Merge pull request #12189 from DefectDojo/master-into-dev/2.45.0-2.46.0-dev

Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev

Author: Maffooch

.github/CODEOWNERS

@@ -7,11 +7,13 @@ Dockerfile.* @mtesauro @Maffooch
 docker-compose.* @mtesauro @Maffooch 
 /docker/ @mtesauro @Maffooch 
 # Documentation changes 
-/docs/ @paulOsinski @valentijnscholten @Maffooch
+/docs/content/ @paulOsinski @valentijnscholten @Maffooch
 # Kubernetes should be reviewed by reviewed first by those that know it
-/helm/ @cneill @kiblik
+/helm/ @cneill @kiblik @Maffooch
 # Anything UI related needs to be checked out by those with the eye for it
 /dojo/static/ @blakeaowens @Maffooch
 /dojo/templates/ @blakeaowens @Maffooch
 # Any model changes should be closely looked at
-/dojo/models.py @Maffooch
+/dojo/models.py @Maffooch
+# All other code changes should be reviewed by someone
+* @Maffooch @mtesauro

.github/pr-reminder.py

@@ -19,6 +19,7 @@
     "dogboat": "[email protected]",
     "cneill": "[email protected]",
     "hblankenship": "[email protected]",
+    "valentijnscholten": "[email protected]",
 }
 
 

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.45.0-dev",
+  "version": "2.46.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/images/all_groups_pro.png

@@ -10,6 +10,10 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Mar 2025: v2.44
 
+### Mar 31, 2025, v2.44.4
+
+- **(Beta UI)** Group and Configuration permissions can now be assigned quickly from a User page.  For more information, see [DefectDojo Pro Permissions](/en/customize_dojo/user_management/pro_permissions_overhaul/).
+
 ### Mar 24, 2025, v2.44.3
 
 - **(Import)** Generic Findings Import will now parse tags in the JSON payload when Async Import is enabled.
@@ -40,26 +44,26 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Feb 2025: v2.43
 
-### Feb 24, 2025: v2.43.4
+#### Feb 24, 2025: v2.43.4
 
 - **(API)** API can now filter Findings by tag using AND, in addition to OR.  This can be done with the `tags__and` API filter.
 - **(Connectors)** Users of AWS Security Hub, Snyk can now set a minimum Severity level for Findings to limit the amount of data imported via Connector.  Findings below the minimum Severity level will not be imported.  If Minimum Severity is changed, existing Findings below the new Minimum Severity will be Closed (not deleted).
 - **(Pro Metrics)** Tool Insights can now be filtered with specific Date values, rather than simply 'past 30 days', etc.
 
-### Feb 19, 2025: v2.43.3
+#### Feb 19, 2025: v2.43.3
 
 - **(API)** `/audit_log` has been added as an API endpoint for DefectDojo Pro, which can return a JSON report of all user activity, or filter by object ID. <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 - **(Beta UI)** Vulnerability ID can now be edited for a given Finding, using the Edit Finding page.  This allows users to manually identify duplicates by assigning a matching Vulnerability ID to an additional Finding.
 
-### Feb 12, 2025: v2.43.2
+#### Feb 12, 2025: v2.43.2
 
 - **(Beta UI)** Tests and Risk Acceptances can now be added directly from the All Tests / All Risk Acceptances lists.
 - **(CLI Tools)** Added a `background-import` flag to allow for asynchronous imports or reimports.
 - **(Connectors)** Users of Burp, SonarQube and Dependency-Track Connectors can now set a minimum Severity level for Findings to limit the amount of data imported via Connector.  Findings below the minimum Severity level will not be imported.  If Minimum Severity is changed, existing Findings below the new Minimum Severity will be Closed (not deleted).
 - **(API)** Fixed issue where Findings created by API with methods other than `/import` / `/reimport` were not being identified as duplicates.
 - **(Findings)** 'Close Old Findings' will now apply 'Unique ID From Tool' deduplication, if this algorithm is in use for a set of Findings.
 
-### Feb 10, 2025: v2.43.1
+#### Feb 10, 2025: v2.43.1
 
 - **(Beta UI)** Added 'Has Jira' (True/False) as a filter, to filter Findings, Products or Engagements that have associated Jira data.
 - **(Beta UI)** Notes can now be added to Engagement / Findings / Tests from All Engagements / Findings / Tests lists as well as View Engagement / Findings / Tests pages.
@@ -68,7 +72,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 - **(Tools)** Updated Burp scan to use Hashcode Deduplication.  Default hashcode forms are `title`, `file_path`, `severity`, and `vuln_id_from_tool`.
 - **(Tools)** Corrected issue with AWS Inspector2 OSS parser related to `mitigated date` being handled incorrectly.
 
