DefectDojo · rossops · Feb 9, 2026 · Feb 4, 2026 · Feb 4, 2026 · Feb 4, 2026
@@ -55,7 +55,7 @@ exclude-labels:
 
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 template: |
-  Please consult the [Upgrade notes in the documentation ](https://docs.defectdojo.com/en/open_source/upgrading/upgrading_guide/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
+  Please consult the [Upgrade notes in the documentation](https://docs.defectdojo.com/releases/os_upgrading/upgrading_guide/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
 
   ## Changes since $PREVIOUS_TAG
   $CHANGES

@@ -8,6 +8,7 @@
   "rebaseWhen": "conflicted",
   "separateMinorPatch": true,
   "ignorePaths": [
+    "docs/**",
     "requirements.txt",
     "requirements-lint.txt",
     "components/package.json",

@@ -10,6 +10,7 @@ FROM base AS build
 WORKDIR /app
 RUN \
   apk update && \
+  apk upgrade --no-cache && \
   apk add --no-cache \
     gcc \
     build-base \
@@ -40,6 +41,7 @@ ARG appuser=defectdojo
 ENV appuser=${appuser}
 RUN \
   apk update && \
+  apk upgrade --no-cache && \
   apk add --no-cache \
     openjpeg \
     jpeg \

@@ -10,6 +10,7 @@ FROM base AS build
 WORKDIR /app
 RUN \
   apt-get -y update && \
+  apt-get -y upgrade && \
   apt-get -y install --no-install-recommends \
     gcc \
     build-essential \
@@ -39,6 +40,7 @@ ARG appuser=defectdojo
 ENV appuser=${appuser}
 RUN \
   apt-get -y update && \
+  apt-get -y upgrade && \
   # ugly fix to install postgresql-client without errors
   mkdir -p /usr/share/man/man1 /usr/share/man/man7 && \
   apt-get -y install --no-install-recommends \

@@ -7,6 +7,7 @@ FROM python:3.13.11-slim-trixie@sha256:51e1a0a317fdb6e170dc791bbeae63fac5272c82f
 WORKDIR /app
 RUN \
   apt-get -y update && \
+  apt-get -y upgrade && \
   apt-get -y install \
     git \
     wget \
@@ -20,6 +21,7 @@ RUN \
     xvfb \
     && \
   apt-get clean && \
+  rm -rf /var/lib/apt/lists && \
   true
 
 RUN pip install --no-cache-dir selenium==4.9.0 requests

@@ -10,6 +10,7 @@ FROM base AS build
 WORKDIR /app
 RUN \
   apk update && \
+  apk upgrade --no-cache && \
   apk add --no-cache \
     gcc \
     build-base \
@@ -70,12 +71,14 @@ COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
 COPY wsgi_params nginx/nginx.conf nginx/nginx_TLS.conf /etc/nginx/
 COPY docker/entrypoint-nginx.sh /
 RUN \
+  apk upgrade --no-cache && \
   apk add --no-cache openssl && \
   chmod -R g=u /var/cache/nginx && \
   mkdir /var/run/defectdojo && \
   chmod -R g=u /var/run/defectdojo && \
   mkdir -p /etc/nginx/ssl && \
   chmod -R g=u /etc/nginx && \
+  rm -rf /var/cache/apk/* && \
   true
 ENV \
   DD_UWSGI_PASS="uwsgi_server" \

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.55.1",
+  "version": "2.55.2",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

@@ -49,6 +49,7 @@ mainSections = ["docs"]
     "en",
     "supported_tools",
     "get_started",
+    "releases",
     "import_data",
     "triage_findings",
     "metrics_reports",

