Merge branch 'bugfix' into docs-hierarchy

Author: paulOsinski

.github/workflows/test-helm-chart.yml

@@ -47,26 +47,26 @@ jobs:
           fi
 
       - name: Run chart-testing (list-changed)
-        id: list-changed
+        id: list_changed
         run: |
           changed=$(ct list-changed --config ct.yaml --target-branch ${{ env.ct-branch}})
           if [[ -n "$changed" ]]; then
-            echo "changed=true" >> $GITHUB_ENV
+            echo "changed=true" >> $GITHUB_OUTPUT
           fi
 
       # run version check only if not dev as in dev we have a `x.y.z-dev` version
       # x.y.z gets bumped automatically when doing a release
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=true
-        if: ${{ env.changed == 'true' && env.ct-branch != 'dev' && env.ct-branch != 'bugfix' }}
+        if: ${{ steps.list_changed.outputs.changed == 'true' && env.ct-branch != 'dev' && env.ct-branch != 'bugfix' }}
 
       # run all checks but version increment always when something changed
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml --target-branch ${{ env.ct-branch }} --check-version-increment=false
-        if: env.changed == 'true'
+        if: steps.list_changed.outputs.changed == 'true'
 
       - name: Check update of "artifacthub.io/changes" HELM annotation
-        if: ${{ env.changed == 'true' && !(startsWith(github.head_ref, 'master-into-dev/') || startsWith(github.head_ref, 'master-into-bugfix/')) }}
+        if: ${{ steps.list_changed.outputs.changed == 'true' && !(startsWith(github.head_ref, 'master-into-dev/') || startsWith(github.head_ref, 'master-into-bugfix/')) }}
         run: |
           # fast fail if `git show` fails
           set -e
@@ -95,11 +95,11 @@ jobs:
 
       # - name: Create kind cluster
       #  uses: helm/kind-action@v1.1.0
-      #  if: env.changed == 'true'
+      #  if: steps.list_changed.outputs.changed == 'true'
 
       # - name: Run chart-testing (install)
       #   run: ct install --config ct.yaml --target-branch ${{ env.ct-branch }} --helm-extra-args '--set createSecret=true --set createRabbitMqSecret=true --set createPostgresqlSecret=true --set timeout=900'
-      #  if: env.changed == 'true'
+      #  if: steps.list_changed.outputs.changed == 'true'
 
   docs_generation:
     name: Update documentation

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.53.0"
+__version__ = "2.53.1"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

dojo/authorization/authorization.py

@@ -100,7 +100,9 @@ def user_has_permission(user, obj, permission):
         isinstance(obj, Risk_Acceptance)
         and permission == Permissions.Risk_Acceptance
     ):
-        return user_has_permission(user, obj.engagement.product, permission)
+        if obj.engagement is not None:
+            return user_has_permission(user, obj.engagement.product, permission)
+        return user_has_global_permission(user, permission)
     if ((
         isinstance(obj, Finding | Stub_Finding)
     ) and permission in Permissions.get_finding_permissions()) or (

dojo/templates/dojo/findings_list_snippet.html

@@ -913,6 +913,7 @@ <h3 class="has-filters">
                         );
                     },
                     colReorder: true,
+                    autoWidth: false,
                     "columns": columns,
                     ordering: true,
                     order: [],

dojo/tools/legitify/parser.py

@@ -53,16 +53,21 @@ def get_findings(self, file, test):
                         endpoints.add(Endpoint.from_uri(url))
 
             if is_finding:
+                remediation_steps = policy_info.get("remediationSteps", [])
+                fix_available = False
+                if remediation_steps:
+                    fix_available = True
                 finding = Finding(
                     description=policy_info.get("description", ""),
                     dynamic_finding=False,
                     impact="\n".join(policy_info.get("threat", [])),
-                    mitigation="\n".join(policy_info.get("remediationSteps", [])),
+                    mitigation="\n".join(remediation_steps),
                     references="\n".join(references),
                     severity=self.severity_mapper(policy_info.get("severity", "LOW")),
                     static_finding=True,
                     title=f'{policy_info.get("namespace", "").capitalize()} | {policy_info.get("title", "")}',
                     vuln_id_from_tool=policy_info.get("policyName", None),
+                    fix_available=fix_available,
                 )
                 finding.unsaved_endpoints = list(endpoints)
                 findings.append(finding)

