nightly-dev 🌈

Run the release drafter to populate the release notes.

3.0.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Breaking Changes: Please consult the release notes for full details

Changes since 2.58.0

• Release: Merge release into master from: release/3.0.0 @github-actions (#15017)
• Locations updates @dogboat (#15015)
• Add release notes for upgrading to DefectDojo Version 3.0.x @Maffooch (#15010)
• test(perf) on bugfix: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14968)
• test(perf) on dev: re-enable import performance tests with recalibrated query counts @valentijnscholten (#14967)
• fix(dependency_check): fold related dependency paths into description instead of emitting separate findings @valentijnscholten (#14941)
• Prevent reimport from reactivating duplicate findings as active/verified @valentijnscholten (#14935)
• Preserve verified flag when promoting duplicate to new original @valentijnscholten (#14934)
• feat: allow users to request peer review from themselves @valentijnscholten (#14946)
• Check statusCategory instead of the resolution field for Jira issue status @derda17 (#14611)
• feat(parser): set fix_available on GitHub Vulnerability parser @jsayerascb (#14943)
• Release: Merge back 2.59.0 into bugfix from: master-into-bugfix/2.59.0-2.60.0-dev @github-actions (#14939)
• Release: Merge back 2.59.0 into dev from: master-into-dev/2.59.0-2.60.0-dev @github-actions (#14938)
• Release 2.59.0: Merge Bugfix into Dev @rossops (#14936)
• Fix SARIF parser crash on empty extensions @kleomartiny (#14898)
• Rename title to 'Open-Source Permissions' @paulOsinski (#14908)
• docs: add 2.58.3 and 2.58.4 release notes to Pro changelog @Maffooch (#14926)
• Release: Merge back 2.58.4 into dev from: master-into-dev/2.58.4-2.59.0-dev @github-actions (#14914)
• Release: Merge back 2.58.4 into bugfix from: master-into-bugfix/2.58.4-2.59.0-dev @github-actions (#14915)
• Release: Merge release into master from: release/2.58.4 @github-actions (#14913)
• 🐛 fix cyclonedx missing vector field #14874 @manuel-sommer (#14884)
• [docs] Improve Snyk parser documentation with export instructions and enterprise workflow @balaakasam (#14675)
• Release: Merge back 2.58.3 into bugfix from: master-into-bugfix/2.58.3-2.59.0-dev @github-actions (#14886)
• Add docs for Products and Assets @dangoelz (#14876)
• May docs maintenance @paulOsinski (#14880)
• rename CLAUDE.md to AGENTS.md @valentijnscholten (#14873)
• Expose created/updated date filters for Risk Acceptance API (created_before/after, updated_before/after) @PDFour4 (#14786)
• Scope report views to the requesting user's authorized products @Maffooch (#14870)
• Anchor location finding reference authorization to the finding's own product @Maffooch (#14871)
• Remove gitpython @dogboat (#14808)
• Update changelog for v2.58.2 release notes @Maffooch (#14854)
• Fix URLs and expand Lychee coverage @Maffooch (#14855)
• ⚡ speed up migrate_endpoints_to_locations (~14× fewer queries) @Maffooch (#14841)
• docs: Add Components page and glossary entry @Jino-T (#14840)
• Release: Merge back 2.58.2 into bugfix from: master-into-bugfix/2.58.2-2.59.0-dev @github-actions (#14851)
• [docs] locations (pro feature), maintenance @paulOsinski (#14834)
• feat(importers): apply import-time tags per batch before post-processing, do not tag old findings @valentijnscholten (#14839)
• perf(tags): centralize tag inheritance + replace signal disconnect with batch context manager (Phase B) @valentijnscholten (#14827)
• perf(tags): bulk-propagate inherited tags + gate child post_save on create @valentijnscholten (#14812)
• Add mitigation finding filters and complete mitigation filter tests @bendnema (#14790)
• cascade delete: prepare preview_only parameter @valentijnscholten (#14810)
• test: add background param to import all unit tests command @valentijnscholten (#14805)
• perf(dupe-delete): use bulk_delete_findings + correlated subquery in async_dupe_delete @valentijnscholten (#14797)
• test: pin query-count baselines for tag inheritance hot paths @valentijnscholten (#14811)
• Update changelog for May 2026 release (v2.58.0) @Maffooch (#14807)
• Release: Merge back 2.58.1 into dev from: master-into-dev/2.58.1-2.59.0-dev @github-actions (#14830)
• Release: Merge back 2.58.1 into bugfix from: master-into-bugfix/2.58.1-2.59.0-dev @github-actions (#14829)
• Release: Merge release into master from: release/2.58.1 @github-actions (#14828)
• endpoint: optimize eq via product_id @valentijnscholten (#14806)
• Fix broken links @paulOsinski (#14802)
• Release: Merge back 2.58.0 into dev from: master-into-dev/2.58.0-2.59.0-dev @github-actions (#14803)

