Upgrading to DefectDojo Version 2.8.x

breaking changes

Breaking change for Docker Compose: Starting DefectDojo with Docker Compose now supports 2 databases (MySQL and PostgreSQL) and 2 celery brokers (RabbitMQ and Redis). To make this possible, docker-compose needs to be started with the parameters --profile and --env-file. You can get more information in Setup via Docker Compose - Profiles. The profile mysql-rabbitmq provides the same configuration as in previous releases. With this the prerequisites have changed as well: Docker requires at least version 19.03.0 and Docker Compose 1.28.0.

Breaking change for Helm Chart: In one of the last releases we upgraded the redis dependency in our helm chart without renaming keys in our helm chart. We fixed this bug with this release, but you may want to check if all redis values are correct (Pull Request).

The flexible permissions for the configuration of DefectDojo are now active by default. With this, the flag Staff for users is not relevant and not visible anymore. The old behaviour can still be activated by setting the parameter FEATURE_CONFIGURATION_AUTHORIZATION to False. If you haven’t done so with the previous release, you can still run a migration script with ./manage.py migrate_staff_users. This script:

  • creates a group for all staff users,
  • sets all configuration permissions that staff users had and
  • sets the global Owner role, if AUTHORIZATION_STAFF_OVERRIDE is set to True.