nightly-dev 🌈

Run the release drafter to populate the release notes.

2.48.5 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.48.4

• Ruff: Preparation for TRY301 @manuel-sommer (#12738)
• close old findings: make test cases test default behaviour @valentijnscholten (#12842)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add NCSC vulnid @manuel-sommer (#12818)

2.48.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

🚀 API features and enhancements

• Reimport: Restore default for close_old_findings to True @Maffooch (#12837)

2.48.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.48.2

• Trivy: Use CVSS scores from other vendors where applicable @Maffooch (#12826)
• Dependency Check: Support CVSS v3 @Maffooch (#12828)

🚀 API features and enhancements

• product api: optimize list of finding ids @valentijnscholten (#12827)

🖌 Updates in UI

• Anchore grype EPSS fix @valentijnscholten (#12825)

2.48.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.48.1

• bugfix: twistlock: fix no cvss case @valentijnscholten (#12809)
• sysdig: support 2025 formats @valentijnscholten (#12810)
• github action: close manually marked stale issues/prs after 7 days @valentijnscholten (#12812)
• ms_defender: skip empty files from zip @valentijnscholten (#12780)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add GSD vulnid @manuel-sommer (#12794)

🚩 Database migration

• importers: clean tags before saving @valentijnscholten (#12811)
• addition of validation to minimum and maximum password settings @blakeaowens (#12798)

🚀 General features and enhancements

• bugfix: use subquery for (finding) counts @valentijnscholten (#12784)

🚀 API features and enhancements

• bugfix: reimport: close_old_findings must respect service field @valentijnscholten (#12782)

🖌 Updates in UI

• Make KEV data visible on findings listing @dogboat (#12785)

2.48.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.48.0

• twistlock: parse compliances @valentijnscholten (#12772)
• [docs] Add deduplication hashcode fields to parser descriptions @paulOsinski (#12648)
• allow users with edit user permission to force password resets @valentijnscholten (#12761)
• Zap: Add test case with more request/response pairs @valentijnscholten (#12733)
• docs: Pro changelog update 2.47.3 / 2.47.4 @paulOsinski (#12746)
• add risk acceptance: display more fields in findings dropdown @valentijnscholten (#12745)
• include vuln_id_from_tool in group_by @LeoOMaia (#12744)

🚩 Changes to settings.dist.py / local_settings.py

🚩 Database migration

🚀 API features and enhancements

🖌 Updates in UI

2.48.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.47.0

• endpoint metrics test: ignore order @valentijnscholten (#12736)
• finding groups: filter by product if applicable @valentijnscholten (#12711)
• add management command to import all unit test sample scans @valentijnscholten (#12700)
• unittests: import query/task count capture @valentijnscholten (#12716)
• Mend Parser change - redundant field removed @testaccount90009 (#12685)
• fix import_scan open mode in closeold test @fopina (#12725)
• dev: hot reloading improvements celery/html/tpl @valentijnscholten (#12714)
• post processing: check for finding being None @valentijnscholten (#12713)
• integration tests: sync suite between GHA and entrypoint @valentijnscholten (#12703)
• Delete tests/local-integration-tests.sh/.bat @valentijnscholten (#12702)
• cobalt api: add note about v1 api keys only @valentijnscholten (#12646)
• Async Delete: Correct instances of multiple audit log entries for delete @Maffooch (#12650)
• twistlock json: safely get fields @valentijnscholten (#12701)
• trivy: map status field @valentijnscholten (#12686)
• Update Fixture-Updater binary to use latest Go version (1.24.4) @svader0 (#12704)
• metrics filters: improve handling when nothing matches the filters @valentijnscholten (#12687)
• Import EPSS data from Anchore Grype scans @bwt-sloanj (#12639)
• login next param: set default for sso redirects @valentijnscholten (#12677)
• checkmarx: close files used in unit tests @valentijnscholten (#12647)
• [docs] update pro changelog 2.47.2, remove redundant content @paulOsinski (#12649)
• ReversingLabs SpectraAssure rl-json parser for DefectDojo @rl-maartenb (#12579)
• Change CLI tool reference in docs @Jino-T (#12619)
• docs maintenance - priority @paulOsinski (#12623)
• Simple metrics closed per month query improvement @valentijnscholten (#12599)
• PR template: adjust freeze wording @valentijnscholten (#12608)
• remove outdated (mysql) test database instructions @valentijnscholten (#12609)
• add postgres 17 upgrade steps to 2.39.0 upgrade notes @valentijnscholten (#12585)
• feat(docker): Depends_on based on initializer @kiblik (#12584)
• 🐛 Nmap parser: Add url info to description #12411 @manuel-sommer (#12466)
• 💄 pretty print cargo audit test file @manuel-sommer (#12590)
• simple metrics: count closed findings not opened in current month @valentijnscholten (#12595)
• JIRA helper: respect simple/full risk acceptance on webhook processiing @valentijnscholten (#12594)
• 💄 restructure coverity scan test files @manuel-sommer (#12559)
• Changelog + Minor Docs Maintenance @paulOsinski (#12551)
• Pro Feature - Deduplication tuning documentation update @skywalke34 (#12471)
• Checkov report parsing enhanced @shodanwashere (#12398)

