update Pro changelog 2.41.0 (DefectDojo#11367)

* pop Pro changelog 2.40.4 / version numbers

reformat pro changelog: add version numbers in anchor, move OS upgrading guide to new page

* update Pro changelog to 2.41.0

---------

Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com>

Author: paulOsinski

docs/assets/images/reorder-columns.png

@@ -1,13 +1,36 @@
 ---
-title: "Changes & New Features"
+title: "DefectDojo Pro Changelog"
 description: "DefectDojo Changelog"
 ---
 
-Here are the release notes for DefectDojo Pro (Cloud Version) releases.  For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases).
+Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes.
 
+For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrate notes](../../open_source/upgrading/upgrading_guide).
 
-## Nov 17, 2024
-**Version 2.40.2**
+## Dec 2, 2024: v2.41.0
+
+- **(Api)** `engagements/{id}/update_jira_epic` endpoint path added so that users can now push an updated Engagement to Jira, without creating a new Jira Epic.
+- **(Beta UI)** Columns can now be reordered in tables, by clicking and dragging the column header.
+
+![image](images/reorder-columns.png)
+
+- **(Beta UI)** Notes can now be added to a Test directly from the Test page.
+- **(Classic UI)** Reviewers are now displayed on Finding pages.
+- **(Docs)** New integrated docs site: https://docs.defectdojo.com/
+
+
+## Nov 25, 2024: v2.40.4
+
+- **(Beta UI)**  Improved Metadata tables with Parent object relationships for Products, Engagements, Tests, Findings, Endpoints/Hosts
+- **(Beta UI)**  Deleting an object now returns you to a page which makes more sense.
+- **(Endpoints)**  Endpoints can now be sorted by ID.
+- **(Review Request)**  When a user requests a review, both the requester and the requestee are now captured in audit logs.
+- **(Tools)**  Trivy Operator now parses the ‘cluster compliance report’ from scans.
+- **(Tools)**  CheckMarx One parser can now handle cases where a result has no description.
+- **(Tools)**  AnchorCTL Policies tool has been fortified to handle new severity values.
+
+
+## Nov 17, 2024: v2.40.2
 
 - **(API)** Added an API endpoint to get the DefectDojo version number: `/api/v2/version` <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 - **(API)**  Multiple Metadata objects can now be added to a single Endpoint, Finding or Product via POST or PATCH to `/api/v2/metadata/` .  Previously, only one Metadata key/value pair could be updated per call.
@@ -19,8 +42,7 @@ Here are the release notes for DefectDojo Pro (Cloud Version) releases.  For Ope
 - **(Tools)**  Update to AWS Prowler parser - can now handle the ‘event_time’ parameter
 
 
-## Nov 14, 2024
-**Version 2.40.1**
+## Nov 14, 2024: v2.40.1
 
 - **(API)** Added a method to validate for file extensions, when 'artifact' files are added to a test (images, for example)
 - **(Cloud Portal)** Fixed an issue where QR codes were not being generated correctly for MFA setup.  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
@@ -31,8 +53,7 @@ Here are the release notes for DefectDojo Pro (Cloud Version) releases.  For Ope
 
 
 
-## Nov 4, 2024
-**Version 2.40.0**
+## Nov 4, 2024: v2.40.0
 
 - **(API)** Engagement_End_Date is now honored when submitted via /import /reimport endpoint.
 - **(API)** Corrected an issue with the /import endpoint where old Findings were not being mitigated correctly.
@@ -60,16 +81,14 @@ configuration fields.
 * The "Location" field should be populated with the appropriate API endpoint for your region. For example, to retrieve results from the us-east-1 region, you would supply https://securityhub.us-east-1.amazonaws.com.
 * Note that we rely on Security Hub's cross-region aggregation to pull findings from more than one region. If cross-region aggregation is enabled, you should supply the API endpoint for your "Aggregation Region". Additional linked regions will have ProductRecords created for them in DefectDojo based on your AWS account IDs and the region names.
 