🚩 Changes to settings.dist.py / local_settings.py

• Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
• Enable v3 functionality and organization/asset relabeling by default @Maffooch (#15011)
• Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
• feat(parsers): add Alert Logic CSV parser @skywalke34 (#14930)
• Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
• perf(watson): prefetch relations + force async indexing @valentijnscholten (#14881)
• perf(tag inheritance): batch_mode + per-batch bulk during import + reorganize @valentijnscholten (#14877)
• Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
• Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
• Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
• feat(parsers): add Xygeni JSON parser (SAST, SCA, Secrets) @lmrb-1968 (#14769)
• 🎉 add ksa security advisory @manuel-sommer (#14809)
• Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🚩 Database migration

• Refactor removal of deprecated features while preserving database state @Maffooch (#15009)
• Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
• Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
• remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
• remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
• Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🚀 API features and enhancements

• Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
• Fix for GHSA-w2j3-x3j3-mm43 @dogboat (#14952)
• Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
• refactor: rename dispatch kwarg sync= to force_sync= @valentijnscholten (#14882)
• Release: Merge back 2.58.3 into dev from: master-into-dev/2.58.3-2.59.0-dev @github-actions (#14887)
• Release: Merge release into master from: release/2.58.3 @github-actions (#14885)
• Apply object-level permission check to finding duplicate API actions @Maffooch (#14866)
• Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
• Release: Merge back 2.58.2 into dev from: master-into-dev/2.58.2-2.59.0-dev @github-actions (#14852)
• Release: Merge release into master from: release/2.58.2 @github-actions (#14850)
• remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
• Use a dedicated permission class for BurpRawRequestResponseViewSet @Maffooch (#14838)
• remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
• remove: questionnaire API endpoints (2.56 deprecation, 2.59 EOL) @Maffooch (#14835)
• Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🖌 Updates in UI

• Release 3.0.0: Merge bugfix -> dev @Maffooch (#15014)
• fix 500 error on critical product metrics page @valentijnscholten (#14945)
• Release: Merge release into master from: release/2.59.0 @github-actions (#14937)
• Dojo V3 - Tailwind UI rebuild, legacy authorization, OS surface removals @devGregA (#14865)
• remove: Credential Manager (2.57 deprecation, 2.59 EOL) @Maffooch (#14836)
• remove: Stub Findings (2.57 deprecation, 2.59 EOL) @Maffooch (#14837)
• Release: Merge back 2.58.0 into bugfix from: master-into-bugfix/2.58.0-2.59.0-dev @github-actions (#14804)

🗣 Updates in localization

• Add pt-BR locale translation @GraoMelo (#14909)
• add russian locale @polishchukd (#14799)

🔧 Improved code quality with linters

• chore(deps): bump ruff from 0.15.13 to 0.15.14 @manuel-sommer (#14929)

🧰 Maintenance

• chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.12 to v1.38.0 (helm/defectdojo/values.yaml) @renovate (#14993)
• chore(deps): bump sqlalchemy from 2.0.49 to 2.0.50 @dependabot (#14918)
• chore(deps): update actions/stale action from v10.2.0 to v10.3.0 (.github/workflows/close-stale.yml) @renovate (#14949)
• chore(deps): bump redis from 7.4.0 to 8.0.0 @dependabot (#14958)
• chore(deps): update dependency node from 24.15.0 to v24.16.0 (.github/workflows/validate_docs_build.yml) @renovate (#14950)
• chore(deps): update docker/build-push-action action from v7.1.0 to v7.2.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14951)
• chore(deps): bump drf-spectacular-sidecar from 2026.5.1 to 2026.6.1 @dependabot (#14955)
• chore(deps): bump ruff from 0.15.14 to 0.15.15 @dependabot (#14959)
• chore(deps): update actions/checkout action from v6.0.2 to v6.0.3 (.github/workflows/validate_docs_build.yml) @renovate (#14947)
• chore(deps): update release-drafter/release-drafter action from v7.3.0 to v7.3.1 (.github/workflows/release-drafter.yml) @renovate (#14948)
• chore(de...

