• fix(deps): update dependency @tabler/icons from 3.36.0 to v3.36.1 (docs/package.json) @renovate (#14023)
• chore(deps): bump gitpython from 3.1.45 to 3.1.46 @dependabot (#14022)
• chore(deps): bump pdfmake from 0.2.21 to 0.3.0 in /components @dependabot (#14021)
• chore(deps): update dependency vcrpy from 8.1.0 to v8.1.1 (requirements-dev.txt) @renovate (#14026)
• chore(deps): update dependency renovatebot/renovate from 42.66.11 to v42.71.0 (.github/workflows/renovate.yaml) @renovate (#14025)
• chore(deps): bump pillow from 12.0.0 to 12.1.0 @dependabot (#14020)
• chore(deps): bump django-polymorphic from 4.5.1 to 4.5.2 @dependabot (#14019)
• chore(deps): bump drf-spectacular-sidecar from 2025.12.1 to 2026.1.1 @dependabot (#14018)
• chore(deps): update python:3.13.11-slim-trixie docker digest from 3.13.11 to v (dockerfile.integration-tests-debian) @renovate (#14003)
• chore(deps): update python docker tag from 3.13.7 to v3.13.11 (dockerfile.nginx-alpine) @renovate (#13995)
• chore(deps): bump python-gitlab from 7.0.0 to 7.1.0 @dependabot (#13990)
• ⬆️ Bump django-filter from 25.1 to 25.2 @dependabot (#13346)
• Update dependency gohugoio/hugo from v0.153.2 to v0.153.4 (.github/workflows/validate_docs_build.yml) @renovate (#13985)
• fix(deps): update dependency @docsearch/js from 4.3.2 to v4.4.0 (docs/package.json) @renovate (#13957)
• chore(deps): update dependency renovatebot/renovate from 42.66.4 to v42.66.11 (.github/workflows/renovate.yaml) @renovate (#13987)
• chore(deps): bump django-polymorphic from 4.4.1 to 4.5.1 @dependabot (#13980)...

2.53.5 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.4

• Fix JIRA form processing logic to not skip pushing new findings when finding_jira_sync is enabled @valentijnscholten (#13983)
• Add test_type mismatch validation during reimport (#10219) @valentijnscholten (#13975)
• Fix: Populate vulnerability_id field in BlackDuck Binary Analysis parser @valentijnscholten (#13973)
• Fix FileUpload.copy() to prevent title length exceeding 100 chars @valentijnscholten (#13968)
• Fix Tenable CSV import fails with 'Version of CPE not implemented' @valentijnscholten (#13967)
• Fix cross-scanner deduplication endpoint parsing (#10215) @valentijnscholten (#13964)
• Fix CycloneDX XML import failing when vulnerability description is missing @valentijnscholten (#13963)
• Increasing timeouts for unit tests @rossops (#13849)
• feat(docker): Manage images via renovate (not dependabot) @kiblik (#13953)
• Added relevant test name to "close old findings" comment @Jino-T (#13930)

2.53.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.3

• release process fix for 2.53.4: also start valkey is it's now required by the entrypoitn scripts @valentijnscholten (#13960)
• Github action fix for 2.53.4 @valentijnscholten (#13958)
• github action fetch openapi spec must wait for dojo to be up @valentijnscholten (#13955)
• feat(broker): Add start-up checker @kiblik (#13931)
• fix(GHA): Fix annotation for renovate and dependabot @kiblik (#13941)
• Make Twistlock Parser use discoveredDate for Date @Jino-T (#13922)
• Make SonarQube Parser use creationDate for Date @Jino-T (#13919)
• make ordering by sla_age more reliable @valentijnscholten (#13918)
• Change log level from warning to debug for cwe check @Maffooch (#13909)
• docs: add dedupe batching note to 2.53 upgrade notes @valentijnscholten (#13914)
• feat(HELM): Make HPA more Argo-friendly @kiblik (#13882)
• Add DD_SOCIAL_AUTH_CREATE_USER_MAPPING to docs @manuel-sommer (#13929)
• Refactor GitHub integration error handling @Maffooch (#13913)

🚩 Changes to settings.dist.py / local_settings.py

• tags: allow setting tag truncate length @valentijnscholten (#13943)

🚀 API features and enhancements

• metrics: use mitigated_date for closed findings @valentijnscholten (#13945)
• push_to_jira: fix pushing to JIRA during import/reimport in asynchronous mode @valentijnscholten (#13916)

🐛 Bug Fixes

• push_to_jira: fix pushing to JIRA during import/reimport in asynchronous mode @valentijnscholten (#13916)

