Conversation
….55.0-dev Release: Merge back 2.54.3 into bugfix from: master-into-bugfix/2.54.3-2.55.0-dev
* Refactor engagement permissions: introduce BaseRelatedObjectPermission and update related views * Refactor permission classes for risk acceptance and findings in views * Refactor permission classes: introduce UserHasDevelopmentEnvironmentPermission, UserHasRegulationPermission, and UserHasSLAPermission; update views accordingly * Refactor BaseDjangoModelPermission: short circuit permission evaluation for unsupported request methods * Refactor RiskAcceptanceViewSet: simplify download_proof method by moving permission_classes to the decorator * Add global role fixture and enhance test setup for permissions * Refactor test setup in BaseClass: consolidate user authentication logic into a reusable method * Create new user rather than hijacking an existing one * More user fun :)
…when no engagements are found (#14174)
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
) (#13974) * Fix: Suppress expected JIRA validation alerts when auto-pushing Fixes #12988 When 'Push all issues' is enabled at the engagement level, DefectDojo attempts to automatically push all findings to JIRA during import/reimport. This causes alerts to be created for every finding that cannot be pushed due to expected validation failures (e.g., not verified, not active, below minimum threshold). These alerts flood the Alerts UI with noise since these are expected conditions, not actual errors. The fix distinguishes between: - Expected validation failures: Findings that aren't ready to be pushed (not verified/active, below threshold, etc.) - these are logged but don't create alerts - Unexpected errors: Configuration issues, connection problems, etc. - these still create alerts as they indicate real problems This ensures users only see alerts for actual problems while still logging expected validation failures for debugging purposes. * fix * Update dojo/jira_link/helper.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* update changelog headings * add nav highlight to header * init /get_started/ * add new top menu entries * move everything to a new directory * redesign header * dynamic colored logo * correct spacing * make a new menu * move all article content * mv remaining articles * make better search button * even better search button * update sectionNav and reorder articles * add glossary * add glossary text * add initial version switcher * adjust css adjust css make CSS nicer: color and top border remove flicker again * add version metadata to get_started articles * update walk partial to check single articles * finish get started content * finish setting up import content * inprogress - set up defectdojo structure * Create new docs for Metrics * fix &or remove all links * fix typo --------- Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com> Co-authored-by: dangoelz <dangoelz@gmail.com>
github-actions
bot
added
settings_changes
Maffooch
reviewed
Feb 2, 2026
There was a problem hiding this comment.
Pull request overview
This PR merges a bugfix branch into the development branch for DefectDojo version 2.55.0. The changes focus on improving API permissions, fixing notification test expectations, addressing JIRA integration issues, and enhancing documentation structure.
Changes:
- Enhanced API permissions enforcement for related objects (notes, files, metadata) across multiple endpoints
- Fixed notification test expectations to account for additional webhook calls
- Improved JIRA integration error handling and race condition prevention
- Updated Celery task expiration settings
- Reorganized and updated documentation structure and links
Reviewed changes
Copilot reviewed 146 out of 263 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| unittests/test_rest_framework.py | Added permission tests for related objects and refactored user setup methods |
| unittests/test_notifications.py | Updated test assertions to match increased notification counts |
| dojo/api_v2/permissions.py | Introduced permission classes for related objects and Django model permissions |
| dojo/api_v2/views.py | Applied new permission classes to API endpoints |
| dojo/jira_link/helper.py | Enhanced JIRA push error handling to reduce alert noise |
| dojo/jira_link/views.py | Fixed race condition in webhook comment handling |
| dojo/views.py | Fixed authorization check for risk acceptances without engagements |
| dojo/utils.py | Added Celery queue length monitoring function |
| dojo/system_settings/views.py | Integrated queue length display in system settings |
| dojo/settings/settings.dist.py | Added task expiration settings to scheduled tasks |
| requirements-dev.txt | Updated watchdog package specification |
| docs/* | Extensive documentation reorganization and link updates |
Comments suppressed due to low confidence (4)
dojo/system_settings/views.py:1
- Corrected spelling of 'proccessed' to 'processed'.
dojo/settings/settings.dist.py:1 - The comment states 'every 72 minutes' but the cron expression
hour='*/3'means 'every 3 hours' not 72 minutes. The comment should be corrected to 'every 3 hours' to match the actual schedule.
dojo/jira_link/helper.py:1 - Line 938 has inconsistent indentation compared to line 939. Both lines should align at the same indentation level for readability.
docs/layouts/home.html:1 - The href attribute contains a double slash before 'get_started' due to the conditional template logic. The URL path should be
/get_started/about/about_defectdojo/but the template produces//get_started/about/about_defectdojo/.
* fix broken header link * add release notes button * fetch latest in button * fix version select offset * fix xss vuln: escape HTML
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.