Merge pull request #13135 from DefectDojo/release/2.50.1

Release: Merge release into master from: release/2.50.1

Author: rossops

Dockerfile.django-alpine

@@ -132,8 +132,8 @@ ENV \
   DD_INITIALIZE=true \
   DD_UWSGI_MODE="socket" \
   DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
-  DD_UWSGI_NUM_OF_PROCESSES="2" \
-  DD_UWSGI_NUM_OF_THREADS="2"
+  DD_UWSGI_NUM_OF_PROCESSES="4" \
+  DD_UWSGI_NUM_OF_THREADS="4"
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]
 
 FROM django AS django-unittests

Dockerfile.django-debian

@@ -135,8 +135,8 @@ ENV \
   DD_INITIALIZE=true \
   DD_UWSGI_MODE="socket" \
   DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
-  DD_UWSGI_NUM_OF_PROCESSES="2" \
-  DD_UWSGI_NUM_OF_THREADS="2"
+  DD_UWSGI_NUM_OF_PROCESSES="4" \
+  DD_UWSGI_NUM_OF_THREADS="4"
 ENTRYPOINT ["/entrypoint-uwsgi.sh"]
 
 FROM django AS django-unittests

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.50.0",
+  "version": "2.50.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker/entrypoint-uwsgi-dev.sh

@@ -34,8 +34,8 @@ exec uwsgi \
   --protocol uwsgi \
   --wsgi dojo.wsgi:application \
   --enable-threads \
-  --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \
-  --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \
+  --processes "${DD_UWSGI_NUM_OF_PROCESSES:-4}" \
+  --threads "${DD_UWSGI_NUM_OF_THREADS:-4}" \
   --reload-mercy 1 \
   --worker-reload-mercy 1 \
   --py-autoreload 1 \

docker/entrypoint-uwsgi.sh

@@ -36,8 +36,8 @@ exec uwsgi \
   "--${DD_UWSGI_MODE}" "${DD_UWSGI_ENDPOINT}" \
   --protocol uwsgi \
   --enable-threads \
-  --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \
-  --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \
+  --processes "${DD_UWSGI_NUM_OF_PROCESSES:-4}" \
+  --threads "${DD_UWSGI_NUM_OF_THREADS:-4}" \
   --wsgi dojo.wsgi:application \
   --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \
   --http 0.0.0.0:8081 --http-to "${DD_UWSGI_ENDPOINT}" \

docs/content/en/changelog/changelog.md

@@ -8,6 +8,14 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## Sept 2025: v2.50
+
+### Sept 2, 2025: v2.50.0
+
+* **(Pro UI)** "Date During" filter has been added to the UI, allowing users to filter by a range of dates
+* **(Pro UI)** Vulnerability ID column can now be sorted, however the sorting only considers the **first** vulnerability ID.
+* **(Pro UI)** Request/Response pairs can now be added / updated / deleted via the Edit Finding form.
+
 ## August 2025: v2.49
 
 The Pro UI has been significantly reorganized, with changes to page organization.

docs/content/en/connecting_your_tools/parsers/file/semgrep_pro.md

@@ -0,0 +1,60 @@
+---
+title: "Semgrep Pro JSON Report"
+toc_hide: true
+---
+Import Semgrep Pro findings in JSON format.
+
+### Sample Scan Data
+Sample Semgrep Pro JSON Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/semgrep_pro).
+
+### Default Deduplication
+By default, DefectDojo uses the `match_based_id` from Semgrep Pro for deduplication. If this is not available, it falls back to using a combination of:
+- title
+- file path
+- line number
+
+### Fields Mapped
+The following fields are mapped from the Semgrep Pro JSON report:
+
+#### Basic Information
+- title: Mapped from `rule_name`
+- severity: Mapped from Semgrep Pro severity levels (ERROR/HIGH → High, WARNING/MEDIUM → Medium, INFO/LOW → Low)
+- file_path: Path to the affected file from `location.file_path`
+- line: Line number from `location.line`
+- unique_id_from_tool: Mapped from `match_based_id`
+
+#### Status Fields
+- active: Set to false if status is "fixed" or "removed"
+- verified: Set to true if triage_state is not "untriaged"
+
+#### Rich Content Fields
+- description: Includes:
+  - Rule message and details
+  - CWE references
+  - OWASP references
+  - Categories
+  - Triage information
+- impact: Includes:
+  - Vulnerability classes
+  - Confidence level
+  - Repository information
+- mitigation: Includes:
+  - Guidance summary
+  - Detailed instructions
+  - Auto-fix suggestions
+  - Auto-triage information
+  - Component details and risk level
+- references: Includes:
+  - Line of code URL
+  - CWE references
+  - OWASP references
+  - External ticket information
+
+#### Component Information
+- component_name: Mapped from `assistant.component.tag`
+
+#### Additional Fields
+- static_finding: Always set to true
+- dynamic_finding: Always set to false
+- cwe: Extracted from first CWE reference if available
+- date: Mapped from `created_at`

docs/content/en/open_source/installation/running-in-production.md

@@ -58,9 +58,9 @@ handle 4 concurrent connections.
 Based on your resource settings, you can tweak:
 
 -   `DD_UWSGI_NUM_OF_PROCESSES` for the number of spawned processes.
-    (default 2)
+    (default 4)
 -   `DD_UWSGI_NUM_OF_THREADS` for the number of threads in these
-    processes. (default 2)
+    processes. (default 4)
 
 For example, you may have 4 processes with 6 threads each, yielding 24
 concurrent connections.

docs/content/en/open_source/performance.md

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.50.0"
+__version__ = "2.50.1"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"