[docs] cli updates, 2.48 changelog

docs/content/en/changelog/changelog.md

@@ -8,6 +8,32 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## July 2025: v2.48
+
+### July 21/22/28, 2025: v2.48.3 / v2.48.4 / v2.48.5
+
+- No significant UI/UX changes.
+
+### July 14, 2025: v2.48.2
+
+- **(Findings)** KEV ([Known Exploited Vulnerabilities](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)) related data can now be added as metadata to Findings. 
+![image](images/findings_kev.png)
+
+### July 8, 2025: v2.48.1
+
+- **(Permissions)** Users with "Edit Users" configuration permission can now force password resets for other users.
+- **(Pro UI)** The Users listing now includes pre-filtered views for All, Active, Inactive, Superuser, and Global Owner users. The default view has been set to Active.
+- **(Pro UI)** Request/Response pairs are now displayed on Finding View.
+- **(Pro UI)** Product Technologies are now visible and can be created, edited and deleted from the View Product page, within the Product Overview’s “Technologies” section.
+- **(Pro UI)** Finding peer-review now supports the assignment of both Users and Groups, as well as an “Allow All Eligible Reviewers” (all users with access to the Finding) option.
+
+### July 1, 2025: v2.48
+
+- **(Pro UI)** Helptext has been added to the Private Note checkbox to better explain this feature.  Private Notes are Notes that will not appear in Generated Reports - only in the DefectDojo UI.  This feature can be used for internal communication that you don't want to include in a Report.
+
+- **(Pro UI)** Pro UI is now set as the default user interface. All new and existing users/instances will be directed to the Pro UI by default. Users can still opt-out of this UI by unchecking this checkbox:
+
+![image](images/pro_ui_default.png)
 
 ## June 2025: v2.47
 

docs/content/en/connecting_your_tools/external_tools.md

@@ -201,7 +201,7 @@ defectdojo-cli import \
 #### Options
 
 `--active, -a` 
-* Dictates whether findings should be active on import. (default: true) `[$DD_CLI_ACTIVE]`
+* Dictates whether Findings should be forced to Active or Inactive on import.  A value of True forces Findings to Active, while a value of False forces all Findings to Inactive.  If no value is set, Active status will instead rely on the incoming report file. (default: unset) `[$DD_CLI_ACTIVE]`
 
 `--api-scan-configuration value, --asc value`
 * The ID of the API Scan Configuration object to use when importing or reimporting. (default: 0) `[$DD_CLI_API_SCAN_CONFIGURATION]`
@@ -216,6 +216,12 @@ defectdojo-cli import \
 `--auto-create-context, --acc`
 * If set to true, the importer automatically creates Engagements, Products, and Product_Types (default: false) `[$DD_CLI_AUTO_CREATE_CONTEXT]`
 
+`--close-old-findings, --cof`
+* If True, old Findings no longer present in the report will be Closed as Mitigated when importing. If Service has been set, only the Findings for this Service will be closed. [$DD_CLI_CLOSE_OLD_FINDINGS]
+
+`--close-old-findings-product-scope, --cofps`
+* Select if --close-old-findings applies to **all** Findings of the same type in the Product. By default, this is set to false, meaning that only old Findings of the same type in the Engagement are in scope (and will be closed by Close Old Findings). [$DD_CLI_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE]
+
 `--deduplication-on-engagement, --doe`
 * If set to true, the importer restricts deduplication for imported findings to the newly created Engagement. (default: false) `[$DD_CLI_DEDUPLICATION_ON_ENGAGEMENT]`
 
@@ -250,7 +256,7 @@ defectdojo-cli import \
 * The version of the test. `[$DD_CLI_TEST_VERSION]`
 
 `--verified, -v`
-* Dictates whether findings should be verified on import. (default: false) `[$DD_CLI_VERIFIED]`
+* Dictates whether Findings should be set to Verified on import. A value of True forces Findings to Verified. If no value is set, Verified status will instead rely on the incoming report file. `[$DD_CLI_VERIFIED]`
 
 **Settings:**
 
@@ -320,7 +326,7 @@ example, x  Shows an example of required and optional flags for reimport operati
 #### Options
 
 `--active, -a`                                    
-* Dictates whether findings should be active on import. (default: true) `[$DD_CLI_ACTIVE]`
+* Dictates whether Findings should be forced to Active or Inactive on import.  A value of True forces Findings to Active, while a value of False forces all Findings to Inactive.  If no value is set, Active status will instead rely on the incoming report file. `[$DD_CLI_ACTIVE]`
 
 `--api-scan-configuration value, --asc value`
 
@@ -335,6 +341,12 @@ example, x  Shows an example of required and optional flags for reimport operati
 `--auto-create-context, --acc`                 
 * If set to true, the importer automatically creates Engagements, Products, and Product_Types (default: false) `[$DD_CLI_AUTO_CREATE_CONTEXT]`
 
+`--close-old-findings, --cof`
+* If True, old Findings no longer present in the report will be Closed as Mitigated when importing. If Service has been set, only the findings for this Service will be closed.[$DD_CLI_CLOSE_OLD_FINDINGS]
+
+`--close-old-findings-product-scope, --cofps`
+* Select if --close-old-findings applies to **all** Findings of the same type in the Product. By default, this is set to false, meaning that only old Findings of the same type in the Engagement are in scope (and will be closed by Close Old Findings). [$DD_CLI_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE]
+
 `--deduplication-on-engagement, --doe`          
 * If set to true, the importer restricts deduplication for imported findings to the newly created Engagement. (default: false) `[$DD_CLI_DEDUPLICATION_ON_ENGAGEMENT]`
 