-## October 29, 2024
-**Version 2.39.4 / 2.39.3**
+## Oct 29, 2024: v2.39.4
 
 - **(API)**  Corrected 'multiple positional arguments' issue with `/import` endpoint
 - **(Metrics)**  Dashboards can now handle multiple Products or Product Types simultaneously: this includes the Executive, Program, Remediation and Tool insights dashboards.  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 - **(Tools)**  OSV, Tenable parsers have been made more robust
 
 
-## October 21, 2024
-**Version 2.39.1**
+## Oct 21, 2024: v2.39.1
 
 - **(Beta UI)**  Parent Object links have been added to the Metadata table to help contextualize the page you're on
 - **(Beta UI)**  Improved "Toggle Columns" menu on tables
@@ -79,9 +98,7 @@ configuration fields.
 - **(Metrics)**  All Metrics dashboards can now be exported as a PDF (Remediation Insights, Program Insights, Tool Insights)  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 
 
-## October 7, 2024
-**Version 2.39.0**
-
+## Oct 7, 2024: v2.39.0
 
 - **(Beta UI)**  Dropdown menus for Import Scan / Reimport Scan no longer block the active element of a form.
 - **(Beta UI)**  Finding counts by Severity now disregard Out Of Scope / False Positive Findings.
@@ -90,17 +107,15 @@ configuration fields.
 - **(Tools)**  AWS Security Hub EPSS score now parses correctly.
 
 
-## September 30, 2024
-**Version 2.38.4**
+## Sept 30, 2024: v2.38.4
 
 - **(API)**  Object History can now be accessed via the API.
 - **(API Docs)**  Generating the response schema for certain API endpoints no longer breaks the Swagger interface.
 - **(Metrics)**  Added Executive Insights dashboard, Select a Product or Product type, and you can view an executive summary of that Product/Product Type’s security posture with relevant stats.  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 - **(Passwords)**  Password creation for new users can now be made optional upon request.  This feature is toggled via the back-end.
 
 
-## September 23, 2024
-**Version 2.38.3**
+## Sept 23, 2024: v2.38.3
 
 - **(API)**  `/global_role` endpoint now supports prefetching.
 - **(API)**  It is now possible to prefetch a Finding with attached files via API.
@@ -112,8 +127,7 @@ configuration fields.
 - **Tools**  fixed an issue where certain tools would not process asyncronously: Whitehat_Sentinel, SSLyze, SSLscan, Qualys_Webapp, Mend, Intsights, H1, and Blackduck.
 
 
-## September 16, 2024
-**Version 2.38.2**
+## Sept 16, 2024: v2.38.2
 
 - **(Beta UI)**  Jira integration in Beta UI now has parity with Legacy UI.  Ability to Push To Jira has been added, and the Jira ticket view has been added to Findings, Engagements, and all other related objects in DefectDojo.
 - **(Finding SLAs)**  Added “Mitigated Within SLA” Finding filter, so that users can now count how many Findings were mitigated on time, and how many were not.  Previously, we were only able to filter Findings that were currently violating SLA or not, rather than ones that had historically violated SLA or not.
@@ -126,8 +140,7 @@ configuration fields.
 
 
 
-## September 9, 2024
-**Version 2.39.1**
+## Sept 9, 2024: v2.39.1
 
 - **(Beta UI)**  Clearing a date filter and re-applying it no longer throws a 400 error.
 - **(Dashboard)**  Dashboard Tag Filters now work correctly in both legacy and beta UIs.  
@@ -139,8 +152,7 @@ configuration fields.
 - **(Tools)**  EPSS score / percentile will now be imported from Aquasec files
 
 
-## Sepember 3, 2024
-**Version 2.38.0**
+## Sept 3, 2024: v2.38.0
 
 - **(API)**  Better naming conventions on Mitigated and Discovered date filters: these are now labeled Mitigated/Discovered On, Mitigated/Discovered Before, Mitigated/Discovered After.
 - **(Beta UI)**  Pre-filtered Finding Routes added to Sidebar: you can now quickly filter for Active Findings, Mitigated Findings, All Risk Acceptances, All Finding Groups.
@@ -156,8 +168,7 @@ configuration fields.
 - **(Risk Acceptance)**  Updating the Simple Risk Acceptance or the Full Risk Acceptance flag on a Product now updates the Product as expected.
 
