Release: Merge back 2.54.1 into dev from: master-into-dev/2.54.1-2.55.0-dev

.gitignore

@@ -127,6 +127,7 @@ docker/extra_fixtures/*
 !docker/extra_fixtures/readme.txt
 docker/extra_settings/*
 !docker/extra_settings/README.md
+dojo/settings/pro_settings.py
 
 
 # Helm dependencies

docs/content/en/changelog/changelog.md

@@ -8,6 +8,12 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## Jan 2025: v2.54
+
+### Jan 5, 2025: v2.54.0
+
+No significant UX changes.
+
 ## Dec 2025: v2.53
 
 ### Dec 29, 2025: v2.53.5
@@ -64,7 +70,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Oct 2025: v2.51
 
-### Oct 27, 2025: v2.51.3
+#### Oct 27, 2025: v2.51.3
 
 * **(Tools)** Added Nuclei scan support for Smart Upload.
 * **(Priority)** Added Prioritization Engine to allow for configurable Priority and Risk calculations for individual Findings under a given Product.
@@ -73,12 +79,12 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 
 
-### Oct 20, 2025: v2.51.2
+#### Oct 20, 2025: v2.51.2
 
 * **(Connectors)** Added Anchore Enterprise Connector.
 
 
-### Oct 14, 2025: v2.51.1
+#### Oct 14, 2025: v2.51.1
 
 * **(Pro UI)** Added Finding Quick Report feature.  Quick report allows users to quickly render an HTML report with the currently displayed Findings on a Finding table.
 
@@ -95,7 +101,7 @@ Click the calculator button to render a score based on the vector string.
 * **(Pro UI)** File names (for attached artifacts) can now be edited directly in the UI.
 * **(Pro UI)** Redirect user to Home after a successful Support Inquiry submission.  
 
-### Oct 6, 2025: v2.51.0
+#### Oct 6, 2025: v2.51.0
 
 No significant Pro changes are present in this release.
 

docs/content/en/open_source/upgrading/2.54.md

@@ -30,9 +30,9 @@ The switch to `django-pghistory` provides several advantages:
 
 ### Migration Notes
 
-- A one-time data migration will take place to populate the `django-pghistory` tables with the initial snapshot of the tracked models.
+- A one-time data migration will take place to "backfill" the `django-pghistory` tables with the initial snapshot of the tracked models.
 - The migration is designed to be fail-safe: if it fails for some reason, it will continue where it left off.
-- The migration can also be performed up front via
+- If it fails completely or for any other reason you want to trigger it manually, you can do so via:
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_fast"`, or
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_simple"`, or
   - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill"`

docs/content/supported_tools/parsers/file/cloudflare_insights.md

@@ -0,0 +1,22 @@
+---
+title: "Cloudflare Insights"
+toc_hide: true
+---
+
+Import Cloudflare Insights findings using the **CSV export** provided by Cloudflare.
+
+### Sample Scan Data
+Sample Cloudflare Insights files can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/cloudflare_insights).
+
+### Supported Fields
+The parser supports the following CSV columns:
+
+- `severity`
+- `issue_class`
+- `subject`
+- `issue_type`
+- `status`
+- `insight` *(optional)*
+- `detection_method` *(optional)*
+- `risk` *(optional)*
+- `recommended_action`

docs/content/supported_tools/parsers/file/gcloud_artifact_scan.md

@@ -8,6 +8,8 @@ Once a scan is completed, results can be pulled via API/gcloud https://cloud.goo
 ### File Types
 DefectDojo parser accepts Google Cloud Artifact Vulnerability Scan data as a .json file.
 
+[This issue](https://github.com/DefectDojo/django-DefectDojo/issues/8552) describes the way to retrieve the json output. 
+
 ### Sample Scan Data
 Sample reports can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/gcloud_artifact_scan
 

docs/content/supported_tools/parsers/file/pingcastle.md

@@ -1,7 +1,8 @@
+---
 title: "PingCastle"
 toc_hide: true
 ---
 Import results from the [PingCastle](https://www.pingcastle.com/documentation/).
 
 ### Sample Scan Data
-Sample PingCastle scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pingcastle).
+Sample PingCastle scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/pingcastle).

dojo/db_migrations/0255_remove_system_settings_product_grade.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.2.9 on 2026-01-09 23:56
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0254_remove_vulnerability_id_template_model'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='system_settings',
+            name='product_grade',
+        ),
+    ]

dojo/fixtures/defect_dojo_sample_data.json

@@ -814,7 +814,6 @@
     "url_prefix": "",
     "team_name": "",
     "enable_product_grade": true,
-    "product_grade": "def grade_product(crit, high, med, low):\r\n    health=100\r\n    if crit > 0:\r\n        health = 40\r\n        health = health - ((crit - 1) * 5)\r\n    if high > 0:\r\n        if health == 100:\r\n            health = 60\r\n        health = health - ((high - 1) * 3)\r\n    if med > 0:\r\n        if health == 100:\r\n            health = 80\r\n        health = health - ((med - 1) * 2)\r\n    if low > 0:\r\n        if health == 100:\r\n            health = 95\r\n        health = health - low\r\n\r\n    if health < 5:\r\n        health = 5\r\n\r\n    return health",
     "product_grade_a": 90,
     "product_grade_b": 80,
     "product_grade_c": 70,

