Release Notes
Stay up to date with the latest PentestPad changes. Here you can check our newest bugfixes and features.
v1.4.10
19. Mar, 2026
What's New
- (P-199) Restore default configurations - added restore default button for project, client, proposal, and vulnerability layouts
- (P-253) Upgrade NPM packages
- (P-257) Bump CI/CD node versions
What's Fixed
- (P-218) Fix Type Warning
- (P-241) Improve smallest display header font size, notification/theme-toggle sizes, and breadcrumbs hydration error
- (P-267) Optimize breadcrumbs on smaller display
- (P-268) Rename "Clients→Board" to "Clients→List" in sidebar navigation
- (P-269) Vite.config.js improvements
- (P-272) Improve project overview information card content breaking on bigger screens
- (P-278) Improve logo visibility in Firefox
v1.4.9
10. Mar, 2026
What's New
- (P-50) Add breadcrumb navigation throughout the app
- (P-120) Routes for tooltips for AI Agent and CLI routes
- (P-168) Add ?withExtraFields=true filter to vulnerability templates API
- (P-191) Import from Qualys, Nuclei and OpenVAS
- (P-195) Add annual/yearly view on Calendar
- (P-198) Smaller sidebar design
What's Fixed
- (P-189) "No content provided" now uses same font and size as content, but italic
- (P-220) Fix issues importing CSV (array_combine error)
v1.4.7
4. Mar, 2026
What's New
- (P-107) Automate revision history - added notes to report and revision history in table
- (P-132) Pentesters can now create clients when creating projects
- (P-188) Import/Export fields for Report/Vulnerability/Project fields layout
What's Fixed
- (P-15) Add preview/new tab for file attachments in vulnerability fields
- (P-16) Improvements on report live preview button and content
- (P-20) Confirmation dialog buttons now disabled while processing
- (P-105) Improved finding editor saving flow
- (P-143) Fix issues with activity rendering on client portal
- (P-157) Bitwarden 2FA now works for filling the input
- (P-159) Fix curly braces and double dots visibility in code blocks
- (P-166) Vulnerabilities order is now consistent across the platform and in reports
- (P-171) Answer client questions (dashboard widgets, client portal features, tasks, notes, file uploads)
- (P-174) Pentester with Client Edit & Delete permission can now access /clients page
- (P-182) Copyright year now pulled dynamically from JS/TS
- (P-185) Fix ErrorException - Undefined array key "description"
v1.4.6
25. Feb, 2026
What's New
- (P-7) Add Active Directory login and SSO/OIDC support
- (P-152) API tests and multitenant setup tests in pipeline
- Vitest added to CI/CD and Husky configuration
What's Fixed
- (P-142) UI issue - gap in rendering vulnerability when optional multi-select fields are empty
- (P-144) Removed Nightwatch, added Sentry and added tests for Sentry
- (P-151) Warning for ZIP module
- (P-164) Project Notes crashed - fixed null reference error
v1.4.5
19. Feb, 2026
What's New
- (824) Implement CVSSv4 scoring system
- (767) Add advanced search filters for project types
- (762) Add retesting tracking table to report templates
- (721) Import project scope with detailed notes functionality
- (652) Configurable order for Additional Fields in templates
- (764) Client-specific color coding for calendar entries
- (753) Enhanced dummy data seeders for development environment
- (787) Comprehensive unit test coverage
- (680) Frontend page testing automation
- (843) CSV import functionality for vulnerability findings
- (835) "Preview vulnerability" quick-access link
- (808) Status tracking and modification timestamps for vulnerability templates
- (768) Multi-filter calendar view (client, project type, status)
- (752) Frontend interface for Nessus and Burp Suite import
- (1105) Email automation flow for Lite users and template downloaders
- (1060) Public template library with "Open in PentestPad Lite" feature
- (116) Dynamic link building system for report templates
- (52) Docker build optimization and performance improvements
- (117) API-driven client creation and invitation system
- (133) Drag-and-drop project findings reordering
- (6) TipTap rich text editor v3 upgrade
- (134) Server-side table sorting with reusable hooks and column visibility
- (142) Automated release pipeline with comprehensive testing
What's Fixed
- (982) Multi-step form field validation improvements
- (1128) Template rendering engine memory optimization
- (1114) Client portal authentication session handling
v1.3.9
31. Dec, 2025
What's New
- (1122) Add scope_type project prop to report builder
What's Fixed
- (1107) Different attachment indicator icons color depending on the privacy level
