arrow-left Back to Announcements
DATE:
AUTHOR:
CyberCloud Team
PentestPortal.io

Release 19 June 2026

DATE:
AUTHOR: CyberCloud Team

This release continues the evolution of PentestPortal’s Role-Based Access Control (RBAC) model. Following the previous release, which introduced pentest-level access management for customer contacts, access control has now been extended to pentesters themselves.

Organizations can now grant and manage pentest access on an individual assessment basis, improving security, flexibility, and visibility for both internal teams and external collaborators. In addition, this release introduces location-aware planning, expanded audit logging, and numerous stability and usability improvements across the platform.

Features & Improvements

PP-702: RBAC - Pentest-level access control for pentesters (major feature)

Building upon the previous customer-focused RBAC release, PentestPortal now supports pentest-level permissions for pentesters.

Previously, pentester access was primarily managed at customer level. Access can now be granted, inherited, and revoked on a per-assessment basis, providing significantly more granular control.

Key improvements include:

  • Pentesters automatically receive access to assessments they are scheduled on.

  • Pentest permissions are now context-aware and assessment-specific.

  • Dashboard visibility is filtered based on assigned pentest permissions.

  • User management has been updated with a dedicated "Can Perform Pentests" permission.

  • Planning views clearly indicate which users have access to a pentest.

  • Rights caches have been optimized and rebuilt to support the new model.

  • Existing scheduled pentesters have been migrated automatically.

  • Customer-level functionality remains available for users with pentest permissions.

  • Improved dashboard empty states and access-related messaging.

  • Support for future expansion to customer-level and reseller-level pentester scopes.

This release lays the foundation for highly scalable permission management across large teams and multi-customer environments.

PP-714: Audit log expansion for RBAC activities

The audit log has been expanded to provide greater visibility into permission and access management activities. Newly logged events include:

  • Granting pentest access

  • Revoking pentest access

  • Adding or removing users

  • Role assignments

  • Role end-date modifications

  • Planning-related permission changes

  • Customer contact invitations

  • Reseller contact invitations

This provides a complete audit trail of who granted or revoked access, when it happened, and to which assessment it applies.

PP-574: Pentest Location Planning

Pentest scheduling now supports per-day location tracking.

For each scheduled day, planners can specify whether work will be performed:

  • Remotely

  • On-site at a customer location

Additional capabilities:

  • Customer-specific location lists

  • Named locations with addresses

  • Location indicators in planning views

  • Location information in personal calendars

  • Improved dashboard visualization with location icons

This provides greater clarity for planning, travel coordination, and resource management.

PP-724: Restrict sending of liability waivers by pentesters

Pentesters can now download liability waiver documents, but are no longer allowed to send them directly to customers.

Sending liability waivers remains restricted to authorized roles, preventing unintended customer communications while maintaining access to the document itself.

Bug Fixes

  • PP-717: Fixed an issue where application/x-msgpack Accept headers were being overwritten by the Nuxt proxy, causing JSON responses to be returned instead of MessagePack.

  • PP-335: Improved spell checker functionality by introducing a distinction between temporary ignores and permanent dictionary additions. Also fixed handling of hyphenated words, CVE identifiers, and the "Added By" column.

  • PP-718: Fixed dashboard planning rows using unnecessary vertical space, reducing planning entries to a more compact single-line layout.

  • PP-730: Resolved an issue where Basic Security Scan email translations were incorrectly loaded for all pentests due to an incorrect translation key.

  • PP-725: Fixed an error preventing Cyber Scanner assessments from being created when an account manager was scoped to a single customer.

  • PP-723: Resolved multiple issues affecting customer-level account managers, including invoice loading, invoice email delivery, and invoice management workflows.

  • PP-721: Fixed an issue preventing findings from being copied correctly.

  • PP-722: Restored dashboard visibility for account managers. Dashboard data is now correctly filtered based on the account manager's permitted scope and planning responsibilities.

We believe that PentestPortal will greatly enhance the experience of individual penetration testers, penetration testing firms and enterprises conducting their own pentests and that PentestPortal contributes to more efficient and effective penetration testing. Your feedback is invaluable in helping us improve and tailor the software to meet your needs.

Thank you for choosing our software, and we look forward to hearing your thoughts on this exciting new release!

Powered by LaunchNotes