🚩 Changes to settings.dist.py / local_settings.py

• jira: truncate description if max length exceeded @valentijnscholten (#12732)
• 🎉 Add JVNDB vulnid @manuel-sommer (#12724)
• 🎉 Add Lenovo vulnid @manuel-sommer (#12696)
• 🎉 Add Tailscale vulnid @manuel-sommer (#12645)
• Burp Enterprise renamed to Burp DAST @valentijnscholten (#12604)
• 🎉 Implement Cycognito parser @manuel-sommer (#12558)
• 🎉 Add EUVD vulnid @manuel-sommer (#12589)
• 🎉 Add Go vulnid @manuel-sommer (#12564)

🚩 Database migration

• rebase migrations @valentijnscholten (#12726)
• remove actual_time and estimated_time fields @valentijnscholten (#12712)
• add fields for kev-related data to finding model @dogboat (#12678)
• Improve cvssv3 validation @valentijnscholten (#12440)
• Clarify JIRA accepted and false positives mappings @valentijnscholten (#12593)

🚀 API features and enhancements

• Improve cvssv3 validation @valentijnscholten (#12440)
• API: Allow filtering users on last_login/date_joined @valentijnscholten (#12640)
• API: prevent duplicate saves of taggable entities or when pushing to JIRA @valentijnscholten (#12607)

🖌 Updates in UI

• 🎉 Add JVNDB vulnid @manuel-sommer (#12724)
• Finding Groups: Respect minimum severity and active/verified rules when pushing to JIRA @valentijnscholten (#12475)
• Datatables.net package updates @devospice (#12682)
• Optimize queryset annotations & prefetches to cut DB time for test / finding / product views (issue #12575) @DenysMoskalenko (#12603)
• Feature/asvs 5.0 benchmark @ivhorodko (#12669)
• Fix Finding_Text @9alexx3 (#12628)
• SAML Login: Respect next parameter @Maffooch (#12560)
• Session Warning: Prevent timeout overflow for large session ages @Maffooch (#12547)

🔧 Improved code quality with linters

• 💄 Restructure Ruff rules according to documentation @manuel-sommer (#12552)