v1.3.8
24. Dec, 2025
What's New
- (1094) Limit to one session per account
- (1097) Test for Jira integration and add new column on vulnerability preview for ticket ID with link
- (1104) Download findings in CSV/Excel format directly from the portal
- (1109) Live report preview
What's Fixed
- (722) Fix image additional field being a select on FindingEditor
- (1099) Notifications now open in new tab when clicking with middle mouse button
- (1102) Fix incorrect severity level in email notifications when changing finding status from Draft to Ready
- (1103) Fix notification email displaying raw HTML content instead of formatted text and images
v1.3.7
19. Dec, 2025
What's New
- (1084) Custom vulnerability statuses
- (1088) Add user name when inviting client
- (1092) Update React
- (1015) Statuses now follow same order as on project kanban
What's Fixed
- (1085) Fix template preview/accordion vulnerability layout
- (1090) Client users now visible when creating tasks from inside the project
- (1091) Fix project name display after cloning a project
- (1093) Fix save button size on FindingEditor
- (1096) Fix template code style not applying
v1.3.6
11. Dec, 2025
What's New
- (1048) Add CVSS score column on vulnerabilities table
- (1087) Add validation to make team name unique
- (1041) activity on project is not scrollable and extended now
- (1039) Add "no results found" to permissions search on users & roles page
- (1040) Add "no statuses yet" message and link on project board
- (1043) Restrict dragging and dropping when no permission on projects board
- (1044) When impact and probability are hidden, use CVSS for risk calculation
- (1083) Scope items no longer open as links if they are not valid URLs
What's Fixed
- (1037) Create new group button size fix on project layout
- (1045) Layout now persists with configuration
- (1047) Fix mismatch between risk colors
- (1050) Fix select breaking when too big
- (1051) Fix create new report select color
- (1076) Remove force password reset when user goes through forgot password process
- (1079) Clients can now see assessment domain
- (1082) Fix whitelabel not working on 404 pages
v1.3.1
27. Nov, 2025
What's New
- (999) Whitelabel colors and logo for pentester users (dark/light logos, favicon upload)
- (1009) Add job title field per user
- (1014) Order vulnerabilities in table by number "#" column
- (1026) Add comments to individual vulnerabilities
- (1019) Upload attachments visibility control
- (1023) Implemented notification preferences
- (1004) Prevent users from editing the slug of project status
- (1005) Add tooltip to buttons in project layout (archive, clone, edit)
- (1013) Add message when no vulnerabilities in project, with link to add one
What's Fixed
- (1001) Hide Burp attachment files for the client
- (1002) Fix the client name style in the navigation
- (1006) Approve button for project now works on single project page
- (1025) Even out replace DOCX/PDF report dialog size
v1.2.21
20. Nov, 2025
What's New
- (992) Ability to sort columns in the Vulnerabilities tab of a project
- (993) Assign default template for project during creation
- (994) Custom SMTP settings/env variables per tenant in cloud
- (998) Enable whitelabel
- (948) Blend project activity and comments in one
What's Fixed
- (983) Category/Categories wording mismatch fix
- (997) References field links in bullet points no longer appear bold when they aren't
v1.2.19
12. Nov, 2025
What's New
- (949) "Show My Vulnerabilities" toggle in Vulnerabilities tab
- (964) Update default PentestPad template
- (975) Test and review API documentation and integration
- (984) Improve affected hosts and other fields mapping in vulnerability import preview page
What's Fixed
- (854) Add "no content" message on create report page
- (897) Add "no template found" message on finding editor import from template
- (954) New line in PentestPad now reflects in report
- (963) Editing generated report now generates new report instead of editing existing one
- (971) Fix string data truncation error for long vulnerability titles
- (974) Fix codeblock weird behavior
- (979) Debounce only textarea & text fields on finding editor
- (981) Fix Nessus importing
- (989) Fix members modal to not display deleted users
v1.2.13
31. Oct, 2025
What's New
- (802) Dynamic project fields, client can request a pentest form
- (837) Filters for extra fields
- (944) Projects in list format
- (946) Draft reports
What's Fixed
- (845) Template improvements (date format, whitespace, PDF compatibility)
- (931) Chart not being full height
- (932) Input not being reset and not requiring unique value
