DefectDojo · valentijnscholten · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025
@@ -2,18 +2,12 @@ name: Integration tests
 
 on:
   workflow_call:
-    inputs:
-        auditlog_type:
-          type: string
-          default: "django-auditlog"
 
 jobs:
   integration_tests:
     # run tests with docker compose
     name: User Interface Tests
     runs-on: ubuntu-latest
-    env:
-      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
     strategy:
       matrix:
         test-case: [

@@ -6,16 +6,11 @@ on:
         platform:
           type: string
           default: "linux/amd64"
-        auditlog_type:
-          type: string
-          default: "django-auditlog"
 
 jobs:
   unit_tests:
     name: Rest Framework Unit Tests
     runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    env:
-      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
 
     strategy:
       matrix:

@@ -25,26 +25,18 @@ jobs:
     strategy:
         matrix:
             platform: ['linux/amd64', 'linux/arm64']
-            auditlog_type: ['django-auditlog', 'django-pghistory']
         fail-fast: false
     needs: build-docker-containers
     uses: ./.github/workflows/rest-framework-tests.yml
     secrets: inherit
     with:
       platform: ${{ matrix.platform}}
-      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run integration tests for linux/amd64 (default)
   test-user-interface:
     needs: build-docker-containers
     uses: ./.github/workflows/integration-tests.yml
     secrets: inherit
-    strategy:
-      matrix:
-        auditlog_type: ['django-auditlog', 'django-pghistory']
-      fail-fast: false
-    with:
-      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run k8s tests for linux/amd64 (default)
   test-k8s:

@@ -1,10 +1,49 @@
 ---
-title: 'Upgrading to DefectDojo Version 2.53.x'
+title: "Upgrading to DefectDojo Version 2.53.x"
 toc_hide: true
-weight: -20251103
-description: No special instructions.
+weight: -20251101
+description: Removal of django-auditlog and exclusive use of django-pghistory for audit logging.
 ---
-There are no special instructions for upgrading to 2.53.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the contents of the release.
+
+## Breaking Change: Removal of django-auditlog
+
+Starting with DefectDojo 2.53, `django-auditlog` support has been removed in favour of `django-pghistory`.
+This is designed to be a backwards compatible change, unless:
+- You're querying the database directly for auditlog events, or,
+- You've set the `DD_AUDITLOG_TYPE` environment variable (or `AUDITLOG_TYPE` settings field)
+
+### Required Actions
+
+If you're using `DD_AUDITLOG_TYPE`, remove it from your configuration/environment.
+
+### Existing Records Preserved
+
+Historical audit log entries stored in the `auditlog_logentry` table will continue to be displayed in the action history view for backward compatibility. No data migration is required.
+
+### Benefits of django-pghistory
+
+The switch to `django-pghistory` provides several advantages:
+
+- **Better performance**: Database-level triggers reduce overhead compared to Django signal-based auditing
+- **More features**: Enhanced context tracking and better support for complex queries
+- **Better data integrity**: PostgreSQL-native implementation ensures consistency
+
+### Migration Notes
+
+- A one-time data migration will take place to populate the `django-pghistory` tables with the initial snapshot of the tracked models.
+- The migration is designed to be fail-safe: if it fails for some reason, it will continue where it left off.
+- The migration can also be performed up front via
+  - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_fast"`, or
+  - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill_simple"`, or
+  - `docker compose exec uwsgi bash -c "python manage.py pghistory_backfill"`
+
+The backfill migration is not mandatory to succeed. If it fails for some reason, the only side effect will be that the first auditlog diff will contain all fields of an object instead just the changed fields.
+
 
 ## Reimport updates fields fix_available and fix_version
 Reimport will update existing findings `fix_available` and `fix_version` fields based on the incoming scan report.
+
+---
+
+Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.53.0) for the complete contents of this release.
+
@@ -91,7 +91,8 @@ def ready(self):
         # Configure audit system after all models are loaded
         # This must be done in ready() to avoid "Models aren't loaded yet" errors
         # Note: pghistory models are registered here (no database access), but trigger
-        # enabling is handled via management command to avoid database access warnings
+        # enabling is handled in the entrpoint script to avoid database access warnings
+        # during startup
         register_django_pghistory_models()
         configure_audit_system()