logo

Release Notes

Stay up to date with the latest PentestPad changes. Here you can check our newest bugfixes and features.

v1.3.9

31. Dec, 2025

What's New

  • (1122) Add scope_type project prop to report builder

What's Fixed

  • (1107) Different attachment indicator icons color depending on the privacy level

v1.3.8

24. Dec, 2025

What's New

  • (1094) Limit to one session per account
  • (1097) Test for Jira integration and add new column on vulnerability preview for ticket ID with link
  • (1104) Download findings in CSV/Excel format directly from the portal
  • (1109) Live report preview

What's Fixed

  • (722) Fix image additional field being a select on FindingEditor
  • (1099) Notifications now open in new tab when clicking with middle mouse button
  • (1102) Fix incorrect severity level in email notifications when changing finding status from Draft to Ready
  • (1103) Fix notification email displaying raw HTML content instead of formatted text and images

v1.3.7

19. Dec, 2025

What's New

  • (1084) Custom vulnerability statuses
  • (1088) Add user name when inviting client
  • (1092) Update React
  • (1015) Statuses now follow same order as on project kanban

What's Fixed

  • (1085) Fix template preview/accordion vulnerability layout
  • (1090) Client users now visible when creating tasks from inside the project
  • (1091) Fix project name display after cloning a project
  • (1093) Fix save button size on FindingEditor
  • (1096) Fix template code style not applying

v1.3.6

11. Dec, 2025

What's New

  • (1048) Add CVSS score column on vulnerabilities table
  • (1087) Add validation to make team name unique
  • (1041) activity on project is not scrollable and extended now
  • (1039) Add "no results found" to permissions search on users & roles page
  • (1040) Add "no statuses yet" message and link on project board
  • (1043) Restrict dragging and dropping when no permission on projects board
  • (1044) When impact and probability are hidden, use CVSS for risk calculation
  • (1083) Scope items no longer open as links if they are not valid URLs

What's Fixed

  • (1037) Create new group button size fix on project layout
  • (1045) Layout now persists with configuration
  • (1047) Fix mismatch between risk colors
  • (1050) Fix select breaking when too big
  • (1051) Fix create new report select color
  • (1076) Remove force password reset when user goes through forgot password process
  • (1079) Clients can now see assessment domain
  • (1082) Fix whitelabel not working on 404 pages

v1.3.1

27. Nov, 2025

What's New

  • (999) Whitelabel colors and logo for pentester users (dark/light logos, favicon upload)
  • (1009) Add job title field per user
  • (1014) Order vulnerabilities in table by number "#" column
  • (1026) Add comments to individual vulnerabilities
  • (1019) Upload attachments visibility control
  • (1023) Implemented notification preferences
  • (1004) Prevent users from editing the slug of project status
  • (1005) Add tooltip to buttons in project layout (archive, clone, edit)
  • (1013) Add message when no vulnerabilities in project, with link to add one

What's Fixed

  • (1001) Hide Burp attachment files for the client
  • (1002) Fix the client name style in the navigation
  • (1006) Approve button for project now works on single project page
  • (1025) Even out replace DOCX/PDF report dialog size

v1.2.21

20. Nov, 2025

What's New

  • (992) Ability to sort columns in the Vulnerabilities tab of a project
  • (993) Assign default template for project during creation
  • (994) Custom SMTP settings/env variables per tenant in cloud
  • (998) Enable whitelabel
  • (948) Blend project activity and comments in one

What's Fixed

  • (983) Category/Categories wording mismatch fix
  • (997) References field links in bullet points no longer appear bold when they aren't

v1.2.19

12. Nov, 2025

What's New

  • (949) "Show My Vulnerabilities" toggle in Vulnerabilities tab
  • (964) Update default PentestPad template
  • (975) Test and review API documentation and integration
  • (984) Improve affected hosts and other fields mapping in vulnerability import preview page

What's Fixed

  • (854) Add "no content" message on create report page
  • (897) Add "no template found" message on finding editor import from template
  • (954) New line in PentestPad now reflects in report
  • (963) Editing generated report now generates new report instead of editing existing one
  • (971) Fix string data truncation error for long vulnerability titles
  • (974) Fix codeblock weird behavior
  • (979) Debounce only textarea & text fields on finding editor
  • (981) Fix Nessus importing
  • (989) Fix members modal to not display deleted users

v1.2.13

31. Oct, 2025

What's New

  • (802) Dynamic project fields, client can request a pentest form
  • (837) Filters for extra fields
  • (944) Projects in list format
  • (946) Draft reports

What's Fixed

  • (845) Template improvements (date format, whitespace, PDF compatibility)
  • (931) Chart not being full height
  • (932) Input not being reset and not requiring unique value
  • (940) Color adjustment for draggable element on vulnerability layout
  • (943) Toolbar not sticky
  • (945) Vulnerability template page fix
  • (947) Import mapping improvements

v1.2.12

24. Oct, 2025

What's New

  • (938) Warning when importing vulnerability on non-existing findings
  • (941) Apply chart filter when not empty
  • (901) Pgsql reindex

v1.2.9

16. Oct, 2025

What's New

  • (896) Charts can be defined in the Administration -> Settings

v1.2.8

10. Oct, 2025

What's New

  • (919) Clients can now download only PDF reports from the client portal
  • (917) Reports can be set as published/unpublished, with only published reports visible on the client portal

