Skip to content

Release: Merge release into master from: release/2.48.1#12775

Merged
rossops merged 10 commits intomasterfrom
release/2.48.1
Jul 14, 2025
Merged

Release: Merge release into master from: release/2.48.1#12775
rossops merged 10 commits intomasterfrom
release/2.48.1

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Jul 14, 2025

Release triggered by rossops

DefectDojo release bot and others added 10 commits July 7, 2025 16:00
Update versions in application files
90baf60
@rossops
Merge pull request #12759 from DefectDojo/master-into-bugfix/2.48.0-2…
4255895 
….49.0-dev

Release: Merge back 2.48.0 into bugfix from: master-into-bugfix/2.48.0-2.49.0-dev
@LeoOMaia
include vuln_id_from_tool in group_by (#12744)
88b9a87
@valentijnscholten
risk acceptance: display more info on add risk acceptance view (#12745)
d1e1534
@paulOsinski
update changelog 2.47.3/4 (#12746)
f617431 
Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
@valentijnscholten
Zap: Add test case with more request/response pairs (#12733)
adadb8e 
* zap: add req-resp unittest v2.26.1

* check number of req-resp pairs

* fix ports

* fix ports

* fix ports
@valentijnscholten
allow users with edit user permission to force password resets (#12761)
14cc5f4 
* allow users with edit user permission to force password resets

* allow also for auth.add_user
@paulOsinski
[docs] Add deduplication hashcode fields to parser descriptions (#12648)
2e5de02 
* add deduplication hashcodes to docs

* add links

---------

Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>
@valentijnscholten
twistlock: parse compliances (#12772)
32bad0b 
* twistlock: parse compliances

* twistlock: finetune
Update versions in application files
8659502
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Jul 14, 2025
edited
Loading

DryRun Security

This pull request introduces documentation updates to the DefectDojo vulnerability management system, specifically adding sample scan data links and deduplication field details in the Burp parser documentation, which are considered informative and do not pose any security risks.

Documentation Information Exposure in docs/content/en/connecting_your_tools/parsers/file/burp.md
Vulnerability Documentation Information Exposure
Description The changes across multiple documentation files add sample scan data links and deduplication field details. While these changes provide transparency about the system's internal logic, they do not represent a significant security vulnerability. The links are to public GitHub repositories, and the deduplication fields are standard metadata used in vulnerability management systems. These disclosures help users understand how DefectDojo processes findings and are intentionally informative.

django-DefectDojo/docs/content/en/connecting_your_tools/parsers/file/burp.md

Lines 41 to 51 in 8659502

~~~
### Sample Scan Data
Sample Burp scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp).
### Default Deduplication Hashcode Fields
By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
- title
- severity
- vuln id from tool

All finding details can be found in the DryRun Security Dashboard.

@rossops rossops closed this Jul 14, 2025
@rossops rossops reopened this Jul 14, 2025
@rossops rossops merged commit 25abde2 into master Jul 14, 2025
85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

Assignees

No one assigned

Labels

docs helm parser unittests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rossops @LeoOMaia @valentijnscholten @paulOsinski