2.58.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.3

• 🐛 fix cyclonedx missing vector field #14874 @manuel-sommer (#14884)

2.58.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.2

• Add docs for Products and Assets @dangoelz (#14876)
• May docs maintenance @paulOsinski (#14880)
• rename CLAUDE.md to AGENTS.md @valentijnscholten (#14873)
• Scope report views to the requesting user's authorized products @Maffooch (#14870)
• Anchor location finding reference authorization to the finding's own product @Maffooch (#14871)
• Remove gitpython @dogboat (#14808)
• Update changelog for v2.58.2 release notes @Maffooch (#14854)
• Fix URLs and expand Lychee coverage @Maffooch (#14855)
• ⚡ speed up migrate_endpoints_to_locations (~14× fewer queries) @Maffooch (#14841)
• docs: Add Components page and glossary entry @Jino-T (#14840)

🚀 API features and enhancements

• Apply object-level permission check to finding duplicate API actions @Maffooch (#14866)

🧰 Maintenance

• chore(deps): bump urllib3 from 2.6.3 to 2.7.0 @dependabot (#14853)

2.58.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.1

• [docs] locations (pro feature), maintenance @paulOsinski (#14834)
• Update changelog for May 2026 release (v2.58.0) @Maffooch (#14807)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add ksa security advisory @manuel-sommer (#14809)

🚀 API features and enhancements

• Use a dedicated permission class for BurpRawRequestResponseViewSet @Maffooch (#14838)

🧰 Maintenance

• chore(deps): bump gitpython from 3.1.49 to 3.1.50 @dependabot (#14845)
• chore(deps): bump django from 5.2.13 to 5.2.14 @dependabot (#14846)
• chore(deps): bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in /docs @dependabot (#14844)
• chore(deps): bump django from 5.2.13 to 5.2.14 @dependabot (#14843)

2.58.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.58.0

• endpoint: optimize eq via product_id @valentijnscholten (#14806)
• Fix broken links @paulOsinski (#14802)

2.58.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.57.0

• perf test: cover unsaved tags and vulnerability_ids @valentijnscholten (#14796)
• async delete: remove obsolete outside scope delete @valentijnscholten (#14798)
• fix(sonarqube): mdDesc fallback @samiat4911 (#14770)
• Jira webhook: stop mis-mitigating findings on non-"done" issues @paulOsinski (#14716)
• Fix #14623: Add created and updated date filters to ApiRiskAcceptance… @NasorHidar (#14754)
• add OS + Pro Engagement articles @dangoelz (#14583)
• fix(coverity-api): add support for RESOURCE_LEAK quality findings @Jino-T (#14749)
• add Test docs for OS and Pro @dangoelz (#14750)
• test: extend and consolidate tag inheritance tests into test_tag_inheritance.py @valentijnscholten (#14771)
• Bulk delete findings: extension hook @valentijnscholten (#14740)
• docs(pro changelog): add 2.57.3 entry @Maffooch (#14768)
• [pro] add DD-Orchestrator upgrade instructions for on-prem customers @paulOsinski (#14747)
• Fix Dependency Track parser missing vulnerability IDs when aliases is empty @valentijnscholten (#14748)
• ci: auto-label release PRs with release-management @Maffooch (#14744)
• 🐛 fix KeyError raised on Engineer Metrics #14737 @manuel-sommer (#14741)
• Fix Contrast parser collapsing findings with the same rule name @Jino-T (#14714)
• docs: global component deduplication @paulOsinski (#14717)
• docs(pro changelog): add 2.57.1 and 2.57.2 entries @Maffooch (#14736)
• docs optimization: use defer instead of async @paulOsinski (#14715)
• chore: reorganize dedupe code @valentijnscholten (#14641)
• perf: bulk-apply parser-supplied per-finding tags during import @valentijnscholten (#14701)
• docs: add CLAUDE.md with module reorganization playbook @Maffooch (#14705)
• 🎉 add fix_available and fix_version to govulncheck @manuel-sommer (#14681)
• Change to reactivating risk accepted findings @Jino-T (#14633)
• Use RBAC for accept_risks API endpoints @Jino-T (#14632)
• Added ssrf utils file to check urls and applied it to risk recon parser @Jino-T (#14631)
• Update dependency renovatebot/renovate from 43.110.14 to v43.112.1 (.github/workflows/renovate.yaml) @renovate (#14674)
• Fix Wazuh 4.8 parser to attach endpoints/locations to findings @DeWaRs1206 (#14629)
• fix(parsers): use unsaved_tags instead of tags= in Finding constructor @valentijnscholten (#14626)
• update invicti parser to use FirstSeenDate @paulOsinski (#14610)
• 🐛 fix govulncheck ndjson ouput #14642 @manuel-sommer (#14671)
• [docs] maintenance and changelog @paulOsinski (#14665)
• chore(deps): bump ruff from 0.15.8 to 0.15.9 @manuel-sommer (#14663)
• Fix/watson DjangoSuspicousOperationException operation exception @valentijnscholten (#14650)