What's Fixed

  • (868) Dialog height fix on smaller displays
  • (916) Draft vulnerabilities are now excluded from report generation
  • (920) Hidden vulnerability fields no longer appear on the view page (pentest and client portal)
  • (921) Impact field is now properly saved when creating a new finding
  • (923) HTTP Excerpts field is no longer deletable and has the correct icon
  • (924) Tiptap editor label tooltip styling fixed
  • (914) Added pluck and sort affected hosts A-Z functionality

v1.2.5

3. Oct, 2025

What's New

  • (895) Allow spreadsheet / xlsx templates

v1.2.4

1. Oct, 2025

What's New

  • (844) Connect (or create) Jira tickets with pentestpad findings
  • (884) Extend editor to have Heading 1-6
  • (559) Add support for IPv6 in report extraction
  • (851) Preserve pagination select in session

What's Fixed

  • (888) AccordionFinding's tooltip is empty if the title is null
  • (866) Disable notifications buttons
  • (891) Burpsuite-Scope json does not detect out of scope fields from project
  • (122) Display burp attachment config only if there is a valid IP address/URL/domain in scope
  • (883) Add "no executive templates" to import from template dialog on create report
  • (876) No border on the right side of vulnerability title on smaller screens
  • (875) Sheet trigger positioning fix
  • (663) Fix finding ordering
  • (867) Dashboard dialog width fix on small displays

v1.2.3

25. Sep, 2025

What's New

  • (843) Import findings from CSV
  • (835) Add "Preview vulnerability" link
  • (808) Add status and modified to vulnerability templates
  • (765) Get encrypted PDF report with password (user provided)
  • Add comprehensive nmap visualization and operations system
  • Added validation and the import of templates

What's Fixed

  • (841) Fix cvss component overflowing on smaller screens
  • (840) Fix application layout padding on smaller screens
  • (836) Delete the Enable project status change as we have permission for it
  • (832) TypeError: Cannot read properties of undefined (reading 'is_multi_domain_project')
  • (838) Make the import vulnerability dialog have an overflow
  • (850) Fix buttons breaking out on small screens on project vulnerabilities page
  • (853) Fix tabs style on smaller screens
  • (856) Make sure projects are not archived

v1.1.7

17. Sep, 2025

What's New

  • (824) Implement CVSSv4: Finding and template editors are now equipped with a select for CVSS v3.1 or CVSS 4.0

What's Fixed

  • (805) Fix finding configuration styles
  • (816) Fix form-data uses unsafe random function in form-data for choosing boundary
  • (813) Finding editor inconsistencies
  • (827) Application archives projects

v1.1.4

11. Sep, 2025

What's New

  • (807) Clear all notifications
  • (768) Filter per client, project type, etc. on the calendar
  • (752) Frontend for importing Nessus and burp

What's Fixed

  • (800) Affected hosts recommendation select is not visible
  • (798) Information leakage on site-wide pages
  • (803) Fix chart bar
  • Fix image alignment

v1.0.59

5. Sep, 2025

What's New

  • (767) Add search for project types
  • (762) Add retesting table to the template
  • (721) Import scope with note
  • (652) It would be great to set the order of the Additional Fields depending on the template (or in general)
  • (764) Change color per client for on the calendar
  • (753) Create dummy data with seeders on initialized data
  • (787) Unit tests Laravel
  • (680) General pages tests

What's Fixed

  • (761) Fields don't reset when inviting multiple users
  • (757) No projects yet. misaligned
  • (756) Error when changing remediation stage to remediated
  • (720) Error when I edit the project and select Create New client and enter name for new client and then save
  • (716) Admin can see all the teams when creating user even the ones they are not part of
  • (707) missing label on the additional field on finding editor
  • (632) if csrf token expires add erreo or refresh on login
  • (622) User elements overflow
  • (651) Report Generation doesn't auto-identify additional fields for all of our templates.

v1.0.56

20. Aug, 2025

What's New

  • (PF-19) Users Cannot Edit Their Own Vulnerability Templates

v1.0.52

15. Aug, 2025

What's New

  • (724) Split by character to array in template
  • (579) Make first form fields initially focused on login / 2FA pages to enable keyboard only workflow
  • (741) Implement "splitObject" filter
  • (740) Add to affected hosts from findings of that project
  • (737) Add highlighter to tiptap
  • (733) Add import affected hosts from txt file like we have on the import scope page
  • (749) Add fallback parameter to split and splitObject functions
  • (719) Add select all on vulnerability types

