Merge pull request #14607 from DefectDojo/release/2.56.4

Release: Merge release into master from: release/2.56.4

Author: rossops

.github/workflows/integration-tests.yml

@@ -76,7 +76,7 @@ jobs:
           # "tests/import_scanner_test.py",
           # "tests/zap.py",
         ]
-        os: [alpine, debian]
+        os: [debian]
         v3_feature_locations: [true, false]
         exclude:
           # standalone create endpoint page is gone in v3

.github/workflows/performance-tests.yml

@@ -23,13 +23,13 @@ jobs:
         uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
         with:
           path: built-docker-image
-          pattern: built-docker-image-django-alpine-linux-amd64
+          pattern: built-docker-image-django-debian-linux-amd64
           merge-multiple: true
 
       - name: Load docker images
         timeout-minutes: 10
         run: |
-          docker load -i built-docker-image/django-alpine-linux-amd64_img
+          docker load -i built-docker-image/django-debian-linux-amd64_img
           docker images
 
       - name: Set unit-test mode
@@ -45,7 +45,7 @@ jobs:
             -f docker/docker-compose.override.performance_tests_cicd.yml \
             up -d --no-deps uwsgi
         env:
-          DJANGO_VERSION: alpine
+          DJANGO_VERSION: debian
 
       - name: Run performance tests (auto-update counts)
         timeout-minutes: 15

.github/workflows/rest-framework-tests.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
     strategy:
       matrix:
-        os: [alpine, debian]
+        os: [debian]
 
     steps:
       # Replace slashes so we can use this in filenames

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.56.3",
+  "version": "2.56.4",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/content/get_started/open_source/installation.md

@@ -18,6 +18,23 @@ See instructions in [DOCKER.md](<https://github.com/DefectDojo/django-DefectDojo
 
 [SaaS link](https://defectdojo.com/platform)
 
+---
+## **Docker Image Variants**
+---
+
+DefectDojo publishes Docker images in multiple variants:
+
+| | AMD64 | ARM64 |
+|---|---|---|
+| **Debian** | ✅ Supported | ⚠️ Unit tested |
+| **Alpine** | ⚠️ Community | ⚠️ Community |
+
+**Debian on AMD64** is the officially supported and tested configuration. All CI tests (unit, integration, and performance) run against this combination.
+
+**Debian on ARM64** is built and covered by unit tests in CI, but integration and performance tests are not run against it.
+
+The **Alpine** variants are built and published but are not covered by any automated testing. Use them at your own risk.
+
 ---
 ## **Options for the brave (not officially supported)**
 ---

docs/content/releases/os_upgrading/2.56.4.md

@@ -0,0 +1,11 @@
+---
+title: 'Upgrading to DefectDojo Version 2.56.4'
+toc_hide: true
+weight: -20260319
+description: JFrog Xray API Summary Artifact parser deduplication
+---
+
+## JFrog Xray API Summary Artifact parser deduplication
+Deduplication of JFrog Xray API Summary Artifact findings is improved for newly imported findings.  
+
+To apply this on existing data, you need to recompute the hashes for this specific parser [see docs](https://docs.defectdojo.com/triage_findings/finding_deduplication/os__deduplication_tuning/#after-changing-deduplication-settings).

docs/package-lock.json

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.56.3"
+__version__ = "2.56.4"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"  # noqa: RUF067
 __docs__ = "https://documentation.defectdojo.com"  # noqa: RUF067

dojo/__init__.py

@@ -76,13 +76,44 @@ def apply_async(self, args=None, kwargs=None, **options):
         return super().apply_async(args=args, kwargs=kwargs, **options)
 
 
-class PgHistoryTask(DojoAsyncTask):
+class PluggableContextTask(DojoAsyncTask):
+
+    """
+    Extends DojoAsyncTask with pluggable context managers loaded from settings.
+
+    CELERY_TASK_CONTEXT_MANAGERS is a list of dotted paths to callables that
+    return context managers. Each task execution is wrapped in all of them.
+    This replaces the celery signal-based approach (task_prerun/task_postrun)
+    which does not work reliably with prefork worker pools.
+    """
+
+    def __call__(self, *args, **kwargs):
+        from contextlib import ExitStack  # noqa: PLC0415
+
+        from django.utils.module_loading import import_string  # noqa: PLC0415
+
+        cm_paths = getattr(settings, "CELERY_TASK_CONTEXT_MANAGERS", [])
+        if not cm_paths:
+            return super().__call__(*args, **kwargs)
+
+        # ExitStack ensures all entered context managers are properly exited
+        # (via __exit__) even if the task raises an exception, so cleanup
+        # and batch dispatch always happen.
+        with ExitStack() as stack:
+            for path in cm_paths:
+                cm_factory = import_string(path)
+                stack.enter_context(cm_factory())
+            return super().__call__(*args, **kwargs)
+
+
+class PgHistoryTask(PluggableContextTask):
 
     """
     Custom Celery base task that automatically applies pghistory context.
 
-    This class inherits from DojoAsyncTask to provide:
+    This class inherits from PluggableContextTask to provide:
     - User context injection and task tracking (from DojoAsyncTask)
+    - Pluggable context managers from settings (from PluggableContextTask)
     - Automatic pghistory context application (from this class)
 
     When a task is dispatched via dojo_dispatch_task or dojo_async_task, the current