Skip to content

Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev #12189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 7, 2025
Merged

Release: Merge back 2.45.0 into dev from: master-into-dev/2.45.0-2.46.0-dev #12189

merged 7 commits into from
Apr 7, 2025

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Apr 7, 2025

Release triggered by Maffooch

paulOsinski and others added 7 commits April 1, 2025 11:03
@paulOsinski
changelog 2.44.4 (#12150)
a19c511 
Co-authored-by: Paul Osinski <[email protected]>
@paulOsinski @valentijnscholten
docs - pro user groups info (#12127)
56325f7 
* update pro user groups

* add user configuration permissions overhaul info

---------

Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: valentijnscholten <[email protected]>
@Maffooch
Update codeowners
674899c
@Maffooch
Correct spacing
ed6b9e3
Update versions in application files
5a93e63
@Maffooch
Merge pull request #12187 from DefectDojo/release/2.45.0
2740240 
Release: Merge release into master from: release/2.45.0
Update versions in application files
3bc363d
@Maffooch Maffooch closed this Apr 7, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 7, 2025
edited
Loading

DryRun Security Summary

The text summarizes security findings in the DefectDojo project, including dependency management risks, information disclosure issues, image reference vulnerabilities, and a new global code review rule, with no critical vulnerabilities detected.

Expand for full summary

Summary: The provided summaries cover various documentation and configuration updates for the DefectDojo project, primarily focusing on version increments, documentation changes, and user management features.

Security Findings:

  1. Dependency Management Risk in components/package.json

    • External dependencies sourced from GitHub using wildcard versions (#*)
    • Risk: Potential introduction of unvetted dependency versions

  2. Information Disclosure in .github/pr-reminder.py

    • Exposed personal email address ([email protected])
    • Risk: Potential privacy and information leakage

  3. Image Reference Security in docs/content/en/customize_dojo/user_management/pro_permissions_overhaul.md

    • External image path reference
    • Potential risk of inadvertent information disclosure through UI images

  4. CODEOWNERS Global Review Rule

    • Added global review rule (* @Maffooch @mtesauro)
    • Potential security improvement by ensuring all code changes are reviewed

No critical or high-severity vulnerabilities were identified in these patches.

View PR in the DryRun Dashboard.

@Maffooch Maffooch reopened this Apr 7, 2025
@Maffooch Maffooch merged commit 131e567 into dev Apr 7, 2025
76 checks passed
@Maffooch Maffooch deleted the master-into-dev/2.45.0-2.46.0-dev branch April 7, 2025 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill Awaiting requested review from cneill

@kiblik kiblik Awaiting requested review from kiblik

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

@Maffooch Maffooch Awaiting requested review from Maffooch Maffooch is a code owner

Assignees
No one assigned
Labels
docs helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Maffooch @paulOsinski