Merge branch 'bugfix' into dependabot/pip/django-5.2.13

Author: mtesauro

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.57.0",
+  "version": "2.58.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

dojo/tasks.py

@@ -6,6 +6,7 @@
 from celery.utils.log import get_task_logger
 from django.apps import apps
 from django.conf import settings
+from django.core.exceptions import SuspiciousOperation
 from django.core.management import call_command
 from django.db.models import Count, Prefetch
 from django.urls import reverse
@@ -293,7 +294,37 @@ def update_watson_search_index_for_model(model_name, pk_list, *args, **kwargs):
                 continue
 
         # Let watson handle the bulk indexing
-        context_manager.end()
+        try:
+            context_manager.end()
+        except SuspiciousOperation:
+            # Some finding content (e.g. a very long tag-like string) triggered
+            # Django's strip_tags SuspiciousOperation guard.  Fall back to
+            # per-instance indexing so we can skip the offending object(s)
+            # instead of silently dropping the entire batch.
+            # https://www.djangoproject.com/weblog/2025/may/07/security-releases/
+            # https://github.com/DefectDojo/django-DefectDojo/issues/14649
+            logger.warning(
+                f"Batch watson index update for {model_name} hit SuspiciousOperation; "
+                "falling back to per-instance indexing",
+            )
+            instances_added = 0
+            instances_skipped = 0
+            for instance in instances:
+                single_ctx = SearchContextManager()
+                single_ctx.start()
+                try:
+                    single_ctx.add_to_context(engine, instance)
+                    single_ctx.end()
+                    instances_added += 1
+                except SuspiciousOperation:
+                    logger.warning(
+                        f"Skipping watson index update for {model_name}:{instance.pk} "
+                        "— content triggered SuspiciousOperation in strip_tags",
+                    )
+                    instances_skipped += 1
+                except Exception as e:
+                    logger.warning(f"Skipping watson index update for {model_name}:{instance.pk} - {e}")
+                    instances_skipped += 1
 
         logger.debug(f"Completed async watson index update: {instances_added} updated, {instances_skipped} skipped")
 

helm/defectdojo/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.57.0"
+appVersion: "2.58.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.9.21
+version: 1.9.22-dev
 icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png
 maintainers:
   - name: madchap
@@ -33,5 +33,5 @@ dependencies:
 #   - kind: security
 #     description: Critical bug
 annotations:
-  artifacthub.io/prerelease: "false"
-  artifacthub.io/changes: "- kind: changed\n  description: Bump DefectDojo to 2.57.0\n"
+  artifacthub.io/prerelease: "true"
+  artifacthub.io/changes: ""

helm/defectdojo/README.md

@@ -511,7 +511,7 @@ The HELM schema will be generated for you.
 
 # General information about chart values
 
-![Version: 1.9.21](https://img.shields.io/badge/Version-1.9.21-informational?style=flat-square) ![AppVersion: 2.57.0](https://img.shields.io/badge/AppVersion-2.57.0-informational?style=flat-square)
+![Version: 1.9.22-dev](https://img.shields.io/badge/Version-1.9.22--dev-informational?style=flat-square) ![AppVersion: 2.58.0-dev](https://img.shields.io/badge/AppVersion-2.58.0--dev-informational?style=flat-square)
 
 A Helm chart for Kubernetes to install DefectDojo