🚩 Changes to settings.dist.py / local_settings.py

• Remove pickle from forms and Celery serializer @Maffooch (#14791)
• fix cascade delete bug and restore default duplicate cluster reconfigure on delete @valentijnscholten (#14772)
• feat(parsers): add Qualys VMDR CSV parser @skywalke34 (#14453)
• refactor: consolidate audit-log code into dojo/auditlog/ package @Maffooch (#14763)
• refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package @Maffooch (#14765)
• refactor: consolidate notifications into dojo/notifications/ package @Maffooch (#14767)
• refactor: consolidate GitHub integration into dojo/github/ package @Maffooch (#14766)
• 🎉 add watchguard security advisory @manuel-sommer (#14742)
• move MAX_ZIP_* to settings @fopina (#14730)
• Add centralized banner system with OS messaging support @Maffooch (#14708)
• 🎉 add mozilla foundation sec advice to vulnid @manuel-sommer (#14703)
• 🎉 add CNNVD to vulnid @manuel-sommer (#14672)

🚩 Database migration

• Locations performance improvements @dogboat (#14718)

🚀 API features and enhancements

• refactor: consolidate notifications into dojo/notifications/ package @Maffooch (#14767)
• refactor: decouple Jira integration into dojo/jira package @Maffooch (#14743)
• Dispatch create-path notifications async to fix slow POST latency @Maffooch (#14731)
• Validate consistency between ID-based and name-based identifiers in import/reimport @Jino-T (#14636)
• Add permission checks for moving engagements between products @Jino-T (#14634)

🖌 Updates in UI

• Remove 'safe' filter from description output @Maffooch (#14789)
• refactor: consolidate scattered SSO code into a dedicated dojo/sso/ package @Maffooch (#14765)
• Fix planned remediation version appearing under Reviewers in findings list @valentijnscholten (#14773)
• refactor: decouple Jira integration into dojo/jira package @Maffooch (#14743)
• Improve SLA breach notification format and display @Maffooch (#14746)
• Add centralized banner system with OS messaging support @Maffooch (#14708)
• fix css overflow issue - reports @paulOsinski (#14666)
• 🎉 add mozilla foundation sec advice to vulnid @manuel-sommer (#14703)
• Clean up endpoint template rendering for user fields @Maffooch (#14682)
• store more parameters in import settings @valentijnscholten (#14673)