What's Fixed

  • (742) "Default" Template Is Not the "Default" Template
  • (743) Deleting Vulnerability Template from the Vulnerability Templates Results in Jumping to Page 1
  • (748) Member name on a project is undefined
  • (746) Unauthorized Users Can Edit Vulnerability Templates
  • (736) Check auto delete/archive of reports and findings
  • (732) Remove bottom border of notification if its the only one
  • (726) Fix the height of the blurred table cell
  • (750) Fix when imported finding from template with References field fails the report building

v1.0.46

22. Jul, 2025

What's New

  • (563) Category for the vulnerability templates
  • (675) Improve project workflow statuses orders and add color picker
  • (678) Add autofill on finding affected assets

What's Fixed

  • (688) Limit browser sessions element height
  • (689) Remove z letter
  • (690) Bulk scope import doesnt work
  • (691) Today's status shows data from all teams
  • (692) Vulnerabilities graph on dashboard shows vulnerabilities from all teams
  • (694) Vulnerability and Executive Summary templates delete modal mismatch
  • (698) AccordionFinding should have conditional link on external link
  • (703) Docxtemplater code style
  • (706) Remove old additional fields

v1.0.40

23. Jun, 2025

What's New

  • (660) Remove report template limit from professional plan

What's Fixed

  • (661) Additional fields accordion text missalignment
  • (662) Fix error on templates regarding multi tenant domain
  • (659) After drag and drop the number per page and page number resets

v1.0.39

23. Jun, 2025

What's New

  • (639) Add permission for the tooltip edits
  • (640) Notifications now work across teams
  • (635) Assessment domains on findings
  • (644) Make assessment domains selectable within the finding editor like the CWE
  • Added admin permissions
  • Added manage team permission
  • Added ignore 2FA routes from checking in middleware
  • Add migration for default role permissions
  • Added message when don’t have permission to change project status
  • Added order by for reports

What's Fixed

  • (656) Creating tasks from the projects page results in 403 Unauthorized message
  • (653) Fix image size and captions
  • (646) MFA infinite loop
  • (603) Testing setup and documentation
  • (610) PP-591 Permissions backend
  • (650) In Permissions, there is no “Edit” for ‘Report’ – thus resulting in a 403 whenever any role tries to edit the generated report
  • (627) Create task doesn’t work
  • (634) Users with Task - Change status permission cannot change statuses of tasks: 403 Forbidden
  • (642) Styling when selecting different assessment domain
  • (643) Hide/show vulnerabilities table columns weird code
  • (645) Unassigned users list too long and unreachable
  • (649) When moving archived projects across the board, app shows an error but still permits the move
  • Project permissions
  • Finding permissions
  • Clients permissions
  • Prevent pentesters from seeing all vulnerabilities on vulnerabilities page
  • Fix search across teams and permissions
  • Fixed issue when missing client name for pentester
  • Updated package

v1.0.24

6. Jun, 2025

What's New

  • (491) Force update table of content after generating report
  • (560) Add burp scope attachment per project
  • (584) Add notes to scope/out of scope endpoints

What's Fixed

  • (582) Multi-select fields don't have label
  • (581) Project members on report details show type of user instead of type of project-user
  • (583) Download report button only appears on overview and reports but not on other project tabs
  • (599) Multiple attachments in New Project PentestPad

v1.0.23

28. May, 2025

What's New

  • (567) Make project lead searchable when creating/editing a project
  • (565) Preselect project when creating a task
  • (564) Vulnerability template preview
  • (558) Auto detect additional fields when building the report
  • (571) Verify 2FA before setting the 2FA on account
  • (576) By default order everything by created_at

What's Fixed

  • (574) Dismissing 'Manage members' dialog on project details doesn't reset the form
  • (561) On finding editor there is no place to go back to the project simply
  • (557) Update project duplicate targets scope
  • (547) Create template from vulnerability
  • (577) Fix layout breaking apart on all pages
  • (570) Whitelabel logo doesn't appear on 2FA challenge
  • (580) Button border fix on light mode
  • (575) Finding reorder route

1.0.21

21. May, 2025

What's New

  • (545) Limit avatar fallback to 2 characters

What's Fixed

  • (534) Aligned search bar spinning indicator
  • (535) On taskboard navbar active indicator being lost with search query
  • (546) On template edit delete button doesn't work
  • (554) Added backward compatibility for redBackground and graphs in report

1.0.19

15. May, 2025

What's New

  • (520) On project overview manage members display only pentester users
  • (509) Added search tags to search inputs
  • (503) Email notifications whitelabel support
  • (525) Enable drag and drop of images into editor
  • (522) Implement functionality to replace DOCX and PDF files within report.

What's Fixed

  • (508) Removed favicon if whitelabel company name is set
  • (511) Make comment time consistent across different timezones comment's section and activity
  • (517) Hide unauthorized buttons
  • (519) Hide manage members when user is not authorized
  • (499) Fix Draft badge alignment
  • (532) Fix task cards on taskboard being too wide
  • (516) Client can't see comment activity
  • (529) Make selected template consistent when we edit report
  • (533) Fix table width on taskboard
  • (528) Fixed routes for searches