🧰 Maintenance

• Bump boto3 from 1.39.0 to 1.39.1 @dependabot (#12734)
• Bump drf-spectacular-sidecar from 2025.6.1 to 2025.7.1 @dependabot (#12729)
• Bump pillow from 11.2.1 to 11.3.0 @dependabot (#12728)
• Bump boto3 from 1.38.46 to 1.39.0 @dependabot (#12727)
• Bump boto3 from 1.38.44 to 1.38.46 @dependabot (#12723)
• Bump python-gitlab from 6.0.0 to 6.1.0 @dependabot (#12720)
• Bump nginx from 1.27.5-alpine3.21 to 1.28.0-alpine3.21 @dependabot (#12719)
• Bump openapitools/openapi-generator-cli from v7.13.0 to v7.14.0 @dependabot (#12718)
• Bump lxml from 5.4.0 to 6.0.0 @dependabot (#12709)
• Bump ruff from 0.12.0 to 0.12.1 @dependabot (#12708)
• Bump boto3 from 1.38.44 to 1.38.45 @dependabot (#12707)
• Bump social-auth-core from 4.6.1 to 4.7.0 @dependabot (#12706)
• Update dependency prettier from 3.6.1 to v3.6.2 (docs/package.json) @renovate (#12705)
• Bump django-auditlog from 3.1.2 to 3.2.0 @dependabot (#12697)
• Bump django-prometheus from 2.4.0 to 2.4.1 @dependabot (#12698)
• Bump boto3 from 1.38.43 to 1.38.44 @dependabot (#12699)
• chore(deps): update node.js from v22.16.0 to v22.17.0 (docs/package.json) @renovate (#12688)
• chore(deps): update dependency prettier from 3.6.0 to v3.6.1 (docs/package.json) @renovate (#12689)
• Bump boto3 from 1.38.42 to 1.38.43 @dependabot (#12692)
• Update dependency vite from 6.3.5 to v7 (docs/package.json) @renovate (#12680)
• Bump boto3 from 1.38.41 to 1.38.42 @dependabot (#12679)
• Bump django-tagulous from 2.1.0 to 2.1.1 @dependabot (#12672)
• Bump boto3 from 1.38.40 to 1.38.41 @dependabot (#12673)
• Update dependency prettier from 3.5.3 to v3.6.0 (docs/package.json) @renovate (#12671)
• Bump django-prometheus from 2.3.1 to 2.4.0 @dependabot (#12636)
• Bump urllib3 from 2.4.0 to 2.5.0 @dependabot (#12637)
• Bump markdown from 3.8 to 3.8.2 @dependabot (#12642)
• Bump boto3 from 1.38.38 to 1.38.40 @dependabot (#12643)
• Update docker/setup-buildx-action action from v3.11.0 to v3.11.1 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12626)
• Bump ruff from 0.11.13 to 0.12.0 @dependabot (#12630)
• Bump boto3 from 1.38.37 to 1.38.38 @dependabot (#12629)
• Update docker/setup-buildx-action action from v3.10.0 to v3.11.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#12614)
• Bump boto3 from 1.38.36 to 1.38.37 @dependabot (#12621)
• Update mccutchen/go-httpbin Docker tag from 2.18.2 to v2.18.3 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12605)
• Bump boto3 from 1.38.35 to 1.38.36 @dependabot (#12600)
• Bump boto3 from 1.38.34 to 1.38.35 @dependabot (#12597)
• Update stefanzweifel/git-auto-commit-action action from v6.0.0 to v6.0.1 (.github/workflows/release-3-master-into-dev.yml) @renovate (#12592)
• Bump boto3 from 1.38.33 to 1.38.34 @dependabot (#12591)
• Update mccutchen/go-httpbin Docker tag from 2.18.1 to v2.18.2 (docker-compose.override.unit_tests_cicd.yml) @renovate (#12588)
• Update softprops/action-gh-release action from v2.3.0 to v2.3.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12586)
• Update stefanzweifel/git-auto-commit-action action from v5.2.0 to v6 (.github/workflows/release-3-master-into-dev.yml) @renovate (#12587)
• Bump requests from 2.32.3 to 2.32.4 @dependabot (#12582)
• Bump requests from 2.32.3 to 2.32.4 @dependabot (#12578)
• Bump boto3 from 1.38.32 to 1.38.33 @dependabot (#12581)
• Bump cryptography from 45.0.3 to 45.0.4 @dependabot (#12580)
• Update softprops/action-gh-release action from v2.2.2 to v2.3.0 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#12577)
• Update postgres:17.5-alpine Docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12576)
• Bump packageurl-python from 0.17.0 to 0.17.1 @dependabot (#12568)
• Bump boto3 from 1.38.31 to 1.38.32 @dependabot (#12569)
• Bump ruff from 0.11.12 to 0.11.13 @dependabot (#12562)
• Bump boto3 from 1.38.30 to 1.38.31 @dependabot (#12563)
• Update redis Docker tag from 7.2.8 to v7.2.9 (docker-compose.yml) @renovate (#12529)
• Bump boto3 from 1.38.29 to 1.38.30 @dependabot (#12557)
• Bump packageurl-python from 0.16.0 to 0.17.0 @dependabot (#12556)
• Bump boto3 from 1.38.28 to 1.38.29 @dependabot (#12554)
• Bump python-gitlab from 5.6.0 to 6.0.0 @dependabot (#12553)
• Bump redis from 5.2.1 to 6.2.0 @dependabot (#12523)
• Update postgres:17.5-alpine Docker digest from 17.5 to 17.5-alpine (docker-compose.yml) @renovate (#12546)
• Bump uwsgi from 2.0.29 to 2.0.30 @dependabot (#12549)
• Bump boto3 from 1.38.27 to 1.38.28 @dependabot (#12548)
• Bump argon2-cffi from 23.1.0 to 25.1.0 @dependabot (#12550)
• Update dependency @tabler/icons from 3.33.0 to v3.34.0 (docs/package.json) @renovate (#12545)
• Bump drf-spectacular-sidecar from 2025.5.1 to 2025.6.1 @dependabot (#12537)
• Bump celery from 5.5.2 to 5.5.3 @dependabot (#12535)