🧰 Maintenance

• chore(deps): update release-drafter/release-drafter action from v7.2.0 to v7.2.1 (.github/workflows/release-drafter.yml) @renovate (#14785)
• chore(deps): bump gitpython from 3.1.47 to 3.1.49 @dependabot (#14783)
• chore(deps): bump python-gitlab from 8.2.0 to 8.3.0 @dependabot (#14781)
• chore(deps): bump pyopenssl from 26.0.0 to 26.1.0 @dependabot (#14777)
• chore(deps): bump postcss from 8.5.6 to 8.5.12 in /docs @dependabot (#14759)
• Update python:3.13.13-slim-trixie Docker digest from 3.13.13 to v (Dockerfile.integration-tests-debian) @renovate (#14774)
• Update openapitools/openapi-generator-cli Docker tag from v7.21.0 to v7.22.0 (Dockerfile.integration-tests-debian) @renovate (#14776)
• chore(deps): bump ruff from 0.15.11 to 0.15.12 @dependabot (#14778)
• chore(deps): bump datatables.net from 2.3.7 to 2.3.8 in /components @dependabot (#14780)
• chore(deps): bump vulners from 3.1.8 to 3.1.9 @dependabot (#14782)
• chore(deps): bump social-auth-core from 4.8.6 to 4.8.7 @dependabot (#14784)
• Update dependency renovatebot/renovate from 43.139.4 to v43.141.6 (.github/workflows/renovate.yaml) @renovate (#14751)
• chore(deps): bump gitpython from 3.1.46 to 3.1.47 @dependabot (#14753)
• chore(deps): bump social-auth-app-django from 5.6.0 to 5.8.0 @dependabot (#14724)
• Update dependency node from 24.14.1 to v24.15.0 (.github/workflows/validate_docs_build.yml) @renovate (#14738)
• chore(deps): bump gitpython from 3.1.46 to 3.1.47 @dependabot (#14725)
• Update valkey Docker tag from 0.19.0 to v0.20.0 (helm/defectdojo/Chart.yaml) @renovate (#14739)
• Update actions/setup-node action from v6.3.0 to v6.4.0 (.github/workflows/validate_docs_build.yml) @renovate (#14734)
• Update dependency kubernetes/kubernetes from v1.35.3 to v1.35.4 (.github/workflows/k8s-tests.yml) @renovate (#14733)
• Update dependency kubernetes from 1.33.10 to v1.33.11 (.github/workflows/k8s-tests.yml) @renovate (#14728)
• Update python:3.13.13-slim-trixie Docker digest from 3.13.13 to v (Dockerfile.integration-tests-debian) @renovate (#14727)
• chore(deps): bump ruff from 0.15.10 to 0.15.11 @dependabot (#14726)
• chore(deps): bump social-auth-core from 4.8.5 to 4.8.6 @dependabot (#14723)
• Update python:3.13.13-alpine3.22 Docker digest from 3.13.13 to v (Dockerfile.nginx-alpine) @renovate (#14721)
• Update postgres:18.3-alpine Docker digest from 18.3 to 18.3-alpine (docker-compose.yml) @renovate (#14720)
• chore(deps): bump lxml from 6.0.2 to 6.1.0 @dependabot (#14719)
• Update dependency renovatebot/renovate from 43.112.1 to v43.139.4 (.github/workflows/renovate.yaml) @renovate (#14709)
• Update mccutchen/go-httpbin Docker tag from 2.21.0 to v2.22.1 (docker-compose.override.dev.yml) @renovate (#14697)
• Update softprops/action-gh-release action from v2.6.2 to v3 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#14702)
• Update actions/github-script action from v8.0.0 to v9 (.github/workflows/release-3-master-into-dev.yml) @renovate (#14700)
• Update release-drafter/release-drafter action from v7.1.1 to v7.2.0 (.github/workflows/release-drafter.yml) @renovate (#14699)
• chore(deps): bump lxml from 6.0.2 to 6.0.4 @dependabot (#14692)
• Update valkey Docker tag from 0.18.0 to v0.19.0 (helm/defectdojo/Chart.yaml) @renovate (#14696)
• Update docker/build-push-action action from v7.0.0 to v7.1.0 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14695)
• chore(deps): bump django-dbbackup from 5.2.0 to 5.3.0 @dependabot (#14694)
• Update softprops/action-gh-release action from v2.6.1 to v2.6.2 (.github/workflows/release-x-manual-helm-chart.yml) @renovate (#14693)
• Update peter-evans/create-pull-request action from v8.1.0 to v8.1.1 (.github/workflows/update-sample-data.yml) @renovate (#14691)
• chore(deps): bump ruff from 0.15.9 to 0.15.10 @dependabot (#14690)
• chore(deps): bump pygithub from 2.9.0 to 2.9.1 @dependabot (#14689)
• chore(deps): bump drf-spectacular-sidecar from 2026.4.1 to 2026.4.14 @dependabot (#14688)
• Update actions/upload-artifact action from v7.0.0 to v7.0.1 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#14686)
• Update actions/cache action from v5.0.4 to v5.0.5 (.github/workflows/validate_docs_build.yml) @renovate (#14685)
• Update python:3.13.13-slim-trixie Docker digest from 3.13.13 to v (Dockerfile.integration-tests-debian) @renovate (#14684)
• Update python:3.13.13-alpine3.22 Docker digest from 3.13.13 to v (Dockerfile.nginx-alpine) @renovate (#14683)
• chore(deps): bump pillow from 12.1.1 to 12.2.0 @dependabot...