🖌 Updates in UI

• metrics: use mitigated_date for closed findings @valentijnscholten (#13945)
• Fix product.html and engagements_all.html formatting and add autoWidth false @testaccount90009 (#13884)

2.53.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.2

• Refactor async_delete mapping and filter logic @Maffooch (#13908)

2.53.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.1

• reimport: add internal dupe test when reimport into empty test @valentijnscholten (#13890)
• reimport: add management command to reimport sample scans @valentijnscholten (#13893)
• (chore) importers: log time spent on parsing @valentijnscholten (#13892)
• foundy_by: optimize for dedupe @valentijnscholten (#13888)
• jira: add none checks in a few places @valentijnscholten (#13886)
• Update RELEASING.md with release type clarifications @valentijnscholten (#13881)
• fix logger NoneType during single finding save @valentijnscholten (#13880)
• fix(HELM): Improve autogeneration of annotation @kiblik (#13879)
• feat(releases): Add section for GHA @kiblik (#13867)
• async delete: retry on deadlock @valentijnscholten (#13863)
• 💄 Beautify Rubocop json @manuel-sommer (#13894)
• fix(HELM): Use renovate-compatible format @kiblik (#13866)
• fix(GHA): Failed if all dependences had not been in latest version @kiblik (#13865)
• [docs] update sso docs: permission scope @paulOsinski (#13850)
• [docs] Pro changelog updates @paulOsinski (#13855)
• [docs] asset/organization in Pro @paulOsinski (#13848)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add ICSA vulnid @manuel-sommer (#13895)

2.53.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.53.0

• Add null check for engagement in permission validation @Maffooch (#13832)
• fix(GHA): Correction of #13722 @kiblik (#13833)
• fix(helm): Drop djnago.mediaPersistentVolume.fsGroup @kiblik (#13813)
• 💄 reformat whispers sample scan reports @manuel-sommer (#13790)
• 🎉 Add 'fix_available' field to legitify @manuel-sommer (#13791)
• [docs] "about us" section maintenance @paulOsinski (#13783)
• UI: Add AND logic for tag filtering @PoojasPatel013 (#13789)

🖌 Updates in UI

• finding list: disable autowidth to fix too wide column @valentijnscholten (#13835)

🧰 Maintenance

• chore(deps): bump urllib3 from 2.5.0 to 2.6.0 @dependabot (#13834)
• chore(deps): bump django from 5.1.14 to 5.1.15 @dependabot (#13814)