helm/defectdojo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "2.54.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.9.1-dev
+version: 1.9.2-dev
 icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png
 maintainers:
   - name: madchap

helm/defectdojo/README.md

@@ -511,7 +511,7 @@ The HELM schema will be generated for you.
 
 # General information about chart values
 
-![Version: 1.9.1-dev](https://img.shields.io/badge/Version-1.9.1--dev-informational?style=flat-square) ![AppVersion: 2.54.0-dev](https://img.shields.io/badge/AppVersion-2.54.0--dev-informational?style=flat-square)
+![Version: 1.9.2-dev](https://img.shields.io/badge/Version-1.9.2--dev-informational?style=flat-square) ![AppVersion: 2.54.0-dev](https://img.shields.io/badge/AppVersion-2.54.0--dev-informational?style=flat-square)
 
 A Helm chart for Kubernetes to install DefectDojo
 
@@ -623,7 +623,7 @@ A Helm chart for Kubernetes to install DefectDojo
 | django.ingress.enabled | bool | `true` |  |
 | django.ingress.ingressClassName | string | `""` |  |
 | django.ingress.secretName | string | `"defectdojo-tls"` |  |
-| django.mediaPersistentVolume | object | `{"enabled":true,"fsGroup":1001,"name":"media","persistentVolumeClaim":{"accessModes":["ReadWriteMany"],"create":false,"name":"","size":"5Gi","storageClassName":""},"type":"emptyDir"}` | This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume |
+| django.mediaPersistentVolume | object | `{"enabled":true,"name":"media","persistentVolumeClaim":{"accessModes":["ReadWriteMany"],"create":false,"name":"","size":"5Gi","storageClassName":""},"type":"emptyDir"}` | This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume |
 | django.mediaPersistentVolume.name | string | `"media"` | any name |
 | django.mediaPersistentVolume.persistentVolumeClaim | object | `{"accessModes":["ReadWriteMany"],"create":false,"name":"","size":"5Gi","storageClassName":""}` | in case if pvc specified, should point to the already existing pvc |
 | django.mediaPersistentVolume.persistentVolumeClaim.accessModes | list | `["ReadWriteMany"]` | check KUBERNETES.md doc first for option to choose |

helm/defectdojo/values.schema.json

@@ -539,9 +539,6 @@
                         "enabled": {
                             "type": "boolean"
                         },
-                        "fsGroup": {
-                            "type": "integer"
-                        },
                         "name": {
                             "description": "any name",
                             "type": "string"

helm/defectdojo/values.yaml

@@ -495,7 +495,6 @@ django:
   # -- This feature needs more preparation before can be enabled, please visit KUBERNETES.md#media-persistent-volume
   mediaPersistentVolume:
     enabled: true
-    fsGroup: 1001
     # -- any name
     name: media
     # -- could be emptyDir (not for production) or pvc

requirements.txt

@@ -18,7 +18,7 @@ django_extensions==4.1
 django-slack==5.19.0
 django-watson==1.6.3
 django-prometheus==2.4.1
-Django==5.1.14
+Django==5.1.15
 django-single-session==0.2.0
 djangorestframework==3.16.1
 html2text==2025.4.15
@@ -35,7 +35,7 @@ python-dateutil==2.9.0.post0
 redis==7.1.0
 requests==2.32.5
 sqlalchemy==2.0.44  # Required by Celery broker transport
-urllib3==2.5.0
+urllib3==2.6.0
 uWSGI==2.0.31
 vobject==0.9.9
 whitenoise==5.2.0