Merge upstream/dev into authorization-query-optimize

Resolved conflicts:
- docs/content/en/open_source/upgrading/2.55.md: Kept authorization optimization content with updated weight
- unittests/test_importers_performance.py: Kept optimized query counts from authorization optimization branch
- dojo/__init__.py: Added noqa comments for RUF067 on metadata attributes

Author: valentijnscholten

.gitignore

@@ -127,6 +127,7 @@ docker/extra_fixtures/*
 !docker/extra_fixtures/readme.txt
 docker/extra_settings/*
 !docker/extra_settings/README.md
+dojo/settings/pro_settings.py
 
 
 # Helm dependencies

README.md

@@ -32,18 +32,12 @@ deduplication, remediation, and reporting.
 
 Pro Edition: [pro.demo.defectdojo.com](https://pro.demo.defectdojo.com)
 
-Community Edition: [demo.defectdojo.org](https://demo.defectdojo.org)
+OWASP Community Edition: [demo.defectdojo.org](https://demo.defectdojo.org)
 
 Either demo enviornment can be logged into with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demos are publicly accessible
 and reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload some [sample scan reports](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans).
 
-## Quick Start for Compose V2
-
-From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/).
-
-Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous
-docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using
-`docker compose` instead of `docker-compose`.
+## Quick Start for Docker Compose
 
 ```sh
 # Clone the project
@@ -65,18 +59,6 @@ docker compose up -d
 docker compose logs initializer | grep "Admin password:"
 ```
 
-## For Docker Compose V1
-
-You can run Compose V1 by calling `docker-compose` (by adding the hyphen (-) between `docker compose`).
-
-Following commands are using original version so you might need to adjust them:
-```sh
-docker/docker-compose-check.sh
-docker/entrypoint-initializer.sh
-docker/setEnv.sh
-```
-
-Navigate to `http://localhost:8080` to see your new instance!
 
 ## Documentation
 
@@ -91,29 +73,29 @@ Navigate to `http://localhost:8080` to see your new instance!
 
 ## Supported Installation Options
 
-* [SaaS](https://cloud.defectdojo.com/accounts/onboarding/plg_step_1) - New UI, addittional features, includes support & supports the project
-* [Docker / Docker Compose](readme-docs/DOCKER.md)
+* Pro - SaaS or self-hosted (via K8s or docker compose). [Speak to our team](https://defectdojo.com/contact) or [sign-up for SaaS directly](https://cloud.defectdojo.com/accounts/onboarding/plg_step_1)
+* OS - [docker compose](readme-docs/DOCKER.md)
 
 
 ## Community, Getting Involved, and Updates
 
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp.org/slack/invite)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/updated-dojo-chop.png" alt="Dojo" height="50"/>](https://community-defectdojo.tightknit.community/)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://join.slack.com/t/defectdojocommunity/shared_invite/zt-3l9028wlf-ezDB29D_MIh9ShXdesCHZA)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/>](https://www.linkedin.com/company/defectdojo)
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/x_logo.jpg" alt="Twitter" height="50"/>](https://x.com/defectdojo)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)
 
-[Join the OWASP Slack Community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
-our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on
-[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and
-[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
+Checkout our new [Community Portal](https://community-defectdojo.tightknit.community/) and join the DefectDojo community on [Slack](https://join.slack.com/t/defectdojocommunity/shared_invite/zt-3l9028wlf-ezDB29D_MIh9ShXdesCHZA)! 
+
+Follow DefectDojo on [LinkedIn](https://www.linkedin.com/company/defectdojo), [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ), and [X](https://twitter.com/defectdojo) for platform updates!
 
 ## Contributing
 
 Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for details and standards on contributing __before__ considering or submitting a pull request.
 
 ## Pro Edition
 
-[Upgrade to DefectDojo Pro!](https://defectdojo.com/pricing) Pro transcends the do-it-yourself approach of open-source: A new UI, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: [defectdojo.com/pricing](https://defectdojo.com/pricing).
+[Upgrade to DefectDojo Pro!](https://defectdojo.com/pricing) Pro transcends the do-it-yourself approach of open-source: A new UI, risk-based vulnerability management, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: [defectdojo.com/pricing](https://defectdojo.com/pricing).
 
