DefectDojo
diff --git a/‎.github/workflows/build-docker-images-for-testing.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-docker-images-for-testing.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/fetch-oas.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/fetch-oas.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 8 additions & 4 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎.github/workflows/k8s-tests.yml‎
Lines changed: 7 additions & 3 deletions b/‎.github/workflows/k8s-tests.yml‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎.github/workflows/release-drafter.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-drafter.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/rest-framework-tests.yml‎
Lines changed: 7 additions & 3 deletions b/‎.github/workflows/rest-framework-tests.yml‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎components/package.json‎
Lines changed: 1 addition & 1 deletion b/‎components/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dojo/__init__.py‎
Lines changed: 1 addition & 1 deletion b/‎dojo/__init__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dojo/api_v2/serializers.py‎
Lines changed: 2 additions & 15 deletions b/‎dojo/api_v2/serializers.py‎
Lines changed: 2 additions & 15 deletions
diff --git a/‎dojo/importers/options.py‎
Lines changed: 3 additions & 1 deletion b/‎dojo/importers/options.py‎
Lines changed: 3 additions & 1 deletion
@@ -49,8 +49,8 @@ jobs:
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 10
-        uses:  actions/upload-artifact@v3
+        uses:  actions/upload-artifact@v4
         with:
-          name: ${{ matrix.docker-image }}
+          name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}
           path: ${{ matrix.docker-image }}-${{ matrix.os }}_img
           retention-days: 1
@@ -51,7 +51,7 @@ jobs:
         run: docker compose down
 
       - name: Upload oas.${{ matrix.file-type }} as artifact
-        uses:  actions/upload-artifact@v3
+        uses:  actions/upload-artifact@v4
         with:
           name: oas-${{ matrix.file-type }}
           path: oas.${{ matrix.file-type }}
 
@@ -45,14 +45,18 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
+        with:
+          path: built-docker-image
+          pattern: built-docker-image-*
+          merge-multiple: true
 
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i nginx/nginx-${{ matrix.os }}_img
-             docker load -i django/django-${{ matrix.os }}_img
-             docker load -i integration-tests/integration-tests-debian_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}_img
+             docker load -i built-docker-image/django-${{ matrix.os }}_img
+             docker load -i built-docker-image/integration-tests-debian_img
              docker images
 
       - name: Set integration-test mode
 
@@ -48,14 +48,18 @@ jobs:
           minikube status
 
       - name: Load images from artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
+        with:
+          path: built-docker-image
+          pattern: built-docker-image-*
+          merge-multiple: true
 
       - name: Load docker images
         timeout-minutes: 10
         run: |-
              eval $(minikube docker-env)
-             docker load -i nginx/nginx-${{ matrix.os }}_img
-             docker load -i django/django-${{ matrix.os }}_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}_img
+             docker load -i built-docker-image/django-${{ matrix.os }}_img
              docker images
 
       - name: Configure HELM repos
 
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Load OAS files from artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
 
       - name: Upload Release Asset - OpenAPI Specification - YAML
         id: upload-release-asset-yaml
 
@@ -20,13 +20,17 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
+        with:
+          path: built-docker-image
+          pattern: built-docker-image-*
+          merge-multiple: true
 
       - name: Load docker images
         timeout-minutes: 10
         run: |-
-             docker load -i nginx/nginx-${{ matrix.os }}_img
-             docker load -i django/django-${{ matrix.os }}_img
+             docker load -i built-docker-image/nginx-${{ matrix.os }}_img
+             docker load -i built-docker-image/django-${{ matrix.os }}_img
              docker images
 
       # run tests with docker compose
 
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.40.0",
+  "version": "2.40.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {
 
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.40.0"
+__version__ = "2.40.1"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"
@@ -1,6 +1,5 @@
 import json
 import logging
-import os
 import re
 from datetime import datetime
 
@@ -803,20 +802,8 @@ class Meta:
 
     def validate(self, data):
         if file := data.get("file"):
-            ext = os.path.splitext(file.name)[1]  # [0] returns path+filename
-            valid_extensions = settings.FILE_UPLOAD_TYPES
-            if ext.lower() not in valid_extensions:
-                if accepted_extensions := f"{', '.join(valid_extensions)}":
-                    msg = (
-                        "Unsupported extension. Supported extensions are as "
-                        f"follows: {accepted_extensions}"
-                    )
-                else:
-                    msg = (
-                        "File uploads are prohibited due to the list of acceptable "
-                        "file extensions being empty"
-                    )
-                raise ValidationError(msg)
+            # the clean will validate the file extensions and raise a Validation error if the extensions are not accepted
+            FileUpload(title=file.name, file=file).clean()
             return data
         return None
 
 
@@ -530,13 +530,15 @@ def validate_tags(
         *args: list,
         **kwargs: dict,
     ) -> list:
-        return self.validate(
+        tags = self.validate(
             "tags",
             expected_types=[list],
             required=False,
             default=[],
             **kwargs,
         )
+        # Force all tags to be lowercase
+        return [tag.lower() for tag in tags]
 
     def validate_test(
         self,
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "defectdojo",`
`3`		`- "version": "2.40.0",`
	`3`	`+ "version": "2.40.1",`
`4`	`4`	`"license" : "BSD-3-Clause",`
`5`	`5`	`"private": true,`
`6`	`6`	`"dependencies": {`