2.47.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.47.3

• Delete tests/local-integration-tests.sh/.bat @valentijnscholten (#12702)
• cobalt api: add note about v1 api keys only @valentijnscholten (#12646)
• Async Delete: Correct instances of multiple audit log entries for delete @Maffooch (#12650)
• twistlock json: safely get fields @valentijnscholten (#12701)
• trivy: map status field @valentijnscholten (#12686)
• metrics filters: improve handling when nothing matches the filters @valentijnscholten (#12687)
• login next param: set default for sso redirects @valentijnscholten (#12677)
• checkmarx: close files used in unit tests @valentijnscholten (#12647)
• [docs] update pro changelog 2.47.2, remove redundant content @paulOsinski (#12649)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add Lenovo vulnid @manuel-sommer (#12696)
• 🎉 Add Tailscale vulnid @manuel-sommer (#12645)

🚩 Database migration

• add fields for kev-related data to finding model @dogboat (#12678)

2.47.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.47.2

• Change CLI tool reference in docs @Jino-T (#12619)
• docs maintenance - priority @paulOsinski (#12623)
• Simple metrics closed per month query improvement @valentijnscholten (#12599)
• PR template: adjust freeze wording @valentijnscholten (#12608)
• remove outdated (mysql) test database instructions @valentijnscholten (#12609)

🚩 Changes to settings.dist.py / local_settings.py

• Burp Enterprise renamed to Burp DAST @valentijnscholten (#12604)

🚀 API features and enhancements

• API: Allow filtering users on last_login/date_joined @valentijnscholten (#12640)

🖌 Updates in UI

• Fix Finding_Text @9alexx3 (#12628)

2.47.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.47.1

• add postgres 17 upgrade steps to 2.39.0 upgrade notes @valentijnscholten (#12585)
• 🐛 Nmap parser: Add url info to description #12411 @manuel-sommer (#12466)
• 💄 pretty print cargo audit test file @manuel-sommer (#12590)
• simple metrics: count closed findings not opened in current month @valentijnscholten (#12595)
• JIRA helper: respect simple/full risk acceptance on webhook processiing @valentijnscholten (#12594)
• 💄 restructure coverity scan test files @manuel-sommer (#12559)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 Add EUVD vulnid @manuel-sommer (#12589)
• 🎉 Add Go vulnid @manuel-sommer (#12564)

🧰 Maintenance

• Bump requests from 2.32.3 to 2.32.4 @dependabot (#12578)