dojo/fixtures/dojo_testdata.json

@@ -242,7 +242,6 @@
       "mail_notifications_to": "",
       "enable_jira": false,
       "enable_product_grade": true,
-      "product_grade": "def grade_product(crit, high, med, low):\r\n    health=100\r\n    if crit > 0:\r\n        health = 40\r\n        health = health - ((crit - 1) * 5)\r\n    if high > 0:\r\n        if health == 100:\r\n            health = 60\r\n        health = health - ((high - 1) * 3)\r\n    if med > 0:\r\n        if health == 100:\r\n            health = 80\r\n        health = health - ((med - 1) * 2)\r\n    if low > 0:\r\n        if health == 100:\r\n            health = 95\r\n        health = health - low\r\n\r\n    if health < 5:\r\n        health = 5\r\n\r\n    return health",
       "product_grade_a": 90,
       "product_grade_b": 80,
       "product_grade_c": 70,

dojo/fixtures/system_settings.json

@@ -6,7 +6,6 @@
     "enable_deduplication": false,
     "enable_jira": false,
     "url_prefix": "",
-    "product_grade": "def grade_product(crit, high, med, low):\r\n    health=100\r\n    if crit > 0:\r\n        health = 40\r\n        health = health - ((crit - 1) * 5)\r\n    if high > 0:\r\n        if health == 100:\r\n            health = 60\r\n        health = health - ((high - 1) * 3)\r\n    if med > 0:\r\n        if health == 100:\r\n            health = 80\r\n        health = health - ((med - 1) * 2)\r\n    if low > 0:\r\n        if health == 100:\r\n            health = 95\r\n        health = health - low\r\n\r\n    if health < 5:\r\n        health = 5\r\n\r\n    return health",
     "product_grade_a": 90,
     "product_grade_b": 80,
     "product_grade_c": 70,

dojo/forms.py

@@ -3129,7 +3129,7 @@ def clean(self):
 
     class Meta:
         model = System_Settings
-        exclude = ["product_grade"]
+        fields = "__all__"
 
 
 class BenchmarkForm(forms.ModelForm):

dojo/jira_link/helper.py

@@ -603,7 +603,7 @@ def log_jira_alert(error, obj):
     create_notification(
         event="jira_update",
         title="Error pushing to JIRA " + "(" + truncate_with_dots(prod_name(obj), 25) + ")",
-        description=to_str_typed(obj) + ", " + error,
+        description=error + "\n" + to_str_typed(obj),
         url=obj.get_absolute_url(),
         icon="bullseye",
         source="Push to JIRA",
@@ -615,7 +615,7 @@ def log_jira_cannot_be_pushed_reason(error, obj):
     create_notification(
         event="jira_update",
         title="Error pushing to JIRA " + "(" + truncate_with_dots(prod_name(obj), 25) + ")",
-        description=obj.__class__.__name__ + ": " + error,
+        description=error + "\n" + obj.__class__.__name__,
         url=obj.get_absolute_url(),
         icon="bullseye",
         source="Push to JIRA",

dojo/models.py

@@ -441,7 +441,6 @@ class System_Settings(models.Model):
     url_prefix = models.CharField(max_length=300, default="", blank=True, help_text=_("URL prefix if DefectDojo is installed in it's own virtual subdirectory."))
     team_name = models.CharField(max_length=100, default="", blank=True)
     enable_product_grade = models.BooleanField(default=False, verbose_name=_("Enable Product Grading"), help_text=_("Displays a grade letter next to a product to show the overall health."))
-    product_grade = models.CharField(max_length=800, blank=True)
     product_grade_a = models.IntegerField(default=90,
                                           verbose_name=_("Grade A"),
                                           help_text=_("Percentage score for an "
@@ -685,19 +684,6 @@ def clean(self):
                 })
 
 
-class SystemSettingsFormAdmin(forms.ModelForm):
-    product_grade = forms.CharField(widget=forms.Textarea)
-
-    class Meta:
-        model = System_Settings
-        fields = ["product_grade"]
-
-
-class System_SettingsAdmin(admin.ModelAdmin):
-    form = SystemSettingsFormAdmin
-    fields = ("product_grade",)
-
-
 def get_current_date():
     return timezone.now().date()
 
@@ -4854,7 +4840,7 @@ def __str__(self):
 admin.site.register(Tool_Type)
 admin.site.register(Cred_User)
 admin.site.register(Cred_Mapping)
-admin.site.register(System_Settings, System_SettingsAdmin)
+admin.site.register(System_Settings)
 admin.site.register(SLA_Configuration)
 admin.site.register(CWE)
 admin.site.register(Regulation)

dojo/product_announcements.py

@@ -1,9 +1,14 @@
+
+import logging
+
 from django.conf import settings
 from django.contrib import messages
 from django.http import HttpRequest, HttpResponse
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
 
+logger = logging.getLogger(__name__)
+
 
 class ProductAnnouncementManager:
 
@@ -48,12 +53,16 @@ def __init__(
 
     def _add_django_message(self, request: HttpRequest, message: str):
         """Add a message to the UI"""
-        messages.add_message(
-            request=request,
-            level=messages.INFO,
-            message=_(message),
-            extra_tags="alert-info",
-        )
+        try:
+            messages.add_message(
+                request=request,
+                level=messages.INFO,
+                message=_(message),
+                extra_tags="alert-info",
+            )
+        except Exception:
+            # make sure we catch any exceptions that might happen: https://github.com/DefectDojo/django-DefectDojo/issues/14041
+            logger.exception(f"Error adding message to Django: {message}")
 
     def _add_api_response_key(self, message: str, data: dict) -> dict:
         """Update the response data in place"""