Conversation
….60.0-dev Release: Merge back 2.59.0 into bugfix from: master-into-bugfix/2.59.0-2.60.0-dev
Remove the exclusion of the current user from the reviewer dropdown in ReviewFindingForm so users can self-assign as reviewer.
When the original of a duplicate cluster is deleted (e.g. via engagement deletion), reconfigure_duplicate_cluster promotes the first remaining duplicate to the new primary. It already copies active and is_mitigated from the original, but not verified. The promoted finding kept its own verified=False, which blocked Jira's "Push All Issues" (requires active+verified). Add verified to the fields copied to the new original. Fixes #14911
…ied (#14935) * Prevent reimport from reactivating duplicate findings as active/verified Fixes #14910. process_matched_mitigated_finding reactivated a matched mitigated finding without checking whether it is a duplicate, producing an invalid active/verified duplicate state that the finding edit form rejects. Keep duplicates inactive/unverified on reactivation (un-mitigate only), matching the set_duplicate invariant. * Initialise reimporter accumulators in duplicate reactivation tests process_matched_mitigated_finding appends to self.reactivated_items, which is normally created in process_findings(). The tests drive the method directly, so set the accumulator lists explicitly.
…#14941) Dependency-Check's DependencyBundlingAnalyzer merges co-grouped artifacts into one main dependency and lists the others under <relatedDependencies>. The vulnerability is attached only to the main dependency in the XML; related entries are metadata for other files in the same logical component. Previously the parser emitted one finding per related entry in addition to the main finding. This multiplied a single CVE into N findings sharing the same title, CVE, component name, and version — only the file path differed. Projects with Spring Boot, ActiveMQ, or other libraries whose CPE matches many sibling artifacts (DC bundling scenario 4) were hit hardest. Instead, emit one finding per vulnerability per main dependency and surface related file paths in the description under a "**Related Filepaths:**" block. The five DependencyBundlingAnalyzer bundling scenarios are documented in the new build_related_dependencies_block() helper, the parser docs page, and the 2.59.1 upgrade notes. Closes-style note: findings previously tagged `related` will be closed on the next reimport as they are no longer emitted. The `related` tag is not applied.
…late (#14945) critical_product_metrics view renders metrics.html without a form context variable. Django resolves undefined template vars as empty string, causing get_filter_groups to crash with AttributeError on str.visible_fields(). Wrapping the filter_snippet include in {% if form %} prevents the crash. Fixes #14944.
…y counts (#14968) Re-baseline expected query counts after upstream merge that switched from RBAC to legacy authorization. Legacy auth has lower per-action overhead (no role-permission lookups, simpler dispatch), so all counts decreased by 1-7 queries. Also removes the unused `unittest.skip` import.
github-actions
Bot
added
settings_changes
… add upgrade notes for version 3.0.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.