Merge pull request #12035 from DefectDojo/master-into-dev/2.44.2-2.45.0-dev

Release: Merge back 2.44.2 into dev from: master-into-dev/2.44.2-2.45.0-dev

Author: rossops

.github/ISSUE_TEMPLATE/feature_request.md

@@ -8,7 +8,7 @@ assignees: ''
 ---
 ## :warning: Note on feature completeness :warning:
 
-We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
+We are narrowing the scope of acceptable enhancements to DefectDojo. Learn more here:
 https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
 
 **Is your feature request related to a problem? Please describe**

README.md

@@ -107,9 +107,8 @@ our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). F
 
 ## Contributing
 
-:warning: We have instituted a [feature freeze](https://github.com/DefectDojo/django-DefectDojo/discussions/8002) on v2
-of DefectDojo as we begin work on v3. Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more
-information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/11199).
+Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more
+information.
 
 ## Pro Edition
 [Upgrade to DefectDojo Pro](https://www.defectdojo.com/) today to take your DevSecOps to 11. DefectDojo Pro is

docker/entrypoint-unit-tests-devDocker.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Run available unittests with a setup for local dev:
 # - Make migrations and apply any needed changes
 # - Leave container up after running tests to allow debugging, rerunning tests, etc.

docker/entrypoint-unit-tests.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Run available unittests with a setup for CI/CD:
 # - Fail if migrations are not created
 # - Exit container after running tests to allow exit code to propagate as test result

docker/entrypoint-uwsgi-dev.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 set -e  # needed to handle "exit" correctly
 

docker/entrypoint-uwsgi.sh

@@ -1,5 +1,4 @@
-#!/bin/sh
-
+#!/bin/bash
 set -e  # needed to handle "exit" correctly
 
 . /secret-file-loader.sh

docs/assets/images/odic.png

@@ -10,6 +10,20 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Mar 2025: v2.44
 
+### Mar 10, 2025: v2.44.1
+
+- **(Beta UI)** Added a field in the View Engagement page which allows a user to navigate to the linked Jira Epic, if one exists.
+- **(Universal Parser)** XML is now a supported file type for Universal Parser.
+- **(SSO)** SSO can now be set up with any kind of [OIDC Configuration](https://auth0.com/docs/authenticate/protocols/openid-connect-protocol).  See ODIC Settings in the Beta UI:
+
+![image](images/odic.png)
+
+### Mar 3, 2025: v2.44.0
+
+- **(Beta UI)** Breadcrumbs have been overhauled to better represent the context each page exists in.  Breadcrumbs will now include filtering and query parameters.  The titles of tables now better represent their context, for example when looking at the Engagements list for a particular Product, the view will be titled {Product Name} Engagements, rather than All Engagements as before.
+
+## Mar 2025: v2.44
+
 ### Mar 3, 2025: v2.44.0
 
 - **(Beta UI)** Breadcrumbs have been overhauled to better represent the context each page exists in.  Breadcrumbs will now include filtering and query parameters.  The titles of tables now better represent their context, for example when looking at the Engagements list for a particular Product, the view will be titled {Product Name} Engagements, rather than All Engagements as before.

docs/content/en/changelog/changelog.md

@@ -10,11 +10,16 @@ pro-feature: true
 
 The Universal Parser is currently in Beta.  See our [announcement presentation](https://community.defectdojo.com/universalparser) for more information.
 
+## About Universal Parser
+DefectDojo has a large, regularly updated library of parsers to help security teams ingest data.  However, sometimes users have a tool that's unsupported by the parsers, or they may want to import data into the DefectDojo model differently from the way the parser does.
+
+DefectDojo's Universal Parser is meant to give our users with unsupported report types a path forward, to import and map **any JSON, CSV or XML file**.
+
 **The Universal Parser is:**
 
 * A quick way to support file formats for which we do not have Community parsers, such as reports produced by internal tools
-* A tool to help you ingest data even if a Community parser is out-of-date or doesn't structure findings the way you would like
-* An alternative to custom scripting that transforms tool reports into the CSV/JSON format expected by the "Generic Findings Import" scan type
+* A tool to help you ingest data, even if a Community parser is out-of-date or doesn't structure findings the way you would like
+* An alternative to custom scripting to transform tool reports into the CSV/JSON format expected by the "Generic Findings Import" scan type
 * Designed to be easy to use for anyone, with no coding and minimal configuration required
 
 **The Universal Parser is not:**

docs/content/en/connecting_your_tools/universal_parser.md

@@ -29,7 +29,7 @@ For CI/CD Engagement, where user could set commit hash, branch/tag and code line
 
 If user does not set commit hash or branch/tag in appropriate fields of CI/CD Engagement edit form, the URL should look like in Interactive Engagement edit form.
 
-SCM navigation URL is composed from Repo URL using SCM Type. Github/Gitlab SCM type is default, but user could set certain SCM type in Product custom field "scm-type".
+SCM navigation URL is composed from Repo URL using SCM Type. A specific SCM type can be set in Product custom field "scm-type". If no "scm-type" is set and the URL contains "https://github.com", a "github" SCM type is assumed.
 
 Product custom fields: