Defect Dojo OS 2.54.0 Release: Key Features and Changes Explained
🌈 Defect Dojo OS 2.54.0 was released today 🌈 Full changelog: https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.54.0 Highlights: Bugfix Deduplication bugfix where deduplication stopped if the first match was inactive: https://github.com/DefectDojo/django-DefectDojo/issues/14010 Breaking Change: Removal of django-auditlog Starting with DefectDojo 2.53, django-auditlog support has been removed in favour of django-pghistory. This is designed to be a backwards compatible change, unless: You’re querying the database directly for auditlog events, or,
You’ve set the DD_AUDITLOG_TYPE environment variable (or AUDITLOG_TYPE settings field)
Benefits of django-pghistory The switch to django-pghistory provides several advantages:
Better performance: Database-level triggers reduce overhead compared to Django signal-based auditing
More features: Enhanced context tracking and better support for complex queries
Better data integrity: PostgreSQL-native implementation ensures consistency
Migration Notes
A one-time data migration will take place to populate the django-pghistory tables with the initial snapshot of the tracked models.
The migration is designed to be fail-safe: if it fails for some reason, it will continue where it left off.
The migration can also be performed up front via
docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_fast", or
docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_simple", or
docker compose exec uwsgi bash -c "python manage.py pghistory_backfill"
The backfill migration is not mandatory to succeed. If it fails for some reason, the only side effect will be that the first auditlog diff will contain all fields of an object instead just the changed fields. Import/reimport performance improvements DefectDojo 2.54.x includes performance improvements for reimporting scan results, especially for large scans:
Faster reimports due to fewer database queries and more bulk operations.
Reduced database load during reimport matching and post-processing (helps avoid slowdowns/timeouts under heavy scan volume).
More efficient endpoint status updates during reimport of dynamic findings.
Less churn when updating vulnerability IDs, avoiding unnecessary deletes/writes when nothing changed.
No action is required after upgrading. (Optional tuning knobs exist via DD_IMPORT_REIMPORT_MATCH_BATCH_SIZE and DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE.) Finding Template enhancements and removal of CWE matching As communicated in the 2025Q1 community update the automated matching of Finding Templates based on CWE and/or title has now been removed. Dropped support for DD_PARSER_EXCLUDE To simplify the management of the DefectDojo application, parser exclusions are no longer controlled via the environment variable DD_PARSER_EXCLUDE or application settings. This variable is now unsupported. From now on, you should use the active flag in the Test_Type model to enable or disable parsers. Only parsers associated with active Test_Type entries will be available for use.