- (940) Color adjustment for draggable element on vulnerability layout
- (943) Toolbar not sticky
- (945) Vulnerability template page fix
- (947) Import mapping improvements
v1.2.12
24. Oct, 2025
What's New
- (938) Warning when importing vulnerability on non-existing findings
- (941) Apply chart filter when not empty
- (901) Pgsql reindex
v1.2.9
16. Oct, 2025
What's New
- (896) Charts can be defined in the Administration -> Settings
v1.2.8
10. Oct, 2025
What's New
- (919) Clients can now download only PDF reports from the client portal
- (917) Reports can be set as published/unpublished, with only published reports visible on the client portal
What's Fixed
- (868) Dialog height fix on smaller displays
- (916) Draft vulnerabilities are now excluded from report generation
- (920) Hidden vulnerability fields no longer appear on the view page (pentest and client portal)
- (921) Impact field is now properly saved when creating a new finding
- (923) HTTP Excerpts field is no longer deletable and has the correct icon
- (924) Tiptap editor label tooltip styling fixed
- (914) Added pluck and sort affected hosts A-Z functionality
v1.2.5
3. Oct, 2025
What's New
- (895) Allow spreadsheet / xlsx templates
v1.2.4
1. Oct, 2025
What's New
- (844) Connect (or create) Jira tickets with pentestpad findings
- (884) Extend editor to have Heading 1-6
- (559) Add support for IPv6 in report extraction
- (851) Preserve pagination select in session
What's Fixed
- (888) AccordionFinding's tooltip is empty if the title is null
- (866) Disable notifications buttons
- (891) Burpsuite-Scope json does not detect out of scope fields from project
- (122) Display burp attachment config only if there is a valid IP address/URL/domain in scope
- (883) Add "no executive templates" to import from template dialog on create report
- (876) No border on the right side of vulnerability title on smaller screens
- (875) Sheet trigger positioning fix
- (663) Fix finding ordering
- (867) Dashboard dialog width fix on small displays
v1.2.3
25. Sep, 2025
What's New
- (843) Import findings from CSV
- (835) Add "Preview vulnerability" link
- (808) Add status and modified to vulnerability templates
- (765) Get encrypted PDF report with password (user provided)
- Add comprehensive nmap visualization and operations system
- Added validation and the import of templates
What's Fixed
- (841) Fix cvss component overflowing on smaller screens
- (840) Fix application layout padding on smaller screens
- (836) Delete the Enable project status change as we have permission for it
- (832) TypeError: Cannot read properties of undefined (reading 'is_multi_domain_project')
- (838) Make the import vulnerability dialog have an overflow
- (850) Fix buttons breaking out on small screens on project vulnerabilities page
- (853) Fix tabs style on smaller screens
- (856) Make sure projects are not archived
v1.1.7
17. Sep, 2025
What's New
- (824) Implement CVSSv4: Finding and template editors are now equipped with a select for CVSS v3.1 or CVSS 4.0
What's Fixed
- (805) Fix finding configuration styles
- (816) Fix form-data uses unsafe random function in form-data for choosing boundary
- (813) Finding editor inconsistencies
- (827) Application archives projects
v1.1.4
11. Sep, 2025
What's New
- (807) Clear all notifications
- (768) Filter per client, project type, etc. on the calendar
- (752) Frontend for importing Nessus and burp
What's Fixed
- (800) Affected hosts recommendation select is not visible
- (798) Information leakage on site-wide pages
- (803) Fix chart bar
- Fix image alignment
v1.0.59
5. Sep, 2025
What's New
- (767) Add search for project types
- (762) Add retesting table to the template
- (721) Import scope with note
- (652) It would be great to set the order of the Additional Fields depending on the template (or in general)
- (764) Change color per client for on the calendar
- (753) Create dummy data with seeders on initialized data
- (787) Unit tests Laravel
- (680) General pages tests
What's Fixed
- (761) Fields don't reset when inviting multiple users
- (757) No projects yet. misaligned
- (756) Error when changing remediation stage to remediated
- (720) Error when I edit the project and select Create New client and enter name for new client and then save
- (716) Admin can see all the teams when creating user even the ones they are not part of
- (707) missing label on the additional field on finding editor
- (632) if csrf token expires add erreo or refresh on login
- (622) User elements overflow
- (651) Report Generation doesn't auto-identify additional fields for all of our templates.