 
-## August 28, 2024
-**Version 2.37.3**
+## Aug 28, 2024: v2.37.3
 
 - **(API)**  New Endpoint: /finding_groups allows you to GET, add Findings to, delete, or otherwise interact with Finding Groups.  <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
 - **(Beta UI)**  Relative date ranges for Findings have been added to Finding Filters (last 30 days, last 90 days, etc)
@@ -173,8 +184,7 @@ configuration fields.
 - **(Tools)**  Nmap Parser now handles script output
 
 
-## August 7, 2024
-**Version Version 2.37.0**
+## Aug 7, 2024: v2.37.0
 
 - **(API)**  Created a method to handle simultaneous async reimports to the same Test via API
 - **(API)**  Minimum Severity flag now works as expected on /import, /reimport endpoints (Clearsale)
@@ -193,8 +203,7 @@ configuration fields.
 - **(Tools)**  Kiuwan SCA Parser released
 - **(Tools)**  Test Types can now be set to Inactive so that they won’t appear in menus.  This ‘inactive’ setting can only be applied in the legacy UI, via Engagements > Test Types (or defectdojo.com/test_type)
 
-## July 8, 2024
-**Version 2.36.0**
+## Jul 8, 2024: v2.36.0
 
 - **(Notifications)**  Improved email notifications with collapsible Finding lists for greater readability
 - **(SLAs)**  SLAs can now be optionally enforced.  For each SLA associated with a Product you can set or unset the Enforce __ Finding Days box in the relevant SLA Configuration screen.  When this box is unchecked, SLAs for Findings that match that Severity level will not be tracked or displayed in the UI.

docs/content/en/changelog/changelog.md

@@ -0,0 +1,70 @@
+---
+title: "Upgrading Guide"
+description: "Release specific upgrading instructions"
+draft: false
+sidebar:
+    collapsed: true
+weight: -900000000
+---
+
+## Docker compose
+
+When you deploy a vanilla docker compose, it will create a persistent
+volume for your Postgres database. As long as your volume is there, you
+should not lose any data.
+
+### Using docker images provided in DockerHub
+
+If you\'re using `latest`, then you need to pre pull the `latest` from
+DockerHub to update.
+
+The generic upgrade method for docker compose are as follows:
+-   Pull the latest version
+
+    ``` {.sourceCode .bash}
+    docker pull defectdojo/defectdojo-django:latest
+    docker pull defectdojo/defectdojo-nginx:latest
+    ```
+
+-   If you would like to use a version other than the latest, specify the version (tag) you want to upgrade to:
+
+    ``` {.sourceCode .bash}
+    docker pull defectdojo/defectdojo-django:1.10.2
+    docker pull defectdojo/defectdojo-nginx:1.10.2
+    ```
+
+-   If you would like to use alpine based images, you specify the version (tag) you want to upgrade to:
+
+    ``` {.sourceCode .bash}
+    docker pull defectdojo/defectdojo-django:1.10.2-alpine
+    docker pull defectdojo/defectdojo-nginx:1.10.2-alpine
+    ```
+
+-   Go to the directory where your docker-compose.yml file lives
+-   Stop DefectDojo: `./dc-stop.sh`
+-   Re-start DefectDojo, allowing for container recreation:
+    `./dc-up-d.sh`
+-   Database migrations will be run automatically by the initializer.
+    Check the output via `docker compose logs initializer` or relevant k8s command
+-   If you have the initializer disabled (or if you want to be on the
+    safe side), run the migration command:
+    `docker compose exec uwsgi /bin/bash -c "python manage.py migrate"`
+
+### Building your local images
+
+If you build your images locally and do not use the ones from DockerHub,
+the instructions are the same, with the caveat that you must build your images
+first.
+-   Pull the latest DefectDojo changes
+
+    ``` {.sourceCode .bash}
+    git fetch
+    git pull
+    git merge origin/master
+    ```
+
+Then replace the first step of the above generic upgrade method for docker compose with: `docker compose build`
+
+## godojo installations
+
+If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md).