2.57.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.57.2

• [pro] add DD-Orchestrator upgrade instructions for on-prem customers @paulOsinski (#14747)
• Fix Dependency Track parser missing vulnerability IDs when aliases is empty @valentijnscholten (#14748)
• ci: auto-label release PRs with release-management @Maffooch (#14744)
• 🐛 fix KeyError raised on Engineer Metrics #14737 @manuel-sommer (#14741)
• Fix Contrast parser collapsing findings with the same rule name @Jino-T (#14714)
• docs: global component deduplication @paulOsinski (#14717)
• docs(pro changelog): add 2.57.1 and 2.57.2 entries @Maffooch (#14736)
• docs optimization: use defer instead of async @paulOsinski (#14715)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add watchguard security advisory @manuel-sommer (#14742)

🚀 API features and enhancements

• Dispatch create-path notifications async to fix slow POST latency @Maffooch (#14731)

🖌 Updates in UI

• Improve SLA breach notification format and display @Maffooch (#14746)

🧰 Maintenance

• chore(deps): bump gitpython from 3.1.46 to 3.1.47 @dependabot[bot] (#14753)
• chore(deps): bump lxml from 6.0.2 to 6.1.0 @dependabot[bot] (#14719)

2.57.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.57.1

• docs: add CLAUDE.md with module reorganization playbook @Maffooch (#14705)
• 🎉 add fix_available and fix_version to govulncheck @manuel-sommer (#14681)
• Change to reactivating risk accepted findings @Jino-T (#14633)
• Use RBAC for accept_risks API endpoints @Jino-T (#14632)
• Added ssrf utils file to check urls and applied it to risk recon parser @Jino-T (#14631)

🚩 Changes to settings.dist.py / local_settings.py

• Add centralized banner system with OS messaging support @Maffooch (#14708)
• 🎉 add mozilla foundation sec advice to vulnid @manuel-sommer (#14703)

🚀 API features and enhancements

• Validate consistency between ID-based and name-based identifiers in import/reimport @Jino-T (#14636)
• Add permission checks for moving engagements between products @Jino-T (#14634)

🖌 Updates in UI

• Add centralized banner system with OS messaging support @Maffooch (#14708)
• fix css overflow issue - reports @paulOsinski (#14666)
• 🎉 add mozilla foundation sec advice to vulnid @manuel-sommer (#14703)
• Clean up endpoint template rendering for user fields @Maffooch (#14682)

🧰 Maintenance

• chore(deps): bump pillow from 12.1.1 to 12.2.0 @dependabot (#14680)

2.57.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.57.0

• Fix Wazuh 4.8 parser to attach endpoints/locations to findings @DeWaRs1206 (#14629)
• fix(parsers): use unsaved_tags instead of tags= in Finding constructor @valentijnscholten (#14626)
• update invicti parser to use FirstSeenDate @paulOsinski (#14610)
• 🐛 fix govulncheck ndjson ouput #14642 @manuel-sommer (#14671)
• [docs] maintenance and changelog @paulOsinski (#14665)
• chore(deps): bump ruff from 0.15.8 to 0.15.9 @manuel-sommer (#14663)
• Fix/watson DjangoSuspicousOperationException operation exception @valentijnscholten (#14650)

🚩 Changes to settings.dist.py / local_settings.py

• 🎉 add CNNVD to vulnid @manuel-sommer (#14672)

🖌 Updates in UI

• store more parameters in import settings @valentijnscholten (#14673)

🧰 Maintenance

• chore(deps): bump django from 5.2.12 to 5.2.13 @dependabot (#14664)
• chore(deps): bump cryptography from 46.0.6 to 46.0.7 @dependabot (#14660)
• chore(deps-dev): bump vite from 7.3.1 to 7.3.2 in /docs @dependabot (#14651)
• chore(deps): bump lodash from 4.17.23 to 4.18.1 in /docs @dependabot (#14648)