v1.0.56
20. Aug, 2025
What's New
- (PF-19) Users Cannot Edit Their Own Vulnerability Templates
v1.0.52
15. Aug, 2025
What's New
- (724) Split by character to array in template
- (579) Make first form fields initially focused on login / 2FA pages to enable keyboard only workflow
- (741) Implement "splitObject" filter
- (740) Add to affected hosts from findings of that project
- (737) Add highlighter to tiptap
- (733) Add import affected hosts from txt file like we have on the import scope page
- (749) Add fallback parameter to split and splitObject functions
- (719) Add select all on vulnerability types
What's Fixed
- (742) "Default" Template Is Not the "Default" Template
- (743) Deleting Vulnerability Template from the Vulnerability Templates Results in Jumping to Page 1
- (748) Member name on a project is undefined
- (746) Unauthorized Users Can Edit Vulnerability Templates
- (736) Check auto delete/archive of reports and findings
- (732) Remove bottom border of notification if its the only one
- (726) Fix the height of the blurred table cell
- (750) Fix when imported finding from template with References field fails the report building
v1.0.46
22. Jul, 2025
What's New
- (563) Category for the vulnerability templates
- (675) Improve project workflow statuses orders and add color picker
- (678) Add autofill on finding affected assets
What's Fixed
- (688) Limit browser sessions element height
- (689) Remove z letter
- (690) Bulk scope import doesnt work
- (691) Today's status shows data from all teams
- (692) Vulnerabilities graph on dashboard shows vulnerabilities from all teams
- (694) Vulnerability and Executive Summary templates delete modal mismatch
- (698) AccordionFinding should have conditional link on external link
- (703) Docxtemplater code style
- (706) Remove old additional fields
v1.0.40
23. Jun, 2025
What's New
- (660) Remove report template limit from professional plan
What's Fixed
- (661) Additional fields accordion text missalignment
- (662) Fix error on templates regarding multi tenant domain
- (659) After drag and drop the number per page and page number resets
v1.0.39
23. Jun, 2025
What's New
- (639) Add permission for the tooltip edits
- (640) Notifications now work across teams
- (635) Assessment domains on findings
- (644) Make assessment domains selectable within the finding editor like the CWE
- Added admin permissions
- Added manage team permission
- Added ignore 2FA routes from checking in middleware
- Add migration for default role permissions
- Added message when don’t have permission to change project status
- Added order by for reports
What's Fixed
- (656) Creating tasks from the projects page results in 403 Unauthorized message
- (653) Fix image size and captions
- (646) MFA infinite loop
- (603) Testing setup and documentation
- (610) PP-591 Permissions backend
- (650) In Permissions, there is no “Edit” for ‘Report’ – thus resulting in a 403 whenever any role tries to edit the generated report
- (627) Create task doesn’t work
- (634) Users with Task - Change status permission cannot change statuses of tasks: 403 Forbidden
- (642) Styling when selecting different assessment domain
- (643) Hide/show vulnerabilities table columns weird code
- (645) Unassigned users list too long and unreachable
- (649) When moving archived projects across the board, app shows an error but still permits the move
- Project permissions
- Finding permissions
- Clients permissions
- Prevent pentesters from seeing all vulnerabilities on vulnerabilities page
- Fix search across teams and permissions
- Fixed issue when missing client name for pentester
- Updated package
v1.0.24
6. Jun, 2025
What's New
- (491) Force update table of content after generating report
- (560) Add burp scope attachment per project
- (584) Add notes to scope/out of scope endpoints
What's Fixed
- (582) Multi-select fields don't have label
- (581) Project members on report details show type of user instead of type of project-user
- (583) Download report button only appears on overview and reports but not on other project tabs
- (599) Multiple attachments in New Project PentestPad
v1.0.23
28. May, 2025
What's New
- (567) Make project lead searchable when creating/editing a project
- (565) Preselect project when creating a task
- (564) Vulnerability template preview
- (558) Auto detect additional fields when building the report
- (571) Verify 2FA before setting the 2FA on account
- (576) By default order everything by created_at
What's Fixed
- (574) Dismissing 'Manage members' dialog on project details doesn't reset the form
- (561) On finding editor there is no place to go back to the project simply
- (557) Update project duplicate targets scope
- (547) Create template from vulnerability
- (577) Fix layout breaking apart on all pages
- (570) Whitelabel logo doesn't appear on 2FA challenge
- (580) Button border fix on light mode
- (575) Finding reorder route
1.0.21
21. May, 2025
What's New
- (545) Limit avatar fallback to 2 characters
What's Fixed
- (534) Aligned search bar spinning indicator
- (535) On taskboard navbar active indicator being lost with search query
- (546) On template edit delete button doesn't work
- (554) Added backward compatibility for redBackground and graphs in report
1.0.19
15. May, 2025
What's New
- (520) On project overview manage members display only pentester users
- (509) Added search tags to search inputs
- (503) Email notifications whitelabel support
- (525) Enable drag and drop of images into editor
- (522) Implement functionality to replace DOCX and PDF files within report.
What's Fixed
- (508) Removed favicon if whitelabel company name is set
- (511) Make comment time consistent across different timezones comment's section and activity
- (517) Hide unauthorized buttons
- (519) Hide manage members when user is not authorized
- (499) Fix Draft badge alignment
- (532) Fix task cards on taskboard being too wide
- (516) Client can't see comment activity
- (529) Make selected template consistent when we edit report
- (533) Fix table width on taskboard
- (528) Fixed routes for searches