2.53.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.52.0

• Remove left over log statement @valentijnscholten (#13784)
• fix: enable uwsgi DD_UWSGI_EXTRA_ARGS passthrough @Bump-Action (#13756)
• fix(helm): Avoid forbidden chars in annotation @kiblik (#13772)
• 🎉 Add 'fix_available' field to zora parser @manuel-sommer (#13760)
• Unit Testing: Do no run in debug mode in order to reduce logging @Maffooch (#13241)
• docs: Update number of concurrent connections for uWSGI @NoaFayn (#13752)
• Add path filter for docs in gh-pages workflow @Maffooch (#13755)
• Change log level from info to debug for Watson indexing @Maffooch (#13748)
• system settings caching optimization + test cases @valentijnscholten (#13739)
• Add boto3 dependency to dependabot configuration @Maffooch (#13733)
• 🐛 fix severity order of trivy @manuel-sommer (#13736)
• 🎉 implement zora vulnerabilty parser @manuel-sommer (#13744)
• 💄 restructure github vulnerability reports @manuel-sommer (#13745)
• [docs] update Jira documentation for Jira Spaces @paulOsinski (#13749)
• [docs] Add Apollo script @paulOsinski (#13734)
• Feat: Add HPA & PDB Helm Chart Support #13391 @carlosmt86 (#13512)
• fix(helm): Missing annotation for "master-into-..." @kiblik (#13722)
• feat(renovate): Do not split updates for renovate @kiblik (#13723)
• Qualys parser add CVEs to Vulnerability Ids for xml files @Jino-T (#13710)
• feat(helm): Relocate docs/schema hints @kiblik (#13698)
• [docs] typo fixes @paulOsinski (#13709)
• ⬆️ Bump ruff from 0.14.4 to 0.14.5 @manuel-sommer (#13708)
• 🐛 fix finding closed with a provided mitigated date #13699 @manuel-sommer (#13700)
• fix(helm): merge extraAnnotations with init job annotations @qlimenoque (#13677)
• docs: Update the API pull documentation @sNiXx (#13689)
• 🎉 Add pwn sast fix_available field @manuel-sommer (#13702)
• log a line when custom hash method is used @valentijnscholten (#13679)
• 🐛 fix DD_EDITABLE_MITIGATED_DATA close finding internal server error #13699 @manuel-sommer (#13701)
• reimport: support pro compute hash code method @valentijnscholten (#13680)
• fix(helm/renovate/dependabot): Commit changes & fix condition format @kiblik (#13695)
• feat(renovate): Wait 2 days to use latest k8s @kiblik (#13694)
• 🎉 Add Kubeaudit fix_available field @manuel-sommer (#13684)
• 🎉 implement new threatmapper file format #13639 @manuel-sommer (#13655)
• 🐛 fix debug mode in logging #13659 @manuel-sommer (#13662)
• 🐛 fix nancy severity calculation #13656 @manuel-sommer (#13657)
• 🎉 add Dawnscanner fix_available field. @manuel-sommer (#13660)
• 🎉 Advance ibm app parser with fix_available @manuel-sommer (#13663)
• 💄 beautify drheader jsonfiles @manuel-sommer (#13672)
• feat(renovate): track oldest maintained k8s @kiblik (#13670)
• 🐛 harden jfrog xray unified file parsing #13628 @manuel-sommer (#13632)
• Improve tag handling in importers and add tests for tag imports @Maffooch (#13650)
• [docs] SLAs for Pro @paulOsinski (#13652)
• 💄 Nancy parser docs: fix tool link @manuel-sommer (#13633)
• fix(helm): Fix PVC templating after #13210 @kiblik (#13619)
• 🐛 fix nancy file format update #12860 @manuel-sommer (#13634)
• SLA Calculations: Remove product grade calculation and consolidate task handlers @Maffooch (#13630)
• fix(helm/dependabot/renovate): Fix broken automatic update @kiblik (#13613)
• feat(renovate): track oldest maintained k8s @kiblik (#13545)
• 🐛 fix TestForms date validation #13623 @manuel-sommer (#13624)
• [docs] moving Parser Docs to new index @paulOsinski (#13528)
• Make Finding Group Push to Jira Push Push to Duplicate Issues @Jino-T (#13573)
• 🐛 calender: Fix incorrect end dates for engagements and tests #13593 @manuel-sommer (#13595)
• feat(renovate): Update renovate only weekly @kiblik (#13611)
• 🐛 Catch AuthTokenError in middleware @manuel-sommer (#13608)

💣 Breaking changes

• feat(helm): Use Valkey @kiblik (#13408)

🚩 Changes to settings.dist.py / local_settings.py

• JIRA: add retry/rate limit support @valentijnscholten (#13786)
• Add OpenReports import support @mfyll (#13562)
• 🎉 implement certfr vulnid @manuel-sommer (#13730)
• Deduplicate findings in batches @valentijnscholten (#13491)
• 🎉 Add VA vulnid @manuel-sommer (#13675)
• 🎉 Make social auth exceptions configurable @manuel-sommer (#13596)
• Adding SOCIAL_AUTH_REDIRECT_IS_HTTPS, to enable use of HTTPS protocol when redirecting after login using social auth. @marcelhorner (#13614)
• 🎉 implement n0s1 scanner #13564 @manuel-sommer (#13580)

🚩 Database migration

• 🐛 fix create questionnaire with empty survey @manuel-sommer (#13728)
• 🎉 Advance reimport to update fix_available field #12633 @manuel-sommer (#12922)

🚀 API features and enhancements

• Add choice fields for business criticality, platform, lifecycle, and origin @Maffooch (#13740)
• Add notification when finding is created via the API @Juu (#13732)
• 🐛 add user mention notifications in note creation for Engagement, Finding, and Tests @Maffooch (#13696)

🖌 Updates in UI

• 🎉 Advance reimport to update fix_available field #12633 @manuel-sommer (#12922)