@@ -0,0 +1,62 @@
+---
+title: "Calendar"
+description: "How to use the Calendar in DefectDojo Pro"
+audience: pro
+weight: 2
+---
+
+DefectDojo features a built-in Calendar so you can track all prior and active Engagements and Tests within your organization. Any time a User creates a new Engagement or Test and establishes the start and end dates, a corresponding entry will automatically be added to the Calendar. 
+
+### Landing Page 
+
+The Calendar page includes filters at the top and a monthly calendar below. The filters can adjust which results appear in the calendar based on:
+- Engagement and/or Test 
+- Start and End date 
+- Engagement Status (e.g., Completed, In Progress, On Hold, etc.) 
+- Engagement/Test Lead (i.e., to whom is the Engagement/Test assigned?) 
+- Engagement Type (e.g., Interactive or CI/CD)
+- Test Type (e.g., Pen Test, Acunetix Scan, Tenable Scan, etc.) 
+
+![image](images/calendar1.png)
+
+Once filtered, results can be exported and shared as an ICS file. 
+
+Importantly, Calendar will only present Engagements and Tests to which the User viewing the calendar has access. It will not display Engagements and Tests that the User does not have permission to view. 
+
+## Features 
+
+### Monthly View
+
+The monthly calendar will preview five entries on each day. Additional entries occurring on that day will be hidden from view unless the **"+ [X] events"** is clicked within the cell of any particular date. Once clicked, the calendar will shift from a monthly view to a daily view.
+
+Clicking on an  for a Test or Engagement will open a pop-up modal with additional information on that entry, including: 
+- Start and End Date 
+- Test or Engagement Type 
+- Lead 
+- Status 
+- Asset 
+- Engagement 
+- Test 
+
+From there, the Asset, Engagement, or Test can be accessed via hyperlink.
+
+### Daily View 
+
+In the daily view, all currently active Engagements and Tests will appear chronologically in descending order (i.e, a newly created Engagement or Test will be found at the bottom of that day’s entry). Engagements appear in blue, while Tests appear in Orange.
+
+If set within the applicable Engagement/Test, the title of each entry in the daily calendar will include the following:
+- Status 
+- Product
+- Engagement
+- Test
+- Assignee 
+
+#### Arrows
+
+The arrows on the left and right side of each entry indicate whether that particular Test or Engagement is present on the preceding and/or following day. 
+
+For example, a Test that was made on the same day on which it’s being viewed will not have arrows on the left because that Test didn’t exist the day before. Conversely, a Test that ends on the same day on which it’s being viewed will not have arrows on the right because the entry won’t exist on the following day.
+
+For example, as the final Engagement in the screenshot below (**In Progress** Example Product A ▶ **Sample Engagement** (Unassigned)) is being viewed on the day it was created, and the Target End Date was set for the following day, no arrows are present on either the left or right side.
+
+![image](images/calendar2.png)
@@ -0,0 +1,3 @@
+---
+title: "Release Information"
+---
@@ -0,0 +1,55 @@
+---
+title: 'Upgrading to DefectDojo Version 2.55.2'
+toc_hide: true
+weight: -20260208
+description: JIRA Reconciliation now also processes Finding Groups.
+---
+
+## JIRA Reconciliation
+
+The `jira_status_reconciliation` management command now also processes JIRA issues for Finding Groups.
+
+New command line options:
+
+- `--include-findings` / `--no-include-findings` — Process individual findings with direct JIRA issues (default: True)
+- `--include-finding-groups` / `--no-include-finding-groups` — Process finding groups with JIRA issues (default: True)
+
+Full list of options:
+
+    docker compose exec uwsgi bash -c "python manage.py jira_status_reconciliation --help"
+
+    usage: manage.py jira_status_reconciliation [-h] [--mode MODE] [--product PRODUCT]
+               [--engagement ENGAGEMENT] [--daysback DAYSBACK] [--dryrun]
+               [--include-findings | --no-include-findings]
+               [--include-finding-groups | --no-include-finding-groups]
+               [--version] [-v {0,1,2,3}] [--settings SETTINGS]
+               [--pythonpath PYTHONPATH] [--traceback] [--no-color]
+               [--force-color] [--skip-checks]
+
+    Reconcile finding/finding group status with JIRA issue status, stdout will
+    contain semicolon separated CSV results. Risk Accepted findings are skipped.
+    Findings created before 1.14.0 are skipped.
+
+    options:
+      -h, --help            show this help message and exit
+      --mode MODE           reconcile: (default) reconcile any differences in
+                            status between Defect Dojo and JIRA.
+                            push_status_to_jira: update JIRA status for all JIRA
+                            issues connected to a finding or finding group.
+                            import_status_from_jira: update finding/finding group
+                            status from JIRA.
+      --product PRODUCT     Only process findings in this product (name)
+      --engagement ENGAGEMENT
+                            Only process findings in this engagement (name)
+      --daysback DAYSBACK   Only process findings created in the last
+                            'daysback' days
+      --dryrun              Only print actions to be performed, but make no
+                            modifications.
+      --include-findings, --no-include-findings
+                            Process individual findings with direct JIRA issues
+                            (default: True)
+      --include-finding-groups, --no-include-finding-groups
+                            Process finding groups with JIRA issues
+                            (default: True)
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.55.2) for the contents of the release.
@@ -0,0 +1,7 @@
+---
+title: "Open Source Upgrades"
+description: "Release specific upgrading instructions"
+draft: false
+weight: 2
+audience: opensource
+---
@@ -1,5 +1,5 @@
 ---
-title: "Upgrading Guide"
+title: "Open Source Upgrading"
 description: "Release specific upgrading instructions"
 draft: false
 sidebar:

@@ -0,0 +1,7 @@
+---
+title: "Pro Upgrades"
+description: ""
+draft: false
+weight: 2
+audience: pro
+---
@@ -6,20 +6,34 @@ exclude_search: true
 
 Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes.
 
-For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/open_source/upgrading/upgrading_guide/).
+For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/changelog/os_upgrading/upgrading_guide/).
 
-## Jan 2025: v2.54
+## Feb 2025: v2.55
 
-### Jan 20, 2025: v2.54.2
+### Feb 2, 2026: v2.55.0
+
+* **(Pro UI)** Risk Acceptances can now have Notes added.
+* **(Pro UI)** Note Types are now available in the Pro UI.
+
+## Jan 2026: v2.54
+
+### Jan 27, 2026: v2.54.3
+
+* **(Connectors)** Added a "Pending" status to Connectors when Sync or Discovery operations are in progress.
+* **(Pro UI)** Findings Under Review can now be Mitigated when clearing Review.
+* **(Pro UI)** An Asset's Parent and Child Assets can now be quickly added to a Pro Metrics query.
+
+
+### Jan 20, 2026: v2.54.2
 
 * **(Pro UI)** corrected a bug where unordered lists would display as ordered lists in editor forms.
 * **(Smart Upload)** introduced severity filtering to the Smart Importer to skip findings below a specified severity level. Added detailed logging throughout the findings processing to improve traceability and debugging.
 
-### Jan 12, 2025: v2.54.1
+### Jan 12, 2026: v2.54.1
 
 * **(AI Tools)** added Risk Scores to schema for MCP processing.
 
-### Jan 5, 2025: v2.54.0
+### Jan 5, 2026: v2.54.0
 
 No significant UX changes.