 Alternatively, for information please email hello@defectdojo.com
 
@@ -128,7 +110,6 @@ Core Moderators can help you with pull requests or feedback on dev ideas:
 * Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))
 
 Moderators can help you with pull requests or feedback on dev ideas:
-* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))
 * Blake Owens ([@blakeaowens](https://github.com/blakeaowens))
 
 ## Hall of Fame
@@ -148,6 +129,11 @@ Moderators can help you with pull requests or feedback on dev ideas:
   Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his
   contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many
   more.
+* Jay Paz ([@jjpaz](https://github.com/grendel513)) – Jay was a DefectDojo
+  maintainer for years. He performed Dojo's first UI overhaul, optomized code structure/features, and added numerous enhancements.
+* Charles Neill ([@ccneill](https://github.com/cneill)) – Charles served as a
+    maintainer of DefectDojo for years and wrote some of Dojo's core functionality.
+
 
 ## Security
 

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.54.0-dev",
+  "version": "2.55.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {
@@ -33,7 +33,7 @@
     "metismenu": "~3.0.7",
     "moment": "^2.30.1",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.3.0",
+    "pdfmake": "^0.3.1",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {

components/yarn.lock

@@ -385,10 +385,10 @@ pdfkit@^0.17.2:
     linebreak "^1.1.0"
     png-js "^1.0.0"
 
-pdfmake@^0.3.0:
-  version "0.3.0"
-  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.0.tgz#b42c5af9aef4095f1310564d4a2f2d49f950cae9"
-  integrity sha512-sS7ow3ZrdFjlC7s4J5k3UA5IHQQbXRs6+NtdzfWDR0SvPa7+M8d69rITObFAsJ4t6iwkKRsc87Q+I/gFlTUVQg==
+pdfmake@^0.3.1:
+  version "0.3.1"
+  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.3.1.tgz#807b550477aab92597069f67d232607728d5afd5"
+  integrity sha512-XPiTWgKyDkbpTyStPLa1QZCl+CfnNjt0uF18wl/OJp6o6xr9zJinBAOcMC64vufOYVk6OQT9ZdkS2r8sFNYtZw==
   dependencies:
     linebreak "^1.1.0"
     pdfkit "^0.17.2"

docker-compose.override.dev.yml

@@ -60,4 +60,4 @@ services:
         protocol: tcp
         mode: host
   "webhook.endpoint":
-    image: mccutchen/go-httpbin:2.19.0@sha256:be41c6c3772393c097e15f9f8ac381de4ce9e9841c545556af98fbe2e707c619
+    image: mccutchen/go-httpbin:2.20.0@sha256:b1620821b6ff191d911629f87a720b88df5397c2554045f1cfb1ffde17c9b898

docs/assets/images/updated-dojo-chop.png

@@ -8,6 +8,12 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## Jan 2025: v2.54
+
+### Jan 5, 2025: v2.54.0
+
+No significant UX changes.
+
 ## Dec 2025: v2.53
 
 ### Dec 29, 2025: v2.53.5
@@ -64,7 +70,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Oct 2025: v2.51
 
-### Oct 27, 2025: v2.51.3
+#### Oct 27, 2025: v2.51.3
 
 * **(Tools)** Added Nuclei scan support for Smart Upload.
 * **(Priority)** Added Prioritization Engine to allow for configurable Priority and Risk calculations for individual Findings under a given Product.
@@ -73,12 +79,12 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 
 
-### Oct 20, 2025: v2.51.2
+#### Oct 20, 2025: v2.51.2
 
 * **(Connectors)** Added Anchore Enterprise Connector.
 
 
-### Oct 14, 2025: v2.51.1
+#### Oct 14, 2025: v2.51.1
 
 * **(Pro UI)** Added Finding Quick Report feature.  Quick report allows users to quickly render an HTML report with the currently displayed Findings on a Finding table.
 
@@ -95,7 +101,7 @@ Click the calculator button to render a score based on the vector string.
 * **(Pro UI)** File names (for attached artifacts) can now be edited directly in the UI.
 * **(Pro UI)** Redirect user to Home after a successful Support Inquiry submission.  
 
-### Oct 6, 2025: v2.51.0
+#### Oct 6, 2025: v2.51.0
 
 No significant Pro changes are present in this release.
 

docs/assets/images/x_logo.jpg

@@ -30,9 +30,9 @@ The switch to `django-pghistory` provides several advantages:
 
 ### Migration Notes
 
-- A one-time data migration will take place to populate the `django-pghistory` tables with the initial snapshot of the tracked models.
+- A one-time data migration will take place to "backfill" the `django-pghistory` tables with the initial snapshot of the tracked models.
 - The migration is designed to be fail-safe: if it fails for some reason, it will continue where it left off.
-- The migration can also be performed up front via
+- If it fails completely or for any other reason you want to trigger it manually, you can do so via:
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_fast"`, or
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_simple"`, or
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill"`

docs/content/en/changelog/changelog.md

@@ -1,7 +1,7 @@
 ---
 title: 'Upgrading to DefectDojo Version 2.55.x'
 toc_hide: true
-weight: -20260101
+weight: -20260105
 description: Authorization related optimizations
 ---