@@ -369,7 +381,7 @@ example, x  Shows an example of required and optional flags for reimport operati
 * The version of the test. `[$DD_CLI_TEST_VERSION]`
 
 `--verified, -v`                                   
-* Dictates whether findings should be set to Verified on import. (default: false) `[$DD_CLI_VERIFIED]`
+* Dictates whether Findings should be set to Verified on import. A value of True forces Findings to Verified.  If no value is set, Verified status will instead rely on the incoming report file. `[$DD_CLI_VERIFIED]`
 
 **Settings:**
 
@@ -687,7 +699,7 @@ universal-importer import \
 #### Options
 
 `--active, -a` 
-* Dictates whether findings should be active on import. (default: true) `[$DD_IMPORTER_ACTIVE]`
+* Dictates whether Findings should be forced to Active or Inactive on import.  A value of True forces Findings to Active, while a value of False forces all Findings to Inactive.  If no value is set, Active status will instead rely on the incoming report file. `[$DD_IMPORTER_ACTIVE]`
 
 `--api-scan-configuration value, --asc value`
 * The ID of the API Scan Configuration object to use when importing or reimporting. (default: 0) `[$DD_IMPORTER_API_SCAN_CONFIGURATION]`
@@ -702,6 +714,12 @@ universal-importer import \
 `--auto-create-context, --acc`
 * If set to true, the importer automatically creates Engagements, Products, and Product_Types (default: false) `[$DD_IMPORTER_AUTO_CREATE_CONTEXT]`
 
+`--close-old-findings, --cof`
+* If True, old Findings no longer present in the report will be Closed as Mitigated when importing. If Service has been set, only the findings for this Service will be closed. [$DD_IMPORTER_CLOSE_OLD_FINDINGS]
+
+`--close-old-findings-product-scope, --cofps`
+* Select if --close-old-findings applies to **all** Findings of the same type in the Product. By default, this is set to false, meaning that only old Findings of the same type in the Engagement are in scope (and will be closed by Close Old Findings). [$DD_IMPORTER_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE]
+
 `--deduplication-on-engagement, --doe`
 * If set to true, the importer restricts deduplication for imported findings to the newly created Engagement. (default: false) `[$DD_IMPORTER_DEDUPLICATION_ON_ENGAGEMENT]`
 
@@ -736,7 +754,7 @@ universal-importer import \
 * The version of the test. `[$DD_IMPORTER_TEST_VERSION]`
 
 `--verified, -v`
-* Dictates whether findings should be verified on import. (default: false) `[$DD_IMPORTER_VERIFIED]`
+* Dictates whether Findings should be set to Verified on import. A value of True forces Findings to Verified.  If no value is set, Verified status will instead rely on the incoming report file. `[$DD_IMPORTER_VERIFIED]`
 
 **Settings:**
 
@@ -806,7 +824,7 @@ example, x  Shows an example of required and optional flags for reimport operati
 #### Options
 
 `--active, -a`                                    
-* Dictates whether findings should be active on import. (default: true) `[$DD_IMPORTER_ACTIVE]`
+* Dictates whether Findings should be forced to Active or Inactive on import.  A value of True forces Findings to Active, while a value of False forces all Findings to Inactive.  If no value is set, Active status will instead rely on the incoming report file. `[$DD_IMPORTER_ACTIVE]`
 
 `--api-scan-configuration value, --asc value`
 * The ID of the API Scan Configuration object to use when importing or reimporting. (default: 0) `[$DD_IMPORTER_API_SCAN_CONFIGURATION]`
@@ -820,6 +838,12 @@ example, x  Shows an example of required and optional flags for reimport operati
 `--auto-create-context, --acc`                 
 * If set to true, the importer automatically creates Engagements, Products, and Product_Types (default: false) `[$DD_IMPORTER_AUTO_CREATE_CONTEXT]`
 
+`--close-old-findings, --cof`
+* If True, old Findings no longer present in the report will be Closed as Mitigated when importing. If Service has been set, only the Findings for this Service will be closed. [$DD_IMPORTER_CLOSE_OLD_FINDINGS]
+
+`--close-old-findings-product-scope, --cofps`
+* Select if --close-old-findings applies to **all** Findings of the same type in the Product. By default, this is set to false, meaning that only old Findings of the same type in the Engagement are in scope (and will be closed by Close Old Findings). [$DD_IMPORTER_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE]
+
 `--deduplication-on-engagement, --doe`          
 * If set to true, the importer restricts deduplication for imported findings to the newly created Engagement. (default: false) `[$DD_IMPORTER_DEDUPLICATION_ON_ENGAGEMENT]`
 
@@ -854,7 +878,7 @@ example, x  Shows an example of required and optional flags for reimport operati
 * The version of the test. `[$DD_IMPORTER_TEST_VERSION]`
 
 `--verified, -v`                                   
-* Dictates whether findings should be set to Verified on import. (default: false) `[$DD_IMPORTER_VERIFIED]`
+* Dictates whether Findings should be set to Verified on import. A value of True forces Findings to Verified. If no value is set, Verified status will instead rely on the incoming report file. (default: unset) `[$DD_IMPORTER_VERIFIED]`
 
 **Settings:**