Skip to content

Release: Merge back 2.53.4 into dev from: master-into-dev/2.53.4-2.54.0-dev #13962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rossops merged 30 commits into from
Dec 22, 2025

Bumping hugo version due to memory issue

f3ce356
Select commit
Loading
Failed to load commit list.
Merged

Release: Merge back 2.53.4 into dev from: master-into-dev/2.53.4-2.54.0-dev #13962

Bumping hugo version due to memory issue
f3ce356
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Dec 22, 2025 in 1m 57s

DryRun Security

Details

General Security Analyzer Findings: 1 detected

⚠️ Information Disclosure via Debug Logging dojo/api_v2/serializers.py (click for details)
Type Information Disclosure via Debug Logging
Description The entire context dictionary is logged at DEBUG level before being passed to importer.process_scan. This context contains highly sensitive model objects such as the full request object, the user object (Dojo_User model), and other model instances like Engagement and Product which can lead to logging of foreign-keyed sensitive data (e.g., API keys, authentication tokens) or private user details.
Filename dojo/api_v2/serializers.py
CodeLink

django-DefectDojo/dojo/api_v2/serializers.py

Lines 2298 to 2301 in f3ce356

logger.debug(f"process_scan called with context: {context}")
start_time = time.perf_counter()
importer = self.get_importer(**context)
context["test"], _, _, _, _, _, _ = importer.process_scan(
View more details on DryRunSecurity