🧰 Maintenance

• Update dependency renovatebot/renovate from 42.21.0 to v42.27.0 (.github/workflows/renovate.yaml) @renovate (#13788)
• chore(deps): bump boto3 from 1.41.4 to 1.41.5 @dependabot (#13782)
• Update dependency prettier from 3.6.2 to v3.7.2 (docs/package.json) @renovate (#13781)
• Update nginx/nginx-prometheus-exporter Docker tag from 1.4.2 to v1.5.1 (helm/defectdojo/values.yaml) @renovate (#13726)
• chore(deps): bump boto3 from 1.41.1 to 1.41.4 @dependabot (#13778)
• chore(deps): update actions/setup-python action from v6.0.0 to v6.1.0 (.github/workflows/test-helm-chart.yml) @renovate (#13774)
• chore(deps): bump packageurl-python from 0.17.5 to 0.17.6 @dependabot (#13773)
• chore(deps): bump psycopg[c] from 3.2.12 to 3.2.13 @dependabot (#13764)
• chore(deps): bump ruff from 0.14.5 to 0.14.6 @dependabot (#13763)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.37.9 to v1.37.10 (helm/defectdojo/values.yaml) @renovate (#13725)
• Update peter-evans/create-pull-request action from v7.0.8 to v7.0.9 (.github/workflows/update-sample-data.yml) @renovate (#13757)
• Update dependency renovatebot/renovate from 42.13.3 to v42.21.0 (.github/workflows/renovate.yaml) @renovate (#13759)
• chore(deps): bump boto3 from 1.41.0 to 1.41.1 @dependabot (#13753)
• chore(deps): update actions/checkout action from v5.0.1 to v6 (.github/workflows/validate_docs_build.yml) @renovate (#13747)
• chore(deps): update dependency yamale from 6.0.0 to v6.1.0 (.github/workflows/test-helm-chart.yml) @renovate (#13746)
• Update dependency vite from 7.2.2 to v7.2.4 (docs/package.json) @renovate (#13741)
• chore(deps): bump boto3 from 1.40.75 to 1.41.0 @dependabot (#13743)
• chore(deps): bump redis from 7.0.1 to 7.1.0 @dependabot (#13742)
• chore(deps): bump boto3 from 1.40.74 to 1.40.75 @dependabot (#13731)
• chore(deps): update actions/checkout action from v5.0.0 to v5.0.1 (.github/workflows/validate_docs_build.yml) @renovate (#13724)
• chore(deps): bump datatables.net from 2.3.4 to 2.3.5 in /components @dependabot (#13716)
• chore(deps): bump boto3 from 1.40.73 to 1.40.74 @dependabot (#13715)
• chore(deps): update dependency renovatebot/renovate from 42.5.4 to v42.13.3 (.github/workflows/renovate.yaml) @renovate (#13713)
• Update dependency kubernetes from v1.31.13 to v1.32.10 (.github/workflows/k8s-tests.yml) @renovate (#13719)
• Update dependency renovatebot/renovate from 42.5.0 to v42.5.4 (.github/workflows/renovate.yaml) @renovate (#13712)
• Update postgres:18.1-alpine Docker digest from 18.1 to 18.1-alpine (docker-compose.yml) @renovate (#13711)
• chore(deps): update postgres docker tag from 18.0 to v18.1 (docker-compose.yml) @renovate (#13704)
• chore(deps): bump boto3 from 1.40.72 to 1.40.73 @dependabot (#13706)
• chore(deps): bump boto3 from 1.40.71 to 1.40.72 @dependabot (#13697)
• Update dependency gohugoio/hugo from v0.152.1 to v0.152.2 (.github/workflows/validate_docs_build.yml) @renovate (#13665)
• Update dependency @docsearch/js from 4.3.1 to v4.3.2 (docs/package.json) @renovate (#13674)
• chore(deps): bump vulners from 3.1.1 to 3.1.2 @dependabot (#13691)
• chore(deps): bump boto3 from 1.40.69 to 1.40.71 @dependabot (#13692)
• Update dependency kubernetes/kubernetes from v1.34.1 to v1.34.2 (.github/workflows/k8s-tests.yml) @renovate (#13693)
• Update dependency node from 24.11.0 to v24.11.1 (.github/workflows/validate_docs_build.yml) @renovate (#13686)
• Update dependency @docsearch/css from 4.3.1 to v4.3.2 (docs/package.json) @renovate (#13673)
• chore(deps): update dependency renovatebot/renovate from 42.0.3 to v42.5.0 (.github/workflows/renovate.yaml) @renovate (#13651)
• chore(deps): update softprops/action-gh-release action from v2.4.1 to v2.4.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#13654)
• chore(deps): bump boto3 from 1.40.68 to 1.40.69 @dependabot (#13661)
• chore(deps): bump django-crispy-forms from 2.4 to 2.5 @dependabot (#13642)
• chore(deps): bump django-dbbackup from 5.0.0 to 5.0.1 @dependabot (#13643)
• chore(deps): bump asteval from 1.0.6 to 1.0.7 @dependabot (#13646)
• chore(deps): update dependency vite from 7.2.1 to v7.2.2 (docs/package.json) @renovate (#13641)
• chore(deps): bump boto3 from 1.40.66 to 1.40.68 @dependabot (#13644)
• chore(deps): bump ruff from 0.14.3 to 0.14.4 @dependabot (#13645)
• chore(deps): update dependency renovatebot/renovate from ...