-### Feb 3, 2025: v2.43.0
+#### Feb 3, 2025: v2.43.0
 
 - **(Beta UI)** Users can now upload local SAML metadata when configuring SAML.
 - **(Beta UI)** Added new section on Risk Acceptance Form to allow users to upload 'Proof'; any relevant files that can be used to support a Risk Acceptance (emails, screenshots of communication, policies, etc).

docs/assets/images/group_view_pro_ui.png

@@ -21,6 +21,26 @@ From the sidebar, navigate to 👤**Users \> Groups** to see a list of all activ
 ![image](images/Create_a_User_Group_for_shared_permissions.png)
 From here, you can create, delete or view your individual Group pages.
 
+For <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> users, the Beta UI's All Groups has a few additional options.
+* You can filter this table by Group Name, Description, E-mail Address, Global Role, as well as the total number of Users, Product Types, and Products associated with the Group.
+* You can also adjust a Group's Permissions or other settings by clicking the "⋮" button next to the Group you wish to edit.
+
+![image](images/all_groups_pro.png)
+
+## Viewing A Group
+
+Viewing a group displays all Group information, such as ID, name, description, global role, etc. The Group Members, Product Types, and Products associated with the group are also displayed. Additionally, configuration permissions tied to a Group can be updated directly from the “View Group” page.
+
+For <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> users, the Beta UI's Group View allows you to assign Configuration Permission adjustments in a slightly different way.
+
+![image](images/group_view_pro_ui.png)
+
+* All configuration permissions are displayed in a dropdown which is grouped into subcategories. If the selection of configuration permissions is different from their current value, an “Update Configuration Permissions” button is displayed.
+
+![image](images/groups_pro_configuration_permissions.png)
+
+* Once a few additional permissions have been selected, the user will be asked to confirm they would like to update the permissions for the selected group before an update is made.
+
 ## Create / Edit a User Group
 
 1. Navigate to the 👤**Users \> Groups** page on the sidebar. You will see a list of all existing User Groups, including their Name, Description, Number of Users, Global Role (if applicable) and Email.  

docs/assets/images/groups_pro_configuration_permissions.png

@@ -18,4 +18,10 @@ When looking at Product Type or Product, you can open the Permissions window to
 
 1. At the top of this window, you can choose to manage permissions for an individual user or for a [user group](../create_user_group).
 2. Here, you can select a user or group to add to the Product, and select  the [Role](../about_perms_and_roles) that you want that user to have.
-3. On the lower table, you can see a list of all users or groups who have access to this object.  You can also quickly assign a new role for one of these users or groups from the drop-down menu.
+3. On the lower table, you can see a list of all users or groups who have access to this object.  You can also quickly assign a new role for one of these users or groups from the drop-down menu.
+
+## Setting Configuration Permissions through the User view
+
+A user's configuration permissions can now be set in a more user-friendly approach. From the Users View, all configuration permissions are displayed in a dropdown, then grouped by the permission type. If the selection of configuration permissions is different from their current value, an “Update Configuration Permissions” button is displayed. When clicked, the user will be asked to confirm they would like to update the permissions for the selected group before an update is made.
+
+![image](images/pro_user_view.png)

docs/assets/images/pro_user_view.png

@@ -0,0 +1,7 @@
+---
+title: 'Upgrading to DefectDojo Version 2.46.x'
+toc_hide: true
+weight: -20250407
+description: No special instructions.
+---
+There are no special instructions for upgrading to 2.46.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.46.0) for the contents of the release.

docs/content/en/changelog/changelog.md

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.45.0-dev"
+__version__ = "2.46.0-dev"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

docs/content/en/customize_dojo/user_management/create_user_group.md

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: "2.45.0-dev"
+appVersion: "2.46.0-dev"
 description: A Helm chart for Kubernetes to install DefectDojo
 name: defectdojo
-version: 1.6.181-dev
+version: 1.6.182-dev
 icon: https://www.defectdojo.org/img/favicon.ico
 maintainers:
   - name: madchap